puppet 5.5.22-x64-mingw32 → 6.0.0-x64-mingw32
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Gemfile +46 -72
- data/Gemfile.lock +86 -102
- data/MAINTAINERS +47 -0
- data/Rakefile +15 -19
- data/ext/build_defaults.yaml +0 -1
- data/ext/cert_inspector +3 -3
- data/ext/debian/copyright +0 -22
- data/ext/project_data.yaml +8 -10
- data/ext/puppet-test +2 -2
- data/ext/redhat/puppet.spec.erb +0 -4
- data/ext/regexp_nodes/regexp_nodes.rb +4 -4
- data/ext/solaris/smf/puppet.xml +0 -2
- data/ext/solaris/smf/svc-puppetd +1 -8
- data/ext/solaris/smf/svc-puppetmasterd +1 -8
- data/ext/windows/eventlog/Rakefile +32 -0
- data/ext/windows/eventlog/puppetres.dll +0 -0
- data/ext/windows/eventlog/puppetres.mc +18 -0
- data/ext/windows/service/daemon.rb +8 -54
- data/install.rb +24 -6
- data/lib/hiera/scope.rb +0 -7
- data/lib/puppet.rb +10 -21
- data/lib/puppet/agent.rb +13 -5
- data/lib/puppet/application.rb +10 -8
- data/lib/puppet/application/agent.rb +3 -21
- data/lib/puppet/application/apply.rb +22 -12
- data/lib/puppet/application/cert.rb +25 -180
- data/lib/puppet/application/describe.rb +9 -3
- data/lib/puppet/application/device.rb +41 -74
- data/lib/puppet/application/doc.rb +5 -3
- data/lib/puppet/application/filebucket.rb +1 -23
- data/lib/puppet/application/lookup.rb +2 -2
- data/lib/puppet/application/resource.rb +4 -4
- data/lib/puppet/application/script.rb +3 -3
- data/lib/puppet/application/ssl.rb +133 -0
- data/lib/puppet/application_support.rb +1 -2
- data/lib/puppet/configurer.rb +62 -127
- data/lib/puppet/configurer/downloader.rb +17 -34
- data/lib/puppet/configurer/fact_handler.rb +5 -1
- data/lib/puppet/configurer/plugin_handler.rb +2 -3
- data/lib/puppet/confine/false.rb +1 -7
- data/lib/puppet/confine/true.rb +1 -7
- data/lib/puppet/daemon.rb +2 -2
- data/lib/puppet/datatypes.rb +1 -1
- data/lib/puppet/defaults.rb +126 -286
- data/lib/puppet/environments.rb +2 -7
- data/lib/puppet/error.rb +14 -10
- data/lib/puppet/etc.rb +4 -25
- data/lib/puppet/external/dot.rb +23 -17
- data/lib/puppet/face/config.rb +50 -12
- data/lib/puppet/face/epp.rb +2 -2
- data/lib/puppet/face/facts.rb +1 -1
- data/lib/puppet/face/help.rb +21 -7
- data/lib/puppet/face/help/global.erb +2 -2
- data/lib/puppet/face/module/build.rb +4 -59
- data/lib/puppet/face/module/generate.rb +5 -247
- data/lib/puppet/face/module/install.rb +0 -4
- data/lib/puppet/face/module/list.rb +5 -10
- data/lib/puppet/face/module/search.rb +2 -2
- data/lib/puppet/face/module/uninstall.rb +1 -5
- data/lib/puppet/face/module/upgrade.rb +1 -5
- data/lib/puppet/face/node/clean.rb +14 -10
- data/lib/puppet/face/plugin.rb +2 -9
- data/lib/puppet/feature/base.rb +7 -26
- data/lib/puppet/feature/eventlog.rb +1 -1
- data/lib/puppet/file_bucket/dipper.rb +1 -1
- data/lib/puppet/file_serving/base.rb +7 -7
- data/lib/puppet/file_serving/fileset.rb +2 -2
- data/lib/puppet/file_serving/http_metadata.rb +1 -1
- data/lib/puppet/file_serving/metadata.rb +4 -3
- data/lib/puppet/file_serving/mount/locales.rb +2 -1
- data/lib/puppet/file_serving/mount/pluginfacts.rb +2 -1
- data/lib/puppet/file_serving/mount/plugins.rb +2 -1
- data/lib/puppet/file_system.rb +8 -0
- data/lib/puppet/file_system/memory_file.rb +1 -1
- data/lib/puppet/file_system/posix.rb +2 -3
- data/lib/puppet/file_system/uniquefile.rb +0 -4
- data/lib/puppet/forge.rb +8 -12
- data/lib/puppet/functions.rb +138 -0
- data/lib/puppet/functions/abs.rb +61 -0
- data/lib/puppet/functions/call.rb +38 -2
- data/lib/puppet/functions/camelcase.rb +62 -0
- data/lib/puppet/functions/capitalize.rb +61 -0
- data/lib/puppet/functions/ceiling.rb +37 -0
- data/lib/puppet/functions/chomp.rb +57 -0
- data/lib/puppet/functions/chop.rb +67 -0
- data/lib/puppet/functions/compare.rb +125 -0
- data/lib/puppet/functions/convert_to.rb +3 -2
- data/lib/puppet/functions/dig.rb +21 -1
- data/lib/puppet/functions/downcase.rb +89 -0
- data/lib/puppet/functions/epp.rb +4 -4
- data/lib/puppet/functions/eyaml_lookup_key.rb +4 -5
- data/lib/puppet/functions/filter.rb +7 -6
- data/lib/puppet/functions/floor.rb +37 -0
- data/lib/puppet/functions/get.rb +150 -0
- data/lib/puppet/functions/getvar.rb +87 -0
- data/lib/puppet/functions/inline_epp.rb +5 -5
- data/lib/puppet/functions/lstrip.rb +58 -0
- data/lib/puppet/functions/max.rb +183 -0
- data/lib/puppet/functions/min.rb +182 -0
- data/lib/puppet/functions/new.rb +3 -8
- data/lib/puppet/functions/reduce.rb +4 -2
- data/lib/puppet/functions/reverse_each.rb +1 -1
- data/lib/puppet/functions/round.rb +24 -0
- data/lib/puppet/functions/rstrip.rb +58 -0
- data/lib/puppet/functions/size.rb +15 -0
- data/lib/puppet/functions/sort.rb +74 -0
- data/lib/puppet/functions/step.rb +1 -1
- data/lib/puppet/functions/strip.rb +58 -0
- data/lib/puppet/functions/upcase.rb +89 -0
- data/lib/puppet/functions/yaml_data.rb +4 -5
- data/lib/puppet/gettext/config.rb +1 -1
- data/lib/puppet/gettext/module_translations.rb +1 -1
- data/lib/puppet/graph.rb +0 -2
- data/lib/puppet/graph/rb_tree_map.rb +2 -2
- data/lib/puppet/graph/simple_graph.rb +10 -7
- data/lib/puppet/indirector/catalog/compiler.rb +0 -8
- data/lib/puppet/indirector/catalog/json.rb +14 -3
- data/lib/puppet/indirector/catalog/yaml.rb +0 -16
- data/lib/puppet/indirector/certificate/file.rb +0 -1
- data/lib/puppet/indirector/facts/yaml.rb +4 -2
- data/lib/puppet/indirector/file_bucket_file/file.rb +1 -1
- data/lib/puppet/indirector/hiera.rb +0 -6
- data/lib/puppet/indirector/indirection.rb +8 -12
- data/lib/puppet/indirector/key/file.rb +1 -6
- data/lib/puppet/indirector/node/exec.rb +1 -3
- data/lib/puppet/indirector/node/yaml.rb +0 -6
- data/lib/puppet/indirector/request.rb +20 -27
- data/lib/puppet/indirector/resource/ral.rb +3 -1
- data/lib/puppet/indirector/resource/validator.rb +1 -1
- data/lib/puppet/indirector/rest.rb +7 -65
- data/lib/puppet/indirector/ssl_file.rb +3 -44
- data/lib/puppet/indirector/terminus.rb +1 -1
- data/lib/puppet/indirector/yaml.rb +4 -4
- data/lib/puppet/info_service/task_information_service.rb +7 -3
- data/lib/puppet/interface.rb +2 -3
- data/lib/puppet/interface/action.rb +2 -5
- data/lib/puppet/interface/face_collection.rb +3 -1
- data/lib/puppet/loaders.rb +2 -0
- data/lib/puppet/metatype/manager.rb +3 -5
- data/lib/puppet/module.rb +5 -31
- data/lib/puppet/module/task.rb +208 -30
- data/lib/puppet/module_tool.rb +2 -5
- data/lib/puppet/module_tool/applications.rb +0 -1
- data/lib/puppet/module_tool/applications/application.rb +1 -1
- data/lib/puppet/module_tool/applications/installer.rb +7 -8
- data/lib/puppet/module_tool/applications/uninstaller.rb +4 -5
- data/lib/puppet/module_tool/applications/unpacker.rb +1 -1
- data/lib/puppet/module_tool/applications/upgrader.rb +5 -6
- data/lib/puppet/module_tool/installed_modules.rb +2 -2
- data/lib/puppet/module_tool/local_tarball.rb +3 -3
- data/lib/puppet/module_tool/metadata.rb +1 -2
- data/lib/puppet/module_tool/shared_behaviors.rb +6 -6
- data/lib/puppet/module_tool/tar/mini.rb +2 -12
- data/lib/puppet/network/authconfig.rb +0 -13
- data/lib/puppet/network/format_support.rb +13 -8
- data/lib/puppet/network/formats.rb +93 -2
- data/lib/puppet/network/http.rb +0 -2
- data/lib/puppet/network/http/api.rb +1 -10
- data/lib/puppet/network/http/api/indirected_routes.rb +22 -16
- data/lib/puppet/network/http/api/master/v3/environment.rb +0 -3
- data/lib/puppet/network/http/connection.rb +14 -57
- data/lib/puppet/network/http/factory.rb +13 -7
- data/lib/puppet/network/http/handler.rb +59 -27
- data/lib/puppet/network/http/pool.rb +1 -7
- data/lib/puppet/network/http/site.rb +1 -1
- data/lib/puppet/network/resolver.rb +140 -67
- data/lib/puppet/node.rb +1 -2
- data/lib/puppet/node/environment.rb +5 -30
- data/lib/puppet/node/facts.rb +11 -1
- data/lib/puppet/parameter.rb +4 -7
- data/lib/puppet/parser/ast.rb +5 -9
- data/lib/puppet/parser/ast/branch.rb +3 -3
- data/lib/puppet/parser/ast/leaf.rb +5 -0
- data/lib/puppet/parser/ast/resourceparam.rb +1 -1
- data/lib/puppet/parser/catalog_compiler.rb +32 -0
- data/lib/puppet/parser/compiler.rb +2 -3
- data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +0 -2
- data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +0 -2
- data/lib/puppet/parser/environment_compiler.rb +0 -3
- data/lib/puppet/parser/functions.rb +48 -18
- data/lib/puppet/parser/functions/epp.rb +3 -3
- data/lib/puppet/parser/functions/filter.rb +1 -1
- data/lib/puppet/parser/functions/generate.rb +1 -1
- data/lib/puppet/parser/functions/inline_epp.rb +5 -5
- data/lib/puppet/parser/resource.rb +2 -4
- data/lib/puppet/parser/resource/param.rb +12 -11
- data/lib/puppet/parser/scope.rb +6 -8
- data/lib/puppet/parser/script_compiler.rb +7 -2
- data/lib/puppet/pops.rb +1 -0
- data/lib/puppet/pops/adaptable.rb +13 -7
- data/lib/puppet/pops/adapters.rb +18 -8
- data/lib/puppet/pops/evaluator/access_operator.rb +2 -2
- data/lib/puppet/pops/evaluator/collectors/abstract_collector.rb +4 -4
- data/lib/puppet/pops/evaluator/collectors/catalog_collector.rb +1 -1
- data/lib/puppet/pops/evaluator/collectors/exported_collector.rb +1 -1
- data/lib/puppet/pops/evaluator/compare_operator.rb +3 -1
- data/lib/puppet/pops/evaluator/deferred_resolver.rb +127 -0
- data/lib/puppet/pops/evaluator/evaluator_impl.rb +17 -2
- data/lib/puppet/pops/evaluator/external_syntax_support.rb +2 -3
- data/lib/puppet/pops/evaluator/runtime3_converter.rb +23 -4
- data/lib/puppet/pops/evaluator/runtime3_support.rb +7 -8
- data/lib/puppet/pops/functions/dispatch.rb +6 -0
- data/lib/puppet/pops/issues.rb +9 -10
- data/lib/puppet/pops/loader/loader.rb +1 -1
- data/lib/puppet/pops/loader/loader_paths.rb +5 -3
- data/lib/puppet/pops/loader/module_loaders.rb +47 -21
- data/lib/puppet/pops/loader/null_loader.rb +60 -0
- data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +54 -0
- data/lib/puppet/pops/loader/static_loader.rb +0 -36
- data/lib/puppet/pops/loader/task_instantiator.rb +72 -44
- data/lib/puppet/pops/loaders.rb +21 -33
- data/lib/puppet/pops/lookup/hiera_config.rb +1 -2
- data/lib/puppet/pops/lookup/sub_lookup.rb +1 -1
- data/lib/puppet/pops/merge_strategy.rb +18 -22
- data/lib/puppet/pops/model/ast.pp +16 -0
- data/lib/puppet/pops/model/ast.rb +94 -0
- data/lib/puppet/pops/model/factory.rb +17 -38
- data/lib/puppet/pops/model/model_label_provider.rb +8 -1
- data/lib/puppet/pops/parser/egrammar.ra +14 -3
- data/lib/puppet/pops/parser/eparser.rb +1537 -1492
- data/lib/puppet/pops/parser/epp_support.rb +6 -2
- data/lib/puppet/pops/parser/heredoc_support.rb +8 -17
- data/lib/puppet/pops/parser/interpolation_support.rb +4 -4
- data/lib/puppet/pops/parser/lexer2.rb +2 -7
- data/lib/puppet/pops/parser/locator.rb +87 -107
- data/lib/puppet/pops/parser/parser_support.rb +2 -11
- data/lib/puppet/pops/parser/pn_parser.rb +16 -17
- data/lib/puppet/pops/pcore.rb +19 -8
- data/lib/puppet/pops/puppet_stack.rb +48 -51
- data/lib/puppet/pops/resource/resource_type_impl.rb +0 -2
- data/lib/puppet/pops/serialization.rb +3 -2
- data/lib/puppet/pops/serialization/from_data_converter.rb +4 -3
- data/lib/puppet/pops/serialization/to_data_converter.rb +3 -3
- data/lib/puppet/pops/serialization/to_stringified_converter.rb +226 -0
- data/lib/puppet/pops/types/iterable.rb +8 -34
- data/lib/puppet/pops/types/p_binary_type.rb +1 -2
- data/lib/puppet/pops/types/p_meta_type.rb +1 -1
- data/lib/puppet/pops/types/p_object_type.rb +3 -0
- data/lib/puppet/pops/types/p_sensitive_type.rb +1 -1
- data/lib/puppet/pops/types/p_timespan_type.rb +2 -2
- data/lib/puppet/pops/types/p_type_set_type.rb +0 -4
- data/lib/puppet/pops/types/string_converter.rb +12 -21
- data/lib/puppet/pops/types/type_calculator.rb +0 -24
- data/lib/puppet/pops/types/type_factory.rb +17 -0
- data/lib/puppet/pops/types/type_mismatch_describer.rb +1 -1
- data/lib/puppet/pops/types/types.rb +7 -32
- data/lib/puppet/pops/validation/checker4_0.rb +23 -33
- data/lib/puppet/pops/validation/tasks_checker.rb +47 -6
- data/lib/puppet/pops/validation/validator_factory_4_0.rb +7 -10
- data/lib/puppet/property.rb +1 -1
- data/lib/puppet/property/ensure.rb +1 -1
- data/lib/puppet/provider.rb +14 -2
- data/lib/puppet/provider/exec.rb +58 -59
- data/lib/puppet/provider/file/posix.rb +0 -5
- data/lib/puppet/provider/file/windows.rb +2 -50
- data/lib/puppet/provider/group/aix.rb +2 -18
- data/lib/puppet/provider/group/groupadd.rb +19 -19
- data/lib/puppet/provider/group/windows_adsi.rb +4 -11
- data/lib/puppet/provider/nameservice.rb +28 -11
- data/lib/puppet/provider/nameservice/directoryservice.rb +1 -1
- data/lib/puppet/provider/nameservice/pw.rb +2 -2
- data/lib/puppet/provider/package.rb +0 -2
- data/lib/puppet/provider/package/aix.rb +2 -17
- data/lib/puppet/provider/package/apt.rb +3 -14
- data/lib/puppet/provider/package/dnf.rb +3 -3
- data/lib/puppet/provider/package/dpkg.rb +7 -18
- data/lib/puppet/provider/package/fink.rb +3 -20
- data/lib/puppet/provider/package/gem.rb +43 -105
- data/lib/puppet/provider/package/openbsd.rb +2 -14
- data/lib/puppet/provider/package/pip.rb +108 -160
- data/lib/puppet/provider/package/pip3.rb +1 -1
- data/lib/puppet/provider/package/pkg.rb +5 -18
- data/lib/puppet/provider/package/pkgdmg.rb +1 -1
- data/lib/puppet/provider/package/pkgng.rb +4 -16
- data/lib/puppet/provider/package/portage.rb +6 -6
- data/lib/puppet/provider/package/puppet_gem.rb +2 -7
- data/lib/puppet/provider/package/rpm.rb +33 -82
- data/lib/puppet/provider/package/windows.rb +2 -6
- data/lib/puppet/provider/package/windows/exe_package.rb +10 -16
- data/lib/puppet/provider/package/windows/msi_package.rb +0 -8
- data/lib/puppet/provider/package/windows/package.rb +2 -10
- data/lib/puppet/provider/package/yum.rb +25 -37
- data/lib/puppet/provider/package/zypper.rb +0 -1
- data/lib/puppet/provider/parsedfile.rb +5 -26
- data/lib/puppet/provider/service/base.rb +1 -1
- data/lib/puppet/provider/service/daemontools.rb +9 -9
- data/lib/puppet/provider/service/debian.rb +1 -0
- data/lib/puppet/provider/service/launchd.rb +8 -39
- data/lib/puppet/provider/service/openbsd.rb +1 -1
- data/lib/puppet/provider/service/rcng.rb +2 -2
- data/lib/puppet/provider/service/runit.rb +8 -2
- data/lib/puppet/provider/service/smf.rb +0 -54
- data/lib/puppet/provider/service/systemd.rb +24 -35
- data/lib/puppet/provider/service/upstart.rb +1 -3
- data/lib/puppet/provider/service/windows.rb +3 -23
- data/lib/puppet/provider/user/aix.rb +2 -48
- data/lib/puppet/provider/user/directoryservice.rb +8 -45
- data/lib/puppet/provider/user/hpux.rb +1 -1
- data/lib/puppet/provider/user/pw.rb +3 -12
- data/lib/puppet/provider/user/user_role_add.rb +1 -5
- data/lib/puppet/provider/user/useradd.rb +44 -74
- data/lib/puppet/provider/user/windows_adsi.rb +0 -7
- data/lib/puppet/reference/indirection.rb +2 -2
- data/lib/puppet/reference/metaparameter.rb +3 -1
- data/lib/puppet/reference/providers.rb +1 -1
- data/lib/puppet/reference/type.rb +9 -3
- data/lib/puppet/reports.rb +3 -3
- data/lib/puppet/resource.rb +22 -22
