RubyGems - puppet - Versions diffs - 5.5.22 → 6.0.0 - Mend

puppet 5.5.22 → 6.0.0

Potentially problematic release.

This version of puppet might be problematic. Click here for more details.

Files changed (1407) hide show

checksums.yaml +4 -4
data/Gemfile +46 -72
data/Gemfile.lock +86 -102
data/MAINTAINERS +47 -0
data/Rakefile +15 -19
data/ext/build_defaults.yaml +0 -1
data/ext/cert_inspector +3 -3
data/ext/debian/copyright +0 -22
data/ext/project_data.yaml +8 -10
data/ext/puppet-test +2 -2
data/ext/redhat/puppet.spec.erb +0 -4
data/ext/regexp_nodes/regexp_nodes.rb +4 -4
data/ext/solaris/smf/puppet.xml +0 -2
data/ext/solaris/smf/svc-puppetd +1 -8
data/ext/solaris/smf/svc-puppetmasterd +1 -8
data/ext/windows/eventlog/Rakefile +32 -0
data/ext/windows/eventlog/puppetres.dll +0 -0
data/ext/windows/eventlog/puppetres.mc +18 -0
data/ext/windows/service/daemon.rb +8 -54
data/install.rb +24 -6
data/lib/hiera/scope.rb +0 -7
data/lib/puppet.rb +10 -21
data/lib/puppet/agent.rb +13 -5
data/lib/puppet/application.rb +10 -8
data/lib/puppet/application/agent.rb +3 -21
data/lib/puppet/application/apply.rb +22 -12
data/lib/puppet/application/cert.rb +25 -180
data/lib/puppet/application/describe.rb +9 -3
data/lib/puppet/application/device.rb +41 -74
data/lib/puppet/application/doc.rb +5 -3
data/lib/puppet/application/filebucket.rb +1 -23
data/lib/puppet/application/lookup.rb +2 -2
data/lib/puppet/application/resource.rb +4 -4
data/lib/puppet/application/script.rb +3 -3
data/lib/puppet/application/ssl.rb +133 -0
data/lib/puppet/application_support.rb +1 -2
data/lib/puppet/configurer.rb +62 -127
data/lib/puppet/configurer/downloader.rb +17 -34
data/lib/puppet/configurer/fact_handler.rb +5 -1
data/lib/puppet/configurer/plugin_handler.rb +2 -3
data/lib/puppet/confine/false.rb +1 -7
data/lib/puppet/confine/true.rb +1 -7
data/lib/puppet/daemon.rb +2 -2
data/lib/puppet/datatypes.rb +1 -1
data/lib/puppet/defaults.rb +126 -286
data/lib/puppet/environments.rb +2 -7
data/lib/puppet/error.rb +14 -10
data/lib/puppet/etc.rb +4 -25
data/lib/puppet/external/dot.rb +23 -17
data/lib/puppet/face/config.rb +50 -12
data/lib/puppet/face/epp.rb +2 -2
data/lib/puppet/face/facts.rb +1 -1
data/lib/puppet/face/help.rb +21 -7
data/lib/puppet/face/help/global.erb +2 -2
data/lib/puppet/face/module/build.rb +4 -59
data/lib/puppet/face/module/generate.rb +5 -247
data/lib/puppet/face/module/install.rb +0 -4
data/lib/puppet/face/module/list.rb +5 -10
data/lib/puppet/face/module/search.rb +2 -2
data/lib/puppet/face/module/uninstall.rb +1 -5
data/lib/puppet/face/module/upgrade.rb +1 -5
data/lib/puppet/face/node/clean.rb +14 -10
data/lib/puppet/face/plugin.rb +2 -9
data/lib/puppet/feature/base.rb +7 -26
data/lib/puppet/feature/eventlog.rb +1 -1
data/lib/puppet/file_bucket/dipper.rb +1 -1
data/lib/puppet/file_serving/base.rb +7 -7
data/lib/puppet/file_serving/fileset.rb +2 -2
data/lib/puppet/file_serving/http_metadata.rb +1 -1
data/lib/puppet/file_serving/metadata.rb +4 -3
data/lib/puppet/file_serving/mount/locales.rb +2 -1
data/lib/puppet/file_serving/mount/pluginfacts.rb +2 -1
data/lib/puppet/file_serving/mount/plugins.rb +2 -1
data/lib/puppet/file_system.rb +8 -0
data/lib/puppet/file_system/memory_file.rb +1 -1
data/lib/puppet/file_system/posix.rb +2 -3
data/lib/puppet/file_system/uniquefile.rb +0 -4
data/lib/puppet/forge.rb +8 -12
data/lib/puppet/functions.rb +138 -0
data/lib/puppet/functions/abs.rb +61 -0
data/lib/puppet/functions/call.rb +38 -2
data/lib/puppet/functions/camelcase.rb +62 -0
data/lib/puppet/functions/capitalize.rb +61 -0
data/lib/puppet/functions/ceiling.rb +37 -0
data/lib/puppet/functions/chomp.rb +57 -0
data/lib/puppet/functions/chop.rb +67 -0
data/lib/puppet/functions/compare.rb +125 -0
data/lib/puppet/functions/convert_to.rb +3 -2
data/lib/puppet/functions/dig.rb +21 -1
data/lib/puppet/functions/downcase.rb +89 -0
data/lib/puppet/functions/epp.rb +4 -4
data/lib/puppet/functions/eyaml_lookup_key.rb +4 -5
data/lib/puppet/functions/filter.rb +7 -6
data/lib/puppet/functions/floor.rb +37 -0
data/lib/puppet/functions/get.rb +150 -0
data/lib/puppet/functions/getvar.rb +87 -0
data/lib/puppet/functions/inline_epp.rb +5 -5
data/lib/puppet/functions/lstrip.rb +58 -0
data/lib/puppet/functions/max.rb +183 -0
data/lib/puppet/functions/min.rb +182 -0
data/lib/puppet/functions/new.rb +3 -8
data/lib/puppet/functions/reduce.rb +4 -2
data/lib/puppet/functions/reverse_each.rb +1 -1
data/lib/puppet/functions/round.rb +24 -0
data/lib/puppet/functions/rstrip.rb +58 -0
data/lib/puppet/functions/size.rb +15 -0
data/lib/puppet/functions/sort.rb +74 -0
data/lib/puppet/functions/step.rb +1 -1
data/lib/puppet/functions/strip.rb +58 -0
data/lib/puppet/functions/upcase.rb +89 -0
data/lib/puppet/functions/yaml_data.rb +4 -5
data/lib/puppet/gettext/config.rb +1 -1
data/lib/puppet/gettext/module_translations.rb +1 -1
data/lib/puppet/graph.rb +0 -2
data/lib/puppet/graph/rb_tree_map.rb +2 -2
data/lib/puppet/graph/simple_graph.rb +10 -7
data/lib/puppet/indirector/catalog/compiler.rb +0 -8
data/lib/puppet/indirector/catalog/json.rb +14 -3
data/lib/puppet/indirector/catalog/yaml.rb +0 -16
data/lib/puppet/indirector/certificate/file.rb +0 -1
data/lib/puppet/indirector/facts/yaml.rb +4 -2
data/lib/puppet/indirector/file_bucket_file/file.rb +1 -1
data/lib/puppet/indirector/hiera.rb +0 -6
data/lib/puppet/indirector/indirection.rb +8 -12
data/lib/puppet/indirector/key/file.rb +1 -6
data/lib/puppet/indirector/node/exec.rb +1 -3
data/lib/puppet/indirector/node/yaml.rb +0 -6
data/lib/puppet/indirector/request.rb +20 -27
data/lib/puppet/indirector/resource/ral.rb +3 -1
data/lib/puppet/indirector/resource/validator.rb +1 -1
data/lib/puppet/indirector/rest.rb +7 -65
data/lib/puppet/indirector/ssl_file.rb +3 -44
data/lib/puppet/indirector/terminus.rb +1 -1
data/lib/puppet/indirector/yaml.rb +4 -4
data/lib/puppet/info_service/task_information_service.rb +7 -3
data/lib/puppet/interface.rb +2 -3
data/lib/puppet/interface/action.rb +2 -5
data/lib/puppet/interface/face_collection.rb +3 -1
data/lib/puppet/loaders.rb +2 -0
data/lib/puppet/metatype/manager.rb +3 -5
data/lib/puppet/module.rb +5 -31
data/lib/puppet/module/task.rb +208 -30
data/lib/puppet/module_tool.rb +2 -5
data/lib/puppet/module_tool/applications.rb +0 -1
data/lib/puppet/module_tool/applications/application.rb +1 -1
data/lib/puppet/module_tool/applications/installer.rb +7 -8
data/lib/puppet/module_tool/applications/uninstaller.rb +4 -5
data/lib/puppet/module_tool/applications/unpacker.rb +1 -1
data/lib/puppet/module_tool/applications/upgrader.rb +5 -6
data/lib/puppet/module_tool/installed_modules.rb +2 -2
data/lib/puppet/module_tool/local_tarball.rb +3 -3
data/lib/puppet/module_tool/metadata.rb +1 -2
data/lib/puppet/module_tool/shared_behaviors.rb +6 -6
data/lib/puppet/module_tool/tar/mini.rb +2 -12
data/lib/puppet/network/authconfig.rb +0 -13
data/lib/puppet/network/format_support.rb +13 -8
data/lib/puppet/network/formats.rb +93 -2
data/lib/puppet/network/http.rb +0 -2
data/lib/puppet/network/http/api.rb +1 -10
data/lib/puppet/network/http/api/indirected_routes.rb +22 -16
data/lib/puppet/network/http/api/master/v3/environment.rb +0 -3
data/lib/puppet/network/http/connection.rb +14 -57
data/lib/puppet/network/http/factory.rb +13 -7
data/lib/puppet/network/http/handler.rb +59 -27
data/lib/puppet/network/http/pool.rb +1 -7
data/lib/puppet/network/http/site.rb +1 -1
data/lib/puppet/network/resolver.rb +140 -67
data/lib/puppet/node.rb +1 -2
data/lib/puppet/node/environment.rb +5 -30
data/lib/puppet/node/facts.rb +11 -1
data/lib/puppet/parameter.rb +4 -7
data/lib/puppet/parser/ast.rb +5 -9
data/lib/puppet/parser/ast/branch.rb +3 -3
data/lib/puppet/parser/ast/leaf.rb +5 -0
data/lib/puppet/parser/ast/resourceparam.rb +1 -1
data/lib/puppet/parser/catalog_compiler.rb +32 -0
data/lib/puppet/parser/compiler.rb +2 -3
data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +0 -2
data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +0 -2
data/lib/puppet/parser/environment_compiler.rb +0 -3
data/lib/puppet/parser/functions.rb +48 -18
data/lib/puppet/parser/functions/epp.rb +3 -3
data/lib/puppet/parser/functions/filter.rb +1 -1
data/lib/puppet/parser/functions/generate.rb +1 -1
data/lib/puppet/parser/functions/inline_epp.rb +5 -5
data/lib/puppet/parser/resource.rb +2 -4
data/lib/puppet/parser/resource/param.rb +12 -11
data/lib/puppet/parser/scope.rb +6 -8
data/lib/puppet/parser/script_compiler.rb +7 -2
data/lib/puppet/pops.rb +1 -0
data/lib/puppet/pops/adaptable.rb +13 -7
data/lib/puppet/pops/adapters.rb +18 -8
data/lib/puppet/pops/evaluator/access_operator.rb +2 -2
data/lib/puppet/pops/evaluator/collectors/abstract_collector.rb +4 -4
data/lib/puppet/pops/evaluator/collectors/catalog_collector.rb +1 -1
data/lib/puppet/pops/evaluator/collectors/exported_collector.rb +1 -1
data/lib/puppet/pops/evaluator/compare_operator.rb +3 -1
data/lib/puppet/pops/evaluator/deferred_resolver.rb +127 -0
data/lib/puppet/pops/evaluator/evaluator_impl.rb +17 -2
data/lib/puppet/pops/evaluator/external_syntax_support.rb +2 -3
data/lib/puppet/pops/evaluator/runtime3_converter.rb +23 -4
data/lib/puppet/pops/evaluator/runtime3_support.rb +7 -8
data/lib/puppet/pops/functions/dispatch.rb +6 -0
data/lib/puppet/pops/issues.rb +9 -10
data/lib/puppet/pops/loader/loader.rb +1 -1
data/lib/puppet/pops/loader/loader_paths.rb +5 -3
data/lib/puppet/pops/loader/module_loaders.rb +47 -21
data/lib/puppet/pops/loader/null_loader.rb +60 -0
data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +54 -0
data/lib/puppet/pops/loader/static_loader.rb +0 -36
data/lib/puppet/pops/loader/task_instantiator.rb +72 -44
data/lib/puppet/pops/loaders.rb +21 -33
data/lib/puppet/pops/lookup/hiera_config.rb +1 -2
data/lib/puppet/pops/lookup/sub_lookup.rb +1 -1
data/lib/puppet/pops/merge_strategy.rb +18 -22
data/lib/puppet/pops/model/ast.pp +16 -0
data/lib/puppet/pops/model/ast.rb +94 -0
data/lib/puppet/pops/model/factory.rb +17 -38
data/lib/puppet/pops/model/model_label_provider.rb +8 -1
data/lib/puppet/pops/parser/egrammar.ra +14 -3
data/lib/puppet/pops/parser/eparser.rb +1537 -1492
data/lib/puppet/pops/parser/epp_support.rb +6 -2
data/lib/puppet/pops/parser/heredoc_support.rb +8 -17
data/lib/puppet/pops/parser/interpolation_support.rb +4 -4
data/lib/puppet/pops/parser/lexer2.rb +2 -7
data/lib/puppet/pops/parser/locator.rb +87 -107
data/lib/puppet/pops/parser/parser_support.rb +2 -11
data/lib/puppet/pops/parser/pn_parser.rb +16 -17
data/lib/puppet/pops/pcore.rb +19 -8
data/lib/puppet/pops/puppet_stack.rb +48 -51
data/lib/puppet/pops/resource/resource_type_impl.rb +0 -2
data/lib/puppet/pops/serialization.rb +3 -2
data/lib/puppet/pops/serialization/from_data_converter.rb +4 -3
data/lib/puppet/pops/serialization/to_data_converter.rb +3 -3
data/lib/puppet/pops/serialization/to_stringified_converter.rb +226 -0
data/lib/puppet/pops/types/iterable.rb +8 -34
data/lib/puppet/pops/types/p_binary_type.rb +1 -2
data/lib/puppet/pops/types/p_meta_type.rb +1 -1
data/lib/puppet/pops/types/p_object_type.rb +3 -0
data/lib/puppet/pops/types/p_sensitive_type.rb +1 -1
data/lib/puppet/pops/types/p_timespan_type.rb +2 -2
data/lib/puppet/pops/types/p_type_set_type.rb +0 -4
data/lib/puppet/pops/types/string_converter.rb +12 -21
data/lib/puppet/pops/types/type_calculator.rb +0 -24
data/lib/puppet/pops/types/type_factory.rb +17 -0
data/lib/puppet/pops/types/type_mismatch_describer.rb +1 -1
data/lib/puppet/pops/types/types.rb +7 -32
data/lib/puppet/pops/validation/checker4_0.rb +23 -33
data/lib/puppet/pops/validation/tasks_checker.rb +47 -6
data/lib/puppet/pops/validation/validator_factory_4_0.rb +7 -10
data/lib/puppet/property.rb +1 -1
data/lib/puppet/property/ensure.rb +1 -1
data/lib/puppet/provider.rb +14 -2
data/lib/puppet/provider/exec.rb +58 -59
data/lib/puppet/provider/file/posix.rb +0 -5
data/lib/puppet/provider/file/windows.rb +2 -50
data/lib/puppet/provider/group/aix.rb +2 -18
data/lib/puppet/provider/group/groupadd.rb +19 -19
data/lib/puppet/provider/group/windows_adsi.rb +4 -11
data/lib/puppet/provider/nameservice.rb +28 -11
data/lib/puppet/provider/nameservice/directoryservice.rb +1 -1
data/lib/puppet/provider/nameservice/pw.rb +2 -2
data/lib/puppet/provider/package.rb +0 -2
data/lib/puppet/provider/package/aix.rb +2 -17
data/lib/puppet/provider/package/apt.rb +3 -14
data/lib/puppet/provider/package/dnf.rb +3 -3
data/lib/puppet/provider/package/dpkg.rb +7 -18
data/lib/puppet/provider/package/fink.rb +3 -20
data/lib/puppet/provider/package/gem.rb +43 -105
data/lib/puppet/provider/package/openbsd.rb +2 -14
data/lib/puppet/provider/package/pip.rb +108 -160
data/lib/puppet/provider/package/pip3.rb +1 -1
data/lib/puppet/provider/package/pkg.rb +5 -18
data/lib/puppet/provider/package/pkgdmg.rb +1 -1
data/lib/puppet/provider/package/pkgng.rb +4 -16
data/lib/puppet/provider/package/portage.rb +6 -6
data/lib/puppet/provider/package/puppet_gem.rb +2 -7
data/lib/puppet/provider/package/rpm.rb +33 -82
data/lib/puppet/provider/package/windows.rb +2 -6
data/lib/puppet/provider/package/windows/exe_package.rb +10 -16
data/lib/puppet/provider/package/windows/msi_package.rb +0 -8
data/lib/puppet/provider/package/windows/package.rb +2 -10
data/lib/puppet/provider/package/yum.rb +25 -37
data/lib/puppet/provider/package/zypper.rb +0 -1
data/lib/puppet/provider/parsedfile.rb +5 -26
data/lib/puppet/provider/service/base.rb +1 -1
data/lib/puppet/provider/service/daemontools.rb +9 -9
data/lib/puppet/provider/service/debian.rb +1 -0
data/lib/puppet/provider/service/launchd.rb +8 -39
data/lib/puppet/provider/service/openbsd.rb +1 -1
data/lib/puppet/provider/service/rcng.rb +2 -2
data/lib/puppet/provider/service/runit.rb +8 -2
data/lib/puppet/provider/service/smf.rb +0 -54
data/lib/puppet/provider/service/systemd.rb +24 -35
data/lib/puppet/provider/service/upstart.rb +1 -3
data/lib/puppet/provider/service/windows.rb +3 -23
data/lib/puppet/provider/user/aix.rb +2 -48
data/lib/puppet/provider/user/directoryservice.rb +8 -45
data/lib/puppet/provider/user/hpux.rb +1 -1
data/lib/puppet/provider/user/pw.rb +3 -12
data/lib/puppet/provider/user/user_role_add.rb +1 -5
data/lib/puppet/provider/user/useradd.rb +44 -74
data/lib/puppet/provider/user/windows_adsi.rb +0 -7
data/lib/puppet/reference/indirection.rb +2 -2
data/lib/puppet/reference/metaparameter.rb +3 -1
data/lib/puppet/reference/providers.rb +1 -1
data/lib/puppet/reference/type.rb +9 -3
data/lib/puppet/reports.rb +3 -3
data/lib/puppet/resource.rb +22 -22
data/lib/puppet/resource/catalog.rb +8 -14
data/lib/puppet/resource/type.rb +1 -10
data/lib/puppet/rest/client.rb +83 -0
data/lib/puppet/rest/errors.rb +14 -0
data/lib/puppet/rest/response.rb +34 -0
data/lib/puppet/rest/route.rb +84 -0
data/lib/puppet/rest/routes.rb +154 -0
data/lib/puppet/rest/ssl_context.rb +13 -0
data/lib/puppet/settings.rb +9 -54
data/lib/puppet/settings/config_file.rb +1 -2
data/lib/puppet/settings/environment_conf.rb +0 -1
data/lib/puppet/settings/file_setting.rb +1 -1
data/lib/puppet/settings/server_list_setting.rb +0 -9
data/lib/puppet/ssl.rb +0 -1
data/lib/puppet/ssl/base.rb +1 -9
data/lib/puppet/ssl/certificate.rb +7 -4
data/lib/puppet/ssl/certificate_request.rb +6 -14
data/lib/puppet/ssl/certificate_request_attributes.rb +1 -1
data/lib/puppet/ssl/host.rb +400 -174
data/lib/puppet/ssl/key.rb +1 -5
data/lib/puppet/ssl/oids.rb +3 -3
data/lib/puppet/ssl/validator/default_validator.rb +33 -49
data/lib/puppet/test/test_helper.rb +12 -18
data/lib/puppet/transaction.rb +7 -12
data/lib/puppet/transaction/event.rb +37 -14
data/lib/puppet/transaction/event_manager.rb +3 -11
data/lib/puppet/transaction/persistence.rb +1 -1
data/lib/puppet/transaction/report.rb +1 -1
data/lib/puppet/transaction/resource_harness.rb +2 -5
data/lib/puppet/type.rb +7 -10
data/lib/puppet/type/exec.rb +16 -50
data/lib/puppet/type/file.rb +7 -16
data/lib/puppet/type/file/content.rb +2 -3
data/lib/puppet/type/file/data_sync.rb +1 -5
data/lib/puppet/type/file/mode.rb +2 -7
data/lib/puppet/type/file/source.rb +2 -1
data/lib/puppet/type/filebucket.rb +8 -12
data/lib/puppet/type/group.rb +3 -33
data/lib/puppet/type/notify.rb +2 -3
data/lib/puppet/type/package.rb +18 -154
data/lib/puppet/type/resources.rb +2 -12
data/lib/puppet/type/schedule.rb +34 -96
data/lib/puppet/type/service.rb +10 -9
data/lib/puppet/type/tidy.rb +1 -1
data/lib/puppet/type/user.rb +30 -14
data/lib/puppet/util.rb +28 -52
data/lib/puppet/util/autoload.rb +62 -56
data/lib/puppet/util/character_encoding.rb +0 -22
data/lib/puppet/util/classgen.rb +0 -6
data/lib/puppet/util/command_line.rb +4 -7
data/lib/puppet/util/command_line/trollop.rb +1 -1
data/lib/puppet/util/connection.rb +74 -0
data/lib/puppet/util/execution.rb +7 -22
data/lib/puppet/util/feature.rb +63 -41
data/lib/puppet/util/fileparsing.rb +27 -5
data/lib/puppet/util/filetype.rb +8 -56
data/lib/puppet/util/http_proxy.rb +18 -27
data/lib/puppet/util/instance_loader.rb +3 -21
data/lib/puppet/util/json.rb +0 -8
data/lib/puppet/util/ldap/connection.rb +7 -7
data/lib/puppet/util/log.rb +3 -8
data/lib/puppet/util/log/destinations.rb +13 -5
data/lib/puppet/util/logging.rb +19 -31
data/lib/puppet/util/metric.rb +2 -2
data/lib/puppet/util/monkey_patches.rb +1 -1
data/lib/puppet/util/network_device/base.rb +1 -1
data/lib/puppet/util/pidlock.rb +3 -23
data/lib/puppet/util/platform.rb +3 -0
data/lib/puppet/util/plist.rb +0 -6
data/lib/puppet/util/posix.rb +0 -15
data/lib/puppet/util/provider_features.rb +6 -7
data/lib/puppet/util/rdoc.rb +2 -2
data/lib/puppet/util/rdoc/parser/puppet_parser_core.rb +1 -1
data/lib/puppet/util/reference.rb +8 -7
data/lib/puppet/util/resource_template.rb +1 -1
data/lib/puppet/util/rubygems.rb +1 -13
data/lib/puppet/util/run_mode.rb +1 -1
data/lib/puppet/util/selinux.rb +3 -9
