puppet 6.12.0-universal-darwin → 6.17.0-universal-darwin
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CODEOWNERS +2 -7
- data/CONTRIBUTING.md +7 -13
- data/Gemfile +4 -2
- data/Gemfile.lock +39 -36
- data/README.md +18 -25
- data/ext/project_data.yaml +1 -1
- data/ext/windows/service/daemon.rb +3 -3
- data/lib/puppet.rb +52 -13
- data/lib/puppet/agent.rb +20 -14
- data/lib/puppet/application/agent.rb +26 -17
- data/lib/puppet/application/describe.rb +7 -5
- data/lib/puppet/application/device.rb +2 -2
- data/lib/puppet/application/filebucket.rb +19 -15
- data/lib/puppet/application/plugin.rb +1 -0
- data/lib/puppet/application/resource.rb +1 -1
- data/lib/puppet/application/ssl.rb +4 -4
- data/lib/puppet/configurer.rb +65 -69
- data/lib/puppet/configurer/plugin_handler.rb +10 -1
- data/lib/puppet/confine.rb +1 -1
- data/lib/puppet/context/trusted_information.rb +14 -8
- data/lib/puppet/daemon.rb +13 -27
- data/lib/puppet/defaults.rb +154 -58
- data/lib/puppet/environments.rb +27 -20
- data/lib/puppet/face/facts.rb +8 -5
- data/lib/puppet/face/help.rb +29 -3
- data/lib/puppet/face/module/search.rb +5 -0
- data/lib/puppet/face/plugin.rb +2 -2
- data/lib/puppet/file_serving/http_metadata.rb +14 -2
- data/lib/puppet/file_serving/metadata.rb +4 -1
- data/lib/puppet/file_serving/terminus_selector.rb +7 -8
- data/lib/puppet/file_system/file_impl.rb +14 -10
- data/lib/puppet/file_system/memory_file.rb +6 -0
- data/lib/puppet/file_system/memory_impl.rb +13 -0
- data/lib/puppet/file_system/uniquefile.rb +12 -16
- data/lib/puppet/file_system/windows.rb +7 -10
- data/lib/puppet/forge.rb +1 -1
- data/lib/puppet/forge/cache.rb +1 -1
- data/lib/puppet/forge/repository.rb +4 -7
- data/lib/puppet/functions/call.rb +1 -1
- data/lib/puppet/functions/eyaml_lookup_key.rb +13 -8
- data/lib/puppet/functions/filter.rb +1 -0
- data/lib/puppet/functions/reduce.rb +2 -4
- data/lib/puppet/http.rb +5 -0
- data/lib/puppet/http/client.rb +293 -73
- data/lib/puppet/http/errors.rb +2 -0
- data/lib/puppet/http/external_client.rb +90 -0
- data/lib/puppet/http/redirector.rb +43 -7
- data/lib/puppet/http/resolver.rb +46 -3
- data/lib/puppet/http/resolver/server_list.rb +76 -16
- data/lib/puppet/http/resolver/settings.rb +23 -3
- data/lib/puppet/http/resolver/srv.rb +29 -3
- data/lib/puppet/http/response.rb +87 -1
- data/lib/puppet/http/retry_after_handler.rb +39 -0
- data/lib/puppet/http/service.rb +151 -7
- data/lib/puppet/http/service/ca.rb +76 -14
- data/lib/puppet/http/service/compiler.rb +319 -0
- data/lib/puppet/http/service/file_server.rb +206 -0
- data/lib/puppet/http/service/report.rb +49 -23
- data/lib/puppet/http/session.rb +103 -7
- data/lib/puppet/indirector.rb +1 -1
- data/lib/puppet/indirector/catalog/compiler.rb +10 -0
- data/lib/puppet/indirector/catalog/rest.rb +34 -0
- data/lib/puppet/indirector/facts/rest.rb +42 -0
- data/lib/puppet/indirector/file_bucket_file/file.rb +1 -1
- data/lib/puppet/indirector/file_bucket_file/rest.rb +48 -0
- data/lib/puppet/indirector/file_content/http.rb +5 -0
- data/lib/puppet/indirector/file_content/rest.rb +30 -0
- data/lib/puppet/indirector/file_metadata/http.rb +27 -8
- data/lib/puppet/indirector/file_metadata/rest.rb +52 -0
- data/lib/puppet/indirector/json.rb +1 -1
- data/lib/puppet/indirector/msgpack.rb +1 -1
- data/lib/puppet/indirector/node/rest.rb +24 -0
- data/lib/puppet/indirector/report/rest.rb +19 -0
- data/lib/puppet/indirector/report/yaml.rb +23 -0
- data/lib/puppet/indirector/request.rb +1 -1
- data/lib/puppet/indirector/rest.rb +12 -0
- data/lib/puppet/indirector/status/rest.rb +18 -0
- data/lib/puppet/loaders.rb +6 -0
- data/lib/puppet/metatype/manager.rb +80 -80
- data/lib/puppet/network/http/api/indirected_routes.rb +1 -1
- data/lib/puppet/network/http/api/master/v3/environment.rb +3 -0
- data/lib/puppet/network/http/base_pool.rb +7 -2
- data/lib/puppet/network/http/compression.rb +7 -0
- data/lib/puppet/network/http/connection.rb +6 -0
- data/lib/puppet/network/http/connection_adapter.rb +184 -0
- data/lib/puppet/network/http/nocache_pool.rb +2 -0
- data/lib/puppet/network/http/pool.rb +13 -6
- data/lib/puppet/network/http_pool.rb +2 -1
- data/lib/puppet/node/environment.rb +11 -1
- data/lib/puppet/pal/catalog_compiler.rb +5 -0
- data/lib/puppet/pal/pal_impl.rb +4 -29
- data/lib/puppet/parser/ast/leaf.rb +5 -5
- data/lib/puppet/parser/ast/pops_bridge.rb +6 -15
- data/lib/puppet/parser/compiler.rb +43 -33
- data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +2 -0
- data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +2 -0
- data/lib/puppet/parser/environment_compiler.rb +4 -1
- data/lib/puppet/parser/functions.rb +18 -13
- data/lib/puppet/parser/functions/filter.rb +1 -0
- data/lib/puppet/parser/resource.rb +3 -2
- data/lib/puppet/parser/resource/param.rb +6 -0
- data/lib/puppet/pops/evaluator/access_operator.rb +2 -2
- data/lib/puppet/pops/evaluator/evaluator_impl.rb +6 -6
- data/lib/puppet/pops/issues.rb +5 -0
- data/lib/puppet/pops/loader/puppet_plan_instantiator.rb +12 -3
- data/lib/puppet/pops/loaders.rb +7 -5
- data/lib/puppet/pops/parser/evaluating_parser.rb +5 -7
- data/lib/puppet/pops/resource/resource_type_impl.rb +2 -0
- data/lib/puppet/pops/types/p_object_type_extension.rb +10 -0
- data/lib/puppet/pops/types/type_calculator.rb +24 -0
- data/lib/puppet/pops/validation/checker4_0.rb +11 -1
- data/lib/puppet/pops/validation/tasks_checker.rb +5 -1
- data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -0
