puppet 5.5.14-x86-mingw32 → 5.5.16-x86-mingw32
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Gemfile +2 -0
- data/Gemfile.lock +18 -17
- data/ext/solaris/smf/puppet.xml +2 -0
- data/lib/hiera/scope.rb +7 -0
- data/lib/puppet.rb +1 -1
- data/lib/puppet/application/device.rb +22 -10
- data/lib/puppet/configurer.rb +23 -38
- data/lib/puppet/network/http/connection.rb +2 -0
- data/lib/puppet/pops/types/types.rb +5 -3
- data/lib/puppet/provider.rb +1 -2
- data/lib/puppet/provider/cron/crontab.rb +1 -1
- data/lib/puppet/provider/package.rb +2 -0
- data/lib/puppet/provider/package/dpkg.rb +15 -2
- data/lib/puppet/provider/package/gem.rb +65 -29
- data/lib/puppet/provider/package/pip.rb +136 -111
- data/lib/puppet/provider/package/pip3.rb +1 -1
- data/lib/puppet/provider/package/puppet_gem.rb +1 -1
- data/lib/puppet/provider/package/rpm.rb +27 -16
- data/lib/puppet/provider/package/yum.rb +1 -1
- data/lib/puppet/provider/package_targetable.rb +68 -0
- data/lib/puppet/provider/service/upstart.rb +8 -8
- data/lib/puppet/provider/user/useradd.rb +16 -13
- data/lib/puppet/settings/server_list_setting.rb +9 -0
- data/lib/puppet/ssl/validator/default_validator.rb +30 -0
- data/lib/puppet/type/package.rb +46 -9
- data/lib/puppet/util/pidlock.rb +15 -1
- data/lib/puppet/util/windows/process.rb +70 -0
- data/lib/puppet/util/windows/registry.rb +7 -1
- data/lib/puppet/util/windows/user.rb +14 -4
- data/lib/puppet/version.rb +1 -1
- data/locales/puppet.pot +81 -78
- data/man/man5/puppet.conf.5 +2 -2
- data/man/man8/puppet-agent.8 +1 -1
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-ca.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-cert.8 +1 -1
- data/man/man8/puppet-certificate.8 +1 -1
- data/man/man8/puppet-certificate_request.8 +1 -1
- data/man/man8/puppet-certificate_revocation_list.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +1 -1
- data/man/man8/puppet-filebucket.8 +1 -1
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-key.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-man.8 +1 -1
- data/man/man8/puppet-master.8 +1 -1
- data/man/man8/puppet-module.8 +1 -1
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-status.8 +1 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/integration/network/http_pool_spec.rb +120 -0
- data/spec/integration/type/package_spec.rb +1 -1
- data/spec/integration/util/windows/registry_spec.rb +52 -0
- data/spec/integration/util/windows/user_spec.rb +19 -0
- data/spec/lib/puppet_spec/https.rb +166 -0
- data/spec/unit/configurer_spec.rb +49 -13
- data/spec/unit/functions/new_spec.rb +15 -0
- data/spec/unit/hiera/scope_spec.rb +7 -0
- data/spec/unit/network/http/connection_spec.rb +0 -130
- data/spec/unit/provider/package/dpkg_spec.rb +18 -1
- data/spec/unit/provider/package/gem_spec.rb +101 -48
- data/spec/unit/provider/package/pip3_spec.rb +17 -0
- data/spec/unit/provider/package/pip_spec.rb +59 -68
- data/spec/unit/provider/package/puppet_gem_spec.rb +22 -6
- data/spec/unit/provider/package/rpm_spec.rb +116 -27
- data/spec/unit/provider/service/upstart_spec.rb +3 -19
- data/spec/unit/settings/server_list_setting_spec.rb +21 -0
- data/spec/unit/ssl/validator_spec.rb +2 -0
- data/spec/unit/util/pidlock_spec.rb +46 -0
- metadata +9 -2
| @@ -106,6 +106,12 @@ describe "Puppet::Util::Windows::User", :if => Puppet.features.microsoft_windows | |
| 106 106 | 
             
                end
         | 
| 107 107 |  | 
| 108 108 | 
             
                describe "logon_user" do
         | 
| 109 | 
            +
                  let(:fLOGON32_PROVIDER_DEFAULT) {0}
         | 
| 110 | 
            +
                  let(:fLOGON32_LOGON_INTERACTIVE) {2}
         | 
| 111 | 
            +
                  let(:fLOGON32_LOGON_NETWORK) {3}
         | 
| 112 | 
            +
                  let(:token) {'test'}
         | 
| 113 | 
            +
                  let(:user) {'test'}
         | 
| 114 | 
            +
                  let(:passwd) {'test'}
         | 
| 109 115 | 
             
                  it "should raise an error when provided with an incorrect username and password" do
         | 
| 110 116 | 
             
                    expect_logon_failure_error {
         | 
| 111 117 | 
             
                      Puppet::Util::Windows::User.logon_user(username, bad_password)
         | 
| @@ -117,8 +123,21 @@ describe "Puppet::Util::Windows::User", :if => Puppet.features.microsoft_windows | |
| 117 123 | 
             
