puppet 6.10.1-universal-darwin → 6.11.0-universal-darwin
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Gemfile +4 -4
- data/Gemfile.lock +20 -12
- data/ext/project_data.yaml +3 -2
- data/ext/regexp_nodes/regexp_nodes.rb +4 -4
- data/ext/windows/service/daemon.rb +33 -8
- data/install.rb +6 -6
- data/lib/puppet.rb +8 -0
- data/lib/puppet/application.rb +1 -1
- data/lib/puppet/application/agent.rb +3 -0
- data/lib/puppet/application/apply.rb +2 -2
- data/lib/puppet/application/describe.rb +3 -9
- data/lib/puppet/application/device.rb +3 -0
- data/lib/puppet/application/doc.rb +1 -1
- data/lib/puppet/application/lookup.rb +1 -1
- data/lib/puppet/application/script.rb +2 -2
- data/lib/puppet/application/ssl.rb +25 -21
- data/lib/puppet/configurer.rb +42 -0
- data/lib/puppet/configurer/downloader.rb +2 -6
- data/lib/puppet/context/trusted_information.rb +42 -4
- data/lib/puppet/defaults.rb +19 -4
- data/lib/puppet/face/module/list.rb +5 -5
- data/lib/puppet/face/module/search.rb +1 -1
- data/lib/puppet/face/module/uninstall.rb +1 -1
- data/lib/puppet/face/module/upgrade.rb +1 -1
- data/lib/puppet/file_serving/http_metadata.rb +1 -1
- data/lib/puppet/file_system.rb +0 -8
- data/lib/puppet/file_system/memory_file.rb +1 -1
- data/lib/puppet/file_system/posix.rb +3 -2
- data/lib/puppet/forge.rb +3 -3
- data/lib/puppet/functions.rb +1 -2
- data/lib/puppet/gettext/module_translations.rb +1 -1
- data/lib/puppet/graph/rb_tree_map.rb +2 -2
- data/lib/puppet/graph/simple_graph.rb +4 -3
- data/lib/puppet/http.rb +29 -0
- data/lib/puppet/http/client.rb +156 -0
- data/lib/puppet/http/errors.rb +30 -0
- data/lib/puppet/http/redirector.rb +48 -0
- data/lib/puppet/http/resolver.rb +5 -0
- data/lib/puppet/http/resolver/settings.rb +5 -0
- data/lib/puppet/http/resolver/srv.rb +13 -0
- data/lib/puppet/http/response.rb +34 -0
- data/lib/puppet/http/retry_after_handler.rb +47 -0
- data/lib/puppet/http/service.rb +18 -0
- data/lib/puppet/http/service/ca.rb +49 -0
- data/lib/puppet/http/session.rb +55 -0
- data/lib/puppet/indirector/file_bucket_file/file.rb +1 -1
- data/lib/puppet/indirector/hiera.rb +2 -0
- data/lib/puppet/indirector/request.rb +1 -1
- data/lib/puppet/indirector/resource/ral.rb +1 -3
- data/lib/puppet/indirector/resource/validator.rb +1 -1
- data/lib/puppet/interface.rb +2 -1
- data/lib/puppet/interface/documentation.rb +1 -1
- data/lib/puppet/loaders.rb +0 -1
- data/lib/puppet/metatype/manager.rb +1 -1
- data/lib/puppet/module.rb +1 -1
- data/lib/puppet/module/task.rb +20 -4
- data/lib/puppet/module_tool/applications/installer.rb +1 -1
- data/lib/puppet/module_tool/applications/uninstaller.rb +3 -3
- data/lib/puppet/module_tool/metadata.rb +1 -1
- data/lib/puppet/module_tool/shared_behaviors.rb +4 -4
- data/lib/puppet/module_tool/tar/mini.rb +1 -1
- data/lib/puppet/network/http.rb +2 -6
- data/lib/puppet/network/http/api/indirected_routes.rb +12 -11
- data/lib/puppet/network/http/connection.rb +10 -12
- data/lib/puppet/network/http/pool.rb +2 -0
- data/lib/puppet/network/http/site.rb +5 -1
- data/lib/puppet/network/resolver.rb +4 -4
- data/lib/puppet/node/environment.rb +4 -2
- data/lib/puppet/pal/pal_impl.rb +2 -2
- data/lib/puppet/parser/ast.rb +1 -1
- data/lib/puppet/parser/ast/resourceparam.rb +1 -1
- data/lib/puppet/parser/functions.rb +1 -1
- data/lib/puppet/parser/scope.rb +8 -7
- data/lib/puppet/pops/evaluator/collectors/catalog_collector.rb +1 -1
- data/lib/puppet/pops/evaluator/collectors/exported_collector.rb +1 -1
- data/lib/puppet/pops/evaluator/external_syntax_support.rb +3 -2
- data/lib/puppet/pops/evaluator/runtime3_support.rb +4 -7
- data/lib/puppet/pops/loader/module_loaders.rb +1 -1
- data/lib/puppet/pops/loader/task_instantiator.rb +4 -0
- data/lib/puppet/pops/loaders.rb +1 -1