- data/lib/puppet/provider/aix_object.rb +4 -2
- data/lib/puppet/provider/group/aix.rb +1 -0
- data/lib/puppet/provider/group/groupadd.rb +57 -24
- data/lib/puppet/provider/group/windows_adsi.rb +3 -3
- data/lib/puppet/provider/package/aix.rb +17 -2
- data/lib/puppet/provider/package/apt.rb +78 -4
- data/lib/puppet/provider/package/aptitude.rb +1 -1
- data/lib/puppet/provider/package/dnfmodule.rb +69 -15
- data/lib/puppet/provider/package/dpkg.rb +14 -7
- data/lib/puppet/provider/package/fink.rb +20 -3
- data/lib/puppet/provider/package/gem.rb +41 -7
- data/lib/puppet/provider/package/openbsd.rb +13 -1
- data/lib/puppet/provider/package/pacman.rb +2 -5
- data/lib/puppet/provider/package/pip.rb +143 -48
- data/lib/puppet/provider/package/pip3.rb +0 -2
- data/lib/puppet/provider/package/pkg.rb +18 -5
- data/lib/puppet/provider/package/pkgdmg.rb +1 -1
- data/lib/puppet/provider/package/pkgng.rb +16 -4
- data/lib/puppet/provider/package/portage.rb +2 -2
- data/lib/puppet/provider/package/puppet_gem.rb +6 -2
- data/lib/puppet/provider/package/rpm.rb +6 -213
- data/lib/puppet/provider/package/yum.rb +109 -25
- data/lib/puppet/provider/package/zypper.rb +59 -1
- data/lib/puppet/provider/service/systemd.rb +22 -4
- data/lib/puppet/provider/service/windows.rb +23 -7
- data/lib/puppet/provider/user/aix.rb +1 -0
- data/lib/puppet/provider/user/directoryservice.rb +30 -5
- data/lib/puppet/provider/user/useradd.rb +22 -12
- data/lib/puppet/reports/http.rb +15 -9
- data/lib/puppet/reports/store.rb +1 -1
- data/lib/puppet/resource.rb +2 -1
- data/lib/puppet/resource/type.rb +8 -0
- data/lib/puppet/resource/type_collection.rb +20 -16
- data/lib/puppet/runtime.rb +31 -1
- data/lib/puppet/settings.rb +4 -0
- data/lib/puppet/settings/http_extra_headers_setting.rb +25 -0
- data/lib/puppet/ssl.rb +1 -0
- data/lib/puppet/ssl/certificate.rb +2 -1
- data/lib/puppet/ssl/host.rb +4 -4
- data/lib/puppet/ssl/oids.rb +1 -0
- data/lib/puppet/ssl/ssl_context.rb +2 -2
- data/lib/puppet/ssl/ssl_provider.rb +20 -1
- data/lib/puppet/ssl/state_machine.rb +81 -35
- data/lib/puppet/ssl/verifier_adapter.rb +9 -1
- data/lib/puppet/test/test_helper.rb +15 -11
- data/lib/puppet/transaction/report.rb +2 -2
- data/lib/puppet/transaction/resource_harness.rb +1 -1
- data/lib/puppet/trusted_external.rb +29 -1
- data/lib/puppet/type.rb +18 -6
- data/lib/puppet/type/file.rb +51 -13
- data/lib/puppet/type/file/checksum.rb +4 -4
- data/lib/puppet/type/file/source.rb +51 -60
- data/lib/puppet/type/group.rb +2 -2
- data/lib/puppet/type/package.rb +102 -10
- data/lib/puppet/type/service.rb +55 -8
- data/lib/puppet/type/user.rb +3 -28
- data/lib/puppet/util.rb +39 -15
- data/lib/puppet/util/at_fork.rb +1 -1
- data/lib/puppet/util/autoload.rb +4 -18
- data/lib/puppet/util/checksums.rb +19 -4
- data/lib/puppet/util/fileparsing.rb +2 -2
- data/lib/puppet/util/instance_loader.rb +14 -10
- data/lib/puppet/util/log/destinations.rb +2 -11
- data/lib/puppet/util/package/version/debian.rb +175 -0
- data/lib/puppet/util/package/version/gem.rb +15 -0
- data/lib/puppet/util/package/version/pip.rb +167 -0
- data/lib/puppet/util/package/version/range.rb +53 -0
- data/lib/puppet/util/package/version/range/eq.rb +14 -0
- data/lib/puppet/util/package/version/range/gt.rb +14 -0
- data/lib/puppet/util/package/version/range/gt_eq.rb +14 -0
- data/lib/puppet/util/package/version/range/lt.rb +14 -0
- data/lib/puppet/util/package/version/range/lt_eq.rb +14 -0
- data/lib/puppet/util/package/version/range/min_max.rb +21 -0
- data/lib/puppet/util/package/version/range/simple.rb +11 -0
- data/lib/puppet/util/package/version/rpm.rb +73 -0
- data/lib/puppet/util/pidlock.rb +36 -10
- data/lib/puppet/util/platform.rb +5 -0
- data/lib/puppet/util/plist.rb +6 -0
- data/lib/puppet/util/provider_features.rb +1 -1
- data/lib/puppet/util/reference.rb +1 -1
- data/lib/puppet/util/rpm_compare.rb +193 -0
- data/lib/puppet/util/storage.rb +0 -1
- data/lib/puppet/util/windows/adsi.rb +2 -2
- data/lib/puppet/util/windows/api_types.rb +45 -32
- data/lib/puppet/util/windows/eventlog.rb +1 -6
- data/lib/puppet/util/windows/principal.rb +8 -6
- data/lib/puppet/util/windows/process.rb +15 -14
- data/lib/puppet/util/windows/registry.rb +11 -11
- data/lib/puppet/util/windows/security.rb +1 -0
- data/lib/puppet/util/windows/service.rb +43 -26
- data/lib/puppet/util/windows/sid.rb +3 -3
- data/lib/puppet/util/windows/user.rb +23 -8
- data/lib/puppet/util/yaml.rb +1 -1
- data/lib/puppet/version.rb +1 -1
- data/locales/puppet.pot +707 -574
- data/man/man5/puppet.conf.5 +74 -14
- data/man/man8/puppet-agent.8 +7 -7
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +2 -2
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +1 -1
- data/man/man8/puppet-filebucket.8 +17 -2
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +6 -3
- data/man/man8/puppet-key.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-man.8 +1 -1
- data/man/man8/puppet-module.8 +4 -1
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +2 -2
- data/man/man8/puppet-status.8 +1 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +67 -0
- data/spec/fixtures/ssl/unknown-127.0.0.1.pem +48 -0
- data/spec/fixtures/ssl/unknown-ca-key.pem +67 -0
- data/spec/fixtures/ssl/unknown-ca.pem +59 -0
- data/spec/fixtures/unit/provider/package/dnfmodule/{dnf-module-list-installed.txt → dnf-module-list.txt} +8 -0
- data/spec/fixtures/unit/provider/package/pkgng/pkg.version +2 -0