                      Puppet::Util::Windows::User.logon_user(username, nil)
         | 
| 118 124 | 
             
                    }
         | 
| 119 125 | 
             
                  end
         | 
| 126 | 
            +
             | 
| 127 | 
            +
                  it 'should raise error given that logon returns false' do
         | 
| 128 | 
            +
             | 
| 129 | 
            +
                    allow(Puppet::Util::Windows::User).to receive(:logon_user_by_logon_type).with(
         | 
| 130 | 
            +
                        user, passwd, fLOGON32_LOGON_NETWORK, fLOGON32_PROVIDER_DEFAULT, anything).and_return (0)
         | 
| 131 | 
            +
                    allow(Puppet::Util::Windows::User).to receive(:logon_user_by_logon_type).with(
         | 
| 132 | 
            +
                        user, passwd, fLOGON32_LOGON_INTERACTIVE, fLOGON32_PROVIDER_DEFAULT, anything).and_return(0)
         | 
| 133 | 
            +
             | 
| 134 | 
            +
                    expect {Puppet::Util::Windows::User.logon_user(user, passwd) {}}
         | 
| 135 | 
            +
                        .to raise_error(Puppet::Util::Windows::Error, /Failed to logon user/)
         | 
| 136 | 
            +
             | 
| 137 | 
            +
                  end
         | 
| 120 138 | 
             
                end
         | 
| 121 139 |  | 
| 140 | 
            +
             | 
| 122 141 | 
             
                describe "password_is?" do
         | 
| 123 142 | 
             
                  it "should return false given an incorrect username and password" do
         | 
| 124 143 | 
             
