puppet 5.5.22 → 6.0.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Gemfile +46 -72
- data/Gemfile.lock +86 -102
- data/MAINTAINERS +47 -0
- data/Rakefile +15 -19
- data/ext/build_defaults.yaml +0 -1
- data/ext/cert_inspector +3 -3
- data/ext/debian/copyright +0 -22
- data/ext/project_data.yaml +8 -10
- data/ext/puppet-test +2 -2
- data/ext/redhat/puppet.spec.erb +0 -4
- data/ext/regexp_nodes/regexp_nodes.rb +4 -4
- data/ext/solaris/smf/puppet.xml +0 -2
- data/ext/solaris/smf/svc-puppetd +1 -8
- data/ext/solaris/smf/svc-puppetmasterd +1 -8
- data/ext/windows/eventlog/Rakefile +32 -0
- data/ext/windows/eventlog/puppetres.dll +0 -0
- data/ext/windows/eventlog/puppetres.mc +18 -0
- data/ext/windows/service/daemon.rb +8 -54
- data/install.rb +24 -6
- data/lib/hiera/scope.rb +0 -7
- data/lib/puppet.rb +10 -21
- data/lib/puppet/agent.rb +13 -5
- data/lib/puppet/application.rb +10 -8
- data/lib/puppet/application/agent.rb +3 -21
- data/lib/puppet/application/apply.rb +22 -12
- data/lib/puppet/application/cert.rb +25 -180
- data/lib/puppet/application/describe.rb +9 -3
- data/lib/puppet/application/device.rb +41 -74
- data/lib/puppet/application/doc.rb +5 -3
- data/lib/puppet/application/filebucket.rb +1 -23
- data/lib/puppet/application/lookup.rb +2 -2
- data/lib/puppet/application/resource.rb +4 -4
- data/lib/puppet/application/script.rb +3 -3
- data/lib/puppet/application/ssl.rb +133 -0
- data/lib/puppet/application_support.rb +1 -2
- data/lib/puppet/configurer.rb +62 -127
- data/lib/puppet/configurer/downloader.rb +17 -34
- data/lib/puppet/configurer/fact_handler.rb +5 -1
- data/lib/puppet/configurer/plugin_handler.rb +2 -3
- data/lib/puppet/confine/false.rb +1 -7
- data/lib/puppet/confine/true.rb +1 -7
- data/lib/puppet/daemon.rb +2 -2
- data/lib/puppet/datatypes.rb +1 -1
- data/lib/puppet/defaults.rb +126 -286
- data/lib/puppet/environments.rb +2 -7
- data/lib/puppet/error.rb +14 -10
- data/lib/puppet/etc.rb +4 -25
- data/lib/puppet/external/dot.rb +23 -17
- data/lib/puppet/face/config.rb +50 -12
- data/lib/puppet/face/epp.rb +2 -2
- data/lib/puppet/face/facts.rb +1 -1
- data/lib/puppet/face/help.rb +21 -7
- data/lib/puppet/face/help/global.erb +2 -2
- data/lib/puppet/face/module/build.rb +4 -59
- data/lib/puppet/face/module/generate.rb +5 -247
- data/lib/puppet/face/module/install.rb +0 -4
- data/lib/puppet/face/module/list.rb +5 -10
- data/lib/puppet/face/module/search.rb +2 -2
- data/lib/puppet/face/module/uninstall.rb +1 -5
- data/lib/puppet/face/module/upgrade.rb +1 -5
- data/lib/puppet/face/node/clean.rb +14 -10
- data/lib/puppet/face/plugin.rb +2 -9
- data/lib/puppet/feature/base.rb +7 -26
- data/lib/puppet/feature/eventlog.rb +1 -1
- data/lib/puppet/file_bucket/dipper.rb +1 -1
- data/lib/puppet/file_serving/base.rb +7 -7
- data/lib/puppet/file_serving/fileset.rb +2 -2
- data/lib/puppet/file_serving/http_metadata.rb +1 -1
- data/lib/puppet/file_serving/metadata.rb +4 -3
- data/lib/puppet/file_serving/mount/locales.rb +2 -1
- data/lib/puppet/file_serving/mount/pluginfacts.rb +2 -1
- data/lib/puppet/file_serving/mount/plugins.rb +2 -1
- data/lib/puppet/file_system.rb +8 -0
- data/lib/puppet/file_system/memory_file.rb +1 -1
- data/lib/puppet/file_system/posix.rb +2 -3
- data/lib/puppet/file_system/uniquefile.rb +0 -4
- data/lib/puppet/forge.rb +8 -12
- data/lib/puppet/functions.rb +138 -0
- data/lib/puppet/functions/abs.rb +61 -0
- data/lib/puppet/functions/call.rb +38 -2
- data/lib/puppet/functions/camelcase.rb +62 -0
- data/lib/puppet/functions/capitalize.rb +61 -0
- data/lib/puppet/functions/ceiling.rb +37 -0
- data/lib/puppet/functions/chomp.rb +57 -0
- data/lib/puppet/functions/chop.rb +67 -0
- data/lib/puppet/functions/compare.rb +125 -0
- data/lib/puppet/functions/convert_to.rb +3 -2
- data/lib/puppet/functions/dig.rb +21 -1
- data/lib/puppet/functions/downcase.rb +89 -0
- data/lib/puppet/functions/epp.rb +4 -4
- data/lib/puppet/functions/eyaml_lookup_key.rb +4 -5
- data/lib/puppet/functions/filter.rb +7 -6
- data/lib/puppet/functions/floor.rb +37 -0
- data/lib/puppet/functions/get.rb +150 -0
- data/lib/puppet/functions/getvar.rb +87 -0
- data/lib/puppet/functions/inline_epp.rb +5 -5
- data/lib/puppet/functions/lstrip.rb +58 -0
- data/lib/puppet/functions/max.rb +183 -0
- data/lib/puppet/functions/min.rb +182 -0
- data/lib/puppet/functions/new.rb +3 -8
- data/lib/puppet/functions/reduce.rb +4 -2
- data/lib/puppet/functions/reverse_each.rb +1 -1
- data/lib/puppet/functions/round.rb +24 -0
- data/lib/puppet/functions/rstrip.rb +58 -0
- data/lib/puppet/functions/size.rb +15 -0
- data/lib/puppet/functions/sort.rb +74 -0
- data/lib/puppet/functions/step.rb +1 -1
- data/lib/puppet/functions/strip.rb +58 -0
- data/lib/puppet/functions/upcase.rb +89 -0
- data/lib/puppet/functions/yaml_data.rb +4 -5
- data/lib/puppet/gettext/config.rb +1 -1
- data/lib/puppet/gettext/module_translations.rb +1 -1
- data/lib/puppet/graph.rb +0 -2
- data/lib/puppet/graph/rb_tree_map.rb +2 -2
- data/lib/puppet/graph/simple_graph.rb +10 -7
- data/lib/puppet/indirector/catalog/compiler.rb +0 -8
- data/lib/puppet/indirector/catalog/json.rb +14 -3
- data/lib/puppet/indirector/catalog/yaml.rb +0 -16
- data/lib/puppet/indirector/certificate/file.rb +0 -1
- data/lib/puppet/indirector/facts/yaml.rb +4 -2
- data/lib/puppet/indirector/file_bucket_file/file.rb +1 -1
- data/lib/puppet/indirector/hiera.rb +0 -6
- data/lib/puppet/indirector/indirection.rb +8 -12
- data/lib/puppet/indirector/key/file.rb +1 -6
- data/lib/puppet/indirector/node/exec.rb +1 -3
- data/lib/puppet/indirector/node/yaml.rb +0 -6
- data/lib/puppet/indirector/request.rb +20 -27
- data/lib/puppet/indirector/resource/ral.rb +3 -1
- data/lib/puppet/indirector/resource/validator.rb +1 -1
- data/lib/puppet/indirector/rest.rb +7 -65
- data/lib/puppet/indirector/ssl_file.rb +3 -44
- data/lib/puppet/indirector/terminus.rb +1 -1
- data/lib/puppet/indirector/yaml.rb +4 -4
- data/lib/puppet/info_service/task_information_service.rb +7 -3
- data/lib/puppet/interface.rb +2 -3
- data/lib/puppet/interface/action.rb +2 -5
- data/lib/puppet/interface/face_collection.rb +3 -1
- data/lib/puppet/loaders.rb +2 -0
- data/lib/puppet/metatype/manager.rb +3 -5
- data/lib/puppet/module.rb +5 -31
- data/lib/puppet/module/task.rb +208 -30
- data/lib/puppet/module_tool.rb +2 -5
- data/lib/puppet/module_tool/applications.rb +0 -1
- data/lib/puppet/module_tool/applications/application.rb +1 -1
- data/lib/puppet/module_tool/applications/installer.rb +7 -8
- data/lib/puppet/module_tool/applications/uninstaller.rb +4 -5
- data/lib/puppet/module_tool/applications/unpacker.rb +1 -1
- data/lib/puppet/module_tool/applications/upgrader.rb +5 -6
- data/lib/puppet/module_tool/installed_modules.rb +2 -2
- data/lib/puppet/module_tool/local_tarball.rb +3 -3
- data/lib/puppet/module_tool/metadata.rb +1 -2
- data/lib/puppet/module_tool/shared_behaviors.rb +6 -6
- data/lib/puppet/module_tool/tar/mini.rb +2 -12
- data/lib/puppet/network/authconfig.rb +0 -13
- data/lib/puppet/network/format_support.rb +13 -8
- data/lib/puppet/network/formats.rb +93 -2
- data/lib/puppet/network/http.rb +0 -2
- data/lib/puppet/network/http/api.rb +1 -10
- data/lib/puppet/network/http/api/indirected_routes.rb +22 -16
- data/lib/puppet/network/http/api/master/v3/environment.rb +0 -3
- data/lib/puppet/network/http/connection.rb +14 -57
- data/lib/puppet/network/http/factory.rb +13 -7
- data/lib/puppet/network/http/handler.rb +59 -27
- data/lib/puppet/network/http/pool.rb +1 -7
- data/lib/puppet/network/http/site.rb +1 -1
- data/lib/puppet/network/resolver.rb +140 -67
- data/lib/puppet/node.rb +1 -2
- data/lib/puppet/node/environment.rb +5 -30
- data/lib/puppet/node/facts.rb +11 -1
- data/lib/puppet/parameter.rb +4 -7
- data/lib/puppet/parser/ast.rb +5 -9
- data/lib/puppet/parser/ast/branch.rb +3 -3
- data/lib/puppet/parser/ast/leaf.rb +5 -0
- data/lib/puppet/parser/ast/resourceparam.rb +1 -1
- data/lib/puppet/parser/catalog_compiler.rb +32 -0
- data/lib/puppet/parser/compiler.rb +2 -3
- data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +0 -2
- data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +0 -2
- data/lib/puppet/parser/environment_compiler.rb +0 -3
- data/lib/puppet/parser/functions.rb +48 -18
- data/lib/puppet/parser/functions/epp.rb +3 -3
- data/lib/puppet/parser/functions/filter.rb +1 -1
- data/lib/puppet/parser/functions/generate.rb +1 -1
- data/lib/puppet/parser/functions/inline_epp.rb +5 -5
- data/lib/puppet/parser/resource.rb +2 -4
- data/lib/puppet/parser/resource/param.rb +12 -11
- data/lib/puppet/parser/scope.rb +6 -8
- data/lib/puppet/parser/script_compiler.rb +7 -2
- data/lib/puppet/pops.rb +1 -0
- data/lib/puppet/pops/adaptable.rb +13 -7
- data/lib/puppet/pops/adapters.rb +18 -8
- data/lib/puppet/pops/evaluator/access_operator.rb +2 -2
- data/lib/puppet/pops/evaluator/collectors/abstract_collector.rb +4 -4
- data/lib/puppet/pops/evaluator/collectors/catalog_collector.rb +1 -1
- data/lib/puppet/pops/evaluator/collectors/exported_collector.rb +1 -1
- data/lib/puppet/pops/evaluator/compare_operator.rb +3 -1
- data/lib/puppet/pops/evaluator/deferred_resolver.rb +127 -0
- data/lib/puppet/pops/evaluator/evaluator_impl.rb +17 -2
- data/lib/puppet/pops/evaluator/external_syntax_support.rb +2 -3
- data/lib/puppet/pops/evaluator/runtime3_converter.rb +23 -4
- data/lib/puppet/pops/evaluator/runtime3_support.rb +7 -8
- data/lib/puppet/pops/functions/dispatch.rb +6 -0
- data/lib/puppet/pops/issues.rb +9 -10
- data/lib/puppet/pops/loader/loader.rb +1 -1
- data/lib/puppet/pops/loader/loader_paths.rb +5 -3
- data/lib/puppet/pops/loader/module_loaders.rb +47 -21
- data/lib/puppet/pops/loader/null_loader.rb +60 -0
- data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +54 -0
- data/lib/puppet/pops/loader/static_loader.rb +0 -36
- data/lib/puppet/pops/loader/task_instantiator.rb +72 -44
- data/lib/puppet/pops/loaders.rb +21 -33
- data/lib/puppet/pops/lookup/hiera_config.rb +1 -2
- data/lib/puppet/pops/lookup/sub_lookup.rb +1 -1
- data/lib/puppet/pops/merge_strategy.rb +18 -22
- data/lib/puppet/pops/model/ast.pp +16 -0
- data/lib/puppet/pops/model/ast.rb +94 -0
- data/lib/puppet/pops/model/factory.rb +17 -38
- data/lib/puppet/pops/model/model_label_provider.rb +8 -1
- data/lib/puppet/pops/parser/egrammar.ra +14 -3
- data/lib/puppet/pops/parser/eparser.rb +1537 -1492
- data/lib/puppet/pops/parser/epp_support.rb +6 -2
- data/lib/puppet/pops/parser/heredoc_support.rb +8 -17
- data/lib/puppet/pops/parser/interpolation_support.rb +4 -4
- data/lib/puppet/pops/parser/lexer2.rb +2 -7
- data/lib/puppet/pops/parser/locator.rb +87 -107
- data/lib/puppet/pops/parser/parser_support.rb +2 -11
- data/lib/puppet/pops/parser/pn_parser.rb +16 -17
- data/lib/puppet/pops/pcore.rb +19 -8
- data/lib/puppet/pops/puppet_stack.rb +48 -51
- data/lib/puppet/pops/resource/resource_type_impl.rb +0 -2
- data/lib/puppet/pops/serialization.rb +3 -2
- data/lib/puppet/pops/serialization/from_data_converter.rb +4 -3
- data/lib/puppet/pops/serialization/to_data_converter.rb +3 -3
- data/lib/puppet/pops/serialization/to_stringified_converter.rb +226 -0
- data/lib/puppet/pops/types/iterable.rb +8 -34
- data/lib/puppet/pops/types/p_binary_type.rb +1 -2
- data/lib/puppet/pops/types/p_meta_type.rb +1 -1
- data/lib/puppet/pops/types/p_object_type.rb +3 -0
- data/lib/puppet/pops/types/p_sensitive_type.rb +1 -1
- data/lib/puppet/pops/types/p_timespan_type.rb +2 -2
- data/lib/puppet/pops/types/p_type_set_type.rb +0 -4
- data/lib/puppet/pops/types/string_converter.rb +12 -21
- data/lib/puppet/pops/types/type_calculator.rb +0 -24
- data/lib/puppet/pops/types/type_factory.rb +17 -0
- data/lib/puppet/pops/types/type_mismatch_describer.rb +1 -1
- data/lib/puppet/pops/types/types.rb +7 -32
- data/lib/puppet/pops/validation/checker4_0.rb +23 -33
- data/lib/puppet/pops/validation/tasks_checker.rb +47 -6
- data/lib/puppet/pops/validation/validator_factory_4_0.rb +7 -10
- data/lib/puppet/property.rb +1 -1
- data/lib/puppet/property/ensure.rb +1 -1
- data/lib/puppet/provider.rb +14 -2
- data/lib/puppet/provider/exec.rb +58 -59
- data/lib/puppet/provider/file/posix.rb +0 -5
- data/lib/puppet/provider/file/windows.rb +2 -50
- data/lib/puppet/provider/group/aix.rb +2 -18
- data/lib/puppet/provider/group/groupadd.rb +19 -19
- data/lib/puppet/provider/group/windows_adsi.rb +4 -11
- data/lib/puppet/provider/nameservice.rb +28 -11
- data/lib/puppet/provider/nameservice/directoryservice.rb +1 -1
- data/lib/puppet/provider/nameservice/pw.rb +2 -2
- data/lib/puppet/provider/package.rb +0 -2
- data/lib/puppet/provider/package/aix.rb +2 -17
- data/lib/puppet/provider/package/apt.rb +3 -14
- data/lib/puppet/provider/package/dnf.rb +3 -3
- data/lib/puppet/provider/package/dpkg.rb +7 -18
- data/lib/puppet/provider/package/fink.rb +3 -20
