puppet 6.11.1 → 6.16.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CODEOWNERS +3 -8
- data/CONTRIBUTING.md +7 -13
- data/Gemfile +1 -0
- data/Gemfile.lock +39 -36
- data/README.md +17 -24
- data/ext/build_defaults.yaml +1 -0
- data/ext/project_data.yaml +1 -1
- data/ext/windows/service/daemon.rb +25 -20
- data/lib/puppet.rb +52 -13
- data/lib/puppet/agent.rb +20 -14
- data/lib/puppet/application/agent.rb +12 -14
- data/lib/puppet/application/describe.rb +7 -5
- data/lib/puppet/application/device.rb +2 -2
- data/lib/puppet/application/filebucket.rb +19 -15
- data/lib/puppet/application/plugin.rb +1 -0
- data/lib/puppet/application/resource.rb +1 -1
- data/lib/puppet/application/ssl.rb +4 -4
- data/lib/puppet/concurrent.rb +2 -0
- data/lib/puppet/concurrent/lock.rb +16 -0
- data/lib/puppet/concurrent/synchronized.rb +15 -0
- data/lib/puppet/concurrent/thread_local_singleton.rb +14 -0
- data/lib/puppet/configurer.rb +85 -83
- data/lib/puppet/configurer/plugin_handler.rb +10 -1
- data/lib/puppet/context/trusted_information.rb +14 -8
- data/lib/puppet/daemon.rb +13 -27
- data/lib/puppet/defaults.rb +158 -40
- data/lib/puppet/environments.rb +30 -20
- data/lib/puppet/error.rb +9 -1
- data/lib/puppet/face/facts.rb +8 -5
- data/lib/puppet/face/help.rb +29 -3
- data/lib/puppet/face/module/search.rb +5 -0
- data/lib/puppet/face/plugin.rb +2 -2
- data/lib/puppet/file_serving/http_metadata.rb +1 -1
- data/lib/puppet/file_system/file_impl.rb +13 -9
- data/lib/puppet/file_system/memory_file.rb +6 -0
- data/lib/puppet/file_system/memory_impl.rb +13 -0
- data/lib/puppet/file_system/uniquefile.rb +4 -0
- data/lib/puppet/file_system/windows.rb +7 -10
- data/lib/puppet/forge.rb +3 -3
- data/lib/puppet/forge/errors.rb +2 -2
- data/lib/puppet/forge/repository.rb +31 -86
- data/lib/puppet/functions/call.rb +1 -1
- data/lib/puppet/functions/camelcase.rb +2 -2
- data/lib/puppet/functions/epp.rb +4 -4
- data/lib/puppet/functions/eyaml_lookup_key.rb +13 -8
- data/lib/puppet/functions/filter.rb +1 -0
- data/lib/puppet/functions/find_file.rb +9 -9
- data/lib/puppet/functions/find_template.rb +63 -0
- data/lib/puppet/functions/inline_epp.rb +5 -5
- data/lib/puppet/functions/reduce.rb +2 -4
- data/lib/puppet/http.rb +7 -0
- data/lib/puppet/http/client.rb +341 -54
- data/lib/puppet/http/errors.rb +2 -0
- data/lib/puppet/http/external_client.rb +90 -0
- data/lib/puppet/http/redirector.rb +34 -0
- data/lib/puppet/http/resolver.rb +57 -1
- data/lib/puppet/http/resolver/server_list.rb +98 -0
- data/lib/puppet/http/resolver/settings.rb +23 -2
- data/lib/puppet/http/resolver/srv.rb +36 -4
- data/lib/puppet/http/response.rb +68 -1
- data/lib/puppet/http/retry_after_handler.rb +39 -0
- data/lib/puppet/http/service.rb +179 -3
- data/lib/puppet/http/service/ca.rb +84 -21
- data/lib/puppet/http/service/compiler.rb +319 -0
- data/lib/puppet/http/service/file_server.rb +206 -0
- data/lib/puppet/http/service/report.rb +66 -0
- data/lib/puppet/http/session.rb +106 -31
- data/lib/puppet/indirector/catalog/compiler.rb +10 -0
- data/lib/puppet/indirector/catalog/rest.rb +34 -0
- data/lib/puppet/indirector/facts/rest.rb +42 -0
- data/lib/puppet/indirector/file_bucket_file/file.rb +1 -1
- data/lib/puppet/indirector/file_bucket_file/rest.rb +48 -0
- data/lib/puppet/indirector/file_content/http.rb +5 -0
- data/lib/puppet/indirector/file_content/rest.rb +30 -0
- data/lib/puppet/indirector/file_metadata/http.rb +4 -4
- data/lib/puppet/indirector/file_metadata/rest.rb +52 -0
- data/lib/puppet/indirector/json.rb +1 -1
- data/lib/puppet/indirector/msgpack.rb +1 -1
- data/lib/puppet/indirector/node/rest.rb +24 -0
- data/lib/puppet/indirector/report/rest.rb +19 -0
- data/lib/puppet/indirector/report/yaml.rb +23 -0
- data/lib/puppet/indirector/rest.rb +12 -0
- data/lib/puppet/indirector/status/rest.rb +18 -0
- data/lib/puppet/loaders.rb +6 -0
- data/lib/puppet/metatype/manager.rb +80 -80
- data/lib/puppet/network/http/base_pool.rb +19 -1
- data/lib/puppet/network/http/compression.rb +7 -0
- data/lib/puppet/network/http/connection.rb +6 -0
- data/lib/puppet/network/http/connection_adapter.rb +182 -0
- data/lib/puppet/network/http/nocache_pool.rb +2 -0
- data/lib/puppet/network/http/pool.rb +13 -6
- data/lib/puppet/network/http_pool.rb +2 -1
- data/lib/puppet/node/environment.rb +24 -8
- data/lib/puppet/pal/catalog_compiler.rb +5 -0
- data/lib/puppet/pal/pal_impl.rb +9 -29
- data/lib/puppet/parser/ast/pops_bridge.rb +6 -11
- data/lib/puppet/parser/compiler.rb +42 -32
- data/lib/puppet/parser/functions.rb +18 -13
- data/lib/puppet/parser/functions/epp.rb +3 -3
- data/lib/puppet/parser/functions/filter.rb +1 -0
- data/lib/puppet/parser/functions/inline_epp.rb +5 -5
- data/lib/puppet/pops/evaluator/access_operator.rb +2 -2
- data/lib/puppet/pops/evaluator/evaluator_impl.rb +1 -1
- data/lib/puppet/pops/evaluator/runtime3_support.rb +1 -1
