RubyGems - puppet - Versions diffs - 4.5.3-x64-mingw32 → 4.6.1-x64-mingw32 - Mend

puppet 4.5.3-x64-mingw32 → 4.6.1-x64-mingw32

Potentially problematic release.

This version of puppet might be problematic. Click here for more details.

Files changed (422) hide show

checksums.yaml +7 -0
data/Gemfile +10 -1
data/ext/debian/control +2 -4
data/ext/project_data.yaml +4 -4
data/install.rb +6 -2
data/lib/puppet.rb +3 -1
data/lib/puppet/agent/locker.rb +1 -1
data/lib/puppet/application.rb +6 -4
data/lib/puppet/application/agent.rb +2 -1
data/lib/puppet/application/cert.rb +35 -2
data/lib/puppet/application/device.rb +1 -1
data/lib/puppet/application/generate.rb +5 -0
data/lib/puppet/application/lookup.rb +3 -3
data/lib/puppet/application_support.rb +1 -1
data/lib/puppet/compilable_resource_type.rb +15 -0
data/lib/puppet/configurer.rb +67 -10
data/lib/puppet/configurer/plugin_handler.rb +2 -4
data/lib/puppet/data_providers/hiera_config.rb +1 -1
data/lib/puppet/defaults.rb +34 -7
data/lib/puppet/environments.rb +4 -2
data/lib/puppet/error.rb +1 -1
data/lib/puppet/external/dot.rb +1 -1
data/lib/puppet/face/ca.rb +4 -1
data/lib/puppet/face/certificate.rb +7 -1
data/lib/puppet/face/epp.rb +5 -5
data/lib/puppet/face/generate.rb +64 -0
data/lib/puppet/face/help.rb +19 -13
data/lib/puppet/face/man.rb +1 -1
data/lib/puppet/feature/external_facts.rb +1 -1
data/lib/puppet/file_system.rb +16 -0
data/lib/puppet/file_system/file_impl.rb +5 -0
data/lib/puppet/file_system/memory_impl.rb +4 -0
data/lib/puppet/file_system/path_pattern.rb +1 -0
data/lib/puppet/file_system/windows.rb +19 -0
data/lib/puppet/functions.rb +3 -5
data/lib/puppet/functions/assert_type.rb +1 -1
data/lib/puppet/functions/defined.rb +7 -5
data/lib/puppet/functions/dig.rb +2 -18
data/lib/puppet/functions/hiera.rb +1 -1
data/lib/puppet/functions/lest.rb +1 -37
data/lib/puppet/functions/new.rb +2 -473
data/lib/puppet/functions/reverse_each.rb +2 -59
data/lib/puppet/functions/scanf.rb +4 -4
data/lib/puppet/functions/step.rb +1 -63
data/lib/puppet/functions/then.rb +1 -61
data/lib/puppet/functions/type.rb +1 -40
data/lib/puppet/functions/unwrap.rb +40 -0
data/lib/puppet/generate/models/type/property.rb +70 -0
data/lib/puppet/generate/models/type/type.rb +57 -0
data/lib/puppet/generate/templates/type/pcore.erb +41 -0
data/lib/puppet/generate/type.rb +239 -0
data/lib/puppet/graph/simple_graph.rb +2 -6
data/lib/puppet/indirector/catalog/static_compiler.rb +5 -2
data/lib/puppet/indirector/facts/facter.rb +1 -1
data/lib/puppet/indirector/key/ca.rb +2 -2
data/lib/puppet/indirector/request.rb +25 -4
data/lib/puppet/indirector/rest.rb +73 -3
data/lib/puppet/info_service/class_information_service.rb +1 -2
data/lib/puppet/interface/documentation.rb +1 -1
data/lib/puppet/loaders.rb +2 -0
data/lib/puppet/metatype/manager.rb +6 -6
data/lib/puppet/module.rb +8 -1
data/lib/puppet/module_tool.rb +2 -2
data/lib/puppet/module_tool/checksums.rb +1 -1
data/lib/puppet/module_tool/errors/installer.rb +2 -2
data/lib/puppet/module_tool/metadata.rb +1 -1
data/lib/puppet/network/http/api/indirected_routes.rb +23 -32
data/lib/puppet/network/http/rack/rest.rb +15 -1
data/lib/puppet/network/rights.rb +1 -11
data/lib/puppet/node/environment.rb +7 -3
data/lib/puppet/node/facts.rb +1 -1
data/lib/puppet/parameter.rb +23 -3
data/lib/puppet/parameter/boolean.rb +1 -1
data/lib/puppet/parameter/value.rb +1 -1
data/lib/puppet/parser.rb +0 -1
data/lib/puppet/parser/ast/pops_bridge.rb +1 -1
data/lib/puppet/parser/ast/resource.rb +5 -0
data/lib/puppet/parser/ast/resource_instance.rb +5 -1
data/lib/puppet/parser/ast/resourceparam.rb +5 -0
data/lib/puppet/parser/compiler.rb +14 -17
data/lib/puppet/parser/compiler/catalog_validator/relationship_validator.rb +1 -1
data/lib/puppet/parser/environment_compiler.rb +10 -0
data/lib/puppet/parser/functions/create_resources.rb +39 -24
data/lib/puppet/parser/functions/defined.rb +2 -26
data/lib/puppet/parser/functions/dig.rb +29 -0
data/lib/puppet/parser/functions/lest.rb +49 -0
data/lib/puppet/parser/functions/new.rb +530 -0
data/lib/puppet/parser/functions/require.rb +1 -1
data/lib/puppet/parser/functions/reverse_each.rb +83 -0