- data/lib/puppet/resource/catalog.rb +8 -14
- data/lib/puppet/resource/type.rb +1 -10
- data/lib/puppet/rest/client.rb +83 -0
- data/lib/puppet/rest/errors.rb +14 -0
- data/lib/puppet/rest/response.rb +34 -0
- data/lib/puppet/rest/route.rb +84 -0
- data/lib/puppet/rest/routes.rb +154 -0
- data/lib/puppet/rest/ssl_context.rb +13 -0
- data/lib/puppet/settings.rb +9 -54
- data/lib/puppet/settings/config_file.rb +1 -2
- data/lib/puppet/settings/environment_conf.rb +0 -1
- data/lib/puppet/settings/file_setting.rb +1 -1
- data/lib/puppet/settings/server_list_setting.rb +0 -9
- data/lib/puppet/ssl.rb +0 -1
- data/lib/puppet/ssl/base.rb +1 -9
- data/lib/puppet/ssl/certificate.rb +7 -4
- data/lib/puppet/ssl/certificate_request.rb +6 -14
- data/lib/puppet/ssl/certificate_request_attributes.rb +1 -1
- data/lib/puppet/ssl/host.rb +400 -174
- data/lib/puppet/ssl/key.rb +1 -5
- data/lib/puppet/ssl/oids.rb +3 -3
- data/lib/puppet/ssl/validator/default_validator.rb +33 -49
- data/lib/puppet/test/test_helper.rb +12 -18
- data/lib/puppet/transaction.rb +7 -12
- data/lib/puppet/transaction/event.rb +37 -14
- data/lib/puppet/transaction/event_manager.rb +3 -11
- data/lib/puppet/transaction/persistence.rb +1 -1
- data/lib/puppet/transaction/report.rb +1 -1
- data/lib/puppet/transaction/resource_harness.rb +2 -5
- data/lib/puppet/type.rb +7 -10
- data/lib/puppet/type/exec.rb +16 -50
- data/lib/puppet/type/file.rb +7 -16
- data/lib/puppet/type/file/content.rb +2 -3
- data/lib/puppet/type/file/data_sync.rb +1 -5
- data/lib/puppet/type/file/mode.rb +2 -7
- data/lib/puppet/type/file/source.rb +2 -1
- data/lib/puppet/type/filebucket.rb +8 -12
- data/lib/puppet/type/group.rb +3 -33
- data/lib/puppet/type/notify.rb +2 -3
- data/lib/puppet/type/package.rb +18 -154
- data/lib/puppet/type/resources.rb +2 -12
- data/lib/puppet/type/schedule.rb +34 -96
- data/lib/puppet/type/service.rb +10 -9
- data/lib/puppet/type/tidy.rb +1 -1
- data/lib/puppet/type/user.rb +30 -14
- data/lib/puppet/util.rb +28 -52
- data/lib/puppet/util/autoload.rb +62 -56
- data/lib/puppet/util/character_encoding.rb +0 -22
- data/lib/puppet/util/classgen.rb +0 -6
- data/lib/puppet/util/command_line.rb +4 -7
- data/lib/puppet/util/command_line/trollop.rb +1 -1
- data/lib/puppet/util/connection.rb +74 -0
- data/lib/puppet/util/execution.rb +7 -22
- data/lib/puppet/util/feature.rb +63 -41
- data/lib/puppet/util/fileparsing.rb +27 -5
- data/lib/puppet/util/filetype.rb +8 -56
- data/lib/puppet/util/http_proxy.rb +18 -27
- data/lib/puppet/util/instance_loader.rb +3 -21
- data/lib/puppet/util/json.rb +0 -8
- data/lib/puppet/util/ldap/connection.rb +7 -7
- data/lib/puppet/util/log.rb +3 -8
- data/lib/puppet/util/log/destinations.rb +13 -5
- data/lib/puppet/util/logging.rb +19 -31
- data/lib/puppet/util/metric.rb +2 -2
- data/lib/puppet/util/monkey_patches.rb +1 -1
- data/lib/puppet/util/network_device/base.rb +1 -1
- data/lib/puppet/util/pidlock.rb +3 -23
- data/lib/puppet/util/platform.rb +3 -0
- data/lib/puppet/util/plist.rb +0 -6
- data/lib/puppet/util/posix.rb +0 -15
- data/lib/puppet/util/provider_features.rb +6 -7
- data/lib/puppet/util/rdoc.rb +2 -2
- data/lib/puppet/util/rdoc/parser/puppet_parser_core.rb +1 -1
- data/lib/puppet/util/reference.rb +8 -7
- data/lib/puppet/util/resource_template.rb +1 -1
- data/lib/puppet/util/rubygems.rb +1 -13
- data/lib/puppet/util/run_mode.rb +1 -1
- data/lib/puppet/util/selinux.rb +3 -9
- data/lib/puppet/util/ssl.rb +40 -1
- data/lib/puppet/util/storage.rb +1 -13
- data/lib/puppet/util/suidmanager.rb +7 -5
- data/lib/puppet/util/tag_set.rb +1 -1
- data/lib/puppet/util/tagging.rb +1 -1
- data/lib/puppet/util/windows.rb +15 -0
- data/lib/puppet/util/windows/adsi.rb +7 -116
- data/lib/puppet/util/windows/api_types.rb +33 -46
- data/lib/puppet/util/windows/eventlog.rb +6 -1
- data/lib/puppet/util/windows/principal.rb +6 -8
- data/lib/puppet/util/windows/process.rb +3 -94
- data/lib/puppet/util/windows/registry.rb +14 -46
- data/lib/puppet/util/windows/security.rb +2 -40
- data/lib/puppet/util/windows/service.rb +72 -431
- data/lib/puppet/util/windows/sid.rb +3 -4
- data/lib/puppet/util/windows/user.rb +9 -17
- data/lib/puppet/util/yaml.rb +41 -5
- data/lib/puppet/vendor.rb +1 -1
- data/lib/puppet/version.rb +1 -1
- data/lib/puppet_pal.rb +246 -23
- data/locales/ja/puppet.po +11128 -0
- data/locales/puppet.pot +1321 -2527
- data/man/man5/puppet.conf.5 +31 -191
- data/man/man8/puppet-agent.8 +2 -2
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +3 -3
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +19 -23
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +1 -1
- data/man/man8/puppet-filebucket.8 +2 -21
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-key.8 +1 -7
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-man.8 +1 -1
- data/man/man8/puppet-module.8 +10 -100
- data/man/man8/puppet-node.8 +4 -7
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +28 -0
- data/man/man8/puppet-status.8 +1 -1
- data/man/man8/puppet.8 +12 -3
- data/spec/fixtures/unit/functions/hiera/hiera/backend/hieraspec_backend.rb +22 -0
- data/spec/fixtures/unit/functions/lookup/hiera/backend/custom_backend.rb +18 -0
- data/spec/fixtures/unit/functions/lookup/hiera/backend/other_backend.rb +7 -0
- data/spec/fixtures/unit/pops/loaders/loaders/dependent_modules_with_metadata/modules/user/manifests/init.pp +6 -6
- data/spec/fixtures/unit/provider/package/pkgng/pkg.info +0 -1
- data/spec/fixtures/unit/provider/package/pkgng/pkg.version +0 -2
- data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services +0 -9
- data/spec/integration/agent/logging_spec.rb +9 -7
- data/spec/integration/application/apply_spec.rb +31 -26
- data/spec/integration/application/doc_spec.rb +2 -1
- data/spec/integration/application/lookup_spec.rb +5 -5
- data/spec/integration/configurer_spec.rb +8 -76
- data/spec/integration/data_binding_spec.rb +1 -1
- data/spec/integration/defaults_spec.rb +13 -16
- data/spec/integration/directory_environments_spec.rb +1 -1
- data/spec/integration/faces/config_spec.rb +4 -3
- data/spec/integration/faces/documentation_spec.rb +1 -0
- data/spec/integration/faces/plugin_spec.rb +49 -29
- data/spec/integration/file_bucket/file_spec.rb +4 -19
- data/spec/integration/file_serving/content_spec.rb +1 -0
- data/spec/integration/file_serving/fileset_spec.rb +1 -0
- data/spec/integration/file_serving/metadata_spec.rb +1 -0
- data/spec/integration/file_serving/terminus_helper_spec.rb +1 -0
- data/spec/integration/file_system/uniquefile_spec.rb +26 -29
- data/spec/integration/indirector/catalog/compiler_spec.rb +11 -10
- data/spec/integration/indirector/direct_file_server_spec.rb +1 -1
- data/spec/integration/indirector/facts/facter_spec.rb +8 -22
- data/spec/integration/indirector/file_content/file_server_spec.rb +8 -7
- data/spec/integration/indirector/file_metadata/file_server_spec.rb +8 -7
- data/spec/integration/network/authconfig_spec.rb +24 -23
- data/spec/integration/network/formats_spec.rb +1 -0
- data/spec/integration/network/http/api/indirected_routes_spec.rb +6 -34
- data/spec/integration/node/environment_spec.rb +2 -1
- data/spec/integration/node/facts_spec.rb +10 -9
- data/spec/integration/node_spec.rb +7 -10
- data/spec/integration/parser/catalog_spec.rb +8 -6
- data/spec/integration/parser/collection_spec.rb +9 -4
- data/spec/integration/parser/compiler_spec.rb +7 -25
- data/spec/integration/parser/scope_spec.rb +1 -1
- data/spec/integration/parser/undef_param_spec.rb +1 -1
- data/spec/integration/provider/service/init_spec.rb +9 -6
- data/spec/integration/provider/service/systemd_spec.rb +14 -11
- data/spec/integration/provider/service/windows_spec.rb +11 -8
- data/spec/integration/reference/providers_spec.rb +7 -0
- data/spec/integration/reports_spec.rb +2 -1
- data/spec/integration/resource/catalog_spec.rb +17 -14
- data/spec/integration/resource/type_collection_spec.rb +5 -4
- data/spec/integration/ssl/certificate_request_spec.rb +1 -2
- data/spec/integration/ssl/host_spec.rb +17 -24
- data/spec/integration/ssl/key_spec.rb +7 -2
- data/spec/integration/test/test_helper_spec.rb +32 -0
- data/spec/integration/transaction/report_spec.rb +14 -9
- data/spec/integration/type/exec_spec.rb +2 -1
- data/spec/integration/type/file_spec.rb +38 -46
- data/spec/integration/type/package_spec.rb +25 -21
- data/spec/integration/type/tidy_spec.rb +2 -1
- data/spec/integration/type_spec.rb +1 -0
- data/spec/integration/util/autoload_spec.rb +11 -7
- data/spec/integration/util/execution_spec.rb +5 -32
- data/spec/integration/util/rdoc/parser_spec.rb +14 -23
- data/spec/integration/util/settings_spec.rb +2 -1
- data/spec/integration/util/windows/adsi_spec.rb +8 -11
- data/spec/integration/util/windows/principal_spec.rb +2 -1
- data/spec/integration/util/windows/process_spec.rb +9 -7
- data/spec/integration/util/windows/registry_spec.rb +46 -127
- data/spec/integration/util/windows/security_spec.rb +15 -16
- data/spec/integration/util/windows/user_spec.rb +29 -66
- data/spec/integration/util_spec.rb +10 -7
- data/spec/lib/matchers/json.rb +12 -18
- data/{lib/puppet/ssl → spec/lib/puppet}/certificate_factory.rb +5 -6
- data/spec/lib/puppet/test_ca.rb +109 -0
- data/spec/lib/puppet_spec/compiler.rb +28 -1
- data/spec/lib/puppet_spec/files.rb +29 -23
- data/spec/lib/puppet_spec/module_tool/shared_functions.rb +1 -1
- data/spec/lib/puppet_spec/modules.rb +11 -1
- data/spec/lib/puppet_spec/scope.rb +2 -1
- data/spec/lib/puppet_spec/ssl.rb +265 -0
- data/spec/lib/puppet_spec/validators.rb +37 -0
- data/spec/shared_behaviours/all_parsedfile_providers.rb +1 -1
- data/spec/shared_behaviours/file_server_terminus.rb +9 -8
- data/spec/shared_behaviours/file_serving.rb +8 -6
- data/spec/shared_behaviours/file_serving_model.rb +5 -22
- data/spec/shared_behaviours/hiera_indirections.rb +4 -3
- data/spec/shared_behaviours/iterative_functions.rb +1 -0
- data/spec/shared_behaviours/memory_terminus.rb +2 -2
- data/spec/shared_behaviours/path_parameters.rb +1 -1
- data/spec/shared_contexts/types_setup.rb +0 -2
- data/spec/shared_examples/rhel_package_provider.rb +70 -112
- data/spec/spec_helper.rb +1 -15
- data/spec/unit/agent/disabler_spec.rb +5 -4
- data/spec/unit/agent/locker_spec.rb +13 -12
- data/spec/unit/agent_spec.rb +102 -105
- data/spec/unit/application/agent_spec.rb +95 -114
- data/spec/unit/application/apply_spec.rb +92 -119
- data/spec/unit/application/config_spec.rb +1 -0
- data/spec/unit/application/describe_spec.rb +7 -6
- data/spec/unit/application/device_spec.rb +180 -181
- data/spec/unit/application/doc_spec.rb +46 -44
- data/spec/unit/application/face_base_spec.rb +62 -61
- data/spec/unit/application/facts_spec.rb +4 -3
- data/spec/unit/application/filebucket_spec.rb +74 -66
- data/spec/unit/application/indirection_base_spec.rb +6 -8
- data/spec/unit/application/lookup_spec.rb +44 -37
- data/spec/unit/application/resource_spec.rb +48 -42
- data/spec/unit/application/ssl_spec.rb +322 -0
- data/spec/unit/application_spec.rb +108 -90
- data/spec/unit/capability_spec.rb +15 -16
- data/spec/unit/{ssl/certificate_factory_spec.rb → certificate_factory_spec.rb} +13 -20
- data/spec/unit/configurer/downloader_spec.rb +22 -31
- data/spec/unit/configurer/fact_handler_spec.rb +7 -2
- data/spec/unit/configurer/plugin_handler_spec.rb +8 -41
- data/spec/unit/configurer_spec.rb +475 -520
- data/spec/unit/confine/exists_spec.rb +15 -17
- data/spec/unit/confine/false_spec.rb +6 -32
- data/spec/unit/confine/feature_spec.rb +5 -7
- data/spec/unit/confine/true_spec.rb +6 -32
- data/spec/unit/confine/variable_spec.rb +15 -14
- data/spec/unit/confine_collection_spec.rb +29 -28
- data/spec/unit/confine_spec.rb +14 -13
- data/spec/unit/confiner_spec.rb +11 -10
- data/spec/unit/context/trusted_information_spec.rb +4 -3
- data/spec/unit/daemon_spec.rb +38 -35
- data/spec/unit/data_providers/function_data_provider_spec.rb +1 -0
- data/spec/unit/data_providers/hiera_data_provider_spec.rb +1 -0
- data/spec/unit/datatypes_spec.rb +4 -3
- data/spec/unit/defaults_spec.rb +61 -32
- data/spec/unit/environments_spec.rb +7 -7
- data/spec/unit/etc_spec.rb +29 -52
- data/spec/unit/external/pson_spec.rb +1 -0
- data/spec/unit/face/catalog_spec.rb +1 -0
- data/spec/unit/face/config_spec.rb +35 -31
- data/spec/unit/face/epp_face_spec.rb +4 -3
- data/spec/unit/face/facts_spec.rb +6 -14
- data/spec/unit/face/generate_spec.rb +5 -4
- data/spec/unit/face/help_spec.rb +8 -7
- data/spec/unit/face/key_spec.rb +1 -0
- data/spec/unit/face/man_spec.rb +2 -1
- data/spec/unit/face/module/install_spec.rb +5 -3
- data/spec/unit/face/module/list_spec.rb +12 -62
- data/spec/unit/face/module/search_spec.rb +9 -11
- data/spec/unit/face/module/uninstall_spec.rb +8 -4
- data/spec/unit/face/node_spec.rb +30 -52
- data/spec/unit/face/parser_spec.rb +3 -3
- data/spec/unit/face/plugin_spec.rb +9 -44
- data/spec/unit/face/status_spec.rb +1 -0
- data/spec/unit/file_bucket/dipper_spec.rb +24 -28
- data/spec/unit/file_bucket/file_spec.rb +2 -0
- data/spec/unit/file_serving/base_spec.rb +18 -20
- data/spec/unit/file_serving/configuration/parser_spec.rb +28 -27
- data/spec/unit/file_serving/configuration_spec.rb +66 -63
- data/spec/unit/file_serving/content_spec.rb +11 -10
- data/spec/unit/file_serving/fileset_spec.rb +58 -63
- data/spec/unit/file_serving/http_metadata_spec.rb +7 -8
- data/spec/unit/file_serving/metadata_spec.rb +40 -40
- data/spec/unit/file_serving/mount/file_spec.rb +32 -31
- data/spec/unit/file_serving/mount/locales_spec.rb +26 -25
- data/spec/unit/file_serving/mount/modules_spec.rb +15 -14
- data/spec/unit/file_serving/mount/pluginfacts_spec.rb +26 -25
- data/spec/unit/file_serving/mount/plugins_spec.rb +26 -25
- data/spec/unit/file_serving/mount/tasks_spec.rb +15 -14
- data/spec/unit/file_serving/mount_spec.rb +1 -0
- data/spec/unit/file_serving/terminus_helper_spec.rb +42 -37
- data/spec/unit/file_serving/terminus_selector_spec.rb +13 -12
- data/spec/unit/file_system/path_pattern_spec.rb +1 -1
- data/spec/unit/file_system/uniquefile_spec.rb +6 -17
- data/spec/unit/file_system_spec.rb +9 -6
- data/spec/unit/forge/errors_spec.rb +1 -1
- data/spec/unit/forge/forge_spec.rb +16 -15
- data/spec/unit/forge/module_release_spec.rb +18 -18
- data/spec/unit/forge/repository_spec.rb +30 -27
- data/spec/unit/forge_spec.rb +11 -15
- data/spec/unit/functions/abs_spec.rb +70 -0
- data/spec/unit/functions/binary_file_spec.rb +3 -3
- data/spec/unit/functions/call_spec.rb +59 -5
- data/spec/unit/functions/camelcase_spec.rb +34 -0
- data/spec/unit/functions/capitalize_spec.rb +34 -0
- data/spec/unit/functions/ceiling_spec.rb +65 -0
- data/spec/unit/functions/chomp_spec.rb +46 -0
- data/spec/unit/functions/chop_spec.rb +38 -0
- data/spec/unit/functions/compare_spec.rb +147 -0
- data/spec/unit/functions/contain_spec.rb +2 -0
- data/spec/unit/functions/convert_to_spec.rb +3 -0
- data/spec/unit/functions/defined_spec.rb +1 -0
- data/spec/unit/functions/downcase_spec.rb +34 -0