- data/lib/puppet/pops/loader/puppet_plan_instantiator.rb +12 -3
- data/lib/puppet/pops/loaders.rb +7 -5
- data/lib/puppet/pops/lookup/invocation.rb +10 -3
- data/lib/puppet/pops/model/pn_transformer.rb +5 -9
- data/lib/puppet/pops/parser/evaluating_parser.rb +8 -11
- data/lib/puppet/pops/serialization/json_path.rb +3 -3
- data/lib/puppet/pops/time/timespan.rb +3 -5
- data/lib/puppet/pops/types/p_object_type_extension.rb +10 -0
- data/lib/puppet/pops/types/string_converter.rb +6 -9
- data/lib/puppet/pops/types/type_calculator.rb +30 -10
- data/lib/puppet/pops/types/type_formatter.rb +9 -11
- data/lib/puppet/pops/types/type_parser.rb +3 -3
- data/lib/puppet/pops/validation/checker4_0.rb +1 -1
- data/lib/puppet/pops/validation/tasks_checker.rb +5 -1
- data/lib/puppet/provider/aix_object.rb +4 -2
- data/lib/puppet/provider/group/aix.rb +1 -0
- data/lib/puppet/provider/group/groupadd.rb +57 -24
- data/lib/puppet/provider/group/windows_adsi.rb +3 -3
- data/lib/puppet/provider/package/aix.rb +17 -2
- data/lib/puppet/provider/package/apt.rb +78 -4
- data/lib/puppet/provider/package/dnfmodule.rb +69 -15
- data/lib/puppet/provider/package/dpkg.rb +14 -7
- data/lib/puppet/provider/package/fink.rb +20 -3
- data/lib/puppet/provider/package/gem.rb +41 -7
- data/lib/puppet/provider/package/openbsd.rb +13 -1
- data/lib/puppet/provider/package/pacman.rb +2 -5
- data/lib/puppet/provider/package/pip.rb +143 -48
- data/lib/puppet/provider/package/pip3.rb +0 -2
- data/lib/puppet/provider/package/pkg.rb +18 -5
- data/lib/puppet/provider/package/pkgdmg.rb +1 -1
- data/lib/puppet/provider/package/pkgng.rb +16 -4
- data/lib/puppet/provider/package/portage.rb +5 -5
- data/lib/puppet/provider/package/puppet_gem.rb +6 -2
- data/lib/puppet/provider/package/rpm.rb +6 -213
- data/lib/puppet/provider/package/yum.rb +108 -24
- data/lib/puppet/provider/package/zypper.rb +59 -1
- data/lib/puppet/provider/package_targetable.rb +5 -4
- data/lib/puppet/provider/service/systemd.rb +23 -5
- data/lib/puppet/provider/user/aix.rb +1 -0
- data/lib/puppet/provider/user/directoryservice.rb +30 -5
- data/lib/puppet/provider/user/hpux.rb +1 -1
- data/lib/puppet/provider/user/useradd.rb +11 -8
- data/lib/puppet/reports/http.rb +13 -9
- data/lib/puppet/reports/store.rb +1 -1
- data/lib/puppet/resource/type_collection.rb +20 -16
- data/lib/puppet/runtime.rb +32 -1
- data/lib/puppet/settings.rb +4 -0
- data/lib/puppet/settings/http_extra_headers_setting.rb +25 -0
- data/lib/puppet/ssl.rb +1 -0
- data/lib/puppet/ssl/certificate.rb +2 -1
- data/lib/puppet/ssl/host.rb +4 -4
- data/lib/puppet/ssl/oids.rb +1 -0
- data/lib/puppet/ssl/ssl_provider.rb +20 -0
- data/lib/puppet/ssl/state_machine.rb +81 -35
- data/lib/puppet/ssl/verifier_adapter.rb +9 -1
- data/lib/puppet/test/test_helper.rb +7 -1
- data/lib/puppet/transaction.rb +33 -11
- data/lib/puppet/transaction/report.rb +2 -2
- data/lib/puppet/transaction/resource_harness.rb +1 -1
- data/lib/puppet/type.rb +7 -2
- data/lib/puppet/type/file.rb +13 -0
- data/lib/puppet/type/file/data_sync.rb +5 -1
- data/lib/puppet/type/file/source.rb +49 -58
- data/lib/puppet/type/group.rb +5 -4
- data/lib/puppet/type/package.rb +102 -10
- data/lib/puppet/type/service.rb +6 -8
- data/lib/puppet/type/user.rb +6 -30
- data/lib/puppet/util.rb +34 -11
- data/lib/puppet/util/at_fork.rb +1 -1
- data/lib/puppet/util/autoload.rb +4 -18
- data/lib/puppet/util/instance_loader.rb +14 -10
- data/lib/puppet/util/log/destinations.rb +2 -11
- data/lib/puppet/util/logging.rb +30 -18
- data/lib/puppet/util/package/version/debian.rb +175 -0
- data/lib/puppet/util/package/version/gem.rb +15 -0
- data/lib/puppet/util/package/version/pip.rb +167 -0
- data/lib/puppet/util/package/version/range.rb +53 -0
- data/lib/puppet/util/package/version/range/eq.rb +14 -0
- data/lib/puppet/util/package/version/range/gt.rb +14 -0
- data/lib/puppet/util/package/version/range/gt_eq.rb +14 -0
- data/lib/puppet/util/package/version/range/lt.rb +14 -0
- data/lib/puppet/util/package/version/range/lt_eq.rb +14 -0
- data/lib/puppet/util/package/version/range/min_max.rb +21 -0
- data/lib/puppet/util/package/version/range/simple.rb +11 -0
- data/lib/puppet/util/package/version/rpm.rb +73 -0
- data/lib/puppet/util/pidlock.rb +36 -10
- data/lib/puppet/util/platform.rb +5 -0
- data/lib/puppet/util/plist.rb +6 -0
- data/lib/puppet/util/rpm_compare.rb +193 -0
- data/lib/puppet/util/storage.rb +0 -1
- data/lib/puppet/util/windows/adsi.rb +50 -20
- data/lib/puppet/util/windows/process.rb +15 -14
- data/lib/puppet/util/windows/security.rb +1 -0
- data/lib/puppet/util/windows/sid.rb +3 -3
- data/lib/puppet/util/yaml.rb +1 -1
- data/lib/puppet/version.rb +1 -1
- data/lib/puppet/x509/cert_provider.rb +9 -5
- data/locales/puppet.pot +640 -521
- data/man/man5/puppet.conf.5 +88 -9
- data/man/man8/puppet-agent.8 +6 -6
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +2 -2