- data/lib/puppet/provider/package/gem.rb +43 -105
- data/lib/puppet/provider/package/openbsd.rb +2 -14
- data/lib/puppet/provider/package/pip.rb +108 -160
- data/lib/puppet/provider/package/pip3.rb +1 -1
- data/lib/puppet/provider/package/pkg.rb +5 -18
- data/lib/puppet/provider/package/pkgdmg.rb +1 -1
- data/lib/puppet/provider/package/pkgng.rb +4 -16
- data/lib/puppet/provider/package/portage.rb +6 -6
- data/lib/puppet/provider/package/puppet_gem.rb +2 -7
- data/lib/puppet/provider/package/rpm.rb +33 -82
- data/lib/puppet/provider/package/windows.rb +2 -6
- data/lib/puppet/provider/package/windows/exe_package.rb +10 -16
- data/lib/puppet/provider/package/windows/msi_package.rb +0 -8
- data/lib/puppet/provider/package/windows/package.rb +2 -10
- data/lib/puppet/provider/package/yum.rb +25 -37
- data/lib/puppet/provider/package/zypper.rb +0 -1
- data/lib/puppet/provider/parsedfile.rb +5 -26
- data/lib/puppet/provider/service/base.rb +1 -1
- data/lib/puppet/provider/service/daemontools.rb +9 -9
- data/lib/puppet/provider/service/debian.rb +1 -0
- data/lib/puppet/provider/service/launchd.rb +8 -39
- data/lib/puppet/provider/service/openbsd.rb +1 -1
- data/lib/puppet/provider/service/rcng.rb +2 -2
- data/lib/puppet/provider/service/runit.rb +8 -2
- data/lib/puppet/provider/service/smf.rb +0 -54
- data/lib/puppet/provider/service/systemd.rb +24 -35
- data/lib/puppet/provider/service/upstart.rb +1 -3
- data/lib/puppet/provider/service/windows.rb +3 -23
- data/lib/puppet/provider/user/aix.rb +2 -48
- data/lib/puppet/provider/user/directoryservice.rb +8 -45
- data/lib/puppet/provider/user/hpux.rb +1 -1
- data/lib/puppet/provider/user/pw.rb +3 -12
- data/lib/puppet/provider/user/user_role_add.rb +1 -5
- data/lib/puppet/provider/user/useradd.rb +44 -74
- data/lib/puppet/provider/user/windows_adsi.rb +0 -7
- data/lib/puppet/reference/indirection.rb +2 -2
- data/lib/puppet/reference/metaparameter.rb +3 -1
- data/lib/puppet/reference/providers.rb +1 -1
- data/lib/puppet/reference/type.rb +9 -3
- data/lib/puppet/reports.rb +3 -3
- data/lib/puppet/resource.rb +22 -22
- data/lib/puppet/resource/catalog.rb +8 -14
- data/lib/puppet/resource/type.rb +1 -10
- data/lib/puppet/rest/client.rb +83 -0
- data/lib/puppet/rest/errors.rb +14 -0
- data/lib/puppet/rest/response.rb +34 -0
- data/lib/puppet/rest/route.rb +84 -0
- data/lib/puppet/rest/routes.rb +154 -0
- data/lib/puppet/rest/ssl_context.rb +13 -0
- data/lib/puppet/settings.rb +9 -54
- data/lib/puppet/settings/config_file.rb +1 -2
- data/lib/puppet/settings/environment_conf.rb +0 -1
- data/lib/puppet/settings/file_setting.rb +1 -1
- data/lib/puppet/settings/server_list_setting.rb +0 -9
- data/lib/puppet/ssl.rb +0 -1
- data/lib/puppet/ssl/base.rb +1 -9
- data/lib/puppet/ssl/certificate.rb +7 -4
- data/lib/puppet/ssl/certificate_request.rb +6 -14
- data/lib/puppet/ssl/certificate_request_attributes.rb +1 -1
- data/lib/puppet/ssl/host.rb +400 -174
- data/lib/puppet/ssl/key.rb +1 -5
- data/lib/puppet/ssl/oids.rb +3 -3
- data/lib/puppet/ssl/validator/default_validator.rb +33 -49
- data/lib/puppet/test/test_helper.rb +12 -18
- data/lib/puppet/transaction.rb +7 -12
- data/lib/puppet/transaction/event.rb +37 -14
- data/lib/puppet/transaction/event_manager.rb +3 -11
- data/lib/puppet/transaction/persistence.rb +1 -1
- data/lib/puppet/transaction/report.rb +1 -1
- data/lib/puppet/transaction/resource_harness.rb +2 -5
- data/lib/puppet/type.rb +7 -10
- data/lib/puppet/type/exec.rb +16 -50
- data/lib/puppet/type/file.rb +7 -16
- data/lib/puppet/type/file/content.rb +2 -3
- data/lib/puppet/type/file/data_sync.rb +1 -5
- data/lib/puppet/type/file/mode.rb +2 -7
- data/lib/puppet/type/file/source.rb +2 -1
- data/lib/puppet/type/filebucket.rb +8 -12
- data/lib/puppet/type/group.rb +3 -33
- data/lib/puppet/type/notify.rb +2 -3
- data/lib/puppet/type/package.rb +18 -154
- data/lib/puppet/type/resources.rb +2 -12
- data/lib/puppet/type/schedule.rb +34 -96
- data/lib/puppet/type/service.rb +10 -9
- data/lib/puppet/type/tidy.rb +1 -1
- data/lib/puppet/type/user.rb +30 -14
- data/lib/puppet/util.rb +28 -52
- data/lib/puppet/util/autoload.rb +62 -56
- data/lib/puppet/util/character_encoding.rb +0 -22
- data/lib/puppet/util/classgen.rb +0 -6
- data/lib/puppet/util/command_line.rb +4 -7
- data/lib/puppet/util/command_line/trollop.rb +1 -1
- data/lib/puppet/util/connection.rb +74 -0
- data/lib/puppet/util/execution.rb +7 -22
- data/lib/puppet/util/feature.rb +63 -41
- data/lib/puppet/util/fileparsing.rb +27 -5
- data/lib/puppet/util/filetype.rb +8 -56
- data/lib/puppet/util/http_proxy.rb +18 -27
- data/lib/puppet/util/instance_loader.rb +3 -21
- data/lib/puppet/util/json.rb +0 -8
- data/lib/puppet/util/ldap/connection.rb +7 -7
- data/lib/puppet/util/log.rb +3 -8
- data/lib/puppet/util/log/destinations.rb +13 -5
- data/lib/puppet/util/logging.rb +19 -31
- data/lib/puppet/util/metric.rb +2 -2
- data/lib/puppet/util/monkey_patches.rb +1 -1
- data/lib/puppet/util/network_device/base.rb +1 -1
- data/lib/puppet/util/pidlock.rb +3 -23
- data/lib/puppet/util/platform.rb +3 -0
- data/lib/puppet/util/plist.rb +0 -6
- data/lib/puppet/util/posix.rb +0 -15
- data/lib/puppet/util/provider_features.rb +6 -7
- data/lib/puppet/util/rdoc.rb +2 -2
- data/lib/puppet/util/rdoc/parser/puppet_parser_core.rb +1 -1
- data/lib/puppet/util/reference.rb +8 -7
- data/lib/puppet/util/resource_template.rb +1 -1
- data/lib/puppet/util/rubygems.rb +1 -13
- data/lib/puppet/util/run_mode.rb +1 -1
- data/lib/puppet/util/selinux.rb +3 -9
- data/lib/puppet/util/ssl.rb +40 -1
- data/lib/puppet/util/storage.rb +1 -13
- data/lib/puppet/util/suidmanager.rb +7 -5
- data/lib/puppet/util/tag_set.rb +1 -1
- data/lib/puppet/util/tagging.rb +1 -1
- data/lib/puppet/util/windows.rb +15 -0
- data/lib/puppet/util/windows/adsi.rb +7 -116
- data/lib/puppet/util/windows/api_types.rb +33 -46
- data/lib/puppet/util/windows/eventlog.rb +6 -1
- data/lib/puppet/util/windows/principal.rb +6 -8
- data/lib/puppet/util/windows/process.rb +3 -94
- data/lib/puppet/util/windows/registry.rb +14 -46
- data/lib/puppet/util/windows/security.rb +2 -40
- data/lib/puppet/util/windows/service.rb +72 -431
- data/lib/puppet/util/windows/sid.rb +3 -4
- data/lib/puppet/util/windows/user.rb +9 -17
- data/lib/puppet/util/yaml.rb +41 -5
- data/lib/puppet/vendor.rb +1 -1
- data/lib/puppet/version.rb +1 -1
- data/lib/puppet_pal.rb +246 -23
- data/locales/ja/puppet.po +11128 -0
- data/locales/puppet.pot +1321 -2527
- data/man/man5/puppet.conf.5 +31 -191
- data/man/man8/puppet-agent.8 +2 -2
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +3 -3
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +19 -23
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +1 -1
- data/man/man8/puppet-filebucket.8 +2 -21
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-key.8 +1 -7
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-man.8 +1 -1
- data/man/man8/puppet-module.8 +10 -100
- data/man/man8/puppet-node.8 +4 -7
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +28 -0
- data/man/man8/puppet-status.8 +1 -1
- data/man/man8/puppet.8 +12 -3
- data/spec/fixtures/unit/functions/hiera/hiera/backend/hieraspec_backend.rb +22 -0
- data/spec/fixtures/unit/functions/lookup/hiera/backend/custom_backend.rb +18 -0
- data/spec/fixtures/unit/functions/lookup/hiera/backend/other_backend.rb +7 -0
- data/spec/fixtures/unit/pops/loaders/loaders/dependent_modules_with_metadata/modules/user/manifests/init.pp +6 -6
- data/spec/fixtures/unit/provider/package/pkgng/pkg.info +0 -1
- data/spec/fixtures/unit/provider/package/pkgng/pkg.version +0 -2
- data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services +0 -9
- data/spec/integration/agent/logging_spec.rb +9 -7
- data/spec/integration/application/apply_spec.rb +31 -26
- data/spec/integration/application/doc_spec.rb +2 -1
- data/spec/integration/application/lookup_spec.rb +5 -5
- data/spec/integration/configurer_spec.rb +8 -76
- data/spec/integration/data_binding_spec.rb +1 -1
- data/spec/integration/defaults_spec.rb +13 -16
- data/spec/integration/directory_environments_spec.rb +1 -1
- data/spec/integration/faces/config_spec.rb +4 -3
- data/spec/integration/faces/documentation_spec.rb +1 -0
- data/spec/integration/faces/plugin_spec.rb +49 -29
- data/spec/integration/file_bucket/file_spec.rb +4 -19
- data/spec/integration/file_serving/content_spec.rb +1 -0
- data/spec/integration/file_serving/fileset_spec.rb +1 -0
- data/spec/integration/file_serving/metadata_spec.rb +1 -0
- data/spec/integration/file_serving/terminus_helper_spec.rb +1 -0
- data/spec/integration/file_system/uniquefile_spec.rb +26 -29
- data/spec/integration/indirector/catalog/compiler_spec.rb +11 -10
- data/spec/integration/indirector/direct_file_server_spec.rb +1 -1
- data/spec/integration/indirector/facts/facter_spec.rb +8 -22
- data/spec/integration/indirector/file_content/file_server_spec.rb +8 -7
- data/spec/integration/indirector/file_metadata/file_server_spec.rb +8 -7
- data/spec/integration/network/authconfig_spec.rb +24 -23
- data/spec/integration/network/formats_spec.rb +1 -0
- data/spec/integration/network/http/api/indirected_routes_spec.rb +6 -34
- data/spec/integration/node/environment_spec.rb +2 -1
- data/spec/integration/node/facts_spec.rb +10 -9
- data/spec/integration/node_spec.rb +7 -10
- data/spec/integration/parser/catalog_spec.rb +8 -6
- data/spec/integration/parser/collection_spec.rb +9 -4
- data/spec/integration/parser/compiler_spec.rb +7 -25
- data/spec/integration/parser/scope_spec.rb +1 -1
- data/spec/integration/parser/undef_param_spec.rb +1 -1
- data/spec/integration/provider/service/init_spec.rb +9 -6
- data/spec/integration/provider/service/systemd_spec.rb +14 -11
- data/spec/integration/provider/service/windows_spec.rb +11 -8
- data/spec/integration/reference/providers_spec.rb +7 -0
- data/spec/integration/reports_spec.rb +2 -1
- data/spec/integration/resource/catalog_spec.rb +17 -14
- data/spec/integration/resource/type_collection_spec.rb +5 -4
- data/spec/integration/ssl/certificate_request_spec.rb +1 -2
- data/spec/integration/ssl/host_spec.rb +17 -24
- data/spec/integration/ssl/key_spec.rb +7 -2
- data/spec/integration/test/test_helper_spec.rb +32 -0
- data/spec/integration/transaction/report_spec.rb +14 -9
- data/spec/integration/type/exec_spec.rb +2 -1
- data/spec/integration/type/file_spec.rb +38 -46
- data/spec/integration/type/package_spec.rb +25 -21
- data/spec/integration/type/tidy_spec.rb +2 -1
- data/spec/integration/type_spec.rb +1 -0
- data/spec/integration/util/autoload_spec.rb +11 -7
- data/spec/integration/util/execution_spec.rb +5 -32
- data/spec/integration/util/rdoc/parser_spec.rb +14 -23
- data/spec/integration/util/settings_spec.rb +2 -1
- data/spec/integration/util/windows/adsi_spec.rb +8 -11
- data/spec/integration/util/windows/principal_spec.rb +2 -1
- data/spec/integration/util/windows/process_spec.rb +9 -7
- data/spec/integration/util/windows/registry_spec.rb +46 -127
- data/spec/integration/util/windows/security_spec.rb +15 -16
- data/spec/integration/util/windows/user_spec.rb +29 -66
- data/spec/integration/util_spec.rb +10 -7
- data/spec/lib/matchers/json.rb +12 -18
- data/{lib/puppet/ssl → spec/lib/puppet}/certificate_factory.rb +5 -6
- data/spec/lib/puppet/test_ca.rb +109 -0
- data/spec/lib/puppet_spec/compiler.rb +28 -1
- data/spec/lib/puppet_spec/files.rb +29 -23
- data/spec/lib/puppet_spec/module_tool/shared_functions.rb +1 -1
- data/spec/lib/puppet_spec/modules.rb +11 -1
- data/spec/lib/puppet_spec/scope.rb +2 -1
- data/spec/lib/puppet_spec/ssl.rb +265 -0
- data/spec/lib/puppet_spec/validators.rb +37 -0
- data/spec/shared_behaviours/all_parsedfile_providers.rb +1 -1
- data/spec/shared_behaviours/file_server_terminus.rb +9 -8
- data/spec/shared_behaviours/file_serving.rb +8 -6
- data/spec/shared_behaviours/file_serving_model.rb +5 -22
- data/spec/shared_behaviours/hiera_indirections.rb +4 -3
- data/spec/shared_behaviours/iterative_functions.rb +1 -0
- data/spec/shared_behaviours/memory_terminus.rb +2 -2
- data/spec/shared_behaviours/path_parameters.rb +1 -1
- data/spec/shared_contexts/types_setup.rb +0 -2
- data/spec/shared_examples/rhel_package_provider.rb +70 -112
- data/spec/spec_helper.rb +1 -15
- data/spec/unit/agent/disabler_spec.rb +5 -4
- data/spec/unit/agent/locker_spec.rb +13 -12
- data/spec/unit/agent_spec.rb +102 -105
- data/spec/unit/application/agent_spec.rb +95 -114
- data/spec/unit/application/apply_spec.rb +92 -119
- data/spec/unit/application/config_spec.rb +1 -0
- data/spec/unit/application/describe_spec.rb +7 -6
- data/spec/unit/application/device_spec.rb +180 -181
- data/spec/unit/application/doc_spec.rb +46 -44
- data/spec/unit/application/face_base_spec.rb +62 -61
- data/spec/unit/application/facts_spec.rb +4 -3