- data/spec/unit/functions/epp_spec.rb +2 -2
- data/spec/unit/functions/filter_spec.rb +4 -4
- data/spec/unit/functions/find_file_spec.rb +7 -7
- data/spec/unit/functions/floor_spec.rb +65 -0
- data/spec/unit/functions/get_spec.rb +135 -0
- data/spec/unit/functions/getvar_spec.rb +121 -0
- data/spec/unit/functions/hiera_spec.rb +14 -48
- data/spec/unit/functions/include_spec.rb +4 -0
- data/spec/unit/functions/lookup_fixture_spec.rb +1 -0
- data/spec/unit/functions/lookup_spec.rb +37 -62
- data/spec/unit/functions/lstrip_spec.rb +30 -0
- data/spec/unit/functions/match_spec.rb +3 -4
- data/spec/unit/functions/max_spec.rb +129 -0
- data/spec/unit/functions/min_spec.rb +129 -0
- data/spec/unit/functions/module_directory_spec.rb +12 -12
- data/spec/unit/functions/new_spec.rb +0 -15
- data/spec/unit/functions/regsubst_spec.rb +3 -4
- data/spec/unit/functions/require_spec.rb +3 -0
- data/spec/unit/functions/round_spec.rb +41 -0
- data/spec/unit/functions/rstrip_spec.rb +30 -0
- data/spec/unit/functions/shared.rb +8 -5
- data/spec/unit/functions/size_spec.rb +50 -0
- data/spec/unit/functions/sort_spec.rb +79 -0
- data/spec/unit/functions/split_spec.rb +3 -4
- data/spec/unit/functions/strip_spec.rb +30 -0
- data/spec/unit/functions/upcase_spec.rb +34 -0
- data/spec/unit/functions/versioncmp_spec.rb +4 -4
- data/spec/unit/functions4_spec.rb +78 -51
- data/spec/unit/gettext/config_spec.rb +4 -4
- data/spec/unit/gettext/module_loading_spec.rb +7 -7
- data/spec/unit/graph/rb_tree_map_spec.rb +2 -0
- data/spec/unit/graph/relationship_graph_spec.rb +2 -1
- data/spec/unit/graph/simple_graph_spec.rb +52 -11
- data/spec/unit/hiera/scope_spec.rb +0 -7
- data/spec/unit/hiera_puppet_spec.rb +20 -20
- data/spec/unit/indirector/catalog/compiler_spec.rb +166 -183
- data/spec/unit/indirector/catalog/json_spec.rb +2 -1
- data/spec/unit/indirector/catalog/msgpack_spec.rb +1 -0
- data/spec/unit/indirector/catalog/rest_spec.rb +1 -0
- data/spec/unit/indirector/catalog/store_configs_spec.rb +1 -0
- data/spec/unit/indirector/catalog/yaml_spec.rb +1 -0
- data/spec/unit/indirector/certificate/file_spec.rb +1 -8
- data/spec/unit/indirector/certificate/rest_spec.rb +10 -8
- data/spec/unit/indirector/certificate_request/file_spec.rb +1 -0
- data/spec/unit/indirector/certificate_request/rest_spec.rb +1 -0
- data/spec/unit/indirector/direct_file_server_spec.rb +49 -57
- data/spec/unit/indirector/envelope_spec.rb +2 -1
- data/spec/unit/indirector/exec_spec.rb +31 -26
- data/spec/unit/indirector/face_spec.rb +9 -9
- data/spec/unit/indirector/facts/facter_spec.rb +43 -37
- data/spec/unit/indirector/facts/network_device_spec.rb +9 -8
- data/spec/unit/indirector/facts/rest_spec.rb +8 -7
- data/spec/unit/indirector/facts/store_configs_spec.rb +1 -0
- data/spec/unit/indirector/facts/yaml_spec.rb +90 -77
- data/spec/unit/indirector/file_bucket_file/file_spec.rb +13 -9
- data/spec/unit/indirector/file_bucket_file/rest_spec.rb +1 -0
- data/spec/unit/indirector/file_bucket_file/selector_spec.rb +5 -4
- data/spec/unit/indirector/file_content/file_server_spec.rb +1 -0
- data/spec/unit/indirector/file_content/file_spec.rb +1 -0
- data/spec/unit/indirector/file_content/rest_spec.rb +1 -0
- data/spec/unit/indirector/file_content/selector_spec.rb +1 -0
- data/spec/unit/indirector/file_metadata/file_server_spec.rb +1 -0
- data/spec/unit/indirector/file_metadata/file_spec.rb +13 -12
- data/spec/unit/indirector/file_metadata/rest_spec.rb +1 -0
- data/spec/unit/indirector/file_metadata/selector_spec.rb +1 -0
- data/spec/unit/indirector/file_server_spec.rb +145 -145
- data/spec/unit/indirector/indirection_spec.rb +226 -249
- data/spec/unit/indirector/json_spec.rb +9 -7
- data/spec/unit/indirector/key/file_spec.rb +22 -38
- data/spec/unit/indirector/memory_spec.rb +7 -6
- data/spec/unit/indirector/msgpack_spec.rb +9 -7
- data/spec/unit/indirector/node/exec_spec.rb +43 -22
- data/spec/unit/indirector/node/memory_spec.rb +4 -2
- data/spec/unit/indirector/node/msgpack_spec.rb +1 -0
- data/spec/unit/indirector/node/plain_spec.rb +4 -2
- data/spec/unit/indirector/node/rest_spec.rb +1 -0
- data/spec/unit/indirector/node/store_configs_spec.rb +1 -0
- data/spec/unit/indirector/node/yaml_spec.rb +1 -0
- data/spec/unit/indirector/none_spec.rb +5 -5
- data/spec/unit/indirector/plain_spec.rb +8 -7
- data/spec/unit/indirector/report/msgpack_spec.rb +1 -0
- data/spec/unit/indirector/report/processor_spec.rb +22 -21
- data/spec/unit/indirector/report/rest_spec.rb +12 -11
- data/spec/unit/indirector/report/yaml_spec.rb +1 -0
- data/spec/unit/indirector/request_spec.rb +18 -15
- data/spec/unit/indirector/resource/ral_spec.rb +55 -47
- data/spec/unit/indirector/resource/store_configs_spec.rb +1 -0
- data/spec/unit/indirector/rest_spec.rb +110 -113
- data/spec/unit/indirector/ssl_file_spec.rb +100 -119
- data/spec/unit/indirector/status/local_spec.rb +1 -0
- data/spec/unit/indirector/status/rest_spec.rb +1 -0
- data/spec/unit/indirector/store_configs_spec.rb +1 -0
- data/spec/unit/indirector/terminus_spec.rb +30 -32
- data/spec/unit/indirector/yaml_spec.rb +90 -68
- data/spec/unit/indirector_spec.rb +2 -1
- data/spec/unit/info_service_spec.rb +144 -10
- data/spec/unit/interface/action_builder_spec.rb +1 -0
- data/spec/unit/interface/action_manager_spec.rb +1 -0
- data/spec/unit/interface/action_spec.rb +3 -2
- data/spec/unit/interface/documentation_spec.rb +1 -0
- data/spec/unit/interface/face_collection_spec.rb +12 -19
- data/spec/unit/interface_spec.rb +3 -3
- data/spec/unit/man_spec.rb +4 -3
- data/spec/unit/module_spec.rb +52 -102
- data/spec/unit/module_tool/applications/installer_spec.rb +13 -12
- data/spec/unit/module_tool/applications/searcher_spec.rb +3 -3
- data/spec/unit/module_tool/applications/uninstaller_spec.rb +2 -1
- data/spec/unit/module_tool/applications/unpacker_spec.rb +13 -13
- data/spec/unit/module_tool/applications/upgrader_spec.rb +6 -6
- data/spec/unit/module_tool/install_directory_spec.rb +8 -8
- data/spec/unit/module_tool/installed_modules_spec.rb +3 -3
- data/spec/unit/module_tool/tar/gnu_spec.rb +6 -6
- data/spec/unit/module_tool/tar/mini_spec.rb +12 -12
- data/spec/unit/module_tool/tar_spec.rb +13 -12
- data/spec/unit/module_tool_spec.rb +12 -29
- data/spec/unit/network/auth_config_parser_spec.rb +13 -11
- data/spec/unit/network/authconfig_spec.rb +18 -17
- data/spec/unit/network/authorization_spec.rb +5 -4
- data/spec/unit/network/authstore_spec.rb +1 -0
- data/spec/unit/network/format_handler_spec.rb +1 -0
- data/spec/unit/network/format_spec.rb +10 -9
- data/spec/unit/network/format_support_spec.rb +29 -28
- data/spec/unit/network/formats_spec.rb +31 -4
- data/spec/unit/network/http/api/indirected_routes_spec.rb +41 -51
- data/spec/unit/network/http/api/master/v3/authorization_spec.rb +7 -9
- data/spec/unit/network/http/api/master/v3/environment_spec.rb +1 -2
- data/spec/unit/network/http/api/master/v3/environments_spec.rb +7 -6
- data/spec/unit/network/http/api_spec.rb +2 -26
- data/spec/unit/network/http/compression_spec.rb +28 -24
- data/spec/unit/network/http/connection_spec.rb +122 -72
- data/spec/unit/network/http/factory_spec.rb +11 -40
- data/spec/unit/network/http/handler_spec.rb +18 -9
- data/spec/unit/network/http/nocache_pool_spec.rb +7 -6
- data/spec/unit/network/http/pool_spec.rb +29 -60
- data/spec/unit/network/http/request_spec.rb +2 -0
- data/spec/unit/network/http/response_spec.rb +13 -11
- data/spec/unit/network/http/route_spec.rb +1 -0
- data/spec/unit/network/http/session_spec.rb +2 -1
- data/spec/unit/network/http/site_spec.rb +1 -0
- data/spec/unit/network/http_pool_spec.rb +9 -18
- data/spec/unit/network/http_spec.rb +1 -0
- data/spec/unit/network/resolver_spec.rb +104 -28
- data/spec/unit/network/rights_spec.rb +53 -52
- data/spec/unit/node/environment_spec.rb +17 -18
- data/spec/unit/node/facts_spec.rb +21 -6
- data/spec/unit/node_spec.rb +23 -17
- data/spec/unit/other/selinux_spec.rb +1 -71
- data/spec/unit/parameter/boolean_spec.rb +2 -1
- data/spec/unit/parameter/package_options_spec.rb +2 -1
- data/spec/unit/parameter/path_spec.rb +1 -0
- data/spec/unit/parameter/value_collection_spec.rb +1 -0
- data/spec/unit/parameter/value_spec.rb +1 -0
- data/spec/unit/parameter_spec.rb +9 -9
- data/spec/unit/parser/ast/block_expression_spec.rb +8 -6
- data/spec/unit/parser/ast/leaf_spec.rb +21 -20
- data/spec/unit/parser/compiler_spec.rb +96 -84
- data/spec/unit/parser/environment_compiler_spec.rb +16 -23
- data/spec/unit/parser/files_spec.rb +1 -0
- data/spec/unit/parser/functions/create_resources_spec.rb +1 -1
- data/spec/unit/parser/functions/digest_spec.rb +1 -4
- data/spec/unit/parser/functions/fail_spec.rb +2 -5
- data/spec/unit/parser/functions/file_spec.rb +14 -17
- data/spec/unit/parser/functions/fqdn_rand_spec.rb +6 -5
- data/spec/unit/parser/functions/generate_spec.rb +37 -38
- data/spec/unit/parser/functions/inline_template_spec.rb +1 -4
- data/spec/unit/parser/functions/regsubst_spec.rb +1 -4
- data/spec/unit/parser/functions/scanf_spec.rb +1 -4
- data/spec/unit/parser/functions/shellquote_spec.rb +1 -0
- data/spec/unit/parser/functions/split_spec.rb +1 -4
- data/spec/unit/parser/functions/sprintf_spec.rb +1 -4
- data/spec/unit/parser/functions/tag_spec.rb +2 -5
- data/spec/unit/parser/functions/tagged_spec.rb +3 -6
- data/spec/unit/parser/functions/template_spec.rb +13 -17
- data/spec/unit/parser/functions/versioncmp_spec.rb +2 -5
- data/spec/unit/parser/functions_spec.rb +29 -3
- data/spec/unit/parser/relationship_spec.rb +1 -0
- data/spec/unit/parser/resource/param_spec.rb +1 -1
- data/spec/unit/parser/resource_spec.rb +42 -42
- data/spec/unit/parser/scope_spec.rb +35 -39
- data/spec/unit/parser/templatewrapper_spec.rb +12 -11
- data/spec/unit/parser/type_loader_spec.rb +19 -17
- data/spec/unit/pops/adaptable_spec.rb +1 -0
- data/spec/unit/pops/benchmark_spec.rb +1 -0
- data/spec/unit/pops/evaluator/access_ops_spec.rb +1 -0
- data/spec/unit/pops/evaluator/arithmetic_ops_spec.rb +11 -0
- data/spec/unit/pops/evaluator/basic_expressions_spec.rb +1 -0
- data/spec/unit/pops/evaluator/collections_ops_spec.rb +1 -0
- data/spec/unit/pops/evaluator/comparison_ops_spec.rb +1 -0
- data/spec/unit/pops/evaluator/conditionals_spec.rb +1 -0
- data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +78 -18
- data/spec/unit/pops/evaluator/logical_ops_spec.rb +1 -0
- data/spec/unit/pops/evaluator/runtime3_converter_spec.rb +5 -4
- data/spec/unit/pops/evaluator/string_interpolation_spec.rb +1 -0
- data/spec/unit/pops/evaluator/variables_spec.rb +1 -0
- data/spec/unit/pops/factory_spec.rb +4 -3
- data/spec/unit/pops/issues_spec.rb +20 -19
- data/spec/unit/pops/loaders/dependency_loader_spec.rb +2 -2
- data/spec/unit/pops/loaders/loader_spec.rb +12 -36
- data/spec/unit/pops/loaders/loaders_spec.rb +57 -54
- data/spec/unit/pops/loaders/module_loaders_spec.rb +35 -3
- data/spec/unit/pops/loaders/static_loader_spec.rb +0 -36
- data/spec/unit/pops/lookup/context_spec.rb +1 -0
- data/spec/unit/pops/lookup/interpolation_spec.rb +3 -2
- data/spec/unit/pops/merge_strategy_spec.rb +1 -0
- data/spec/unit/pops/migration_spec.rb +5 -3
- data/spec/unit/pops/model/model_spec.rb +1 -0
- data/spec/unit/pops/model/pn_transformer_spec.rb +1 -0
- data/spec/unit/pops/parser/lexer2_spec.rb +60 -21
- data/spec/unit/pops/parser/locator_spec.rb +6 -48
- data/spec/unit/pops/parser/parse_application_spec.rb +1 -0
- data/spec/unit/pops/parser/parse_basic_expressions_spec.rb +1 -0
- data/spec/unit/pops/parser/parse_calls_spec.rb +1 -0
- data/spec/unit/pops/parser/parse_capabilities_spec.rb +1 -0
- data/spec/unit/pops/parser/parse_conditionals_spec.rb +1 -0
- data/spec/unit/pops/parser/parse_containers_spec.rb +1 -0
- data/spec/unit/pops/parser/parse_heredoc_spec.rb +12 -124
- data/spec/unit/pops/parser/parse_plan_spec.rb +1 -0
- data/spec/unit/pops/parser/parse_resource_spec.rb +1 -0
- data/spec/unit/pops/parser/parse_site_spec.rb +1 -0
- data/spec/unit/pops/parser/pn_parser_spec.rb +1 -0
- data/spec/unit/pops/pn_spec.rb +1 -0
- data/spec/unit/pops/resource/resource_type_impl_spec.rb +1 -0
- data/spec/unit/pops/serialization/serialization_spec.rb +7 -5
- data/spec/unit/pops/serialization/to_from_hr_spec.rb +29 -4
- data/spec/unit/pops/serialization/to_stringified_spec.rb +157 -0
- data/spec/unit/pops/types/deferred_spec.rb +87 -0
- data/spec/unit/pops/types/p_object_type_spec.rb +20 -0
- data/spec/unit/pops/types/p_timespan_type_spec.rb +0 -22
- data/spec/unit/pops/types/p_timestamp_type_spec.rb +0 -19
- data/spec/unit/pops/types/recursion_guard_spec.rb +10 -10
- data/spec/unit/pops/types/ruby_generator_spec.rb +2 -2
- data/spec/unit/pops/types/string_converter_spec.rb +11 -22
- data/spec/unit/pops/types/task_spec.rb +148 -16
- data/spec/unit/pops/types/type_asserter_spec.rb +2 -2
- data/spec/unit/pops/types/type_calculator_spec.rb +36 -36
- data/spec/unit/pops/types/type_mismatch_describer_spec.rb +0 -9
- data/spec/unit/pops/types/type_parser_spec.rb +13 -13
- data/spec/unit/pops/types/types_spec.rb +12 -6
- data/spec/unit/pops/validator/validator_spec.rb +162 -82
- data/spec/unit/pops/visitor_spec.rb +1 -0
- data/spec/unit/property/boolean_spec.rb +1 -1
- data/spec/unit/property/ensure_spec.rb +1 -0
- data/spec/unit/property/keyvalue_spec.rb +34 -32
- data/spec/unit/property/list_spec.rb +27 -26
- data/spec/unit/property/ordered_list_spec.rb +14 -10
- data/spec/unit/property_spec.rb +53 -43
- data/spec/unit/provider/aix_object_spec.rb +45 -47
- data/spec/unit/provider/command_spec.rb +9 -9
- data/spec/unit/provider/exec/posix_spec.rb +9 -8
- data/spec/unit/provider/exec/shell_spec.rb +3 -1
- data/spec/unit/provider/exec/windows_spec.rb +6 -4
- data/spec/unit/provider/exec_spec.rb +1 -209
- data/spec/unit/provider/file/posix_spec.rb +24 -22
- data/spec/unit/provider/file/windows_spec.rb +19 -17
- data/spec/unit/provider/group/aix_spec.rb +7 -22
- data/spec/unit/provider/group/groupadd_spec.rb +27 -60
- data/spec/unit/provider/group/ldap_spec.rb +36 -33
- data/spec/unit/provider/group/pw_spec.rb +18 -15
- data/spec/unit/provider/group/windows_adsi_spec.rb +80 -128
- data/spec/unit/provider/ldap_spec.rb +62 -61
- data/spec/unit/provider/nameservice/directoryservice_spec.rb +109 -102
- data/spec/unit/provider/nameservice_spec.rb +41 -39
- data/spec/unit/provider/package/aix_spec.rb +22 -48
- data/spec/unit/provider/package/appdmg_spec.rb +13 -13
- data/spec/unit/provider/package/apt_spec.rb +35 -60
- data/spec/unit/provider/package/aptitude_spec.rb +7 -7
- data/spec/unit/provider/package/aptrpm_spec.rb +13 -8
- data/spec/unit/provider/package/base_spec.rb +4 -4
- data/spec/unit/provider/package/dnf_spec.rb +23 -34
- data/spec/unit/provider/package/dpkg_spec.rb +72 -114
- data/spec/unit/provider/package/freebsd_spec.rb +18 -15
- data/spec/unit/provider/package/gem_spec.rb +86 -163
- data/spec/unit/provider/package/hpux_spec.rb +18 -15
- data/spec/unit/provider/package/macports_spec.rb +54 -56