data/lib/puppet/parser/functions/scanf.rb +4 -4
data/lib/puppet/parser/functions/step.rb +84 -0
data/lib/puppet/parser/functions/then.rb +73 -0
data/lib/puppet/parser/functions/type.rb +53 -0
data/lib/puppet/parser/resource.rb +16 -7
data/lib/puppet/parser/scope.rb +36 -28
data/lib/puppet/parser/type_loader.rb +1 -1
data/lib/puppet/plugins/data_providers/data_provider.rb +1 -1
data/lib/puppet/pops.rb +13 -0
data/lib/puppet/pops/adapters.rb +49 -49
data/lib/puppet/pops/binder/scheme_handler/confdir_scheme.rb +1 -1
data/lib/puppet/pops/evaluator/access_operator.rb +39 -2
data/lib/puppet/pops/evaluator/closure.rb +39 -13
data/lib/puppet/pops/evaluator/collector_transformer.rb +10 -1
data/lib/puppet/pops/evaluator/evaluator_impl.rb +16 -11
data/lib/puppet/pops/evaluator/external_syntax_support.rb +1 -1
data/lib/puppet/pops/evaluator/json_strict_literal_evaluator.rb +0 -1
data/lib/puppet/pops/evaluator/literal_evaluator.rb +0 -1
data/lib/puppet/pops/evaluator/relationship_operator.rb +1 -2
data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +119 -0
data/lib/puppet/pops/evaluator/runtime3_support.rb +19 -45
data/lib/puppet/pops/functions/function.rb +5 -0
data/lib/puppet/pops/issues.rb +1 -1
data/lib/puppet/pops/label_provider.rb +2 -2
data/lib/puppet/pops/loader/base_loader.rb +12 -15
data/lib/puppet/pops/loader/loader.rb +15 -50
data/lib/puppet/pops/loader/loader_paths.rb +28 -2
data/lib/puppet/pops/loader/module_loaders.rb +16 -1
data/lib/puppet/pops/loader/null_loader.rb +17 -1
data/lib/puppet/pops/loader/puppet_function_instantiator.rb +12 -11
data/lib/puppet/pops/loader/puppet_resource_type_impl_instantiator.rb +80 -0
data/lib/puppet/pops/loader/ruby_function_instantiator.rb +2 -3
data/lib/puppet/pops/loader/runtime3_type_loader.rb +52 -13
data/lib/puppet/pops/loader/static_loader.rb +55 -0
data/lib/puppet/pops/loader/type_definition_instantiator.rb +30 -14
data/lib/puppet/pops/loader/typed_name.rb +50 -0
data/lib/puppet/pops/loaders.rb +64 -19
data/lib/puppet/pops/merge_strategy.rb +7 -7
data/lib/puppet/pops/migration/migration_checker.rb +4 -0
data/lib/puppet/pops/model/model_label_provider.rb +2 -0
data/lib/puppet/pops/parser/egrammar.ra +8 -5
data/lib/puppet/pops/parser/eparser.rb +1550 -1498
data/lib/puppet/pops/parser/evaluating_parser.rb +1 -1
data/lib/puppet/pops/parser/interpolation_support.rb +7 -0
data/lib/puppet/pops/parser/lexer2.rb +14 -1
data/lib/puppet/pops/parser/locator.rb +30 -1
data/lib/puppet/pops/parser/parser_support.rb +0 -3
data/lib/puppet/pops/parser/slurp_support.rb +3 -3
data/lib/puppet/pops/patterns.rb +9 -1
data/lib/puppet/pops/pcore.rb +67 -11
data/lib/puppet/pops/puppet_stack.rb +43 -0
data/lib/puppet/pops/resource/param.rb +51 -0
data/lib/puppet/pops/resource/resource_type_impl.rb +301 -0
data/lib/puppet/pops/resource/resource_type_set.pcore +21 -0
data/lib/puppet/pops/serialization.rb +17 -0
data/lib/puppet/pops/serialization/abstract_reader.rb +149 -0
data/lib/puppet/pops/serialization/abstract_writer.rb +179 -0
data/lib/puppet/pops/serialization/deserializer.rb +60 -0
data/lib/puppet/pops/serialization/extension.rb +126 -0
data/lib/puppet/pops/serialization/instance_reader.rb +19 -0
data/lib/puppet/pops/serialization/instance_writer.rb +14 -0
data/lib/puppet/pops/serialization/json.rb +247 -0
data/lib/puppet/pops/serialization/object.rb +63 -0
data/lib/puppet/pops/serialization/rgen.rb +151 -0
data/lib/puppet/pops/serialization/serializer.rb +91 -0
data/lib/puppet/pops/serialization/time_factory.rb +66 -0
data/lib/puppet/pops/types/annotatable.rb +36 -0
data/lib/puppet/pops/types/implementation_registry.rb +3 -8
data/lib/puppet/pops/types/p_meta_type.rb +83 -0
data/lib/puppet/pops/types/p_object_type.rb +110 -117
data/lib/puppet/pops/types/p_runtime_type.rb +13 -0
data/lib/puppet/pops/types/p_sem_ver_range_type.rb +23 -0
data/lib/puppet/pops/types/p_sem_ver_type.rb +30 -2
data/lib/puppet/pops/types/p_sensitive_type.rb +69 -0
data/lib/puppet/pops/types/p_type_set_type.rb +361 -0
data/lib/puppet/pops/types/puppet_object.rb +0 -5
data/lib/puppet/pops/types/ruby_generator.rb +9 -2
data/lib/puppet/pops/types/type_calculator.rb +6 -1
data/lib/puppet/pops/types/type_factory.rb +14 -12