- data/spec/unit/application/filebucket_spec.rb +74 -66
- data/spec/unit/application/indirection_base_spec.rb +6 -8
- data/spec/unit/application/lookup_spec.rb +44 -37
- data/spec/unit/application/resource_spec.rb +48 -42
- data/spec/unit/application/ssl_spec.rb +322 -0
- data/spec/unit/application_spec.rb +108 -90
- data/spec/unit/capability_spec.rb +15 -16
- data/spec/unit/{ssl/certificate_factory_spec.rb → certificate_factory_spec.rb} +13 -20
- data/spec/unit/configurer/downloader_spec.rb +22 -31
- data/spec/unit/configurer/fact_handler_spec.rb +7 -2
- data/spec/unit/configurer/plugin_handler_spec.rb +8 -41
- data/spec/unit/configurer_spec.rb +475 -520
- data/spec/unit/confine/exists_spec.rb +15 -17
- data/spec/unit/confine/false_spec.rb +6 -32
- data/spec/unit/confine/feature_spec.rb +5 -7
- data/spec/unit/confine/true_spec.rb +6 -32
- data/spec/unit/confine/variable_spec.rb +15 -14
- data/spec/unit/confine_collection_spec.rb +29 -28
- data/spec/unit/confine_spec.rb +14 -13
- data/spec/unit/confiner_spec.rb +11 -10
- data/spec/unit/context/trusted_information_spec.rb +4 -3
- data/spec/unit/daemon_spec.rb +38 -35
- data/spec/unit/data_providers/function_data_provider_spec.rb +1 -0
- data/spec/unit/data_providers/hiera_data_provider_spec.rb +1 -0
- data/spec/unit/datatypes_spec.rb +4 -3
- data/spec/unit/defaults_spec.rb +61 -32
- data/spec/unit/environments_spec.rb +7 -7
- data/spec/unit/etc_spec.rb +29 -52
- data/spec/unit/external/pson_spec.rb +1 -0
- data/spec/unit/face/catalog_spec.rb +1 -0
- data/spec/unit/face/config_spec.rb +35 -31
- data/spec/unit/face/epp_face_spec.rb +4 -3
- data/spec/unit/face/facts_spec.rb +6 -14
- data/spec/unit/face/generate_spec.rb +5 -4
- data/spec/unit/face/help_spec.rb +8 -7
- data/spec/unit/face/key_spec.rb +1 -0
- data/spec/unit/face/man_spec.rb +2 -1
- data/spec/unit/face/module/install_spec.rb +5 -3
- data/spec/unit/face/module/list_spec.rb +12 -62
- data/spec/unit/face/module/search_spec.rb +9 -11
- data/spec/unit/face/module/uninstall_spec.rb +8 -4
- data/spec/unit/face/node_spec.rb +30 -52
- data/spec/unit/face/parser_spec.rb +3 -3
- data/spec/unit/face/plugin_spec.rb +9 -44
- data/spec/unit/face/status_spec.rb +1 -0
- data/spec/unit/file_bucket/dipper_spec.rb +24 -28
- data/spec/unit/file_bucket/file_spec.rb +2 -0
- data/spec/unit/file_serving/base_spec.rb +18 -20
- data/spec/unit/file_serving/configuration/parser_spec.rb +28 -27
- data/spec/unit/file_serving/configuration_spec.rb +66 -63
- data/spec/unit/file_serving/content_spec.rb +11 -10
- data/spec/unit/file_serving/fileset_spec.rb +58 -63
- data/spec/unit/file_serving/http_metadata_spec.rb +7 -8
- data/spec/unit/file_serving/metadata_spec.rb +40 -40
- data/spec/unit/file_serving/mount/file_spec.rb +32 -31
- data/spec/unit/file_serving/mount/locales_spec.rb +26 -25
- data/spec/unit/file_serving/mount/modules_spec.rb +15 -14
- data/spec/unit/file_serving/mount/pluginfacts_spec.rb +26 -25
- data/spec/unit/file_serving/mount/plugins_spec.rb +26 -25
- data/spec/unit/file_serving/mount/tasks_spec.rb +15 -14
- data/spec/unit/file_serving/mount_spec.rb +1 -0
- data/spec/unit/file_serving/terminus_helper_spec.rb +42 -37
- data/spec/unit/file_serving/terminus_selector_spec.rb +13 -12
- data/spec/unit/file_system/path_pattern_spec.rb +1 -1
- data/spec/unit/file_system/uniquefile_spec.rb +6 -17
- data/spec/unit/file_system_spec.rb +9 -6
- data/spec/unit/forge/errors_spec.rb +1 -1
- data/spec/unit/forge/forge_spec.rb +16 -15
- data/spec/unit/forge/module_release_spec.rb +18 -18
- data/spec/unit/forge/repository_spec.rb +30 -27
- data/spec/unit/forge_spec.rb +11 -15
- data/spec/unit/functions/abs_spec.rb +70 -0
- data/spec/unit/functions/binary_file_spec.rb +3 -3
- data/spec/unit/functions/call_spec.rb +59 -5
- data/spec/unit/functions/camelcase_spec.rb +34 -0
- data/spec/unit/functions/capitalize_spec.rb +34 -0
- data/spec/unit/functions/ceiling_spec.rb +65 -0
- data/spec/unit/functions/chomp_spec.rb +46 -0
- data/spec/unit/functions/chop_spec.rb +38 -0
- data/spec/unit/functions/compare_spec.rb +147 -0
- data/spec/unit/functions/contain_spec.rb +2 -0
- data/spec/unit/functions/convert_to_spec.rb +3 -0
- data/spec/unit/functions/defined_spec.rb +1 -0
- data/spec/unit/functions/downcase_spec.rb +34 -0
- data/spec/unit/functions/epp_spec.rb +2 -2
- data/spec/unit/functions/filter_spec.rb +4 -4
- data/spec/unit/functions/find_file_spec.rb +7 -7
- data/spec/unit/functions/floor_spec.rb +65 -0
- data/spec/unit/functions/get_spec.rb +135 -0
- data/spec/unit/functions/getvar_spec.rb +121 -0
- data/spec/unit/functions/hiera_spec.rb +14 -48
- data/spec/unit/functions/include_spec.rb +4 -0
- data/spec/unit/functions/lookup_fixture_spec.rb +1 -0
- data/spec/unit/functions/lookup_spec.rb +37 -62
- data/spec/unit/functions/lstrip_spec.rb +30 -0
- data/spec/unit/functions/match_spec.rb +3 -4
- data/spec/unit/functions/max_spec.rb +129 -0
- data/spec/unit/functions/min_spec.rb +129 -0
- data/spec/unit/functions/module_directory_spec.rb +12 -12
- data/spec/unit/functions/new_spec.rb +0 -15
- data/spec/unit/functions/regsubst_spec.rb +3 -4
- data/spec/unit/functions/require_spec.rb +3 -0
- data/spec/unit/functions/round_spec.rb +41 -0
- data/spec/unit/functions/rstrip_spec.rb +30 -0
- data/spec/unit/functions/shared.rb +8 -5
- data/spec/unit/functions/size_spec.rb +50 -0
- data/spec/unit/functions/sort_spec.rb +79 -0
- data/spec/unit/functions/split_spec.rb +3 -4
- data/spec/unit/functions/strip_spec.rb +30 -0
- data/spec/unit/functions/upcase_spec.rb +34 -0
- data/spec/unit/functions/versioncmp_spec.rb +4 -4
- data/spec/unit/functions4_spec.rb +78 -51
- data/spec/unit/gettext/config_spec.rb +4 -4
- data/spec/unit/gettext/module_loading_spec.rb +7 -7
- data/spec/unit/graph/rb_tree_map_spec.rb +2 -0
- data/spec/unit/graph/relationship_graph_spec.rb +2 -1
- data/spec/unit/graph/simple_graph_spec.rb +52 -11
- data/spec/unit/hiera/scope_spec.rb +0 -7
- data/spec/unit/hiera_puppet_spec.rb +20 -20
- data/spec/unit/indirector/catalog/compiler_spec.rb +166 -183
- data/spec/unit/indirector/catalog/json_spec.rb +2 -1
- data/spec/unit/indirector/catalog/msgpack_spec.rb +1 -0
- data/spec/unit/indirector/catalog/rest_spec.rb +1 -0
- data/spec/unit/indirector/catalog/store_configs_spec.rb +1 -0
- data/spec/unit/indirector/catalog/yaml_spec.rb +1 -0
- data/spec/unit/indirector/certificate/file_spec.rb +1 -8
- data/spec/unit/indirector/certificate/rest_spec.rb +10 -8
- data/spec/unit/indirector/certificate_request/file_spec.rb +1 -0
- data/spec/unit/indirector/certificate_request/rest_spec.rb +1 -0
- data/spec/unit/indirector/direct_file_server_spec.rb +49 -57
- data/spec/unit/indirector/envelope_spec.rb +2 -1
- data/spec/unit/indirector/exec_spec.rb +31 -26
- data/spec/unit/indirector/face_spec.rb +9 -9
- data/spec/unit/indirector/facts/facter_spec.rb +43 -37
- data/spec/unit/indirector/facts/network_device_spec.rb +9 -8
- data/spec/unit/indirector/facts/rest_spec.rb +8 -7
- data/spec/unit/indirector/facts/store_configs_spec.rb +1 -0
- data/spec/unit/indirector/facts/yaml_spec.rb +90 -77
- data/spec/unit/indirector/file_bucket_file/file_spec.rb +13 -9
- data/spec/unit/indirector/file_bucket_file/rest_spec.rb +1 -0
- data/spec/unit/indirector/file_bucket_file/selector_spec.rb +5 -4
- data/spec/unit/indirector/file_content/file_server_spec.rb +1 -0
- data/spec/unit/indirector/file_content/file_spec.rb +1 -0
- data/spec/unit/indirector/file_content/rest_spec.rb +1 -0
- data/spec/unit/indirector/file_content/selector_spec.rb +1 -0
- data/spec/unit/indirector/file_metadata/file_server_spec.rb +1 -0
- data/spec/unit/indirector/file_metadata/file_spec.rb +13 -12
- data/spec/unit/indirector/file_metadata/rest_spec.rb +1 -0
- data/spec/unit/indirector/file_metadata/selector_spec.rb +1 -0
- data/spec/unit/indirector/file_server_spec.rb +145 -145
- data/spec/unit/indirector/indirection_spec.rb +226 -249
- data/spec/unit/indirector/json_spec.rb +9 -7
- data/spec/unit/indirector/key/file_spec.rb +22 -38
- data/spec/unit/indirector/memory_spec.rb +7 -6
- data/spec/unit/indirector/msgpack_spec.rb +9 -7
- data/spec/unit/indirector/node/exec_spec.rb +43 -22
- data/spec/unit/indirector/node/memory_spec.rb +4 -2
- data/spec/unit/indirector/node/msgpack_spec.rb +1 -0
- data/spec/unit/indirector/node/plain_spec.rb +4 -2
- data/spec/unit/indirector/node/rest_spec.rb +1 -0
- data/spec/unit/indirector/node/store_configs_spec.rb +1 -0
- data/spec/unit/indirector/node/yaml_spec.rb +1 -0
- data/spec/unit/indirector/none_spec.rb +5 -5
- data/spec/unit/indirector/plain_spec.rb +8 -7
- data/spec/unit/indirector/report/msgpack_spec.rb +1 -0
- data/spec/unit/indirector/report/processor_spec.rb +22 -21
- data/spec/unit/indirector/report/rest_spec.rb +12 -11
- data/spec/unit/indirector/report/yaml_spec.rb +1 -0
- data/spec/unit/indirector/request_spec.rb +18 -15
- data/spec/unit/indirector/resource/ral_spec.rb +55 -47
- data/spec/unit/indirector/resource/store_configs_spec.rb +1 -0
- data/spec/unit/indirector/rest_spec.rb +110 -113
- data/spec/unit/indirector/ssl_file_spec.rb +100 -119
- data/spec/unit/indirector/status/local_spec.rb +1 -0
- data/spec/unit/indirector/status/rest_spec.rb +1 -0
- data/spec/unit/indirector/store_configs_spec.rb +1 -0
- data/spec/unit/indirector/terminus_spec.rb +30 -32
- data/spec/unit/indirector/yaml_spec.rb +90 -68
- data/spec/unit/indirector_spec.rb +2 -1
- data/spec/unit/info_service_spec.rb +144 -10
- data/spec/unit/interface/action_builder_spec.rb +1 -0
- data/spec/unit/interface/action_manager_spec.rb +1 -0
- data/spec/unit/interface/action_spec.rb +3 -2
- data/spec/unit/interface/documentation_spec.rb +1 -0
- data/spec/unit/interface/face_collection_spec.rb +12 -19
- data/spec/unit/interface_spec.rb +3 -3
- data/spec/unit/man_spec.rb +4 -3
- data/spec/unit/module_spec.rb +52 -102
- data/spec/unit/module_tool/applications/installer_spec.rb +13 -12
- data/spec/unit/module_tool/applications/searcher_spec.rb +3 -3
- data/spec/unit/module_tool/applications/uninstaller_spec.rb +2 -1
- data/spec/unit/module_tool/applications/unpacker_spec.rb +13 -13
- data/spec/unit/module_tool/applications/upgrader_spec.rb +6 -6
- data/spec/unit/module_tool/install_directory_spec.rb +8 -8
- data/spec/unit/module_tool/installed_modules_spec.rb +3 -3
- data/spec/unit/module_tool/tar/gnu_spec.rb +6 -6
- data/spec/unit/module_tool/tar/mini_spec.rb +12 -12
- data/spec/unit/module_tool/tar_spec.rb +13 -12
- data/spec/unit/module_tool_spec.rb +12 -29
- data/spec/unit/network/auth_config_parser_spec.rb +13 -11
- data/spec/unit/network/authconfig_spec.rb +18 -17
- data/spec/unit/network/authorization_spec.rb +5 -4
- data/spec/unit/network/authstore_spec.rb +1 -0
- data/spec/unit/network/format_handler_spec.rb +1 -0
- data/spec/unit/network/format_spec.rb +10 -9
- data/spec/unit/network/format_support_spec.rb +29 -28
- data/spec/unit/network/formats_spec.rb +31 -4
- data/spec/unit/network/http/api/indirected_routes_spec.rb +41 -51
- data/spec/unit/network/http/api/master/v3/authorization_spec.rb +7 -9
- data/spec/unit/network/http/api/master/v3/environment_spec.rb +1 -2
- data/spec/unit/network/http/api/master/v3/environments_spec.rb +7 -6
- data/spec/unit/network/http/api_spec.rb +2 -26
- data/spec/unit/network/http/compression_spec.rb +28 -24
- data/spec/unit/network/http/connection_spec.rb +122 -72
- data/spec/unit/network/http/factory_spec.rb +11 -40
- data/spec/unit/network/http/handler_spec.rb +18 -9
- data/spec/unit/network/http/nocache_pool_spec.rb +7 -6
- data/spec/unit/network/http/pool_spec.rb +29 -60
- data/spec/unit/network/http/request_spec.rb +2 -0
- data/spec/unit/network/http/response_spec.rb +13 -11
- data/spec/unit/network/http/route_spec.rb +1 -0
- data/spec/unit/network/http/session_spec.rb +2 -1
- data/spec/unit/network/http/site_spec.rb +1 -0
- data/spec/unit/network/http_pool_spec.rb +9 -18
- data/spec/unit/network/http_spec.rb +1 -0
- data/spec/unit/network/resolver_spec.rb +104 -28
- data/spec/unit/network/rights_spec.rb +53 -52
- data/spec/unit/node/environment_spec.rb +17 -18
- data/spec/unit/node/facts_spec.rb +21 -6
- data/spec/unit/node_spec.rb +23 -17
- data/spec/unit/other/selinux_spec.rb +1 -71
- data/spec/unit/parameter/boolean_spec.rb +2 -1
- data/spec/unit/parameter/package_options_spec.rb +2 -1
- data/spec/unit/parameter/path_spec.rb +1 -0
- data/spec/unit/parameter/value_collection_spec.rb +1 -0
- data/spec/unit/parameter/value_spec.rb +1 -0
- data/spec/unit/parameter_spec.rb +9 -9
- data/spec/unit/parser/ast/block_expression_spec.rb +8 -6
- data/spec/unit/parser/ast/leaf_spec.rb +21 -20
- data/spec/unit/parser/compiler_spec.rb +96 -84
- data/spec/unit/parser/environment_compiler_spec.rb +16 -23
- data/spec/unit/parser/files_spec.rb +1 -0
- data/spec/unit/parser/functions/create_resources_spec.rb +1 -1