data/lib/puppet/util/ssl.rb +40 -1
data/lib/puppet/util/storage.rb +1 -13
data/lib/puppet/util/suidmanager.rb +7 -5
data/lib/puppet/util/tag_set.rb +1 -1
data/lib/puppet/util/tagging.rb +1 -1
data/lib/puppet/util/windows.rb +15 -0
data/lib/puppet/util/windows/adsi.rb +7 -116
data/lib/puppet/util/windows/api_types.rb +33 -46
data/lib/puppet/util/windows/eventlog.rb +6 -1
data/lib/puppet/util/windows/principal.rb +6 -8
data/lib/puppet/util/windows/process.rb +3 -94
data/lib/puppet/util/windows/registry.rb +14 -46
data/lib/puppet/util/windows/security.rb +2 -40
data/lib/puppet/util/windows/service.rb +72 -431
data/lib/puppet/util/windows/sid.rb +3 -4
data/lib/puppet/util/windows/user.rb +9 -17
data/lib/puppet/util/yaml.rb +41 -5
data/lib/puppet/vendor.rb +1 -1
data/lib/puppet/version.rb +1 -1
data/lib/puppet_pal.rb +246 -23
data/locales/ja/puppet.po +11128 -0
data/locales/puppet.pot +1321 -2527
data/man/man5/puppet.conf.5 +31 -191
data/man/man8/puppet-agent.8 +2 -2
data/man/man8/puppet-apply.8 +1 -1
data/man/man8/puppet-catalog.8 +1 -1
data/man/man8/puppet-config.8 +3 -3
data/man/man8/puppet-describe.8 +1 -1
data/man/man8/puppet-device.8 +19 -23
data/man/man8/puppet-doc.8 +1 -1
data/man/man8/puppet-epp.8 +1 -1
data/man/man8/puppet-facts.8 +1 -1
data/man/man8/puppet-filebucket.8 +2 -21
data/man/man8/puppet-generate.8 +1 -1
data/man/man8/puppet-help.8 +1 -1
data/man/man8/puppet-key.8 +1 -7
data/man/man8/puppet-lookup.8 +1 -1
data/man/man8/puppet-man.8 +1 -1
data/man/man8/puppet-module.8 +10 -100
data/man/man8/puppet-node.8 +4 -7
data/man/man8/puppet-parser.8 +1 -1
data/man/man8/puppet-plugin.8 +1 -1
data/man/man8/puppet-report.8 +1 -1
data/man/man8/puppet-resource.8 +1 -1
data/man/man8/puppet-script.8 +1 -1
data/man/man8/puppet-ssl.8 +28 -0
data/man/man8/puppet-status.8 +1 -1
data/man/man8/puppet.8 +12 -3
data/spec/fixtures/unit/functions/hiera/hiera/backend/hieraspec_backend.rb +22 -0
data/spec/fixtures/unit/functions/lookup/hiera/backend/custom_backend.rb +18 -0
data/spec/fixtures/unit/functions/lookup/hiera/backend/other_backend.rb +7 -0
data/spec/fixtures/unit/pops/loaders/loaders/dependent_modules_with_metadata/modules/user/manifests/init.pp +6 -6
data/spec/fixtures/unit/provider/package/pkgng/pkg.info +0 -1
data/spec/fixtures/unit/provider/package/pkgng/pkg.version +0 -2
data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services +0 -9
data/spec/integration/agent/logging_spec.rb +9 -7
data/spec/integration/application/apply_spec.rb +31 -26
data/spec/integration/application/doc_spec.rb +2 -1
data/spec/integration/application/lookup_spec.rb +5 -5
data/spec/integration/configurer_spec.rb +8 -76
data/spec/integration/data_binding_spec.rb +1 -1
data/spec/integration/defaults_spec.rb +13 -16
data/spec/integration/directory_environments_spec.rb +1 -1
data/spec/integration/faces/config_spec.rb +4 -3
data/spec/integration/faces/documentation_spec.rb +1 -0
data/spec/integration/faces/plugin_spec.rb +49 -29
data/spec/integration/file_bucket/file_spec.rb +4 -19
data/spec/integration/file_serving/content_spec.rb +1 -0
data/spec/integration/file_serving/fileset_spec.rb +1 -0
data/spec/integration/file_serving/metadata_spec.rb +1 -0
data/spec/integration/file_serving/terminus_helper_spec.rb +1 -0
data/spec/integration/file_system/uniquefile_spec.rb +26 -29
data/spec/integration/indirector/catalog/compiler_spec.rb +11 -10
data/spec/integration/indirector/direct_file_server_spec.rb +1 -1
data/spec/integration/indirector/facts/facter_spec.rb +8 -22
data/spec/integration/indirector/file_content/file_server_spec.rb +8 -7
data/spec/integration/indirector/file_metadata/file_server_spec.rb +8 -7
data/spec/integration/network/authconfig_spec.rb +24 -23
data/spec/integration/network/formats_spec.rb +1 -0
data/spec/integration/network/http/api/indirected_routes_spec.rb +6 -34
data/spec/integration/node/environment_spec.rb +2 -1
data/spec/integration/node/facts_spec.rb +10 -9
data/spec/integration/node_spec.rb +7 -10
data/spec/integration/parser/catalog_spec.rb +8 -6
data/spec/integration/parser/collection_spec.rb +9 -4
data/spec/integration/parser/compiler_spec.rb +7 -25
data/spec/integration/parser/scope_spec.rb +1 -1
data/spec/integration/parser/undef_param_spec.rb +1 -1
data/spec/integration/provider/service/init_spec.rb +9 -6
data/spec/integration/provider/service/systemd_spec.rb +14 -11
data/spec/integration/provider/service/windows_spec.rb +11 -8
data/spec/integration/reference/providers_spec.rb +7 -0
data/spec/integration/reports_spec.rb +2 -1
data/spec/integration/resource/catalog_spec.rb +17 -14
data/spec/integration/resource/type_collection_spec.rb +5 -4
data/spec/integration/ssl/certificate_request_spec.rb +1 -2
data/spec/integration/ssl/host_spec.rb +17 -24
data/spec/integration/ssl/key_spec.rb +7 -2
data/spec/integration/test/test_helper_spec.rb +32 -0
data/spec/integration/transaction/report_spec.rb +14 -9
data/spec/integration/type/exec_spec.rb +2 -1
data/spec/integration/type/file_spec.rb +38 -46
data/spec/integration/type/package_spec.rb +25 -21
data/spec/integration/type/tidy_spec.rb +2 -1
data/spec/integration/type_spec.rb +1 -0
data/spec/integration/util/autoload_spec.rb +11 -7
data/spec/integration/util/execution_spec.rb +5 -32
data/spec/integration/util/rdoc/parser_spec.rb +14 -23
data/spec/integration/util/settings_spec.rb +2 -1
data/spec/integration/util/windows/adsi_spec.rb +8 -11
data/spec/integration/util/windows/principal_spec.rb +2 -1
data/spec/integration/util/windows/process_spec.rb +9 -7
data/spec/integration/util/windows/registry_spec.rb +46 -127
data/spec/integration/util/windows/security_spec.rb +15 -16
data/spec/integration/util/windows/user_spec.rb +29 -66
data/spec/integration/util_spec.rb +10 -7
data/spec/lib/matchers/json.rb +12 -18
data/{lib/puppet/ssl → spec/lib/puppet}/certificate_factory.rb +5 -6
data/spec/lib/puppet/test_ca.rb +109 -0
data/spec/lib/puppet_spec/compiler.rb +28 -1
data/spec/lib/puppet_spec/files.rb +29 -23
data/spec/lib/puppet_spec/module_tool/shared_functions.rb +1 -1
data/spec/lib/puppet_spec/modules.rb +11 -1
data/spec/lib/puppet_spec/scope.rb +2 -1
data/spec/lib/puppet_spec/ssl.rb +265 -0
data/spec/lib/puppet_spec/validators.rb +37 -0
data/spec/shared_behaviours/all_parsedfile_providers.rb +1 -1
data/spec/shared_behaviours/file_server_terminus.rb +9 -8
data/spec/shared_behaviours/file_serving.rb +8 -6
data/spec/shared_behaviours/file_serving_model.rb +5 -22
data/spec/shared_behaviours/hiera_indirections.rb +4 -3
data/spec/shared_behaviours/iterative_functions.rb +1 -0
data/spec/shared_behaviours/memory_terminus.rb +2 -2
data/spec/shared_behaviours/path_parameters.rb +1 -1
data/spec/shared_contexts/types_setup.rb +0 -2
data/spec/shared_examples/rhel_package_provider.rb +70 -112
data/spec/spec_helper.rb +1 -15
data/spec/unit/agent/disabler_spec.rb +5 -4
data/spec/unit/agent/locker_spec.rb +13 -12
data/spec/unit/agent_spec.rb +102 -105
data/spec/unit/application/agent_spec.rb +95 -114
data/spec/unit/application/apply_spec.rb +92 -119
data/spec/unit/application/config_spec.rb +1 -0
data/spec/unit/application/describe_spec.rb +7 -6
data/spec/unit/application/device_spec.rb +180 -181
data/spec/unit/application/doc_spec.rb +46 -44
data/spec/unit/application/face_base_spec.rb +62 -61
data/spec/unit/application/facts_spec.rb +4 -3
data/spec/unit/application/filebucket_spec.rb +74 -66
data/spec/unit/application/indirection_base_spec.rb +6 -8
data/spec/unit/application/lookup_spec.rb +44 -37
data/spec/unit/application/resource_spec.rb +48 -42
data/spec/unit/application/ssl_spec.rb +322 -0
data/spec/unit/application_spec.rb +108 -90
data/spec/unit/capability_spec.rb +15 -16
data/spec/unit/{ssl/certificate_factory_spec.rb → certificate_factory_spec.rb} +13 -20
data/spec/unit/configurer/downloader_spec.rb +22 -31
data/spec/unit/configurer/fact_handler_spec.rb +7 -2
data/spec/unit/configurer/plugin_handler_spec.rb +8 -41
data/spec/unit/configurer_spec.rb +475 -520
data/spec/unit/confine/exists_spec.rb +15 -17
data/spec/unit/confine/false_spec.rb +6 -32
data/spec/unit/confine/feature_spec.rb +5 -7
data/spec/unit/confine/true_spec.rb +6 -32
data/spec/unit/confine/variable_spec.rb +15 -14
data/spec/unit/confine_collection_spec.rb +29 -28
data/spec/unit/confine_spec.rb +14 -13
data/spec/unit/confiner_spec.rb +11 -10
data/spec/unit/context/trusted_information_spec.rb +4 -3
data/spec/unit/daemon_spec.rb +38 -35
data/spec/unit/data_providers/function_data_provider_spec.rb +1 -0
data/spec/unit/data_providers/hiera_data_provider_spec.rb +1 -0
data/spec/unit/datatypes_spec.rb +4 -3
data/spec/unit/defaults_spec.rb +61 -32
data/spec/unit/environments_spec.rb +7 -7
data/spec/unit/etc_spec.rb +29 -52
data/spec/unit/external/pson_spec.rb +1 -0
data/spec/unit/face/catalog_spec.rb +1 -0
data/spec/unit/face/config_spec.rb +35 -31
data/spec/unit/face/epp_face_spec.rb +4 -3
data/spec/unit/face/facts_spec.rb +6 -14
data/spec/unit/face/generate_spec.rb +5 -4
data/spec/unit/face/help_spec.rb +8 -7
data/spec/unit/face/key_spec.rb +1 -0
data/spec/unit/face/man_spec.rb +2 -1
data/spec/unit/face/module/install_spec.rb +5 -3
data/spec/unit/face/module/list_spec.rb +12 -62
data/spec/unit/face/module/search_spec.rb +9 -11
data/spec/unit/face/module/uninstall_spec.rb +8 -4
data/spec/unit/face/node_spec.rb +30 -52
data/spec/unit/face/parser_spec.rb +3 -3
data/spec/unit/face/plugin_spec.rb +9 -44
data/spec/unit/face/status_spec.rb +1 -0
data/spec/unit/file_bucket/dipper_spec.rb +24 -28
data/spec/unit/file_bucket/file_spec.rb +2 -0
data/spec/unit/file_serving/base_spec.rb +18 -20
data/spec/unit/file_serving/configuration/parser_spec.rb +28 -27
data/spec/unit/file_serving/configuration_spec.rb +66 -63
data/spec/unit/file_serving/content_spec.rb +11 -10
data/spec/unit/file_serving/fileset_spec.rb +58 -63
data/spec/unit/file_serving/http_metadata_spec.rb +7 -8
data/spec/unit/file_serving/metadata_spec.rb +40 -40
data/spec/unit/file_serving/mount/file_spec.rb +32 -31
data/spec/unit/file_serving/mount/locales_spec.rb +26 -25
data/spec/unit/file_serving/mount/modules_spec.rb +15 -14
data/spec/unit/file_serving/mount/pluginfacts_spec.rb +26 -25
data/spec/unit/file_serving/mount/plugins_spec.rb +26 -25
data/spec/unit/file_serving/mount/tasks_spec.rb +15 -14
data/spec/unit/file_serving/mount_spec.rb +1 -0
data/spec/unit/file_serving/terminus_helper_spec.rb +42 -37
data/spec/unit/file_serving/terminus_selector_spec.rb +13 -12
data/spec/unit/file_system/path_pattern_spec.rb +1 -1
data/spec/unit/file_system/uniquefile_spec.rb +6 -17
data/spec/unit/file_system_spec.rb +9 -6
data/spec/unit/forge/errors_spec.rb +1 -1
data/spec/unit/forge/forge_spec.rb +16 -15
data/spec/unit/forge/module_release_spec.rb +18 -18
data/spec/unit/forge/repository_spec.rb +30 -27
data/spec/unit/forge_spec.rb +11 -15
data/spec/unit/functions/abs_spec.rb +70 -0
data/spec/unit/functions/binary_file_spec.rb +3 -3
data/spec/unit/functions/call_spec.rb +59 -5
data/spec/unit/functions/camelcase_spec.rb +34 -0
data/spec/unit/functions/capitalize_spec.rb +34 -0
data/spec/unit/functions/ceiling_spec.rb +65 -0
data/spec/unit/functions/chomp_spec.rb +46 -0
data/spec/unit/functions/chop_spec.rb +38 -0
data/spec/unit/functions/compare_spec.rb +147 -0
data/spec/unit/functions/contain_spec.rb +2 -0
data/spec/unit/functions/convert_to_spec.rb +3 -0
data/spec/unit/functions/defined_spec.rb +1 -0
data/spec/unit/functions/downcase_spec.rb +34 -0
data/spec/unit/functions/epp_spec.rb +2 -2
data/spec/unit/functions/filter_spec.rb +4 -4
data/spec/unit/functions/find_file_spec.rb +7 -7
data/spec/unit/functions/floor_spec.rb +65 -0
data/spec/unit/functions/get_spec.rb +135 -0
data/spec/unit/functions/getvar_spec.rb +121 -0
data/spec/unit/functions/hiera_spec.rb +14 -48
data/spec/unit/functions/include_spec.rb +4 -0
data/spec/unit/functions/lookup_fixture_spec.rb +1 -0
data/spec/unit/functions/lookup_spec.rb +37 -62
data/spec/unit/functions/lstrip_spec.rb +30 -0
data/spec/unit/functions/match_spec.rb +3 -4
data/spec/unit/functions/max_spec.rb +129 -0
data/spec/unit/functions/min_spec.rb +129 -0
data/spec/unit/functions/module_directory_spec.rb +12 -12
data/spec/unit/functions/new_spec.rb +0 -15
data/spec/unit/functions/regsubst_spec.rb +3 -4
data/spec/unit/functions/require_spec.rb +3 -0
data/spec/unit/functions/round_spec.rb +41 -0
data/spec/unit/functions/rstrip_spec.rb +30 -0
data/spec/unit/functions/shared.rb +8 -5
data/spec/unit/functions/size_spec.rb +50 -0
data/spec/unit/functions/sort_spec.rb +79 -0
data/spec/unit/functions/split_spec.rb +3 -4
data/spec/unit/functions/strip_spec.rb +30 -0
data/spec/unit/functions/upcase_spec.rb +34 -0
data/spec/unit/functions/versioncmp_spec.rb +4 -4
data/spec/unit/functions4_spec.rb +78 -51
data/spec/unit/gettext/config_spec.rb +4 -4
data/spec/unit/gettext/module_loading_spec.rb +7 -7
data/spec/unit/graph/rb_tree_map_spec.rb +2 -0
data/spec/unit/graph/relationship_graph_spec.rb +2 -1
data/spec/unit/graph/simple_graph_spec.rb +52 -11
data/spec/unit/hiera/scope_spec.rb +0 -7
data/spec/unit/hiera_puppet_spec.rb +20 -20
data/spec/unit/indirector/catalog/compiler_spec.rb +166 -183
data/spec/unit/indirector/catalog/json_spec.rb +2 -1
data/spec/unit/indirector/catalog/msgpack_spec.rb +1 -0
data/spec/unit/indirector/catalog/rest_spec.rb +1 -0
data/spec/unit/indirector/catalog/store_configs_spec.rb +1 -0
data/spec/unit/indirector/catalog/yaml_spec.rb +1 -0
data/spec/unit/indirector/certificate/file_spec.rb +1 -8
data/spec/unit/indirector/certificate/rest_spec.rb +10 -8
data/spec/unit/indirector/certificate_request/file_spec.rb +1 -0
data/spec/unit/indirector/certificate_request/rest_spec.rb +1 -0
data/spec/unit/indirector/direct_file_server_spec.rb +49 -57
data/spec/unit/indirector/envelope_spec.rb +2 -1
data/spec/unit/indirector/exec_spec.rb +31 -26
data/spec/unit/indirector/face_spec.rb +9 -9
data/spec/unit/indirector/facts/facter_spec.rb +43 -37
data/spec/unit/indirector/facts/network_device_spec.rb +9 -8
data/spec/unit/indirector/facts/rest_spec.rb +8 -7
data/spec/unit/indirector/facts/store_configs_spec.rb +1 -0
data/spec/unit/indirector/facts/yaml_spec.rb +90 -77
data/spec/unit/indirector/file_bucket_file/file_spec.rb +13 -9
data/spec/unit/indirector/file_bucket_file/rest_spec.rb +1 -0
data/spec/unit/indirector/file_bucket_file/selector_spec.rb +5 -4
data/spec/unit/indirector/file_content/file_server_spec.rb +1 -0
data/spec/unit/indirector/file_content/file_spec.rb +1 -0
data/spec/unit/indirector/file_content/rest_spec.rb +1 -0
data/spec/unit/indirector/file_content/selector_spec.rb +1 -0
data/spec/unit/indirector/file_metadata/file_server_spec.rb +1 -0
data/spec/unit/indirector/file_metadata/file_spec.rb +13 -12
data/spec/unit/indirector/file_metadata/rest_spec.rb +1 -0
data/spec/unit/indirector/file_metadata/selector_spec.rb +1 -0
data/spec/unit/indirector/file_server_spec.rb +145 -145
data/spec/unit/indirector/indirection_spec.rb +226 -249
data/spec/unit/indirector/json_spec.rb +9 -7
data/spec/unit/indirector/key/file_spec.rb +22 -38
data/spec/unit/indirector/memory_spec.rb +7 -6
data/spec/unit/indirector/msgpack_spec.rb +9 -7
data/spec/unit/indirector/node/exec_spec.rb +43 -22
data/spec/unit/indirector/node/memory_spec.rb +4 -2
data/spec/unit/indirector/node/msgpack_spec.rb +1 -0
data/spec/unit/indirector/node/plain_spec.rb +4 -2
data/spec/unit/indirector/node/rest_spec.rb +1 -0
data/spec/unit/indirector/node/store_configs_spec.rb +1 -0
data/spec/unit/indirector/node/yaml_spec.rb +1 -0
data/spec/unit/indirector/none_spec.rb +5 -5
data/spec/unit/indirector/plain_spec.rb +8 -7
data/spec/unit/indirector/report/msgpack_spec.rb +1 -0
data/spec/unit/indirector/report/processor_spec.rb +22 -21
data/spec/unit/indirector/report/rest_spec.rb +12 -11
data/spec/unit/indirector/report/yaml_spec.rb +1 -0
data/spec/unit/indirector/request_spec.rb +18 -15
data/spec/unit/indirector/resource/ral_spec.rb +55 -47
data/spec/unit/indirector/resource/store_configs_spec.rb +1 -0
data/spec/unit/indirector/rest_spec.rb +110 -113
data/spec/unit/indirector/ssl_file_spec.rb +100 -119
data/spec/unit/indirector/status/local_spec.rb +1 -0
data/spec/unit/indirector/status/rest_spec.rb +1 -0
data/spec/unit/indirector/store_configs_spec.rb +1 -0
data/spec/unit/indirector/terminus_spec.rb +30 -32
data/spec/unit/indirector/yaml_spec.rb +90 -68
data/spec/unit/indirector_spec.rb +2 -1
data/spec/unit/info_service_spec.rb +144 -10
data/spec/unit/interface/action_builder_spec.rb +1 -0
data/spec/unit/interface/action_manager_spec.rb +1 -0
data/spec/unit/interface/action_spec.rb +3 -2
data/spec/unit/interface/documentation_spec.rb +1 -0
data/spec/unit/interface/face_collection_spec.rb +12 -19
data/spec/unit/interface_spec.rb +3 -3
data/spec/unit/man_spec.rb +4 -3
data/spec/unit/module_spec.rb +52 -102
data/spec/unit/module_tool/applications/installer_spec.rb +13 -12
data/spec/unit/module_tool/applications/searcher_spec.rb +3 -3
data/spec/unit/module_tool/applications/uninstaller_spec.rb +2 -1
data/spec/unit/module_tool/applications/unpacker_spec.rb +13 -13
data/spec/unit/module_tool/applications/upgrader_spec.rb +6 -6
data/spec/unit/module_tool/install_directory_spec.rb +8 -8
data/spec/unit/module_tool/installed_modules_spec.rb +3 -3
data/spec/unit/module_tool/tar/gnu_spec.rb +6 -6
data/spec/unit/module_tool/tar/mini_spec.rb +12 -12
data/spec/unit/module_tool/tar_spec.rb +13 -12
data/spec/unit/module_tool_spec.rb +12 -29
data/spec/unit/network/auth_config_parser_spec.rb +13 -11
data/spec/unit/network/authconfig_spec.rb +18 -17
data/spec/unit/network/authorization_spec.rb +5 -4
data/spec/unit/network/authstore_spec.rb +1 -0
data/spec/unit/network/format_handler_spec.rb +1 -0
data/spec/unit/network/format_spec.rb +10 -9
data/spec/unit/network/format_support_spec.rb +29 -28