- data/spec/fixtures/unit/provider/package/yum/yum-check-update-subscription-manager.txt +9 -0
- data/spec/fixtures/unit/provider/package/zypper/zypper-search-uninstalled.out +13 -0
- data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services +9 -0
- data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_md5/should_fetch_if_not_on_the_local_disk.yml +1 -102
- data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_md5/should_not_update_if_content_on_disk_is_up-to-date.yml +1 -106
- data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_md5/should_update_if_content_differs_on_disk.yml +1 -106
- data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_mtime/should_fetch_if_mtime_is_older_on_disk.yml +1 -102
- data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_mtime/should_fetch_if_no_header_specified.yml +1 -98
- data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_mtime/should_fetch_if_not_on_the_local_disk.yml +1 -102
- data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_mtime/should_not_update_if_mtime_is_newer_on_disk.yml +1 -102
- data/spec/integration/application/agent_spec.rb +483 -0
- data/spec/integration/application/apply_spec.rb +132 -3
- data/spec/integration/application/filebucket_spec.rb +190 -0
- data/spec/integration/application/plugin_spec.rb +73 -0
- data/spec/integration/configurer_spec.rb +26 -7
- data/spec/integration/defaults_spec.rb +1 -2
- data/spec/integration/http/client_spec.rb +47 -37
- data/spec/integration/indirector/facts/facter_spec.rb +4 -0
- data/spec/integration/indirector/report/yaml.rb +83 -0
- data/spec/integration/module_tool/forge_spec.rb +2 -15
- data/spec/integration/network/http_pool_spec.rb +93 -20
- data/spec/integration/node/environment_spec.rb +15 -0
- data/spec/integration/parser/compiler_spec.rb +11 -0
- data/spec/integration/type/file_spec.rb +1 -1
- data/spec/integration/util/windows/adsi_spec.rb +6 -1
- data/spec/integration/util/windows/registry_spec.rb +7 -7
- data/spec/integration/util/windows/user_spec.rb +40 -5
- data/spec/lib/puppet/test_ca.rb +2 -2
- data/spec/lib/puppet_spec/https.rb +16 -7
- data/spec/lib/puppet_spec/puppetserver.rb +119 -0
- data/spec/shared_contexts/https.rb +29 -0
- data/spec/unit/agent_spec.rb +80 -26
- data/spec/unit/application/agent_spec.rb +9 -5
- data/spec/unit/application/apply_spec.rb +2 -12
- data/spec/unit/application/describe_spec.rb +88 -50
- data/spec/unit/application/device_spec.rb +2 -2
- data/spec/unit/application/filebucket_spec.rb +22 -2
- data/spec/unit/application/resource_spec.rb +2 -2
- data/spec/unit/configurer/fact_handler_spec.rb +4 -8
- data/spec/unit/configurer/plugin_handler_spec.rb +36 -19
- data/spec/unit/configurer_spec.rb +17 -18
- data/spec/unit/context/trusted_information_spec.rb +25 -2
- data/spec/unit/daemon_spec.rb +5 -64
- data/spec/unit/defaults_spec.rb +25 -2
- data/spec/unit/environments_spec.rb +65 -28
- data/spec/unit/face/facts_spec.rb +24 -20
- data/spec/unit/face/module/search_spec.rb +17 -0
- data/spec/unit/face/plugin_spec.rb +12 -10
- data/spec/unit/file_serving/http_metadata_spec.rb +37 -14
- data/spec/unit/file_serving/terminus_selector_spec.rb +45 -26
- data/spec/unit/file_system/uniquefile_spec.rb +11 -0
- data/spec/unit/file_system_spec.rb +26 -2
- data/spec/unit/functions/lookup_spec.rb +13 -0
- data/spec/unit/http/client_spec.rb +327 -35
- data/spec/unit/http/external_client_spec.rb +201 -0
- data/spec/unit/http/resolver_spec.rb +34 -2
- data/spec/unit/http/response_spec.rb +75 -0
- data/spec/unit/http/service/ca_spec.rb +53 -11
- data/spec/unit/http/service/compiler_spec.rb +627 -0
- data/spec/unit/http/service/file_server_spec.rb +308 -0
- data/spec/unit/http/service/report_spec.rb +27 -9
- data/spec/unit/http/service_spec.rb +98 -5
- data/spec/unit/http/session_spec.rb +190 -7
- data/spec/unit/indirector/catalog/compiler_spec.rb +47 -29
- data/spec/unit/indirector/catalog/rest_spec.rb +59 -2
- data/spec/unit/indirector/facts/rest_spec.rb +79 -24
- data/spec/unit/indirector/file_bucket_file/rest_spec.rb +82 -2
- data/spec/unit/indirector/file_content/rest_spec.rb +53 -2
- data/spec/unit/indirector/file_metadata/http_spec.rb +194 -0
- data/spec/unit/indirector/file_metadata/rest_spec.rb +110 -2
- data/spec/unit/indirector/node/rest_spec.rb +57 -2
- data/spec/unit/indirector/report/rest_spec.rb +58 -51
- data/spec/unit/indirector/request_spec.rb +1 -1
- data/spec/unit/indirector/resource/ral_spec.rb +7 -8
- data/spec/unit/indirector/rest_spec.rb +13 -0
- data/spec/unit/indirector/status/rest_spec.rb +43 -2
- data/spec/unit/interface_spec.rb +3 -3
- data/spec/unit/network/http/api/indirected_routes_spec.rb +2 -1
- data/spec/unit/network/http/connection_spec.rb +559 -175
- data/spec/unit/network/http/nocache_pool_spec.rb +25 -3
- data/spec/unit/network/http/pool_spec.rb +89 -11
- data/spec/unit/network/http_pool_spec.rb +63 -57
- data/spec/unit/network/http_spec.rb +1 -1
- data/spec/unit/node/environment_spec.rb +16 -0
- data/spec/unit/node/facts_spec.rb +2 -1
- data/spec/unit/node_spec.rb +7 -4
- data/spec/unit/parser/ast/block_expression_spec.rb +1 -1
- data/spec/unit/parser/environment_compiler_spec.rb +7 -0
- data/spec/unit/parser/scope_spec.rb +1 -1
- data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +15 -1
- data/spec/unit/pops/loaders/loaders_spec.rb +1 -1
- data/spec/unit/pops/serialization/to_from_hr_spec.rb +6 -1
- data/spec/unit/pops/types/type_calculator_spec.rb +1 -11