- data/lib/puppet/pops/lookup/hiera_config.rb +1 -0
- data/lib/puppet/pops/lookup/sub_lookup.rb +1 -1
- data/lib/puppet/pops/merge_strategy.rb +22 -18
- data/lib/puppet/pops/parser/heredoc_support.rb +1 -1
- data/lib/puppet/pops/parser/interpolation_support.rb +4 -4
- data/lib/puppet/pops/parser/locator.rb +1 -1
- data/lib/puppet/pops/parser/pn_parser.rb +17 -16
- data/lib/puppet/pops/puppet_stack.rb +52 -48
- data/lib/puppet/pops/types/p_sensitive_type.rb +1 -1
- data/lib/puppet/pops/types/p_uri_type.rb +1 -1
- data/lib/puppet/pops/types/string_converter.rb +10 -10
- data/lib/puppet/pops/types/types.rb +3 -3
- data/lib/puppet/property.rb +1 -1
- data/lib/puppet/property/ensure.rb +1 -1
- data/lib/puppet/provider/exec.rb +6 -2
- data/lib/puppet/provider/nameservice/directoryservice.rb +1 -1
- data/lib/puppet/provider/nameservice/pw.rb +2 -2
- data/lib/puppet/provider/package/apt.rb +5 -1
- data/lib/puppet/provider/package/dnfmodule.rb +87 -0
- data/lib/puppet/provider/package/dpkg.rb +31 -17
- data/lib/puppet/provider/package/openbsd.rb +1 -1
- data/lib/puppet/provider/package/pip.rb +34 -9
- data/lib/puppet/provider/package/portage.rb +1 -1
- data/lib/puppet/provider/package/rpm.rb +5 -5
- data/lib/puppet/provider/package/windows/package.rb +1 -1
- data/lib/puppet/provider/package/yum.rb +1 -1
- data/lib/puppet/provider/parsedfile.rb +1 -1
- data/lib/puppet/provider/service/daemontools.rb +9 -9
- data/lib/puppet/provider/service/openbsd.rb +1 -1
- data/lib/puppet/provider/service/rcng.rb +2 -2
- data/lib/puppet/provider/service/runit.rb +2 -8
- data/lib/puppet/provider/service/systemd.rb +10 -10
- data/lib/puppet/provider/user/directoryservice.rb +1 -1
- data/lib/puppet/provider/user/user_role_add.rb +1 -1
- data/lib/puppet/provider/user/useradd.rb +22 -13
- data/lib/puppet/provider/user/windows_adsi.rb +4 -5
- data/lib/puppet/reference/indirection.rb +2 -2
- data/lib/puppet/reference/metaparameter.rb +1 -3
- data/lib/puppet/reference/providers.rb +1 -1
- data/lib/puppet/reference/type.rb +3 -9
- data/lib/puppet/reports.rb +1 -1
- data/lib/puppet/resource.rb +1 -1
- data/lib/puppet/resource/catalog.rb +1 -1
- data/lib/puppet/rest/errors.rb +1 -0
- data/lib/puppet/rest/response.rb +1 -0
- data/lib/puppet/rest/route.rb +1 -0
- data/lib/puppet/rest/routes.rb +3 -0
- data/lib/puppet/runtime.rb +25 -0
- data/lib/puppet/settings.rb +3 -3
- data/lib/puppet/settings/environment_conf.rb +1 -0
- data/lib/puppet/ssl/host.rb +1 -1
- data/lib/puppet/ssl/oids.rb +1 -1
- data/lib/puppet/ssl/state_machine.rb +23 -15
- data/lib/puppet/test/test_helper.rb +1 -1
- data/lib/puppet/transaction/report.rb +1 -1
- data/lib/puppet/trusted_external.rb +13 -0
- data/lib/puppet/type.rb +1 -3
- data/lib/puppet/type/exec.rb +7 -3
- data/lib/puppet/type/file.rb +1 -2
- data/lib/puppet/type/file/source.rb +2 -2
- data/lib/puppet/type/package.rb +10 -3
- data/lib/puppet/type/schedule.rb +1 -1
- data/lib/puppet/type/service.rb +1 -1
- data/lib/puppet/util.rb +2 -2
- data/lib/puppet/util/command_line/trollop.rb +1 -1
- data/lib/puppet/util/http_proxy.rb +2 -10
- data/lib/puppet/util/log.rb +2 -2
- data/lib/puppet/util/log/destinations.rb +2 -2
- data/lib/puppet/util/logging.rb +2 -2
- data/lib/puppet/util/metric.rb +2 -2
- data/lib/puppet/util/platform.rb +15 -4
- data/lib/puppet/util/provider_features.rb +2 -4
- data/lib/puppet/util/rdoc.rb +1 -1
- data/lib/puppet/util/reference.rb +1 -1
- data/lib/puppet/util/resource_template.rb +1 -1
- data/lib/puppet/util/selinux.rb +3 -1
- data/lib/puppet/util/windows/registry.rb +7 -5
- data/lib/puppet/vendor.rb +1 -1
- data/lib/puppet/vendor/require_vendored.rb +0 -1
- data/lib/puppet/version.rb +1 -1
- data/lib/puppet/x509/cert_provider.rb +4 -1
- data/locales/puppet.pot +279 -203
- data/man/man5/puppet.conf.5 +30 -8