data/spec/unit/network/formats_spec.rb +31 -4
data/spec/unit/network/http/api/indirected_routes_spec.rb +41 -51
data/spec/unit/network/http/api/master/v3/authorization_spec.rb +7 -9
data/spec/unit/network/http/api/master/v3/environment_spec.rb +1 -2
data/spec/unit/network/http/api/master/v3/environments_spec.rb +7 -6
data/spec/unit/network/http/api_spec.rb +2 -26
data/spec/unit/network/http/compression_spec.rb +28 -24
data/spec/unit/network/http/connection_spec.rb +122 -72
data/spec/unit/network/http/factory_spec.rb +11 -40
data/spec/unit/network/http/handler_spec.rb +18 -9
data/spec/unit/network/http/nocache_pool_spec.rb +7 -6
data/spec/unit/network/http/pool_spec.rb +29 -60
data/spec/unit/network/http/request_spec.rb +2 -0
data/spec/unit/network/http/response_spec.rb +13 -11
data/spec/unit/network/http/route_spec.rb +1 -0
data/spec/unit/network/http/session_spec.rb +2 -1
data/spec/unit/network/http/site_spec.rb +1 -0
data/spec/unit/network/http_pool_spec.rb +9 -18
data/spec/unit/network/http_spec.rb +1 -0
data/spec/unit/network/resolver_spec.rb +104 -28
data/spec/unit/network/rights_spec.rb +53 -52
data/spec/unit/node/environment_spec.rb +17 -18
data/spec/unit/node/facts_spec.rb +21 -6
data/spec/unit/node_spec.rb +23 -17
data/spec/unit/other/selinux_spec.rb +1 -71
data/spec/unit/parameter/boolean_spec.rb +2 -1
data/spec/unit/parameter/package_options_spec.rb +2 -1
data/spec/unit/parameter/path_spec.rb +1 -0
data/spec/unit/parameter/value_collection_spec.rb +1 -0
data/spec/unit/parameter/value_spec.rb +1 -0
data/spec/unit/parameter_spec.rb +9 -9
data/spec/unit/parser/ast/block_expression_spec.rb +8 -6
data/spec/unit/parser/ast/leaf_spec.rb +21 -20
data/spec/unit/parser/compiler_spec.rb +96 -84
data/spec/unit/parser/environment_compiler_spec.rb +16 -23
data/spec/unit/parser/files_spec.rb +1 -0
data/spec/unit/parser/functions/create_resources_spec.rb +1 -1
data/spec/unit/parser/functions/digest_spec.rb +1 -4
data/spec/unit/parser/functions/fail_spec.rb +2 -5
data/spec/unit/parser/functions/file_spec.rb +14 -17
data/spec/unit/parser/functions/fqdn_rand_spec.rb +6 -5
data/spec/unit/parser/functions/generate_spec.rb +37 -38
data/spec/unit/parser/functions/inline_template_spec.rb +1 -4
data/spec/unit/parser/functions/regsubst_spec.rb +1 -4
data/spec/unit/parser/functions/scanf_spec.rb +1 -4
data/spec/unit/parser/functions/shellquote_spec.rb +1 -0
data/spec/unit/parser/functions/split_spec.rb +1 -4
data/spec/unit/parser/functions/sprintf_spec.rb +1 -4
data/spec/unit/parser/functions/tag_spec.rb +2 -5
data/spec/unit/parser/functions/tagged_spec.rb +3 -6
data/spec/unit/parser/functions/template_spec.rb +13 -17
data/spec/unit/parser/functions/versioncmp_spec.rb +2 -5
data/spec/unit/parser/functions_spec.rb +29 -3
data/spec/unit/parser/relationship_spec.rb +1 -0
data/spec/unit/parser/resource/param_spec.rb +1 -1
data/spec/unit/parser/resource_spec.rb +42 -42
data/spec/unit/parser/scope_spec.rb +35 -39
data/spec/unit/parser/templatewrapper_spec.rb +12 -11
data/spec/unit/parser/type_loader_spec.rb +19 -17
data/spec/unit/pops/adaptable_spec.rb +1 -0
data/spec/unit/pops/benchmark_spec.rb +1 -0
data/spec/unit/pops/evaluator/access_ops_spec.rb +1 -0
data/spec/unit/pops/evaluator/arithmetic_ops_spec.rb +11 -0
data/spec/unit/pops/evaluator/basic_expressions_spec.rb +1 -0
data/spec/unit/pops/evaluator/collections_ops_spec.rb +1 -0
data/spec/unit/pops/evaluator/comparison_ops_spec.rb +1 -0
data/spec/unit/pops/evaluator/conditionals_spec.rb +1 -0
data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +78 -18
data/spec/unit/pops/evaluator/logical_ops_spec.rb +1 -0
data/spec/unit/pops/evaluator/runtime3_converter_spec.rb +5 -4
data/spec/unit/pops/evaluator/string_interpolation_spec.rb +1 -0
data/spec/unit/pops/evaluator/variables_spec.rb +1 -0
data/spec/unit/pops/factory_spec.rb +4 -3
data/spec/unit/pops/issues_spec.rb +20 -19
data/spec/unit/pops/loaders/dependency_loader_spec.rb +2 -2
data/spec/unit/pops/loaders/loader_spec.rb +12 -36
data/spec/unit/pops/loaders/loaders_spec.rb +57 -54
data/spec/unit/pops/loaders/module_loaders_spec.rb +35 -3
data/spec/unit/pops/loaders/static_loader_spec.rb +0 -36
data/spec/unit/pops/lookup/context_spec.rb +1 -0
data/spec/unit/pops/lookup/interpolation_spec.rb +3 -2
data/spec/unit/pops/merge_strategy_spec.rb +1 -0
data/spec/unit/pops/migration_spec.rb +5 -3
data/spec/unit/pops/model/model_spec.rb +1 -0
data/spec/unit/pops/model/pn_transformer_spec.rb +1 -0
data/spec/unit/pops/parser/lexer2_spec.rb +60 -21
data/spec/unit/pops/parser/locator_spec.rb +6 -48
data/spec/unit/pops/parser/parse_application_spec.rb +1 -0
data/spec/unit/pops/parser/parse_basic_expressions_spec.rb +1 -0
data/spec/unit/pops/parser/parse_calls_spec.rb +1 -0
data/spec/unit/pops/parser/parse_capabilities_spec.rb +1 -0
data/spec/unit/pops/parser/parse_conditionals_spec.rb +1 -0
data/spec/unit/pops/parser/parse_containers_spec.rb +1 -0
data/spec/unit/pops/parser/parse_heredoc_spec.rb +12 -124
data/spec/unit/pops/parser/parse_plan_spec.rb +1 -0
data/spec/unit/pops/parser/parse_resource_spec.rb +1 -0
data/spec/unit/pops/parser/parse_site_spec.rb +1 -0
data/spec/unit/pops/parser/pn_parser_spec.rb +1 -0
data/spec/unit/pops/pn_spec.rb +1 -0
data/spec/unit/pops/resource/resource_type_impl_spec.rb +1 -0
data/spec/unit/pops/serialization/serialization_spec.rb +7 -5
data/spec/unit/pops/serialization/to_from_hr_spec.rb +29 -4
data/spec/unit/pops/serialization/to_stringified_spec.rb +157 -0
data/spec/unit/pops/types/deferred_spec.rb +87 -0
data/spec/unit/pops/types/p_object_type_spec.rb +20 -0
data/spec/unit/pops/types/p_timespan_type_spec.rb +0 -22
data/spec/unit/pops/types/p_timestamp_type_spec.rb +0 -19
data/spec/unit/pops/types/recursion_guard_spec.rb +10 -10
data/spec/unit/pops/types/ruby_generator_spec.rb +2 -2
data/spec/unit/pops/types/string_converter_spec.rb +11 -22
data/spec/unit/pops/types/task_spec.rb +148 -16
data/spec/unit/pops/types/type_asserter_spec.rb +2 -2
data/spec/unit/pops/types/type_calculator_spec.rb +36 -36
data/spec/unit/pops/types/type_mismatch_describer_spec.rb +0 -9
data/spec/unit/pops/types/type_parser_spec.rb +13 -13
data/spec/unit/pops/types/types_spec.rb +12 -6
data/spec/unit/pops/validator/validator_spec.rb +162 -82
data/spec/unit/pops/visitor_spec.rb +1 -0
data/spec/unit/property/boolean_spec.rb +1 -1
data/spec/unit/property/ensure_spec.rb +1 -0
data/spec/unit/property/keyvalue_spec.rb +34 -32
data/spec/unit/property/list_spec.rb +27 -26
data/spec/unit/property/ordered_list_spec.rb +14 -10
data/spec/unit/property_spec.rb +53 -43
data/spec/unit/provider/aix_object_spec.rb +45 -47
data/spec/unit/provider/command_spec.rb +9 -9
data/spec/unit/provider/exec/posix_spec.rb +9 -8
data/spec/unit/provider/exec/shell_spec.rb +3 -1
data/spec/unit/provider/exec/windows_spec.rb +6 -4
data/spec/unit/provider/exec_spec.rb +1 -209
data/spec/unit/provider/file/posix_spec.rb +24 -22
data/spec/unit/provider/file/windows_spec.rb +19 -17
data/spec/unit/provider/group/aix_spec.rb +7 -22
data/spec/unit/provider/group/groupadd_spec.rb +27 -60
data/spec/unit/provider/group/ldap_spec.rb +36 -33
data/spec/unit/provider/group/pw_spec.rb +18 -15
data/spec/unit/provider/group/windows_adsi_spec.rb +80 -128
data/spec/unit/provider/ldap_spec.rb +62 -61
data/spec/unit/provider/nameservice/directoryservice_spec.rb +109 -102
data/spec/unit/provider/nameservice_spec.rb +41 -39
data/spec/unit/provider/package/aix_spec.rb +22 -48
data/spec/unit/provider/package/appdmg_spec.rb +13 -13
data/spec/unit/provider/package/apt_spec.rb +35 -60
data/spec/unit/provider/package/aptitude_spec.rb +7 -7
data/spec/unit/provider/package/aptrpm_spec.rb +13 -8
data/spec/unit/provider/package/base_spec.rb +4 -4
data/spec/unit/provider/package/dnf_spec.rb +23 -34
data/spec/unit/provider/package/dpkg_spec.rb +72 -114
data/spec/unit/provider/package/freebsd_spec.rb +18 -15
data/spec/unit/provider/package/gem_spec.rb +86 -163
data/spec/unit/provider/package/hpux_spec.rb +18 -15
data/spec/unit/provider/package/macports_spec.rb +54 -56
data/spec/unit/provider/package/nim_spec.rb +49 -33
data/spec/unit/provider/package/openbsd_spec.rb +49 -60
data/spec/unit/provider/package/opkg_spec.rb +26 -23
data/spec/unit/provider/package/pacman_spec.rb +118 -97
data/spec/unit/provider/package/pip3_spec.rb +6 -20
data/spec/unit/provider/package/pip_spec.rb +129 -185
data/spec/unit/provider/package/pkg_spec.rb +119 -129
data/spec/unit/provider/package/pkgdmg_spec.rb +63 -65
data/spec/unit/provider/package/pkgin_spec.rb +23 -20
data/spec/unit/provider/package/pkgng_spec.rb +35 -67
data/spec/unit/provider/package/pkgutil_spec.rb +49 -45
data/spec/unit/provider/package/portage_spec.rb +76 -72
data/spec/unit/provider/package/puppet_gem_spec.rb +21 -45
data/spec/unit/provider/package/rpm_spec.rb +79 -291
data/spec/unit/provider/package/sun_spec.rb +18 -16
data/spec/unit/provider/package/tdnf_spec.rb +12 -9
data/spec/unit/provider/package/up2date_spec.rb +4 -2
data/spec/unit/provider/package/urpmi_spec.rb +17 -15
data/spec/unit/provider/package/windows/exe_package_spec.rb +18 -15
data/spec/unit/provider/package/windows/msi_package_spec.rb +23 -20
data/spec/unit/provider/package/windows/package_spec.rb +43 -38
data/spec/unit/provider/package/windows_spec.rb +36 -51
data/spec/unit/provider/package/yum_spec.rb +24 -128
data/spec/unit/provider/package/zypper_spec.rb +106 -117
data/spec/unit/provider/parsedfile_spec.rb +45 -44
data/spec/unit/provider/service/base_spec.rb +6 -5
data/spec/unit/provider/service/bsd_spec.rb +54 -47
data/spec/unit/provider/service/daemontools_spec.rb +53 -70
data/spec/unit/provider/service/debian_spec.rb +58 -46
data/spec/unit/provider/service/freebsd_spec.rb +23 -20
data/spec/unit/provider/service/gentoo_spec.rb +81 -74
data/spec/unit/provider/service/init_spec.rb +66 -65
data/spec/unit/provider/service/launchd_spec.rb +114 -181
data/spec/unit/provider/service/openbsd_spec.rb +94 -87
data/spec/unit/provider/service/openrc_spec.rb +74 -70
data/spec/unit/provider/service/openwrt_spec.rb +38 -30
data/spec/unit/provider/service/rcng_spec.rb +24 -19
data/spec/unit/provider/service/redhat_spec.rb +60 -60
data/spec/unit/provider/service/runit_spec.rb +44 -61
data/spec/unit/provider/service/smf_spec.rb +74 -143
data/spec/unit/provider/service/src_spec.rb +69 -60
data/spec/unit/provider/service/systemd_spec.rb +160 -222
data/spec/unit/provider/service/upstart_spec.rb +99 -83
data/spec/unit/provider/service/windows_spec.rb +42 -84
data/spec/unit/provider/user/aix_spec.rb +24 -65
data/spec/unit/provider/user/directoryservice_spec.rb +114 -187
data/spec/unit/provider/user/hpux_spec.rb +21 -17
data/spec/unit/provider/user/ldap_spec.rb +83 -80
data/spec/unit/provider/user/openbsd_spec.rb +12 -11
data/spec/unit/provider/user/pw_spec.rb +44 -80
data/spec/unit/provider/user/user_role_add_spec.rb +94 -94
data/spec/unit/provider/user/useradd_spec.rb +100 -208
data/spec/unit/provider/user/windows_adsi_spec.rb +63 -62
data/spec/unit/provider_spec.rb +189 -41
data/spec/unit/puppet_pal_2pec.rb +26 -12
data/spec/unit/puppet_pal_catalog_spec.rb +801 -0
data/spec/unit/puppet_pal_spec.rb +2 -8
data/spec/unit/puppet_spec.rb +7 -27
data/spec/unit/relationship_spec.rb +1 -0
data/spec/unit/reports/http_spec.rb +23 -21
data/spec/unit/reports/store_spec.rb +4 -3
data/spec/unit/reports_spec.rb +14 -12
data/spec/unit/resource/capability_finder_spec.rb +26 -29
data/spec/unit/resource/catalog_spec.rb +77 -81
data/spec/unit/resource/status_spec.rb +8 -6
data/spec/unit/resource/type_collection_spec.rb +18 -17
data/spec/unit/resource/type_spec.rb +35 -34
data/spec/unit/resource_spec.rb +79 -67
data/spec/unit/rest/client_spec.rb +135 -0
data/spec/unit/rest/route_spec.rb +132 -0
data/spec/unit/scheduler/job_spec.rb +1 -0
data/spec/unit/scheduler/scheduler_spec.rb +1 -0
data/spec/unit/scheduler/splay_job_spec.rb +2 -1
data/spec/unit/settings/array_setting_spec.rb +1 -1
data/spec/unit/settings/autosign_setting_spec.rb +9 -9
data/spec/unit/settings/certificate_revocation_setting_spec.rb +1 -1
data/spec/unit/settings/config_file_spec.rb +10 -0
data/spec/unit/settings/directory_setting_spec.rb +7 -2
data/spec/unit/settings/duration_setting_spec.rb +2 -1
data/spec/unit/settings/enum_setting_spec.rb +1 -1
data/spec/unit/settings/environment_conf_spec.rb +6 -4
data/spec/unit/settings/file_setting_spec.rb +50 -46
data/spec/unit/settings/ini_file_spec.rb +2 -4
data/spec/unit/settings/path_setting_spec.rb +3 -2
data/spec/unit/settings/priority_setting_spec.rb +2 -1
data/spec/unit/settings/string_setting_spec.rb +15 -14
data/spec/unit/settings/terminus_setting_spec.rb +2 -1
data/spec/unit/settings/value_translator_spec.rb +1 -0
data/spec/unit/settings_spec.rb +226 -253
data/spec/unit/ssl/base_spec.rb +15 -14
data/spec/unit/ssl/certificate_request_attributes_spec.rb +22 -8
data/spec/unit/ssl/certificate_request_spec.rb +63 -92
data/spec/unit/ssl/certificate_spec.rb +29 -37
data/spec/unit/ssl/digest_spec.rb +1 -0
data/spec/unit/ssl/host_spec.rb +305 -685
data/spec/unit/ssl/key_spec.rb +34 -46
data/spec/unit/ssl/validator_spec.rb +70 -203
data/spec/unit/task_spec.rb +172 -26
data/spec/unit/transaction/additional_resource_generator_spec.rb +68 -67
data/spec/unit/transaction/event_manager_spec.rb +84 -95
data/spec/unit/transaction/event_spec.rb +15 -16
data/spec/unit/transaction/persistence_spec.rb +18 -17
data/spec/unit/transaction/report_spec.rb +24 -18
data/spec/unit/transaction/resource_harness_spec.rb +33 -72
data/spec/unit/transaction_spec.rb +106 -176
data/spec/unit/type/component_spec.rb +1 -0
data/spec/unit/type/exec_spec.rb +66 -120
data/spec/unit/type/file/checksum_spec.rb +11 -10
data/spec/unit/type/file/checksum_value_spec.rb +32 -31
data/spec/unit/type/file/content_spec.rb +62 -65
data/spec/unit/type/file/ctime_spec.rb +1 -0
data/spec/unit/type/file/ensure_spec.rb +13 -12
data/spec/unit/type/file/group_spec.rb +7 -5
data/spec/unit/type/file/mode_spec.rb +6 -4
data/spec/unit/type/file/mtime_spec.rb +1 -0
data/spec/unit/type/file/owner_spec.rb +8 -6
data/spec/unit/type/file/selinux_spec.rb +19 -17
data/spec/unit/type/file/source_spec.rb +110 -113
data/spec/unit/type/file/type_spec.rb +1 -0
data/spec/unit/type/file_spec.rb +190 -204
data/spec/unit/type/filebucket_spec.rb +10 -11
data/spec/unit/type/group_spec.rb +9 -15
data/spec/unit/type/noop_metaparam_spec.rb +2 -1
data/spec/unit/type/package/package_settings_spec.rb +23 -44
data/spec/unit/type/package_spec.rb +64 -61
data/spec/unit/type/resources_spec.rb +101 -103
data/spec/unit/type/schedule_spec.rb +28 -28
data/spec/unit/type/service_spec.rb +85 -76
data/spec/unit/type/stage_spec.rb +1 -0
data/spec/unit/type/tidy_spec.rb +63 -62
data/spec/unit/type/user_spec.rb +26 -147
data/spec/unit/type/whit_spec.rb +1 -0
data/spec/unit/type_spec.rb +164 -125
data/spec/unit/util/at_fork_spec.rb +19 -18
data/spec/unit/util/autoload_spec.rb +122 -93
data/spec/unit/util/backups_spec.rb +35 -34
data/spec/unit/util/character_encoding_spec.rb +5 -48
data/spec/unit/util/checksums_spec.rb +39 -38
data/spec/unit/util/colors_spec.rb +2 -1
data/spec/unit/util/command_line_spec.rb +20 -40
data/spec/unit/util/constant_inflector_spec.rb +1 -0
data/spec/unit/util/diff_spec.rb +8 -7
data/spec/unit/util/errors_spec.rb +1 -0
data/spec/unit/util/execution_spec.rb +167 -285
data/spec/unit/util/execution_stub_spec.rb +3 -2
data/spec/unit/util/feature_spec.rb +46 -28
data/spec/unit/util/filetype_spec.rb +53 -61
data/spec/unit/util/http_proxy_spec.rb +13 -133
data/spec/unit/util/inifile_spec.rb +31 -26
data/spec/unit/util/json_lockfile_spec.rb +5 -3
data/spec/unit/util/ldap/connection_spec.rb +25 -26
data/spec/unit/util/ldap/generator_spec.rb +1 -0
data/spec/unit/util/ldap/manager_spec.rb +102 -118
data/spec/unit/util/lockfile_spec.rb +2 -1
data/spec/unit/util/log/destinations_spec.rb +40 -23
data/spec/unit/util/log_spec.rb +146 -48
data/spec/unit/util/logging_spec.rb +114 -252
data/spec/unit/util/metric_spec.rb +1 -0
data/spec/unit/util/monkey_patches_spec.rb +12 -24
data/spec/unit/util/multi_match_spec.rb +1 -0
data/spec/unit/util/network_device/config_spec.rb +1 -0
data/spec/unit/util/network_device/transport/base_spec.rb +6 -5
data/spec/unit/util/network_device_spec.rb +9 -7
data/spec/unit/util/package_spec.rb +1 -0
data/spec/unit/util/pidlock_spec.rb +14 -86
data/spec/unit/util/plist_spec.rb +33 -60
data/spec/unit/util/posix_spec.rb +47 -78
data/spec/unit/util/profiler/object_counts_spec.rb +2 -1
data/spec/unit/util/rdoc_spec.rb +10 -9
data/spec/unit/util/reference_spec.rb +1 -0
data/spec/unit/util/resource_template_spec.rb +20 -20
data/spec/unit/util/retry_action_spec.rb +8 -7
data/spec/unit/util/rubygems_spec.rb +7 -41
data/spec/unit/util/run_mode_spec.rb +11 -10
data/spec/unit/util/selinux_spec.rb +73 -84
data/spec/unit/util/splayer_spec.rb +9 -8
data/spec/unit/util/ssl_spec.rb +1 -0
data/spec/unit/util/storage_spec.rb +17 -111
data/spec/unit/util/suidmanager_spec.rb +58 -47
data/spec/unit/util/symbolic_file_mode_spec.rb +1 -0
data/spec/unit/util/tag_set_spec.rb +9 -1
data/spec/unit/util/tagging_spec.rb +12 -0
data/spec/unit/util/terminal_spec.rb +10 -9
data/spec/unit/util/user_attr_spec.rb +2 -1
data/spec/unit/util/warnings_spec.rb +4 -3
data/spec/unit/util/watcher/periodic_watcher_spec.rb +2 -2
data/spec/unit/util/watcher_spec.rb +21 -51
data/spec/unit/util/windows/access_control_entry_spec.rb +2 -1
data/spec/unit/util/windows/access_control_list_spec.rb +2 -1
data/spec/unit/util/windows/adsi_spec.rb +134 -278
data/spec/unit/util/windows/api_types_spec.rb +42 -105
data/spec/unit/util/windows/eventlog_spec.rb +13 -10
data/spec/unit/util/windows/file_spec.rb +1 -0
data/spec/unit/util/windows/root_certs_spec.rb +1 -0
data/spec/unit/util/windows/security_descriptor_spec.rb +3 -1