data/lib/puppet/pops/types/type_formatter.rb +78 -33
data/lib/puppet/pops/types/type_mismatch_describer.rb +0 -2
data/lib/puppet/pops/types/type_parser.rb +27 -2
data/lib/puppet/pops/types/type_set_reference.rb +59 -0
data/lib/puppet/pops/types/types.rb +366 -13
data/lib/puppet/pops/validation.rb +4 -4
data/lib/puppet/pops/validation/checker4_0.rb +5 -2
data/lib/puppet/pops/visitor.rb +2 -2
data/lib/puppet/property.rb +64 -5
data/lib/puppet/provider.rb +1 -1
data/lib/puppet/provider/aixobject.rb +3 -3
data/lib/puppet/provider/group/aix.rb +4 -4
data/lib/puppet/provider/macauthorization/macauthorization.rb +1 -1
data/lib/puppet/provider/mailalias/aliases.rb +1 -1
data/lib/puppet/provider/mcx/mcxcontent.rb +2 -2
data/lib/puppet/provider/mount/parsed.rb +1 -1
data/lib/puppet/provider/nameservice/directoryservice.rb +5 -5
data/lib/puppet/provider/package/appdmg.rb +3 -3
data/lib/puppet/provider/package/apple.rb +1 -1
data/lib/puppet/provider/package/dnf.rb +5 -0
data/lib/puppet/provider/package/nim.rb +1 -1
data/lib/puppet/provider/package/pacman.rb +2 -2
data/lib/puppet/provider/package/pip.rb +5 -3
data/lib/puppet/provider/package/pip3.rb +1 -1
data/lib/puppet/provider/package/pkg.rb +5 -5
data/lib/puppet/provider/package/pkgdmg.rb +4 -4
data/lib/puppet/provider/package/pkgin.rb +1 -1
data/lib/puppet/provider/package/pkgutil.rb +1 -1
data/lib/puppet/provider/package/portage.rb +48 -8
data/lib/puppet/provider/package/sun.rb +1 -1
data/lib/puppet/provider/package/tdnf.rb +28 -0
data/lib/puppet/provider/package/yum.rb +22 -4
data/lib/puppet/provider/parsedfile.rb +2 -2
data/lib/puppet/provider/service/base.rb +1 -1
data/lib/puppet/provider/service/bsd.rb +1 -1
data/lib/puppet/provider/service/daemontools.rb +2 -2
data/lib/puppet/provider/service/debian.rb +3 -3
data/lib/puppet/provider/service/init.rb +5 -3
data/lib/puppet/provider/service/launchd.rb +16 -2
data/lib/puppet/provider/service/runit.rb +1 -1
data/lib/puppet/provider/service/smf.rb +8 -1
data/lib/puppet/provider/service/systemd.rb +39 -6
data/lib/puppet/provider/ssh_authorized_key/parsed.rb +1 -1
data/lib/puppet/provider/user/aix.rb +3 -2
data/lib/puppet/provider/user/directoryservice.rb +4 -3
data/lib/puppet/provider/user/hpux.rb +1 -1
data/lib/puppet/provider/user/user_role_add.rb +1 -1
data/lib/puppet/provider/user/windows_adsi.rb +3 -0
data/lib/puppet/provider/zfs/zfs.rb +1 -1
data/lib/puppet/reference/type.rb +1 -1
data/lib/puppet/resource.rb +33 -7
data/lib/puppet/resource/capability_finder.rb +74 -54
data/lib/puppet/resource/status.rb +11 -2
data/lib/puppet/settings.rb +17 -6
data/lib/puppet/settings/environment_conf.rb +1 -1
data/lib/puppet/settings/server_list_setting.rb +20 -0
data/lib/puppet/ssl/certificate_authority.rb +32 -9
data/lib/puppet/ssl/certificate_authority/interface.rb +164 -24
data/lib/puppet/ssl/host.rb +3 -3
data/lib/puppet/ssl/oids.rb +10 -0
data/lib/puppet/ssl/validator/default_validator.rb +2 -2
data/lib/puppet/test/test_helper.rb +2 -2
data/lib/puppet/transaction.rb +12 -0
data/lib/puppet/transaction/additional_resource_generator.rb +1 -1
data/lib/puppet/transaction/event.rb +29 -2
data/lib/puppet/transaction/event_manager.rb +1 -1
data/lib/puppet/transaction/persistence.rb +84 -0
data/lib/puppet/transaction/report.rb +49 -2
data/lib/puppet/transaction/resource_harness.rb +98 -18
data/lib/puppet/type.rb +63 -21
data/lib/puppet/type/augeas.rb +3 -3
data/lib/puppet/type/cron.rb +1 -1
data/lib/puppet/type/file.rb +39 -2
data/lib/puppet/type/file/data_sync.rb +13 -5
data/lib/puppet/type/host.rb +1 -1
data/lib/puppet/type/mount.rb +2 -6
data/lib/puppet/type/notify.rb +1 -1
data/lib/puppet/type/package.rb +1 -1
data/lib/puppet/type/resources.rb +1 -1
data/lib/puppet/type/scheduled_task.rb +1 -1
data/lib/puppet/type/ssh_authorized_key.rb +2 -2
data/lib/puppet/type/tidy.rb +1 -1
data/lib/puppet/type/yumrepo.rb +3 -3
data/lib/puppet/type/zone.rb +1 -1
data/lib/puppet/util.rb +2 -2
data/lib/puppet/util/classgen.rb +1 -1
data/lib/puppet/util/command_line.rb +6 -2
data/lib/puppet/util/command_line/trollop.rb +1 -1
data/lib/puppet/util/execution.rb +2 -2
data/lib/puppet/util/http_proxy.rb +1 -1