- data/spec/unit/parser/functions/digest_spec.rb +1 -4
- data/spec/unit/parser/functions/fail_spec.rb +2 -5
- data/spec/unit/parser/functions/file_spec.rb +14 -17
- data/spec/unit/parser/functions/fqdn_rand_spec.rb +6 -5
- data/spec/unit/parser/functions/generate_spec.rb +37 -38
- data/spec/unit/parser/functions/inline_template_spec.rb +1 -4
- data/spec/unit/parser/functions/regsubst_spec.rb +1 -4
- data/spec/unit/parser/functions/scanf_spec.rb +1 -4
- data/spec/unit/parser/functions/shellquote_spec.rb +1 -0
- data/spec/unit/parser/functions/split_spec.rb +1 -4
- data/spec/unit/parser/functions/sprintf_spec.rb +1 -4
- data/spec/unit/parser/functions/tag_spec.rb +2 -5
- data/spec/unit/parser/functions/tagged_spec.rb +3 -6
- data/spec/unit/parser/functions/template_spec.rb +13 -17
- data/spec/unit/parser/functions/versioncmp_spec.rb +2 -5
- data/spec/unit/parser/functions_spec.rb +29 -3
- data/spec/unit/parser/relationship_spec.rb +1 -0
- data/spec/unit/parser/resource/param_spec.rb +1 -1
- data/spec/unit/parser/resource_spec.rb +42 -42
- data/spec/unit/parser/scope_spec.rb +35 -39
- data/spec/unit/parser/templatewrapper_spec.rb +12 -11
- data/spec/unit/parser/type_loader_spec.rb +19 -17
- data/spec/unit/pops/adaptable_spec.rb +1 -0
- data/spec/unit/pops/benchmark_spec.rb +1 -0
- data/spec/unit/pops/evaluator/access_ops_spec.rb +1 -0
- data/spec/unit/pops/evaluator/arithmetic_ops_spec.rb +11 -0
- data/spec/unit/pops/evaluator/basic_expressions_spec.rb +1 -0
- data/spec/unit/pops/evaluator/collections_ops_spec.rb +1 -0
- data/spec/unit/pops/evaluator/comparison_ops_spec.rb +1 -0
- data/spec/unit/pops/evaluator/conditionals_spec.rb +1 -0
- data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +78 -18
- data/spec/unit/pops/evaluator/logical_ops_spec.rb +1 -0
- data/spec/unit/pops/evaluator/runtime3_converter_spec.rb +5 -4
- data/spec/unit/pops/evaluator/string_interpolation_spec.rb +1 -0
- data/spec/unit/pops/evaluator/variables_spec.rb +1 -0
- data/spec/unit/pops/factory_spec.rb +4 -3
- data/spec/unit/pops/issues_spec.rb +20 -19
- data/spec/unit/pops/loaders/dependency_loader_spec.rb +2 -2
- data/spec/unit/pops/loaders/loader_spec.rb +12 -36
- data/spec/unit/pops/loaders/loaders_spec.rb +57 -54
- data/spec/unit/pops/loaders/module_loaders_spec.rb +35 -3
- data/spec/unit/pops/loaders/static_loader_spec.rb +0 -36
- data/spec/unit/pops/lookup/context_spec.rb +1 -0
- data/spec/unit/pops/lookup/interpolation_spec.rb +3 -2
- data/spec/unit/pops/merge_strategy_spec.rb +1 -0
- data/spec/unit/pops/migration_spec.rb +5 -3
- data/spec/unit/pops/model/model_spec.rb +1 -0
- data/spec/unit/pops/model/pn_transformer_spec.rb +1 -0
- data/spec/unit/pops/parser/lexer2_spec.rb +60 -21
- data/spec/unit/pops/parser/locator_spec.rb +6 -48
- data/spec/unit/pops/parser/parse_application_spec.rb +1 -0
- data/spec/unit/pops/parser/parse_basic_expressions_spec.rb +1 -0
- data/spec/unit/pops/parser/parse_calls_spec.rb +1 -0
- data/spec/unit/pops/parser/parse_capabilities_spec.rb +1 -0
- data/spec/unit/pops/parser/parse_conditionals_spec.rb +1 -0
- data/spec/unit/pops/parser/parse_containers_spec.rb +1 -0
- data/spec/unit/pops/parser/parse_heredoc_spec.rb +12 -124
- data/spec/unit/pops/parser/parse_plan_spec.rb +1 -0
- data/spec/unit/pops/parser/parse_resource_spec.rb +1 -0
- data/spec/unit/pops/parser/parse_site_spec.rb +1 -0
- data/spec/unit/pops/parser/pn_parser_spec.rb +1 -0
- data/spec/unit/pops/pn_spec.rb +1 -0
- data/spec/unit/pops/resource/resource_type_impl_spec.rb +1 -0
- data/spec/unit/pops/serialization/serialization_spec.rb +7 -5
- data/spec/unit/pops/serialization/to_from_hr_spec.rb +29 -4
- data/spec/unit/pops/serialization/to_stringified_spec.rb +157 -0
- data/spec/unit/pops/types/deferred_spec.rb +87 -0
- data/spec/unit/pops/types/p_object_type_spec.rb +20 -0
- data/spec/unit/pops/types/p_timespan_type_spec.rb +0 -22
- data/spec/unit/pops/types/p_timestamp_type_spec.rb +0 -19
- data/spec/unit/pops/types/recursion_guard_spec.rb +10 -10
- data/spec/unit/pops/types/ruby_generator_spec.rb +2 -2
- data/spec/unit/pops/types/string_converter_spec.rb +11 -22
- data/spec/unit/pops/types/task_spec.rb +148 -16
- data/spec/unit/pops/types/type_asserter_spec.rb +2 -2
- data/spec/unit/pops/types/type_calculator_spec.rb +36 -36
- data/spec/unit/pops/types/type_mismatch_describer_spec.rb +0 -9
- data/spec/unit/pops/types/type_parser_spec.rb +13 -13
- data/spec/unit/pops/types/types_spec.rb +12 -6
- data/spec/unit/pops/validator/validator_spec.rb +162 -82
- data/spec/unit/pops/visitor_spec.rb +1 -0
- data/spec/unit/property/boolean_spec.rb +1 -1
- data/spec/unit/property/ensure_spec.rb +1 -0
- data/spec/unit/property/keyvalue_spec.rb +34 -32
- data/spec/unit/property/list_spec.rb +27 -26
- data/spec/unit/property/ordered_list_spec.rb +14 -10
- data/spec/unit/property_spec.rb +53 -43
- data/spec/unit/provider/aix_object_spec.rb +45 -47
- data/spec/unit/provider/command_spec.rb +9 -9
- data/spec/unit/provider/exec/posix_spec.rb +9 -8
- data/spec/unit/provider/exec/shell_spec.rb +3 -1
- data/spec/unit/provider/exec/windows_spec.rb +6 -4
- data/spec/unit/provider/exec_spec.rb +1 -209
- data/spec/unit/provider/file/posix_spec.rb +24 -22
- data/spec/unit/provider/file/windows_spec.rb +19 -17
- data/spec/unit/provider/group/aix_spec.rb +7 -22
- data/spec/unit/provider/group/groupadd_spec.rb +27 -60
- data/spec/unit/provider/group/ldap_spec.rb +36 -33
- data/spec/unit/provider/group/pw_spec.rb +18 -15
- data/spec/unit/provider/group/windows_adsi_spec.rb +80 -128
- data/spec/unit/provider/ldap_spec.rb +62 -61
- data/spec/unit/provider/nameservice/directoryservice_spec.rb +109 -102
- data/spec/unit/provider/nameservice_spec.rb +41 -39
- data/spec/unit/provider/package/aix_spec.rb +22 -48
- data/spec/unit/provider/package/appdmg_spec.rb +13 -13
- data/spec/unit/provider/package/apt_spec.rb +35 -60
- data/spec/unit/provider/package/aptitude_spec.rb +7 -7
- data/spec/unit/provider/package/aptrpm_spec.rb +13 -8
- data/spec/unit/provider/package/base_spec.rb +4 -4
- data/spec/unit/provider/package/dnf_spec.rb +23 -34
- data/spec/unit/provider/package/dpkg_spec.rb +72 -114
- data/spec/unit/provider/package/freebsd_spec.rb +18 -15
- data/spec/unit/provider/package/gem_spec.rb +86 -163
- data/spec/unit/provider/package/hpux_spec.rb +18 -15
- data/spec/unit/provider/package/macports_spec.rb +54 -56
- data/spec/unit/provider/package/nim_spec.rb +49 -33
- data/spec/unit/provider/package/openbsd_spec.rb +49 -60
- data/spec/unit/provider/package/opkg_spec.rb +26 -23
- data/spec/unit/provider/package/pacman_spec.rb +118 -97
- data/spec/unit/provider/package/pip3_spec.rb +6 -20
- data/spec/unit/provider/package/pip_spec.rb +129 -185
- data/spec/unit/provider/package/pkg_spec.rb +119 -129
- data/spec/unit/provider/package/pkgdmg_spec.rb +63 -65
- data/spec/unit/provider/package/pkgin_spec.rb +23 -20
- data/spec/unit/provider/package/pkgng_spec.rb +35 -67
- data/spec/unit/provider/package/pkgutil_spec.rb +49 -45
- data/spec/unit/provider/package/portage_spec.rb +76 -72
- data/spec/unit/provider/package/puppet_gem_spec.rb +21 -45
- data/spec/unit/provider/package/rpm_spec.rb +79 -291
- data/spec/unit/provider/package/sun_spec.rb +18 -16
- data/spec/unit/provider/package/tdnf_spec.rb +12 -9
- data/spec/unit/provider/package/up2date_spec.rb +4 -2
- data/spec/unit/provider/package/urpmi_spec.rb +17 -15
- data/spec/unit/provider/package/windows/exe_package_spec.rb +18 -15
- data/spec/unit/provider/package/windows/msi_package_spec.rb +23 -20
- data/spec/unit/provider/package/windows/package_spec.rb +43 -38
- data/spec/unit/provider/package/windows_spec.rb +36 -51
- data/spec/unit/provider/package/yum_spec.rb +24 -128
- data/spec/unit/provider/package/zypper_spec.rb +106 -117
- data/spec/unit/provider/parsedfile_spec.rb +45 -44
- data/spec/unit/provider/service/base_spec.rb +6 -5
- data/spec/unit/provider/service/bsd_spec.rb +54 -47
- data/spec/unit/provider/service/daemontools_spec.rb +53 -70
- data/spec/unit/provider/service/debian_spec.rb +58 -46
- data/spec/unit/provider/service/freebsd_spec.rb +23 -20
- data/spec/unit/provider/service/gentoo_spec.rb +81 -74
- data/spec/unit/provider/service/init_spec.rb +66 -65
- data/spec/unit/provider/service/launchd_spec.rb +114 -181
- data/spec/unit/provider/service/openbsd_spec.rb +94 -87
- data/spec/unit/provider/service/openrc_spec.rb +74 -70
- data/spec/unit/provider/service/openwrt_spec.rb +38 -30
- data/spec/unit/provider/service/rcng_spec.rb +24 -19
- data/spec/unit/provider/service/redhat_spec.rb +60 -60
- data/spec/unit/provider/service/runit_spec.rb +44 -61
- data/spec/unit/provider/service/smf_spec.rb +74 -143
- data/spec/unit/provider/service/src_spec.rb +69 -60
- data/spec/unit/provider/service/systemd_spec.rb +160 -222
- data/spec/unit/provider/service/upstart_spec.rb +99 -83
- data/spec/unit/provider/service/windows_spec.rb +42 -84
- data/spec/unit/provider/user/aix_spec.rb +24 -65
- data/spec/unit/provider/user/directoryservice_spec.rb +114 -187
- data/spec/unit/provider/user/hpux_spec.rb +21 -17
- data/spec/unit/provider/user/ldap_spec.rb +83 -80
- data/spec/unit/provider/user/openbsd_spec.rb +12 -11
- data/spec/unit/provider/user/pw_spec.rb +44 -80
- data/spec/unit/provider/user/user_role_add_spec.rb +94 -94
- data/spec/unit/provider/user/useradd_spec.rb +100 -208
- data/spec/unit/provider/user/windows_adsi_spec.rb +63 -62
- data/spec/unit/provider_spec.rb +189 -41
- data/spec/unit/puppet_pal_2pec.rb +26 -12
- data/spec/unit/puppet_pal_catalog_spec.rb +801 -0
- data/spec/unit/puppet_pal_spec.rb +2 -8
- data/spec/unit/puppet_spec.rb +7 -27
- data/spec/unit/relationship_spec.rb +1 -0
- data/spec/unit/reports/http_spec.rb +23 -21
- data/spec/unit/reports/store_spec.rb +4 -3
- data/spec/unit/reports_spec.rb +14 -12
- data/spec/unit/resource/capability_finder_spec.rb +26 -29
- data/spec/unit/resource/catalog_spec.rb +77 -81
- data/spec/unit/resource/status_spec.rb +8 -6
- data/spec/unit/resource/type_collection_spec.rb +18 -17
- data/spec/unit/resource/type_spec.rb +35 -34
- data/spec/unit/resource_spec.rb +79 -67
- data/spec/unit/rest/client_spec.rb +135 -0
- data/spec/unit/rest/route_spec.rb +132 -0
- data/spec/unit/scheduler/job_spec.rb +1 -0
- data/spec/unit/scheduler/scheduler_spec.rb +1 -0
- data/spec/unit/scheduler/splay_job_spec.rb +2 -1
- data/spec/unit/settings/array_setting_spec.rb +1 -1
- data/spec/unit/settings/autosign_setting_spec.rb +9 -9
- data/spec/unit/settings/certificate_revocation_setting_spec.rb +1 -1
- data/spec/unit/settings/config_file_spec.rb +10 -0
- data/spec/unit/settings/directory_setting_spec.rb +7 -2
- data/spec/unit/settings/duration_setting_spec.rb +2 -1
- data/spec/unit/settings/enum_setting_spec.rb +1 -1
- data/spec/unit/settings/environment_conf_spec.rb +6 -4
- data/spec/unit/settings/file_setting_spec.rb +50 -46
- data/spec/unit/settings/ini_file_spec.rb +2 -4
- data/spec/unit/settings/path_setting_spec.rb +3 -2
- data/spec/unit/settings/priority_setting_spec.rb +2 -1
- data/spec/unit/settings/string_setting_spec.rb +15 -14
- data/spec/unit/settings/terminus_setting_spec.rb +2 -1
- data/spec/unit/settings/value_translator_spec.rb +1 -0
- data/spec/unit/settings_spec.rb +226 -253
- data/spec/unit/ssl/base_spec.rb +15 -14
- data/spec/unit/ssl/certificate_request_attributes_spec.rb +22 -8
- data/spec/unit/ssl/certificate_request_spec.rb +63 -92
- data/spec/unit/ssl/certificate_spec.rb +29 -37
- data/spec/unit/ssl/digest_spec.rb +1 -0
- data/spec/unit/ssl/host_spec.rb +305 -685
- data/spec/unit/ssl/key_spec.rb +34 -46
- data/spec/unit/ssl/validator_spec.rb +70 -203
- data/spec/unit/task_spec.rb +172 -26
- data/spec/unit/transaction/additional_resource_generator_spec.rb +68 -67
- data/spec/unit/transaction/event_manager_spec.rb +84 -95
- data/spec/unit/transaction/event_spec.rb +15 -16
- data/spec/unit/transaction/persistence_spec.rb +18 -17
- data/spec/unit/transaction/report_spec.rb +24 -18
- data/spec/unit/transaction/resource_harness_spec.rb +33 -72
- data/spec/unit/transaction_spec.rb +106 -176
- data/spec/unit/type/component_spec.rb +1 -0
- data/spec/unit/type/exec_spec.rb +66 -120
- data/spec/unit/type/file/checksum_spec.rb +11 -10
- data/spec/unit/type/file/checksum_value_spec.rb +32 -31
- data/spec/unit/type/file/content_spec.rb +62 -65
- data/spec/unit/type/file/ctime_spec.rb +1 -0
- data/spec/unit/type/file/ensure_spec.rb +13 -12
- data/spec/unit/type/file/group_spec.rb +7 -5
- data/spec/unit/type/file/mode_spec.rb +6 -4
- data/spec/unit/type/file/mtime_spec.rb +1 -0
- data/spec/unit/type/file/owner_spec.rb +8 -6
- data/spec/unit/type/file/selinux_spec.rb +19 -17
- data/spec/unit/type/file/source_spec.rb +110 -113
- data/spec/unit/type/file/type_spec.rb +1 -0
- data/spec/unit/type/file_spec.rb +190 -204