data/spec/unit/util/windows/service_spec.rb +180 -432
data/spec/unit/util/windows/sid_spec.rb +17 -15
data/spec/unit/util/windows/string_spec.rb +2 -1
data/spec/unit/util/yaml_spec.rb +162 -28
data/spec/unit/util_spec.rb +74 -119
data/spec/unit/version_spec.rb +6 -6
data/tasks/benchmark.rake +5 -1
data/tasks/ci.rake +0 -5
data/tasks/manpages.rake +9 -2
data/tasks/parser.rake +11 -3
metadata +156 -473
data/CODEOWNERS +0 -30
data/ext/rack/config.ru +0 -44
data/ext/rack/example-passenger-vhost.conf +0 -57
data/lib/puppet/application/ca.rb +0 -11
data/lib/puppet/application/certificate.rb +0 -17
data/lib/puppet/application/certificate_request.rb +0 -7
data/lib/puppet/application/certificate_revocation_list.rb +0 -7
data/lib/puppet/application/master.rb +0 -319
data/lib/puppet/confine/boolean.rb +0 -45
data/lib/puppet/external/nagios.rb +0 -46
data/lib/puppet/external/nagios/base.rb +0 -472
data/lib/puppet/external/nagios/grammar.ry +0 -248
data/lib/puppet/external/nagios/makefile +0 -9
data/lib/puppet/external/nagios/parser.rb +0 -400
data/lib/puppet/face/ca.rb +0 -266
data/lib/puppet/face/certificate.rb +0 -167
data/lib/puppet/face/certificate_request.rb +0 -56
data/lib/puppet/face/certificate_revocation_list.rb +0 -56
data/lib/puppet/feature/rack.rb +0 -19
data/lib/puppet/graph/random_prioritizer.rb +0 -16
data/lib/puppet/graph/title_hash_prioritizer.rb +0 -16
data/lib/puppet/indirector/certificate/ca.rb +0 -9
data/lib/puppet/indirector/certificate/disabled_ca.rb +0 -22
data/lib/puppet/indirector/certificate_request/ca.rb +0 -22
data/lib/puppet/indirector/certificate_request/disabled_ca.rb +0 -22
data/lib/puppet/indirector/certificate_revocation_list/ca.rb +0 -8
data/lib/puppet/indirector/certificate_revocation_list/disabled_ca.rb +0 -22
data/lib/puppet/indirector/certificate_revocation_list/file.rb +0 -8
data/lib/puppet/indirector/certificate_revocation_list/rest.rb +0 -22
data/lib/puppet/indirector/certificate_status.rb +0 -4
data/lib/puppet/indirector/certificate_status/file.rb +0 -91
data/lib/puppet/indirector/certificate_status/rest.rb +0 -11
data/lib/puppet/indirector/key/ca.rb +0 -16
data/lib/puppet/indirector/key/disabled_ca.rb +0 -22
data/lib/puppet/indirector/ldap.rb +0 -86
data/lib/puppet/indirector/node/ldap.rb +0 -275
data/lib/puppet/indirector/node/write_only_yaml.rb +0 -39
data/lib/puppet/module_tool/applications/builder.rb +0 -152
data/lib/puppet/module_tool/skeleton/templates/generator/Gemfile +0 -18
data/lib/puppet/module_tool/skeleton/templates/generator/README.md.erb +0 -89
data/lib/puppet/module_tool/skeleton/templates/generator/Rakefile +0 -32
data/lib/puppet/module_tool/skeleton/templates/generator/examples/init.pp.erb +0 -12
data/lib/puppet/module_tool/skeleton/templates/generator/manifests/init.pp.erb +0 -48
data/lib/puppet/module_tool/skeleton/templates/generator/metadata.json.erb +0 -1
data/lib/puppet/module_tool/skeleton/templates/generator/spec/classes/init_spec.rb.erb +0 -6
data/lib/puppet/module_tool/skeleton/templates/generator/spec/spec_helper.rb +0 -1
data/lib/puppet/network/http/api/ca.rb +0 -2
data/lib/puppet/network/http/api/ca/v1.rb +0 -11
data/lib/puppet/network/http/rack.rb +0 -33
data/lib/puppet/network/http/rack/rest.rb +0 -162
data/lib/puppet/network/http/webrick.rb +0 -124
data/lib/puppet/network/http/webrick/rest.rb +0 -114
data/lib/puppet/network/server.rb +0 -39
data/lib/puppet/provider/augeas/augeas.rb +0 -767
data/lib/puppet/provider/cisco.rb +0 -9
data/lib/puppet/provider/computer/computer.rb +0 -20
data/lib/puppet/provider/cron/crontab.rb +0 -297
data/lib/puppet/provider/host/parsed.rb +0 -46
data/lib/puppet/provider/interface/cisco.rb +0 -27
data/lib/puppet/provider/macauthorization/macauthorization.rb +0 -298
data/lib/puppet/provider/mailalias/aliases.rb +0 -50
data/lib/puppet/provider/maillist/mailman.rb +0 -108
data/lib/puppet/provider/mcx/mcxcontent.rb +0 -173
data/lib/puppet/provider/mount.rb +0 -76
data/lib/puppet/provider/mount/parsed.rb +0 -285
data/lib/puppet/provider/naginator.rb +0 -63
data/lib/puppet/provider/package/dnfmodule.rb +0 -141
data/lib/puppet/provider/package_targetable.rb +0 -69
data/lib/puppet/provider/scheduled_task/win32_taskscheduler.rb +0 -590
data/lib/puppet/provider/selboolean/getsetsebool.rb +0 -47
data/lib/puppet/provider/selmodule/semodule.rb +0 -157
data/lib/puppet/provider/ssh_authorized_key/parsed.rb +0 -105
data/lib/puppet/provider/sshkey/parsed.rb +0 -50
data/lib/puppet/provider/vlan/cisco.rb +0 -28
data/lib/puppet/provider/yumrepo/inifile.rb +0 -315
data/lib/puppet/provider/zfs/zfs.rb +0 -108
data/lib/puppet/provider/zone/solaris.rb +0 -364
data/lib/puppet/provider/zpool/zpool.rb +0 -125
data/lib/puppet/ssl/certificate_authority.rb +0 -554
data/lib/puppet/ssl/certificate_authority/autosign_command.rb +0 -45
data/lib/puppet/ssl/certificate_authority/interface.rb +0 -324
data/lib/puppet/ssl/certificate_revocation_list.rb +0 -111
data/lib/puppet/ssl/configuration.rb +0 -61
data/lib/puppet/ssl/inventory.rb +0 -55
data/lib/puppet/type/augeas.rb +0 -211
data/lib/puppet/type/computer.rb +0 -66
data/lib/puppet/type/cron.rb +0 -480
data/lib/puppet/type/host.rb +0 -95
data/lib/puppet/type/interface.rb +0 -121
data/lib/puppet/type/k5login.rb +0 -165
data/lib/puppet/type/macauthorization.rb +0 -167
data/lib/puppet/type/mailalias.rb +0 -46
data/lib/puppet/type/maillist.rb +0 -62
data/lib/puppet/type/mcx.rb +0 -98
data/lib/puppet/type/mount.rb +0 -314
data/lib/puppet/type/nagios_command.rb +0 -3
data/lib/puppet/type/nagios_contact.rb +0 -3
data/lib/puppet/type/nagios_contactgroup.rb +0 -3
data/lib/puppet/type/nagios_host.rb +0 -3
data/lib/puppet/type/nagios_hostdependency.rb +0 -3
data/lib/puppet/type/nagios_hostescalation.rb +0 -3
data/lib/puppet/type/nagios_hostextinfo.rb +0 -3
data/lib/puppet/type/nagios_hostgroup.rb +0 -3
data/lib/puppet/type/nagios_service.rb +0 -3
data/lib/puppet/type/nagios_servicedependency.rb +0 -3
data/lib/puppet/type/nagios_serviceescalation.rb +0 -3
data/lib/puppet/type/nagios_serviceextinfo.rb +0 -3
data/lib/puppet/type/nagios_servicegroup.rb +0 -3
data/lib/puppet/type/nagios_timeperiod.rb +0 -3
data/lib/puppet/type/router.rb +0 -17
data/lib/puppet/type/scheduled_task.rb +0 -183
data/lib/puppet/type/selboolean.rb +0 -40
data/lib/puppet/type/selmodule.rb +0 -58
data/lib/puppet/type/ssh_authorized_key.rb +0 -143
data/lib/puppet/type/sshkey.rb +0 -83
data/lib/puppet/type/vlan.rb +0 -26
data/lib/puppet/type/yumrepo.rb +0 -430
data/lib/puppet/type/zfs.rb +0 -154
data/lib/puppet/type/zone.rb +0 -382
data/lib/puppet/type/zpool.rb +0 -91
data/lib/puppet/util/methodhelper.rb +0 -32
data/lib/puppet/util/nagios_maker.rb +0 -85
data/lib/puppet/util/network_device/cisco.rb +0 -4
data/lib/puppet/util/network_device/cisco/device.rb +0 -285
data/lib/puppet/util/network_device/cisco/facts.rb +0 -72
data/lib/puppet/util/network_device/cisco/interface.rb +0 -94
data/lib/puppet/util/network_device/ipcalc.rb +0 -68
data/lib/puppet/util/network_device/transport/ssh.rb +0 -126
data/lib/puppet/util/network_device/transport/telnet.rb +0 -47
data/lib/puppet/util/windows/taskscheduler.rb +0 -1267
data/lib/puppet/vendor/load_semantic.rb +0 -1
data/lib/puppet/vendor/load_semantic_puppet.rb +0 -1
data/lib/puppet/vendor/semantic/lib/semantic.rb +0 -5
data/lib/puppet/vendor/semantic_puppet/lib/semantic_puppet.rb +0 -11
data/lib/puppet/vendor/semantic_puppet/lib/semantic_puppet/dependency.rb +0 -181
data/lib/puppet/vendor/semantic_puppet/lib/semantic_puppet/dependency/graph.rb +0 -60
data/lib/puppet/vendor/semantic_puppet/lib/semantic_puppet/dependency/graph_node.rb +0 -117
data/lib/puppet/vendor/semantic_puppet/lib/semantic_puppet/dependency/module_release.rb +0 -58
data/lib/puppet/vendor/semantic_puppet/lib/semantic_puppet/dependency/source.rb +0 -25
data/lib/puppet/vendor/semantic_puppet/lib/semantic_puppet/dependency/unsatisfiable_graph.rb +0 -31
data/lib/puppet/vendor/semantic_puppet/lib/semantic_puppet/gem_version.rb +0 -3
data/lib/puppet/vendor/semantic_puppet/lib/semantic_puppet/version.rb +0 -203
data/lib/puppet/vendor/semantic_puppet/lib/semantic_puppet/version_range.rb +0 -758
data/lib/puppet/vendor/semantic_puppet/locales/config.yaml +0 -21
data/man/man8/puppet-ca.8 +0 -196
data/man/man8/puppet-cert.8 +0 -118
data/man/man8/puppet-certificate.8 +0 -240
data/man/man8/puppet-certificate_request.8 +0 -161
data/man/man8/puppet-certificate_revocation_list.8 +0 -139
data/man/man8/puppet-master.8 +0 -85
data/spec/fixtures/integration/provider/cron/crontab/create_normal_entry +0 -19
data/spec/fixtures/integration/provider/cron/crontab/create_special_entry +0 -18
data/spec/fixtures/integration/provider/cron/crontab/crontab_user1 +0 -15
data/spec/fixtures/integration/provider/cron/crontab/crontab_user2 +0 -4
data/spec/fixtures/integration/provider/cron/crontab/modify_entry +0 -13
data/spec/fixtures/integration/provider/cron/crontab/moved_cronjob_input1 +0 -15
data/spec/fixtures/integration/provider/cron/crontab/moved_cronjob_input2 +0 -6
data/spec/fixtures/integration/provider/cron/crontab/purged +0 -8
data/spec/fixtures/integration/provider/cron/crontab/remove_named_resource +0 -12
data/spec/fixtures/integration/provider/cron/crontab/remove_unnamed_resource +0 -14
data/spec/fixtures/integration/provider/cron/crontab/unspecialized +0 -15
data/spec/fixtures/integration/provider/mailalias/aliases/test1 +0 -32
data/spec/fixtures/integration/provider/sshkey/sample +0 -21
data/spec/fixtures/unit/provider/augeas/augeas/augeas/lenses/test.aug +0 -13
data/spec/fixtures/unit/provider/augeas/augeas/etc/fstab +0 -10
data/spec/fixtures/unit/provider/augeas/augeas/etc/hosts +0 -6
data/spec/fixtures/unit/provider/augeas/augeas/etc/test +0 -3
data/spec/fixtures/unit/provider/augeas/augeas/test.aug +0 -13
data/spec/fixtures/unit/provider/host/parsed/valid_hosts +0 -19
data/spec/fixtures/unit/provider/mount/mount-output.aix.txt +0 -7
data/spec/fixtures/unit/provider/mount/parsed/aix.filesystems +0 -152
data/spec/fixtures/unit/provider/mount/parsed/aix.mount +0 -11
data/spec/fixtures/unit/provider/mount/parsed/darwin.mount +0 -6
data/spec/fixtures/unit/provider/mount/parsed/freebsd.fstab +0 -9
data/spec/fixtures/unit/provider/mount/parsed/freebsd.mount +0 -4
data/spec/fixtures/unit/provider/mount/parsed/hpux.mount +0 -17
data/spec/fixtures/unit/provider/mount/parsed/linux.fstab +0 -12
data/spec/fixtures/unit/provider/mount/parsed/linux.mount +0 -6
data/spec/fixtures/unit/provider/mount/parsed/netbsd.fstab +0 -10
data/spec/fixtures/unit/provider/mount/parsed/netbsd.mount +0 -9
data/spec/fixtures/unit/provider/mount/parsed/openbsd.fstab +0 -5
data/spec/fixtures/unit/provider/mount/parsed/openbsd.mount +0 -5
data/spec/fixtures/unit/provider/mount/parsed/solaris.fstab +0 -11
data/spec/fixtures/unit/provider/mount/parsed/solaris.mount +0 -6
data/spec/fixtures/unit/provider/naginator/define_empty_param +0 -6
data/spec/fixtures/unit/provider/package/dnfmodule/dnf-module-list.txt +0 -19
data/spec/fixtures/unit/provider/package/yum/yum-check-update-subscription-manager.txt +0 -9
data/spec/fixtures/unit/provider/service/smf/svcs_fmri.out +0 -6
data/spec/fixtures/unit/provider/service/smf/svcs_multiple_fmris.out +0 -13
data/spec/fixtures/unit/provider/ssh_authorized_key/parsed/authorized_keys +0 -7
data/spec/fixtures/unit/provider/ssh_authorized_key/parsed/authorized_keys1 +0 -3
data/spec/fixtures/unit/provider/ssh_authorized_key/parsed/authorized_keys2 +0 -1
data/spec/fixtures/unit/provider/sshkey/parsed/sample +0 -21
data/spec/fixtures/unit/provider/sshkey/parsed/sample_with_blank_lines +0 -8
data/spec/fixtures/unit/provider/zfs/zfs/zfs-list.out +0 -2
data/spec/fixtures/unit/provider/zpool/zpool/zpool-list.out +0 -2
data/spec/integration/faces/ca_spec.rb +0 -353
data/spec/integration/indirector/node/ldap_spec.rb +0 -13
data/spec/integration/network/http_pool_spec.rb +0 -120
data/spec/integration/provider/cron/crontab_spec.rb +0 -240
data/spec/integration/provider/file/windows_spec.rb +0 -162
data/spec/integration/provider/mailalias/aliases_spec.rb +0 -9
data/spec/integration/provider/mount_spec.rb +0 -163
data/spec/integration/provider/ssh_authorized_key_spec.rb +0 -217
data/spec/integration/provider/sshkey_spec.rb +0 -153
data/spec/integration/provider/yumrepo_spec.rb +0 -126
data/spec/integration/ssl/autosign_spec.rb +0 -145
data/spec/integration/ssl/certificate_authority_spec.rb +0 -161
data/spec/integration/ssl/certificate_revocation_list_spec.rb +0 -33
data/spec/integration/transaction_spec.rb +0 -553
data/spec/integration/type/nagios_spec.rb +0 -69
data/spec/integration/type/notify_spec.rb +0 -46
data/spec/integration/type/user_spec.rb +0 -63
data/spec/lib/puppet_spec/https.rb +0 -166
data/spec/unit/application/cert_spec.rb +0 -272
data/spec/unit/application/certificate_spec.rb +0 -21
data/spec/unit/application/master_spec.rb +0 -414
data/spec/unit/face/ca_spec.rb +0 -9
data/spec/unit/face/certificate_request_spec.rb +0 -9
data/spec/unit/face/certificate_revocation_list_spec.rb +0 -9
data/spec/unit/face/certificate_spec.rb +0 -228
data/spec/unit/face/module/build_spec.rb +0 -69
data/spec/unit/graph/title_hash_prioritizer_spec.rb +0 -50
data/spec/unit/indirector/certificate/ca_spec.rb +0 -21
data/spec/unit/indirector/certificate/disabled_ca_spec.rb +0 -32
data/spec/unit/indirector/certificate_request/ca_spec.rb +0 -56
data/spec/unit/indirector/certificate_request/disabled_ca_spec.rb +0 -32
data/spec/unit/indirector/certificate_revocation_list/ca_spec.rb +0 -15
data/spec/unit/indirector/certificate_revocation_list/disabled_ca_spec.rb +0 -32
data/spec/unit/indirector/certificate_revocation_list/file_spec.rb +0 -16
data/spec/unit/indirector/certificate_revocation_list/rest_spec.rb +0 -33
data/spec/unit/indirector/certificate_status/file_spec.rb +0 -190
data/spec/unit/indirector/certificate_status/rest_spec.rb +0 -17
data/spec/unit/indirector/code_spec.rb +0 -30
data/spec/unit/indirector/key/ca_spec.rb +0 -22
data/spec/unit/indirector/key/disabled_ca_spec.rb +0 -32
data/spec/unit/indirector/ldap_spec.rb +0 -151
data/spec/unit/indirector/node/ldap_spec.rb +0 -463
data/spec/unit/indirector/node/write_only_yaml_spec.rb +0 -11
data/spec/unit/module_tool/applications/builder_spec.rb +0 -439
data/spec/unit/network/http/api/ca/v1_spec.rb +0 -26
data/spec/unit/network/http/rack/rest_spec.rb +0 -322
data/spec/unit/network/http/rack_spec.rb +0 -42
data/spec/unit/network/http/webrick/rest_spec.rb +0 -230
data/spec/unit/network/http/webrick_spec.rb +0 -277
data/spec/unit/network/server_spec.rb +0 -94
data/spec/unit/provider/augeas/augeas_spec.rb +0 -1096
data/spec/unit/provider/cisco_spec.rb +0 -14
data/spec/unit/provider/cron/crontab_spec.rb +0 -206
data/spec/unit/provider/cron/parsed_spec.rb +0 -355
data/spec/unit/provider/host/parsed_spec.rb +0 -219
data/spec/unit/provider/interface/cisco_spec.rb +0 -53
data/spec/unit/provider/macauthorization_spec.rb +0 -134
data/spec/unit/provider/mcx/mcxcontent_spec.rb +0 -190
data/spec/unit/provider/mount/parsed_spec.rb +0 -318
data/spec/unit/provider/mount_spec.rb +0 -169
data/spec/unit/provider/naginator_spec.rb +0 -78
data/spec/unit/provider/network_device_spec.rb +0 -152
data/spec/unit/provider/package/dnfmodule_spec.rb +0 -247
data/spec/unit/provider/package_targetable_spec.rb +0 -60
data/spec/unit/provider/scheduled_task/win32_taskscheduler_spec.rb +0 -2050
data/spec/unit/provider/selboolean_spec.rb +0 -34
data/spec/unit/provider/selmodule-example.pp +0 -0
data/spec/unit/provider/selmodule_spec.rb +0 -154
data/spec/unit/provider/ssh_authorized_key/parsed_spec.rb +0 -259
data/spec/unit/provider/sshkey/parsed_spec.rb +0 -92
data/spec/unit/provider/vlan/cisco_spec.rb +0 -53
data/spec/unit/provider/yumrepo/inifile_spec.rb +0 -413
data/spec/unit/provider/zfs/zfs_spec.rb +0 -171
data/spec/unit/provider/zone/solaris_spec.rb +0 -261
data/spec/unit/provider/zpool/zpool_spec.rb +0 -250
data/spec/unit/settings/server_list_setting_spec.rb +0 -21
data/spec/unit/ssl/certificate_authority/autosign_command_spec.rb +0 -29
data/spec/unit/ssl/certificate_authority/interface_spec.rb +0 -563
data/spec/unit/ssl/certificate_authority_spec.rb +0 -1165
data/spec/unit/ssl/certificate_revocation_list_spec.rb +0 -196
data/spec/unit/ssl/configuration_spec.rb +0 -138
data/spec/unit/ssl/inventory_spec.rb +0 -155
data/spec/unit/test/test_helper_spec.rb +0 -17
data/spec/unit/type/augeas_spec.rb +0 -120
data/spec/unit/type/computer_spec.rb +0 -77
data/spec/unit/type/cron_spec.rb +0 -539
data/spec/unit/type/host_spec.rb +0 -680
data/spec/unit/type/interface_spec.rb +0 -128
data/spec/unit/type/k5login_spec.rb +0 -204
data/spec/unit/type/macauthorization_spec.rb +0 -111
data/spec/unit/type/mailalias_spec.rb +0 -48
data/spec/unit/type/maillist_spec.rb +0 -38
data/spec/unit/type/mcx_spec.rb +0 -75
data/spec/unit/type/mount_spec.rb +0 -622
data/spec/unit/type/nagios_spec.rb +0 -312
data/spec/unit/type/scheduled_task_spec.rb +0 -117
data/spec/unit/type/selboolean_spec.rb +0 -41
data/spec/unit/type/selmodule_spec.rb +0 -16
data/spec/unit/type/ssh_authorized_key_spec.rb +0 -228
data/spec/unit/type/sshkey_spec.rb +0 -75
data/spec/unit/type/vlan_spec.rb +0 -42
data/spec/unit/type/yumrepo_spec.rb +0 -476
data/spec/unit/type/zfs_spec.rb +0 -45
data/spec/unit/type/zone_spec.rb +0 -182
data/spec/unit/type/zpool_spec.rb +0 -108
data/spec/unit/util/nagios_maker_spec.rb +0 -121
data/spec/unit/util/network_device/cisco/device_spec.rb +0 -491
data/spec/unit/util/network_device/cisco/facts_spec.rb +0 -63
data/spec/unit/util/network_device/cisco/interface_spec.rb +0 -97
data/spec/unit/util/network_device/ipcalc_spec.rb +0 -61
data/spec/unit/util/network_device/transport/ssh_spec.rb +0 -252
data/spec/unit/util/network_device/transport/telnet_spec.rb +0 -90