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +1 -1
- data/man/man8/puppet-filebucket.8 +17 -2
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +6 -3
- data/man/man8/puppet-key.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-man.8 +1 -1
- data/man/man8/puppet-module.8 +4 -1
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +2 -2
- data/man/man8/puppet-status.8 +1 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +67 -0
- data/spec/fixtures/ssl/unknown-127.0.0.1.pem +48 -0
- data/spec/fixtures/ssl/unknown-ca-key.pem +67 -0
- data/spec/fixtures/ssl/unknown-ca.pem +59 -0
- data/spec/fixtures/unit/forge/bacula.json +76 -0
- data/spec/fixtures/unit/provider/package/dnfmodule/{dnf-module-list-installed.txt → dnf-module-list.txt} +8 -0
- data/spec/fixtures/unit/provider/package/pkgng/pkg.version +2 -0
- data/spec/fixtures/unit/provider/package/yum/yum-check-update-subscription-manager.txt +9 -0
- data/spec/fixtures/unit/provider/package/zypper/zypper-search-uninstalled.out +13 -0
- data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services +9 -0
- data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_md5/should_fetch_if_not_on_the_local_disk.yml +1 -102
- data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_md5/should_not_update_if_content_on_disk_is_up-to-date.yml +1 -106
- data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_md5/should_update_if_content_differs_on_disk.yml +1 -106
- data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_mtime/should_fetch_if_mtime_is_older_on_disk.yml +1 -102
- data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_mtime/should_fetch_if_no_header_specified.yml +1 -98
- data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_mtime/should_fetch_if_not_on_the_local_disk.yml +1 -102
- data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_mtime/should_not_update_if_mtime_is_newer_on_disk.yml +1 -102
- data/spec/integration/application/agent_spec.rb +394 -0
- data/spec/integration/application/apply_spec.rb +132 -3
- data/spec/integration/application/filebucket_spec.rb +190 -0
- data/spec/integration/application/plugin_spec.rb +73 -0
- data/spec/integration/configurer_spec.rb +26 -7
- data/spec/integration/http/client_spec.rb +154 -0
- data/spec/integration/indirector/facts/facter_spec.rb +4 -0
- data/spec/integration/indirector/report/yaml.rb +83 -0
- data/spec/integration/module_tool/forge_spec.rb +51 -0
- data/spec/integration/network/http_pool_spec.rb +76 -20
- data/spec/integration/node/environment_spec.rb +15 -0
- data/spec/integration/util/windows/adsi_spec.rb +6 -1
- data/spec/lib/puppet/test_ca.rb +2 -2
- data/spec/lib/puppet_spec/https.rb +20 -9
- data/spec/lib/puppet_spec/puppetserver.rb +119 -0
- data/spec/shared_contexts/https.rb +29 -0
- data/spec/spec_helper.rb +6 -2
- data/spec/unit/agent_spec.rb +80 -26
- data/spec/unit/application/agent_spec.rb +9 -5
- data/spec/unit/application/apply_spec.rb +2 -12
- data/spec/unit/application/describe_spec.rb +88 -50
- data/spec/unit/application/device_spec.rb +2 -2
- data/spec/unit/application/filebucket_spec.rb +22 -2
- data/spec/unit/application/resource_spec.rb +2 -2
- data/spec/unit/concurrent/lock_spec.rb +29 -0
- data/spec/unit/configurer/fact_handler_spec.rb +0 -4
- data/spec/unit/configurer/plugin_handler_spec.rb +36 -19
- data/spec/unit/configurer_spec.rb +400 -406
- data/spec/unit/context/trusted_information_spec.rb +17 -0
- data/spec/unit/daemon_spec.rb +5 -64
- data/spec/unit/defaults_spec.rb +38 -4
- data/spec/unit/environments_spec.rb +65 -28
- data/spec/unit/face/facts_spec.rb +24 -20
- data/spec/unit/face/module/search_spec.rb +17 -0
- data/spec/unit/face/plugin_spec.rb +12 -10
- data/spec/unit/file_system/uniquefile_spec.rb +11 -0
- data/spec/unit/file_system_spec.rb +26 -2
- data/spec/unit/forge/errors_spec.rb +1 -1
- data/spec/unit/forge/forge_spec.rb +12 -54
- data/spec/unit/forge/module_release_spec.rb +19 -6
- data/spec/unit/forge/repository_spec.rb +63 -157
- data/spec/unit/forge_spec.rb +46 -116
- data/spec/unit/functions/find_template_spec.rb +69 -0
- data/spec/unit/functions/lookup_spec.rb +13 -0
- data/spec/unit/http/client_spec.rb +395 -27
- data/spec/unit/http/external_client_spec.rb +201 -0
- data/spec/unit/http/resolver_spec.rb +81 -12
- data/spec/unit/http/response_spec.rb +69 -0
- data/spec/unit/http/service/ca_spec.rb +100 -7
- data/spec/unit/http/service/compiler_spec.rb +627 -0
- data/spec/unit/http/service/file_server_spec.rb +308 -0
- data/spec/unit/http/service/report_spec.rb +118 -0
- data/spec/unit/http/service_spec.rb +117 -4
- data/spec/unit/http/session_spec.rb +237 -19
- data/spec/unit/indirector/catalog/compiler_spec.rb +47 -29
- data/spec/unit/indirector/catalog/rest_spec.rb +59 -2
- data/spec/unit/indirector/facts/rest_spec.rb +79 -24
- data/spec/unit/indirector/file_bucket_file/rest_spec.rb +82 -2
- data/spec/unit/indirector/file_content/rest_spec.rb +53 -2