- data/spec/unit/type/filebucket_spec.rb +10 -11
- data/spec/unit/type/group_spec.rb +9 -15
- data/spec/unit/type/noop_metaparam_spec.rb +2 -1
- data/spec/unit/type/package/package_settings_spec.rb +23 -44
- data/spec/unit/type/package_spec.rb +64 -61
- data/spec/unit/type/resources_spec.rb +101 -103
- data/spec/unit/type/schedule_spec.rb +28 -28
- data/spec/unit/type/service_spec.rb +85 -76
- data/spec/unit/type/stage_spec.rb +1 -0
- data/spec/unit/type/tidy_spec.rb +63 -62
- data/spec/unit/type/user_spec.rb +26 -147
- data/spec/unit/type/whit_spec.rb +1 -0
- data/spec/unit/type_spec.rb +164 -125
- data/spec/unit/util/at_fork_spec.rb +19 -18
- data/spec/unit/util/autoload_spec.rb +122 -93
- data/spec/unit/util/backups_spec.rb +35 -34
- data/spec/unit/util/character_encoding_spec.rb +5 -48
- data/spec/unit/util/checksums_spec.rb +39 -38
- data/spec/unit/util/colors_spec.rb +2 -1
- data/spec/unit/util/command_line_spec.rb +20 -40
- data/spec/unit/util/constant_inflector_spec.rb +1 -0
- data/spec/unit/util/diff_spec.rb +8 -7
- data/spec/unit/util/errors_spec.rb +1 -0
- data/spec/unit/util/execution_spec.rb +167 -285
- data/spec/unit/util/execution_stub_spec.rb +3 -2
- data/spec/unit/util/feature_spec.rb +46 -28
- data/spec/unit/util/filetype_spec.rb +53 -61
- data/spec/unit/util/http_proxy_spec.rb +13 -133
- data/spec/unit/util/inifile_spec.rb +31 -26
- data/spec/unit/util/json_lockfile_spec.rb +5 -3
- data/spec/unit/util/ldap/connection_spec.rb +25 -26
- data/spec/unit/util/ldap/generator_spec.rb +1 -0
- data/spec/unit/util/ldap/manager_spec.rb +102 -118
- data/spec/unit/util/lockfile_spec.rb +2 -1
- data/spec/unit/util/log/destinations_spec.rb +40 -23
- data/spec/unit/util/log_spec.rb +146 -48
- data/spec/unit/util/logging_spec.rb +114 -252
- data/spec/unit/util/metric_spec.rb +1 -0
- data/spec/unit/util/monkey_patches_spec.rb +12 -24
- data/spec/unit/util/multi_match_spec.rb +1 -0
- data/spec/unit/util/network_device/config_spec.rb +1 -0
- data/spec/unit/util/network_device/transport/base_spec.rb +6 -5
- data/spec/unit/util/network_device_spec.rb +9 -7
- data/spec/unit/util/package_spec.rb +1 -0
- data/spec/unit/util/pidlock_spec.rb +14 -86
- data/spec/unit/util/plist_spec.rb +33 -60
- data/spec/unit/util/posix_spec.rb +47 -78
- data/spec/unit/util/profiler/object_counts_spec.rb +2 -1
- data/spec/unit/util/rdoc_spec.rb +10 -9
- data/spec/unit/util/reference_spec.rb +1 -0
- data/spec/unit/util/resource_template_spec.rb +20 -20
- data/spec/unit/util/retry_action_spec.rb +8 -7
- data/spec/unit/util/rubygems_spec.rb +7 -41
- data/spec/unit/util/run_mode_spec.rb +11 -10
- data/spec/unit/util/selinux_spec.rb +73 -84
- data/spec/unit/util/splayer_spec.rb +9 -8
- data/spec/unit/util/ssl_spec.rb +1 -0
- data/spec/unit/util/storage_spec.rb +17 -111
- data/spec/unit/util/suidmanager_spec.rb +58 -47
- data/spec/unit/util/symbolic_file_mode_spec.rb +1 -0
- data/spec/unit/util/tag_set_spec.rb +9 -1
- data/spec/unit/util/tagging_spec.rb +12 -0
- data/spec/unit/util/terminal_spec.rb +10 -9
- data/spec/unit/util/user_attr_spec.rb +2 -1
- data/spec/unit/util/warnings_spec.rb +4 -3
- data/spec/unit/util/watcher/periodic_watcher_spec.rb +2 -2
- data/spec/unit/util/watcher_spec.rb +21 -51
- data/spec/unit/util/windows/access_control_entry_spec.rb +2 -1
- data/spec/unit/util/windows/access_control_list_spec.rb +2 -1
- data/spec/unit/util/windows/adsi_spec.rb +134 -278
- data/spec/unit/util/windows/api_types_spec.rb +42 -105
- data/spec/unit/util/windows/eventlog_spec.rb +13 -10
- data/spec/unit/util/windows/file_spec.rb +1 -0
- data/spec/unit/util/windows/root_certs_spec.rb +1 -0
- data/spec/unit/util/windows/security_descriptor_spec.rb +3 -1
- data/spec/unit/util/windows/service_spec.rb +180 -432
- data/spec/unit/util/windows/sid_spec.rb +17 -15
- data/spec/unit/util/windows/string_spec.rb +2 -1
- data/spec/unit/util/yaml_spec.rb +162 -28
- data/spec/unit/util_spec.rb +74 -119
- data/spec/unit/version_spec.rb +6 -6
- data/tasks/benchmark.rake +5 -1
- data/tasks/ci.rake +0 -5
- data/tasks/manpages.rake +9 -2
- data/tasks/parser.rake +11 -3
- metadata +156 -473
- data/CODEOWNERS +0 -30
- data/ext/rack/config.ru +0 -44
- data/ext/rack/example-passenger-vhost.conf +0 -57
- data/lib/puppet/application/ca.rb +0 -11
- data/lib/puppet/application/certificate.rb +0 -17
- data/lib/puppet/application/certificate_request.rb +0 -7
- data/lib/puppet/application/certificate_revocation_list.rb +0 -7
- data/lib/puppet/application/master.rb +0 -319
- data/lib/puppet/confine/boolean.rb +0 -45
- data/lib/puppet/external/nagios.rb +0 -46
- data/lib/puppet/external/nagios/base.rb +0 -472
- data/lib/puppet/external/nagios/grammar.ry +0 -248
- data/lib/puppet/external/nagios/makefile +0 -9
- data/lib/puppet/external/nagios/parser.rb +0 -400
- data/lib/puppet/face/ca.rb +0 -266
- data/lib/puppet/face/certificate.rb +0 -167
- data/lib/puppet/face/certificate_request.rb +0 -56
- data/lib/puppet/face/certificate_revocation_list.rb +0 -56
- data/lib/puppet/feature/rack.rb +0 -19
- data/lib/puppet/graph/random_prioritizer.rb +0 -16
- data/lib/puppet/graph/title_hash_prioritizer.rb +0 -16
- data/lib/puppet/indirector/certificate/ca.rb +0 -9
- data/lib/puppet/indirector/certificate/disabled_ca.rb +0 -22
- data/lib/puppet/indirector/certificate_request/ca.rb +0 -22
- data/lib/puppet/indirector/certificate_request/disabled_ca.rb +0 -22
- data/lib/puppet/indirector/certificate_revocation_list/ca.rb +0 -8
- data/lib/puppet/indirector/certificate_revocation_list/disabled_ca.rb +0 -22
- data/lib/puppet/indirector/certificate_revocation_list/file.rb +0 -8
- data/lib/puppet/indirector/certificate_revocation_list/rest.rb +0 -22
- data/lib/puppet/indirector/certificate_status.rb +0 -4
- data/lib/puppet/indirector/certificate_status/file.rb +0 -91
- data/lib/puppet/indirector/certificate_status/rest.rb +0 -11
- data/lib/puppet/indirector/key/ca.rb +0 -16
- data/lib/puppet/indirector/key/disabled_ca.rb +0 -22
- data/lib/puppet/indirector/ldap.rb +0 -86
- data/lib/puppet/indirector/node/ldap.rb +0 -275
- data/lib/puppet/indirector/node/write_only_yaml.rb +0 -39
- data/lib/puppet/module_tool/applications/builder.rb +0 -152
- data/lib/puppet/module_tool/skeleton/templates/generator/Gemfile +0 -18
- data/lib/puppet/module_tool/skeleton/templates/generator/README.md.erb +0 -89
- data/lib/puppet/module_tool/skeleton/templates/generator/Rakefile +0 -32
- data/lib/puppet/module_tool/skeleton/templates/generator/examples/init.pp.erb +0 -12
- data/lib/puppet/module_tool/skeleton/templates/generator/manifests/init.pp.erb +0 -48
- data/lib/puppet/module_tool/skeleton/templates/generator/metadata.json.erb +0 -1
- data/lib/puppet/module_tool/skeleton/templates/generator/spec/classes/init_spec.rb.erb +0 -6
- data/lib/puppet/module_tool/skeleton/templates/generator/spec/spec_helper.rb +0 -1
- data/lib/puppet/network/http/api/ca.rb +0 -2
- data/lib/puppet/network/http/api/ca/v1.rb +0 -11
- data/lib/puppet/network/http/rack.rb +0 -33
- data/lib/puppet/network/http/rack/rest.rb +0 -162
- data/lib/puppet/network/http/webrick.rb +0 -124
- data/lib/puppet/network/http/webrick/rest.rb +0 -114
- data/lib/puppet/network/server.rb +0 -39
- data/lib/puppet/provider/augeas/augeas.rb +0 -767
- data/lib/puppet/provider/cisco.rb +0 -9
- data/lib/puppet/provider/computer/computer.rb +0 -20
- data/lib/puppet/provider/cron/crontab.rb +0 -297
- data/lib/puppet/provider/host/parsed.rb +0 -46
- data/lib/puppet/provider/interface/cisco.rb +0 -27
- data/lib/puppet/provider/macauthorization/macauthorization.rb +0 -298
- data/lib/puppet/provider/mailalias/aliases.rb +0 -50
- data/lib/puppet/provider/maillist/mailman.rb +0 -108
- data/lib/puppet/provider/mcx/mcxcontent.rb +0 -173
- data/lib/puppet/provider/mount.rb +0 -76
- data/lib/puppet/provider/mount/parsed.rb +0 -285
- data/lib/puppet/provider/naginator.rb +0 -63
- data/lib/puppet/provider/package/dnfmodule.rb +0 -141
- data/lib/puppet/provider/package_targetable.rb +0 -69
- data/lib/puppet/provider/scheduled_task/win32_taskscheduler.rb +0 -590
- data/lib/puppet/provider/selboolean/getsetsebool.rb +0 -47
- data/lib/puppet/provider/selmodule/semodule.rb +0 -157
- data/lib/puppet/provider/ssh_authorized_key/parsed.rb +0 -105
- data/lib/puppet/provider/sshkey/parsed.rb +0 -50
- data/lib/puppet/provider/vlan/cisco.rb +0 -28
- data/lib/puppet/provider/yumrepo/inifile.rb +0 -315
- data/lib/puppet/provider/zfs/zfs.rb +0 -108
- data/lib/puppet/provider/zone/solaris.rb +0 -364
- data/lib/puppet/provider/zpool/zpool.rb +0 -125
- data/lib/puppet/ssl/certificate_authority.rb +0 -554
- data/lib/puppet/ssl/certificate_authority/autosign_command.rb +0 -45
- data/lib/puppet/ssl/certificate_authority/interface.rb +0 -324
- data/lib/puppet/ssl/certificate_revocation_list.rb +0 -111
- data/lib/puppet/ssl/configuration.rb +0 -61
- data/lib/puppet/ssl/inventory.rb +0 -55
- data/lib/puppet/type/augeas.rb +0 -211
- data/lib/puppet/type/computer.rb +0 -66
- data/lib/puppet/type/cron.rb +0 -480
- data/lib/puppet/type/host.rb +0 -95
- data/lib/puppet/type/interface.rb +0 -121
- data/lib/puppet/type/k5login.rb +0 -165
- data/lib/puppet/type/macauthorization.rb +0 -167
- data/lib/puppet/type/mailalias.rb +0 -46
- data/lib/puppet/type/maillist.rb +0 -62
- data/lib/puppet/type/mcx.rb +0 -98
- data/lib/puppet/type/mount.rb +0 -314
- data/lib/puppet/type/nagios_command.rb +0 -3
- data/lib/puppet/type/nagios_contact.rb +0 -3
- data/lib/puppet/type/nagios_contactgroup.rb +0 -3
- data/lib/puppet/type/nagios_host.rb +0 -3
- data/lib/puppet/type/nagios_hostdependency.rb +0 -3
- data/lib/puppet/type/nagios_hostescalation.rb +0 -3
- data/lib/puppet/type/nagios_hostextinfo.rb +0 -3
- data/lib/puppet/type/nagios_hostgroup.rb +0 -3
- data/lib/puppet/type/nagios_service.rb +0 -3
- data/lib/puppet/type/nagios_servicedependency.rb +0 -3
- data/lib/puppet/type/nagios_serviceescalation.rb +0 -3
- data/lib/puppet/type/nagios_serviceextinfo.rb +0 -3
- data/lib/puppet/type/nagios_servicegroup.rb +0 -3
- data/lib/puppet/type/nagios_timeperiod.rb +0 -3
- data/lib/puppet/type/router.rb +0 -17
- data/lib/puppet/type/scheduled_task.rb +0 -183
- data/lib/puppet/type/selboolean.rb +0 -40
- data/lib/puppet/type/selmodule.rb +0 -58
- data/lib/puppet/type/ssh_authorized_key.rb +0 -143
- data/lib/puppet/type/sshkey.rb +0 -83
- data/lib/puppet/type/vlan.rb +0 -26
- data/lib/puppet/type/yumrepo.rb +0 -430
- data/lib/puppet/type/zfs.rb +0 -154
- data/lib/puppet/type/zone.rb +0 -382
- data/lib/puppet/type/zpool.rb +0 -91
- data/lib/puppet/util/methodhelper.rb +0 -32
- data/lib/puppet/util/nagios_maker.rb +0 -85
- data/lib/puppet/util/network_device/cisco.rb +0 -4
- data/lib/puppet/util/network_device/cisco/device.rb +0 -285
- data/lib/puppet/util/network_device/cisco/facts.rb +0 -72
- data/lib/puppet/util/network_device/cisco/interface.rb +0 -94
- data/lib/puppet/util/network_device/ipcalc.rb +0 -68
- data/lib/puppet/util/network_device/transport/ssh.rb +0 -126
- data/lib/puppet/util/network_device/transport/telnet.rb +0 -47
- data/lib/puppet/util/windows/taskscheduler.rb +0 -1267
- data/lib/puppet/vendor/load_semantic.rb +0 -1
- data/lib/puppet/vendor/load_semantic_puppet.rb +0 -1
- data/lib/puppet/vendor/semantic/lib/semantic.rb +0 -5
- data/lib/puppet/vendor/semantic_puppet/lib/semantic_puppet.rb +0 -11
- data/lib/puppet/vendor/semantic_puppet/lib/semantic_puppet/dependency.rb +0 -181
- data/lib/puppet/vendor/semantic_puppet/lib/semantic_puppet/dependency/graph.rb +0 -60
- data/lib/puppet/vendor/semantic_puppet/lib/semantic_puppet/dependency/graph_node.rb +0 -117
- data/lib/puppet/vendor/semantic_puppet/lib/semantic_puppet/dependency/module_release.rb +0 -58
- data/lib/puppet/vendor/semantic_puppet/lib/semantic_puppet/dependency/source.rb +0 -25
- data/lib/puppet/vendor/semantic_puppet/lib/semantic_puppet/dependency/unsatisfiable_graph.rb +0 -31
- data/lib/puppet/vendor/semantic_puppet/lib/semantic_puppet/gem_version.rb +0 -3
- data/lib/puppet/vendor/semantic_puppet/lib/semantic_puppet/version.rb +0 -203
- data/lib/puppet/vendor/semantic_puppet/lib/semantic_puppet/version_range.rb +0 -758
- data/lib/puppet/vendor/semantic_puppet/locales/config.yaml +0 -21
- data/man/man8/puppet-ca.8 +0 -196
- data/man/man8/puppet-cert.8 +0 -118
- data/man/man8/puppet-certificate.8 +0 -240
- data/man/man8/puppet-certificate_request.8 +0 -161
- data/man/man8/puppet-certificate_revocation_list.8 +0 -139
- data/man/man8/puppet-master.8 +0 -85
- data/spec/fixtures/integration/provider/cron/crontab/create_normal_entry +0 -19
- data/spec/fixtures/integration/provider/cron/crontab/create_special_entry +0 -18
- data/spec/fixtures/integration/provider/cron/crontab/crontab_user1 +0 -15
- data/spec/fixtures/integration/provider/cron/crontab/crontab_user2 +0 -4
