puppet 6.11.1 → 6.12.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of puppet might be problematic. Click here for more details.

Files changed (126) hide show
  1. checksums.yaml +4 -4
  2. data/CODEOWNERS +1 -1
  3. data/Gemfile +1 -0
  4. data/Gemfile.lock +16 -16
  5. data/README.md +1 -1
  6. data/ext/build_defaults.yaml +1 -0
  7. data/ext/windows/service/daemon.rb +22 -17
  8. data/lib/puppet/concurrent.rb +2 -0
  9. data/lib/puppet/concurrent/lock.rb +16 -0
  10. data/lib/puppet/concurrent/synchronized.rb +15 -0
  11. data/lib/puppet/concurrent/thread_local_singleton.rb +14 -0
  12. data/lib/puppet/configurer.rb +45 -31
  13. data/lib/puppet/defaults.rb +42 -3
  14. data/lib/puppet/environments.rb +3 -0
  15. data/lib/puppet/error.rb +9 -1
  16. data/lib/puppet/forge.rb +3 -3
  17. data/lib/puppet/forge/errors.rb +2 -2
  18. data/lib/puppet/forge/repository.rb +30 -86
  19. data/lib/puppet/functions/camelcase.rb +2 -2
  20. data/lib/puppet/functions/epp.rb +4 -4
  21. data/lib/puppet/functions/find_file.rb +9 -9
  22. data/lib/puppet/functions/find_template.rb +63 -0
  23. data/lib/puppet/functions/inline_epp.rb +5 -5
  24. data/lib/puppet/http.rb +2 -0
  25. data/lib/puppet/http/client.rb +89 -17
  26. data/lib/puppet/http/resolver.rb +14 -1
  27. data/lib/puppet/http/resolver/server_list.rb +38 -0
  28. data/lib/puppet/http/resolver/settings.rb +3 -2
  29. data/lib/puppet/http/resolver/srv.rb +10 -4
  30. data/lib/puppet/http/service.rb +32 -0
  31. data/lib/puppet/http/service/ca.rb +11 -10
  32. data/lib/puppet/http/service/report.rb +40 -0
  33. data/lib/puppet/http/session.rb +11 -32
  34. data/lib/puppet/network/http/base_pool.rb +13 -0
  35. data/lib/puppet/node/environment.rb +13 -7
  36. data/lib/puppet/pal/pal_impl.rb +5 -0
  37. data/lib/puppet/parser/functions/epp.rb +3 -3
  38. data/lib/puppet/parser/functions/inline_epp.rb +5 -5
  39. data/lib/puppet/pops/evaluator/runtime3_support.rb +1 -1
  40. data/lib/puppet/pops/lookup/invocation.rb +10 -3
  41. data/lib/puppet/pops/model/pn_transformer.rb +5 -9
  42. data/lib/puppet/pops/parser/evaluating_parser.rb +3 -4
  43. data/lib/puppet/pops/serialization/json_path.rb +3 -3
  44. data/lib/puppet/pops/time/timespan.rb +3 -5
  45. data/lib/puppet/pops/types/string_converter.rb +6 -9
  46. data/lib/puppet/pops/types/type_calculator.rb +6 -10
  47. data/lib/puppet/pops/types/type_formatter.rb +9 -11
  48. data/lib/puppet/pops/types/type_parser.rb +3 -3
  49. data/lib/puppet/provider/package/portage.rb +3 -3
  50. data/lib/puppet/provider/package_targetable.rb +5 -4
  51. data/lib/puppet/provider/service/systemd.rb +1 -1
  52. data/lib/puppet/provider/user/hpux.rb +1 -1
  53. data/lib/puppet/runtime.rb +1 -0
  54. data/lib/puppet/ssl/ssl_provider.rb +20 -0
  55. data/lib/puppet/transaction.rb +33 -11
  56. data/lib/puppet/type.rb +1 -1
  57. data/lib/puppet/type/file/data_sync.rb +5 -1
  58. data/lib/puppet/type/group.rb +3 -2
  59. data/lib/puppet/type/user.rb +3 -2
  60. data/lib/puppet/util.rb +34 -11
  61. data/lib/puppet/util/logging.rb +30 -18
  62. data/lib/puppet/util/windows/adsi.rb +48 -18
  63. data/lib/puppet/version.rb +1 -1
  64. data/lib/puppet/x509/cert_provider.rb +9 -5
  65. data/locales/puppet.pot +155 -141
  66. data/man/man5/puppet.conf.5 +33 -3