data/lib/puppet/util/inifile.rb +1 -1
data/lib/puppet/util/instance_loader.rb +1 -1
data/lib/puppet/util/logging.rb +1 -1
data/lib/puppet/util/multi_match.rb +1 -1
data/lib/puppet/util/plist.rb +15 -5
data/lib/puppet/util/profiler.rb +1 -1
data/lib/puppet/util/profiler/around_profiler.rb +1 -1
data/lib/puppet/util/psych_support.rb +1 -1
data/lib/puppet/util/rdoc.rb +2 -2
data/lib/puppet/util/rubygems.rb +1 -1
data/lib/puppet/util/watcher/periodic_watcher.rb +2 -2
data/lib/puppet/util/windows/access_control_entry.rb +1 -1
data/lib/puppet/util/windows/adsi.rb +30 -8
data/lib/puppet/util/windows/api_types.rb +1 -1
data/lib/puppet/util/windows/file.rb +59 -0
data/lib/puppet/util/windows/process.rb +10 -0
data/lib/puppet/util/windows/security.rb +1 -1
data/lib/puppet/util/windows/user.rb +22 -4
data/lib/puppet/util/yaml.rb +15 -3
data/lib/puppet/vendor/deep_merge/test/test_deep_merge.rb +1 -1
data/lib/puppet/vendor/rgen_patch.rb +1 -1
data/lib/puppet/version.rb +2 -2
data/spec/fixtures/unit/pops/loaders/loaders/no_modules/manifests/site.pp +10 -0
data/spec/integration/agent/logging_spec.rb +15 -14
data/spec/integration/application/apply_spec.rb +1 -0
data/spec/integration/directory_environments_spec.rb +16 -0
data/spec/integration/environments/settings_spec.rb +32 -4
data/spec/integration/faces/documentation_spec.rb +1 -1
data/spec/integration/network/http/api/indirected_routes_spec.rb +33 -0
data/spec/integration/node/environment_spec.rb +21 -0
data/spec/integration/parser/collection_spec.rb +10 -0
data/spec/integration/parser/compiler_spec.rb +76 -840
data/spec/integration/parser/functions/require_spec.rb +3 -3
data/spec/integration/parser/parameter_defaults_spec.rb +6 -2
data/spec/integration/parser/pcore_resource_spec.rb +208 -0
data/spec/integration/parser/resource_expressions_spec.rb +4 -2
data/spec/integration/provider/yumrepo_spec.rb +4 -1
data/spec/integration/transaction/report_spec.rb +666 -0
data/spec/integration/type/file_spec.rb +11 -12
data/spec/integration/util/windows/adsi_spec.rb +99 -0
data/spec/integration/util/windows/principal_spec.rb +109 -60
data/spec/integration/util/windows/process_spec.rb +4 -2
data/spec/integration/util/windows/security_spec.rb +34 -8
data/spec/integration/util/windows/user_spec.rb +26 -4
data/spec/lib/puppet_spec/files.rb +2 -2
data/spec/lib/puppet_spec/network.rb +12 -8
data/spec/shared_examples/rhel_package_provider.rb +341 -0
data/spec/spec_helper.rb +8 -2
data/spec/unit/application/cert_spec.rb +20 -0
data/spec/unit/configurer/plugin_handler_spec.rb +0 -26
data/spec/unit/configurer_spec.rb +46 -0
data/spec/unit/defaults_spec.rb +14 -0
data/spec/unit/face/generate_spec.rb +230 -0
data/spec/unit/face/help_spec.rb +53 -0
data/spec/unit/face/parser_spec.rb +6 -0
data/spec/unit/face/plugin_spec.rb +0 -4
data/spec/unit/file_system_spec.rb +85 -0
data/spec/unit/functions/lookup_spec.rb +4 -4
data/spec/unit/functions/match_spec.rb +2 -2
data/spec/unit/functions/regsubst_spec.rb +1 -1
data/spec/unit/functions/split_spec.rb +1 -1
data/spec/unit/functions/unwrap_spec.rb +29 -0
data/spec/unit/functions/versioncmp_spec.rb +1 -1
data/spec/unit/functions4_spec.rb +8 -8
data/spec/unit/indirector/facts/facter_spec.rb +1 -9
data/spec/unit/indirector/rest_spec.rb +95 -9
data/spec/unit/module_spec.rb +43 -7
data/spec/unit/module_tool/applications/installer_spec.rb +10 -1
data/spec/unit/module_tool/applications/unpacker_spec.rb +2 -1
data/spec/unit/module_tool/applications/upgrader_spec.rb +8 -0
data/spec/unit/module_tool/tar/mini_spec.rb +3 -3
data/spec/unit/network/http/api/indirected_routes_spec.rb +49 -58
data/spec/unit/network/http/api/master/v3_spec.rb +7 -4
data/spec/unit/network/rights_spec.rb +1 -1
data/spec/unit/parameter_spec.rb +11 -0
data/spec/unit/parser/compiler_spec.rb +19 -33
data/spec/unit/{appmgmt_spec.rb → parser/environment_compiler_spec.rb} +12 -1
data/spec/unit/parser/functions/create_resources_spec.rb +76 -4
data/spec/unit/parser/functions/require_spec.rb +2 -2
data/spec/unit/parser/resource_spec.rb +21 -11
data/spec/unit/parser/scope_spec.rb +1 -5
data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +1 -1