- data/spec/fixtures/integration/provider/cron/crontab/modify_entry +0 -13
- data/spec/fixtures/integration/provider/cron/crontab/moved_cronjob_input1 +0 -15
- data/spec/fixtures/integration/provider/cron/crontab/moved_cronjob_input2 +0 -6
- data/spec/fixtures/integration/provider/cron/crontab/purged +0 -8
- data/spec/fixtures/integration/provider/cron/crontab/remove_named_resource +0 -12
- data/spec/fixtures/integration/provider/cron/crontab/remove_unnamed_resource +0 -14
- data/spec/fixtures/integration/provider/cron/crontab/unspecialized +0 -15
- data/spec/fixtures/integration/provider/mailalias/aliases/test1 +0 -32
- data/spec/fixtures/integration/provider/sshkey/sample +0 -21
- data/spec/fixtures/unit/provider/augeas/augeas/augeas/lenses/test.aug +0 -13
- data/spec/fixtures/unit/provider/augeas/augeas/etc/fstab +0 -10
- data/spec/fixtures/unit/provider/augeas/augeas/etc/hosts +0 -6
- data/spec/fixtures/unit/provider/augeas/augeas/etc/test +0 -3
- data/spec/fixtures/unit/provider/augeas/augeas/test.aug +0 -13
- data/spec/fixtures/unit/provider/host/parsed/valid_hosts +0 -19
- data/spec/fixtures/unit/provider/mount/mount-output.aix.txt +0 -7
- data/spec/fixtures/unit/provider/mount/parsed/aix.filesystems +0 -152
- data/spec/fixtures/unit/provider/mount/parsed/aix.mount +0 -11
- data/spec/fixtures/unit/provider/mount/parsed/darwin.mount +0 -6
- data/spec/fixtures/unit/provider/mount/parsed/freebsd.fstab +0 -9
- data/spec/fixtures/unit/provider/mount/parsed/freebsd.mount +0 -4
- data/spec/fixtures/unit/provider/mount/parsed/hpux.mount +0 -17
- data/spec/fixtures/unit/provider/mount/parsed/linux.fstab +0 -12
- data/spec/fixtures/unit/provider/mount/parsed/linux.mount +0 -6
- data/spec/fixtures/unit/provider/mount/parsed/netbsd.fstab +0 -10
- data/spec/fixtures/unit/provider/mount/parsed/netbsd.mount +0 -9
- data/spec/fixtures/unit/provider/mount/parsed/openbsd.fstab +0 -5
- data/spec/fixtures/unit/provider/mount/parsed/openbsd.mount +0 -5
- data/spec/fixtures/unit/provider/mount/parsed/solaris.fstab +0 -11
- data/spec/fixtures/unit/provider/mount/parsed/solaris.mount +0 -6
- data/spec/fixtures/unit/provider/naginator/define_empty_param +0 -6
- data/spec/fixtures/unit/provider/package/dnfmodule/dnf-module-list.txt +0 -19
- data/spec/fixtures/unit/provider/package/yum/yum-check-update-subscription-manager.txt +0 -9
- data/spec/fixtures/unit/provider/service/smf/svcs_fmri.out +0 -6
- data/spec/fixtures/unit/provider/service/smf/svcs_multiple_fmris.out +0 -13
- data/spec/fixtures/unit/provider/ssh_authorized_key/parsed/authorized_keys +0 -7
- data/spec/fixtures/unit/provider/ssh_authorized_key/parsed/authorized_keys1 +0 -3
- data/spec/fixtures/unit/provider/ssh_authorized_key/parsed/authorized_keys2 +0 -1
- data/spec/fixtures/unit/provider/sshkey/parsed/sample +0 -21
- data/spec/fixtures/unit/provider/sshkey/parsed/sample_with_blank_lines +0 -8
- data/spec/fixtures/unit/provider/zfs/zfs/zfs-list.out +0 -2
- data/spec/fixtures/unit/provider/zpool/zpool/zpool-list.out +0 -2
- data/spec/integration/faces/ca_spec.rb +0 -353
- data/spec/integration/indirector/node/ldap_spec.rb +0 -13
- data/spec/integration/network/http_pool_spec.rb +0 -120
- data/spec/integration/provider/cron/crontab_spec.rb +0 -240
- data/spec/integration/provider/file/windows_spec.rb +0 -162
- data/spec/integration/provider/mailalias/aliases_spec.rb +0 -9
- data/spec/integration/provider/mount_spec.rb +0 -163
- data/spec/integration/provider/ssh_authorized_key_spec.rb +0 -217
- data/spec/integration/provider/sshkey_spec.rb +0 -153
- data/spec/integration/provider/yumrepo_spec.rb +0 -126
- data/spec/integration/ssl/autosign_spec.rb +0 -145
- data/spec/integration/ssl/certificate_authority_spec.rb +0 -161
- data/spec/integration/ssl/certificate_revocation_list_spec.rb +0 -33
- data/spec/integration/transaction_spec.rb +0 -553
- data/spec/integration/type/nagios_spec.rb +0 -69
- data/spec/integration/type/notify_spec.rb +0 -46
- data/spec/integration/type/user_spec.rb +0 -63
- data/spec/lib/puppet_spec/https.rb +0 -166
- data/spec/unit/application/cert_spec.rb +0 -272
- data/spec/unit/application/certificate_spec.rb +0 -21
- data/spec/unit/application/master_spec.rb +0 -414
- data/spec/unit/face/ca_spec.rb +0 -9
- data/spec/unit/face/certificate_request_spec.rb +0 -9
- data/spec/unit/face/certificate_revocation_list_spec.rb +0 -9
- data/spec/unit/face/certificate_spec.rb +0 -228
- data/spec/unit/face/module/build_spec.rb +0 -69
- data/spec/unit/graph/title_hash_prioritizer_spec.rb +0 -50
- data/spec/unit/indirector/certificate/ca_spec.rb +0 -21
- data/spec/unit/indirector/certificate/disabled_ca_spec.rb +0 -32
- data/spec/unit/indirector/certificate_request/ca_spec.rb +0 -56
- data/spec/unit/indirector/certificate_request/disabled_ca_spec.rb +0 -32
- data/spec/unit/indirector/certificate_revocation_list/ca_spec.rb +0 -15
- data/spec/unit/indirector/certificate_revocation_list/disabled_ca_spec.rb +0 -32
- data/spec/unit/indirector/certificate_revocation_list/file_spec.rb +0 -16
- data/spec/unit/indirector/certificate_revocation_list/rest_spec.rb +0 -33
- data/spec/unit/indirector/certificate_status/file_spec.rb +0 -190
- data/spec/unit/indirector/certificate_status/rest_spec.rb +0 -17
- data/spec/unit/indirector/code_spec.rb +0 -30
- data/spec/unit/indirector/key/ca_spec.rb +0 -22
- data/spec/unit/indirector/key/disabled_ca_spec.rb +0 -32
- data/spec/unit/indirector/ldap_spec.rb +0 -151
- data/spec/unit/indirector/node/ldap_spec.rb +0 -463
- data/spec/unit/indirector/node/write_only_yaml_spec.rb +0 -11
- data/spec/unit/module_tool/applications/builder_spec.rb +0 -439
- data/spec/unit/network/http/api/ca/v1_spec.rb +0 -26
- data/spec/unit/network/http/rack/rest_spec.rb +0 -322
- data/spec/unit/network/http/rack_spec.rb +0 -42
- data/spec/unit/network/http/webrick/rest_spec.rb +0 -230
- data/spec/unit/network/http/webrick_spec.rb +0 -277
- data/spec/unit/network/server_spec.rb +0 -94
- data/spec/unit/provider/augeas/augeas_spec.rb +0 -1096
- data/spec/unit/provider/cisco_spec.rb +0 -14
- data/spec/unit/provider/cron/crontab_spec.rb +0 -206
- data/spec/unit/provider/cron/parsed_spec.rb +0 -355
- data/spec/unit/provider/host/parsed_spec.rb +0 -219
- data/spec/unit/provider/interface/cisco_spec.rb +0 -53
- data/spec/unit/provider/macauthorization_spec.rb +0 -134
- data/spec/unit/provider/mcx/mcxcontent_spec.rb +0 -190
- data/spec/unit/provider/mount/parsed_spec.rb +0 -318
- data/spec/unit/provider/mount_spec.rb +0 -169
- data/spec/unit/provider/naginator_spec.rb +0 -78
- data/spec/unit/provider/network_device_spec.rb +0 -152
- data/spec/unit/provider/package/dnfmodule_spec.rb +0 -247
- data/spec/unit/provider/package_targetable_spec.rb +0 -60
- data/spec/unit/provider/scheduled_task/win32_taskscheduler_spec.rb +0 -2050
- data/spec/unit/provider/selboolean_spec.rb +0 -34
- data/spec/unit/provider/selmodule-example.pp +0 -0
- data/spec/unit/provider/selmodule_spec.rb +0 -154
- data/spec/unit/provider/ssh_authorized_key/parsed_spec.rb +0 -259
- data/spec/unit/provider/sshkey/parsed_spec.rb +0 -92
- data/spec/unit/provider/vlan/cisco_spec.rb +0 -53
- data/spec/unit/provider/yumrepo/inifile_spec.rb +0 -413
- data/spec/unit/provider/zfs/zfs_spec.rb +0 -171
- data/spec/unit/provider/zone/solaris_spec.rb +0 -261
- data/spec/unit/provider/zpool/zpool_spec.rb +0 -250
- data/spec/unit/settings/server_list_setting_spec.rb +0 -21
- data/spec/unit/ssl/certificate_authority/autosign_command_spec.rb +0 -29
- data/spec/unit/ssl/certificate_authority/interface_spec.rb +0 -563
- data/spec/unit/ssl/certificate_authority_spec.rb +0 -1165
- data/spec/unit/ssl/certificate_revocation_list_spec.rb +0 -196
- data/spec/unit/ssl/configuration_spec.rb +0 -138
- data/spec/unit/ssl/inventory_spec.rb +0 -155
- data/spec/unit/test/test_helper_spec.rb +0 -17
- data/spec/unit/type/augeas_spec.rb +0 -120
- data/spec/unit/type/computer_spec.rb +0 -77
- data/spec/unit/type/cron_spec.rb +0 -539
- data/spec/unit/type/host_spec.rb +0 -680
- data/spec/unit/type/interface_spec.rb +0 -128
- data/spec/unit/type/k5login_spec.rb +0 -204
- data/spec/unit/type/macauthorization_spec.rb +0 -111
- data/spec/unit/type/mailalias_spec.rb +0 -48
- data/spec/unit/type/maillist_spec.rb +0 -38
- data/spec/unit/type/mcx_spec.rb +0 -75
- data/spec/unit/type/mount_spec.rb +0 -622
- data/spec/unit/type/nagios_spec.rb +0 -312
- data/spec/unit/type/scheduled_task_spec.rb +0 -117
- data/spec/unit/type/selboolean_spec.rb +0 -41
- data/spec/unit/type/selmodule_spec.rb +0 -16
- data/spec/unit/type/ssh_authorized_key_spec.rb +0 -228
- data/spec/unit/type/sshkey_spec.rb +0 -75
- data/spec/unit/type/vlan_spec.rb +0 -42
- data/spec/unit/type/yumrepo_spec.rb +0 -476
- data/spec/unit/type/zfs_spec.rb +0 -45
- data/spec/unit/type/zone_spec.rb +0 -182
- data/spec/unit/type/zpool_spec.rb +0 -108
- data/spec/unit/util/nagios_maker_spec.rb +0 -121
- data/spec/unit/util/network_device/cisco/device_spec.rb +0 -491
- data/spec/unit/util/network_device/cisco/facts_spec.rb +0 -63
- data/spec/unit/util/network_device/cisco/interface_spec.rb +0 -97
- data/spec/unit/util/network_device/ipcalc_spec.rb +0 -61
- data/spec/unit/util/network_device/transport/ssh_spec.rb +0 -252
- data/spec/unit/util/network_device/transport/telnet_spec.rb +0 -90
|
@@ -1,125 +0,0 @@
|
|
|
1
|
-
Puppet::Type.type(:zpool).provide(:zpool) do
|
|
2
|
-
desc "Provider for zpool."
|
|
3
|
-
|
|
4
|
-
commands :zpool => 'zpool'
|
|
5
|
-
|
|
6
|
-
#NAME SIZE ALLOC FREE CAP HEALTH ALTROOT
|
|
7
|
-
def self.instances
|
|
8
|
-
zpool(:list, '-H').split("\n").collect do |line|
|
|
9
|
-
name, _size, _alloc, _free, _cap, _health, _altroot = line.split(/\s+/)
|
|
10
|
-
new({:name => name, :ensure => :present})
|
|
11
|
-
end
|
|
12
|
-
end
|
|
13
|
-
|
|
14
|
-
def process_zpool_data(pool_array)
|
|
15
|
-
if pool_array == []
|
|
16
|
-
return Hash.new(:absent)
|
|
17
|
-
end
|
|
18
|
-
#get the name and get rid of it
|
|
19
|
-
pool = Hash.new
|
|
20
|
-
pool[:pool] = pool_array[0]
|
|
21
|
-
pool_array.shift
|
|
22
|
-
|
|
23
|
-
tmp = []
|
|
24
|
-
|
|
25
|
-
#order matters here :(
|
|
26
|
-
pool_array.reverse_each do |value|
|
|
27
|
-
sym = nil
|
|
28
|
-
case value
|
|
29
|
-
when "spares";
|
|
30
|
-
sym = :spare
|
|
31
|
-
when "logs";
|
|
32
|
-
sym = :log
|
|
33
|
-
when /^mirror|^raidz1|^raidz2/;
|
|
34
|
-
sym = value =~ /^mirror/ ? :mirror : :raidz
|
|
35
|
-
pool[:raid_parity] = "raidz2" if value =~ /^raidz2/
|
|
36
|
-
else
|
|
37
|
-
tmp << value
|
|
38
|
-
sym = :disk if value == pool_array.first
|
|
39
|
-
end
|
|
40
|
-
|
|
41
|
-
if sym
|
|
42
|
-
pool[sym] = pool[sym] ? pool[sym].unshift(tmp.reverse.join(' ')) : [tmp.reverse.join(' ')]
|
|
43
|
-
tmp.clear
|
|
44
|
-
end
|
|
45
|
-
end
|
|
46
|
-
|
|
47
|
-
pool
|
|
48
|
-
end
|
|
49
|
-
|
|
50
|
-
def get_pool_data
|
|
51
|
-
# https://docs.oracle.com/cd/E19082-01/817-2271/gbcve/index.html
|
|
52
|
-
# we could also use zpool iostat -v mypool for a (little bit) cleaner output
|
|
53
|
-
out = execute("zpool status #{@resource[:pool]}", :failonfail => false, :combine => false)
|
|
54
|
-
zpool_data = out.lines.select { |line| line.index("\t") == 0 }.collect { |l| l.strip.split("\s")[0] }
|
|
55
|
-
zpool_data.shift
|
|
56
|
-
zpool_data
|
|
57
|
-
end
|
|
58
|
-
|
|
59
|
-
def current_pool
|
|
60
|
-
@current_pool = process_zpool_data(get_pool_data) unless (defined?(@current_pool) and @current_pool)
|
|
61
|
-
@current_pool
|
|
62
|
-
end
|
|
63
|
-
|
|
64
|
-
def flush
|
|
65
|
-
@current_pool= nil
|
|
66
|
-
end
|
|
67
|
-
|
|
68
|
-
#Adds log and spare
|
|
69
|
-
def build_named(name)
|
|
70
|
-
if prop = @resource[name.intern]
|
|
71
|
-
[name] + prop.collect { |p| p.split(' ') }.flatten
|
|
72
|
-
else
|
|
73
|
-
[]
|
|
74
|
-
end
|
|
75
|
-
end
|
|
76
|
-
|
|
77
|
-
#query for parity and set the right string
|
|
78
|
-
def raidzarity
|
|
79
|
-
@resource[:raid_parity] ? @resource[:raid_parity] : "raidz1"
|
|
80
|
-
end
|
|
81
|
-
|
|
82
|
-
#handle mirror or raid
|
|
83
|
-
def handle_multi_arrays(prefix, array)
|
|
84
|
-
array.collect{ |a| [prefix] + a.split(' ') }.flatten
|
|
85
|
-
end
|
|
86
|
-
|
|
87
|
-
#builds up the vdevs for create command
|
|
88
|
-
def build_vdevs
|
|
89
|
-
if disk = @resource[:disk]
|
|
90
|
-
disk.collect { |d| d.split(' ') }.flatten
|
|
91
|
-
elsif mirror = @resource[:mirror]
|
|
92
|
-
handle_multi_arrays("mirror", mirror)
|
|
93
|
-
elsif raidz = @resource[:raidz]
|
|
94
|
-
handle_multi_arrays(raidzarity, raidz)
|
|
95
|
-
end
|
|
96
|
-
end
|
|
97
|
-
|
|
98
|
-
def create
|
|
99
|
-
zpool(*([:create, @resource[:pool]] + build_vdevs + build_named("spare") + build_named("log")))
|
|
100
|
-
end
|
|
101
|
-
|
|
102
|
-
def destroy
|
|
103
|
-
zpool :destroy, @resource[:pool]
|
|
104
|
-
end
|
|
105
|
-
|
|
106
|
-
def exists?