  67. data/man/man8/puppet-agent.8 +1 -1
  68. data/man/man8/puppet-apply.8 +1 -1
  69. data/man/man8/puppet-catalog.8 +1 -1
  70. data/man/man8/puppet-config.8 +1 -1
  71. data/man/man8/puppet-describe.8 +1 -1
  72. data/man/man8/puppet-device.8 +1 -1
  73. data/man/man8/puppet-doc.8 +1 -1
  74. data/man/man8/puppet-epp.8 +1 -1
  75. data/man/man8/puppet-facts.8 +1 -1
  76. data/man/man8/puppet-filebucket.8 +1 -1
  77. data/man/man8/puppet-generate.8 +1 -1
  78. data/man/man8/puppet-help.8 +1 -1
  79. data/man/man8/puppet-key.8 +1 -1
  80. data/man/man8/puppet-lookup.8 +1 -1
  81. data/man/man8/puppet-man.8 +1 -1
  82. data/man/man8/puppet-module.8 +1 -1
  83. data/man/man8/puppet-node.8 +1 -1
  84. data/man/man8/puppet-parser.8 +1 -1
  85. data/man/man8/puppet-plugin.8 +1 -1
  86. data/man/man8/puppet-report.8 +1 -1
  87. data/man/man8/puppet-resource.8 +1 -1
  88. data/man/man8/puppet-script.8 +1 -1
  89. data/man/man8/puppet-ssl.8 +1 -1
  90. data/man/man8/puppet-status.8 +1 -1
  91. data/man/man8/puppet.8 +2 -2
  92. data/spec/fixtures/unit/forge/bacula.json +76 -0
  93. data/spec/integration/http/client_spec.rb +144 -0
  94. data/spec/integration/module_tool/forge_spec.rb +64 -0
  95. data/spec/lib/puppet_spec/https.rb +5 -3
  96. data/spec/spec_helper.rb +6 -2
  97. data/spec/unit/concurrent/lock_spec.rb +29 -0
  98. data/spec/unit/configurer_spec.rb +394 -399
  99. data/spec/unit/defaults_spec.rb +15 -4
  100. data/spec/unit/forge/errors_spec.rb +1 -1
  101. data/spec/unit/forge/forge_spec.rb +12 -54
  102. data/spec/unit/forge/module_release_spec.rb +19 -6
  103. data/spec/unit/forge/repository_spec.rb +63 -157
  104. data/spec/unit/forge_spec.rb +46 -116
  105. data/spec/unit/functions/find_template_spec.rb +69 -0
  106. data/spec/unit/http/client_spec.rb +138 -6
  107. data/spec/unit/http/resolver_spec.rb +49 -12
  108. data/spec/unit/http/service/ca_spec.rb +56 -5
  109. data/spec/unit/http/service/report_spec.rb +100 -0
  110. data/spec/unit/http/service_spec.rb +20 -0
  111. data/spec/unit/http/session_spec.rb +53 -18
  112. data/spec/unit/network/http/connection_spec.rb +0 -1
  113. data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +8 -3
  114. data/spec/unit/provider/package/portage_spec.rb +4 -4
  115. data/spec/unit/provider/package_targetable_spec.rb +60 -0
  116. data/spec/unit/provider/user/hpux_spec.rb +2 -2
  117. data/spec/unit/ssl/ssl_provider_spec.rb +71 -0
  118. data/spec/unit/transaction_spec.rb +46 -0
  119. data/spec/unit/type/file/content_spec.rb +9 -3
  120. data/spec/unit/util/log_spec.rb +0 -138
  121. data/spec/unit/util/logging_spec.rb +200 -0
  122. data/spec/unit/util/windows/adsi_spec.rb +51 -0
  123. data/spec/unit/x509/cert_provider_spec.rb +24 -4
  124. data/tasks/manpages.rake +1 -0
  125. metadata +24 -5
  126. data/spec/lib/puppet_spec/validators.rb +0 -37
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPETCONF" "5" "November 2019" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPETCONF" "5" "January 2020" "Puppet, Inc." "Puppet manual"
5
5
  \fBThis page is autogenerated; any changes will get overwritten\fR
6
6
  .
7
7
  .SH "Configuration settings"
@@ -673,6 +673,14 @@ For more info, see the ENC documentation \fIhttps://puppet\.com/docs/puppet/late
673
673
  .