                    expect(Puppet::Util::Windows::User.password_is?(username, bad_password)).to be_falsey
         | 
| @@ -0,0 +1,166 @@ | |
| 1 | 
            +
            require 'spec_helper'
         | 
| 2 | 
            +
            require 'webrick'
         | 
| 3 | 
            +
             | 
| 4 | 
            +
            class PuppetSpec::HTTPSServer
         | 
| 5 | 
            +
              attr_reader :ca_cert, :ca_crl, :server_cert, :server_key
         | 
| 6 | 
            +
             | 
| 7 | 
            +
              def initialize
         | 
| 8 | 
            +
                @ca_cert = OpenSSL::X509::Certificate.new(CA_CERT)
         | 
| 9 | 
            +
                @ca_crl = OpenSSL::X509::CRL.new(CRL)
         | 
| 10 | 
            +
                @server_key = OpenSSL::PKey::RSA.new(SERVER_KEY)
         | 
| 11 | 
            +
                @server_cert = OpenSSL::X509::Certificate.new(SERVER_CERT)
         | 
| 12 | 
            +
                @config = WEBrick::Config::HTTP.dup
         | 
| 13 | 
            +
              end
         | 
| 14 | 
            +
             | 
| 15 | 
            +
              def handle_request(ctx, ssl)
         | 
| 16 | 
            +
                req = WEBrick::HTTPRequest.new(@config)
         | 
| 17 | 
            +
                req.parse(ssl)
         | 
| 18 | 
            +
             | 
| 19 | 
            +
                res = WEBrick::HTTPResponse.new(@config)
         | 
| 20 | 
            +
                res.status = 200
         | 
| 21 | 
            +
                res.body = 'OK'
         | 
| 22 | 
            +
                res.send_response(ssl)
         | 
| 23 | 
            +
              end
         | 
| 24 | 
            +
             | 
| 25 | 
            +
              def start_server(&block)
         | 
| 26 | 
            +
                errors = []
         | 
| 27 | 
            +
             | 
| 28 | 
            +
                IO.pipe {|stop_pipe_r, stop_pipe_w|
         | 
| 29 | 
            +
                  store = OpenSSL::X509::Store.new
         | 
| 30 | 
            +
                  store.add_cert(@ca_cert)
         | 
| 31 | 
            +
                  store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT
         | 
| 32 | 
            +
                  ctx = OpenSSL::SSL::SSLContext.new
         | 
| 33 | 
            +
                  ctx.cert_store = store
         | 
| 34 | 
            +
                  ctx.cert = @server_cert
         | 
| 35 | 
            +
                  ctx.key = @server_key
         | 
| 36 | 
            +
                  ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE
         | 
| 37 | 
            +
             | 
| 38 | 
            +
                  Socket.do_not_reverse_lookup = true
         | 
| 39 | 
            +
                  tcps = TCPServer.new("127.0.0.1", 0)
         | 
| 40 | 
            +
                  begin
         | 
| 41 | 
            +
                    port = tcps.connect_address.ip_port
         | 
| 42 | 
            +
                    begin
         | 
| 43 | 
            +
                      server_thread = Thread.new do
         | 
| 44 | 
            +
                        begin
         | 
| 45 | 
            +
                          ssls = OpenSSL::SSL::SSLServer.new(tcps, ctx)
         | 
| 46 | 
            +
                          ssls.start_immediately = true
         | 
| 47 | 
            +
             | 
| 48 | 
            +
                          loop do
         | 
| 49 | 
            +
                            readable, = IO.select([ssls, stop_pipe_r])
         | 
| 50 | 
            +
                            break if readable.include? stop_pipe_r
         | 
| 51 | 
            +
             | 
| 52 | 
            +
                            ssl = ssls.accept
         | 
| 53 | 
            +
                            begin
         | 
| 54 | 
            +
                              handle_request(ctx, ssl)
         | 
| 55 | 
            +
                            ensure
         | 
| 56 | 
            +
                              ssl.close
         | 
| 57 | 
            +
                            end
         | 
| 58 | 
            +
                          end
         | 
| 59 | 
            +
                        rescue => e
         | 
| 60 | 
            +
                          # uncomment this line if something goes wrong
         | 
| 61 | 
            +
                          # puts "SERVER #{e.message}"
         | 
| 62 | 
            +
                          errors << e
         | 
| 63 | 
            +
                        end
         | 
| 64 | 
            +
                      end
         | 
| 65 | 
            +
             | 
| 66 | 
            +
                      begin
         | 
| 67 | 
            +
                        yield port
         | 
| 68 | 
            +
                      ensure
         | 
| 69 | 
            +
                        stop_pipe_w.close
         | 
| 70 | 
            +
                      end
         | 
| 71 | 
            +
                    ensure
         | 
| 72 | 
            +
                      server_thread.join
         | 
| 73 | 
            +
                    end
         | 
| 74 | 
            +
                  ensure
         | 
| 75 | 
            +
                    tcps.close
         | 
| 76 | 
            +
                  end
         | 
| 77 | 
            +
                }
         | 
| 78 | 
            +
             | 
| 79 | 
            +
                errors
         | 
| 80 | 
            +
              end
         | 
| 81 | 
            +
             | 
| 82 | 
            +
            CA_CERT = <<END
         | 
| 83 | 
            +
            -----BEGIN CERTIFICATE-----
         | 
| 84 | 
            +
            MIICMjCCAZugAwIBAgIBADANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdUZXN0
         | 
| 85 | 
            +
            IENBMB4XDTcwMDEwMTAwMDAwMFoXDTI5MDMwMTIxMzgxMVowEjEQMA4GA1UEAwwH
         | 
| 86 | 
            +
            VGVzdCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvPbXy4tgmUZsLx39
         | 
| 87 | 
            +
            Q7/Fuo5cOVk9yNzwMN4000jZQjAC8DQKXSDkbJ/6MmaiRo+VgwWlEIRVttYjrXF/
         | 
| 88 | 
            +
            YPKZowbEIaggc9uK96+HLiGiZ0H6rNM7DYsJiCX4OzJ91SOx9qsyJbyNxLbf+IP0
         | 
| 89 | 
            +
            961sTQhsRaqLn8vsn8Mv9I87eHsCAwEAAaOBlzCBlDAPBgNVHRMBAf8EBTADAQH/
         | 
| 90 | 
            +
            MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUlJ+BUoL64NmMn+IAgiLokQqr0zcw
         | 
| 91 | 
            +
            MQYJYIZIAYb4QgENBCQWIlB1cHBldCBTZXJ2ZXIgSW50ZXJuYWwgQ2VydGlmaWNh
         | 
| 92 | 
            +
            dGUwHwYDVR0jBBgwFoAUlJ+BUoL64NmMn+IAgiLokQqr0zcwDQYJKoZIhvcNAQEL
         | 
| 93 | 
            +
            BQADgYEAbIca4hMdGmQvLOnNIQJ+PaMsIQ9ZT6dr+NCvIf1Ass1dEr0qRy7tpyP0
         | 
| 94 | 
            +
            scgYmnIrOHDoe+ecyvEuG1oDb/6wLCGzD4OJXRsOzqsSCZJ31HkmDircQGpd+XbR