@@ -84,46 +84,6 @@ class Puppet::Settings
     "puppet.conf"
   end
-  def stringify_settings(section, settings = :all)
-    values_from_the_selected_section =
-      values(nil, section.to_sym)
-    loader_settings = {
-      :environmentpath => values_from_the_selected_section.interpolate(:environmentpath),
-      :basemodulepath => values_from_the_selected_section.interpolate(:basemodulepath),
-    }
-    Puppet.override(Puppet.base_context(loader_settings),
-                    _("New environment loaders generated from the requested section.")) do
-      # And now we can lookup values that include those from environments configured from
-      # the requested section
-      values = values(Puppet[:environment].to_sym, section.to_sym)
-      to_be_rendered = {}
-      settings = Puppet.settings.to_a.collect(&:first) if settings == :all
-      settings.sort.each do |setting_name|
-        to_be_rendered[setting_name] = values.print(setting_name.to_sym)
-      end
-      stringifyhash(to_be_rendered)
-    end
-  end
-  def stringifyhash(hash)
-    newhash = {}
-    hash.each do |key, val|
-      key = key.to_s
-      if val.is_a? Hash
-        newhash[key] = stringifyhash(val)
-      elsif val.is_a? Symbol
-        newhash[key] = val.to_s
-      else
-        newhash[key] = val
-      end
-    end
-    newhash
-  end
   # Create a new collection of config settings.
   def initialize
     @config = {}
@@ -295,7 +255,7 @@ class Puppet::Settings
     @global_defaults_initialized
   end
-  def initialize_global_settings(args = [], require_config = true)
+  def initialize_global_settings(args = [])
     raise Puppet::DevError, _("Attempting to initialize global default settings more than once!") if global_defaults_initialized?
     # The first two phases of the lifecycle of a puppet application are:
@@ -304,7 +264,7 @@ class Puppet::Settings
     # 2) Parse the puppet config file(s).
     parse_global_options(args)
-    parse_config_files(require_config)
+    parse_config_files
     @global_defaults_initialized = true
   end
@@ -630,19 +590,14 @@ class Puppet::Settings
   end
   # Parse the configuration file.  Just provides thread safety.
-  def parse_config_files(require_config = true)
+  def parse_config_files
     file = which_configuration_file
     if Puppet::FileSystem.exist?(file)
       begin
         text = read_file(file)
       rescue => detail
-        message = _("Could not load %{file}: %{detail}") % { file: file, detail: detail}
-        if require_config
-          Puppet.log_and_raise(detail, message)
-        else
-          Puppet.log_exception(detail, message)
-          return
-        end
+        Puppet.log_exception(detail, "Could not load #{file}: #{detail}")
+        return
       end
     else
       return
@@ -1229,10 +1184,10 @@ Generated on #{Time.now}.
       if !Puppet::FileSystem.symlink?(configured_environment_path)
         parameters = { :ensure => 'directory' }
         unless Puppet::FileSystem.exist?(configured_environment_path)
-          parameters[:mode] = '0750'
+          parameters.merge!(:mode => '0750')
           if Puppet.features.root?
-            parameters[:owner] = Puppet[:user] if service_user_available?
-            parameters[:group] = Puppet[:group] if service_group_available?
+            parameters.merge!(:owner => Puppet[:user]) if service_user_available?
+            parameters.merge!(:group => Puppet[:group]) if service_group_available?
           end
         end
         catalog.add_resource(Puppet::Resource.new(:file, configured_environment_path, :parameters => parameters))
@@ -1242,7 +1197,7 @@ Generated on #{Time.now}.
   def add_user_resources(catalog, sections)
     return unless Puppet.features.root?
-    return if Puppet.features.microsoft_windows?
+    return if Puppet::Util::Platform.windows?
     return unless self[:mkusers]
     @config.each do |name, setting|