- data/spec/unit/provider/package/nim_spec.rb +49 -33
- data/spec/unit/provider/package/openbsd_spec.rb +49 -60
- data/spec/unit/provider/package/opkg_spec.rb +26 -23
- data/spec/unit/provider/package/pacman_spec.rb +118 -97
- data/spec/unit/provider/package/pip3_spec.rb +6 -20
- data/spec/unit/provider/package/pip_spec.rb +129 -185
- data/spec/unit/provider/package/pkg_spec.rb +119 -129
- data/spec/unit/provider/package/pkgdmg_spec.rb +63 -65
- data/spec/unit/provider/package/pkgin_spec.rb +23 -20
- data/spec/unit/provider/package/pkgng_spec.rb +35 -67
- data/spec/unit/provider/package/pkgutil_spec.rb +49 -45
- data/spec/unit/provider/package/portage_spec.rb +76 -72
- data/spec/unit/provider/package/puppet_gem_spec.rb +21 -45
- data/spec/unit/provider/package/rpm_spec.rb +79 -291
- data/spec/unit/provider/package/sun_spec.rb +18 -16
- data/spec/unit/provider/package/tdnf_spec.rb +12 -9
- data/spec/unit/provider/package/up2date_spec.rb +4 -2
- data/spec/unit/provider/package/urpmi_spec.rb +17 -15
- data/spec/unit/provider/package/windows/exe_package_spec.rb +18 -15
- data/spec/unit/provider/package/windows/msi_package_spec.rb +23 -20
- data/spec/unit/provider/package/windows/package_spec.rb +43 -38
- data/spec/unit/provider/package/windows_spec.rb +36 -51
- data/spec/unit/provider/package/yum_spec.rb +24 -128
- data/spec/unit/provider/package/zypper_spec.rb +106 -117
- data/spec/unit/provider/parsedfile_spec.rb +45 -44
- data/spec/unit/provider/service/base_spec.rb +6 -5
- data/spec/unit/provider/service/bsd_spec.rb +54 -47
- data/spec/unit/provider/service/daemontools_spec.rb +53 -70
- data/spec/unit/provider/service/debian_spec.rb +58 -46
- data/spec/unit/provider/service/freebsd_spec.rb +23 -20
- data/spec/unit/provider/service/gentoo_spec.rb +81 -74
- data/spec/unit/provider/service/init_spec.rb +66 -65
- data/spec/unit/provider/service/launchd_spec.rb +114 -181
- data/spec/unit/provider/service/openbsd_spec.rb +94 -87
- data/spec/unit/provider/service/openrc_spec.rb +74 -70
- data/spec/unit/provider/service/openwrt_spec.rb +38 -30
- data/spec/unit/provider/service/rcng_spec.rb +24 -19
- data/spec/unit/provider/service/redhat_spec.rb +60 -60
- data/spec/unit/provider/service/runit_spec.rb +44 -61
- data/spec/unit/provider/service/smf_spec.rb +74 -143
- data/spec/unit/provider/service/src_spec.rb +69 -60
- data/spec/unit/provider/service/systemd_spec.rb +160 -222
- data/spec/unit/provider/service/upstart_spec.rb +99 -83
- data/spec/unit/provider/service/windows_spec.rb +42 -84
- data/spec/unit/provider/user/aix_spec.rb +24 -65
- data/spec/unit/provider/user/directoryservice_spec.rb +114 -187
- data/spec/unit/provider/user/hpux_spec.rb +21 -17
- data/spec/unit/provider/user/ldap_spec.rb +83 -80
- data/spec/unit/provider/user/openbsd_spec.rb +12 -11
- data/spec/unit/provider/user/pw_spec.rb +44 -80
- data/spec/unit/provider/user/user_role_add_spec.rb +94 -94
- data/spec/unit/provider/user/useradd_spec.rb +100 -208
- data/spec/unit/provider/user/windows_adsi_spec.rb +63 -62
- data/spec/unit/provider_spec.rb +189 -41
- data/spec/unit/puppet_pal_2pec.rb +26 -12
- data/spec/unit/puppet_pal_catalog_spec.rb +801 -0
- data/spec/unit/puppet_pal_spec.rb +2 -8
- data/spec/unit/puppet_spec.rb +7 -27
- data/spec/unit/relationship_spec.rb +1 -0
- data/spec/unit/reports/http_spec.rb +23 -21
- data/spec/unit/reports/store_spec.rb +4 -3
- data/spec/unit/reports_spec.rb +14 -12
- data/spec/unit/resource/capability_finder_spec.rb +26 -29
- data/spec/unit/resource/catalog_spec.rb +77 -81
- data/spec/unit/resource/status_spec.rb +8 -6
- data/spec/unit/resource/type_collection_spec.rb +18 -17
- data/spec/unit/resource/type_spec.rb +35 -34
- data/spec/unit/resource_spec.rb +79 -67
- data/spec/unit/rest/client_spec.rb +135 -0
- data/spec/unit/rest/route_spec.rb +132 -0
- data/spec/unit/scheduler/job_spec.rb +1 -0
- data/spec/unit/scheduler/scheduler_spec.rb +1 -0
- data/spec/unit/scheduler/splay_job_spec.rb +2 -1
- data/spec/unit/settings/array_setting_spec.rb +1 -1
- data/spec/unit/settings/autosign_setting_spec.rb +9 -9
- data/spec/unit/settings/certificate_revocation_setting_spec.rb +1 -1
- data/spec/unit/settings/config_file_spec.rb +10 -0
- data/spec/unit/settings/directory_setting_spec.rb +7 -2
- data/spec/unit/settings/duration_setting_spec.rb +2 -1
- data/spec/unit/settings/enum_setting_spec.rb +1 -1
- data/spec/unit/settings/environment_conf_spec.rb +6 -4
- data/spec/unit/settings/file_setting_spec.rb +50 -46
- data/spec/unit/settings/ini_file_spec.rb +2 -4
- data/spec/unit/settings/path_setting_spec.rb +3 -2
- data/spec/unit/settings/priority_setting_spec.rb +2 -1
- data/spec/unit/settings/string_setting_spec.rb +15 -14
- data/spec/unit/settings/terminus_setting_spec.rb +2 -1
- data/spec/unit/settings/value_translator_spec.rb +1 -0
- data/spec/unit/settings_spec.rb +226 -253
- data/spec/unit/ssl/base_spec.rb +15 -14
- data/spec/unit/ssl/certificate_request_attributes_spec.rb +22 -8
- data/spec/unit/ssl/certificate_request_spec.rb +63 -92
- data/spec/unit/ssl/certificate_spec.rb +29 -37
- data/spec/unit/ssl/digest_spec.rb +1 -0
- data/spec/unit/ssl/host_spec.rb +305 -685
- data/spec/unit/ssl/key_spec.rb +34 -46
- data/spec/unit/ssl/validator_spec.rb +70 -203
- data/spec/unit/task_spec.rb +172 -26
- data/spec/unit/transaction/additional_resource_generator_spec.rb +68 -67
- data/spec/unit/transaction/event_manager_spec.rb +84 -95
- data/spec/unit/transaction/event_spec.rb +15 -16
- data/spec/unit/transaction/persistence_spec.rb +18 -17
- data/spec/unit/transaction/report_spec.rb +24 -18
- data/spec/unit/transaction/resource_harness_spec.rb +33 -72
- data/spec/unit/transaction_spec.rb +106 -176
- data/spec/unit/type/component_spec.rb +1 -0
- data/spec/unit/type/exec_spec.rb +66 -120
- data/spec/unit/type/file/checksum_spec.rb +11 -10
- data/spec/unit/type/file/checksum_value_spec.rb +32 -31
- data/spec/unit/type/file/content_spec.rb +62 -65
- data/spec/unit/type/file/ctime_spec.rb +1 -0
- data/spec/unit/type/file/ensure_spec.rb +13 -12
- data/spec/unit/type/file/group_spec.rb +7 -5
- data/spec/unit/type/file/mode_spec.rb +6 -4
- data/spec/unit/type/file/mtime_spec.rb +1 -0
- data/spec/unit/type/file/owner_spec.rb +8 -6
- data/spec/unit/type/file/selinux_spec.rb +19 -17
- data/spec/unit/type/file/source_spec.rb +110 -113
- data/spec/unit/type/file/type_spec.rb +1 -0
- data/spec/unit/type/file_spec.rb +190 -204
- data/spec/unit/type/filebucket_spec.rb +10 -11
- data/spec/unit/type/group_spec.rb +9 -15
- data/spec/unit/type/noop_metaparam_spec.rb +2 -1
- data/spec/unit/type/package/package_settings_spec.rb +23 -44
- data/spec/unit/type/package_spec.rb +64 -61
- data/spec/unit/type/resources_spec.rb +101 -103
- data/spec/unit/type/schedule_spec.rb +28 -28
- data/spec/unit/type/service_spec.rb +85 -76
- data/spec/unit/type/stage_spec.rb +1 -0
- data/spec/unit/type/tidy_spec.rb +63 -62
- data/spec/unit/type/user_spec.rb +26 -147
- data/spec/unit/type/whit_spec.rb +1 -0
- data/spec/unit/type_spec.rb +164 -125
- data/spec/unit/util/at_fork_spec.rb +19 -18
- data/spec/unit/util/autoload_spec.rb +122 -93
- data/spec/unit/util/backups_spec.rb +35 -34
- data/spec/unit/util/character_encoding_spec.rb +5 -48
- data/spec/unit/util/checksums_spec.rb +39 -38
- data/spec/unit/util/colors_spec.rb +2 -1
- data/spec/unit/util/command_line_spec.rb +20 -40
- data/spec/unit/util/constant_inflector_spec.rb +1 -0
- data/spec/unit/util/diff_spec.rb +8 -7
- data/spec/unit/util/errors_spec.rb +1 -0
- data/spec/unit/util/execution_spec.rb +167 -285
- data/spec/unit/util/execution_stub_spec.rb +3 -2
- data/spec/unit/util/feature_spec.rb +46 -28
- data/spec/unit/util/filetype_spec.rb +53 -61
- data/spec/unit/util/http_proxy_spec.rb +13 -133
- data/spec/unit/util/inifile_spec.rb +31 -26
- data/spec/unit/util/json_lockfile_spec.rb +5 -3
- data/spec/unit/util/ldap/connection_spec.rb +25 -26
- data/spec/unit/util/ldap/generator_spec.rb +1 -0
- data/spec/unit/util/ldap/manager_spec.rb +102 -118
- data/spec/unit/util/lockfile_spec.rb +2 -1
- data/spec/unit/util/log/destinations_spec.rb +40 -23
- data/spec/unit/util/log_spec.rb +146 -48
- data/spec/unit/util/logging_spec.rb +114 -252
- data/spec/unit/util/metric_spec.rb +1 -0
- data/spec/unit/util/monkey_patches_spec.rb +12 -24
- data/spec/unit/util/multi_match_spec.rb +1 -0
- data/spec/unit/util/network_device/config_spec.rb +1 -0
- data/spec/unit/util/network_device/transport/base_spec.rb +6 -5
- data/spec/unit/util/network_device_spec.rb +9 -7
- data/spec/unit/util/package_spec.rb +1 -0
- data/spec/unit/util/pidlock_spec.rb +14 -86
- data/spec/unit/util/plist_spec.rb +33 -60
- data/spec/unit/util/posix_spec.rb +47 -78
- data/spec/unit/util/profiler/object_counts_spec.rb +2 -1
- data/spec/unit/util/rdoc_spec.rb +10 -9
- data/spec/unit/util/reference_spec.rb +1 -0
- data/spec/unit/util/resource_template_spec.rb +20 -20
- data/spec/unit/util/retry_action_spec.rb +8 -7
- data/spec/unit/util/rubygems_spec.rb +7 -41
- data/spec/unit/util/run_mode_spec.rb +11 -10
- data/spec/unit/util/selinux_spec.rb +73 -84
- data/spec/unit/util/splayer_spec.rb +9 -8
- data/spec/unit/util/ssl_spec.rb +1 -0
- data/spec/unit/util/storage_spec.rb +17 -111
- data/spec/unit/util/suidmanager_spec.rb +58 -47
- data/spec/unit/util/symbolic_file_mode_spec.rb +1 -0
- data/spec/unit/util/tag_set_spec.rb +9 -1
- data/spec/unit/util/tagging_spec.rb +12 -0
- data/spec/unit/util/terminal_spec.rb +10 -9
- data/spec/unit/util/user_attr_spec.rb +2 -1
- data/spec/unit/util/warnings_spec.rb +4 -3
- data/spec/unit/util/watcher/periodic_watcher_spec.rb +2 -2
- data/spec/unit/util/watcher_spec.rb +21 -51
- data/spec/unit/util/windows/access_control_entry_spec.rb +2 -1
- data/spec/unit/util/windows/access_control_list_spec.rb +2 -1
- data/spec/unit/util/windows/adsi_spec.rb +134 -278
- data/spec/unit/util/windows/api_types_spec.rb +42 -105
- data/spec/unit/util/windows/eventlog_spec.rb +13 -10
- data/spec/unit/util/windows/file_spec.rb +1 -0
- data/spec/unit/util/windows/root_certs_spec.rb +1 -0
- data/spec/unit/util/windows/security_descriptor_spec.rb +3 -1
- data/spec/unit/util/windows/service_spec.rb +180 -432
- data/spec/unit/util/windows/sid_spec.rb +17 -15
- data/spec/unit/util/windows/string_spec.rb +2 -1
- data/spec/unit/util/yaml_spec.rb +162 -28
- data/spec/unit/util_spec.rb +74 -119
- data/spec/unit/version_spec.rb +6 -6
- data/tasks/benchmark.rake +5 -1
- data/tasks/ci.rake +0 -5
- data/tasks/manpages.rake +9 -2
- data/tasks/parser.rake +11 -3
- metadata +162 -479
- data/CODEOWNERS +0 -30
- data/ext/rack/config.ru +0 -44
- data/ext/rack/example-passenger-vhost.conf +0 -57
- data/lib/puppet/application/ca.rb +0 -11
- data/lib/puppet/application/certificate.rb +0 -17
- data/lib/puppet/application/certificate_request.rb +0 -7
- data/lib/puppet/application/certificate_revocation_list.rb +0 -7
- data/lib/puppet/application/master.rb +0 -319
- data/lib/puppet/confine/boolean.rb +0 -45
- data/lib/puppet/external/nagios.rb +0 -46
- data/lib/puppet/external/nagios/base.rb +0 -472
- data/lib/puppet/external/nagios/grammar.ry +0 -248
- data/lib/puppet/external/nagios/makefile +0 -9
- data/lib/puppet/external/nagios/parser.rb +0 -400
- data/lib/puppet/face/ca.rb +0 -266
- data/lib/puppet/face/certificate.rb +0 -167
- data/lib/puppet/face/certificate_request.rb +0 -56
- data/lib/puppet/face/certificate_revocation_list.rb +0 -56
- data/lib/puppet/feature/rack.rb +0 -19
- data/lib/puppet/graph/random_prioritizer.rb +0 -16
- data/lib/puppet/graph/title_hash_prioritizer.rb +0 -16
- data/lib/puppet/indirector/certificate/ca.rb +0 -9
- data/lib/puppet/indirector/certificate/disabled_ca.rb +0 -22
- data/lib/puppet/indirector/certificate_request/ca.rb +0 -22
- data/lib/puppet/indirector/certificate_request/disabled_ca.rb +0 -22
- data/lib/puppet/indirector/certificate_revocation_list/ca.rb +0 -8
- data/lib/puppet/indirector/certificate_revocation_list/disabled_ca.rb +0 -22
- data/lib/puppet/indirector/certificate_revocation_list/file.rb +0 -8
- data/lib/puppet/indirector/certificate_revocation_list/rest.rb +0 -22
- data/lib/puppet/indirector/certificate_status.rb +0 -4
- data/lib/puppet/indirector/certificate_status/file.rb +0 -91
- data/lib/puppet/indirector/certificate_status/rest.rb +0 -11
- data/lib/puppet/indirector/key/ca.rb +0 -16
- data/lib/puppet/indirector/key/disabled_ca.rb +0 -22
- data/lib/puppet/indirector/ldap.rb +0 -86
- data/lib/puppet/indirector/node/ldap.rb +0 -275
- data/lib/puppet/indirector/node/write_only_yaml.rb +0 -39
- data/lib/puppet/module_tool/applications/builder.rb +0 -152
- data/lib/puppet/module_tool/skeleton/templates/generator/Gemfile +0 -18
- data/lib/puppet/module_tool/skeleton/templates/generator/README.md.erb +0 -89
- data/lib/puppet/module_tool/skeleton/templates/generator/Rakefile +0 -32
- data/lib/puppet/module_tool/skeleton/templates/generator/examples/init.pp.erb +0 -12
- data/lib/puppet/module_tool/skeleton/templates/generator/manifests/init.pp.erb +0 -48
- data/lib/puppet/module_tool/skeleton/templates/generator/metadata.json.erb +0 -1
- data/lib/puppet/module_tool/skeleton/templates/generator/spec/classes/init_spec.rb.erb +0 -6
- data/lib/puppet/module_tool/skeleton/templates/generator/spec/spec_helper.rb +0 -1
- data/lib/puppet/network/http/api/ca.rb +0 -2
- data/lib/puppet/network/http/api/ca/v1.rb +0 -11
- data/lib/puppet/network/http/rack.rb +0 -33
- data/lib/puppet/network/http/rack/rest.rb +0 -162
- data/lib/puppet/network/http/webrick.rb +0 -124
- data/lib/puppet/network/http/webrick/rest.rb +0 -114
- data/lib/puppet/network/server.rb +0 -39
- data/lib/puppet/provider/augeas/augeas.rb +0 -767
- data/lib/puppet/provider/cisco.rb +0 -9
- data/lib/puppet/provider/computer/computer.rb +0 -20
- data/lib/puppet/provider/cron/crontab.rb +0 -297
- data/lib/puppet/provider/host/parsed.rb +0 -46
- data/lib/puppet/provider/interface/cisco.rb +0 -27
- data/lib/puppet/provider/macauthorization/macauthorization.rb +0 -298
- data/lib/puppet/provider/mailalias/aliases.rb +0 -50
- data/lib/puppet/provider/maillist/mailman.rb +0 -108
- data/lib/puppet/provider/mcx/mcxcontent.rb +0 -173
- data/lib/puppet/provider/mount.rb +0 -76
- data/lib/puppet/provider/mount/parsed.rb +0 -285
- data/lib/puppet/provider/naginator.rb +0 -63
- data/lib/puppet/provider/package/dnfmodule.rb +0 -141
- data/lib/puppet/provider/package_targetable.rb +0 -69
- data/lib/puppet/provider/scheduled_task/win32_taskscheduler.rb +0 -590
- data/lib/puppet/provider/selboolean/getsetsebool.rb +0 -47
- data/lib/puppet/provider/selmodule/semodule.rb +0 -157
- data/lib/puppet/provider/ssh_authorized_key/parsed.rb +0 -105
- data/lib/puppet/provider/sshkey/parsed.rb +0 -50
- data/lib/puppet/provider/vlan/cisco.rb +0 -28
- data/lib/puppet/provider/yumrepo/inifile.rb +0 -315
- data/lib/puppet/provider/zfs/zfs.rb +0 -108
- data/lib/puppet/provider/zone/solaris.rb +0 -364
- data/lib/puppet/provider/zpool/zpool.rb +0 -125