674
674
  .IP "" 0
675
675
  .
676
+ .SS "facterng"
677
+ Whether to enable a pre\-Facter 4\.0 release of Facter (distributed as the "facter\-ng" gem)\. This is not necessary if Facter 3\.x or later is installed\. This setting is still experimental and has been only included on Windows builds
678
+ .
679
+ .IP "\(bu" 4
680
+ \fIDefault\fR: false
681
+ .
682
+ .IP "" 0
683
+ .
676
684
  .SS "factpath"
677
685
  Where Puppet should look for facts\. Multiple directories should be separated by the system path separator character\. (The POSIX path separator is \':\', and the Windows path separator is \';\'\.)
678
686
  .
@@ -904,7 +912,7 @@ The time to wait for data to be read from an HTTP connection\. If nothing is rea
904
912
  The HTTP User\-Agent string to send when making network requests\.
905
913
  .
906
914
  .IP "\(bu" 4
907
- \fIDefault\fR: Puppet/6\.11\.0 Ruby/2\.4\.1\-p111 (x86_64\-linux)
915
+ \fIDefault\fR: Puppet/6\.12\.0 Ruby/2\.4\.1\-p111 (x86_64\-linux)
908
916
  .
909
917
  .IP "" 0
910
918
  .
@@ -1182,6 +1190,20 @@ The maximum amount of time the Puppet agent should wait for its certificate requ
1182
1190
  .
1183
1191
  .IP "" 0
1184
1192
  .
1193
+ .SS "merge_dependency_warnings"
1194
+ Whether to merge class\-level dependency failure warnings\.
1195
+ .
1196
+ .P
1197
+ When a class has a failed dependency, every resource in the class generates a notice level message about the dependency failure, and a warning level message about skipping the resource\.
1198
+ .
1199
+ .P
1200
+ If true, all messages caused by a class dependency failure are merged into one message associated with the class\.
1201
+ .
1202
+ .IP "\(bu" 4
1203
+ \fIDefault\fR: false
1204
+ .
1205
+ .IP "" 0
1206
+ .
1185
1207
  .SS "mkusers"
1186
1208
  Whether to create the necessary user and group that puppet agent will run as\.
1187
1209
  .
@@ -1452,6 +1474,14 @@ The public key directory\.
1452
1474
  .
1453
1475
  .IP "" 0
1454
1476
  .
1477
+ .SS "puppet_trace"
1478
+ Whether to print the Puppet stack trace on some errors\. This is a noop if \fBtrace\fR is also set\.
1479
+ .
1480
+ .IP "\(bu" 4
1481
+ \fIDefault\fR: false
1482
+ .
1483
+ .IP "" 0
1484
+ .
1455
1485
  .SS "puppetdlog"
1456
1486
  The fallback log file\. This is only used when the \fB\-\-logdest\fR option is not specified AND Puppet is running on an operating system where both the POSIX syslog service and the Windows Event Log are unavailable\. (Currently, no supported operating systems match that description\.)
1457
1487
  .
@@ -1877,7 +1907,7 @@ Turns on experimental support for tasks and plans in the puppet language\. This
1877
1907
  .IP "" 0
1878
1908
  .
1879
1909
  .SS "trace"
1880
- Whether to print stack traces on some errors
1910
+ Whether to print stack traces on some errors\. Will print internal Ruby stack trace interleaved with Puppet function frames\.
1881
1911
  .
1882
1912
  .IP "\(bu" 4
1883
1913
  \fIDefault\fR: false
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-AGENT" "8" "November 2019" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-AGENT" "8" "January 2020" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-agent\fR \- The puppet agent daemon
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-APPLY" "8" "November 2019" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-APPLY" "8" "January 2020" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-apply\fR \- Apply Puppet manifests locally
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-CATALOG" "8" "November 2019" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-CATALOG" "8" "January 2020" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-catalog\fR \- Compile, save, view, and convert catalogs\.
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-CONFIG" "8" "November 2019" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-CONFIG" "8" "January 2020" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-config\fR \- Interact with Puppet\'s settings\.
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-DESCRIBE" "8" "November 2019" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-DESCRIBE" "8" "January 2020" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-describe\fR \- Display help about resource types
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-DEVICE" "8" "November 2019" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-DEVICE" "8" "January 2020" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-device\fR \- Manage remote network devices
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-DOC" "8" "November 2019" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-DOC" "8" "January 2020" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-doc\fR \- Generate Puppet references
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-EPP" "8" "November 2019" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-EPP" "8" "January 2020" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-epp\fR \- Interact directly with the EPP template parser/renderer\.