- data/spec/unit/indirector/file_metadata/http_spec.rb +167 -0
- data/spec/unit/indirector/file_metadata/rest_spec.rb +110 -2
- data/spec/unit/indirector/node/rest_spec.rb +57 -2
- data/spec/unit/indirector/report/rest_spec.rb +58 -51
- data/spec/unit/indirector/resource/ral_spec.rb +7 -8
- data/spec/unit/indirector/rest_spec.rb +13 -0
- data/spec/unit/indirector/status/rest_spec.rb +43 -2
- data/spec/unit/network/http/connection_spec.rb +549 -176
- data/spec/unit/network/http/nocache_pool_spec.rb +25 -3
- data/spec/unit/network/http/pool_spec.rb +89 -11
- data/spec/unit/network/http_pool_spec.rb +63 -57
- data/spec/unit/network/http_spec.rb +1 -1
- data/spec/unit/node/environment_spec.rb +16 -0
- data/spec/unit/node/facts_spec.rb +2 -1
- data/spec/unit/node_spec.rb +7 -4
- data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +8 -3
- data/spec/unit/pops/serialization/to_from_hr_spec.rb +6 -1
- data/spec/unit/pops/validator/validator_spec.rb +7 -2
- data/spec/unit/provider/aix_object_spec.rb +16 -2
- data/spec/unit/provider/group/groupadd_spec.rb +181 -56
- data/spec/unit/provider/group/windows_adsi_spec.rb +43 -10
- data/spec/unit/provider/package/aix_spec.rb +29 -0
- data/spec/unit/provider/package/apt_spec.rb +43 -2
- data/spec/unit/provider/package/aptitude_spec.rb +1 -0
- data/spec/unit/provider/package/dnfmodule_spec.rb +76 -15
- data/spec/unit/provider/package/dpkg_spec.rb +28 -6
- data/spec/unit/provider/package/gem_spec.rb +40 -0
- data/spec/unit/provider/package/openbsd_spec.rb +17 -0
- data/spec/unit/provider/package/pacman_spec.rb +6 -21
- data/spec/unit/provider/package/pip_spec.rb +68 -19
- data/spec/unit/provider/package/pkg_spec.rb +15 -1
- data/spec/unit/provider/package/pkgdmg_spec.rb +1 -1
- data/spec/unit/provider/package/pkgng_spec.rb +38 -0
- data/spec/unit/provider/package/portage_spec.rb +9 -4
- data/spec/unit/provider/package/puppet_gem_spec.rb +8 -0
- data/spec/unit/provider/package/rpm_spec.rb +0 -212
- data/spec/unit/provider/package/yum_spec.rb +292 -0
- data/spec/unit/provider/package/zypper_spec.rb +84 -0
- data/spec/unit/provider/package_targetable_spec.rb +60 -0
- data/spec/unit/provider/service/init_spec.rb +1 -0
- data/spec/unit/provider/service/openbsd_spec.rb +9 -0
- data/spec/unit/provider/service/openwrt_spec.rb +1 -0
- data/spec/unit/provider/service/redhat_spec.rb +9 -0
- data/spec/unit/provider/service/systemd_spec.rb +92 -12
- data/spec/unit/provider/user/directoryservice_spec.rb +41 -0
- data/spec/unit/provider/user/hpux_spec.rb +2 -2
- data/spec/unit/provider/user/useradd_spec.rb +21 -8
- data/spec/unit/provider/user/windows_adsi_spec.rb +3 -3
- data/spec/unit/puppet_pal_2pec.rb +0 -26
- data/spec/unit/puppet_pal_catalog_spec.rb +46 -0
- data/spec/unit/puppet_spec.rb +47 -0
- data/spec/unit/reports/http_spec.rb +70 -52
- data/spec/unit/settings/autosign_setting_spec.rb +1 -1
- data/spec/unit/settings/http_extra_headers_spec.rb +64 -0
- data/spec/unit/ssl/certificate_spec.rb +7 -0
- data/spec/unit/ssl/host_spec.rb +4 -2
- data/spec/unit/ssl/oids_spec.rb +1 -0
- data/spec/unit/ssl/ssl_provider_spec.rb +71 -0
- data/spec/unit/ssl/state_machine_spec.rb +99 -13
- data/spec/unit/transaction/persistence_spec.rb +1 -10
- data/spec/unit/transaction/report_spec.rb +4 -0
- data/spec/unit/transaction_spec.rb +45 -1
- data/spec/unit/type/file/content_spec.rb +9 -3
- data/spec/unit/type/file/ensure_spec.rb +1 -2
- data/spec/unit/type/file/source_spec.rb +86 -35
- data/spec/unit/type/package_spec.rb +8 -0
- data/spec/unit/type/service_spec.rb +9 -8
- data/spec/unit/type/user_spec.rb +1 -2
- data/spec/unit/util/at_fork_spec.rb +3 -2
- data/spec/unit/util/autoload_spec.rb +2 -1
- data/spec/unit/util/log/destinations_spec.rb +1 -29
- data/spec/unit/util/log_spec.rb +0 -138
- data/spec/unit/util/logging_spec.rb +200 -0
- data/spec/unit/util/package/version/debian_spec.rb +83 -0
- data/spec/unit/util/package/version/pip_spec.rb +464 -0
- data/spec/unit/util/package/version/range_spec.rb +175 -0
- data/spec/unit/util/package/version/rpm_spec.rb +121 -0
- data/spec/unit/util/pidlock_spec.rb +112 -42
- data/spec/unit/util/plist_spec.rb +20 -0
- data/spec/unit/util/rpm_compare_spec.rb +196 -0
- data/spec/unit/util/storage_spec.rb +1 -8
- data/spec/unit/util/windows/adsi_spec.rb +55 -4
- data/spec/unit/util/windows/sid_spec.rb +2 -2
- data/spec/unit/x509/cert_provider_spec.rb +24 -4
- data/tasks/generate_cert_fixtures.rake +15 -1
- data/tasks/manpages.rake +6 -35
- metadata +92 -12
- data/COMMITTERS.md +0 -244
- data/spec/integration/faces/plugin_spec.rb +0 -61
- data/spec/lib/puppet_spec/validators.rb +0 -37
data/lib/puppet/util/platform.rb
CHANGED
data/lib/puppet/util/plist.rb
CHANGED
@@ -56,6 +56,12 @@ module Puppet::Util::Plist
|
|
56
56
|
# Read plist text using the CFPropertyList gem.
|
57
57
|
def parse_plist(plist_data, file_path = '')