data/lib/puppet/settings/config_file.rb CHANGED

@@ -25,8 +25,7 @@ class Puppet::Settings::ConfigFile
       allowed_section_names << 'main' unless allowed_section_names.include?('main')
     end
-    # in Ruby 1.9.3 strings are not UTF-8 by default, so ensure text is treated properly
-    ini = Puppet::Settings::IniFile.parse(StringIO.new(text).set_encoding(Encoding::UTF_8))
+    ini = Puppet::Settings::IniFile.parse(text.encode(Encoding::UTF_8))
     unique_sections_in(ini, file, allowed_section_names).each do |section_name|
       section = Section.new(section_name.to_sym)
       result.with_section(section)

data/lib/puppet/settings/environment_conf.rb CHANGED

@@ -159,7 +159,6 @@ class Puppet::Settings::EnvironmentConf
     return valid
   end
-  private_class_method :validate
   def get_setting(setting_name, default = nil)
     value = raw_setting(setting_name)

data/lib/puppet/settings/file_setting.rb CHANGED

@@ -156,7 +156,7 @@ class Puppet::Settings::FileSetting < Puppet::Settings::StringSetting
       end
       # REMIND fails on Windows because chown/chgrp functionality not supported yet
-      if Puppet.features.root? and !Puppet.features.microsoft_windows?
+      if Puppet.features.root? and !Puppet::Util::Platform.windows?
         resource[:owner] = self.owner if self.owner
         resource[:group] = self.group if self.group
       end

data/lib/puppet/settings/server_list_setting.rb CHANGED

@@ -4,15 +4,6 @@ class Puppet::Settings::ServerListSetting < Puppet::Settings::ArraySetting
     :server_list
   end
-  def print(value)
-    if value.is_a?(Array)
-      #turn into a string
-      value.map {|item| item.join(":") }.join(",")
-    else
-      value
-    end
-  end
   def munge(value)
     servers = super
     servers.map! { |server|

data/lib/puppet/ssl.rb CHANGED

@@ -4,7 +4,6 @@ require 'openssl'
 module Puppet::SSL # :nodoc:
   CA_NAME = "ca"
-  require 'puppet/ssl/configuration'
   require 'puppet/ssl/host'
   require 'puppet/ssl/oids'
   require 'puppet/ssl/validator'