- data/man/man8/puppet-agent.8 +4 -1
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +1 -1
- data/man/man8/puppet-filebucket.8 +1 -1
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-key.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-man.8 +1 -1
- data/man/man8/puppet-module.8 +1 -1
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +1 -1
- data/man/man8/puppet-status.8 +1 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/unit/provider/package/dnfmodule/dnf-module-list-installed.txt +11 -0
- data/spec/integration/configurer_spec.rb +52 -0
- data/spec/lib/puppet/certificate_factory.rb +2 -2
- data/spec/spec_helper.rb +24 -0
- data/spec/unit/application/device_spec.rb +6 -0
- data/spec/unit/application/ssl_spec.rb +4 -7
- data/spec/unit/configurer_spec.rb +1 -0
- data/spec/unit/context/trusted_information_spec.rb +41 -2
- data/spec/unit/http/client_spec.rb +440 -0
- data/spec/unit/http/resolver_spec.rb +45 -0
- data/spec/unit/http/service/ca_spec.rb +106 -0
- data/spec/unit/http/service_spec.rb +32 -0
- data/spec/unit/http/session_spec.rb +102 -0
- data/spec/unit/indirector/resource/ral_spec.rb +4 -4
- data/spec/unit/network/http/connection_spec.rb +119 -145
- data/spec/unit/network/http/site_spec.rb +7 -0
- data/spec/unit/parser/scope_spec.rb +10 -0
- data/spec/unit/pops/loaders/loaders_spec.rb +13 -2
- data/spec/unit/pops/loaders/module_loaders_spec.rb +37 -0
- data/spec/unit/provider/exec_spec.rb +209 -0
- data/spec/unit/provider/package/dnfmodule_spec.rb +186 -0
- data/spec/unit/provider/package/dpkg_spec.rb +238 -78
- data/spec/unit/provider/package/pip_spec.rb +51 -6
- data/spec/unit/provider/service/daemontools_spec.rb +24 -0
- data/spec/unit/provider/service/runit_spec.rb +24 -0
- data/spec/unit/provider/service/systemd_spec.rb +25 -25
- data/spec/unit/provider/user/useradd_spec.rb +46 -0
- data/spec/unit/ssl/host_spec.rb +0 -5
- data/spec/unit/ssl/state_machine_spec.rb +16 -10
- data/spec/unit/type/exec_spec.rb +6 -12
- data/spec/unit/type/file_spec.rb +9 -4
- data/spec/unit/type/package_spec.rb +5 -0
- data/spec/unit/util/execution_spec.rb +16 -0
- data/spec/unit/util/http_proxy_spec.rb +79 -27
- data/spec/unit/util/log/destinations_spec.rb +7 -3
- metadata +45 -22
- data/lib/puppet/pops/loader/null_loader.rb +0 -60
- data/lib/puppet/vendor/deep_merge/CHANGELOG +0 -45
- data/lib/puppet/vendor/deep_merge/Gemfile +0 -3
- data/lib/puppet/vendor/deep_merge/LICENSE +0 -21
- data/lib/puppet/vendor/deep_merge/PUPPET_README.md +0 -6
- data/lib/puppet/vendor/deep_merge/README.md +0 -113
- data/lib/puppet/vendor/deep_merge/Rakefile +0 -19
- data/lib/puppet/vendor/deep_merge/deep_merge.gemspec +0 -35
- data/lib/puppet/vendor/deep_merge/lib/deep_merge.rb +0 -2
- data/lib/puppet/vendor/deep_merge/lib/deep_merge/core.rb +0 -210
- data/lib/puppet/vendor/deep_merge/lib/deep_merge/deep_merge_hash.rb +0 -28
- data/lib/puppet/vendor/deep_merge/lib/deep_merge/rails_compat.rb +0 -27
- data/lib/puppet/vendor/deep_merge/test/test_deep_merge.rb +0 -608
- data/lib/puppet/vendor/load_deep_merge.rb +0 -1
- data/spec/fixtures/vcr/cassettes/Puppet_Network_HTTP_Connection/when_handling_requests/_request_get/should_yield_to_the_block.yml +0 -24
- data/spec/fixtures/vcr/cassettes/Puppet_Network_HTTP_Connection/when_handling_requests/_request_head/should_yield_to_the_block.yml +0 -24
- data/spec/fixtures/vcr/cassettes/Puppet_Network_HTTP_Connection/when_handling_requests/_request_post/should_yield_to_the_block.yml +0 -24
data/lib/puppet/rest/errors.rb
CHANGED
data/lib/puppet/rest/response.rb
CHANGED
data/lib/puppet/rest/route.rb
CHANGED
data/lib/puppet/rest/routes.rb
CHANGED
@@ -3,6 +3,7 @@ require 'puppet/rest/route'
|
|
3
3
|
require 'puppet/network/http_pool'
|
4
4
|
require 'puppet/network/http/compression'