data/spec/unit/pops/loaders/dependency_loader_spec.rb +1 -1
data/spec/unit/pops/loaders/loader_paths_spec.rb +1 -1
data/spec/unit/pops/loaders/loaders_spec.rb +63 -5
data/spec/unit/pops/loaders/module_loaders_spec.rb +2 -2
data/spec/unit/pops/loaders/static_loader_spec.rb +1 -1
data/spec/unit/pops/parser/lexer2_spec.rb +27 -3
data/spec/unit/pops/parser/parse_basic_expressions_spec.rb +8 -0
data/spec/unit/pops/parser/parse_calls_spec.rb +9 -0
data/spec/unit/pops/puppet_stack_spec.rb +79 -0
data/spec/unit/pops/resource/resource_type_impl_spec.rb +37 -0
data/spec/unit/pops/serialization/packer_spec.rb +153 -0
data/spec/unit/pops/serialization/rgen_spec.rb +88 -0
data/spec/unit/pops/serialization/serialization_spec.rb +228 -0
data/spec/unit/pops/types/p_object_type_spec.rb +44 -2
data/spec/unit/pops/types/p_sem_ver_type_spec.rb +42 -0
data/spec/unit/pops/types/p_sensitive_type_spec.rb +139 -0
data/spec/unit/pops/types/p_type_set_type_spec.rb +424 -0
data/spec/unit/pops/types/ruby_generator_spec.rb +497 -181
data/spec/unit/pops/types/type_calculator_spec.rb +10 -4
data/spec/unit/pops/types/type_formatter_spec.rb +1 -1
data/spec/unit/pops/types/type_mismatch_describer_spec.rb +2 -2
data/spec/unit/pops/types/type_parser_spec.rb +1 -1
data/spec/unit/pops/types/types_spec.rb +1 -1
data/spec/unit/pops/validator/validator_spec.rb +18 -1
data/spec/unit/property_spec.rb +48 -11
data/spec/unit/provider/group/windows_adsi_spec.rb +11 -1
data/spec/unit/provider/package/dnf_spec.rb +1 -99
data/spec/unit/provider/package/pacman_spec.rb +4 -4
data/spec/unit/provider/package/pip_spec.rb +14 -0
data/spec/unit/provider/package/pkg_spec.rb +6 -0
data/spec/unit/provider/package/pkgdmg_spec.rb +0 -3
data/spec/unit/provider/package/portage_spec.rb +64 -8
data/spec/unit/provider/package/tdnf_spec.rb +18 -0
data/spec/unit/provider/package/windows/package_spec.rb +4 -1
data/spec/unit/provider/package/windows_spec.rb +8 -2
data/spec/unit/provider/package/yum_spec.rb +6 -377
data/spec/unit/provider/service/base_spec.rb +6 -0
data/spec/unit/provider/service/debian_spec.rb +16 -7
data/spec/unit/provider/service/gentoo_spec.rb +6 -0
data/spec/unit/provider/service/init_spec.rb +7 -0
data/spec/unit/provider/service/launchd_spec.rb +35 -4
data/spec/unit/provider/service/openrc_spec.rb +6 -0
data/spec/unit/provider/service/smf_spec.rb +31 -6
data/spec/unit/provider/service/src_spec.rb +6 -0
data/spec/unit/provider/service/systemd_spec.rb +70 -20
data/spec/unit/provider/service/upstart_spec.rb +6 -0
data/spec/unit/provider/user/aix_spec.rb +7 -0
data/spec/unit/provider/user/directoryservice_spec.rb +30 -1
data/spec/unit/provider/user/windows_adsi_spec.rb +19 -0
data/spec/unit/resource/capability_finder_spec.rb +51 -3
data/spec/unit/resource/catalog_spec.rb +5 -0
data/spec/unit/resource/type_spec.rb +2 -2
data/spec/unit/resource_spec.rb +19 -0
data/spec/unit/settings_spec.rb +13 -0
data/spec/unit/ssl/certificate_authority/interface_spec.rb +176 -10
data/spec/unit/ssl/certificate_authority_spec.rb +63 -22
data/spec/unit/ssl/host_spec.rb +1 -1
data/spec/unit/ssl/oids_spec.rb +24 -21
data/spec/unit/transaction/event_spec.rb +3 -1
data/spec/unit/transaction/persistence_spec.rb +173 -0
data/spec/unit/transaction/report_spec.rb +64 -1
data/spec/unit/transaction/resource_harness_spec.rb +91 -0
data/spec/unit/type/file/content_spec.rb +47 -15
data/spec/unit/type/file_spec.rb +28 -0
data/spec/unit/type/mount_spec.rb +5 -12
data/spec/unit/type/yumrepo_spec.rb +1 -5
data/spec/unit/type_spec.rb +32 -0
data/spec/unit/util/command_line_spec.rb +11 -0
data/spec/unit/util/execution_spec.rb +1 -1
data/spec/unit/util/plist_spec.rb +16 -3
data/spec/unit/util/storage_spec.rb +4 -1
data/spec/unit/util/windows/adsi_spec.rb +23 -2
data/spec/unit/util/windows/file_spec.rb +56 -1
data/spec/unit/util/windows/sid_spec.rb +31 -7
data/spec/unit/util/yaml_spec.rb +12 -0
data/spec/unit/util_spec.rb +87 -20
metadata +91 -48
data/ext/puppetlisten/puppetlisten.rb +0 -77
data/ext/puppetlisten/puppetrun.rb +0 -38
data/lib/puppet/resource/type_collection_helper.rb +0 -7
data/spec/unit/parser/functions/defined_spec.rb +0 -120
data/spec/unit/resource/type_collection_helper_spec.rb +0 -24