data/lib/puppet/ssl/base.rb CHANGED

@@ -34,11 +34,6 @@ class Puppet::SSL::Base
   attr_accessor :name, :content
-  # Is this file for the CA?
-  def ca?
-    name == Puppet::SSL::Host.ca_name
-  end
   def generate
     raise Puppet::DevError, _("%{class_name} did not override 'generate'") % { class_name: self.class }
   end
@@ -86,18 +81,15 @@ class Puppet::SSL::Base
   # Read content from disk appropriately.
   def read(path)
-    # applies to Puppet::SSL::Certificate, Puppet::SSL::CertificateRequest, Puppet::SSL::CertificateRevocationList
+    # applies to Puppet::SSL::Certificate, Puppet::SSL::CertificateRequest
     # Puppet::SSL::Key uses this, but also provides its own override
     # nothing derives from Puppet::SSL::Certificate, but it is called by a number of other SSL Indirectors:
-    # Puppet::SSL::Certificate::DisabledCa (:find, :save, :destroy)
     # Puppet::Indirector::CertificateStatus::File (.indirection.find)
     # Puppet::Network::HTTP::WEBrick (.indirection.find)
     # Puppet::Network::HTTP::RackREST (.from_instance)
     # Puppet::Network::HTTP::WEBrickREST (.from_instance)
-    # Puppet::SSL::CertificateAuthority (.new, .indirection.find, .indirection.save)
     # Puppet::SSL::Host (.indirection.find)
     # Puppet::SSL::Inventory (.indirection.search, implements its own add / rebuild / serials with encoding UTF8)
-    # Puppet::SSL::CertificateAuthority::Interface (.indirection.find)
     # Puppet::SSL::Validator::DefaultValidator (.from_instance) / Puppet::SSL::Validator::NoValidator does nothing
     @content = wrapped_class.new(Puppet::FileSystem.read(path, :encoding => Encoding::ASCII))
   end

data/lib/puppet/ssl/certificate.rb CHANGED

@@ -21,12 +21,16 @@ DOC
     [:s]
   end
-  def subject_alt_names
-    alts = content.extensions.find{|ext| ext.oid == "subjectAltName"}
+  def self.subject_alt_names_for(cert)
+    alts = cert.extensions.find{|ext| ext.oid == "subjectAltName"}
     return [] unless alts
     alts.value.split(/\s*,\s*/)
   end
+  def subject_alt_names
+    self.class.subject_alt_names_for(content)
+  end
   def expiration
     return nil unless content
     content.not_after
@@ -50,8 +54,7 @@ DOC
   def custom_extensions
     custom_exts = content.extensions.select do |ext|
       Puppet::SSL::Oids.subtree_of?('ppRegCertExt', ext.oid) or
-        Puppet::SSL::Oids.subtree_of?('ppPrivCertExt', ext.oid) or
-        Puppet::SSL::Oids.subtree_of?('ppAuthCertExt', ext.oid)
+        Puppet::SSL::Oids.subtree_of?('ppPrivCertExt', ext.oid)
     end
     custom_exts.map do |ext|

data/lib/puppet/ssl/certificate_request.rb CHANGED

@@ -30,19 +30,7 @@ class Puppet::SSL::CertificateRequest < Puppet::SSL::Base
   extend Puppet::Indirector
-  # If auto-signing is on, sign any certificate requests as they are saved.
-  module AutoSigner
-    def save(instance, key = nil)
-      super
-      # Try to autosign the CSR.
-      if ca = Puppet::SSL::CertificateAuthority.instance
-        ca.autosign(instance)
-      end
-    end
-  end
-  indirects :certificate_request, :terminus_class => :file, :extend => AutoSigner, :doc => <<DOC
+  indirects :certificate_request, :terminus_class => :file, :doc => <<DOC
     This indirection wraps an `OpenSSL::X509::Request` object, representing a certificate signing request (CSR).
     The indirection key is the certificate CN (generally a hostname).
 DOC
@@ -103,7 +91,11 @@ DOC
     raise Puppet::Error, _("CSR sign verification failed; you need to clean the certificate request for %{name} on the server") % { name: name } unless csr.verify(key.public_key)
     @content = csr
-    Puppet.info _("Certificate Request fingerprint (%{digest}): %{hex_digest}") % { digest: digest.name, hex_digest: digest.to_hex }
+    # we won't be able to get the digest on jruby
+    if @content.signature_algorithm
+      Puppet.info _("Certificate Request fingerprint (%{digest}): %{hex_digest}") % { digest: digest.name, hex_digest: digest.to_hex }
+    end
     @content
   end

data/lib/puppet/ssl/certificate_request_attributes.rb CHANGED

@@ -21,7 +21,7 @@ class Puppet::SSL::CertificateRequestAttributes
   def load
     Puppet.info(_("csr_attributes file loading from %{path}") % { path: path })
     if Puppet::FileSystem.exist?(path)
-      hash = Puppet::Util::Yaml.load_file(path, {})
+      hash = Puppet::Util::Yaml.safe_load_file(path, [Symbol]) || {}
       if ! hash.is_a?(Hash)
         raise Puppet::Error, _("invalid CSR attributes, expected instance of Hash, received instance of %{klass}") % { klass: hash.class }
       end