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-FACTS" "8" "November 2019" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-FACTS" "8" "January 2020" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-facts\fR \- Retrieve and store facts\.
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-FILEBUCKET" "8" "November 2019" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-FILEBUCKET" "8" "January 2020" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-filebucket\fR \- Store and retrieve files in a filebucket
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-GENERATE" "8" "November 2019" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-GENERATE" "8" "January 2020" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-generate\fR \- Generates Puppet code from Ruby definitions\.
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-HELP" "8" "November 2019" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-HELP" "8" "January 2020" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-help\fR \- Display Puppet help\.
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-KEY" "8" "November 2019" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-KEY" "8" "January 2020" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-key\fR \- Create, save, and remove certificate keys\.
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "LOOKUP" "8" "November 2019" "Puppet, Inc." "Puppet manual"
4
+ .TH "LOOKUP" "8" "January 2020" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBlookup\fR \- Interactive Hiera lookup
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-MAN" "8" "November 2019" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-MAN" "8" "January 2020" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-man\fR \- Display Puppet manual pages\.
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-MODULE" "8" "November 2019" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-MODULE" "8" "January 2020" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-module\fR \- Creates, installs and searches for modules on the Puppet Forge\.
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-NODE" "8" "November 2019" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-NODE" "8" "January 2020" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-node\fR \- View and manage node definitions\.
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-PARSER" "8" "November 2019" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-PARSER" "8" "January 2020" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-parser\fR \- Interact directly with the parser\.
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-PLUGIN" "8" "November 2019" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-PLUGIN" "8" "January 2020" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-plugin\fR \- Interact with the Puppet plugin system\.
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-REPORT" "8" "November 2019" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-REPORT" "8" "January 2020" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-report\fR \- Create, display, and submit reports\.
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-RESOURCE" "8" "November 2019" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-RESOURCE" "8" "January 2020" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-resource\fR \- The resource abstraction layer shell
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-SCRIPT" "8" "November 2019" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-SCRIPT" "8" "January 2020" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-script\fR \- Run a puppet manifests as a script without compiling a catalog
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-SSL" "8" "November 2019" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-SSL" "8" "January 2020" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-ssl\fR \- Manage SSL keys and certificates for puppet SSL clients
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-STATUS" "8" "November 2019" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-STATUS" "8" "January 2020" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-status\fR \- View puppet server status\.
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET" "8" "November 2019" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET" "8" "January 2020" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\fR
@@ -25,4 +25,4 @@ Specialized:
25
25
  catalog Compile, save, view, and convert catalogs\. describe Display help about resource types device Manage remote network devices doc Generate Puppet references epp Interact directly with the EPP template parser/renderer\. facts Retrieve and store facts\. filebucket Store and retrieve files in a filebucket generate Generates Puppet code from Ruby definitions\. node View and manage node definitions\. parser Interact directly with the parser\. plugin Interact with the Puppet plugin system\. script Run a puppet manifests as a script without compiling a catalog ssl Manage SSL keys and certificates for puppet SSL clients
26
26
  .