- data/spec/unit/pops/validator/validator_spec.rb +7 -2
- data/spec/unit/provider/aix_object_spec.rb +16 -2
- data/spec/unit/provider/group/groupadd_spec.rb +181 -56
- data/spec/unit/provider/group/windows_adsi_spec.rb +43 -10
- data/spec/unit/provider/package/aix_spec.rb +29 -0
- data/spec/unit/provider/package/apt_spec.rb +43 -2
- data/spec/unit/provider/package/aptitude_spec.rb +1 -0
- data/spec/unit/provider/package/dnfmodule_spec.rb +76 -15
- data/spec/unit/provider/package/dpkg_spec.rb +28 -6
- data/spec/unit/provider/package/gem_spec.rb +40 -0
- data/spec/unit/provider/package/openbsd_spec.rb +17 -0
- data/spec/unit/provider/package/pacman_spec.rb +6 -21
- data/spec/unit/provider/package/pip_spec.rb +68 -19
- data/spec/unit/provider/package/pkg_spec.rb +15 -1
- data/spec/unit/provider/package/pkgdmg_spec.rb +1 -1
- data/spec/unit/provider/package/pkgng_spec.rb +38 -0
- data/spec/unit/provider/package/portage_spec.rb +5 -0
- data/spec/unit/provider/package/puppet_gem_spec.rb +8 -0
- data/spec/unit/provider/package/rpm_spec.rb +0 -212
- data/spec/unit/provider/package/yum_spec.rb +292 -0
- data/spec/unit/provider/package/zypper_spec.rb +84 -0
- data/spec/unit/provider/service/init_spec.rb +1 -0
- data/spec/unit/provider/service/openbsd_spec.rb +9 -0
- data/spec/unit/provider/service/openwrt_spec.rb +1 -0
- data/spec/unit/provider/service/redhat_spec.rb +9 -0
- data/spec/unit/provider/service/systemd_spec.rb +92 -12
- data/spec/unit/provider/service/windows_spec.rb +22 -14
- data/spec/unit/provider/user/directoryservice_spec.rb +41 -0
- data/spec/unit/provider/user/openbsd_spec.rb +1 -0
- data/spec/unit/provider/user/useradd_spec.rb +43 -24
- data/spec/unit/provider/user/windows_adsi_spec.rb +3 -3
- data/spec/unit/puppet_pal_2pec.rb +0 -26
- data/spec/unit/puppet_pal_catalog_spec.rb +46 -0
- data/spec/unit/puppet_spec.rb +47 -0
- data/spec/unit/reports/http_spec.rb +70 -52
- data/spec/unit/resource_spec.rb +3 -3
- data/spec/unit/settings/autosign_setting_spec.rb +1 -1
- data/spec/unit/settings/http_extra_headers_spec.rb +64 -0
- data/spec/unit/ssl/certificate_spec.rb +7 -0
- data/spec/unit/ssl/host_spec.rb +4 -2
- data/spec/unit/ssl/oids_spec.rb +1 -0
- data/spec/unit/ssl/ssl_provider_spec.rb +69 -43
- data/spec/unit/ssl/state_machine_spec.rb +99 -13
- data/spec/unit/test/test_helper_spec.rb +17 -0
- data/spec/unit/transaction/persistence_spec.rb +1 -10
- data/spec/unit/transaction/report_spec.rb +5 -1
- data/spec/unit/transaction_spec.rb +0 -2
- data/spec/unit/type/file/ensure_spec.rb +1 -2
- data/spec/unit/type/file/source_spec.rb +89 -38
- data/spec/unit/type/file_spec.rb +122 -96
- data/spec/unit/type/package_spec.rb +8 -0
- data/spec/unit/type/service_spec.rb +185 -8
- data/spec/unit/type/user_spec.rb +1 -2
- data/spec/unit/type_spec.rb +50 -0
- data/spec/unit/util/at_fork_spec.rb +3 -2
- data/spec/unit/util/autoload_spec.rb +2 -1
- data/spec/unit/util/checksums_spec.rb +16 -0
- data/spec/unit/util/log/destinations_spec.rb +1 -29
- data/spec/unit/util/package/version/debian_spec.rb +83 -0
- data/spec/unit/util/package/version/pip_spec.rb +464 -0
- data/spec/unit/util/package/version/range_spec.rb +175 -0
- data/spec/unit/util/package/version/rpm_spec.rb +121 -0
- data/spec/unit/util/pidlock_spec.rb +112 -42
- data/spec/unit/util/plist_spec.rb +20 -0
- data/spec/unit/util/rpm_compare_spec.rb +196 -0
- data/spec/unit/util/storage_spec.rb +1 -8
- data/spec/unit/util/windows/adsi_spec.rb +4 -4
- data/spec/unit/util/windows/api_types_spec.rb +104 -40
- data/spec/unit/util/windows/service_spec.rb +4 -4
- data/spec/unit/util/windows/sid_spec.rb +2 -2
- data/spec/unit/util_spec.rb +3 -3
- data/spec/unit/x509/cert_provider_spec.rb +1 -1
- data/tasks/generate_cert_fixtures.rake +15 -1
- data/tasks/manpages.rake +5 -35
- metadata +73 -12
- data/COMMITTERS.md +0 -244
- data/spec/integration/faces/plugin_spec.rb +0 -61
- data/spec/integration/test/test_helper_spec.rb +0 -31
@@ -1,106 +1,5 @@
|
|
1
1
|
---
|
2
2
|
http_interactions:
|
3
|
-
- request:
|
4
|
-
method: head
|
5
|
-
uri: http://my-server/file
|
6
|
-
body:
|
7
|
-
encoding: US-ASCII
|
8
|
-
string: ''
|
9
|
-
headers:
|
10
|
-
Accept:
|
11
|
-
- ! '*/*'
|
12
|
-
User-Agent:
|
13
|
-
- Ruby
|
14
|
-
response:
|
15
|
-
status:
|
16
|
-
code: 301
|
17
|
-
message: ! 'Moved Permanently '
|
18
|
-
headers:
|
19
|
-
Location:
|
20
|
-
- http://my-server/file/
|
21
|
-
Server:
|
22
|
-
- WEBrick/1.3.1 (Ruby/1.9.3/2013-11-22)
|
23
|
-
Date:
|
24
|
-
- Sun, 22 Mar 2015 22:57:44 GMT
|
25
|
-
Content-Length:
|
26
|
-
- '44'
|
27
|
-
Connection:
|
28
|
-
- Keep-Alive
|
29
|
-
body:
|
30
|
-
encoding: US-ASCII
|
31
|
-
string: ''
|
32
|
-
http_version:
|
33
|
-
recorded_at: Sun, 22 Mar 2015 22:57:44 GMT
|
34
|
-
- request:
|
35
|
-
method: head
|
36
|
-
uri: http://my-server/file/
|
37
|
-
body:
|
38
|
-
encoding: US-ASCII
|
39
|
-
string: ''
|
40
|
-
headers:
|
41
|
-
Accept:
|
42
|
-
- ! '*/*'
|
43
|
-
User-Agent:
|
44
|
-
- Ruby
|
45
|
-
response:
|
46
|
-
status:
|
47
|
-
code: 200
|
48
|
-
message: ! 'OK '
|
49
|
-
headers:
|
50
|
-
Etag:
|
51
|
-
- 62e0b-184a-550f415e
|
52
|
-
Content-Type:
|
53
|
-
- text/html
|
54
|
-
Content-Length:
|
55
|
-
- '6218'
|
56
|
-
Last-Modified:
|
57
|
-
- Sun, 22 Mar 2015 22:25:34 GMT
|
58
|
-
Server:
|
59
|
-
- WEBrick/1.3.1 (Ruby/1.9.3/2013-11-22)
|
60
|
-
Date:
|
61
|
-
- Sun, 22 Mar 2015 22:57:44 GMT
|
62
|
-
Connection:
|
63
|
-
- Keep-Alive
|
64
|
-
body:
|
65
|
-
encoding: US-ASCII
|