- data/lib/puppet/ssl/certificate_authority.rb +0 -554
- data/lib/puppet/ssl/certificate_authority/autosign_command.rb +0 -45
- data/lib/puppet/ssl/certificate_authority/interface.rb +0 -324
- data/lib/puppet/ssl/certificate_revocation_list.rb +0 -111
- data/lib/puppet/ssl/configuration.rb +0 -61
- data/lib/puppet/ssl/inventory.rb +0 -55
- data/lib/puppet/type/augeas.rb +0 -211
- data/lib/puppet/type/computer.rb +0 -66
- data/lib/puppet/type/cron.rb +0 -480
- data/lib/puppet/type/host.rb +0 -95
- data/lib/puppet/type/interface.rb +0 -121
- data/lib/puppet/type/k5login.rb +0 -165
- data/lib/puppet/type/macauthorization.rb +0 -167
- data/lib/puppet/type/mailalias.rb +0 -46
- data/lib/puppet/type/maillist.rb +0 -62
- data/lib/puppet/type/mcx.rb +0 -98
- data/lib/puppet/type/mount.rb +0 -314
- data/lib/puppet/type/nagios_command.rb +0 -3
- data/lib/puppet/type/nagios_contact.rb +0 -3
- data/lib/puppet/type/nagios_contactgroup.rb +0 -3
- data/lib/puppet/type/nagios_host.rb +0 -3
- data/lib/puppet/type/nagios_hostdependency.rb +0 -3
- data/lib/puppet/type/nagios_hostescalation.rb +0 -3
- data/lib/puppet/type/nagios_hostextinfo.rb +0 -3
- data/lib/puppet/type/nagios_hostgroup.rb +0 -3
- data/lib/puppet/type/nagios_service.rb +0 -3
- data/lib/puppet/type/nagios_servicedependency.rb +0 -3
- data/lib/puppet/type/nagios_serviceescalation.rb +0 -3
- data/lib/puppet/type/nagios_serviceextinfo.rb +0 -3
- data/lib/puppet/type/nagios_servicegroup.rb +0 -3
- data/lib/puppet/type/nagios_timeperiod.rb +0 -3
- data/lib/puppet/type/router.rb +0 -17
- data/lib/puppet/type/scheduled_task.rb +0 -183
- data/lib/puppet/type/selboolean.rb +0 -40
- data/lib/puppet/type/selmodule.rb +0 -58
- data/lib/puppet/type/ssh_authorized_key.rb +0 -143
- data/lib/puppet/type/sshkey.rb +0 -83
- data/lib/puppet/type/vlan.rb +0 -26
- data/lib/puppet/type/yumrepo.rb +0 -430
- data/lib/puppet/type/zfs.rb +0 -154
- data/lib/puppet/type/zone.rb +0 -382
- data/lib/puppet/type/zpool.rb +0 -91
- data/lib/puppet/util/methodhelper.rb +0 -32
- data/lib/puppet/util/nagios_maker.rb +0 -85
- data/lib/puppet/util/network_device/cisco.rb +0 -4
- data/lib/puppet/util/network_device/cisco/device.rb +0 -285
- data/lib/puppet/util/network_device/cisco/facts.rb +0 -72
- data/lib/puppet/util/network_device/cisco/interface.rb +0 -94
- data/lib/puppet/util/network_device/ipcalc.rb +0 -68
- data/lib/puppet/util/network_device/transport/ssh.rb +0 -126
- data/lib/puppet/util/network_device/transport/telnet.rb +0 -47
- data/lib/puppet/util/windows/taskscheduler.rb +0 -1267
- data/lib/puppet/vendor/load_semantic.rb +0 -1
- data/lib/puppet/vendor/load_semantic_puppet.rb +0 -1
- data/lib/puppet/vendor/semantic/lib/semantic.rb +0 -5
- data/lib/puppet/vendor/semantic_puppet/lib/semantic_puppet.rb +0 -11
- data/lib/puppet/vendor/semantic_puppet/lib/semantic_puppet/dependency.rb +0 -181
- data/lib/puppet/vendor/semantic_puppet/lib/semantic_puppet/dependency/graph.rb +0 -60
- data/lib/puppet/vendor/semantic_puppet/lib/semantic_puppet/dependency/graph_node.rb +0 -117
- data/lib/puppet/vendor/semantic_puppet/lib/semantic_puppet/dependency/module_release.rb +0 -58
- data/lib/puppet/vendor/semantic_puppet/lib/semantic_puppet/dependency/source.rb +0 -25
- data/lib/puppet/vendor/semantic_puppet/lib/semantic_puppet/dependency/unsatisfiable_graph.rb +0 -31
- data/lib/puppet/vendor/semantic_puppet/lib/semantic_puppet/gem_version.rb +0 -3
- data/lib/puppet/vendor/semantic_puppet/lib/semantic_puppet/version.rb +0 -203
- data/lib/puppet/vendor/semantic_puppet/lib/semantic_puppet/version_range.rb +0 -758
- data/lib/puppet/vendor/semantic_puppet/locales/config.yaml +0 -21
- data/man/man8/puppet-ca.8 +0 -196
- data/man/man8/puppet-cert.8 +0 -118
- data/man/man8/puppet-certificate.8 +0 -240
- data/man/man8/puppet-certificate_request.8 +0 -161
- data/man/man8/puppet-certificate_revocation_list.8 +0 -139
- data/man/man8/puppet-master.8 +0 -85
- data/spec/fixtures/integration/provider/cron/crontab/create_normal_entry +0 -19
- data/spec/fixtures/integration/provider/cron/crontab/create_special_entry +0 -18
- data/spec/fixtures/integration/provider/cron/crontab/crontab_user1 +0 -15
- data/spec/fixtures/integration/provider/cron/crontab/crontab_user2 +0 -4
- data/spec/fixtures/integration/provider/cron/crontab/modify_entry +0 -13
- data/spec/fixtures/integration/provider/cron/crontab/moved_cronjob_input1 +0 -15
- data/spec/fixtures/integration/provider/cron/crontab/moved_cronjob_input2 +0 -6
- data/spec/fixtures/integration/provider/cron/crontab/purged +0 -8
- data/spec/fixtures/integration/provider/cron/crontab/remove_named_resource +0 -12
- data/spec/fixtures/integration/provider/cron/crontab/remove_unnamed_resource +0 -14
- data/spec/fixtures/integration/provider/cron/crontab/unspecialized +0 -15
- data/spec/fixtures/integration/provider/mailalias/aliases/test1 +0 -32
- data/spec/fixtures/integration/provider/sshkey/sample +0 -21
- data/spec/fixtures/unit/provider/augeas/augeas/augeas/lenses/test.aug +0 -13
- data/spec/fixtures/unit/provider/augeas/augeas/etc/fstab +0 -10
- data/spec/fixtures/unit/provider/augeas/augeas/etc/hosts +0 -6
- data/spec/fixtures/unit/provider/augeas/augeas/etc/test +0 -3
- data/spec/fixtures/unit/provider/augeas/augeas/test.aug +0 -13
- data/spec/fixtures/unit/provider/host/parsed/valid_hosts +0 -19
- data/spec/fixtures/unit/provider/mount/mount-output.aix.txt +0 -7
- data/spec/fixtures/unit/provider/mount/parsed/aix.filesystems +0 -152
- data/spec/fixtures/unit/provider/mount/parsed/aix.mount +0 -11
- data/spec/fixtures/unit/provider/mount/parsed/darwin.mount +0 -6
- data/spec/fixtures/unit/provider/mount/parsed/freebsd.fstab +0 -9
- data/spec/fixtures/unit/provider/mount/parsed/freebsd.mount +0 -4
- data/spec/fixtures/unit/provider/mount/parsed/hpux.mount +0 -17
- data/spec/fixtures/unit/provider/mount/parsed/linux.fstab +0 -12
- data/spec/fixtures/unit/provider/mount/parsed/linux.mount +0 -6
- data/spec/fixtures/unit/provider/mount/parsed/netbsd.fstab +0 -10
- data/spec/fixtures/unit/provider/mount/parsed/netbsd.mount +0 -9
- data/spec/fixtures/unit/provider/mount/parsed/openbsd.fstab +0 -5
- data/spec/fixtures/unit/provider/mount/parsed/openbsd.mount +0 -5
- data/spec/fixtures/unit/provider/mount/parsed/solaris.fstab +0 -11
- data/spec/fixtures/unit/provider/mount/parsed/solaris.mount +0 -6
- data/spec/fixtures/unit/provider/naginator/define_empty_param +0 -6
- data/spec/fixtures/unit/provider/package/dnfmodule/dnf-module-list.txt +0 -19
- data/spec/fixtures/unit/provider/package/yum/yum-check-update-subscription-manager.txt +0 -9
- data/spec/fixtures/unit/provider/service/smf/svcs_fmri.out +0 -6
- data/spec/fixtures/unit/provider/service/smf/svcs_multiple_fmris.out +0 -13
- data/spec/fixtures/unit/provider/ssh_authorized_key/parsed/authorized_keys +0 -7
- data/spec/fixtures/unit/provider/ssh_authorized_key/parsed/authorized_keys1 +0 -3
- data/spec/fixtures/unit/provider/ssh_authorized_key/parsed/authorized_keys2 +0 -1
- data/spec/fixtures/unit/provider/sshkey/parsed/sample +0 -21
- data/spec/fixtures/unit/provider/sshkey/parsed/sample_with_blank_lines +0 -8
- data/spec/fixtures/unit/provider/zfs/zfs/zfs-list.out +0 -2
- data/spec/fixtures/unit/provider/zpool/zpool/zpool-list.out +0 -2
- data/spec/integration/faces/ca_spec.rb +0 -353
- data/spec/integration/indirector/node/ldap_spec.rb +0 -13
- data/spec/integration/network/http_pool_spec.rb +0 -120
- data/spec/integration/provider/cron/crontab_spec.rb +0 -240
- data/spec/integration/provider/file/windows_spec.rb +0 -162
- data/spec/integration/provider/mailalias/aliases_spec.rb +0 -9
- data/spec/integration/provider/mount_spec.rb +0 -163
- data/spec/integration/provider/ssh_authorized_key_spec.rb +0 -217
- data/spec/integration/provider/sshkey_spec.rb +0 -153
- data/spec/integration/provider/yumrepo_spec.rb +0 -126
- data/spec/integration/ssl/autosign_spec.rb +0 -145
- data/spec/integration/ssl/certificate_authority_spec.rb +0 -161
- data/spec/integration/ssl/certificate_revocation_list_spec.rb +0 -33
- data/spec/integration/transaction_spec.rb +0 -553
- data/spec/integration/type/nagios_spec.rb +0 -69
- data/spec/integration/type/notify_spec.rb +0 -46
- data/spec/integration/type/user_spec.rb +0 -63
- data/spec/lib/puppet_spec/https.rb +0 -166
- data/spec/unit/application/cert_spec.rb +0 -272
- data/spec/unit/application/certificate_spec.rb +0 -21
- data/spec/unit/application/master_spec.rb +0 -414
- data/spec/unit/face/ca_spec.rb +0 -9
- data/spec/unit/face/certificate_request_spec.rb +0 -9
- data/spec/unit/face/certificate_revocation_list_spec.rb +0 -9
- data/spec/unit/face/certificate_spec.rb +0 -228
- data/spec/unit/face/module/build_spec.rb +0 -69
- data/spec/unit/graph/title_hash_prioritizer_spec.rb +0 -50
- data/spec/unit/indirector/certificate/ca_spec.rb +0 -21
- data/spec/unit/indirector/certificate/disabled_ca_spec.rb +0 -32
- data/spec/unit/indirector/certificate_request/ca_spec.rb +0 -56
- data/spec/unit/indirector/certificate_request/disabled_ca_spec.rb +0 -32
- data/spec/unit/indirector/certificate_revocation_list/ca_spec.rb +0 -15
- data/spec/unit/indirector/certificate_revocation_list/disabled_ca_spec.rb +0 -32
- data/spec/unit/indirector/certificate_revocation_list/file_spec.rb +0 -16
- data/spec/unit/indirector/certificate_revocation_list/rest_spec.rb +0 -33
- data/spec/unit/indirector/certificate_status/file_spec.rb +0 -190
- data/spec/unit/indirector/certificate_status/rest_spec.rb +0 -17
- data/spec/unit/indirector/code_spec.rb +0 -30
- data/spec/unit/indirector/key/ca_spec.rb +0 -22
- data/spec/unit/indirector/key/disabled_ca_spec.rb +0 -32
- data/spec/unit/indirector/ldap_spec.rb +0 -151
- data/spec/unit/indirector/node/ldap_spec.rb +0 -463
- data/spec/unit/indirector/node/write_only_yaml_spec.rb +0 -11
- data/spec/unit/module_tool/applications/builder_spec.rb +0 -439
- data/spec/unit/network/http/api/ca/v1_spec.rb +0 -26
- data/spec/unit/network/http/rack/rest_spec.rb +0 -322
- data/spec/unit/network/http/rack_spec.rb +0 -42
- data/spec/unit/network/http/webrick/rest_spec.rb +0 -230
- data/spec/unit/network/http/webrick_spec.rb +0 -277
- data/spec/unit/network/server_spec.rb +0 -94
- data/spec/unit/provider/augeas/augeas_spec.rb +0 -1096
- data/spec/unit/provider/cisco_spec.rb +0 -14
- data/spec/unit/provider/cron/crontab_spec.rb +0 -206
- data/spec/unit/provider/cron/parsed_spec.rb +0 -355
- data/spec/unit/provider/host/parsed_spec.rb +0 -219
- data/spec/unit/provider/interface/cisco_spec.rb +0 -53
- data/spec/unit/provider/macauthorization_spec.rb +0 -134
- data/spec/unit/provider/mcx/mcxcontent_spec.rb +0 -190
- data/spec/unit/provider/mount/parsed_spec.rb +0 -318
- data/spec/unit/provider/mount_spec.rb +0 -169
- data/spec/unit/provider/naginator_spec.rb +0 -78
- data/spec/unit/provider/network_device_spec.rb +0 -152
- data/spec/unit/provider/package/dnfmodule_spec.rb +0 -247
- data/spec/unit/provider/package_targetable_spec.rb +0 -60
- data/spec/unit/provider/scheduled_task/win32_taskscheduler_spec.rb +0 -2050
- data/spec/unit/provider/selboolean_spec.rb +0 -34
- data/spec/unit/provider/selmodule-example.pp +0 -0
- data/spec/unit/provider/selmodule_spec.rb +0 -154
- data/spec/unit/provider/ssh_authorized_key/parsed_spec.rb +0 -259
- data/spec/unit/provider/sshkey/parsed_spec.rb +0 -92
- data/spec/unit/provider/vlan/cisco_spec.rb +0 -53
- data/spec/unit/provider/yumrepo/inifile_spec.rb +0 -413
- data/spec/unit/provider/zfs/zfs_spec.rb +0 -171
- data/spec/unit/provider/zone/solaris_spec.rb +0 -261
- data/spec/unit/provider/zpool/zpool_spec.rb +0 -250
- data/spec/unit/settings/server_list_setting_spec.rb +0 -21
- data/spec/unit/ssl/certificate_authority/autosign_command_spec.rb +0 -29
- data/spec/unit/ssl/certificate_authority/interface_spec.rb +0 -563
- data/spec/unit/ssl/certificate_authority_spec.rb +0 -1165
- data/spec/unit/ssl/certificate_revocation_list_spec.rb +0 -196
- data/spec/unit/ssl/configuration_spec.rb +0 -138
- data/spec/unit/ssl/inventory_spec.rb +0 -155
- data/spec/unit/test/test_helper_spec.rb +0 -17
- data/spec/unit/type/augeas_spec.rb +0 -120
- data/spec/unit/type/computer_spec.rb +0 -77
- data/spec/unit/type/cron_spec.rb +0 -539
- data/spec/unit/type/host_spec.rb +0 -680
- data/spec/unit/type/interface_spec.rb +0 -128
- data/spec/unit/type/k5login_spec.rb +0 -204
- data/spec/unit/type/macauthorization_spec.rb +0 -111
- data/spec/unit/type/mailalias_spec.rb +0 -48
- data/spec/unit/type/maillist_spec.rb +0 -38
- data/spec/unit/type/mcx_spec.rb +0 -75
- data/spec/unit/type/mount_spec.rb +0 -622
- data/spec/unit/type/nagios_spec.rb +0 -312
- data/spec/unit/type/scheduled_task_spec.rb +0 -117
- data/spec/unit/type/selboolean_spec.rb +0 -41
- data/spec/unit/type/selmodule_spec.rb +0 -16
- data/spec/unit/type/ssh_authorized_key_spec.rb +0 -228
- data/spec/unit/type/sshkey_spec.rb +0 -75
- data/spec/unit/type/vlan_spec.rb +0 -42
- data/spec/unit/type/yumrepo_spec.rb +0 -476
- data/spec/unit/type/zfs_spec.rb +0 -45
- data/spec/unit/type/zone_spec.rb +0 -182
- data/spec/unit/type/zpool_spec.rb +0 -108
- data/spec/unit/util/nagios_maker_spec.rb +0 -121
- data/spec/unit/util/network_device/cisco/device_spec.rb +0 -491
- data/spec/unit/util/network_device/cisco/facts_spec.rb +0 -63
- data/spec/unit/util/network_device/cisco/interface_spec.rb +0 -97
- data/spec/unit/util/network_device/ipcalc_spec.rb +0 -61
- data/spec/unit/util/network_device/transport/ssh_spec.rb +0 -252
- data/spec/unit/util/network_device/transport/telnet_spec.rb +0 -90
data/lib/puppet/settings.rb
CHANGED
@@ -84,46 +84,6 @@ class Puppet::Settings
|
|
84
84
|
"puppet.conf"
|
85
85
|
end
|
86
86
|
|
87
|
-
def stringify_settings(section, settings = :all)
|
88
|
-
values_from_the_selected_section =
|
89
|
-
values(nil, section.to_sym)
|
90
|
-
|
91
|
-
loader_settings = {
|
92
|
-
:environmentpath => values_from_the_selected_section.interpolate(:environmentpath),
|
93
|
-
:basemodulepath => values_from_the_selected_section.interpolate(:basemodulepath),
|
94
|
-
}
|
95
|
-
|
96
|
-
Puppet.override(Puppet.base_context(loader_settings),
|
97
|
-
_("New environment loaders generated from the requested section.")) do
|
98
|
-
# And now we can lookup values that include those from environments configured from
|
99
|
-
# the requested section
|
100
|
-
values = values(Puppet[:environment].to_sym, section.to_sym)
|
101
|
-
|
102
|
-
to_be_rendered = {}
|
103
|
-
settings = Puppet.settings.to_a.collect(&:first) if settings == :all
|
104
|
-
settings.sort.each do |setting_name|
|
105
|
-
to_be_rendered[setting_name] = values.print(setting_name.to_sym)
|
106
|
-
end
|
107
|
-
|
108
|
-
stringifyhash(to_be_rendered)
|
109
|
-
end
|
110
|
-
end
|
111
|
-
|
112
|
-
def stringifyhash(hash)
|
113
|
-
newhash = {}
|
114
|
-
hash.each do |key, val|
|
115
|
-
key = key.to_s
|
116
|
-
if val.is_a? Hash
|
117
|
-
newhash[key] = stringifyhash(val)