data/lib/puppet/settings/environment_conf.rb CHANGED Viewed

@@ -157,7 +157,7 @@ class Puppet::Settings::EnvironmentConf
       # Path begins with $something interpolatable
       path
     else
-      File.expand_path(path, @path_to_env)
+      Puppet::FileSystem.expand_path(path, @path_to_env)
     end
   end

data/lib/puppet/settings/server_list_setting.rb ADDED Viewed

@@ -0,0 +1,20 @@
+class Puppet::Settings::ServerListSetting < Puppet::Settings::ArraySetting
+  def type
+    :server_list
+  end
+  def munge(value)
+    servers = super
+    servers.map! { |server|
+      case server
+      when String
+        server.split(':')
+      when Array
+        server
+      else
+        raise ArgumentError, "Expected an Array of String, got a #{value.class}"
+      end
+    }
+  end
+end

data/lib/puppet/ssl/certificate_authority.rb CHANGED Viewed

@@ -127,7 +127,7 @@ class Puppet::SSL::CertificateAuthority
     host.generate_certificate_request(:dns_alt_names => san)
     # CSR may have been implicitly autosigned, generating a certificate
     # Or sign explicitly
-    host.certificate || sign(name, !!san)
+    host.certificate || sign(name, {allow_dns_alt_names: !!san})
   end
   # Generate our CA certificate.
@@ -145,7 +145,8 @@ class Puppet::SSL::CertificateAuthority
     request.generate(host.key)
     # Create a self-signed certificate.
-    @certificate = sign(host.name, false, request)
+    @certificate = sign(host.name, {allow_dns_alt_names: false,
+                                    self_signing_csr: request})
     # And make sure we initialize our CRL.
     crl
@@ -271,8 +272,13 @@ class Puppet::SSL::CertificateAuthority
   end
   # Sign a given certificate request.
-  def sign(hostname, allow_dns_alt_names = false, self_signing_csr = nil)
-    # This is a self-signed certificate
+  def sign(hostname, options={})
+    options[:allow_authorization_extensions] ||= false
+    options[:allow_dns_alt_names] ||= false
+    options[:self_signing_csr] ||= nil
+    self_signing_csr = options.delete(:self_signing_csr)
     if self_signing_csr
       # # This is a self-signed certificate, which is for the CA.  Since this
       # # forces the certificate to be self-signed, anyone who manages to trick
@@ -282,7 +288,6 @@ class Puppet::SSL::CertificateAuthority
       cert_type = :ca
       issuer = csr.content
     else
-      allow_dns_alt_names = true if hostname == Puppet[:certname].downcase
       unless csr = Puppet::SSL::CertificateRequest.indirection.find(hostname)
         raise ArgumentError, "Could not find certificate request for #{hostname}"
       end
@@ -292,7 +297,7 @@ class Puppet::SSL::CertificateAuthority
       # Make sure that the CSR conforms to our internal signing policies.
       # This will raise if the CSR doesn't conform, but just in case...
-      check_internal_signing_policies(hostname, csr, allow_dns_alt_names) or
+      check_internal_signing_policies(hostname, csr, options) or
         raise CertificateSigningError.new(hostname), "CSR had an unknown failure checking internal signing policies, will not sign!"
     end
@@ -320,12 +325,18 @@ class Puppet::SSL::CertificateAuthority
     cert
   end
-  def check_internal_signing_policies(hostname, csr, allow_dns_alt_names)
+  def check_internal_signing_policies(hostname, csr, options = {})
+    options[:allow_authorization_extensions] ||= false
+    options[:allow_dns_alt_names] ||= false
+    # This allows for masters to bootstrap themselves in certain scenarios
+    options[:allow_dns_alt_names] = true if hostname == Puppet[:certname].downcase
     # Reject unknown request extensions.
     unknown_req = csr.request_extensions.reject do |x|
       RequestExtensionWhitelist.include? x["oid"] or
         Puppet::SSL::Oids.subtree_of?('ppRegCertExt', x["oid"], true) or
-        Puppet::SSL::Oids.subtree_of?('ppPrivCertExt', x["oid"], true)
+        Puppet::SSL::Oids.subtree_of?('ppPrivCertExt', x["oid"], true) or
+        Puppet::SSL::Oids.subtree_of?('ppAuthCertExt', x["oid"], true)
     end
     if unknown_req and not unknown_req.empty?
@@ -356,10 +367,22 @@ class Puppet::SSL::CertificateAuthority
       raise CertificateSigningError.new(hostname), "CSR contains a public key that does not correspond to the signing key"
     end
+    auth_extensions = csr.request_extensions.select do |extension|
+      Puppet::SSL::Oids.subtree_of?('ppAuthCertExt', extension['oid'], true)
+    end
+    if auth_extensions.any? && !options[:allow_authorization_extensions]
+      ext_names = auth_extensions.map do |extension|
+        extension['oid']
+      end
+      raise CertificateSigningError.new(hostname), "CSR '#{csr.name}' contains authorization extensions (#{ext_names.join(', ')}), which are disallowed by default. Use `puppet cert --allow-authorization-extensions sign #{csr.name}` to sign this request."
+    end
     unless csr.subject_alt_names.empty?
       # If you alt names are allowed, they are required. Otherwise they are
       # disallowed. Self-signed certs are implicitly trusted, however.
-      unless allow_dns_alt_names
+      unless options[:allow_dns_alt_names]
         raise CertificateSigningError.new(hostname), "CSR '#{csr.name}' contains subject alternative names (#{csr.subject_alt_names.join(', ')}), which are disallowed. Use `puppet cert --allow-dns-alt-names sign #{csr.name}` to sign this request."
       end