66
|
-
string: ''
|
67
|
-
http_version:
|
68
|
-
recorded_at: Sun, 22 Mar 2015 22:57:44 GMT
|
69
|
-
- request:
|
70
|
-
method: head
|
71
|
-
uri: http://my-server/file/
|
72
|
-
body:
|
73
|
-
encoding: US-ASCII
|
74
|
-
string: ''
|
75
|
-
headers:
|
76
|
-
Accept:
|
77
|
-
- ! '*/*'
|
78
|
-
User-Agent:
|
79
|
-
- Ruby
|
80
|
-
response:
|
81
|
-
status:
|
82
|
-
code: 200
|
83
|
-
message: ! 'OK '
|
84
|
-
headers:
|
85
|
-
Etag:
|
86
|
-
- 62e0b-184a-550f415e
|
87
|
-
Content-Type:
|
88
|
-
- text/html
|
89
|
-
Content-Length:
|
90
|
-
- '6218'
|
91
|
-
Last-Modified:
|
92
|
-
- Sun, 22 Mar 2015 22:25:34 GMT
|
93
|
-
Server:
|
94
|
-
- WEBrick/1.3.1 (Ruby/1.9.3/2013-11-22)
|
95
|
-
Date:
|
96
|
-
- Sun, 22 Mar 2015 22:57:44 GMT
|
97
|
-
Connection:
|
98
|
-
- Keep-Alive
|
99
|
-
body:
|
100
|
-
encoding: US-ASCII
|
101
|
-
string: ''
|
102
|
-
http_version:
|
103
|
-
recorded_at: Sun, 22 Mar 2015 22:57:44 GMT
|
104
3
|
- request:
|
105
4
|
method: head
|
106
5
|
uri: http://my-server/file
|
@@ -169,7 +68,7 @@ http_interactions:
|
|
169
68
|
recorded_at: Sun, 22 Mar 2015 22:57:44 GMT
|
170
69
|
- request:
|
171
70
|
method: get
|
172
|
-
uri: http://my-server/file
|
71
|
+
uri: http://my-server/file
|
173
72
|
body:
|
174
73
|
encoding: US-ASCII
|
175
74
|
string: ''
|
@@ -1,106 +1,5 @@
|
|
1
1
|
---
|
2
2
|
http_interactions:
|
3
|
-
- request:
|
4
|
-
method: head
|
5
|
-
uri: http://my-server/file
|
6
|
-
body:
|
7
|
-
encoding: US-ASCII
|
8
|
-
string: ''
|
9
|
-
headers:
|
10
|
-
Accept:
|
11
|
-
- ! '*/*'
|
12
|
-
User-Agent:
|
13
|
-
- Ruby
|
14
|
-
response:
|
15
|
-
status:
|
16
|
-
code: 301
|
17
|
-
message: ! 'Moved Permanently '
|
18
|
-
headers:
|
19
|
-
Location:
|
20
|
-
- http://my-server/file/
|
21
|
-
Server:
|
22
|
-
- WEBrick/1.3.1 (Ruby/1.9.3/2013-11-22)
|
23
|
-
Date:
|
24
|
-
- Sun, 22 Mar 2015 22:57:44 GMT
|
25
|
-
Content-Length:
|
26
|
-
- '44'
|
27
|
-
Connection:
|
28
|
-
- Keep-Alive
|
29
|
-
body:
|
30
|
-
encoding: US-ASCII
|
31
|
-
string: ''
|
32
|
-
http_version:
|
33
|
-
recorded_at: Sun, 22 Mar 2015 22:57:44 GMT
|
34
|
-
- request:
|
35
|
-
method: head
|
36
|
-
uri: http://my-server/file/
|
37
|
-
body:
|
38
|
-
encoding: US-ASCII
|
39
|
-
string: ''
|
40
|
-
headers:
|
41
|
-
Accept:
|
42
|
-
- ! '*/*'
|
43
|
-
User-Agent:
|
44
|
-
- Ruby
|
45
|
-
response:
|
46
|
-
status:
|
47
|
-
code: 200
|
48
|
-
message: ! 'OK '
|
49
|
-
headers:
|
50
|
-
Etag:
|
51
|
-
- 62e0b-184a-550f415e
|
52
|
-
Content-Type:
|
53
|
-
- text/html
|
54
|
-
Content-Length:
|
55
|
-
- '6218'
|
56
|
-
Last-Modified:
|
57
|
-
- Sun, 22 Mar 2015 22:25:34 GMT
|
58
|
-
Server:
|
59
|
-
- WEBrick/1.3.1 (Ruby/1.9.3/2013-11-22)
|
60
|
-
Date:
|
61
|
-
- Sun, 22 Mar 2015 22:57:44 GMT
|
62
|
-
Connection:
|
63
|
-
- Keep-Alive
|
64
|
-
body:
|
65
|
-
encoding: US-ASCII
|
66
|
-
string: ''
|
67
|
-
http_version:
|
68
|
-
recorded_at: Sun, 22 Mar 2015 22:57:44 GMT
|
69
|
-
- request:
|
70
|
-
method: head
|
71
|
-
uri: http://my-server/file/
|
72
|
-
body:
|
73
|
-
encoding: US-ASCII
|
74
|
-
string: ''
|
75
|
-
headers:
|
76
|
-
Accept:
|
77
|
-
- ! '*/*'
|
78
|
-
User-Agent:
|
79
|
-
- Ruby
|
80
|
-
response:
|
81
|
-
status:
|
82
|
-
code: 200
|
83
|
-
message: ! 'OK '
|
84
|
-
headers:
|
85
|
-
Etag:
|
86
|
-
- 62e0b-184a-550f415e
|
87
|
-
Content-Type:
|
88
|
-
- text/html
|
89
|
-
Content-Length:
|
90
|
-
- '6218'
|
91
|
-
Last-Modified:
|
92
|
-
- Sun, 22 Mar 2015 22:25:34 GMT
|
93
|
-
Server:
|
94
|
-
- WEBrick/1.3.1 (Ruby/1.9.3/2013-11-22)
|
95
|
-
Date:
|
96
|
-
- Sun, 22 Mar 2015 22:57:44 GMT
|
97
|
-
Connection:
|
98
|
-
- Keep-Alive
|
99
|
-
body:
|
100
|
-
encoding: US-ASCII
|
101
|
-
string: ''
|
102
|
-
http_version:
|
103
|
-
recorded_at: Sun, 22 Mar 2015 22:57:44 GMT
|
104
3
|
- request:
|
105
4
|
method: head
|
106
5
|
uri: http://my-server/file
|
@@ -169,7 +68,7 @@ http_interactions:
|
|
169
68
|
recorded_at: Sun, 22 Mar 2015 22:57:44 GMT
|
170
69
|
- request:
|
171
70
|
method: get
|
172
|
-
uri: http://my-server/file
|
71
|
+
uri: http://my-server/file
|
173
72
|
body:
|
174
73
|
encoding: US-ASCII
|
175
74
|
string: ''
|
@@ -0,0 +1,483 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
require 'puppet_spec/files'
|
3
|
+
require 'puppet_spec/puppetserver'
|
4
|
+
require 'puppet_spec/compiler'
|
5
|
+
require 'puppet_spec/https'
|
6
|
+
|
7
|
+
describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
|
8
|
+
include PuppetSpec::Files
|
9
|
+
include PuppetSpec::Compiler
|
10
|
+
include_context "https client"
|
11
|
+
|
12
|
+
let(:server) { PuppetSpec::Puppetserver.new }
|
13
|
+
let(:agent) { Puppet::Application[:agent] }
|
14
|
+
let(:node) { Puppet::Node.new(Puppet[:certname], environment: 'production')}
|
15
|
+
let(:formatter) { Puppet::Network::FormatHandler.format(:rich_data_json) }
|
16
|
+
|
17
|
+
context 'server_list' do
|
18
|
+
before :each do
|
19
|
+
Puppet[:log_level] = 'debug'
|
20
|
+
end
|
21
|
+
|
22
|
+
it "uses the first server in the list" do
|
23
|
+
Puppet[:server_list] = '127.0.0.1'
|
24
|
+
|
25
|
+
server.start_server do |port|
|
26
|
+
Puppet[:masterport] = port
|
27
|
+
expect {
|
28
|
+
expect {
|
29
|
+
agent.command_line.args << '--test'
|
30
|
+
agent.run
|
31
|
+
}.to exit_with(0)
|
32
|
+
}.to output(%r{HTTP GET https://127.0.0.1:#{port}/status/v1/simple/master returned 200 OK}).to_stdout
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
36
|
+
it "falls back, recording the first viable server in the report" do