data/lib/puppet/ssl/host.rb CHANGED

@@ -1,10 +1,18 @@
-require 'puppet/indirector'
 require 'puppet/ssl'
 require 'puppet/ssl/key'
 require 'puppet/ssl/certificate'
 require 'puppet/ssl/certificate_request'
-require 'puppet/ssl/certificate_revocation_list'
 require 'puppet/ssl/certificate_request_attributes'
+require 'puppet/rest/errors'
+require 'puppet/rest/routes'
+require 'puppet/rest/ssl_context'
+begin
+  # This may fail when being loaded from Puppet Server. However loading the
+  # client monkey patches the SSL Store and we need to have those monkey
+  # patches in as soon as possible on the agent.
+  require 'puppet/rest/client'
+rescue LoadError
+end
 # The class that manages all aspects of our SSL certificates --
 # private keys, public keys, requests, etc.
@@ -14,21 +22,10 @@ class Puppet::SSL::Host
   CA_NAME = Puppet::SSL::CA_NAME
   Certificate = Puppet::SSL::Certificate
   CertificateRequest = Puppet::SSL::CertificateRequest
-  CertificateRevocationList = Puppet::SSL::CertificateRevocationList
-  extend Puppet::Indirector
-  indirects :certificate_status, :terminus_class => :file, :doc => <<DOC
-    This indirection represents the host that ties a key, certificate, and certificate request together.
-    The indirection key is the certificate CN (generally a hostname).
-DOC
-  attr_reader :name
-  attr_accessor :ca
-  attr_writer :key, :certificate, :certificate_request
+  attr_reader :name, :crl_path
-  # This accessor is used in instances for indirector requests to hold desired state
-  attr_accessor :desired_state
+  attr_writer :key, :certificate, :certificate_request, :crl_usage
   def self.localhost
     return @localhost if @localhost
@@ -42,28 +39,10 @@ DOC
     @localhost = nil
   end
-  # This is the constant that people will use to mark that a given host is
-  # a certificate authority.
-  def self.ca_name
-    CA_NAME
-  end
-  class << self
-    attr_reader :ca_location
-  end
   # Configure how our various classes interact with their various terminuses.
   def self.configure_indirection(terminus, cache = nil)
     Certificate.indirection.terminus_class = terminus
     CertificateRequest.indirection.terminus_class = terminus
-    CertificateRevocationList.indirection.terminus_class = terminus
-    host_map = {:ca => :file, :disabled_ca => nil, :file => nil, :rest => :rest}
-    if term = host_map[terminus]
-      self.indirection.terminus_class = term
-    else
-      self.indirection.reset_terminus_class
-    end
     if cache
       # This is weird; we don't actually cache our keys, we
@@ -77,7 +56,6 @@ DOC
     if cache
       Certificate.indirection.cache_class = cache
       CertificateRequest.indirection.cache_class = cache
-      CertificateRevocationList.indirection.cache_class = cache
     else
       # Make sure we have no cache configured.  puppet master
       # switches the configurations around a bit, so it's important
@@ -85,39 +63,9 @@ DOC
       # time.
       Certificate.indirection.cache_class = nil
       CertificateRequest.indirection.cache_class = nil
-      CertificateRevocationList.indirection.cache_class = nil
     end
   end
-  CA_MODES = {
-    # Our ca is local, so we use it as the ultimate source of information
-    # And we cache files locally.
-    :local => [:ca, :file],
-    # We're a remote CA client.
-    :remote => [:rest, :file],
-    # We are the CA, so we don't have read/write access to the normal certificates.
-    :only => [:ca],
-    # We have no CA, so we just look in the local file store.
-    :none => [:disabled_ca]
-  }
-  # Specify how we expect to interact with our certificate authority.
-  def self.ca_location=(mode)
-    modes = CA_MODES.collect { |m, vals| m.to_s }.join(", ")
-    raise ArgumentError, _("CA Mode can only be one of: %{modes}") % { modes: modes } unless CA_MODES.include?(mode)
-    @ca_location = mode
-    configure_indirection(*CA_MODES[@ca_location])
-  end
-  # Puppet::SSL::Host is actually indirected now so the original implementation
-  # has been moved into the certificate_status indirector.  This method is in-use
-  # in `puppet cert -c <certname>`.
-  def self.destroy(name)
-    indirection.destroy(name)
-  end
   def self.from_data_hash(data)
     instance = new(data["name"])
     if data["desired_state"]
@@ -126,18 +74,6 @@ DOC
     instance
   end
-  # Puppet::SSL::Host is actually indirected now so the original implementation
-  # has been moved into the certificate_status indirector.  This method does not
-  # appear to be in use in `puppet cert -l`.
-  def self.search(options = {})
-    indirection.search("*", options)
-  end
-  # Is this a ca host, meaning that all of its files go in the CA location?
-  def ca?
-    ca
-  end
   def key
     @key ||= Key.indirection.find(name)
   end
@@ -156,10 +92,6 @@ DOC
     true
   end
-  def certificate_request
-    @certificate_request ||= CertificateRequest.indirection.find(name)
-  end
   # Our certificate request requires the key but that's all.
   def generate_certificate_request(options = {})
     generate_key unless key
@@ -169,8 +101,6 @@ DOC
       # ...add our configured dns_alt_names
       if Puppet[:dns_alt_names] and Puppet[:dns_alt_names] != ''
         options[:dns_alt_names] ||= Puppet[:dns_alt_names]
-      elsif Puppet::SSL::CertificateAuthority.ca? and fqdn = Facter.value(:fqdn) and domain = Facter.value(:domain)
-        options[:dns_alt_names] = "puppet, #{fqdn}, puppet.#{domain}"
       end
     end
@@ -183,7 +113,8 @@ DOC
     @certificate_request = CertificateRequest.new(name)
     @certificate_request.generate(key.content, options)
     begin
-      CertificateRequest.indirection.save(@certificate_request)
+      submit_certificate_request(@certificate_request)
+      save_certificate_request(@certificate_request)
     rescue
       @certificate_request = nil
       raise
@@ -192,25 +123,38 @@ DOC
     true
   end
+  def http_client(ssl_context)
+    Puppet::Rest::Client.new(ssl_context: ssl_context)
+  end
   def certificate
     unless @certificate
       generate_key unless key
       # get the CA cert first, since it's required for the normal cert
-      # to be of any use.
-      return nil unless Certificate.indirection.find("ca", :fail_on_404 => true) unless ca?
-      return nil unless @certificate = Certificate.indirection.find(name)
+      # to be of any use. If we can't get it, quit.
+      if !ensure_ca_certificate
+        return nil
+      end
+      cert = get_host_certificate
+      return nil unless cert
-      validate_certificate_with_key
+      validate_certificate_with_key(cert)
+      @certificate = cert
     end
     @certificate
   end
-  def validate_certificate_with_key
-    raise Puppet::Error, _("No certificate to validate.") unless certificate
-    raise Puppet::Error, _("No private key with which to validate certificate with fingerprint: %{fingerprint}") % { fingerprint: certificate.fingerprint } unless key
-    unless certificate.content.check_private_key(key.content)
-      raise Puppet::Error, _(<<ERROR_STRING) % { fingerprint: certificate.fingerprint, cert_name: Puppet[:certname], ssl_dir: Puppet[:ssldir], cert_dir: Puppet[:certdir].tr('/', '\\') }
+  # Validate that our private key matches the specified certificate.
+  #
+  # @param [Puppet::SSL::Certificate] cert the certificate to check
+  # @raises [Puppet::Error] if the private key does not match
+  def validate_certificate_with_key(cert)
+    raise Puppet::Error, _("No certificate to validate.") unless cert
+    raise Puppet::Error, _("No private key with which to validate certificate with fingerprint: %{fingerprint}") % { fingerprint: cert.fingerprint } unless key
+    unless cert.content.check_private_key(key.content)
+      raise Puppet::Error, _(<<ERROR_STRING) % { fingerprint: cert.fingerprint, cert_name: Puppet[:certname], ssl_dir: Puppet[:ssldir], cert_dir: Puppet[:certdir].gsub('/', '\\') }
 The certificate retrieved from the master does not match the agent's private key. Did you forget to run as root?
 Certificate fingerprint: %{fingerprint}
 To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certificate.
@@ -224,18 +168,93 @@ ERROR_STRING
     end
   end
+  def download_host_certificate
+    cert = download_certificate_from_ca(name)
+    return nil unless cert
+    validate_certificate_with_key(cert)
+    save_host_certificate(cert)
+    cert
+  end
+  # Search for an existing CSR for this host either cached on
+  # disk or stored by the CA. Returns nil if no request exists.
+  # @return [Puppet::SSL::CertificateRequest, nil]
+  def certificate_request
+    unless @certificate_request
+      if csr = load_certificate_request_from_file
+        @certificate_request = csr
+      elsif csr = download_csr_from_ca
+        @certificate_request = csr
+      end
+    end
+    @certificate_request
+  end
   # Generate all necessary parts of our ssl host.
   def generate
     generate_key unless key
-    # ask indirector to find any existing requests and download them
     existing_request = certificate_request
     # if CSR downloaded from master, but the local keypair was just generated and
     # does not match the public key in the CSR, fail hard
-    if !existing_request.nil? &&
-      (key.content.public_key.to_s != existing_request.content.public_key.to_s)
+    validate_csr_with_key(existing_request, key) if existing_request
+    generate_certificate_request unless existing_request
+  end
-      raise Puppet::Error, _(<<ERROR_STRING) % { fingerprint: existing_request.fingerprint, csr_public_key: existing_request.content.public_key.to_text, agent_public_key: key.content.public_key.to_text, cert_name: Puppet[:certname], ssl_dir: Puppet[:ssldir], cert_dir: Puppet[:certdir].tr('/', '\\') }
+  # Generate a keypair, generate a CSR, and submit it. If a local key pair
+  # already exists it will be used to generate the CSR. If a local CSR already
+  # exists and matches the key then the existing CSR will be submitted. If the
+  # CSR and key do not match an exception will be raised.
+  #
+  # @return [Puppet::SSL::CertificateRequest, nil]
+  def submit_request
+    generate_key unless key
+    csr = load_certificate_request_from_file
+    if csr
+      if key.content.public_key.to_s != csr.content.public_key.to_s
+        Puppet.warning("The local CSR does not match the agent's public key. Generating a new CSR.")
+        request_path = certificate_request_location(name)
+        Puppet::FileSystem.unlink(request_path)
+        csr = nil
+      end
+    end
+    if csr
+      validate_csr_with_key(csr, key)
+      submit_certificate_request(csr)
+      @certificate_request = csr
+    else
+      generate_certificate_request
+    end
+    @certificate_request
+  end
+  def validate_local_csr_with_key(csr, key)
+    if key.content.public_key.to_s != csr.content.public_key.to_s
+      raise Puppet::Error, _(<<ERROR_STRING) % { fingerprint: csr.fingerprint, csr_public_key: csr.content.public_key.to_text, agent_public_key: key.content.public_key.to_text, cert_name: Puppet[:certname], ssl_dir: Puppet[:ssldir], cert_dir: Puppet[:certdir].gsub('/', '\\') }
+The local CSR does not match the agent's public key.
+CSR fingerprint: %{fingerprint}
+CSR public key: %{csr_public_key}
+Agent public key: %{agent_public_key}
+To fix this, remove the CSR from the agent and then start a puppet run, which will automatically regenerate a CSR.
+On the agent:
+  1a. On most platforms: find %{ssl_dir} -name %{cert_name}.pem -delete
+  1b. On Windows: del "%{cert_dir}\\%{cert_name}.pem" /f
+  2. puppet agent -t
+ERROR_STRING
+    end
+  end
+  private :validate_local_csr_with_key
+  def validate_csr_with_key(csr, key)
+    if key.content.public_key.to_s != csr.content.public_key.to_s
+      raise Puppet::Error, _(<<ERROR_STRING) % { fingerprint: csr.fingerprint, csr_public_key: csr.content.public_key.to_text, agent_public_key: key.content.public_key.to_text, cert_name: Puppet[:certname], ssl_dir: Puppet[:ssldir], cert_dir: Puppet[:certdir].gsub('/', '\\') }
 The CSR retrieved from the master does not match the agent's public key.
 CSR fingerprint: %{fingerprint}
 CSR public key: %{csr_public_key}
@@ -249,21 +268,15 @@ On the agent:
   2. puppet agent -t
 ERROR_STRING
     end
-    generate_certificate_request unless existing_request
-    # If we can get a CA instance, then we're a valid CA, and we
-    # should use it to sign our request; else, just try to read
-    # the cert.
-    if ! certificate and ca = Puppet::SSL::CertificateAuthority.instance
-      ca.sign(self.name, {allow_dns_alt_names: true})
-    end
   end
+  private :validate_csr_with_key
   def initialize(name = nil)
     @name = (name || Puppet[:certname]).downcase
     Puppet::SSL::Base.validate_certname(@name)
     @key = @certificate = @certificate_request = nil
-    @ca = (name == self.class.ca_name)
+    @crl_usage = Puppet.settings[:certificate_revocation]
+    @crl_path = Puppet.settings[:hostcrl]
   end
   # Extract the public key from the private key.
@@ -271,6 +284,14 @@ ERROR_STRING
     key.content.public_key
   end
+  def use_crl?
+    !!@crl_usage
+  end
+  def use_crl_chain?
+    @crl_usage == true || @crl_usage == :chain
+  end
   # Create/return a store that uses our SSL info to validate
   # connections.
   def ssl_store(purpose = OpenSSL::X509::PURPOSE_ANY)
@@ -280,49 +301,6 @@ ERROR_STRING
     @ssl_store
   end
-  def to_data_hash
-    my_cert = Puppet::SSL::Certificate.indirection.find(name)
-    result = { 'name'  => name }
-    my_state = state
-    result['state'] = my_state
-    result['desired_state'] = desired_state if desired_state
-    thing_to_use = (my_state == 'requested') ? certificate_request : my_cert
-    # this is for backwards-compatibility
-    # we should deprecate it and transition people to using
-    # json[:fingerprints][:default]
-    # It appears that we have no internal consumers of this api
-    # --jeffweiss 30 aug 2012
-    result['fingerprint'] = thing_to_use.fingerprint
-    # The above fingerprint doesn't tell us what message digest algorithm was used
-    # No problem, except that the default is changing between 2.7 and 3.0. Also, as
-    # we move to FIPS 140-2 compliance, MD5 is no longer allowed (and, gasp, will
-    # segfault in rubies older than 1.9.3)
-    # So, when we add the newer fingerprints, we're explicit about the hashing
-    # algorithm used.
-    # --jeffweiss 31 july 2012
-    result['fingerprints'] = {}
-    result['fingerprints']['default'] = thing_to_use.fingerprint
-    suitable_message_digest_algorithms.each do |md|
-      result['fingerprints'][md.to_s] = thing_to_use.fingerprint md
-    end
-    result['dns_alt_names'] = thing_to_use.subject_alt_names
-    result
-  end
-  # eventually we'll probably want to move this somewhere else or make it
-  # configurable
-  # --jeffweiss 29 aug 2012
-  def suitable_message_digest_algorithms
-    [:SHA1, :SHA224, :SHA256, :SHA384, :SHA512]
-  end
   # Attempt to retrieve a cert, if we don't already have one.
   def wait_for_cert(time)
     begin
@@ -345,7 +323,7 @@ ERROR_STRING
       exit(1)
     end
-    loop do
+    while true
       sleep time
       begin
         break if certificate
@@ -356,45 +334,293 @@ ERROR_STRING
     end
   end
-  def state
-    if certificate_request
-      return 'requested'
+  # Saves the given certificate to disc, at a location determined by this
+  # host's configuration.
+  # @param [Puppet::SSL::Certificate] cert the cert to save
+  def save_host_certificate(cert)
+    file_path = certificate_location(name)
+    Puppet::Util.replace_file(file_path, 0644) do |f|
+      f.write(cert.to_s)
+    end
+  end
+  private
+  # Load a previously generated CSR from disk
+  # @return [Puppet::SSL::CertificateRequest, nil]
+  def load_certificate_request_from_file
+    request_path = certificate_request_location(name)
+    if Puppet::FileSystem.exist?(request_path)
+      Puppet::SSL::CertificateRequest.from_s(Puppet::FileSystem.read(request_path))
     end
+  end
+  # Download the CSR for this host from the CA. Returns nil if the CA
+  # has no saved CSR for this host.
+  # @raises [Puppet::Error] if the response from the server is not a valid
+  #                         CSR or an error occurs while fetching.
+  # @return [Puppet::SSL::CertificateRequest, nil]
+  def download_csr_from_ca
     begin
-      Puppet::SSL::CertificateAuthority.new.verify(name)
-      return 'signed'
-    rescue Puppet::SSL::CertificateAuthority::CertificateVerificationError
-      return 'revoked'
+      body = Puppet::Rest::Routes.get_certificate_request(
+                    name, Puppet::Rest::SSLContext.new(OpenSSL::SSL::VERIFY_PEER, ssl_store))
+      begin
+        Puppet::SSL::CertificateRequest.from_s(body)
+      rescue OpenSSL::X509::RequestError => e
+        raise Puppet::Error, _("Response from the CA did not contain a valid certificate request: %{message}") % { message: e.message }
+      end
+    rescue Puppet::Rest::ResponseError => e
+      if e.response.code.to_i == 404
+        nil
+      else
+        raise Puppet::Error, _('Could not download certificate request: %{message}') % { message: e.message }
+      end
     end
   end
+  # Submit the CSR to the CA via an HTTP PUT request.
+  # @param [Puppet::SSL::CertificateRequest] csr the request to submit
+  def submit_certificate_request(csr)
+    Puppet::Rest::Routes.put_certificate_request(
+                  csr.render, name, Puppet::Rest::SSLContext.new(OpenSSL::SSL::VERIFY_PEER, ssl_store))
+  end
-  private
+  def save_certificate_request(csr)
+    Puppet::Util.replace_file(certificate_request_location(name), 0644) do |file|
+      file.write(csr.render)
+    end
+  end
+  # @param crl_string [String] CRLs read from disk or obtained from server
+  # @return [Array<OpenSSL::X509::CRL>] CRLs from chain
+  # @raise [Puppet::Error<OpenSSL::X509::CRLError>] if the CRL chain is malformed
+  def process_crl_string(crl_string)
+    delimiters = /-----BEGIN X509 CRL-----.*?-----END X509 CRL-----/m
+    crl_string.scan(delimiters).map do |crl|
+      begin
+        OpenSSL::X509::CRL.new(crl)
+      rescue OpenSSL::X509::CRLError => e
+        raise Puppet::Error.new(
+          _("Failed attempting to load CRL from %{crl_path}! The CRL below caused the error '%{error}':\n%{crl}" % {crl_path: crl_path, error: e.message, crl: crl}),
+          e)
+      end
+    end
+  end
+  # @param path [String] Path to CRL Chain
+  # @return [Array<OpenSSL::X509::CRL>] CRLs from chain
+  # @raise [Puppet::Error<OpenSSL::X509::CRLError>] if the CRL chain is malformed
+  def load_crls(path)
+    crls_pems = Puppet::FileSystem.read(path, encoding: Encoding::UTF_8)
+    process_crl_string(crls_pems)
+  end
+  # Ensures that the CA certificate is available for either generating or
+  # validating the host's cert.
+  # It will first check on disk, then try to download it.
+  # @raise [Puppet::Error] if text form of found certificate bundle is invalid
+  #                        and cannot be loaded into cert objects
+  # @return [Boolean] true if the CA certificate was found, false otherwise
+  def ensure_ca_certificate
+    file_path = certificate_location(CA_NAME)
+    if Puppet::FileSystem.exist?(file_path)
+      begin
+        # This load ensures that the file contents is a valid cert bundle.
+        # If the text is malformed, load_certificate_bundle will raise.
+        load_certificate_bundle(Puppet::FileSystem.read(file_path))
+      rescue Puppet::Error => e
+        raise Puppet::Error, _("The CA certificate at %{file_path} is invalid: %{message}") % { file_path: file_path, message: e.message }
+      end
+    else
+      bundle = download_ca_certificate_bundle
+      if bundle
+        save_bundle(bundle, certificate_location(CA_NAME))
+        true
+      else
+        false
+      end
+    end
+  end
+  public :ensure_ca_certificate
+  # Creates an arry of SSL Certificate objects from a PEM-encoding string
+  # of one or more certs.
+  # @param [String] bundle_string PEM-encoded string of certs
+  # @return [[OpenSSL::X509::Certificate], nil] the certs loaded from the
+  #         input string, or nil if none could be loaded
+  def load_certificate_bundle(bundle_string)
+    delimiters = /-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----/m
+    certs = bundle_string.scan(delimiters)
+    if certs.empty?
+      raise Puppet::Error, _("No valid PEM-encoded certificates.")
+    end
+    certs.map do |cert|
+      begin
+        OpenSSL::X509::Certificate.new(cert)
+      rescue OpenSSL::X509::CertificateError => e
+        raise Puppet::Error, _("Could not parse certificate: %{message}") % { message: e.message }
+      end
+    end
+  end
+  # Fetches and saves the crl bundle from the CA server without validating
+  # its contents. Takes an optional store to use with the http_client,
+  # necessary for initial download of the CRL because `build_ssl_store`
+  # calls this `download_and_save_crl_bundle`. If there is an error during
+  # this downloading process, the file should not be replaced at all. This
+  # streams the file directly to disk to avoid loading the entire CRL in memory.
+  # @param [OpenSSL::X509::Store] store optional ssl_store to use with http_client
+  # @raise [Puppet::Error<Puppet::Rest::ResponseError>] if bad response from server
+  # @return nil
+  def download_and_save_crl_bundle(store=nil)
+    begin
+      # If no SSL store was supplied, use this host's SSL store
+      store ||= ssl_store
+      Puppet::Util.replace_file(crl_path, 0644) do |file|
+        result = Puppet::Rest::Routes.get_crls(CA_NAME, Puppet::Rest::SSLContext.new(OpenSSL::SSL::VERIFY_PEER, store))
+        file.write(result)
+      end
+    rescue Puppet::Rest::ResponseError => e
+      raise Puppet::Error, _('Could not download CRLs: %{message}') % { message: e.message }
+    end
+  end
+  # Fetches the CA certificate bundle from the CA server
+  # @raise [Puppet::Error] if response from the server is not a valid certificate
+  #                        bundle
+  # @return [[OpenSSL::X509::Certificate]] the certs loaded from the response
+  def download_ca_certificate_bundle
+    begin
+      cert_bundle = Puppet::Rest::Routes.get_certificate(
+        CA_NAME,
+        Puppet::Rest::SSLContext.new(OpenSSL::SSL::VERIFY_NONE)
+      )
+      # This load ensures that the response body is a valid cert bundle.
+      # If the text is malformed, load_certificate_bundle will raise.
+      begin
+        load_certificate_bundle(cert_bundle)
+      rescue Puppet::Error => e
+        raise Puppet::Error, _("Response from the CA did not contain a valid CA certificate: %{message}") % { message: e.message }
+      end
+    rescue Puppet::Rest::ResponseError => e
+      raise Puppet::Error, _('Could not download CA certificate: %{message}') % { message: e.message }
+    end
+  end
+  # Saves the given bundle to disk to a specified file path.
+  # @param bundle [[OpenSSL::X509::Certificate/CRL]] the certs to save
+  # @param location [String] place on disk to save bundle
+  def save_bundle(cert_bundle, location)
+    Puppet::Util.replace_file(location, 0644) do |f|
+      bundle_string = cert_bundle.map(&:to_pem).join("\n")
+      f.write(bundle_string)
+    end
+  end
+  # Attempts to load or fetch this host's certificate. Returns nil if
+  # no certificate could be found.
+  # @return [Puppet::SSL::Certificate, nil]
+  def get_host_certificate
+    if cert = check_for_certificate_on_disk(name)
+      return cert
+    elsif cert = download_certificate_from_ca(name)
+      save_host_certificate(cert)
+      return cert
+    else
+      return nil
+    end
+  end
-  def build_ssl_store(purpose)
+  # Checks for the requested certificate on disc, at a location
+  # determined by this host's configuration.
+  # @name [String] name the name of the cert to look for
+  # @raise [Puppet::Error] if contents of certificate file is invalid
+  #                        and could not be loaded
+  # @return [Puppet::SSL::Certificate, nil]
+  def check_for_certificate_on_disk(cert_name)
+    file_path = certificate_location(cert_name)
+    if Puppet::FileSystem.exist?(file_path)
+      begin
+        Puppet::SSL::Certificate.from_s(Puppet::FileSystem.read(file_path))
+      rescue OpenSSL::X509::CertificateError
+        raise Puppet::Error, _("The certificate at %{file_path} is invalid. Could not load.") % { file_path: file_path }
+      end
+    end
+  end
+  public :check_for_certificate_on_disk
+  # Attempts to download this host's certificate from the CA server.
+  # Returns nil if the CA does not yet have a signed cert for this host.
+  # @param [String] name then name of the cert to fetch
+  # @raise [Puppet::Error] if response from the CA does not contain a valid
+  #                        certificate
+  # @return [Puppet::SSL::Certificate, nil]
+  def download_certificate_from_ca(cert_name)
+    begin
+      cert = Puppet::Rest::Routes.get_certificate(
+        cert_name,
+        Puppet::Rest::SSLContext.new(OpenSSL::SSL::VERIFY_PEER, ssl_store)
+      )
+      begin
+        Puppet::SSL::Certificate.from_s(cert)
+      rescue OpenSSL::X509::CertificateError
+        raise Puppet::Error, _("Response from the CA did not contain a valid certificate for %{cert_name}.") % { cert_name: cert_name }
+      end
+    rescue Puppet::Rest::ResponseError => e
+      if e.response.code.to_i == 404
+        Puppet.debug _("No certificate for %{cert_name} on CA") % { cert_name: cert_name }
+        nil
+      else
+        raise Puppet::Rest::ResponseError, _("Could not download host certificate: %{message}") % { message: e.message }
+      end
+    end
+  end
+  # Returns the file path for the named certificate, based on this host's
+  # configuration.
+  # @param [String] name the name of the cert to find
+  # @return [String] file path to the cert's location
+  def certificate_location(cert_name)
+    cert_name == CA_NAME ? Puppet[:localcacert] : File.join(Puppet[:certdir], "#{cert_name}.pem")
+  end
+  # Returns the file path for the named CSR, based on this host's configuration.
+  # @param [String] name the name of the CSR to find
+  # @return [String] file path to the CSR's location
+  def certificate_request_location(cert_name)
+    File.join(Puppet[:requestdir], "#{cert_name}.pem")
+  end
+  # @param [OpenSSL::X509::PURPOSE_*] constant defining the kinds of certs
+  #   this store can verify
+  # @return [OpenSSL::X509::Store]
+  # @raise [OpenSSL::X509::StoreError] if localcacert is malformed or non-existant
+  # @raise [Puppet::Error] if the CRL chain is malformed
+  # @raise [Errno::ENOENT] if the CRL does not exist on disk but use_crl? is true
+  def build_ssl_store(purpose=OpenSSL::X509::PURPOSE_ANY)
     store = OpenSSL::X509::Store.new
     store.purpose = purpose
     # Use the file path here, because we don't want to cause
     # a lookup in the middle of setting our ssl connection.
-    store.add_file(Puppet[:localcacert])
-    # If we're doing revocation and there's a CRL, add it to our store.
-    if Puppet.lookup(:certificate_revocation)
-      if crl = Puppet::SSL::CertificateRevocationList.indirection.find(CA_NAME)
-        flags = OpenSSL::X509::V_FLAG_CRL_CHECK
-        if Puppet.lookup(:certificate_revocation) == :chain
-          flags |= OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
-        end
-        store.flags = flags
-        store.add_crl(crl.content)
-      else
-        Puppet.debug _("Certificate revocation checking is enabled but a CRL cannot be found; CRL checking will not be performed.")
+    store.add_file(Puppet.settings[:localcacert])
+    if use_crl?
+      if !Puppet::FileSystem.exist?(crl_path)
+        download_and_save_crl_bundle(store)
       end
+      crls = load_crls(crl_path)
+      flags = OpenSSL::X509::V_FLAG_CRL_CHECK
+      if use_crl_chain?
+        flags |= OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
+      end
+      store.flags = flags
+      crls.each {|crl| store.add_crl(crl) }
     end
     store
   end
 end
-require 'puppet/ssl/certificate_authority'