|
118
|
-
elsif val.is_a? Symbol
|
119
|
-
newhash[key] = val.to_s
|
120
|
-
else
|
121
|
-
newhash[key] = val
|
122
|
-
end
|
123
|
-
end
|
124
|
-
newhash
|
125
|
-
end
|
126
|
-
|
127
87
|
# Create a new collection of config settings.
|
128
88
|
def initialize
|
129
89
|
@config = {}
|
@@ -295,7 +255,7 @@ class Puppet::Settings
|
|
295
255
|
@global_defaults_initialized
|
296
256
|
end
|
297
257
|
|
298
|
-
def initialize_global_settings(args = []
|
258
|
+
def initialize_global_settings(args = [])
|
299
259
|
raise Puppet::DevError, _("Attempting to initialize global default settings more than once!") if global_defaults_initialized?
|
300
260
|
|
301
261
|
# The first two phases of the lifecycle of a puppet application are:
|
@@ -304,7 +264,7 @@ class Puppet::Settings
|
|
304
264
|
# 2) Parse the puppet config file(s).
|
305
265
|
|
306
266
|
parse_global_options(args)
|
307
|
-
parse_config_files
|
267
|
+
parse_config_files
|
308
268
|
|
309
269
|
@global_defaults_initialized = true
|
310
270
|
end
|
@@ -630,19 +590,14 @@ class Puppet::Settings
|
|
630
590
|
end
|
631
591
|
|
632
592
|
# Parse the configuration file. Just provides thread safety.
|
633
|
-
def parse_config_files
|
593
|
+
def parse_config_files
|
634
594
|
file = which_configuration_file
|
635
595
|
if Puppet::FileSystem.exist?(file)
|
636
596
|
begin
|
637
597
|
text = read_file(file)
|
638
598
|
rescue => detail
|
639
|
-
|
640
|
-
|
641
|
-
Puppet.log_and_raise(detail, message)
|
642
|
-
else
|
643
|
-
Puppet.log_exception(detail, message)
|
644
|
-
return
|
645
|
-
end
|
599
|
+
Puppet.log_exception(detail, "Could not load #{file}: #{detail}")
|
600
|
+
return
|
646
601
|
end
|
647
602
|
else
|
648
603
|
return
|
@@ -1229,10 +1184,10 @@ Generated on #{Time.now}.
|
|
1229
1184
|
if !Puppet::FileSystem.symlink?(configured_environment_path)
|
1230
1185
|
parameters = { :ensure => 'directory' }
|
1231
1186
|
unless Puppet::FileSystem.exist?(configured_environment_path)
|
1232
|
-
parameters
|
1187
|
+
parameters.merge!(:mode => '0750')
|
1233
1188
|
if Puppet.features.root?
|
1234
|
-
parameters
|
1235
|
-
parameters
|
1189
|
+
parameters.merge!(:owner => Puppet[:user]) if service_user_available?
|
1190
|
+
parameters.merge!(:group => Puppet[:group]) if service_group_available?
|
1236
1191
|
end
|
1237
1192
|
end
|
1238
1193
|
catalog.add_resource(Puppet::Resource.new(:file, configured_environment_path, :parameters => parameters))
|
@@ -1242,7 +1197,7 @@ Generated on #{Time.now}.
|
|
1242
1197
|
|
1243
1198
|
def add_user_resources(catalog, sections)
|
1244
1199
|
return unless Puppet.features.root?
|
1245
|
-
return if Puppet.
|
1200
|
+
return if Puppet::Util::Platform.windows?
|
1246
1201
|
return unless self[:mkusers]
|
1247
1202
|
|
1248
1203
|
@config.each do |name, setting|
|
@@ -25,8 +25,7 @@ class Puppet::Settings::ConfigFile
|
|
25
25
|
allowed_section_names << 'main' unless allowed_section_names.include?('main')
|
26
26
|
end
|
27
27
|
|
28
|
-
|
29
|
-
ini = Puppet::Settings::IniFile.parse(StringIO.new(text).set_encoding(Encoding::UTF_8))
|
28
|
+
ini = Puppet::Settings::IniFile.parse(text.encode(Encoding::UTF_8))
|
30
29
|
unique_sections_in(ini, file, allowed_section_names).each do |section_name|
|
31
30
|
section = Section.new(section_name.to_sym)
|
32
31
|
result.with_section(section)
|
@@ -156,7 +156,7 @@ class Puppet::Settings::FileSetting < Puppet::Settings::StringSetting
|
|
156
156
|
end
|
157
157
|
|
158
158
|
# REMIND fails on Windows because chown/chgrp functionality not supported yet
|
159
|
-
if Puppet.features.root? and !Puppet.
|
159
|
+
if Puppet.features.root? and !Puppet::Util::Platform.windows?
|
160
160
|
resource[:owner] = self.owner if self.owner
|
161
161
|
resource[:group] = self.group if self.group
|
162
162
|
end
|
@@ -4,15 +4,6 @@ class Puppet::Settings::ServerListSetting < Puppet::Settings::ArraySetting
|
|
4
4
|
:server_list
|
5
5
|
end
|
6
6
|
|
7
|
-
def print(value)
|
8
|
-
if value.is_a?(Array)
|
9
|
-
#turn into a string
|
10
|
-
value.map {|item| item.join(":") }.join(",")
|
11
|
-
else
|
12
|
-
value
|
13
|
-
end
|
14
|
-
end
|
15
|
-
|
16
7
|
def munge(value)
|
17
8
|
servers = super
|
18
9
|
servers.map! { |server|
|
data/lib/puppet/ssl.rb
CHANGED
data/lib/puppet/ssl/base.rb
CHANGED
@@ -34,11 +34,6 @@ class Puppet::SSL::Base
|
|
34
34
|
|
35
35
|
attr_accessor :name, :content
|
36
36
|
|
37
|
-
# Is this file for the CA?
|
38
|
-
def ca?
|
39
|
-
name == Puppet::SSL::Host.ca_name
|
40
|
-
end
|
41
|
-
|
42
37
|
def generate
|
43
38
|
raise Puppet::DevError, _("%{class_name} did not override 'generate'") % { class_name: self.class }
|
44
39
|
end
|
@@ -86,18 +81,15 @@ class Puppet::SSL::Base
|
|
86
81
|
|
87
82
|
# Read content from disk appropriately.
|
88
83
|
def read(path)
|
89
|
-
# applies to Puppet::SSL::Certificate, Puppet::SSL::CertificateRequest
|
84
|
+
# applies to Puppet::SSL::Certificate, Puppet::SSL::CertificateRequest
|
90
85
|
# Puppet::SSL::Key uses this, but also provides its own override
|
91
86
|
# nothing derives from Puppet::SSL::Certificate, but it is called by a number of other SSL Indirectors:
|
92
|
-
# Puppet::SSL::Certificate::DisabledCa (:find, :save, :destroy)
|
93
87
|
# Puppet::Indirector::CertificateStatus::File (.indirection.find)
|
94
88
|
# Puppet::Network::HTTP::WEBrick (.indirection.find)
|
95
89
|
# Puppet::Network::HTTP::RackREST (.from_instance)
|
96
90
|
# Puppet::Network::HTTP::WEBrickREST (.from_instance)
|
97
|
-
# Puppet::SSL::CertificateAuthority (.new, .indirection.find, .indirection.save)
|
98
91
|
# Puppet::SSL::Host (.indirection.find)
|
99
92
|
# Puppet::SSL::Inventory (.indirection.search, implements its own add / rebuild / serials with encoding UTF8)
|
100
|
-
# Puppet::SSL::CertificateAuthority::Interface (.indirection.find)
|
101
93
|
# Puppet::SSL::Validator::DefaultValidator (.from_instance) / Puppet::SSL::Validator::NoValidator does nothing
|
102
94
|
@content = wrapped_class.new(Puppet::FileSystem.read(path, :encoding => Encoding::ASCII))
|
103
95
|
end
|
@@ -21,12 +21,16 @@ DOC
|
|
21
21
|
[:s]
|
22
22
|
end
|
23
23
|
|
24
|
-
def
|
25
|
-
alts =
|
24
|
+
def self.subject_alt_names_for(cert)
|
25
|
+
alts = cert.extensions.find{|ext| ext.oid == "subjectAltName"}
|
26
26
|
return [] unless alts
|
27
27
|
alts.value.split(/\s*,\s*/)
|
28
28
|
end
|
29
29
|
|
30
|
+
def subject_alt_names
|
31
|
+
self.class.subject_alt_names_for(content)
|
32
|
+
end
|
33
|
+
|
30
34
|
def expiration
|
31
35
|
return nil unless content
|
32
36
|
content.not_after
|
@@ -50,8 +54,7 @@ DOC
|
|
50
54
|
def custom_extensions
|
51
55
|
custom_exts = content.extensions.select do |ext|
|
52
56
|
Puppet::SSL::Oids.subtree_of?('ppRegCertExt', ext.oid) or
|
53
|
-
Puppet::SSL::Oids.subtree_of?('ppPrivCertExt', ext.oid)
|
54
|
-
Puppet::SSL::Oids.subtree_of?('ppAuthCertExt', ext.oid)
|
57
|
+
Puppet::SSL::Oids.subtree_of?('ppPrivCertExt', ext.oid)
|
55
58
|
end
|
56
59
|
|
57
60
|
custom_exts.map do |ext|
|
@@ -30,19 +30,7 @@ class Puppet::SSL::CertificateRequest < Puppet::SSL::Base
|
|
30
30
|
|
31
31
|
extend Puppet::Indirector
|
32
32
|
|
33
|
-
|
34
|
-
module AutoSigner
|
35
|
-
def save(instance, key = nil)
|
36
|
-
super
|
37
|
-
|
38
|
-
# Try to autosign the CSR.
|
39
|
-
if ca = Puppet::SSL::CertificateAuthority.instance
|
40
|
-
ca.autosign(instance)
|
41
|
-
end
|
42
|
-
end
|
43
|
-
end
|
44
|
-
|
45
|
-
indirects :certificate_request, :terminus_class => :file, :extend => AutoSigner, :doc => <<DOC
|
33
|
+
indirects :certificate_request, :terminus_class => :file, :doc => <<DOC
|
46
34
|
This indirection wraps an `OpenSSL::X509::Request` object, representing a certificate signing request (CSR).
|
47
35
|
The indirection key is the certificate CN (generally a hostname).
|
48
36
|
DOC
|
@@ -103,7 +91,11 @@ DOC
|
|
103
91
|
raise Puppet::Error, _("CSR sign verification failed; you need to clean the certificate request for %{name} on the server") % { name: name } unless csr.verify(key.public_key)
|
104
92
|
|
105
93
|
@content = csr
|
106
|
-
|
94
|
+
|
95
|
+
# we won't be able to get the digest on jruby
|
96
|
+
if @content.signature_algorithm
|
97
|
+
Puppet.info _("Certificate Request fingerprint (%{digest}): %{hex_digest}") % { digest: digest.name, hex_digest: digest.to_hex }
|
98
|
+
end
|
107
99
|
@content
|
108
100
|
end
|
109
101
|
|
@@ -21,7 +21,7 @@ class Puppet::SSL::CertificateRequestAttributes
|
|
21
21
|
def load
|
22
22
|
Puppet.info(_("csr_attributes file loading from %{path}") % { path: path })
|
23
23
|
if Puppet::FileSystem.exist?(path)
|
24
|
-
hash = Puppet::Util::Yaml.
|
24
|
+
hash = Puppet::Util::Yaml.safe_load_file(path, [Symbol]) || {}
|
25
25
|
if ! hash.is_a?(Hash)
|
26
26
|
raise Puppet::Error, _("invalid CSR attributes, expected instance of Hash, received instance of %{klass}") % { klass: hash.class }
|
27
27
|
end
|
data/lib/puppet/ssl/host.rb
CHANGED
@@ -1,10 +1,18 @@
|
|
1
|
-
require 'puppet/indirector'
|
2
1
|
require 'puppet/ssl'
|
3
2
|
require 'puppet/ssl/key'
|
4
3
|
require 'puppet/ssl/certificate'
|
5
4
|
require 'puppet/ssl/certificate_request'
|
6
|
-
require 'puppet/ssl/certificate_revocation_list'
|
7
5
|
require 'puppet/ssl/certificate_request_attributes'
|
6
|
+
require 'puppet/rest/errors'
|
7
|
+
require 'puppet/rest/routes'
|
8
|
+
require 'puppet/rest/ssl_context'
|
9
|
+
begin
|
10
|
+
# This may fail when being loaded from Puppet Server. However loading the
|
11
|
+
# client monkey patches the SSL Store and we need to have those monkey
|
12
|
+
# patches in as soon as possible on the agent.
|
13
|
+
require 'puppet/rest/client'
|
14
|
+
rescue LoadError
|
15
|
+
end
|
8
16
|
|
9
17
|
# The class that manages all aspects of our SSL certificates --
|
10
18
|
# private keys, public keys, requests, etc.
|
@@ -14,21 +22,10 @@ class Puppet::SSL::Host
|
|
14
22
|
CA_NAME = Puppet::SSL::CA_NAME
|
15
23
|
Certificate = Puppet::SSL::Certificate
|
16
24
|
CertificateRequest = Puppet::SSL::CertificateRequest
|
17
|
-
CertificateRevocationList = Puppet::SSL::CertificateRevocationList
|
18
|
-
|
19
|
-
extend Puppet::Indirector
|
20
|
-
indirects :certificate_status, :terminus_class => :file, :doc => <<DOC
|
21
|
-
This indirection represents the host that ties a key, certificate, and certificate request together.