|
5
5
|
|
6
|
+
# @deprecated Use {Puppet::HTTP::Client} instead.
|
6
7
|
module Puppet::Rest
|
7
8
|
module Routes
|
8
9
|
extend Puppet::Network::HTTP::Compression.module
|
@@ -10,6 +11,8 @@ module Puppet::Rest
|
|
10
11
|
ACCEPT_ENCODING = 'gzip;q=1.0,deflate;q=0.6,identity;q=0.3'
|
11
12
|
|
12
13
|
def self.ca
|
14
|
+
Puppet.deprecation_warning("Puppet::Rest::Routes is deprecated, use Puppet::HTTP::Client instead")
|
15
|
+
|
13
16
|
@ca ||= Route.new(api: '/puppet-ca/v1/',
|
14
17
|
server_setting: :ca_server,
|
15
18
|
port_setting: :ca_port,
|
@@ -0,0 +1,25 @@
|
|
1
|
+
require 'puppet/http'
|
2
|
+
|
3
|
+
class Puppet::Runtime
|
4
|
+
include Singleton
|
5
|
+
|
6
|
+
def initialize
|
7
|
+
@runtime_services = {}
|
8
|
+
end
|
9
|
+
private :initialize
|
10
|
+
|
11
|
+
def [](name)
|
12
|
+
service = @runtime_services[name]
|
13
|
+
raise ArgumentError, "Unknown service #{name}" unless service
|
14
|
+
|
15
|
+
if service.is_a?(Proc)
|
16
|
+
@runtime_services[name] = service.call
|
17
|
+
else
|
18
|
+
service
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
def []=(name, impl)
|
23
|
+
@runtime_services[name] = impl
|
24
|
+
end
|
25
|
+
end
|
data/lib/puppet/settings.rb
CHANGED
@@ -1242,10 +1242,10 @@ Generated on #{Time.now}.
|
|
1242
1242
|
if !Puppet::FileSystem.symlink?(configured_environment_path)
|
1243
1243
|
parameters = { :ensure => 'directory' }
|
1244
1244
|
unless Puppet::FileSystem.exist?(configured_environment_path)
|
1245
|
-
parameters
|
1245
|
+
parameters[:mode] = '0750'
|
1246
1246
|
if Puppet.features.root?
|
1247
|
-
parameters
|
1248
|
-
parameters
|
1247
|
+
parameters[:owner] = Puppet[:user] if service_user_available?
|
1248
|
+
parameters[:group] = Puppet[:group] if service_group_available?
|
1249
1249
|
end
|
1250
1250
|
end
|
1251
1251
|
catalog.add_resource(Puppet::Resource.new(:file, configured_environment_path, :parameters => parameters))
|
data/lib/puppet/ssl/host.rb
CHANGED
data/lib/puppet/ssl/oids.rb
CHANGED
@@ -101,7 +101,7 @@ module Puppet::SSL::Oids
|
|
101
101
|
# shortname: 'myothershortname'
|
102
102
|
# longname: 'Other Long name'
|
103
103
|
def self.parse_custom_oid_file(custom_oid_file, map_key='oid_mapping')
|
104
|
-
if File.