|
58
58
|
bad_xml_doctype = /^.*<!DOCTYPE plist PUBLIC -\/\/Apple Computer.*$/
|
59
|
+
# Depending on where parse_plist is called from, plist_data can be either XML or binary.
|
60
|
+
# If we get XML, make sure ruby knows it's UTF-8 so we avoid invalid byte sequence errors.
|
61
|
+
if plist_data.include?('encoding="UTF-8"') && plist_data.encoding != Encoding::UTF_8
|
62
|
+
plist_data.force_encoding(Encoding::UTF_8)
|
63
|
+
end
|
64
|
+
|
59
65
|
begin
|
60
66
|
if plist_data =~ bad_xml_doctype
|
61
67
|
plist_data.gsub!( bad_xml_doctype, plist_xml_doctype )
|
@@ -0,0 +1,193 @@
|
|
1
|
+
module Puppet::Util::RpmCompare
|
2
|
+
|
3
|
+
ARCH_LIST = %w(
|
4
|
+
noarch i386 i686 ppc ppc64 armv3l armv4b armv4l armv4tl armv5tel
|
5
|
+
armv5tejl armv6l armv7l m68kmint s390 s390x ia64 x86_64 sh3 sh4
|
6
|
+
).freeze
|
7
|
+
|
8
|
+
ARCH_REGEX = Regexp.new(ARCH_LIST.join('|\.'))
|
9
|
+
|
10
|
+
# This is an attempt at implementing RPM's
|
11
|
+
# lib/rpmvercmp.c rpmvercmp(a, b) in Ruby.
|
12
|
+
#
|
13
|
+
# Some of the things in here look REALLY
|
14
|
+
# UGLY and/or arbitrary. Our goal is to
|
15
|
+
# match how RPM compares versions, quirks
|
16
|
+
# and all.
|
17
|
+
#
|
18
|
+
# I've kept a lot of C-like string processing
|
19
|
+
# in an effort to keep this as identical to RPM
|
20
|
+
# as possible.
|
21
|
+
#
|
22
|
+
# returns 1 if str1 is newer than str2,
|
23
|
+
# 0 if they are identical
|
24
|
+
# -1 if str1 is older than str2
|
25
|
+
def rpmvercmp(str1, str2)
|
26
|
+
return 0 if str1 == str2
|
27
|
+
|
28
|
+
front_strip_re = /^[^A-Za-z0-9~]+/
|
29
|
+
|
30
|
+
while str1.length > 0 or str2.length > 0
|
31
|
+
# trim anything that's in front_strip_re and != '~' off the beginning of each string
|
32
|
+
str1 = str1.gsub(front_strip_re, '')
|
33
|
+
str2 = str2.gsub(front_strip_re, '')
|
34
|
+
|
35
|
+
# "handle the tilde separator, it sorts before everything else"
|
36
|
+
if str1 =~ /^~/ && str2 =~ /^~/
|
37
|
+
# if they both have ~, strip it
|
38
|
+
str1 = str1[1..-1]
|
39
|
+
str2 = str2[1..-1]
|
40
|
+
next
|
41
|
+
elsif str1 =~ /^~/
|
42
|
+
return -1
|
43
|
+
elsif str2 =~ /^~/
|
44
|
+
return 1
|
45
|
+
end
|
46
|
+
|
47
|
+
break if str1.length == 0 or str2.length == 0
|
48
|
+
|
49
|
+
# "grab first completely alpha or completely numeric segment"
|
50
|
+
isnum = false
|
51
|
+
# if the first char of str1 is a digit, grab the chunk of continuous digits from each string
|
52
|
+
if str1 =~ /^[0-9]+/
|
53
|
+
if str1 =~ /^[0-9]+/
|
54
|
+
segment1 = $~.to_s
|
55
|
+
str1 = $~.post_match
|
56
|
+
else
|
57
|
+
segment1 = ''
|
58
|
+
end
|
59
|
+
if str2 =~ /^[0-9]+/
|
60
|
+
segment2 = $~.to_s
|
61
|
+
str2 = $~.post_match
|
62
|
+
else
|
63
|
+
segment2 = ''
|
64
|
+
end
|
65
|
+
isnum = true
|
66
|
+
# else grab the chunk of continuous alphas from each string (which may be '')
|
67
|
+
else
|
68
|
+
if str1 =~ /^[A-Za-z]+/
|
69
|
+
segment1 = $~.to_s
|
70
|
+
str1 = $~.post_match
|
71
|
+
else
|
72
|
+
segment1 = ''
|
73
|
+
end
|
74
|
+
if str2 =~ /^[A-Za-z]+/
|
75
|
+
segment2 = $~.to_s
|
76
|
+
str2 = $~.post_match
|
77
|
+
else
|
78
|
+
segment2 = ''
|
79
|
+
end
|
80
|
+
end
|
81
|
+
|
82
|
+
# if the segments we just grabbed from the strings are different types (i.e. one numeric one alpha),
|
83
|
+
# where alpha also includes ''; "numeric segments are always newer than alpha segments"
|
84
|
+
if segment2.length == 0
|
85
|
+
return 1 if isnum
|
86
|
+
return -1
|
87
|
+
end
|
88
|
+
|
89
|
+
if isnum
|
90
|
+
# "throw away any leading zeros - it's a number, right?"
|
91
|
+
segment1 = segment1.gsub(/^0+/, '')
|
92
|
+
segment2 = segment2.gsub(/^0+/, '')
|
93
|
+
# "whichever number has more digits wins"
|
94
|
+
return 1 if segment1.length > segment2.length
|
95
|
+
return -1 if segment1.length < segment2.length
|
96
|
+
end
|
97
|
+
|
98
|
+
# "strcmp will return which one is greater - even if the two segments are alpha
|
99
|
+
# or if they are numeric. don't return if they are equal because there might
|
100
|
+
# be more segments to compare"
|
101
|
+
rc = segment1 <=> segment2
|
102
|
+
return rc if rc != 0
|
103
|
+
end #end while loop
|
104
|
+
|
105
|
+
# if we haven't returned anything yet, "whichever version still has characters left over wins"
|
106
|
+
return 1 if str1.length > str2.length
|
107
|
+
return -1 if str1.length < str2.length
|
108
|
+
0
|
109
|
+
end
|
110
|
+
|
111
|
+
# parse a rpm "version" specification
|
112
|
+
# this re-implements rpm's
|
113
|
+
# rpmUtils.miscutils.stringToVersion() in ruby
|
114
|
+
def rpm_parse_evr(full_version)
|
115
|
+
epoch_index = full_version.index(':')
|
116
|
+
if epoch_index
|
117
|
+
epoch = full_version[0,epoch_index]
|
118
|
+
full_version = full_version[epoch_index+1,full_version.length]
|
119
|
+
else
|
120
|
+
epoch = nil
|
121
|
+
end
|
122
|
+
begin
|
123
|
+
epoch = String(Integer(epoch))
|
124
|
+
rescue
|
125
|
+
# If there are non-digits in the epoch field, default to nil
|
126
|
+
epoch = nil
|
127
|
+
end
|
128
|
+
release_index = full_version.index('-')
|
129
|
+
if release_index
|
130
|
+
version = full_version[0,release_index]
|
131
|
+
release = full_version[release_index+1,full_version.length]
|
132
|
+
arch = release.scan(ARCH_REGEX)[0]
|
133
|
+
if arch
|
134
|
+
architecture = arch.delete('.')