|
22
|
-
The indirection key is the certificate CN (generally a hostname).
|
23
|
-
DOC
|
24
|
-
|
25
|
-
attr_reader :name
|
26
|
-
attr_accessor :ca
|
27
25
|
|
28
|
-
|
26
|
+
attr_reader :name, :crl_path
|
29
27
|
|
30
|
-
|
31
|
-
attr_accessor :desired_state
|
28
|
+
attr_writer :key, :certificate, :certificate_request, :crl_usage
|
32
29
|
|
33
30
|
def self.localhost
|
34
31
|
return @localhost if @localhost
|
@@ -42,28 +39,10 @@ DOC
|
|
42
39
|
@localhost = nil
|
43
40
|
end
|
44
41
|
|
45
|
-
# This is the constant that people will use to mark that a given host is
|
46
|
-
# a certificate authority.
|
47
|
-
def self.ca_name
|
48
|
-
CA_NAME
|
49
|
-
end
|
50
|
-
|
51
|
-
class << self
|
52
|
-
attr_reader :ca_location
|
53
|
-
end
|
54
|
-
|
55
42
|
# Configure how our various classes interact with their various terminuses.
|
56
43
|
def self.configure_indirection(terminus, cache = nil)
|
57
44
|
Certificate.indirection.terminus_class = terminus
|
58
45
|
CertificateRequest.indirection.terminus_class = terminus
|
59
|
-
CertificateRevocationList.indirection.terminus_class = terminus
|
60
|
-
|
61
|
-
host_map = {:ca => :file, :disabled_ca => nil, :file => nil, :rest => :rest}
|
62
|
-
if term = host_map[terminus]
|
63
|
-
self.indirection.terminus_class = term
|
64
|
-
else
|
65
|
-
self.indirection.reset_terminus_class
|
66
|
-
end
|
67
46
|
|
68
47
|
if cache
|
69
48
|
# This is weird; we don't actually cache our keys, we
|
@@ -77,7 +56,6 @@ DOC
|
|
77
56
|
if cache
|
78
57
|
Certificate.indirection.cache_class = cache
|
79
58
|
CertificateRequest.indirection.cache_class = cache
|
80
|
-
CertificateRevocationList.indirection.cache_class = cache
|
81
59
|
else
|
82
60
|
# Make sure we have no cache configured. puppet master
|
83
61
|
# switches the configurations around a bit, so it's important
|
@@ -85,39 +63,9 @@ DOC
|
|
85
63
|
# time.
|
86
64
|
Certificate.indirection.cache_class = nil
|
87
65
|
CertificateRequest.indirection.cache_class = nil
|
88
|
-
CertificateRevocationList.indirection.cache_class = nil
|
89
66
|
end
|
90
67
|
end
|
91
68
|
|
92
|
-
CA_MODES = {
|
93
|
-
# Our ca is local, so we use it as the ultimate source of information
|
94
|
-
# And we cache files locally.
|
95
|
-
:local => [:ca, :file],
|
96
|
-
# We're a remote CA client.
|
97
|
-
:remote => [:rest, :file],
|
98
|
-
# We are the CA, so we don't have read/write access to the normal certificates.
|
99
|
-
:only => [:ca],
|
100
|
-
# We have no CA, so we just look in the local file store.
|
101
|
-
:none => [:disabled_ca]
|
102
|
-
}
|
103
|
-
|
104
|
-
# Specify how we expect to interact with our certificate authority.
|
105
|
-
def self.ca_location=(mode)
|
106
|
-
modes = CA_MODES.collect { |m, vals| m.to_s }.join(", ")
|
107
|
-
raise ArgumentError, _("CA Mode can only be one of: %{modes}") % { modes: modes } unless CA_MODES.include?(mode)
|
108
|
-
|
109
|
-
@ca_location = mode
|
110
|
-
|
111
|
-
configure_indirection(*CA_MODES[@ca_location])
|
112
|
-
end
|
113
|
-
|
114
|
-
# Puppet::SSL::Host is actually indirected now so the original implementation
|
115
|
-
# has been moved into the certificate_status indirector. This method is in-use
|
116
|
-
# in `puppet cert -c <certname>`.
|
117
|
-
def self.destroy(name)
|
118
|
-
indirection.destroy(name)
|
119
|
-
end
|
120
|
-
|
121
69
|
def self.from_data_hash(data)
|
122
70
|
instance = new(data["name"])
|
123
71
|
if data["desired_state"]
|
@@ -126,18 +74,6 @@ DOC
|
|
126
74
|
instance
|
127
75
|
end
|
128
76
|
|
129
|
-
# Puppet::SSL::Host is actually indirected now so the original implementation
|
130
|
-
# has been moved into the certificate_status indirector. This method does not
|
131
|
-
# appear to be in use in `puppet cert -l`.
|
132
|
-
def self.search(options = {})
|
133
|
-
indirection.search("*", options)
|
134
|
-
end
|
135
|
-
|
136
|
-
# Is this a ca host, meaning that all of its files go in the CA location?
|
137
|
-
def ca?
|
138
|
-
ca
|
139
|
-
end
|
140
|
-
|
141
77
|
def key
|
142
78
|
@key ||= Key.indirection.find(name)
|
143
79
|
end
|
@@ -156,10 +92,6 @@ DOC
|
|
156
92
|
true
|
157
93
|
end
|
158
94
|
|
159
|
-
def certificate_request
|
160
|
-
@certificate_request ||= CertificateRequest.indirection.find(name)
|
161
|
-
end
|
162
|
-
|
163
95
|
# Our certificate request requires the key but that's all.
|
164
96
|
def generate_certificate_request(options = {})
|
165
97
|
generate_key unless key
|
@@ -169,8 +101,6 @@ DOC
|
|
169
101
|
# ...add our configured dns_alt_names
|
170
102
|
if Puppet[:dns_alt_names] and Puppet[:dns_alt_names] != ''
|
171
103
|
options[:dns_alt_names] ||= Puppet[:dns_alt_names]
|
172
|
-
elsif Puppet::SSL::CertificateAuthority.ca? and fqdn = Facter.value(:fqdn) and domain = Facter.value(:domain)
|
173
|
-
options[:dns_alt_names] = "puppet, #{fqdn}, puppet.#{domain}"
|
174
104
|
end
|
175
105
|
end
|
176
106
|
|
@@ -183,7 +113,8 @@ DOC
|
|
183
113
|
@certificate_request = CertificateRequest.new(name)
|
184
114
|
@certificate_request.generate(key.content, options)
|
185
115
|
begin
|
186
|
-
|
116
|
+
submit_certificate_request(@certificate_request)
|
117
|
+
save_certificate_request(@certificate_request)
|
187
118
|
rescue
|
188
119
|
@certificate_request = nil
|
189
120
|
raise
|
@@ -192,25 +123,38 @@ DOC
|
|
192
123
|
true
|
193
124
|
end
|
194
125
|
|
126
|
+
def http_client(ssl_context)
|
127
|
+
Puppet::Rest::Client.new(ssl_context: ssl_context)
|
128
|
+
end
|
129
|
+
|
195
130
|
def certificate
|
196
131
|
unless @certificate
|
197
132
|
generate_key unless key
|
198
133
|
|
199
134
|
# get the CA cert first, since it's required for the normal cert
|
200
|
-
# to be of any use.
|
201
|
-
|
202
|
-
|
135
|
+
# to be of any use. If we can't get it, quit.
|
136
|
+
if !ensure_ca_certificate
|
137
|
+
return nil
|
138
|
+
end
|
139
|
+
|
140
|
+
cert = get_host_certificate
|
141
|
+
return nil unless cert
|
203
142
|
|
204
|
-
validate_certificate_with_key
|
143
|
+
validate_certificate_with_key(cert)
|
144
|
+
@certificate = cert
|
205
145
|
end
|
206
146
|
@certificate
|
207
147
|
end
|
208
148
|
|
209
|
-
|
210
|
-
|
211
|
-
|
212
|
-
|
213
|
-
|
149
|
+
# Validate that our private key matches the specified certificate.
|
150
|
+
#
|
151
|
+
# @param [Puppet::SSL::Certificate] cert the certificate to check
|
152
|
+
# @raises [Puppet::Error] if the private key does not match
|
153
|
+
def validate_certificate_with_key(cert)
|
154
|
+
raise Puppet::Error, _("No certificate to validate.") unless cert
|
155
|
+
raise Puppet::Error, _("No private key with which to validate certificate with fingerprint: %{fingerprint}") % { fingerprint: cert.fingerprint } unless key
|
156
|
+
unless cert.content.check_private_key(key.content)
|
157
|
+
raise Puppet::Error, _(<<ERROR_STRING) % { fingerprint: cert.fingerprint, cert_name: Puppet[:certname], ssl_dir: Puppet[:ssldir], cert_dir: Puppet[:certdir].gsub('/', '\\') }
|
214
158
|
The certificate retrieved from the master does not match the agent's private key. Did you forget to run as root?
|
215
159
|
Certificate fingerprint: %{fingerprint}
|
216
160
|
To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certificate.
|
@@ -224,18 +168,93 @@ ERROR_STRING
|
|
224
168
|
end
|
225
169
|
end
|
226
170
|
|
171
|
+
def download_host_certificate
|
172
|
+
cert = download_certificate_from_ca(name)
|
173
|
+
return nil unless cert
|
174
|
+
|
175
|
+
validate_certificate_with_key(cert)
|
176
|
+
save_host_certificate(cert)
|
177
|
+
cert
|
178
|
+
end
|
179
|
+
|
180
|
+
# Search for an existing CSR for this host either cached on
|
181
|
+
# disk or stored by the CA. Returns nil if no request exists.
|
182
|
+
# @return [Puppet::SSL::CertificateRequest, nil]
|
183
|
+
def certificate_request
|
184
|
+
unless @certificate_request
|
185
|
+
if csr = load_certificate_request_from_file
|
186
|
+
@certificate_request = csr
|
187
|
+
elsif csr = download_csr_from_ca
|
188
|
+
@certificate_request = csr
|
189
|
+
end
|
190
|
+
end
|
191
|
+
@certificate_request
|
192
|
+
end
|
193
|
+
|
227
194
|
# Generate all necessary parts of our ssl host.
|
228
195
|
def generate
|
229
196
|
generate_key unless key
|
230
|
-
|
197
|
+
|
231
198
|
existing_request = certificate_request
|
232
199
|
|
233
200
|
# if CSR downloaded from master, but the local keypair was just generated and
|
234
201
|
# does not match the public key in the CSR, fail hard
|
235
|
-
if
|
236
|
-
|
202
|
+
validate_csr_with_key(existing_request, key) if existing_request
|
203
|
+
|
204
|
+
generate_certificate_request unless existing_request
|
205
|
+
end
|
237
206
|
|
238
|
-
|
207
|
+
# Generate a keypair, generate a CSR, and submit it. If a local key pair
|
208
|
+
# already exists it will be used to generate the CSR. If a local CSR already
|
209
|
+
# exists and matches the key then the existing CSR will be submitted. If the
|
210
|
+
# CSR and key do not match an exception will be raised.
|
211
|
+
#
|
212
|
+
# @return [Puppet::SSL::CertificateRequest, nil]
|
213
|
+
def submit_request
|
214
|
+
generate_key unless key
|
215
|
+
|
216
|
+
csr = load_certificate_request_from_file
|
217
|
+
if csr
|
218
|
+
if key.content.public_key.to_s != csr.content.public_key.to_s
|
219
|
+
Puppet.warning("The local CSR does not match the agent's public key. Generating a new CSR.")
|
220
|
+
|
221
|
+
request_path = certificate_request_location(name)
|
222
|
+
Puppet::FileSystem.unlink(request_path)
|
223
|
+
csr = nil
|
224
|
+
end
|
225
|
+
end
|
226
|
+
|
227
|
+
if csr
|
228
|
+
validate_csr_with_key(csr, key)
|
229
|
+
submit_certificate_request(csr)
|
230
|
+
@certificate_request = csr
|
231
|
+
else
|
232
|
+
generate_certificate_request
|
233
|
+
end
|
234
|
+
|
235
|
+
@certificate_request
|
236
|
+
end
|
237
|
+
|
238
|
+
def validate_local_csr_with_key(csr, key)
|
239
|
+
if key.content.public_key.to_s != csr.content.public_key.to_s
|
240
|
+
raise Puppet::Error, _(<<ERROR_STRING) % { fingerprint: csr.fingerprint, csr_public_key: csr.content.public_key.to_text, agent_public_key: key.content.public_key.to_text, cert_name: Puppet[:certname], ssl_dir: Puppet[:ssldir], cert_dir: Puppet[:certdir].gsub('/', '\\') }
|
241
|
+
The local CSR does not match the agent's public key.
|
242
|
+
CSR fingerprint: %{fingerprint}
|
243
|
+
CSR public key: %{csr_public_key}
|
244
|
+
Agent public key: %{agent_public_key}
|
245
|
+
To fix this, remove the CSR from the agent and then start a puppet run, which will automatically regenerate a CSR.
|
246
|
+
On the agent:
|
247
|
+
1a. On most platforms: find %{ssl_dir} -name %{cert_name}.pem -delete
|
248
|
+
1b. On Windows: del "%{cert_dir}\\%{cert_name}.pem" /f
|
249
|
+
2. puppet agent -t
|
250
|
+
ERROR_STRING
|
251
|
+
end
|
252
|
+
end
|
253
|
+
private :validate_local_csr_with_key
|
254
|
+
|
255
|
+
def validate_csr_with_key(csr, key)
|
256
|
+
if key.content.public_key.to_s != csr.content.public_key.to_s
|
257
|
+
raise Puppet::Error, _(<<ERROR_STRING) % { fingerprint: csr.fingerprint, csr_public_key: csr.content.public_key.to_text, agent_public_key: key.content.public_key.to_text, cert_name: Puppet[:certname], ssl_dir: Puppet[:ssldir], cert_dir: Puppet[:certdir].gsub('/', '\\') }
|
239
258
|
The CSR retrieved from the master does not match the agent's public key.
|
240
259
|
CSR fingerprint: %{fingerprint}
|
241
260
|
CSR public key: %{csr_public_key}
|
@@ -249,21 +268,15 @@ On the agent:
|
|
249
268
|
2. puppet agent -t
|
250
269
|
ERROR_STRING
|
251
270
|
end
|
252
|
-
generate_certificate_request unless existing_request
|
253
|
-
|
254
|
-
# If we can get a CA instance, then we're a valid CA, and we
|
255
|
-
# should use it to sign our request; else, just try to read
|
256
|
-
# the cert.
|
257
|
-
if ! certificate and ca = Puppet::SSL::CertificateAuthority.instance
|
258
|
-
ca.sign(self.name, {allow_dns_alt_names: true})
|
259
|
-
end
|
260
271
|
end
|
272
|
+
private :validate_csr_with_key
|
261
273
|
|
262
274
|
def initialize(name = nil)
|
263
275
|
@name = (name || Puppet[:certname]).downcase
|
264
276
|
Puppet::SSL::Base.validate_certname(@name)
|
265
277
|
@key = @certificate = @certificate_request = nil
|
266
|
-
@
|
278
|
+
@crl_usage = Puppet.settings[:certificate_revocation]
|
279
|
+
@crl_path = Puppet.settings[:hostcrl]
|
267
280
|
end
|
268
281
|
|
269
282
|
# Extract the public key from the private key.
|
@@ -271,6 +284,14 @@ ERROR_STRING
|
|
271
284
|
key.content.public_key
|
272
285
|
end
|
273
286
|
|
287
|
+
def use_crl?
|
288
|
+
!!@crl_usage
|
289
|
+
end
|
290
|
+
|
291
|
+
def use_crl_chain?