data/lib/puppet/ssl/certificate_authority/interface.rb CHANGED Viewed

@@ -8,6 +8,9 @@ module Puppet
         DESTRUCTIVE_METHODS = [:destroy, :revoke]
         SUBJECTLESS_METHODS = [:list, :reinventory]
+        CERT_STATUS_GLYPHS = {:signed => '+', :request => ' ', :invalid => '-'}
+        VALID_CONFIRMATION_VALUES = %w{y Y yes Yes YES}
         class InterfaceError < ArgumentError; end
         attr_reader :method, :subjects, :digest, :options
@@ -71,19 +74,30 @@ module Puppet
           return if hosts.empty?
           hosts.uniq.sort.each do |host|
+            verify_error = nil
             begin
               ca.verify(host) unless requests.include?(host)
             rescue Puppet::SSL::CertificateAuthority::CertificateVerificationError => details
-              verify_error = details.to_s
+              verify_error = "(#{details.to_s})"
             end
             if verify_error
-              certs[:invalid][host] = [ Puppet::SSL::Certificate.indirection.find(host), verify_error ]
+              type = :invalid
+              cert = Puppet::SSL::Certificate.indirection.find(host)
             elsif (signed and signed.include?(host))
-              certs[:signed][host]  = Puppet::SSL::Certificate.indirection.find(host)
+              type = :signed
+              cert = Puppet::SSL::Certificate.indirection.find(host)
             else
-              certs[:request][host] = Puppet::SSL::CertificateRequest.indirection.find(host)
+              type = :request
+              cert = Puppet::SSL::CertificateRequest.indirection.find(host)
             end
+            certs[type][host] = {
+              :cert         => cert,
+              :type         => type,
+              :verify_error => verify_error,
+            }
           end
           names = certs.values.map(&:keys).flatten
@@ -95,37 +109,133 @@ module Puppet
           output = [:request, :signed, :invalid].map do |type|
             next if certs[type].empty?
-            certs[type].map do |host,info|
-              format_host(ca, host, type, info, name_width)
+            certs[type].map do |host, info|
+              format_host(host, info, name_width, options[:format])
             end
           end.flatten.compact.sort.join("\n")
           puts output
         end
-        def format_host(ca, host, type, info, width)
-          cert, verify_error = info
-          alt_names = case type
-                      when :signed
-                        cert.subject_alt_names
-                      when :request
-                        cert.subject_alt_names
-                      else
-                        []
-                      end
+        def format_host(host, info, width, format)
+          case format
+          when :machine
+            machine_host_formatting(host, info)
+          when :human
+            human_host_formatting(host, info)
+          else
+            if options[:verbose]
+              machine_host_formatting(host, info)
+            else
+              legacy_host_formatting(host, info, width)
+            end
+          end
+        end
+        def machine_host_formatting(host, info)
+          type         = info[:type]
+          verify_error = info[:verify_error]
+          cert         = info[:cert]
+          alt_names    = cert.subject_alt_names - [host]
+          extensions   = format_attrs_and_exts(cert)
+          glyph       = CERT_STATUS_GLYPHS[type]
+          name        = host.inspect
+          fingerprint = cert.digest(@digest).to_s
+          expiration  = cert.expiration.iso8601 if type == :signed
+          if type != :invalid
+            if !alt_names.empty?
+              extensions.unshift("alt names: #{alt_names.map(&:inspect).join(', ')}")
+            end
+            if !extensions.empty?
+              metadata_string = "(#{extensions.join(', ')})" unless extensions.empty?
+            end
+          end
+          [glyph, name, fingerprint, expiration, metadata_string, verify_error].compact.join(' ')
+        end
+        def human_host_formatting(host, info)
+          type         = info[:type]
+          verify_error = info[:verify_error]
+          cert         = info[:cert]
+          alt_names    = cert.subject_alt_names - [host]
+          extensions   = format_attrs_and_exts(cert)
+          glyph       = CERT_STATUS_GLYPHS[type]
+          fingerprint = cert.digest(@digest).to_s
+          if type == :invalid || (extensions.empty? && alt_names.empty?)
+            extension_string = ''
+          else
+            if !alt_names.empty?
+              extensions.unshift("alt names: #{alt_names.map(&:inspect).join(', ')}")
+            end
+            extension_string = "\n    Extensions:\n      "
+            extension_string << extensions.join("\n      ")
+          end
-          alt_names.delete(host)
+          if type == :signed
+            expiration_string = "\n    Expiration: #{cert.expiration.iso8601}"
+          else
+            expiration_string = ''
+          end
-          alt_str = "(alt names: #{alt_names.map(&:inspect).join(', ')})" unless alt_names.empty?
+          status = case type
+                   when :invalid then "Invalid - #{verify_error}"
+                   when :request then "Request Pending"
+                   when :signed then "Signed"
+                   end
+          output = "#{glyph} #{host.inspect}"
+          output << "\n  #{fingerprint}"
+          output << "\n    Status: #{status}"
+          output << expiration_string
+          output << extension_string
+          output << "\n"
+          output
+        end
-          glyph = {:signed => '+', :request => ' ', :invalid => '-'}[type]
+        def legacy_host_formatting(host, info, width)
+          type         = info[:type]
+          verify_error = info[:verify_error]
+          cert         = info[:cert]
+          alt_names    = cert.subject_alt_names - [host]
+          extensions   = format_attrs_and_exts(cert)
-          name = host.inspect.ljust(width)
+          glyph       = CERT_STATUS_GLYPHS[type]
+          name        = host.inspect.ljust(width)
           fingerprint = cert.digest(@digest).to_s
-          explanation = "(#{verify_error})" if verify_error
+          if type != :invalid
+            if alt_names.empty?
+              alt_name_string = nil
+            else
+              alt_name_string = "(alt names: #{alt_names.map(&:inspect).join(', ')})"
+            end
+            if extensions.empty?
+              extension_string = nil
+            else
+              extension_string = "**"
+            end
+          end
-          [glyph, name, fingerprint, alt_str, explanation].compact.join(' ')
+          [glyph, name, fingerprint, alt_name_string, verify_error, extension_string].compact.join(' ')
+        end
+        def format_attrs_and_exts(cert)
+          exts = []
+          exts += cert.custom_extensions if cert.respond_to?(:custom_extensions)
+          exts += cert.custom_attributes if cert.respond_to?(:custom_attributes)
+          exts += cert.request_extensions if cert.respond_to?(:request_extensions)
+          exts.map {|e| "#{e['oid']}: #{e['value'].inspect}" }.sort
         end
         # Set the method to apply.
@@ -156,12 +266,42 @@ module Puppet
           end
         end
-        # Signs given certificates or waiting of subjects == :all
+        # Signs given certificates or all waiting if subjects == :all
         def sign(ca)
           list = subjects == :all ? ca.waiting? : subjects
           raise InterfaceError, "No waiting certificate requests to sign" if list.empty?
+          signing_options = options.select { |k,_|
+            [:allow_authorization_extensions, :allow_dns_alt_names].include?(k)
+          }
           list.each do |host|
-            ca.sign(host, options[:allow_dns_alt_names])
+            cert = Puppet::SSL::CertificateRequest.indirection.find(host)
+            raise InterfaceError, "Could not find CSR for: #{host.inspect}." unless cert
+            # ca.sign will also do this - and it should if it is called
+            # elsewhere - but we want to reject an attempt to sign a
+            # problematic csr as early as possible for usability concerns.
+            ca.check_internal_signing_policies(host, cert, signing_options)
+            name_width = host.inspect.length
+            info = {:type => :request, :cert => cert}
+            host_string = format_host(host, info, name_width, options[:format])
+            puts "Signing Certificate Request for:\n#{host_string}"
+            if options[:interactive]
+              STDOUT.print "Sign Certificate Request? [y/N] "
+              if !options[:yes]
+                input = STDIN.gets.chomp
+                raise InterfaceError, "NOT Signing Certificate Request" unless VALID_CONFIRMATION_VALUES.include?(input)
+              else
+                puts "Assuming YES from `-y' or `--assume-yes' flag"
+              end
+            end
+            ca.sign(host, signing_options)
           end
         end