|
104
|
+
if File.exist?(custom_oid_file) && File.readable?(custom_oid_file)
|
105
105
|
mapping = nil
|
106
106
|
begin
|
107
107
|
mapping = Puppet::Util::Yaml.safe_load_file(custom_oid_file, [Symbol])
|
@@ -44,7 +44,8 @@ class Puppet::SSL::StateMachine
|
|
44
44
|
if cacerts
|
45
45
|
next_ctx = @ssl_provider.create_root_context(cacerts: cacerts, revocation: false)
|
46
46
|
else
|
47
|
-
|
47
|
+
route = @machine.session.route_to(:ca, ssl_context: @ssl_context)
|
48
|
+
pem = route.get_certificate(Puppet::SSL::CA_NAME, ssl_context: @ssl_context)
|
48
49
|
if @machine.ca_fingerprint
|
49
50
|
actual_digest = Puppet::SSL::Digest.new(@machine.digest, pem).to_hex
|
50
51
|
expected_digest = @machine.ca_fingerprint.scan(/../).join(':').upcase
|
@@ -66,8 +67,8 @@ class Puppet::SSL::StateMachine
|
|
66
67
|
NeedCRLs.new(@machine, next_ctx)
|
67
68
|
rescue OpenSSL::X509::CertificateError => e
|
68
69
|
Error.new(@machine, e.message, e)
|
69
|
-
rescue Puppet::
|
70
|
-
if e.response.code
|
70
|
+
rescue Puppet::HTTP::ResponseError => e
|
71
|
+
if e.response.code == 404
|
71
72
|
to_error(_('CA certificate is missing from the server'), e)
|
72
73
|
else
|
73
74
|
to_error(_('Could not download CA certificate: %{message}') % { message: e.message }, e)
|
@@ -112,8 +113,8 @@ class Puppet::SSL::StateMachine
|
|
112
113
|
NeedKey.new(@machine, next_ctx)
|
113
114
|
rescue OpenSSL::X509::CRLError => e
|
114
115
|
Error.new(@machine, e.message, e)
|
115
|
-
rescue Puppet::
|
116
|
-
if e.response.code
|
116
|
+
rescue Puppet::HTTP::ResponseError => e
|
117
|
+
if e.response.code == 404
|
117
118
|
to_error(_('CRL is missing from the server'), e)
|
118
119
|
else
|
119
120
|
to_error(_('Could not download CRLs: %{message}') % { message: e.message }, e)
|
@@ -127,8 +128,8 @@ class Puppet::SSL::StateMachine
|
|
127
128
|
|
128
129
|
# return the next_ctx containing the updated crl
|
129
130
|
download_crl(ssl_ctx, last_update)
|
130
|
-
rescue Puppet::
|
131
|
-
if e.response.code
|
131
|
+
rescue Puppet::HTTP::ResponseError => e
|
132
|
+
if e.response.code == 304
|
132
133
|
Puppet.info(_("CRL is unmodified, using existing CRL"))
|
133
134
|
else
|
134
135
|
Puppet.info(_("Failed to refresh CRL, using existing CRL: %{message}") % {message: e.message})
|
@@ -136,7 +137,7 @@ class Puppet::SSL::StateMachine
|
|
136
137
|
|
137
138
|
# return the original ssl_ctx
|
138
139
|
ssl_ctx
|
139
|
-
rescue
|
140
|
+
rescue Puppet::HTTP::HTTPError => e
|
140
141
|
Puppet.warning(_("Failed to refresh CRL, using existing CRL: %{message}") % {message: e.message})
|
141
142
|
|
142
143
|
# return the original ssl_ctx
|
@@ -144,7 +145,8 @@ class Puppet::SSL::StateMachine
|
|
144
145
|
end
|
145
146
|
|
146
147
|
def download_crl(ssl_ctx, last_update)
|
147
|
-
|
148
|
+
route = @machine.session.route_to(:ca, ssl_context: ssl_ctx)
|
149
|
+
pem = route.get_certificate_revocation_list(if_modified_since: last_update, ssl_context: ssl_ctx)
|
148
150
|
crls = @cert_provider.load_crls_from_pem(pem)
|
149
151
|
# verify crls before saving
|
150
152
|
next_ctx = @ssl_provider.create_root_context(cacerts: ssl_ctx[:cacerts], crls: crls)
|
@@ -211,11 +213,12 @@ class Puppet::SSL::StateMachine
|
|
211
213
|
Puppet.debug(_("Generating and submitting a CSR"))
|
212
214
|
|
213
215
|
csr = @cert_provider.create_request(Puppet[:certname], @private_key)
|
214
|
-
|
216
|
+
route = @machine.session.route_to(:ca, ssl_context: @ssl_context)
|
217
|
+
route.put_certificate_request(Puppet[:certname], csr, ssl_context: @ssl_context)