|
135
|
+
release.gsub!(ARCH_REGEX, '')
|
136
|
+
end
|
137
|
+
else
|
138
|
+
version = full_version
|
139
|
+
release = nil
|
140
|
+
end
|
141
|
+
return { :epoch => epoch, :version => version, :release => release, :arch => architecture }
|
142
|
+
end
|
143
|
+
|
144
|
+
# this method is a native implementation of the
|
145
|
+
# compare_values function in rpm's python bindings,
|
146
|
+
# found in python/header-py.c, as used by rpm.
|
147
|
+
def compare_values(s1, s2)
|
148
|
+
return 0 if s1.nil? && s2.nil?
|
149
|
+
return 1 if ( not s1.nil? ) && s2.nil?
|
150
|
+
return -1 if s1.nil? && (not s2.nil?)
|
151
|
+
return rpmvercmp(s1, s2)
|
152
|
+
end
|
153
|
+
|
154
|
+
# how rpm compares two package versions:
|
155
|
+
# rpmUtils.miscutils.compareEVR(), which massages data types and then calls
|
156
|
+
# rpm.labelCompare(), found in rpm.git/python/header-py.c, which
|
157
|
+
# sets epoch to 0 if null, then compares epoch, then ver, then rel
|
158
|
+
# using compare_values() and returns the first non-0 result, else 0.
|
159
|
+
# This function combines the logic of compareEVR() and labelCompare().
|
160
|
+
#
|
161
|
+
# "version_should" can be v, v-r, or e:v-r.
|
162
|
+
# "version_is" will always be at least v-r, can be e:v-r
|
163
|
+
#
|
164
|
+
# return 1: a is newer than b
|
165
|
+
# 0: a and b are the same version
|
166
|
+
# -1: b is newer than a
|
167
|
+
def rpm_compareEVR(should, is)
|
168
|
+
# pass on to rpm labelCompare
|
169
|
+
should_hash = rpm_parse_evr(should)
|
170
|
+
is_hash = rpm_parse_evr(is)
|
171
|
+
|
172
|
+
if !should_hash[:epoch].nil?
|
173
|
+
rc = compare_values(should_hash[:epoch], is_hash[:epoch])
|
174
|
+
return rc unless rc == 0
|
175
|
+
end
|
176
|
+
|
177
|
+
rc = compare_values(should_hash[:version], is_hash[:version])
|
178
|
+
return rc unless rc == 0
|
179
|
+
|
180
|
+
# here is our special case, PUP-1244.
|
181
|
+
# if should_hash[:release] is nil (not specified by the user),
|
182
|
+
# and comparisons up to here are equal, return equal. We need to
|
183
|
+
# evaluate to whatever level of detail the user specified, so we
|
184
|
+
# don't end up upgrading or *downgrading* when not intended.
|
185
|
+
#
|
186
|
+
# This should NOT be triggered if we're trying to ensure latest.
|
187
|
+
return 0 if should_hash[:release].nil?
|
188
|
+
|
189
|
+
rc = compare_values(should_hash[:release], is_hash[:release])
|
190
|
+
|
191
|
+
return rc
|
192
|
+
end
|
193
|
+
end
|
data/lib/puppet/util/storage.rb
CHANGED
@@ -1,6 +1,23 @@
|
|
1
1
|
module Puppet::Util::Windows::ADSI
|
2
2
|
require 'ffi'
|
3
3
|
|
4
|
+
# https://docs.microsoft.com/en-us/windows/win32/api/dsrole/ne-dsrole-dsrole_machine_role
|
5
|
+
STANDALONE_WORKSTATION = 0
|
6
|
+
MEMBER_WORKSTATION = 1
|
7
|
+
STANDALONE_SERVER = 2
|
8
|
+
MEMBER_SERVER = 3
|
9
|
+
BACKUP_DOMAIN_CONTROLLER = 4
|
10
|
+
PRIMARY_DOMAIN_CONTROLLER = 5
|
11
|
+
|
12
|
+
DOMAIN_ROLES = {
|
13
|
+
STANDALONE_WORKSTATION => :STANDALONE_WORKSTATION,
|
14
|
+
MEMBER_WORKSTATION => :MEMBER_WORKSTATION,
|
15
|
+
STANDALONE_SERVER => :STANDALONE_SERVER,
|
16
|
+
MEMBER_SERVER => :MEMBER_SERVER,
|
17
|
+
BACKUP_DOMAIN_CONTROLLER => :BACKUP_DOMAIN_CONTROLLER,
|
18
|
+
PRIMARY_DOMAIN_CONTROLLER => :PRIMARY_DOMAIN_CONTROLLER,
|
19
|
+
}
|
20
|
+
|
4
21
|
class << self
|
5
22
|
extend FFI::Library
|
6
23
|
|
@@ -94,6 +111,14 @@ module Puppet::Util::Windows::ADSI
|
|
94
111
|
wmi_connection.execquery(query)
|
95
112
|
end
|
96
113
|
|
114
|
+
def domain_role
|
115
|
+
unless @domain_role
|
116
|
+
query_result = Puppet::Util::Windows::ADSI.execquery('select DomainRole from Win32_ComputerSystem').to_enum.first
|
117
|
+
@domain_role = DOMAIN_ROLES[query_result.DomainRole] if query_result
|
118
|
+
end
|
119
|
+
@domain_role
|
120
|
+
end
|
121
|
+
|
97
122
|
ffi_convention :stdcall
|
98
123
|
|
99
124
|
# https://msdn.microsoft.com/en-us/library/windows/desktop/ms724295(v=vs.85).aspx
|
@@ -155,11 +180,11 @@ module Puppet::Util::Windows::ADSI
|
|
155
180
|
sids
|
156
181
|
end
|
157
182
|
|
158
|
-
def name_sid_hash(names)
|
183
|
+
def name_sid_hash(names, allow_unresolved = false)
|
159
184
|
return {} if names.nil? || names.empty?