         | 
| 95 | 
            +
            BxqltBWaWmSBH+e64Himc1HbHRq5xb8JFRMK9dSqiF3DrREMN/A=
         | 
| 96 | 
            +
            -----END CERTIFICATE-----
         | 
| 97 | 
            +
            END
         | 
| 98 | 
            +
             | 
| 99 | 
            +
            CRL = <<END
         | 
| 100 | 
            +
            -----BEGIN X509 CRL-----
         | 
| 101 | 
            +
            MIIBCjB1AgEBMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB1Rlc3QgQ0EXDTcw
         | 
| 102 | 
            +
            MDEwMTAwMDAwMFoXDTI5MDMwMTIxMzgxMVqgLzAtMB8GA1UdIwQYMBaAFJSfgVKC
         | 
| 103 | 
            +
            +uDZjJ/iAIIi6JEKq9M3MAoGA1UdFAQDAgEAMA0GCSqGSIb3DQEBCwUAA4GBAK/r
         | 
| 104 | 
            +
            2fz+PGgDzu85Od5Tp6jH+3Ons5WURxZzpfveGcG5fgRIG274E5Q1z+Aoj9KW/J5V
         | 
| 105 | 
            +
            6FPbuoVEpykTicKKQaALHfryOEaLqIbTPu+94AivOx9RxzHhYPrblvjuDkmVf+fp
         | 
| 106 | 
            +
            O3/6YKoeOom3FP/ftKdcsx7tGXy8UxCMUaBGVb5J
         | 
| 107 | 
            +
            -----END X509 CRL-----
         | 
| 108 | 
            +
            END
         | 
| 109 | 
            +
             | 
| 110 | 
            +
            SERVER_CERT = <<END
         | 
| 111 | 
            +
            -----BEGIN CERTIFICATE-----
         | 
| 112 | 
            +
            MIIBvzCCASigAwIBAgIBAzANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdUZXN0
         | 
| 113 | 
            +
            IENBMB4XDTcwMDEwMTAwMDAwMFoXDTI5MDMwMTIxMzgxMVowFDESMBAGA1UEAwwJ
         | 
| 114 | 
            +
            MTI3LjAuMC4xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRTWFUYiB9TnI/
         | 
| 115 | 
            +
            ByjHHWnjnA02ieuczgAgI5CzrlrQCbCiogmsyvLmcKp4zJFVPTC6eG6Xy4sXANcn
         | 
| 116 | 
            +
            g44l5gr3wcSzYctukk05HSbbdoBK5jjAzMT6al9l4mQdVXmv6dIkPFq27rIEaJTu
         | 
| 117 | 
            +
            pOPaLn+mq64o2+lhTLLESOxygzOlWQIDAQABoyMwITAfBgNVHREEGDAWggkxMjcu
         | 
| 118 | 
            +
            MC4wLjGCCTEyNy4wLjAuMjANBgkqhkiG9w0BAQsFAAOBgQCNdGVATsyhgfNHe4K8
         | 
| 119 | 
            +
            19Bi80kA6bvrNQ+6dOwNA3bfpOXog3MU+T5+Sv1tlHl7lL+fnTHZkfRzcQhA10Fw
         | 
| 120 | 
            +
            YdAxLDyDcY4PzgQcWSw7Lu74TLucfzcR+s+MYHAy8XXP002kjCBrSoSMiQPtXF7P
         | 
| 121 | 
            +
            f/MQaTCXjA8BP6Ldw4wdlODR5A==
         | 
| 122 | 
            +
            -----END CERTIFICATE-----
         | 
| 123 | 
            +
            END
         | 
| 124 | 
            +
             | 
| 125 | 
            +
            SERVER_KEY = <<END
         | 
| 126 | 
            +
            -----BEGIN RSA PRIVATE KEY-----
         | 
| 127 | 
            +
            MIICXAIBAAKBgQDRTWFUYiB9TnI/ByjHHWnjnA02ieuczgAgI5CzrlrQCbCiogms
         | 
| 128 | 
            +
            yvLmcKp4zJFVPTC6eG6Xy4sXANcng44l5gr3wcSzYctukk05HSbbdoBK5jjAzMT6
         | 
| 129 | 
            +
            al9l4mQdVXmv6dIkPFq27rIEaJTupOPaLn+mq64o2+lhTLLESOxygzOlWQIDAQAB
         | 
| 130 | 
            +
            AoGAYbM9O6aSg+uaaNFut4ODajvt7wdydD+0z0vKwBUjTvk2+rOo0H/r4qW07a6Q
         | 
| 131 | 
            +
            KLnnhSOyfCkHRDWgOVGviQFZHHVptrxiMA6oiyWUL/CuKjGdDQi+Q1xnuEPh0qEz
         | 
| 132 | 
            +
            Q5ELkY1amDFS0pQV0LkDOweF4rc57haJcgRFxOz2HQJKeAECQQD0csJ4/sTq7lsg
         | 
| 133 | 
            +
            ebIFn0kKL/k99H53rUH3XlrnGo9CnVChLe6K9J/4smp98MCre0eSgc9ahNs2c4Fs
         | 
| 134 | 
            +
            ZpcgT8mVAkEA2zFwDhSXkkcWGmfk2Q/pfj/0OqLcIGTYkvi3sc2uirHb93VOLlvj
         | 
| 135 | 
            +
            ClM2XwRWeeeiEW+Ev5bLmHVGuK55+h/jtQJAfwTatJB9ti2gwGE79dvs0hRXiK/w
         | 
| 136 | 
            +
            vzMSIf2vcoLEijLAYOBDIYU3Ur0yxLpDA1gNur0lB74dQlAGolM0mB+deQJBAKBf
         | 
| 137 | 
            +
            RYsnydY+qI9dYHToTYAPrtOQANq6rjKqQ0yWHpRfmX8ulqsYk78kLu3KMLM0pMF5
         | 
| 138 | 
            +
            BHlhDUlY1QuerKQy3NkCQENWVz2NfnrrcgXUMHBojONcP3mkkOUocO4Ezm4GAgXO
         | 
| 139 | 
            +
            L55O+hAtuLYdxmuNPNhT2eyOsJ/pmPntS2k/rp39Hf4=
         | 
| 140 | 
            +
            -----END RSA PRIVATE KEY-----
         | 
| 141 | 
            +
            END
         | 
| 142 | 
            +
             | 
| 143 | 
            +
            UNKNOWN_CA = <<END
         | 
| 144 | 
            +
            -----BEGIN CERTIFICATE-----
         | 
| 145 | 
            +
            MIIEFTCCAv2gAwIBAgIGSUEs5AAQMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYDVQQGEwJIVTERMA8G
         | 
| 146 | 
            +
            A1UEBwwIQnVkYXBlc3QxFTATBgNVBAoMDE5ldExvY2sgS2Z0LjE3MDUGA1UECwwuVGFuw7pzw610
         | 
| 147 | 
            +
            dsOhbnlraWFkw7NrIChDZXJ0aWZpY2F0aW9uIFNlcnZpY2VzKTE1MDMGA1UEAwwsTmV0TG9jayBB
         | 
| 148 | 
            +
            cmFueSAoQ2xhc3MgR29sZCkgRsWRdGFuw7pzw610dsOhbnkwHhcNMDgxMjExMTUwODIxWhcNMjgx
         | 
| 149 | 
            +
            MjA2MTUwODIxWjCBpzELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRUwEwYDVQQKDAxO
         | 
| 150 | 
            +
            ZXRMb2NrIEtmdC4xNzA1BgNVBAsMLlRhbsO6c8OtdHbDoW55a2lhZMOzayAoQ2VydGlmaWNhdGlv
         | 
| 151 | 
            +
            biBTZXJ2aWNlcykxNTAzBgNVBAMMLE5ldExvY2sgQXJhbnkgKENsYXNzIEdvbGQpIEbFkXRhbsO6
         | 
| 152 | 
            +
            c8OtdHbDoW55MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCRec75LbRTDofTjl5Bu
         | 
| 153 | 
            +
            0jBFHjzuZ9lk4BqKf8owyoPjIMHj9DrTlF8afFttvzBPhCf2nx9JvMaZCpDyD/V/Q4Q3Y1GLeqVw
         | 
| 154 | 
            +
            /HpYzY6b7cNGbIRwXdrzAZAj/E4wqX7hJ2Pn7WQ8oLjJM2P+FpD/sLj916jAwJRDC7bVWaaeVtAk
         | 
| 155 | 
            +
            H3B5r9s5VA1lddkVQZQBr17s9o3x/61k/iCa11zr/qYfCGSji3ZVrR47KGAuhyXoqq8fxmRGILdw
         | 
| 156 | 
            +
            fzzeSNuWU7c5d+Qa4scWhHaXWy+7GRWF+GmF9ZmnqfI0p6m2pgP8b4Y9VHx2BJtr+UBdADTHLpl1
         | 
| 157 | 
            +
            neWIA6pN+APSQnbAGwIDAKiLo0UwQzASBgNVHRMBAf8ECDAGAQH/AgEEMA4GA1UdDwEB/wQEAwIB
         | 
| 158 | 
            +
            BjAdBgNVHQ4EFgQUzPpnk/C2uNClwB7zU/2MU9+D15YwDQYJKoZIhvcNAQELBQADggEBAKt/7hwW
         | 
| 159 | 
            +
            qZw8UQCgwBEIBaeZ5m8BiFRhbvG5GK1Krf6BQCOUL/t1fC8oS2IkgYIL9WHxHG64YTjrgfpioTta
         | 
| 160 | 
            +
            YtOUZcTh5m2C+C8lcLIhJsFyUR+MLMOEkMNaj7rP9KdlpeuY0fsFskZ1FSNqb4VjMIDw1Z4fKRzC
         | 
| 161 | 
            +
            bLBQWV2QWzuoDTDPv31/zvGdg73JRm4gpvlhUbohL3u+pRVjodSVh/GeufOJ8z2FuLjbvrW5Kfna
         | 
| 162 | 
            +
            NwUASZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aULNmLazAZfNou2XjG4Kvte9nHfRCaexOYNkbQu
         | 
| 163 | 
            +
            dZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7E=
         | 
| 164 | 
            +
            -----END CERTIFICATE-----
         | 
| 165 | 
            +
            END
         | 
| 166 | 
            +
            end
         | 
| @@ -1013,29 +1013,65 @@ describe Puppet::Configurer do | |
| 1013 1013 | 
             