|
37
|
+
Puppet[:server_list] = "puppet.example.com,#{Puppet[:server]}"
|
38
|
+
|
39
|
+
server.start_server do |port|
|
40
|
+
Puppet[:masterport] = port
|
41
|
+
expect {
|
42
|
+
expect {
|
43
|
+
agent.command_line.args << '--test'
|
44
|
+
agent.run
|
45
|
+
}.to exit_with(0)
|
46
|
+
}.to output(%r{Unable to connect to server from server_list setting: Request to https://puppet.example.com:#{port}/status/v1/simple/master failed}).to_stdout
|
47
|
+
|
48
|
+
report = Puppet::Transaction::Report.convert_from(:yaml, File.read(Puppet[:lastrunreport]))
|
49
|
+
expect(report.master_used).to eq("127.0.0.1:#{port}")
|
50
|
+
end
|
51
|
+
end
|
52
|
+
|
53
|
+
it "doesn't write a report if no servers could be contacted" do
|
54
|
+
Puppet[:server_list] = "puppet.example.com"
|
55
|
+
|
56
|
+
expect {
|
57
|
+
expect {
|
58
|
+
expect {
|
59
|
+
agent.command_line.args << '--test'
|
60
|
+
agent.run
|
61
|
+
}.to exit_with(1)
|
62
|
+
}.to output(%r{Unable to connect to server from server_list setting: Could not select a functional puppet master from server_list: 'puppet.example.com'}).to_stdout
|
63
|
+
}.to output(/Error: Could not run Puppet configuration client: Could not select a functional puppet master from server_list: 'puppet.example.com'/).to_stderr
|
64
|
+
|
65
|
+
# I'd expect puppet to update the last run report even if the server_list was
|
66
|
+
# exhausted, but it doesn't work that way currently, see PUP-6708
|
67
|
+
expect(File).to_not be_exist(Puppet[:lastrunreport])
|
68
|
+
end
|
69
|
+
|
70
|
+
it "omits master_used when not using server_list" do
|
71
|
+
server.start_server do |port|
|
72
|
+
Puppet[:masterport] = port
|
73
|
+
expect {
|
74
|
+
expect {
|
75
|
+
agent.command_line.args << '--test'
|
76
|
+
agent.run
|
77
|
+
}.to exit_with(0)
|
78
|
+
}.to output(%r{Resolved service 'puppet' to https://127.0.0.1:#{port}/puppet/v3}).to_stdout
|
79
|
+
end
|
80
|
+
|
81
|
+
report = Puppet::Transaction::Report.convert_from(:yaml, File.read(Puppet[:lastrunreport]))
|
82
|
+
expect(report.master_used).to be_nil
|
83
|
+
end
|
84
|
+
|
85
|
+
it "server_list takes precedence over server" do
|
86
|
+
Puppet[:server] = 'notvalid.example.com'
|
87
|
+
|
88
|
+
server.start_server do |port|
|
89
|
+
Puppet[:server_list] = "127.0.0.1:#{port}"
|
90
|
+
|
91
|
+
expect {
|
92
|
+
agent.command_line.args << '--test'
|
93
|
+
agent.run
|
94
|
+
}.to exit_with(0)
|
95
|
+
.and output(%r{Debug: Resolved service 'puppet' to https://127.0.0.1:#{port}/puppet/v3}).to_stdout
|
96
|
+
|
97
|
+
report = Puppet::Transaction::Report.convert_from(:yaml, File.read(Puppet[:lastrunreport]))
|
98
|
+
expect(report.master_used).to eq("127.0.0.1:#{port}")
|
99
|
+
end
|
100
|
+
end
|
101
|
+
end
|
102
|
+
|
103
|
+
context 'rich data' do
|
104
|
+
it "applies deferred values" do
|
105
|
+
catalog_handler = -> (req, res) {
|
106
|
+
catalog = compile_to_catalog(<<-MANIFEST, node)
|
107
|
+
notify { 'deferred':
|
108
|
+
message => Deferred('join', [[1,2,3], ':'])
|
109
|
+
}
|
110
|
+
MANIFEST
|
111
|
+
|
112
|
+
res.body = formatter.render(catalog)
|
113
|
+
res['Content-Type'] = formatter.mime
|
114
|
+
}
|
115
|
+
|
116
|
+
server.start_server(mounts: {catalog: catalog_handler}) do |port|
|
117
|
+
Puppet[:masterport] = port
|
118
|
+
expect {
|
119
|
+
expect {
|
120
|
+
agent.command_line.args << '--test'
|
121
|
+
agent.run
|
122
|
+
}.to exit_with(2)
|
123
|
+
}.to output(%r{Notice: /Stage\[main\]/Main/Notify\[deferred\]/message: defined 'message' as '1:2:3'}).to_stdout
|
124
|
+
end
|
125
|
+
end
|
126
|
+
|
127
|
+
it "redacts sensitive values" do
|
128
|
+
catalog_handler = -> (req, res) {
|
129
|
+
catalog = compile_to_catalog(<<-MANIFEST, node)
|
130
|
+
notify { 'sensitive':
|
131
|
+
message => Sensitive('supersecret')
|
132
|
+
}
|
133
|
+
MANIFEST
|
134
|
+
|
135
|
+
res.body = formatter.render(catalog)
|
136
|
+
res['Content-Type'] = formatter.mime
|
137
|
+
}
|
138
|
+
|
139
|
+
server.start_server(mounts: {catalog: catalog_handler}) do |port|
|
140
|
+
Puppet[:masterport] = port
|
141
|
+
expect {
|
142
|
+
expect {
|
143
|
+
agent.command_line.args << '--test'
|
144
|
+
agent.run
|
145
|
+
}.to exit_with(2)
|
146
|
+
}.to output(a_string_matching(
|
147
|
+
/Notice: Sensitive \[value redacted\]/
|
148
|
+
).and matching(
|
149
|
+
/Notify\[sensitive\]\/message: changed \[redacted\] to \[redacted\]/
|
150
|
+
)).to_stdout
|
151
|
+
end
|
152
|
+
end
|
153
|
+
|
154
|
+
it "applies binary data in a cached catalog" do
|
155
|
+
catalog = compile_to_catalog(<<-MANIFEST, node)
|
156
|
+
notify { 'some title':
|
157
|
+
message => Binary.new('aGk=')
|
158
|
+
}
|
159
|
+
MANIFEST
|
160
|
+
|
161
|
+
catalog_dir = File.join(Puppet[:client_datadir], 'catalog')
|
162
|
+
Puppet::FileSystem.mkpath(catalog_dir)
|
163
|
+
cached_catalog = "#{File.join(catalog_dir, Puppet[:certname])}.json"
|
164
|
+
File.write(cached_catalog, catalog.render(:rich_data_json))
|
165
|
+
|
166
|
+
expect {
|
167
|
+
Puppet[:report] = false
|
168
|
+
Puppet[:use_cached_catalog] = true
|
169
|
+
Puppet[:usecacheonfailure] = false
|
170
|
+
agent.command_line.args << '-t'
|
171
|
+
agent.run
|
172
|
+
}.to exit_with(2)
|
173
|
+
.and output(%r{defined 'message' as 'hi'}).to_stdout
|
174
|
+
end
|
175
|
+
end
|
176
|
+
|
177
|
+
context 'static catalogs' do
|
178
|
+
let(:path) { tmpfile('file') }
|
179
|
+
let(:metadata) { Puppet::FileServing::Metadata.new(path) }