27
27
  .P
28
- See \'puppet help \fIsubcommand\fR \fIaction\fR\' for help on a specific subcommand action\. See \'puppet help \fIsubcommand\fR\' for help on a specific subcommand\. Puppet v6\.11\.0
28
+ See \'puppet help \fIsubcommand\fR \fIaction\fR\' for help on a specific subcommand action\. See \'puppet help \fIsubcommand\fR\' for help on a specific subcommand\. Puppet v6\.12\.0
@@ -0,0 +1,76 @@
1
+ {
2
+ "pagination": {
3
+ "limit": 1,
4
+ "offset": 0,
5
+ "first": "/v3/modules?limit=1&offset=0",
6
+ "previous": null,
7
+ "current": "/v3/modules?limit=1&offset=0",
8
+ "next": null,
9
+ "total": 1832
10
+ },
11
+ "results": [
12
+ {
13
+ "uri": "/v3/modules/puppetlabs-bacula",
14
+ "name": "bacula",
15
+ "downloads": 640274,
16
+ "created_at": "2011-05-24 18:34:58 -0700",
17
+ "updated_at": "2013-12-03 15:24:20 -0800",
18
+ "owner": {
19
+ "uri": "/v3/users/puppetlabs",
20
+ "username": "puppetlabs",
21
+ "gravatar_id": "fdd009b7c1ec96e088b389f773e87aec"
22
+ },
23
+ "current_release": {
24
+ "uri": "/v3/releases/puppetlabs-bacula-0.0.2",
25
+ "module": {
26
+ "uri": "/v3/modules/puppetlabs-bacula",
27
+ "name": "bacula",
28
+ "owner": {
29
+ "uri": "/v3/users/puppetlabs",
30
+ "username": "puppetlabs",
31
+ "gravatar_id": "fdd009b7c1ec96e088b389f773e87aec"
32
+ }
33
+ },
34
+ "version": "0.0.2",
35
+ "metadata": {
36
+ "types": [],
37
+ "license": "Apache 2.0",
38
+ "checksums": { },
39
+ "version": "0.0.2",
40
+ "source": "git://github.com/puppetlabs/puppetlabs-bacula.git",
41
+ "project_page": "https://github.com/puppetlabs/puppetlabs-bacula",
42
+ "summary": "bacula",
43
+ "dependencies": [ ],
44
+ "author": "puppetlabs",
45
+ "name": "puppetlabs-bacula"
46
+ },
47
+ "tags": [
48
+ "backup",
49
+ "bacula"
50
+ ],
51
+ "file_uri": "/v3/files/puppetlabs-bacula-0.0.2.tar.gz",
52
+ "file_size": 67586,
53
+ "file_md5": "bbf919d7ee9d278d2facf39c25578bf8",
54
+ "downloads": 565041,
55
+ "readme": "",
56
+ "changelog": "",
57
+ "license": "",
58
+ "created_at": "2013-05-13 08:31:19 -0700",
59
+ "updated_at": "2013-05-13 08:31:19 -0700",
60
+ "deleted_at": null
61
+ },
62
+ "releases": [
63
+ {
64
+ "uri": "/v3/releases/puppetlabs-bacula-0.0.2",
65
+ "version": "0.0.2"
66
+ },
67
+ {
68
+ "uri": "/v3/releases/puppetlabs-bacula-0.0.1",
69
+ "version": "0.0.1"
70
+ }
71
+ ],
72
+ "homepage_url": "https://github.com/puppetlabs/puppetlabs-bacula",
73
+ "issues_url": "https://projects.puppetlabs.com/projects/bacula/issues"
74
+ }
75
+ ]
76
+ }
@@ -0,0 +1,144 @@
1
+ require 'spec_helper'
2
+ require 'puppet_spec/https'
3
+ require 'puppet_spec/files'
4
+
5
+ describe Puppet::HTTP::Client, unless: Puppet::Util::Platform.jruby? do
6
+ include PuppetSpec::Files
7
+
8
+ before :all do
9
+ WebMock.disable!
10
+ end
11
+
12
+ after :all do
13
+ WebMock.enable!
14
+ end
15
+
16
+ before :each do
17
+ # make sure we don't take too long
18
+ Puppet[:http_connect_timeout] = '5s'
19
+ end
20
+
21
+ let(:hostname) { '127.0.0.1' }
22
+ let(:wrong_hostname) { 'localhost' }
23
+ let(:server) { PuppetSpec::HTTPSServer.new }
24
+ let(:client) { Puppet::HTTP::Client.new }
25
+ let(:ssl_provider) { Puppet::SSL::SSLProvider.new }
26
+ let(:root_context) { ssl_provider.create_root_context(cacerts: [server.ca_cert], crls: [server.ca_crl]) }
27
+
28
+ context "when verifying an HTTPS server" do
29
+ it "connects over SSL" do
30
+ server.start_server do |port|
31
+ res = client.get(URI("https://127.0.0.1:#{port}"), ssl_context: root_context)
32
+ expect(res).to be_success
33
+ end
34
+ end
35
+
36
+ it "raises connection error if we can't connect" do
37
+ Puppet[:http_connect_timeout] = '0s'
38
+
39
+ # get available port, but don't bind to it
40
+ tcps = TCPServer.new("127.0.0.1", 0)
41
+ port = tcps.connect_address.ip_port
42
+
43
+ expect {
44
+ client.get(URI("https://127.0.0.1:#{port}"), ssl_context: root_context)
45
+ }.to raise_error(Puppet::HTTP::ConnectionError, %r{^Request to https://127.0.0.1:#{port} timed out connect operation after .* seconds})