|
215
218
|
@cert_provider.save_request(Puppet[:certname], csr)
|
216
219
|
NeedCert.new(@machine, @ssl_context, @private_key)
|
217
|
-
rescue Puppet::
|
218
|
-
if e.response.code
|
220
|
+
rescue Puppet::HTTP::ResponseError => e
|
221
|
+
if e.response.code == 400
|
219
222
|
NeedCert.new(@machine, @ssl_context, @private_key)
|
220
223
|
else
|
221
224
|
to_error(_("Failed to submit the CSR, HTTP response was %{code}") % { code: e.response.code }, e)
|
@@ -229,9 +232,11 @@ class Puppet::SSL::StateMachine
|
|
229
232
|
def next_state
|
230
233
|
Puppet.debug(_("Downloading client certificate"))
|
231
234
|
|
235
|
+
route = @machine.session.route_to(:ca, ssl_context: @ssl_context)
|
232
236
|
cert = OpenSSL::X509::Certificate.new(
|
233
|
-
|
237
|
+
route.get_certificate(Puppet[:certname], ssl_context: @ssl_context)
|
234
238
|
)
|
239
|
+
Puppet.info _("Downloaded certificate for %{name} from %{url}") % { name: Puppet[:certname], url: route.url }
|
235
240
|
# verify client cert before saving
|
236
241
|
next_ctx = @ssl_provider.create_context(
|
237
242
|
cacerts: @ssl_context.cacerts, crls: @ssl_context.crls, private_key: @private_key, client_cert: cert
|
@@ -243,8 +248,8 @@ class Puppet::SSL::StateMachine
|
|
243
248
|
Error.new(@machine, e.message, e)
|
244
249
|
rescue OpenSSL::X509::CertificateError => e
|
245
250
|
Error.new(@machine, _("Failed to parse certificate: %{message}") % {message: e.message}, e)
|
246
|
-
rescue Puppet::
|
247
|
-
if e.response.code
|
251
|
+
rescue Puppet::HTTP::ResponseError => e
|
252
|
+
if e.response.code == 404
|
248
253
|
Puppet.info(_("Certificate for %{certname} has not been signed yet") % {certname: Puppet[:certname]})
|
249
254
|
$stdout.puts _("Couldn't fetch certificate from CA server; you might still need to sign this agent's certificate (%{name}).") % { name: Puppet[:certname] }
|
250
255
|
Wait.new(@machine)
|
@@ -277,6 +282,7 @@ class Puppet::SSL::StateMachine
|
|
277
282
|
|
278
283
|
# our ssl directory may have been cleaned while we were
|
279
284
|
# sleeping, start over from the top
|
285
|
+
@machine.session = Puppet.runtime['http'].create_session
|
280
286
|
NeedCACerts.new(@machine)
|
281
287
|
end
|
282
288
|
end
|
@@ -305,6 +311,7 @@ class Puppet::SSL::StateMachine
|
|
305
311
|
class Done < SSLState; end
|
306
312
|
|
307
313
|
attr_reader :waitforcert, :wait_deadline, :cert_provider, :ssl_provider, :ca_fingerprint, :digest
|
314
|
+
attr_accessor :session
|
308
315
|
|
309
316
|
# Construct a state machine to manage the SSL initialization process. By
|
310
317
|
# default, if the state machine encounters an exception, it will log the
|
@@ -343,6 +350,7 @@ class Puppet::SSL::StateMachine
|
|
343
350
|
@lockfile = lockfile
|
344
351
|
@digest = digest
|
345
352
|
@ca_fingerprint = ca_fingerprint
|
353
|
+
@session = Puppet.runtime['http'].create_session
|
346
354
|
end
|
347
355
|
|
348
356
|
# Run the state machine for CA certs and CRLs.
|
@@ -135,7 +135,7 @@ module Puppet::Test
|
|
135
135
|
Puppet.push_context(
|
136
136
|
{
|
137
137
|
trusted_information:
|
138
|
-
Puppet::Context::TrustedInformation.new('local', 'testing', {}),
|
138
|
+
Puppet::Context::TrustedInformation.new('local', 'testing', {}, { "trusted_testhelper" => true }),
|
139
139
|
ssl_context: Puppet::SSL::SSLContext.new(cacerts: []).freeze
|
140
140
|
},
|
141
141
|
"Context for specs")
|
@@ -346,7 +346,7 @@ class Puppet::Transaction::Report
|
|
346
346
|
report = raw_summary
|
347
347
|
|
348
348
|
ret = ""
|
349
|
-
report.keys.