|
160
185
|
|
161
186
|
sids = names.map do |name|
|
162
|
-
sid = Puppet::Util::Windows::SID.name_to_principal(name)
|
187
|
+
sid = Puppet::Util::Windows::SID.name_to_principal(name, allow_unresolved)
|
163
188
|
raise Puppet::Error.new( _("Could not resolve name: %{name}") % { name: name } ) if !sid
|
164
189
|
[sid.sid, sid]
|
165
190
|
end
|
@@ -176,7 +201,12 @@ module Puppet::Util::Windows::ADSI
|
|
176
201
|
well_known = false
|
177
202
|
if (sid = Puppet::Util::Windows::SID.name_to_principal(name_or_sid))
|
178
203
|
# Examples of SidType include SidTypeUser, SidTypeGroup
|
179
|
-
|
204
|
+
if sid.account_type == "SidType#{@object_class.capitalize}".to_sym
|
205
|
+
# Check if we're getting back a local user when domain-joined
|
206
|
+
return true unless [:MEMBER_WORKSTATION, :MEMBER_SERVER].include?(Puppet::Util::Windows::ADSI.domain_role)
|
207
|
+
# The resource domain and the computer name are not always case-matching
|
208
|
+
return sid.domain.casecmp(Puppet::Util::Windows::ADSI.computer_name) == 0
|
209
|
+
end
|
180
210
|
|
181
211
|
# 'well known group' is special as it can be a group like Everyone OR a user like SYSTEM
|
182
212
|
# so try to resolve it
|
@@ -386,23 +416,23 @@ module Puppet::Util::Windows::ADSI
|
|
386
416
|
ADS_UF_SCRIPT: 0x0001,
|
387
417
|
ADS_UF_ACCOUNTDISABLE: 0x0002,
|
388
418
|
ADS_UF_HOMEDIR_REQUIRED: 0x0008,
|
389
|
-
ADS_UF_LOCKOUT: 0x0010,
|
390
|
-
ADS_UF_PASSWD_NOTREQD: 0x0020,
|
391
|
-
ADS_UF_PASSWD_CANT_CHANGE: 0x0040,
|
392
|
-
ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED: 0x0080,
|
393
|
-
ADS_UF_TEMP_DUPLICATE_ACCOUNT: 0x0100,
|
394
|
-
ADS_UF_NORMAL_ACCOUNT: 0x0200,
|
395
|
-
ADS_UF_INTERDOMAIN_TRUST_ACCOUNT: 0x0800,
|
396
|
-
ADS_UF_WORKSTATION_TRUST_ACCOUNT: 0x1000,
|
397
|
-
ADS_UF_SERVER_TRUST_ACCOUNT: 0x2000,
|
398
|
-
ADS_UF_DONT_EXPIRE_PASSWD: 0x10000,
|
399
|
-
ADS_UF_MNS_LOGON_ACCOUNT: 0x20000,
|
400
|
-
ADS_UF_SMARTCARD_REQUIRED: 0x40000,
|
401
|
-
ADS_UF_TRUSTED_FOR_DELEGATION: 0x80000,
|
402
|
-
ADS_UF_NOT_DELEGATED: 0x100000,
|
403
|
-
ADS_UF_USE_DES_KEY_ONLY: 0x200000,
|
404
|
-
ADS_UF_DONT_REQUIRE_PREAUTH: 0x400000,
|
405
|
-
ADS_UF_PASSWORD_EXPIRED: 0x800000,
|
419
|
+
ADS_UF_LOCKOUT: 0x0010,
|
420
|
+
ADS_UF_PASSWD_NOTREQD: 0x0020,
|
421
|
+
ADS_UF_PASSWD_CANT_CHANGE: 0x0040,
|
422
|
+
ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED: 0x0080,
|
423
|
+
ADS_UF_TEMP_DUPLICATE_ACCOUNT: 0x0100,
|
424
|
+
ADS_UF_NORMAL_ACCOUNT: 0x0200,
|
425
|
+
ADS_UF_INTERDOMAIN_TRUST_ACCOUNT: 0x0800,
|
426
|
+
ADS_UF_WORKSTATION_TRUST_ACCOUNT: 0x1000,
|
427
|
+
ADS_UF_SERVER_TRUST_ACCOUNT: 0x2000,
|
428
|
+
ADS_UF_DONT_EXPIRE_PASSWD: 0x10000,
|
429
|
+
ADS_UF_MNS_LOGON_ACCOUNT: 0x20000,
|
430
|
+
ADS_UF_SMARTCARD_REQUIRED: 0x40000,
|
431
|
+
ADS_UF_TRUSTED_FOR_DELEGATION: 0x80000,
|
432
|
+
ADS_UF_NOT_DELEGATED: 0x100000,
|
433
|
+
ADS_UF_USE_DES_KEY_ONLY: 0x200000,
|
434
|
+
ADS_UF_DONT_REQUIRE_PREAUTH: 0x400000,
|
435
|
+
ADS_UF_PASSWORD_EXPIRED: 0x800000,
|
406
436
|
ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION: 0x1000000
|
407
437
|
}
|
408
438
|
|
@@ -122,21 +122,22 @@ module Puppet::Util::Windows::Process
|
|
122
122
|
def get_process_image_name_by_pid(pid)
|
123
123
|
image_name = ""
|
124
124
|
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
|
135
|
-
|
136
|
-
|
137
|
-
|
125
|
+
Puppet::Util::Windows::Security.with_privilege(Puppet::Util::Windows::Security::SE_DEBUG_NAME) do
|
126
|
+
open_process(PROCESS_QUERY_INFORMATION, false, pid) do |phandle|
|
127
|
+
FFI::MemoryPointer.new(:dword, 1) do |exe_name_length_ptr|
|
128
|
+
# UTF is 2 bytes/char:
|
129
|
+
max_chars = MAX_PATH_LENGTH + 1
|
130
|
+
exe_name_length_ptr.write_dword(max_chars)
|
131
|
+
FFI::MemoryPointer.new(:wchar, max_chars) do |exe_name_ptr|
|
132
|
+
use_win32_path_format = 0
|
133
|
+
result = QueryFullProcessImageNameW(phandle, use_win32_path_format, exe_name_ptr, exe_name_length_ptr)
|
134
|
+
if result == FFI::WIN32_FALSE
|
135
|
+
raise Puppet::Util::Windows::Error.new(
|
136
|
+
"QueryFullProcessImageNameW(phandle, #{use_win32_path_format}, " +
|
137
|
+
"exe_name_ptr, #{max_chars}")
|
138
|
+
end
|
139
|
+
image_name = exe_name_ptr.read_wide_string(exe_name_length_ptr.read_dword)
|
138
140
|
end
|
139
|
-
image_name = exe_name_ptr.read_wide_string(exe_name_length_ptr.read_dword)