|
|
107
|
-
if current_pool[:pool] == :absent
|
|
108
|
-
false
|
|
109
|
-
else
|
|
110
|
-
true
|
|
111
|
-
end
|
|
112
|
-
end
|
|
113
|
-
|
|
114
|
-
[:disk, :mirror, :raidz, :log, :spare].each do |field|
|
|
115
|
-
define_method(field) do
|
|
116
|
-
current_pool[field]
|
|
117
|
-
end
|
|
118
|
-
|
|
119
|
-
define_method(field.to_s + "=") do |should|
|
|
120
|
-
self.fail "zpool #{field} can't be changed. should be #{should}, currently is #{current_pool[field]}"
|
|
121
|
-
end
|
|
122
|
-
end
|
|
123
|
-
|
|
124
|
-
end
|
|
125
|
-
|
|
@@ -1,554 +0,0 @@
|
|
|
1
|
-
require 'puppet/ssl/host'
|
|
2
|
-
require 'puppet/ssl/certificate_request'
|
|
3
|
-
require 'puppet/ssl/certificate_signer'
|
|
4
|
-
require 'puppet/util'
|
|
5
|
-
|
|
6
|
-
# The class that knows how to sign certificates. It creates
|
|
7
|
-
# a 'special' SSL::Host whose name is 'ca', thus indicating
|
|
8
|
-
# that, well, it's the CA. There's some magic in the
|
|
9
|
-
# indirector/ssl_file terminus base class that does that
|
|
10
|
-
# for us.
|
|
11
|
-
# This class mostly just signs certs for us, but
|
|
12
|
-
# it can also be seen as a general interface into all of the
|
|
13
|
-
# SSL stuff.
|
|
14
|
-
class Puppet::SSL::CertificateAuthority
|
|
15
|
-
# We will only sign extensions on this whitelist, ever. Any CSR with a
|
|
16
|
-
# requested extension that we don't recognize is rejected, against the risk
|
|
17
|
-
# that it will introduce some security issue through our ignorance of it.
|
|
18
|
-
#
|
|
19
|
-
# Adding an extension to this whitelist simply means we will consider it
|
|
20
|
-
# further, not that we will always accept a certificate with an extension
|
|
21
|
-
# requested on this list.
|
|
22
|
-
RequestExtensionWhitelist = %w{subjectAltName}
|
|
23
|
-
|
|
24
|
-
require 'puppet/ssl/certificate_factory'
|
|
25
|
-
require 'puppet/ssl/inventory'
|
|
26
|
-
require 'puppet/ssl/certificate_revocation_list'
|
|
27
|
-
require 'puppet/ssl/certificate_authority/interface'
|
|
28
|
-
require 'puppet/ssl/certificate_authority/autosign_command'
|
|
29
|
-
require 'puppet/network/authstore'
|
|
30
|
-
|
|
31
|
-
class CertificateVerificationError < RuntimeError
|
|
32
|
-
attr_accessor :error_code
|
|
33
|
-
|
|
34
|
-
def initialize(code)
|
|
35
|
-
@error_code = code
|
|
36
|
-
end
|
|
37
|
-
end
|
|
38
|
-
|
|
39
|
-
def self.singleton_instance
|
|
40
|
-
@singleton_instance ||= new
|
|
41
|
-
end
|
|
42
|
-
|
|
43
|
-
class CertificateSigningError < RuntimeError
|
|
44
|
-
attr_accessor :host
|
|
45
|
-
|
|
46
|
-
def initialize(host)
|
|
47
|
-
@host = host
|
|
48
|
-
end
|
|
49
|
-
end
|
|
50
|
-
|
|
51
|
-
def self.ca?
|
|
52
|
-
# running as ca? - ensure boolean answer
|
|
53
|
-
!!(Puppet[:ca] && Puppet.run_mode.master?)
|
|
54
|
-
end
|
|
55
|
-
|
|
56
|
-
# If this process can function as a CA, then return a singleton instance.
|
|
57
|
-
def self.instance
|
|
58
|
-
ca? ? singleton_instance : nil
|
|
59
|
-
end
|
|
60
|
-
|
|
61
|
-
attr_reader :name, :host
|
|
62
|
-
|
|
63
|
-
# If autosign is configured, autosign the csr we are passed.
|
|
64
|
-
# @param csr [Puppet::SSL::CertificateRequest] The csr to sign.
|
|
65
|
-
# @return [Void]
|
|
66
|
-
# @api private
|
|
67
|
-
def autosign(csr)
|
|
68
|
-
if autosign?(csr)
|
|
69
|
-
Puppet.info _("Autosigning %{csr}") % { csr: csr.name }
|
|
70
|
-
sign(csr.name)
|
|
71
|
-
end
|
|
72
|
-
end
|
|
73
|
-
|
|
74
|
-
# Determine if a CSR can be autosigned by the autosign store or autosign command
|
|
75
|
-
#
|
|
76
|
-
# @param csr [Puppet::SSL::CertificateRequest] The CSR to check
|
|
77
|
-
# @return [true, false]
|
|
78
|
-
# @api private
|
|
79
|
-
def autosign?(csr)
|
|
80
|
-
auto = Puppet[:autosign]
|
|
81
|
-
|
|
82
|
-
decider = case auto
|
|
83
|
-
when false
|
|
84
|
-
AutosignNever.new
|
|
85
|
-
when true
|
|
86
|
-
AutosignAlways.new
|
|
87
|
-
else
|
|
88
|
-
file = Puppet::FileSystem.pathname(auto)
|
|
89
|
-
if Puppet::FileSystem.executable?(file)
|
|
90
|
-
Puppet::SSL::CertificateAuthority::AutosignCommand.new(auto)
|
|
91
|
-
elsif Puppet::FileSystem.exist?(file)
|
|
92
|
-
AutosignConfig.new(file)
|
|
93
|
-
else
|
|
94
|
-
AutosignNever.new
|
|
95
|
-
end
|
|
96
|
-
end
|
|
97
|
-
|
|
98
|
-
decider.allowed?(csr)
|
|
99
|
-
end
|
|
100
|
-
|
|
101
|
-
# Retrieves (or creates, if necessary) the certificate revocation list.
|
|
102
|
-
def crl
|
|
103
|
-
unless defined?(@crl)
|
|
104
|
-
unless @crl = Puppet::SSL::CertificateRevocationList.indirection.find(Puppet::SSL::CA_NAME)
|
|
105
|
-
@crl = Puppet::SSL::CertificateRevocationList.new(Puppet::SSL::CA_NAME)
|
|
106
|
-
@crl.generate(host.certificate.content, host.key.content)
|
|
107
|
-
Puppet::SSL::CertificateRevocationList.indirection.save(@crl)
|
|
108
|
-
end
|
|
109
|
-
end
|
|
110
|
-
@crl
|
|
111
|
-
end
|
|
112
|
-
|
|
113
|
-
# Delegates this to our Host class.
|
|
114
|
-
def destroy(name)
|
|
115
|
-
Puppet::SSL::Host.destroy(name)
|
|
116
|
-
end
|
|
117
|
-
|
|
118
|
-
# Generates a new certificate.
|
|
119
|
-
# @return Puppet::SSL::Certificate
|
|
120
|
-
def generate(name, options = {})
|
|
121
|
-
raise ArgumentError, _("A Certificate already exists for %{name}") % { name: name } if Puppet::SSL::Certificate.indirection.find(name)
|
|
122
|
-
|
|
123
|
-
# Pass on any requested subjectAltName field.
|
|
124
|
-
san = options[:dns_alt_names]
|
|
125
|
-
|
|
126
|
-
host = Puppet::SSL::Host.new(name)
|
|
127
|
-
host.generate_certificate_request(:dns_alt_names => san)
|
|
128
|
-
# CSR may have been implicitly autosigned, generating a certificate
|
|
129
|
-
# Or sign explicitly
|
|
130
|
-
host.certificate || sign(name, {allow_dns_alt_names: !!san})
|
|
131
|
-
end
|
|
132
|
-
|
|
133
|
-
# Generate our CA certificate.
|
|
134
|
-
def generate_ca_certificate
|
|
135
|
-
generate_password unless password?
|
|
136
|
-
|
|
137
|
-
host.generate_key unless host.key
|
|
138
|
-
|
|
139
|
-
# Create a new cert request. We do this specially, because we don't want
|
|
140
|
-
# to actually save the request anywhere.
|
|
141
|
-
request = Puppet::SSL::CertificateRequest.new(host.name)
|
|
142
|
-
|
|
143
|
-
# We deliberately do not put any subjectAltName in here: the CA
|
|
144
|
-
# certificate absolutely does not need them. --daniel 2011-10-13
|
|
145
|
-
request.generate(host.key)
|
|
146
|
-
|
|
147
|
-
# Create a self-signed certificate.
|
|
148
|
-
@certificate = sign(host.name, {allow_dns_alt_names: false,
|
|
149
|
-
self_signing_csr: request})
|
|
150
|
-
|
|
151
|
-
# And make sure we initialize our CRL.
|
|
152
|
-
crl
|
|
153
|
-
end
|
|
154
|
-
|
|
155
|
-
def initialize
|
|
156
|
-
Puppet.settings.use :main, :ssl, :ca
|
|
157
|
-
|
|
158
|
-
@name = Puppet[:certname]
|
|
159
|
-
|
|
160
|
-
@host = Puppet::SSL::Host.new(Puppet::SSL::Host.ca_name)
|
|
161
|
-
|
|
162
|
-
setup
|
|
163
|
-
end
|
|
164
|
-
|
|
165
|
-
# Retrieve (or create, if necessary) our inventory manager.
|
|
166
|
-
def inventory
|
|
167
|
-
@inventory ||= Puppet::SSL::Inventory.new
|
|
168
|
-
end
|
|
169
|
-
|
|
170
|
-
# Generate a new password for the CA.
|
|
171
|
-
def generate_password
|
|
172
|
-
pass = ""
|
|
173
|
-
20.times { pass += (rand(74) + 48).chr }
|
|
174
|
-
|
|
175
|
-
begin
|
|
176
|
-
# random password is limited to ASCII characters 48 ('0') through 122 ('z')
|
|
177
|
-
Puppet.settings.setting(:capass).open('w:ASCII') { |f| f.print pass }
|
|
178
|
-
rescue Errno::EACCES => detail
|
|
179
|
-
raise Puppet::Error, _("Could not write CA password: %{detail}") % { detail: detail }, detail.backtrace
|
|
180
|
-
end
|
|
181
|
-
|
|
182
|
-
@password = pass
|
|
183
|
-
|
|
184
|
-
pass
|
|
185
|
-
end
|
|
186
|
-
|
|
187
|
-
# Lists the names of all signed certificates.
|
|
188
|
-
#
|
|
189
|
-
# @param name [Array<string>] filter to cerificate names
|
|
190
|
-
#
|
|
191
|
-
# @return [Array<String>]
|
|
192
|
-
def list(name='*')
|
|
193
|
-
Puppet::SSL::Certificate.indirection.search(name).collect { |c| c.name }
|
|
194
|
-
end
|
|
195
|
-
|
|
196
|
-
# Return all the certificate objects as found by the indirector
|
|
197
|
-
# API for PE license checking.
|
|
198
|
-
#
|
|
199
|
-
# Created to prevent the case of reading all certs from disk, getting
|
|
200
|
-
# just their names and verifying the cert for each name, which then
|
|
201
|
-
# causes the cert to again be read from disk.
|
|
202
|
-
#
|
|
203
|
-
# @author Jeff Weiss <jeff.weiss@puppetlabs.com>
|
|
204
|
-
# @api Puppet Enterprise Licensing
|
|
205
|
-
#
|
|
206
|
-
# @param name [Array<string>] filter to cerificate names
|
|
207
|
-
#
|
|
208
|
-
# @return [Array<Puppet::SSL::Certificate>]
|
|
209
|
-
#
|
|
210
|
-
# @deprecated Use Puppet::SSL::CertificateAuthority#list or Puppet Server Certificate status API
|
|
211
|
-
def list_certificates(name='*')
|
|
212
|
-
Puppet.deprecation_warning(_("Puppet::SSL::CertificateAuthority#list_certificates is deprecated. Please use Puppet::SSL::CertificateAuthority#list or the certificate status API to query certificate information. See https://puppet.com/docs/puppet/latest/http_api/http_certificate_status.html"))
|
|
213
|
-
Puppet::SSL::Certificate.indirection.search(name)
|
|
214
|
-
end
|
|
215
|
-
|
|
216
|
-
# Read the next serial from the serial file, and increment the
|
|
217
|
-
# file so this one is considered used.
|
|
218
|
-
def next_serial
|
|
219
|
-
serial = 1
|
|
220
|
-
# the serial is 4 hex digits - limited to ASCII
|
|
221
|
-
Puppet.settings.setting(:serial).exclusive_open('a+:ASCII') do |f|
|
|
222
|
-
f.rewind
|
|
223
|
-
serial = f.read.chomp.hex
|
|
224
|
-
if serial == 0
|
|
225
|
-
serial = 1
|
|
226
|
-
end
|
|
227
|
-
|
|
228
|
-
f.truncate(0)
|
|
229
|
-
f.rewind
|
|
230
|
-
|
|
231
|
-
# We store the next valid serial, not the one we just used.
|
|
232
|
-
f << "%04X" % (serial + 1)
|
|
233
|
-
end
|
|
234
|
-
|
|
235
|
-
serial
|
|
236
|
-
end
|
|
237
|
-
|
|
238
|
-
# Does the password file exist?
|
|
239
|
-
def password?
|
|
240
|
-
Puppet::FileSystem.exist?(Puppet[:capass])
|
|
241
|
-
end
|
|
242
|
-
|
|
243
|
-
# Print a given host's certificate as text.
|
|
244
|
-
def print(name)
|
|
245
|
-
(cert = Puppet::SSL::Certificate.indirection.find(name)) ? cert.to_text : nil
|
|
246
|
-
end
|
|
247
|
-
|
|
248
|
-
# Revoke a given certificate.
|
|
249
|
-
def revoke(name)
|
|
250
|
-
raise ArgumentError, _("Cannot revoke certificates when the CRL is disabled") unless crl
|
|
251
|
-
|
|
252
|
-
cert = Puppet::SSL::Certificate.indirection.find(name)
|
|
253
|
-
|
|
254
|
-
serials = if cert
|
|
255
|
-
[cert.content.serial]
|
|
256
|
-
elsif name =~ /^0x[0-9A-Fa-f]+$/
|
|
257
|
-
[name.hex]
|
|
258
|
-
else
|
|
259
|
-
inventory.serials(name)
|
|
260
|
-
end
|
|
261
|
-
|
|
262
|
-
if serials.empty?
|
|
263
|
-
raise ArgumentError, _("Could not find a serial number for %{name}") % { name: name }
|
|
264
|
-
end
|
|
265
|
-
|
|
266
|
-
serials.each do |s|
|
|
267
|
-
crl.revoke(s, host.key.content)
|
|
268
|
-
end
|
|
269
|
-
end
|
|
270
|
-
|
|
271
|
-
# This initializes our CA so it actually works. This should be a private
|
|
272
|
-
# method, except that you can't any-instance stub private methods, which is
|
|
273
|
-
# *awesome*. This method only really exists to provide a stub-point during
|
|
274
|
-
# testing.
|
|
275
|
-
def setup
|
|
276
|
-
generate_ca_certificate unless @host.certificate
|
|
277
|
-
end
|
|
278
|
-
|
|
279
|
-
# Sign a given certificate request.
|
|
280
|
-
def sign(hostname, options={})
|
|
281
|
-
options[:allow_authorization_extensions] ||= false
|
|
282
|
-
options[:allow_dns_alt_names] ||= false
|
|
283
|
-
options[:self_signing_csr] ||= nil
|
|
284
|
-
|
|
285
|
-
self_signing_csr = options.delete(:self_signing_csr)
|
|
286
|
-
|
|
287
|
-
if self_signing_csr
|
|
288
|
-
# # This is a self-signed certificate, which is for the CA. Since this
|
|
289
|
-
# # forces the certificate to be self-signed, anyone who manages to trick
|
|
290
|
-
# # the system into going through this path gets a certificate they could
|
|
291
|
-
# # generate anyway. There should be no security risk from that.
|
|
292
|
-
csr = self_signing_csr
|
|
293
|
-
cert_type = :ca
|
|
294
|
-
issuer = csr.content
|
|
295
|
-
else
|
|
296
|
-
unless csr = Puppet::SSL::CertificateRequest.indirection.find(hostname)
|
|
297
|
-
raise ArgumentError, _("Could not find certificate request for %{hostname}") % { hostname: hostname }
|
|
298
|
-
end
|
|
299
|
-
|
|
300
|
-
cert_type = :server
|
|
301
|
-
issuer = host.certificate.content
|
|
302
|
-
|
|
303
|
-
# Make sure that the CSR conforms to our internal signing policies.
|
|
304
|
-
# This will raise if the CSR doesn't conform, but just in case...
|
|
305
|
-
check_internal_signing_policies(hostname, csr, options) or
|
|
306
|
-
raise CertificateSigningError.new(hostname), _("CSR had an unknown failure checking internal signing policies, will not sign!")