|
349
|
+
report.keys.sort_by(&:to_s).each do |key|
|
350
350
|
ret += "#{Puppet::Util::Metric.labelize(key)}:\n"
|
351
351
|
|
352
352
|
report[key].keys.sort { |a,b|
|
@@ -0,0 +1,13 @@
|
|
1
|
+
# A method for retrieving external trusted facts
|
2
|
+
module Puppet::TrustedExternal
|
3
|
+
def retrieve(certname)
|
4
|
+
command = Puppet[:trusted_external_command]
|
5
|
+
return nil unless command
|
6
|
+
result = Puppet::Util::Execution.execute([command, certname], {
|
7
|
+
:combine => false,
|
8
|
+
:failonfail => true,
|
9
|
+
})
|
10
|
+
JSON.parse(result)
|
11
|
+
end
|
12
|
+
module_function :retrieve
|
13
|
+
end
|
data/lib/puppet/type.rb
CHANGED
@@ -1952,9 +1952,7 @@ end
|
|
1952
1952
|
# Since we're mixing @doc with text from other sources, we must normalize
|
1953
1953
|
# its indentation with scrub. But we don't need to manually scrub the
|
1954
1954
|
# provider's doc string, since markdown_definitionlist sanitizes its inputs.
|
1955
|
-
scrub(@doc) + "Available providers are:\n\n" + parenttype.providers.
|
1956
|
-
a.to_s <=> b.to_s
|
1957
|
-
}.collect { |i|
|
1955
|
+
scrub(@doc) + "Available providers are:\n\n" + parenttype.providers.sort_by(&:to_s).collect { |i|
|
1958
1956
|
markdown_definitionlist( i, scrub(parenttype().provider(i).doc) )
|
1959
1957
|
}.join
|
1960
1958
|
end
|
data/lib/puppet/type/exec.rb
CHANGED
@@ -165,9 +165,13 @@ module Puppet
|
|
165
165
|
end
|
166
166
|
end
|
167
167
|
unless log == :false
|
168
|
-
@
|
169
|
-
self.send(log,
|
170
|
-
|
168
|
+
if @resource.parameter(:command).sensitive
|
169
|
+
self.send(log, "[output redacted]")
|
170
|
+
else
|
171
|
+
@output.split(/\n/).each { |line|
|
172
|
+
self.send(log, line)
|
173
|
+
}
|
174
|
+
end
|
171
175
|
end
|
172
176
|
end
|
173
177
|
|
data/lib/puppet/type/file.rb
CHANGED
@@ -605,8 +605,7 @@ Puppet::Type.newtype(:file) do
|
|
605
605
|
# remote system.
|
606
606
|
mark_children_for_purging(children) if self.purge?
|
607
607
|
|
608
|
-
|
609
|
-
result = children.values.sort { |a, b| a[:path] <=> b[:path] }
|
608
|
+
result = children.values.sort_by { |a| a[:path] }
|
610
609
|
remove_less_specific_files(result)
|
611
610
|
end
|
612
611
|
|
@@ -220,11 +220,11 @@ module Puppet
|
|
220
220
|
end
|
221
221
|
|
222
222
|
def server?
|
223
|
-
uri
|
223
|
+
uri && uri.host && !uri.host.empty?
|
224
224
|
end
|
225
225
|
|
226
226
|
def server
|
227
|
-
|
227
|
+
server? ? uri.host : Puppet.settings[:server]
|
228
228
|
end
|
229
229
|
|
230
230
|
def port
|
data/lib/puppet/type/package.rb
CHANGED
@@ -485,8 +485,8 @@ module Puppet
|
|
485
485
|
end
|
486
486
|
|
487
487
|
newparam(:flavor) do
|
488
|
-
desc "OpenBSD
|
489
|
-
which type of package you want."
|
488
|
+
desc "OpenBSD and DNF modules support 'flavors', which are
|
489
|
+
further specifications for which type of package you want."
|
490
490
|
end
|
491
491
|
|
492
492
|
newparam(:install_only, :boolean => false, :parent => Puppet::Parameter::Boolean, :required_features => :install_only) do
|
@@ -548,7 +548,14 @@ module Puppet
|
|
548
548
|
newparam(:allow_virtual, :boolean => true, :parent => Puppet::Parameter::Boolean, :required_features => :virtual_packages) do
|
549
549
|
desc 'Specifies if virtual package names are allowed for install and uninstall.'
|
550
550
|
|
551
|
-
defaultto
|
551
|
+
defaultto do
|
552
|
+
provider_class = provider.class
|
553
|
+
if provider_class.respond_to?(:defaultto_allow_virtual)
|
554
|
+
provider_class.defaultto_allow_virtual
|
555
|
+
else
|
556
|
+
true
|
557
|
+
end
|
558
|
+
end
|
552
559
|
end
|
553
560
|
|
554
561
|
autorequire(:file) do
|
data/lib/puppet/type/schedule.rb
CHANGED
data/lib/puppet/type/service.rb
CHANGED
@@ -231,7 +231,7 @@ module Puppet
|
|
231
231
|
desc "The control variable used to manage services (originally for HP-UX).
|
232
232
|
Defaults to the upcased service name plus `START` replacing dots with
|
233
233
|
underscores, for those providers that support the `controllable` feature."