                  @agent.run :catalog => catalog
         | 
| 1014 1014 | 
             
                end
         | 
| 1015 1015 |  | 
| 1016 | 
            -
                it "should select a server when  | 
| 1016 | 
            +
                it "should select a server when it receives 200 OK response" do
         | 
| 1017 1017 | 
             
                  Puppet.settings[:server_list] = ["myserver:123"]
         | 
| 1018 | 
            -
                   | 
| 1019 | 
            -
                   | 
| 1020 | 
            -
                   | 
| 1021 | 
            -
             | 
| 1022 | 
            -
                   | 
| 1023 | 
            -
                   | 
| 1018 | 
            +
                  response = Net::HTTPOK.new(nil, 200, 'OK')
         | 
| 1019 | 
            +
                  allow(Puppet::Network::HttpPool).to receive(:http_ssl_instance).with('myserver', '123').and_return(double('request', get: response))
         | 
| 1020 | 
            +
                  allow(@agent).to receive(:run_internal)
         | 
| 1021 | 
            +
             | 
| 1022 | 
            +
                  options = {}
         | 
| 1023 | 
            +
                  @agent.run(options)
         | 
| 1024 | 
            +
                  expect(options[:report].master_used).to eq('myserver:123')
         | 
| 1025 | 
            +
                end
         | 
| 1026 | 
            +
             | 
| 1027 | 
            +
                it "should select a server when it receives 403 Forbidden" do
         | 
| 1028 | 
            +
                  Puppet.settings[:server_list] = ["myserver:123"]
         | 
| 1029 | 
            +
                  response = Net::HTTPForbidden.new(nil, 403, 'Forbidden')
         | 
| 1030 | 
            +
                  allow(Puppet::Network::HttpPool).to receive(:http_ssl_instance).with('myserver', '123').and_return(double('request', get: response))
         | 
| 1031 | 
            +
                  allow(@agent).to receive(:run_internal)
         | 
| 1032 | 
            +
             | 
| 1033 | 
            +
                  options = {}
         | 
| 1034 | 
            +
                  @agent.run(options)
         | 
| 1035 | 
            +
                  expect(options[:report].master_used).to eq('myserver:123')
         | 
| 1036 | 
            +
                end
         | 
| 1037 | 
            +
             | 
| 1038 | 
            +
                it "queries the simple status for the 'master' service" do
         | 
| 1039 | 
            +
                  Puppet.settings[:server_list] = ["myserver:123"]
         | 
| 1040 | 
            +
                  response = Net::HTTPOK.new(nil, 200, 'OK')
         | 
| 1041 | 
            +
                  http = double('request')
         | 
| 1042 | 
            +
                  expect(http).to receive(:get).with('/status/v1/simple/master').and_return(response)
         | 
| 1043 | 
            +
                  allow(Puppet::Network::HttpPool).to receive(:http_ssl_instance).with('myserver', '123').and_return(http)
         | 
| 1044 | 
            +
                  allow(@agent).to receive(:run_internal)
         | 
| 1045 | 
            +
             | 
| 1024 1046 | 
             