|
140
141
|
end
|
141
142
|
end
|
142
143
|
end
|
@@ -64,7 +64,7 @@ module Puppet::Util::Windows
|
|
64
64
|
# 'BUILTIN\Administrators', or 'S-1-5-32-544', and will return the
|
65
65
|
# SID object. Returns nil if the account doesn't exist.
|
66
66
|
# This method returns a SID::Principal with the account, domain, SID, etc
|
67
|
-
def name_to_principal(name)
|
67
|
+
def name_to_principal(name, allow_unresolved = false)
|
68
68
|
# Apparently, we accept a symbol..
|
69
69
|
name = name.to_s.strip if name
|
70
70
|
|
@@ -79,7 +79,7 @@ module Puppet::Util::Windows
|
|
79
79
|
|
80
80
|
raw_sid_bytes ? Principal.lookup_account_sid(raw_sid_bytes) : Principal.lookup_account_name(name)
|
81
81
|
rescue
|
82
|
-
nil
|
82
|
+
(allow_unresolved && raw_sid_bytes) ? unresolved_principal(name, raw_sid_bytes) : nil
|
83
83
|
end
|
84
84
|
module_function :name_to_principal
|
85
85
|
class << self; alias name_to_sid_object name_to_principal; end
|
@@ -236,7 +236,7 @@ module Puppet::Util::Windows
|
|
236
236
|
# @api private
|
237
237
|
def self.unresolved_principal(name, sid_bytes)
|
238
238
|
Principal.new(
|
239
|
-
name
|
239
|
+
name, # account
|
240
240
|
sid_bytes, # sid_bytes
|
241
241
|
name, # sid string
|
242
242
|
nil, #domain
|
data/lib/puppet/util/yaml.rb
CHANGED
data/lib/puppet/version.rb
CHANGED
@@ -16,12 +16,16 @@ class Puppet::X509::CertProvider
|
|
16
16
|
crlpath: Puppet[:hostcrl],
|
17
17
|
privatekeydir: Puppet[:privatekeydir],
|
18
18
|
certdir: Puppet[:certdir],
|
19
|
-
requestdir: Puppet[:requestdir]
|
19
|
+
requestdir: Puppet[:requestdir],
|
20
|
+
hostprivkey: Puppet.settings.set_by_config?(:hostprivkey) ? Puppet[:hostprivkey] : nil,
|
21
|
+
hostcert: Puppet.settings.set_by_config?(:hostcert) ? Puppet[:hostcert] : nil)
|
20
22
|
@capath = capath
|
21
23
|
@crlpath = crlpath
|
22
24
|
@privatekeydir = privatekeydir
|
23
25
|
@certdir = certdir
|
24
26
|
@requestdir = requestdir
|
27
|
+
@hostprivkey = hostprivkey
|
28
|
+
@hostcert = hostcert
|
25
29
|
end
|
26
30
|
|
27
31
|
# Save `certs` to the configured `capath`.
|
@@ -146,7 +150,7 @@ class Puppet::X509::CertProvider
|
|
146
150
|
else
|
147
151
|
key.to_pem
|
148
152
|
end
|
149
|
-
path = to_path(@privatekeydir, name)
|
153
|
+
path = @hostprivkey || to_path(@privatekeydir, name)
|
150
154
|
save_pem(pem, path, **permissions_for_setting(:hostprivkey))
|
151
155
|
rescue SystemCallError => e
|
152
156
|
raise Puppet::Error.new(_("Failed to save private key for '%{name}'") % {name: name}, e)
|
@@ -165,7 +169,7 @@ class Puppet::X509::CertProvider
|
|
165
169
|
# @raise [Puppet::Error] if the private key cannot be loaded
|
166
170
|
# @api private
|
167
171
|
def load_private_key(name, required: false, password: nil)
|
168
|
-
path = to_path(@privatekeydir, name)
|
172
|
+
path = @hostprivkey || to_path(@privatekeydir, name)
|
169
173
|
pem = load_pem(path)
|
170
174
|
if !pem && required
|
171
175
|
raise Puppet::Error, _("The private key is missing from '%{path}'") % { path: path }
|
@@ -225,7 +229,7 @@ class Puppet::X509::CertProvider
|
|
225
229
|
# @raise [Puppet::Error] if the client cert cannot be saved
|
226
230
|
# @api private
|
227
231
|
def save_client_cert(name, cert)
|
228
|
-
path = to_path(@certdir, name)
|
232
|
+
path = @hostcert || to_path(@certdir, name)
|
229
233
|
save_pem(cert.to_pem, path, **permissions_for_setting(:hostcert))
|
230
234
|
rescue SystemCallError => e
|
231
235
|
raise Puppet::Error.new(_("Failed to save client certificate for '%{name}'") % {name: name}, e)
|
@@ -240,7 +244,7 @@ class Puppet::X509::CertProvider
|
|
240
244
|
# @raise [Puppet::Error] if the client cert cannot be loaded
|
241
245
|
# @api private
|
242
246
|
def load_client_cert(name, required: false)
|
243
|
-
path = to_path(@certdir, name)
|
247
|
+
path = @hostcert || to_path(@certdir, name)
|
244
248
|
pem = load_pem(path)
|
245
249
|
if !pem && required
|
246
250
|
raise Puppet::Error, _("The client certificate is missing from '%{path}'") % { path: path }
|