|
|
307
|
-
end
|
|
308
|
-
|
|
309
|
-
cert = Puppet::SSL::Certificate.new(hostname)
|
|
310
|
-
cert.content = Puppet::SSL::CertificateFactory.
|
|
311
|
-
build(cert_type, csr, issuer, next_serial)
|
|
312
|
-
|
|
313
|
-
signer = Puppet::SSL::CertificateSigner.new
|
|
314
|
-
signer.sign(cert.content, host.key.content)
|
|
315
|
-
|
|
316
|
-
Puppet.notice _("Signed certificate request for %{hostname}") % { hostname: hostname }
|
|
317
|
-
|
|
318
|
-
# Add the cert to the inventory before we save it, since
|
|
319
|
-
# otherwise we could end up with it being duplicated, if
|
|
320
|
-
# this is the first time we build the inventory file.
|
|
321
|
-
inventory.add(cert)
|
|
322
|
-
|
|
323
|
-
# Save the now-signed cert. This should get routed correctly depending
|
|
324
|
-
# on the certificate type.
|
|
325
|
-
Puppet::SSL::Certificate.indirection.save(cert)
|
|
326
|
-
|
|
327
|
-
# And remove the CSR if this wasn't self signed.
|
|
328
|
-
Puppet::SSL::CertificateRequest.indirection.destroy(csr.name) unless self_signing_csr
|
|
329
|
-
|
|
330
|
-
cert
|
|
331
|
-
end
|
|
332
|
-
|
|
333
|
-
def check_internal_signing_policies(hostname, csr, options = {})
|
|
334
|
-
options[:allow_authorization_extensions] ||= false
|
|
335
|
-
options[:allow_dns_alt_names] ||= false
|
|
336
|
-
# This allows for masters to bootstrap themselves in certain scenarios
|
|
337
|
-
options[:allow_dns_alt_names] = true if hostname == Puppet[:certname].downcase
|
|
338
|
-
|
|
339
|
-
# Reject unknown request extensions.
|
|
340
|
-
unknown_req = csr.request_extensions.reject do |x|
|
|
341
|
-
RequestExtensionWhitelist.include? x["oid"] or
|
|
342
|
-
Puppet::SSL::Oids.subtree_of?('ppRegCertExt', x["oid"], true) or
|
|
343
|
-
Puppet::SSL::Oids.subtree_of?('ppPrivCertExt', x["oid"], true) or
|
|
344
|
-
Puppet::SSL::Oids.subtree_of?('ppAuthCertExt', x["oid"], true)
|
|
345
|
-
end
|
|
346
|
-
|
|
347
|
-
if unknown_req and not unknown_req.empty?
|
|
348
|
-
names = unknown_req.map {|x| x["oid"] }.sort.uniq.join(", ")
|
|
349
|
-
raise CertificateSigningError.new(hostname), _("CSR has request extensions that are not permitted: %{names}") % { names: names }
|
|
350
|
-
end
|
|
351
|
-
|
|
352
|
-
# Do not sign misleading CSRs
|
|
353
|
-
cn = csr.content.subject.to_a.assoc("CN")[1]
|
|
354
|
-
if hostname != cn
|
|
355
|
-
raise CertificateSigningError.new(hostname), _("CSR subject common name %{name} does not match expected certname %{expected}") % { name: cn.inspect, expected: hostname.inspect }
|
|
356
|
-
end
|
|
357
|
-
|
|
358
|
-
if hostname !~ Puppet::SSL::Base::VALID_CERTNAME
|
|
359
|
-
raise CertificateSigningError.new(hostname), _("CSR %{hostname} subject contains unprintable or non-ASCII characters") % { hostname: hostname.inspect }
|
|
360
|
-
end
|
|
361
|
-
|
|
362
|
-
# Wildcards: we don't allow 'em at any point.
|
|
363
|
-
#
|
|
364
|
-
# The stringification here makes the content visible, and saves us having
|
|
365
|
-
# to scrobble through the content of the CSR subject field to make sure it
|
|
366
|
-
# is what we expect where we expect it.
|
|
367
|
-
if csr.content.subject.to_s.include? '*'
|
|
368
|
-
raise CertificateSigningError.new(hostname), _("CSR subject contains a wildcard, which is not allowed: %{subject}") % { subject: csr.content.subject.to_s }
|
|
369
|
-
end
|
|
370
|
-
|
|
371
|
-
unless csr.content.verify(csr.content.public_key)
|
|
372
|
-
raise CertificateSigningError.new(hostname), _("CSR contains a public key that does not correspond to the signing key")
|
|
373
|
-
end
|
|
374
|
-
|
|
375
|
-
auth_extensions = csr.request_extensions.select do |extension|
|
|
376
|
-
Puppet::SSL::Oids.subtree_of?('ppAuthCertExt', extension['oid'], true)
|
|
377
|
-
end
|
|
378
|
-
|
|
379
|
-
if auth_extensions.any? && !options[:allow_authorization_extensions]
|
|
380
|
-
ext_names = auth_extensions.map do |extension|
|
|
381
|
-
extension['oid']
|
|
382
|
-
end
|
|
383
|
-
|
|
384
|
-
raise CertificateSigningError.new(hostname), _("CSR '%{csr}' contains authorization extensions (%{extensions}), which are disallowed by default. Use `puppet cert --allow-authorization-extensions sign %{csr}` to sign this request.") % { csr: csr.name, extensions: ext_names.join(', ') }
|
|
385
|
-
end
|
|
386
|
-
|
|
387
|
-
unless csr.subject_alt_names.empty?
|
|
388
|
-
# If you alt names are allowed, they are required. Otherwise they are
|
|
389
|
-
# disallowed. Self-signed certs are implicitly trusted, however.
|
|
390
|
-
unless options[:allow_dns_alt_names]
|
|
391
|
-
raise CertificateSigningError.new(hostname), _("CSR '%{csr}' contains subject alternative names (%{alt_names}), which are disallowed. Use `puppet cert --allow-dns-alt-names sign %{csr}` to sign this request.") % { csr: csr.name, alt_names: csr.subject_alt_names.join(', ') }
|
|
392
|
-
end
|
|
393
|
-
|
|
394
|
-
# If subjectAltNames are present, validate that they are only for DNS
|
|
395
|
-
# labels, not any other kind.
|
|
396
|
-
unless csr.subject_alt_names.all? {|x| x =~ /^DNS:/ }
|
|
397
|
-
raise CertificateSigningError.new(hostname), _("CSR '%{csr}' contains a subjectAltName outside the DNS label space: %{alt_names}. To continue, this CSR needs to be cleaned.") % { csr: csr.name, alt_names: csr.subject_alt_names.join(', ') }
|
|
398
|
-
end
|
|
399
|
-
|
|
400
|
-
# Check for wildcards in the subjectAltName fields too.
|
|
401
|
-
if csr.subject_alt_names.any? {|x| x.include? '*' }
|
|
402
|
-
raise CertificateSigningError.new(hostname), _("CSR '%{csr}' subjectAltName contains a wildcard, which is not allowed: %{alt_names}. To continue, this CSR needs to be cleaned.") % { csr: csr.name, alt_names: csr.subject_alt_names.join(', ') }
|
|
403
|
-
end
|
|
404
|
-
end
|
|
405
|
-
|
|
406
|
-
return true # good enough for us!
|
|
407
|
-
end
|
|
408
|
-
|
|
409
|
-
# Utility method for optionally caching the X509 Store for verifying a
|
|
410
|
-
# large number of certificates in a short amount of time--exactly the
|
|
411
|
-
# case we have during PE license checking.
|
|
412
|
-
#
|
|
413
|
-
# @example Use the cached X509 store
|
|
414
|
-
# x509store(:cache => true)
|
|
415
|
-
#
|
|
416
|
-
# @example Use a freshly create X509 store
|
|
417
|
-
# x509store
|
|
418
|
-
# x509store(:cache => false)
|
|
419
|
-
#
|
|
420
|
-
# @param [Hash] options the options used for retrieving the X509 Store
|
|
421
|
-
# @option options [Boolean] :cache whether or not to use a cached version
|
|
422
|
-
# of the X509 Store
|
|
423
|
-
#
|
|
424
|
-
# @return [OpenSSL::X509::Store]
|
|
425
|
-
#
|
|
426
|
-
# @deprecated Strictly speaking, #x509_store is marked API private, so we
|
|
427
|
-
# don't need to publicly deprecate it. But it marked as deprecated here to
|
|
428
|
-
# avoid the exceedingly small chance that someone comes in and uses it from
|
|
429
|
-
# within this class before it is removed.
|
|
430
|
-
def x509_store(options = {})
|
|
431
|
-
if (options[:cache])
|
|
432
|
-
return @x509store unless @x509store.nil?
|
|
433
|
-
@x509store = create_x509_store
|
|
434
|
-
else
|
|
435
|
-
create_x509_store
|
|
436
|
-
end
|
|
437
|
-
end
|
|
438
|
-
private :x509_store
|
|
439
|
-
|
|
440
|
-
# Creates a brand new OpenSSL::X509::Store with the appropriate
|
|
441
|
-
# Certificate Revocation List and flags
|
|
442
|
-
#
|
|
443
|
-
# @return [OpenSSL::X509::Store]
|
|
444
|
-
def create_x509_store(purpose = OpenSSL::X509::PURPOSE_ANY)
|
|
445
|
-
store = OpenSSL::X509::Store.new
|
|
446
|
-
store.add_file(Puppet[:cacert])
|
|
447
|
-
store.add_crl(crl.content) if self.crl
|
|
448
|
-
store.purpose = purpose
|
|
449
|
-
if Puppet.lookup(:certificate_revocation)
|
|
450
|
-
store.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL | OpenSSL::X509::V_FLAG_CRL_CHECK
|
|
451
|
-
end
|
|
452
|
-
store
|
|
453
|
-
end
|
|
454
|
-
private :create_x509_store
|
|
455
|
-
|
|
456
|
-
# Utility method which is API for PE license checking.
|
|
457
|
-
# This is used rather than `verify` because
|
|
458
|
-
# 1) We have already read the certificate from disk into memory.
|
|
459
|
-
# To read the certificate from disk again is just wasteful.
|
|
460
|
-
# 2) Because we're checking a large number of certificates against
|
|
461
|
-
# a transient CertificateAuthority, we can relatively safely cache
|
|
462
|
-
# the X509 Store that actually does the verification.
|
|
463
|
-
#
|
|
464
|
-
# Long running instances of CertificateAuthority will certainly
|
|
465
|
-
# want to use `verify` because it will recreate the X509 Store with
|
|
466
|
-
# the absolutely latest CRL.
|
|
467
|
-
#
|
|
468
|
-
# Additionally, this method explicitly returns a boolean whereas
|
|
469
|
-
# `verify` will raise an error if the certificate has been revoked.
|
|
470
|
-
#
|
|
471
|
-
# @author Jeff Weiss <jeff.weiss@puppetlabs.com>
|
|
472
|
-
# @api Puppet Enterprise Licensing
|
|
473
|
-
#
|
|
474
|
-
# @param cert [Puppet::SSL::Certificate] the certificate to check validity of
|
|
475
|
-
#
|
|
476
|
-
# @return [Boolean] true if signed, false if unsigned or revoked
|
|
477
|
-
#
|
|
478
|
-
# @deprecated use Puppet::SSL::CertificateAuthority#verify or Puppet Server certificate status API
|
|
479
|
-
def certificate_is_alive?(cert)
|
|
480
|
-
Puppet.deprecation_warning(_("Puppet::SSL::CertificateAuthority#certificate_is_alive? is deprecated. Please use Puppet::SSL::CertificateAuthority#verify or the certificate status API to query certificate information. See https://puppet.com/docs/puppet/latest/http_api/http_certificate_status.html"))
|
|
481
|
-
x509_store(:cache => true).verify(cert.content)
|
|
482
|
-
end
|
|
483
|
-
|
|
484
|
-
# Verify a given host's certificate. The certname is passed in, and
|
|
485
|
-
# the indirector will be used to locate the actual contents of the
|
|
486
|
-
# certificate with that name.
|
|
487
|
-
#
|
|
488
|
-
# @param name [String] certificate name to verify
|
|
489
|
-
# @param purpose [Integer] bitwise combination of X509::PURPOSE_*
|
|
490
|
-
#
|
|
491
|
-
# @raise [ArgumentError] if the certificate name cannot be found
|
|
492
|
-
# (i.e. doesn't exist or is unsigned)
|
|
493
|
-
# @raise [CertificateVerficationError] if the certificate has been revoked
|
|
494
|
-
#
|
|
495
|
-
# @return [Boolean] true if signed, there are no cases where false is returned
|
|
496
|
-
def verify(name, purpose = OpenSSL::X509::PURPOSE_ANY)
|
|
497
|
-
unless cert = Puppet::SSL::Certificate.indirection.find(name)
|
|
498
|
-
raise ArgumentError, _("Could not find a certificate for %{name}") % { name: name }
|
|
499
|
-
end
|
|
500
|
-
store = create_x509_store(purpose)
|
|
501
|
-
|
|
502
|
-
raise CertificateVerificationError.new(store.error), store.error_string unless store.verify(cert.content)
|
|
503
|
-
end
|
|
504
|
-
|
|
505
|
-
def fingerprint(name, md = :SHA256)
|
|
506
|
-
unless cert = Puppet::SSL::Certificate.indirection.find(name) || Puppet::SSL::CertificateRequest.indirection.find(name)
|
|
507
|
-
raise ArgumentError, _("Could not find a certificate or csr for %{name}") % { name: name }
|
|
508
|
-
end
|
|
509
|
-
cert.fingerprint(md)
|
|
510
|
-
end
|
|
511
|
-
|
|
512
|
-
# List the waiting certificate requests.
|
|
513
|
-
def waiting?
|
|
514
|
-
Puppet::SSL::CertificateRequest.indirection.search("*").collect { |r| r.name }
|
|
515
|
-
end
|
|
516
|
-
|
|
517
|
-
# @api private
|
|
518
|
-
class AutosignAlways
|
|
519
|
-
def allowed?(csr)
|
|
520
|
-
true
|
|
521
|
-
end
|
|
522
|
-
end
|
|
523
|
-
|
|
524
|
-
# @api private
|
|
525
|
-
class AutosignNever
|
|
526
|
-
def allowed?(csr)
|
|
527
|
-
false
|
|
528
|
-
end
|
|
529
|
-
end
|
|
530
|
-
|
|
531
|
-
# @api private
|
|
532
|
-
class AutosignConfig
|
|
533
|
-
def initialize(config_file)
|
|
534
|
-
@config = config_file
|
|
535
|
-
end
|
|
536
|
-
|
|
537
|
-
def allowed?(csr)
|
|
538
|
-
autosign_store.allowed?(csr.name, '127.1.1.1')
|
|
539
|
-
end
|
|
540
|
-
|
|
541
|
-
private
|
|
542
|
-
|
|
543
|
-
def autosign_store
|
|
544
|
-
auth = Puppet::Network::AuthStore.new
|
|
545
|
-
Puppet::FileSystem.each_line(@config) do |line|
|
|
546
|
-
next if line =~ /^\s*#/
|
|
547
|
-
next if line =~ /^\s*$/
|
|
548
|
-
auth.allow(line.chomp)
|
|
549
|
-
end
|
|
550
|
-
|
|
551
|
-
auth
|
|
552
|
-
end
|
|
553
|
-
end
|
|
554
|
-
end
|