46
+ end
47
+
48
+ it "raises if the server's cert doesn't match the hostname we connected to" do
49
+ server.start_server do |port|
50
+ expect {
51
+ client.get(URI("https://#{wrong_hostname}:#{port}"), ssl_context: root_context)
52
+ }.to raise_error { |err|
53
+ expect(err).to be_instance_of(Puppet::SSL::CertMismatchError)
54
+ expect(err.message).to match(/Server hostname '#{wrong_hostname}' did not match server certificate; expected one of (.+)/)
55
+
56
+ md = err.message.match(/expected one of (.+)/)
57
+ expect(md[1].split(', ')).to contain_exactly('127.0.0.1', 'DNS:127.0.0.1', 'DNS:127.0.0.2')
58
+ }
59
+ end
60
+ end
61
+
62
+ it "raises if the server's CA is unknown" do
63
+ wrong_ca = cert_fixture('netlock-arany-utf8.pem')
64
+ alt_context = ssl_provider.create_root_context(cacerts: [wrong_ca], revocation: false)
65
+
66
+ server.start_server do |port|
67
+ expect {
68
+ client.get(URI("https://127.0.0.1:#{port}"), ssl_context: alt_context)
69
+ }.to raise_error(Puppet::SSL::CertVerifyError,
70
+ %r{certificate verify failed.* .self signed certificate in certificate chain for CN=Test CA.})
71
+ end
72
+ end
73
+
74
+ it "prints TLS protocol and ciphersuite in debug" do
75
+ Puppet[:log_level] = 'debug'
76
+ server.start_server do |port|
77
+ client.get(URI("https://127.0.0.1:#{port}"), ssl_context: root_context)
78
+ # TLS version string can be TLSv1 or TLSv1.[1-3], but not TLSv1.0
79
+ expect(@logs).to include(
80
+ an_object_having_attributes(level: :debug, message: /Using TLSv1(\.[1-3])? with cipher .*/),
81
+ )
82
+ end
83
+ end
84
+ end
85
+
86
+ context "with client certs" do
87
+ let(:ctx_proc) {
88
+ -> ctx {
89
+ # configures the server to require the client to present a client cert
90
+ ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER | OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT
91
+ }
92
+ }
93
+
94
+ it "mutually authenticates the connection" do
95
+ client_context = ssl_provider.create_context(
96
+ cacerts: [server.ca_cert], crls: [server.ca_crl],
97
+ client_cert: server.server_cert, private_key: server.server_key
98
+ )
99
+
100
+ server.start_server(ctx_proc: ctx_proc) do |port|
101
+ res = client.get(URI("https://127.0.0.1:#{port}"), ssl_context: client_context)
102
+ expect(res).to be_success
103
+ end
104
+ end
105
+ end
106
+
107
+ context "with a system trust store" do
108
+ it "connects when the client trusts the server's CA" do
109
+ system_context = ssl_provider.create_system_context(cacerts: [server.ca_cert])
110
+
111
+ server.start_server do |port|
112
+ res = client.get(URI("https://127.0.0.1:#{port}"), ssl_context: system_context)
113
+ expect(res).to be_success
114
+ end
115
+ end
116
+
117
+ it "connects when the server's CA is in the system store" do
118
+ # create a temp cacert bundle
119
+ ssl_file = tmpfile('systemstore')
120
+ File.write(ssl_file, server.ca_cert)
121
+
122
+ # override path to system cacert bundle, this must be done before
123
+ # the SSLContext is created and the call to X509::Store.set_default_paths
124
+ Puppet::Util.withenv("SSL_CERT_FILE" => ssl_file) do
125
+ system_context = ssl_provider.create_system_context(cacerts: [])
126
+ server.start_server do |port|
127
+ res = client.get(URI("https://127.0.0.1:#{port}"), ssl_context: system_context)
128
+ expect(res).to be_success
129
+ end
130
+ end
131
+ end
132
+
133
+ it "raises if the server's CA is not in the context or system store" do
134
+ system_context = ssl_provider.create_system_context(cacerts: [cert_fixture('netlock-arany-utf8.pem')])
135
+
136
+ server.start_server do |port|
137
+ expect {
138
+ client.get(URI("https://127.0.0.1:#{port}"), ssl_context: system_context)
139
+ }.to raise_error(Puppet::SSL::CertVerifyError,
140
+ %r{certificate verify failed.* .self signed certificate in certificate chain for CN=Test CA.})
141
+ end
142
+ end
143
+ end
144
+ end