|
292
|
+
@crl_usage == true || @crl_usage == :chain
|
293
|
+
end
|
294
|
+
|
274
295
|
# Create/return a store that uses our SSL info to validate
|
275
296
|
# connections.
|
276
297
|
def ssl_store(purpose = OpenSSL::X509::PURPOSE_ANY)
|
@@ -280,49 +301,6 @@ ERROR_STRING
|
|
280
301
|
@ssl_store
|
281
302
|
end
|
282
303
|
|
283
|
-
def to_data_hash
|
284
|
-
my_cert = Puppet::SSL::Certificate.indirection.find(name)
|
285
|
-
result = { 'name' => name }
|
286
|
-
|
287
|
-
my_state = state
|
288
|
-
|
289
|
-
result['state'] = my_state
|
290
|
-
result['desired_state'] = desired_state if desired_state
|
291
|
-
|
292
|
-
thing_to_use = (my_state == 'requested') ? certificate_request : my_cert
|
293
|
-
|
294
|
-
# this is for backwards-compatibility
|
295
|
-
# we should deprecate it and transition people to using
|
296
|
-
# json[:fingerprints][:default]
|
297
|
-
# It appears that we have no internal consumers of this api
|
298
|
-
# --jeffweiss 30 aug 2012
|
299
|
-
result['fingerprint'] = thing_to_use.fingerprint
|
300
|
-
|
301
|
-
# The above fingerprint doesn't tell us what message digest algorithm was used
|
302
|
-
# No problem, except that the default is changing between 2.7 and 3.0. Also, as
|
303
|
-
# we move to FIPS 140-2 compliance, MD5 is no longer allowed (and, gasp, will
|
304
|
-
# segfault in rubies older than 1.9.3)
|
305
|
-
# So, when we add the newer fingerprints, we're explicit about the hashing
|
306
|
-
# algorithm used.
|
307
|
-
# --jeffweiss 31 july 2012
|
308
|
-
result['fingerprints'] = {}
|
309
|
-
result['fingerprints']['default'] = thing_to_use.fingerprint
|
310
|
-
|
311
|
-
suitable_message_digest_algorithms.each do |md|
|
312
|
-
result['fingerprints'][md.to_s] = thing_to_use.fingerprint md
|
313
|
-
end
|
314
|
-
result['dns_alt_names'] = thing_to_use.subject_alt_names
|
315
|
-
|
316
|
-
result
|
317
|
-
end
|
318
|
-
|
319
|
-
# eventually we'll probably want to move this somewhere else or make it
|
320
|
-
# configurable
|
321
|
-
# --jeffweiss 29 aug 2012
|
322
|
-
def suitable_message_digest_algorithms
|
323
|
-
[:SHA1, :SHA224, :SHA256, :SHA384, :SHA512]
|
324
|
-
end
|
325
|
-
|
326
304
|
# Attempt to retrieve a cert, if we don't already have one.
|
327
305
|
def wait_for_cert(time)
|
328
306
|
begin
|
@@ -345,7 +323,7 @@ ERROR_STRING
|
|
345
323
|
exit(1)
|
346
324
|
end
|
347
325
|
|
348
|
-
|
326
|
+
while true
|
349
327
|
sleep time
|
350
328
|
begin
|
351
329
|
break if certificate
|
@@ -356,45 +334,293 @@ ERROR_STRING
|
|
356
334
|
end
|
357
335
|
end
|
358
336
|
|
359
|
-
|
360
|
-
|
361
|
-
|
337
|
+
# Saves the given certificate to disc, at a location determined by this
|
338
|
+
# host's configuration.
|
339
|
+
# @param [Puppet::SSL::Certificate] cert the cert to save
|
340
|
+
def save_host_certificate(cert)
|
341
|
+
file_path = certificate_location(name)
|
342
|
+
Puppet::Util.replace_file(file_path, 0644) do |f|
|
343
|
+
f.write(cert.to_s)
|
344
|
+
end
|
345
|
+
end
|
346
|
+
|
347
|
+
private
|
348
|
+
|
349
|
+
# Load a previously generated CSR from disk
|
350
|
+
# @return [Puppet::SSL::CertificateRequest, nil]
|
351
|
+
def load_certificate_request_from_file
|
352
|
+
request_path = certificate_request_location(name)
|
353
|
+
if Puppet::FileSystem.exist?(request_path)
|
354
|
+
Puppet::SSL::CertificateRequest.from_s(Puppet::FileSystem.read(request_path))
|
362
355
|
end
|
356
|
+
end
|
363
357
|
|
358
|
+
# Download the CSR for this host from the CA. Returns nil if the CA
|
359
|
+
# has no saved CSR for this host.
|
360
|
+
# @raises [Puppet::Error] if the response from the server is not a valid
|
361
|
+
# CSR or an error occurs while fetching.
|
362
|
+
# @return [Puppet::SSL::CertificateRequest, nil]
|
363
|
+
def download_csr_from_ca
|
364
364
|
begin
|
365
|
-
Puppet::
|
366
|
-
|
367
|
-
|
368
|
-
|
365
|
+
body = Puppet::Rest::Routes.get_certificate_request(
|
366
|
+
name, Puppet::Rest::SSLContext.new(OpenSSL::SSL::VERIFY_PEER, ssl_store))
|
367
|
+
begin
|
368
|
+
Puppet::SSL::CertificateRequest.from_s(body)
|
369
|
+
rescue OpenSSL::X509::RequestError => e
|
370
|
+
raise Puppet::Error, _("Response from the CA did not contain a valid certificate request: %{message}") % { message: e.message }
|
371
|
+
end
|
372
|
+
rescue Puppet::Rest::ResponseError => e
|
373
|
+
if e.response.code.to_i == 404
|
374
|
+
nil
|
375
|
+
else
|
376
|
+
raise Puppet::Error, _('Could not download certificate request: %{message}') % { message: e.message }
|
377
|
+
end
|
369
378
|
end
|
370
379
|
end
|
380
|
+
# Submit the CSR to the CA via an HTTP PUT request.
|
381
|
+
# @param [Puppet::SSL::CertificateRequest] csr the request to submit
|
382
|
+
def submit_certificate_request(csr)
|
383
|
+
Puppet::Rest::Routes.put_certificate_request(
|
384
|
+
csr.render, name, Puppet::Rest::SSLContext.new(OpenSSL::SSL::VERIFY_PEER, ssl_store))
|
385
|
+
end
|
371
386
|
|
372
|
-
|
387
|
+
def save_certificate_request(csr)
|
388
|
+
Puppet::Util.replace_file(certificate_request_location(name), 0644) do |file|
|
389
|
+
file.write(csr.render)
|
390
|
+
end
|
391
|
+
end
|
392
|
+
|
393
|
+
# @param crl_string [String] CRLs read from disk or obtained from server
|
394
|
+
# @return [Array<OpenSSL::X509::CRL>] CRLs from chain
|
395
|
+
# @raise [Puppet::Error<OpenSSL::X509::CRLError>] if the CRL chain is malformed
|
396
|
+
def process_crl_string(crl_string)
|
397
|
+
delimiters = /-----BEGIN X509 CRL-----.*?-----END X509 CRL-----/m
|
398
|
+
crl_string.scan(delimiters).map do |crl|
|
399
|
+
begin
|
400
|
+
OpenSSL::X509::CRL.new(crl)
|
401
|
+
rescue OpenSSL::X509::CRLError => e
|
402
|
+
raise Puppet::Error.new(
|
403
|
+
_("Failed attempting to load CRL from %{crl_path}! The CRL below caused the error '%{error}':\n%{crl}" % {crl_path: crl_path, error: e.message, crl: crl}),
|
404
|
+
e)
|
405
|
+
end
|
406
|
+
end
|
407
|
+
end
|
408
|
+
|
409
|
+
# @param path [String] Path to CRL Chain
|
410
|
+
# @return [Array<OpenSSL::X509::CRL>] CRLs from chain
|
411
|
+
# @raise [Puppet::Error<OpenSSL::X509::CRLError>] if the CRL chain is malformed
|
412
|
+
def load_crls(path)
|
413
|
+
crls_pems = Puppet::FileSystem.read(path, encoding: Encoding::UTF_8)
|
414
|
+
process_crl_string(crls_pems)
|
415
|
+
end
|
416
|
+
|
417
|
+
# Ensures that the CA certificate is available for either generating or
|
418
|
+
# validating the host's cert.
|
419
|
+
# It will first check on disk, then try to download it.
|
420
|
+
# @raise [Puppet::Error] if text form of found certificate bundle is invalid
|
421
|
+
# and cannot be loaded into cert objects
|
422
|
+
# @return [Boolean] true if the CA certificate was found, false otherwise
|
423
|
+
def ensure_ca_certificate
|
424
|
+
file_path = certificate_location(CA_NAME)
|
425
|
+
if Puppet::FileSystem.exist?(file_path)
|
426
|
+
begin
|
427
|
+
# This load ensures that the file contents is a valid cert bundle.
|
428
|
+
# If the text is malformed, load_certificate_bundle will raise.
|
429
|
+
load_certificate_bundle(Puppet::FileSystem.read(file_path))
|
430
|
+
rescue Puppet::Error => e
|
431
|
+
raise Puppet::Error, _("The CA certificate at %{file_path} is invalid: %{message}") % { file_path: file_path, message: e.message }
|
432
|
+
end
|
433
|
+
else
|
434
|
+
bundle = download_ca_certificate_bundle
|
435
|
+
if bundle
|
436
|
+
save_bundle(bundle, certificate_location(CA_NAME))
|
437
|
+
true
|
438
|
+
else
|
439
|
+
false
|
440
|
+
end
|
441
|
+
end
|
442
|
+
end
|
443
|
+
public :ensure_ca_certificate
|
444
|
+
|
445
|
+
# Creates an arry of SSL Certificate objects from a PEM-encoding string
|
446
|
+
# of one or more certs.
|
447
|
+
# @param [String] bundle_string PEM-encoded string of certs
|
448
|
+
# @return [[OpenSSL::X509::Certificate], nil] the certs loaded from the
|
449
|
+
# input string, or nil if none could be loaded
|
450
|
+
def load_certificate_bundle(bundle_string)
|
451
|
+
delimiters = /-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----/m
|
452
|
+
certs = bundle_string.scan(delimiters)
|
453
|
+
|
454
|
+
if certs.empty?
|
455
|
+
raise Puppet::Error, _("No valid PEM-encoded certificates.")
|
456
|
+
end
|
457
|
+
|
458
|
+
certs.map do |cert|
|
459
|
+
begin
|
460
|
+
OpenSSL::X509::Certificate.new(cert)
|
461
|
+
rescue OpenSSL::X509::CertificateError => e
|
462
|
+
raise Puppet::Error, _("Could not parse certificate: %{message}") % { message: e.message }
|
463
|
+
end
|
464
|
+
end
|
465
|
+
end
|
466
|
+
|
467
|
+
# Fetches and saves the crl bundle from the CA server without validating
|
468
|
+
# its contents. Takes an optional store to use with the http_client,
|
469
|
+
# necessary for initial download of the CRL because `build_ssl_store`
|
470
|
+
# calls this `download_and_save_crl_bundle`. If there is an error during
|
471
|
+
# this downloading process, the file should not be replaced at all. This
|
472
|
+
# streams the file directly to disk to avoid loading the entire CRL in memory.
|
473
|
+
# @param [OpenSSL::X509::Store] store optional ssl_store to use with http_client
|
474
|
+
# @raise [Puppet::Error<Puppet::Rest::ResponseError>] if bad response from server
|
475
|
+
# @return nil
|
476
|
+
def download_and_save_crl_bundle(store=nil)
|
477
|
+
begin
|
478
|
+
# If no SSL store was supplied, use this host's SSL store
|
479
|
+
store ||= ssl_store
|
480
|
+
Puppet::Util.replace_file(crl_path, 0644) do |file|
|
481
|
+
result = Puppet::Rest::Routes.get_crls(CA_NAME, Puppet::Rest::SSLContext.new(OpenSSL::SSL::VERIFY_PEER, store))
|
482
|
+
file.write(result)
|
483
|
+
end
|
484
|
+
rescue Puppet::Rest::ResponseError => e
|
485
|
+
raise Puppet::Error, _('Could not download CRLs: %{message}') % { message: e.message }
|
486
|
+
end
|
487
|
+
end
|
488
|
+
|
489
|
+
# Fetches the CA certificate bundle from the CA server
|
490
|
+
# @raise [Puppet::Error] if response from the server is not a valid certificate
|
491
|
+
# bundle
|
492
|
+
# @return [[OpenSSL::X509::Certificate]] the certs loaded from the response
|
493
|
+
def download_ca_certificate_bundle
|
494
|
+
begin
|
495
|
+
cert_bundle = Puppet::Rest::Routes.get_certificate(
|
496
|
+
CA_NAME,
|
497
|
+
Puppet::Rest::SSLContext.new(OpenSSL::SSL::VERIFY_NONE)
|
498
|
+
)
|
499
|
+
# This load ensures that the response body is a valid cert bundle.
|
500
|
+
# If the text is malformed, load_certificate_bundle will raise.
|
501
|
+
begin
|
502
|
+
load_certificate_bundle(cert_bundle)
|
503
|
+
rescue Puppet::Error => e
|
504
|
+
raise Puppet::Error, _("Response from the CA did not contain a valid CA certificate: %{message}") % { message: e.message }
|
505
|
+
end
|
506
|
+
rescue Puppet::Rest::ResponseError => e
|
507
|
+
raise Puppet::Error, _('Could not download CA certificate: %{message}') % { message: e.message }
|
508
|
+
end
|
509
|
+
end
|
510
|
+
|
511
|
+
# Saves the given bundle to disk to a specified file path.
|
512
|
+
# @param bundle [[OpenSSL::X509::Certificate/CRL]] the certs to save
|
513
|
+
# @param location [String] place on disk to save bundle
|
514
|
+
def save_bundle(cert_bundle, location)
|
515
|
+
Puppet::Util.replace_file(location, 0644) do |f|
|
516
|
+
bundle_string = cert_bundle.map(&:to_pem).join("\n")
|
517
|
+
f.write(bundle_string)
|
518
|
+
end
|
519
|
+
end
|
520
|
+
|
521
|
+
# Attempts to load or fetch this host's certificate. Returns nil if
|
522
|
+
# no certificate could be found.
|
523
|
+
# @return [Puppet::SSL::Certificate, nil]
|
524
|
+
def get_host_certificate
|
525
|
+
if cert = check_for_certificate_on_disk(name)
|
526
|
+
return cert
|
527
|
+
elsif cert = download_certificate_from_ca(name)
|
528
|
+
save_host_certificate(cert)
|
529
|
+
return cert
|
530
|
+
else
|
531
|
+
return nil
|
532
|
+
end
|
533
|
+
end
|
373
534
|
|
374
|
-
|
535
|
+
# Checks for the requested certificate on disc, at a location
|
536
|
+
# determined by this host's configuration.
|
537
|
+
# @name [String] name the name of the cert to look for
|
538
|
+
# @raise [Puppet::Error] if contents of certificate file is invalid
|
539
|
+
# and could not be loaded
|
540
|
+
# @return [Puppet::SSL::Certificate, nil]
|
541
|
+
def check_for_certificate_on_disk(cert_name)
|
542
|
+
file_path = certificate_location(cert_name)
|
543
|
+
if Puppet::FileSystem.exist?(file_path)
|
544
|
+
begin
|
545
|
+
Puppet::SSL::Certificate.from_s(Puppet::FileSystem.read(file_path))
|
546
|
+
rescue OpenSSL::X509::CertificateError
|
547
|
+
raise Puppet::Error, _("The certificate at %{file_path} is invalid. Could not load.") % { file_path: file_path }
|
548
|
+
end
|
549
|
+
end
|
550
|
+
end
|
551
|
+
public :check_for_certificate_on_disk
|
552
|
+
|
553
|
+
# Attempts to download this host's certificate from the CA server.
|
554
|
+
# Returns nil if the CA does not yet have a signed cert for this host.
|
555
|
+
# @param [String] name then name of the cert to fetch
|
556
|
+
# @raise [Puppet::Error] if response from the CA does not contain a valid
|
557
|
+
# certificate
|
558
|
+
# @return [Puppet::SSL::Certificate, nil]
|
559
|
+
def download_certificate_from_ca(cert_name)
|
560
|
+
begin
|
561
|
+
cert = Puppet::Rest::Routes.get_certificate(
|
562
|
+
cert_name,
|
563
|
+
Puppet::Rest::SSLContext.new(OpenSSL::SSL::VERIFY_PEER, ssl_store)
|
564
|
+
)
|
565
|
+
begin
|
566
|
+
Puppet::SSL::Certificate.from_s(cert)
|
567
|
+
rescue OpenSSL::X509::CertificateError
|
568
|
+
raise Puppet::Error, _("Response from the CA did not contain a valid certificate for %{cert_name}.") % { cert_name: cert_name }
|
569
|
+
end
|
570
|
+
rescue Puppet::Rest::ResponseError => e
|
571
|
+
if e.response.code.to_i == 404
|
572
|
+
Puppet.debug _("No certificate for %{cert_name} on CA") % { cert_name: cert_name }
|
573
|
+
nil
|
574
|
+
else
|
575
|
+
raise Puppet::Rest::ResponseError, _("Could not download host certificate: %{message}") % { message: e.message }
|
576
|
+
end
|
577
|
+
end
|
578
|
+
end
|
579
|
+
|
580
|
+
# Returns the file path for the named certificate, based on this host's
|
581
|
+
# configuration.
|
582
|
+
# @param [String] name the name of the cert to find
|
583
|
+
# @return [String] file path to the cert's location
|
584
|
+
def certificate_location(cert_name)
|
585
|
+
cert_name == CA_NAME ? Puppet[:localcacert] : File.join(Puppet[:certdir], "#{cert_name}.pem")
|
586
|
+
end
|
587
|
+
|
588
|
+
# Returns the file path for the named CSR, based on this host's configuration.
|
589
|
+
# @param [String] name the name of the CSR to find
|
590
|
+
# @return [String] file path to the CSR's location
|
591
|
+
def certificate_request_location(cert_name)
|
592
|
+
File.join(Puppet[:requestdir], "#{cert_name}.pem")
|
593
|
+
end
|
594
|
+
|
595
|
+
# @param [OpenSSL::X509::PURPOSE_*] constant defining the kinds of certs
|
596
|
+
# this store can verify
|
597
|
+
# @return [OpenSSL::X509::Store]
|
598
|
+
# @raise [OpenSSL::X509::StoreError] if localcacert is malformed or non-existant
|
599
|
+
# @raise [Puppet::Error] if the CRL chain is malformed
|
600
|
+
# @raise [Errno::ENOENT] if the CRL does not exist on disk but use_crl? is true
|
601
|
+
def build_ssl_store(purpose=OpenSSL::X509::PURPOSE_ANY)
|
375
602
|
store = OpenSSL::X509::Store.new
|
376
603
|
store.purpose = purpose
|
377
604
|
|
378
605
|
# Use the file path here, because we don't want to cause
|
379
606
|
# a lookup in the middle of setting our ssl connection.
|
380
|
-
store.add_file(Puppet[:localcacert])
|
381
|
-
|
382
|
-
|
383
|
-
|
384
|
-
|
385
|
-
flags = OpenSSL::X509::V_FLAG_CRL_CHECK
|
386
|
-
if Puppet.lookup(:certificate_revocation) == :chain
|
387
|
-
flags |= OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
|
388
|
-
end
|
389
|
-
|
390
|
-
store.flags = flags
|
391
|
-
store.add_crl(crl.content)
|
392
|
-
else
|
393
|
-
Puppet.debug _("Certificate revocation checking is enabled but a CRL cannot be found; CRL checking will not be performed.")
|
607
|
+
store.add_file(Puppet.settings[:localcacert])
|
608
|
+
|
609
|
+
if use_crl?
|
610
|
+
if !Puppet::FileSystem.exist?(crl_path)
|
611
|
+
download_and_save_crl_bundle(store)
|
394
612
|
end
|
613
|
+
|
614
|
+
crls = load_crls(crl_path)
|
615
|
+
|
616
|
+
flags = OpenSSL::X509::V_FLAG_CRL_CHECK
|
617
|
+
if use_crl_chain?
|
618
|
+
flags |= OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
|
619
|
+
end
|
620
|
+
|
621
|
+
store.flags = flags
|
622
|
+
crls.each {|crl| store.add_crl(crl) }
|
395
623
|
end
|
396
624
|
store
|
397
625
|
end
|
398
626
|
end
|
399
|
-
|
400
|
-
require 'puppet/ssl/certificate_authority'
|