                  @agent.run
         | 
| 1025 1047 | 
             
                end
         | 
| 1026 1048 |  | 
| 1027 | 
            -
                it "should  | 
| 1049 | 
            +
                it "should report when a server is unavailable" do
         | 
| 1028 1050 | 
             
                  Puppet.settings[:server_list] = ["myserver:123"]
         | 
| 1051 | 
            +
                  response = Net::HTTPInternalServerError.new(nil, 500, 'Internal Server Error')
         | 
| 1052 | 
            +
                  allow(Puppet::Network::HttpPool).to receive(:http_ssl_instance).with('myserver', '123').and_return(double('request', get: response))
         | 
| 1053 | 
            +
                  allow(@agent).to receive(:run_internal)
         | 
| 1054 | 
            +
             | 
| 1055 | 
            +
                  expect(Puppet).to receive(:debug).with("Puppet server myserver:123 is unavailable: 500 Internal Server Error")
         | 
| 1056 | 
            +
                  expect { @agent.run }.to raise_error(Puppet::Error, /Could not select a functional puppet master from server_list:/)
         | 
| 1057 | 
            +
                end
         | 
| 1058 | 
            +
             | 
| 1059 | 
            +
                it "should error when no servers in 'server_list' are reachable" do
         | 
| 1060 | 
            +
                  Puppet.settings[:server_list] = "myserver:123,someotherservername"
         | 
| 1029 1061 | 
             
                  pool = Puppet::Network::HTTP::Pool.new(Puppet[:http_keepalive_timeout])
         | 
| 1030 | 
            -
                   | 
| 1031 | 
            -
                   | 
| 1032 | 
            -
                   | 
| 1062 | 
            +
                  allow(Puppet::Network::HTTP::Pool).to receive(:new).and_return(pool)
         | 
| 1063 | 
            +
                  allow(Puppet).to receive(:override).with({:http_pool => pool}).and_yield
         | 
| 1064 | 
            +
                  allow(Puppet).to receive(:override).with({:server => "myserver", :serverport => '123'}).and_yield
         | 
| 1065 | 
            +
                  allow(Puppet).to receive(:override).with({:server => "someotherservername", :serverport => 8140}).and_yield
         | 
| 1033 1066 | 
             
                  error = Net::HTTPError.new(400, 'dummy server communication error')
         | 
| 1034 | 
            -
                   | 
| 1035 | 
            -
                  expect{ @agent.run }.to raise_error(Puppet::Error, /Could not select a functional puppet master from server_list/)
         | 
| 1067 | 
            +
                  allow(Puppet::Node.indirection).to receive(:find).and_raise(error)
         | 
| 1068 | 
            +
                  expect{ @agent.run }.to raise_error(Puppet::Error, /Could not select a functional puppet master from server_list: 'myserver:123,someotherservername'/)
         | 
| 1036 1069 | 
             
                end
         | 
| 1037 1070 |  | 
| 1038 1071 | 
             
                it "should not make multiple node requets when the server is found" do
         | 
| 1072 | 
            +
                  response = Net::HTTPOK.new(nil, 200, 'OK')
         | 
| 1073 | 
            +
                  allow(Puppet::Network::HttpPool).to receive(:http_ssl_instance).with('myserver', '123').and_return(double('request', get: response))
         | 
| 1074 | 
            +
                  
         | 
| 1039 1075 | 
             
                  Puppet.settings[:server_list] = ["myserver:123"]
         | 
| 1040 1076 | 
             
                  expect(Puppet::Node.indirection).to receive(:find).and_return("mynode").once
         | 
| 1041 1077 | 
             
                  expect(@agent).to receive(:prepare_and_retrieve_catalog).and_return(nil)
         | 
| @@ -174,6 +174,19 @@ describe 'the new function' do | |
| 174 174 | 
             
                      )).to have_resource("Notify[Integer, #{result}]")
         | 
| 175 175 | 
             
                    end
         | 
| 176 176 | 
             
                  end
         | 
| 177 | 
            +
             | 
| 178 | 
            +
                  { '0x0G'  => :error,
         | 
| 179 | 
            +
                    '08'    => :error,
         | 
| 180 | 
            +
                    '10F'   => :error,
         | 
| 181 | 
            +
                    '0B2'   => :error,
         | 
| 182 | 
            +
                  }.each do |str, result|
         | 
| 183 | 
            +
                    it "errors when given a non Integer compliant string '#{str}'" do
         | 
| 184 | 
            +
                      expect{compile_to_catalog(<<-"MANIFEST"
         | 
| 185 | 
            +
                        $x = Integer.new("#{str}")
         | 
| 186 | 
            +
                      MANIFEST
         | 
| 187 | 
            +
                    )}.to raise_error(Puppet::Error, /invalid value|cannot be converted to Integer/)
         | 
| 188 | 
            +
                    end
         | 
| 189 | 
            +
                  end
         | 
| 177 190 | 
             
                end
         | 
| 178 191 |  | 
| 179 192 | 
             
                context "when radix is explicitly set to 'default' it" do
         | 
| @@ -307,6 +320,8 @@ describe 'the new function' do | |
| 307 320 | 
             