|
180
|
+
let(:source) { "puppet:///modules/foo/foo.txt" }
|
181
|
+
|
182
|
+
before :each do
|
183
|
+
Puppet::FileSystem.touch(path)
|
184
|
+
|
185
|
+
metadata.collect
|
186
|
+
metadata.source = source
|
187
|
+
metadata.content_uri = "puppet:///modules/foo/files/foo.txt"
|
188
|
+
end
|
189
|
+
|
190
|
+
it 'uses inline file metadata to determine the file is insync' do
|
191
|
+
catalog_handler = -> (req, res) {
|
192
|
+
catalog = compile_to_catalog(<<-MANIFEST, node)
|
193
|
+
file { "#{path}":
|
194
|
+
ensure => file,
|
195
|
+
source => "#{source}"
|
196
|
+
}
|
197
|
+
MANIFEST
|
198
|
+
catalog.metadata = { path => metadata }
|
199
|
+
|
200
|
+
res.body = formatter.render(catalog)
|
201
|
+
res['Content-Type'] = formatter.mime
|
202
|
+
}
|
203
|
+
|
204
|
+
server.start_server(mounts: {catalog: catalog_handler}) do |port|
|
205
|
+
Puppet[:masterport] = port
|
206
|
+
expect {
|
207
|
+
expect {
|
208
|
+
agent.command_line.args << '--test'
|
209
|
+
agent.run
|
210
|
+
}.to exit_with(0)
|
211
|
+
}.to_not output(/content changed/).to_stdout
|
212
|
+
end
|
213
|
+
end
|
214
|
+
|
215
|
+
it 'retrieves file content using the content_uri from the inlined file metadata' do
|
216
|
+
# create file with binary content
|
217
|
+
binary_content = "\xC0\xFF".force_encoding('binary')
|
218
|
+
File.binwrite(path, binary_content)
|
219
|
+
|
220
|
+
# recollect metadata
|
221
|
+
metadata.collect
|
222
|
+
|
223
|
+
# overwrite local file so it is no longer in sync
|
224
|
+
File.binwrite(path, "")
|
225
|
+
|
226
|
+
catalog_handler = -> (req, res) {
|
227
|
+
catalog = compile_to_catalog(<<-MANIFEST, node)
|
228
|
+
file { "#{path}":
|
229
|
+
ensure => file,
|
230
|
+
source => "#{source}",
|
231
|
+
}
|
232
|
+
MANIFEST
|
233
|
+
catalog.metadata = { path => metadata }
|
234
|
+
|
235
|
+
res.body = formatter.render(catalog)
|
236
|
+
res['Content-Type'] = formatter.mime
|
237
|
+
}
|
238
|
+
|
239
|
+
static_file_content_handler = -> (req, res) {
|
240
|
+
res.body = binary_content
|
241
|
+
res['Content-Type'] = 'application/octet-stream'
|
242
|
+
}
|
243
|
+
|
244
|
+
mounts = {
|
245
|
+
catalog: catalog_handler,
|
246
|
+
static_file_content: static_file_content_handler
|
247
|
+
}
|
248
|
+
|
249
|
+
server.start_server(mounts: mounts) do |port|
|
250
|
+
Puppet[:masterport] = port
|
251
|
+
expect {
|
252
|
+
expect {
|
253
|
+
agent.command_line.args << '--test'
|
254
|
+
agent.run
|
255
|
+
}.to exit_with(2)
|
256
|
+
}.to output(/content changed '{md5}d41d8cd98f00b204e9800998ecf8427e' to '{md5}4cf49285ae567157ebfba72bd04ccf32'/).to_stdout
|
257
|
+
|
258
|
+
# verify puppet restored binary content
|
259
|
+
expect(File.binread(path)).to eq(binary_content)
|
260
|
+
end
|
261
|
+
end
|
262
|
+
end
|
263
|
+
|
264
|
+
context 'https file sources' do
|
265
|
+
let(:path) { tmpfile('https_file_source') }
|
266
|
+
let(:response_body) { "from https server" }
|
267
|
+
let(:digest) { Digest::SHA1.hexdigest(response_body) }
|
268
|
+
|
269
|
+
it 'rejects HTTPS servers whose root cert is not in the system CA store' do
|
270
|
+
unknown_ca_cert = cert_fixture('unknown-ca.pem')
|
271
|
+
https = PuppetSpec::HTTPSServer.new(
|
272
|
+
ca_cert: unknown_ca_cert,
|
273
|
+
server_cert: cert_fixture('unknown-127.0.0.1.pem'),
|
274
|
+
server_key: key_fixture('unknown-127.0.0.1-key.pem')
|
275
|
+
)
|
276
|
+
|
277
|
+
# create a temp cacert bundle
|
278
|
+
ssl_file = tmpfile('systemstore')
|
279
|
+
# add CA cert that is neither the puppet CA nor unknown CA
|
280
|
+
File.write(ssl_file, cert_fixture('netlock-arany-utf8.pem').to_pem)
|
281
|
+
|
282
|
+
https.start_server do |https_port|
|
283
|
+
catalog_handler = -> (req, res) {
|
284
|
+
catalog = compile_to_catalog(<<-MANIFEST, node)
|
285
|
+
file { "#{path}":
|
286
|
+
ensure => file,
|
287
|
+
backup => false,
|
288
|
+
checksum => sha1,
|
289
|
+
checksum_value => '#{digest}',
|
290
|
+
source => "https://127.0.0.1:#{https_port}/path/to/file"
|
291
|
+
}
|
292
|
+
MANIFEST
|
293
|
+
|
294
|
+
res.body = formatter.render(catalog)
|
295
|
+
res['Content-Type'] = formatter.mime
|
296
|
+
}
|
297
|
+
|
298
|
+
server.start_server(mounts: {catalog: catalog_handler}) do |puppetserver_port|
|
299
|
+
Puppet[:masterport] = puppetserver_port
|
300
|
+
|
301
|
+
# override path to system cacert bundle, this must be done before
|
302
|
+
# the SSLContext is created and the call to X509::Store.set_default_paths
|
303
|
+
Puppet::Util.withenv("SSL_CERT_FILE" => ssl_file) do
|
304
|
+
expect {
|
305
|
+
agent.command_line.args << '--test'
|
306
|
+
agent.run
|
307
|
+
}.to exit_with(4)
|
308
|
+
.and output(/Notice: Applied catalog/).to_stdout
|
309
|
+
.and output(%r{Error: Could not retrieve file metadata for https://127.0.0.1:#{https_port}/path/to/file: certificate verify failed}).to_stderr
|
310
|
+
end
|
311
|
+
|
312
|
+
expect(File).to_not be_exist(path)
|
313
|
+
end
|
314
|
+
end
|
315
|
+
end
|
316
|
+
|
317
|
+
it 'accepts HTTPS servers whose cert is in the system CA store' do
|
318
|
+
unknown_ca_cert = cert_fixture('unknown-ca.pem')
|
319
|
+
https = PuppetSpec::HTTPSServer.new(
|
320
|
+
ca_cert: unknown_ca_cert,
|
321
|
+
server_cert: cert_fixture('unknown-127.0.0.1.pem'),
|
322
|
+
server_key: key_fixture('unknown-127.0.0.1-key.pem')
|
323
|
+
)
|
324
|
+
|
325
|
+
# create a temp cacert bundle
|
326
|
+
ssl_file = tmpfile('systemstore')
|
327
|
+
File.write(ssl_file, unknown_ca_cert.to_pem)