data/lib/puppet/ssl/host.rb CHANGED Viewed

@@ -213,12 +213,12 @@ DOC
       raise Puppet::Error, <<ERROR_STRING
 The certificate retrieved from the master does not match the agent's private key.
 Certificate fingerprint: #{certificate.fingerprint}
-To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate.
+To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certificate.
 On the master:
   puppet cert clean #{Puppet[:certname]}
 On the agent:
   1a. On most platforms: find #{Puppet[:ssldir]} -name #{Puppet[:certname]}.pem -delete
-  1b. On Windows: del "#{Puppet[:ssldir]}/#{Puppet[:certname]}.pem" /f
+  1b. On Windows: del "#{Puppet[:certdir].gsub('/', '\\')}\\#{Puppet[:certname]}.pem" /f
   2. puppet agent -t
 ERROR_STRING
     end
@@ -233,7 +233,7 @@ ERROR_STRING
     # should use it to sign our request; else, just try to read
     # the cert.
     if ! certificate and ca = Puppet::SSL::CertificateAuthority.instance
-      ca.sign(self.name, true)
+      ca.sign(self.name, {allow_dns_alt_names: true})
     end
   end

data/lib/puppet/ssl/oids.rb CHANGED Viewed

@@ -13,6 +13,7 @@ require 'puppet/ssl'
 # -- privateExtensions can be extended by enterprises to suit their own needs
 # registeredExtensions OBJECT IDENTIFIER ::= { puppetCertExtensions 1 }
 # privateExtensions OBJECT IDENTIFIER ::= { puppetCertExtensions 2 }
+# authorizationExtensions OBJECT IDENTIFIER ::= { puppetCertExtensions 3 }
 #
 # -- subtree of common registered extensions
 # -- The short names for these OIDs are intentionally lowercased and formatted
@@ -25,6 +26,10 @@ require 'puppet/ssl'
 # @api private
 module Puppet::SSL::Oids
+  # Note: When updating the following OIDs make sure to also update the OID
+  # definitions here:
+  # https://github.com/puppetlabs/puppetserver/blob/master/src/clj/puppetlabs/puppetserver/certificate_authority.clj#L122-L159
   PUPPET_OIDS = [
     ["1.3.6.1.4.1.34380", 'puppetlabs', 'Puppet Labs'],
     ["1.3.6.1.4.1.34380.1", 'ppCertExt', 'Puppet Certificate Extension'],
@@ -58,6 +63,11 @@ module Puppet::SSL::Oids
     ["1.3.6.1.4.1.34380.1.1.25", 'pp_hostname', 'Puppet Node Hostname'],
     ["1.3.6.1.4.1.34380.1.2", 'ppPrivCertExt', 'Puppet Private Certificate Extension'],
+    ["1.3.6.1.4.1.34380.1.3", 'ppAuthCertExt', 'Puppet Certificate Authorization Extension'],
+    ["1.3.6.1.4.1.34380.1.3.1",  'pp_authorization', 'Certificate Extension Authorization'],
+    ["1.3.6.1.4.1.34380.1.3.13", 'pp_auth_role', 'Puppet Node Role Name for Authorization'],
   ]
   # Register our custom Puppet OIDs with OpenSSL so they can be used as CSR

data/lib/puppet/ssl/validator/default_validator.rb CHANGED Viewed

@@ -16,7 +16,7 @@ class Puppet::SSL::Validator::DefaultValidator #< class Puppet::SSL::Validator
   # Creates a new DefaultValidator, optionally with an SSL Configuration and SSL Host.
   #
   # @param ssl_configuration [Puppet::SSL::Configuration] (a default configuration) ssl_configuration the SSL configuration to use
-  # @param ssl_host [Puppet::SSL::Host] (Puppet::SSL::Host.localhost) the SSL host to use
+  # @param ssl_host [Puppet::SSL::Host] The SSL host to use
   #
   # @api private
   #
@@ -25,7 +25,7 @@ class Puppet::SSL::Validator::DefaultValidator #< class Puppet::SSL::Validator
                                         Puppet[:localcacert], {
                                           :ca_auth_file  => Puppet[:ssl_client_ca_auth]
                                         }),
-      ssl_host = Puppet::SSL::Host.localhost)
+      ssl_host = Puppet.lookup(:ssl_host))
     reset!
     @ssl_configuration = ssl_configuration

data/lib/puppet/test/test_helper.rb CHANGED Viewed

@@ -38,7 +38,7 @@ module Puppet::Test
     def self.initialize()
       # This meta class instance variable is used as a guard to ensure that
       # before_each, and after_each are only called once. This problem occurs
-      # when there are more than one puppet test infrastructure "orchestrator in us.
+      # when there are more than one puppet test infrastructure orchestrator in use.
       # The use of both puppetabs-spec_helper, and rodjek-rspec_puppet will cause
       # two resets of the puppet environment, and will cause problem rolling back to
       # a known point as there is no way to differentiate where the calls are coming
@@ -84,7 +84,7 @@ module Puppet::Test
     #
     ROLLBACK_MARK = "initial testing state"
-    # Call this method once per test, prior to execution of each invididual test.
+    # Call this method once per test, prior to execution of each individual test.
     # @return nil
     def self.before_each_test()
       # When using both rspec-puppet and puppet-rspec-helper, there are two packages trying