|
234
|
-
defaultto { resource.name.
|
234
|
+
defaultto { resource.name.tr(".","_").upcase + "_START" if resource.provider.controllable? }
|
235
235
|
end
|
236
236
|
|
237
237
|
newparam :hasrestart do
|
data/lib/puppet/util.rb
CHANGED
@@ -324,7 +324,7 @@ module Util
|
|
324
324
|
params = { :scheme => 'file' }
|
325
325
|
|
326
326
|
if Puppet::Util::Platform.windows?
|
327
|
-
path = path.
|
327
|
+
path = path.tr('\\', '/')
|
328
328
|
|
329
329
|
unc = /^\/\/([^\/]+)(\/.+)/.match(path)
|
330
330
|
if unc
|
@@ -359,7 +359,7 @@ module Util
|
|
359
359
|
path = URI.unescape(uri.path.encode(Encoding::UTF_8))
|
360
360
|
|
361
361
|
if Puppet::Util::Platform.windows? && uri.scheme == 'file'
|
362
|
-
if uri.host
|
362
|
+
if uri.host && !uri.host.empty?
|
363
363
|
path = "//#{uri.host}" + path # UNC
|
364
364
|
else
|
365
365
|
path.sub!(/^\//, '')
|
@@ -215,7 +215,7 @@ class Parser
|
|
215
215
|
opts[:type] = opts[:type] || type_from_default || :flag
|
216
216
|
|
217
217
|
## fill in :long
|
218
|
-
opts[:long] = opts[:long] ? opts[:long].to_s : name.to_s.
|
218
|
+
opts[:long] = opts[:long] ? opts[:long].to_s : name.to_s.tr("_", "-")
|
219
219
|
opts[:long] =
|
220
220
|
case opts[:long]
|
221
221
|
when /^--([^-].*)$/
|
@@ -1,6 +1,6 @@
|
|
1
1
|
require 'uri'
|
2
2
|
require 'puppet/ssl/openssl_loader'
|
3
|
-
require 'puppet/
|
3
|
+
require 'puppet/http'
|
4
4
|
|
5
5
|
module Puppet::Util::HttpProxy
|
6
6
|
def self.proxy(uri)
|
@@ -52,14 +52,6 @@ module Puppet::Util::HttpProxy
|
|
52
52
|
host, port = d.split(':')
|
53
53
|
host = Regexp.escape(host).gsub('\*', '.*')
|
54
54
|
|
55
|
-
#If the host of this no_proxy value starts with '.', this entry is
|
56
|
-
#a domain level entry. Don't pin the regex to the beginning of the entry.
|
57
|
-
#If it does not start with a '.' then it is a host specific entry and
|
58
|
-
#should be matched to the destination starting at the beginning.
|
59
|
-
unless host =~ /^\\\./
|
60
|
-
host = "^#{host}"
|
61
|
-
end
|
62
|
-
|
63
55
|
#If this no_proxy entry specifies a port, we want to match it against
|
64
56
|
#the destination port. Otherwise just match hosts.
|
65
57
|
if port
|
@@ -195,7 +187,7 @@ module Puppet::Util::HttpProxy
|
|
195
187
|
|
196
188
|
headers = { 'Accept' => '*/*', 'User-Agent' => Puppet[:http_user_agent] }
|
197
189
|
if Puppet.features.zlib?
|
198
|
-
headers
|
190
|
+
headers["Accept-Encoding"] = Puppet::HTTP::ACCEPT_ENCODING
|
199
191
|
end
|
200
192
|
|
201
193
|
response = proxy.send(:head, current_uri, headers)
|
data/lib/puppet/util/log.rb
CHANGED
@@ -175,7 +175,7 @@ class Puppet::Util::Log
|
|
175
175
|
# We only select the last 10 callers in the stack to avoid being spammy
|
176
176
|
message = _("Received a Log attribute with invalid encoding:%{log_message}") %
|
177
177
|
{ log_message: Puppet::Util::CharacterEncoding.convert_to_utf_8(str.dump)}
|
178
|
-
message += '\n' + _("Backtrace:\n%{backtrace}") % { backtrace: caller
|
178
|
+
message += '\n' + _("Backtrace:\n%{backtrace}") % { backtrace: caller(1, 10).join("\n") }
|
179
179
|
message
|
180
180
|
end
|
181
181
|
private_class_method :coerce_string
|
@@ -395,7 +395,7 @@ class Puppet::Util::Log
|
|
395
395
|
end
|
396
396
|
|
397
397
|
def to_report
|
398
|
-
"#{time} #{source} (#{level}): #{
|
398
|
+
"#{time} #{source} (#{level}): #{self}"
|
399
399
|
end
|
400
400
|
|
401
401
|
def to_s
|