|
328
|
+
|
329
|
+
response_proc = -> (req, res) {
|
330
|
+
res.status = 200
|
331
|
+
res.body = response_body
|
332
|
+
}
|
333
|
+
|
334
|
+
https.start_server(response_proc: response_proc) do |https_port|
|
335
|
+
catalog_handler = -> (req, res) {
|
336
|
+
catalog = compile_to_catalog(<<-MANIFEST, node)
|
337
|
+
file { "#{path}":
|
338
|
+
ensure => file,
|
339
|
+
backup => false,
|
340
|
+
checksum => sha1,
|
341
|
+
checksum_value => '#{digest}',
|
342
|
+
source => "https://127.0.0.1:#{https_port}/path/to/file"
|
343
|
+
}
|
344
|
+
MANIFEST
|
345
|
+
|
346
|
+
res.body = formatter.render(catalog)
|
347
|
+
res['Content-Type'] = formatter.mime
|
348
|
+
}
|
349
|
+
|
350
|
+
server.start_server(mounts: {catalog: catalog_handler}) do |puppetserver_port|
|
351
|
+
Puppet[:masterport] = puppetserver_port
|
352
|
+
|
353
|
+
# override path to system cacert bundle, this must be done before
|
354
|
+
# the SSLContext is created and the call to X509::Store.set_default_paths
|
355
|
+
Puppet::Util.withenv("SSL_CERT_FILE" => ssl_file) do
|
356
|
+
expect {
|
357
|
+
agent.command_line.args << '--test'
|
358
|
+
agent.run
|
359
|
+
}.to exit_with(2)
|
360
|
+
.and output(%r{https_file_source.*/ensure: created}).to_stdout
|
361
|
+
end
|
362
|
+
|
363
|
+
expect(File.binread(path)).to eq("from https server")
|
364
|
+
end
|
365
|
+
end
|
366
|
+
end
|
367
|
+
|
368
|
+
it 'accepts HTTPS servers whose cert is in the external CA store' do
|
369
|
+
unknown_ca_cert = cert_fixture('unknown-ca.pem')
|
370
|
+
https = PuppetSpec::HTTPSServer.new(
|
371
|
+
ca_cert: unknown_ca_cert,
|
372
|
+
server_cert: cert_fixture('unknown-127.0.0.1.pem'),
|
373
|
+
server_key: key_fixture('unknown-127.0.0.1-key.pem')
|
374
|
+
)
|
375
|
+
|
376
|
+
# create a temp cacert bundle
|
377
|
+
ssl_file = tmpfile('systemstore')
|
378
|
+
File.write(ssl_file, unknown_ca_cert.to_pem)
|
379
|
+
|
380
|
+
response_proc = -> (req, res) {
|
381
|
+
res.status = 200
|
382
|
+
res.body = response_body
|
383
|
+
}
|
384
|
+
|
385
|
+
https.start_server(response_proc: response_proc) do |https_port|
|
386
|
+
catalog_handler = -> (req, res) {
|
387
|
+
catalog = compile_to_catalog(<<-MANIFEST, node)
|
388
|
+
file { "#{path}":
|
389
|
+
ensure => file,
|
390
|
+
backup => false,
|
391
|
+
checksum => sha1,
|
392
|
+
checksum_value => '#{digest}',
|
393
|
+
source => "https://127.0.0.1:#{https_port}/path/to/file"
|
394
|
+
}
|
395
|
+
MANIFEST
|
396
|
+
|
397
|
+
res.body = formatter.render(catalog)
|
398
|
+
res['Content-Type'] = formatter.mime
|
399
|
+
}
|
400
|
+
|
401
|
+
server.start_server(mounts: {catalog: catalog_handler}) do |puppetserver_port|
|
402
|
+
Puppet[:masterport] = puppetserver_port
|
403
|
+
|
404
|
+
# set path to external cacert bundle, this must be done before
|
405
|
+
# the SSLContext is created
|
406
|
+
Puppet[:ssl_trust_store] = ssl_file
|
407
|
+
expect {
|
408
|
+
agent.command_line.args << '--test'
|
409
|
+
agent.run
|
410
|
+
}.to exit_with(2)
|
411
|
+
.and output(%r{https_file_source.*/ensure: created}).to_stdout
|
412
|
+
end
|
413
|
+
|
414
|
+
expect(File.binread(path)).to eq("from https server")
|
415
|
+
end
|
416
|
+
end
|
417
|
+
end
|
418
|
+
|
419
|
+
context 'multiple agents running' do
|
420
|
+
it "exits if an agent is already running" do
|
421
|
+
path = Puppet[:agent_catalog_run_lockfile]
|
422
|
+
|
423
|
+
th = Thread.new {
|
424
|
+
%x{ruby -e "$0 = 'puppet'; File.write('#{path}', Process.pid); sleep(2)"}
|
425
|
+
}
|
426
|
+
|
427
|
+
until File.exists?(path) && File.size(path) > 0 do
|
428
|
+
sleep 0.1
|
429
|
+
end
|
430
|
+
|
431
|
+
expect {
|
432
|
+
agent.command_line.args << '--test'
|
433
|
+
agent.run
|
434
|
+
}.to exit_with(1).and output(/Run of Puppet configuration client already in progress; skipping/).to_stdout
|
435
|
+
|
436
|
+
th.kill # kill thread so we don't wait too much
|
437
|
+
end
|
438
|
+
|
439
|
+
it "waits for other agent run to finish before starting" do
|
440
|
+
server.start_server do |port|
|
441
|
+
path = Puppet[:agent_catalog_run_lockfile]
|
442
|
+
Puppet[:masterport] = port
|
443
|
+
Puppet[:waitforlock] = 1
|
444
|
+
|
445
|
+
th = Thread.new {
|
446
|
+
%x{ruby -e "$0 = 'puppet'; File.write('#{path}', Process.pid); sleep(2)"}
|
447
|
+
}
|
448
|
+
|
449
|
+
until File.exists?(path) && File.size(path) > 0 do
|
450
|
+
sleep 0.1
|
451
|
+
end
|
452
|
+
|
453
|
+
expect {
|
454
|
+
agent.command_line.args << '--test'
|
455
|
+
agent.run
|
456
|
+
}.to exit_with(0).and output(/Info: Will try again in #{Puppet[:waitforlock]} seconds./).to_stdout
|
457
|
+
|
458
|
+
th.kill # kill thread so we don't wait too much
|
459
|
+
end
|
460
|
+
end
|
461
|
+
|
462
|
+
it "exits if maxwaitforlock is exceeded" do
|
463
|
+
path = Puppet[:agent_catalog_run_lockfile]
|
464
|
+
Puppet[:waitforlock] = 1
|
465
|
+
Puppet[:maxwaitforlock] = 0
|
466
|
+
|
467
|
+
th = Thread.new {
|
468
|
+
%x{ruby -e "$0 = 'puppet'; File.write('#{path}', Process.pid); sleep(2)"}
|
469
|
+
}
|
470
|
+
|
471
|
+
until File.exists?(path) && File.size(path) > 0 do
|
472
|
+
sleep 0.1
|
473
|
+
end
|
474
|
+
|
475
|
+
expect {
|
476
|
+
agent.command_line.args << '--test'
|
477
|
+
agent.run
|
478
|
+
}.to exit_with(1).and output(/Exiting now because the maxwaitforlock timeout has been exceeded./).to_stdout
|
479
|
+
|
480
|
+
th.kill # kill thread so we don't wait too much
|
481
|
+
end
|
482
|
+
end
|
483
|
+
end
|