                  { "10"     => 10,
         | 
| 308 321 | 
             
                    "010"    => 10,
         | 
| 309 322 | 
             
                    "00010"  => 10,
         | 
| 323 | 
            +
                    "08"     => 8,
         | 
| 324 | 
            +
                    "0008"   => 8,
         | 
| 310 325 | 
             
                  }.each do |str, result|
         | 
| 311 326 | 
             
                    it "produces #{result} from the string '#{str}'" do
         | 
| 312 327 | 
             
                      expect(compile_to_catalog(<<-"MANIFEST"
         | 
| @@ -90,4 +90,11 @@ describe Hiera::Scope do | |
| 90 90 | 
             
                  expect(scope.include?("calling_module")).to eq(true)
         | 
| 91 91 | 
             
                end
         | 
| 92 92 | 
             
              end
         | 
| 93 | 
            +
             | 
| 94 | 
            +
              describe "#call_function" do
         | 
| 95 | 
            +
                it "should delegate a call to call_function to the real scope" do
         | 
| 96 | 
            +
                  expect(real).to receive(:call_function).once
         | 
| 97 | 
            +
                  scope.call_function('some_function', [1,2,3])
         | 
| 98 | 
            +
                end
         | 
| 99 | 
            +
              end
         | 
| 93 100 | 
             
            end
         | 
| @@ -61,136 +61,6 @@ describe Puppet::Network::HTTP::Connection do | |
| 61 61 | 
             
                end
         | 
| 62 62 | 
             
              end
         | 
| 63 63 |  | 
| 64 | 
            -
              class ConstantErrorValidator
         | 
| 65 | 
            -
                def initialize(args)
         | 
| 66 | 
            -
                  @fails_with = args[:fails_with]
         | 
| 67 | 
            -
                  @error_string = args[:error_string] || ""
         | 
| 68 | 
            -
                  @peer_certs = args[:peer_certs] || []
         | 
| 69 | 
            -
                end
         | 
| 70 | 
            -
             | 
| 71 | 
            -
                def setup_connection(connection)
         | 
| 72 | 
            -
                end
         | 
| 73 | 
            -
             | 
| 74 | 
            -
                def peer_certs
         | 
| 75 | 
            -
                  @peer_certs
         | 
| 76 | 
            -
                end
         | 
| 77 | 
            -
             | 
| 78 | 
            -
                def verify_errors
         | 
| 79 | 
            -
                  [@error_string]
         | 
| 80 | 
            -
                end
         | 
| 81 | 
            -
              end
         | 
| 82 | 
            -
             | 
| 83 | 
            -
              class NoProblemsValidator
         | 
| 84 | 
            -
                def initialize(cert)
         | 
| 85 | 
            -
                  @cert = cert
         | 
| 86 | 
            -
                end
         | 
| 87 | 
            -
             | 
| 88 | 
            -
                def setup_connection(connection)
         | 
| 89 | 
            -
                end
         | 
| 90 | 
            -
             | 
| 91 | 
            -
                def peer_certs
         | 
| 92 | 
            -
                  [@cert]
         | 
| 93 | 
            -
                end
         | 
| 94 | 
            -
             | 
| 95 | 
            -
                def verify_errors
         | 
| 96 | 
            -
                  []
         | 
| 97 | 
            -
                end
         | 
| 98 | 
            -
              end
         | 
| 99 | 
            -
             | 
| 100 | 
            -
              shared_examples_for 'ssl verifier' do
         | 
| 101 | 
            -
                include PuppetSpec::Files
         | 
| 102 | 
            -
             | 
| 103 | 
            -
                let (:host) { "my_server" }
         | 
| 104 | 
            -
                let (:port) { 8140 }
         | 
| 105 | 
            -
             | 
| 106 | 
            -
                before :all do
         | 
| 107 | 
            -
                  WebMock.disable!
         | 
| 108 | 
            -
                end
         | 
| 109 | 
            -
             | 
| 110 | 
            -
                after :all do
         | 
| 111 | 
            -
                  WebMock.enable!
         | 
| 112 | 
            -
                end
         | 
| 113 | 
            -
             | 
| 114 | 
            -
                before(:each) do
         | 
| 115 | 
            -
                  allow_any_instance_of(ConstantErrorValidator).to receive(:setup_connection) do |cev, connection|
         | 
| 116 | 
            -
                    allow(connection).to receive(:start).and_raise(OpenSSL::SSL::SSLError.new(cev.instance_variable_get(:@fails_with)))
         | 
| 117 | 
            -
                  end
         | 
| 118 | 
            -
                end
         | 
| 119 | 
            -
             | 
| 120 | 
            -
                it "should provide a useful error message when one is available and certificate validation fails", :unless => Puppet.features.microsoft_windows? do
         | 
| 121 | 
            -
                  connection = Puppet::Network::HTTP::Connection.new(
         | 
| 122 | 
            -
                    host, port,
         | 
| 123 | 
            -
                    :verify => ConstantErrorValidator.new(:fails_with => 'certificate verify failed',
         | 
| 124 | 
            -
                                                          :error_string => 'shady looking signature'))
         | 
| 125 | 
            -
             | 
| 126 | 
            -
                  expect do
         | 
| 127 | 
            -
                    connection.get('request')
         | 
| 128 | 
            -
                  end.to raise_error(Puppet::Error, /certificate verify failed: \[shady looking signature\]/)
         | 
| 129 | 
            -
                end
         | 
| 130 | 
            -
             | 
| 131 | 
            -
                it "should provide a helpful error message when hostname was not match with server certificate", :unless => Puppet.features.microsoft_windows? do
         | 
| 132 | 
            -
                  Puppet[:confdir] = tmpdir('conf')
         | 
| 133 | 
            -
             | 
| 134 | 
            -
                  connection = Puppet::Network::HTTP::Connection.new(
         | 
| 135 | 
            -
                  host, port,
         | 
| 136 | 
            -
                  :verify => ConstantErrorValidator.new(
         | 
| 137 | 
            -
                    :fails_with => 'hostname was not match with server certificate',
         | 
| 138 | 
            -
                    :peer_certs => [Puppet::SSL::CertificateAuthority.new.generate(
         | 
| 139 | 
            -
                      'not_my_server', :dns_alt_names => 'foo,bar,baz')]))
         | 
| 140 | 
            -
             | 
| 141 | 
            -
                  expect do
         | 
| 142 | 
            -
                    connection.get('request')
         | 
| 143 | 
            -
                  end.to raise_error(Puppet::Error) do |error|
         | 
| 144 | 
            -
                    error.message =~ /\AServer hostname 'my_server' did not match server certificate; expected one of (.+)/
         | 
| 145 | 
            -
                    expect($1.split(', ')).to match_array(%w[DNS:foo DNS:bar DNS:baz DNS:not_my_server not_my_server])
         | 
| 146 | 
            -
                  end
         | 
| 147 | 
            -
                end
         | 
| 148 | 
            -
             | 
| 149 | 
            -
                it "should pass along the error message otherwise" do
         | 
| 150 | 
            -
                  connection = Puppet::Network::HTTP::Connection.new(
         | 
| 151 | 
            -
                    host, port,
         | 
| 152 | 
            -
                    :verify => ConstantErrorValidator.new(:fails_with => 'some other message'))
         | 
| 153 | 
            -
             | 
| 154 | 
            -
                  expect do
         | 
| 155 | 
            -
                    connection.get('request')
         | 
| 156 | 
            -
                  end.to raise_error(/some other message/)
         | 
| 157 | 
            -
                end
         | 
| 158 | 
            -
             | 
| 159 | 
            -
                it "should check all peer certificates for upcoming expiration", :unless => Puppet.features.microsoft_windows? do
         | 
| 160 | 
            -
                  Puppet[:confdir] = tmpdir('conf')
         | 
| 161 | 
            -
                  cert = Puppet::SSL::CertificateAuthority.new.generate(
         | 
| 162 | 
            -
                    'server', :dns_alt_names => 'foo,bar,baz')
         | 
| 163 | 
            -
             | 
| 164 | 
            -
                  connection = Puppet::Network::HTTP::Connection.new(
         | 
| 165 | 
            -
                    host, port,
         | 
| 166 | 
            -
                    :verify => NoProblemsValidator.new(cert))
         | 
| 167 | 
            -
             | 
| 168 | 
            -
                  allow_any_instance_of(Net::HTTP).to receive(:start)
         | 
| 169 | 
            -
                  allow_any_instance_of(Net::HTTP).to receive(:request).and_return(httpok)
         | 
| 170 | 
            -
                  allow_any_instance_of(Puppet::Network::HTTP::Pool).to receive(:setsockopts)
         | 
| 171 | 
            -
             | 
| 172 | 
            -
                  connection.get('request')
         | 
| 173 | 
            -
                end
         | 
| 174 | 
            -
              end
         | 
| 175 | 
            -
             | 
| 176 | 
            -
              context "when using single use HTTPS connections" do
         | 
| 177 | 
            -
                it_behaves_like 'ssl verifier' do
         | 
| 178 | 
            -
                end
         | 
| 179 | 
            -
              end
         | 
| 180 | 
            -
             | 
| 181 | 
            -
              context "when using persistent HTTPS connections" do
         | 
| 182 | 
            -
                around :each do |example|
         | 
| 183 | 
            -
                  pool = Puppet::Network::HTTP::Pool.new
         | 
| 184 | 
            -
                  Puppet.override(:http_pool => pool) do
         | 
| 185 | 
            -
                    example.run
         | 
| 186 | 
            -
                  end
         | 
| 187 | 
            -
                  pool.close
         | 
| 188 | 
            -
                end
         | 
| 189 | 
            -
             | 
| 190 | 
            -
                it_behaves_like 'ssl verifier' do
         | 
| 191 | 
            -
                end
         | 
| 192 | 
            -
              end
         | 
| 193 | 
            -
             | 
| 194 64 | 
             
              context "when response is a redirect" do
         | 
| 195 65 | 
             
                let (:site)       { Puppet::Network::HTTP::Site.new('http', 'my_server', 8140) }
         | 
| 196 66 | 
             
                let (:other_site) { Puppet::Network::HTTP::Site.new('http', 'redirected', 9292) }
         |