puppet 6.13.0-universal-darwin → 6.18.0-universal-darwin
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CODEOWNERS +2 -7
- data/CONTRIBUTING.md +7 -13
- data/Gemfile +4 -2
- data/Gemfile.lock +36 -32
- data/README.md +17 -24
- data/ext/windows/service/daemon.rb +3 -3
- data/lib/puppet.rb +33 -9
- data/lib/puppet/agent.rb +20 -14
- data/lib/puppet/application/agent.rb +26 -17
- data/lib/puppet/application/apply.rb +18 -20
- data/lib/puppet/application/describe.rb +7 -5
- data/lib/puppet/application/device.rb +2 -2
- data/lib/puppet/application/filebucket.rb +19 -15
- data/lib/puppet/application/lookup.rb +16 -4
- data/lib/puppet/application/plugin.rb +1 -0
- data/lib/puppet/application/ssl.rb +4 -4
- data/lib/puppet/configurer.rb +58 -57
- data/lib/puppet/configurer/downloader.rb +31 -10
- data/lib/puppet/configurer/plugin_handler.rb +10 -1
- data/lib/puppet/confine.rb +2 -2
- data/lib/puppet/confine/any.rb +1 -1
- data/lib/puppet/context/trusted_information.rb +14 -8
- data/lib/puppet/daemon.rb +13 -27
- data/lib/puppet/defaults.rb +92 -12
- data/lib/puppet/environments.rb +4 -5
- data/lib/puppet/face/facts.rb +1 -1
- data/lib/puppet/face/help.rb +29 -3
- data/lib/puppet/face/module/search.rb +5 -0
- data/lib/puppet/face/plugin.rb +2 -2
- data/lib/puppet/feature/base.rb +1 -1
- data/lib/puppet/file_serving/http_metadata.rb +14 -2
- data/lib/puppet/file_serving/metadata.rb +4 -1
- data/lib/puppet/file_serving/mount/locales.rb +1 -2
- data/lib/puppet/file_serving/mount/pluginfacts.rb +1 -2
- data/lib/puppet/file_serving/mount/plugins.rb +1 -2
- data/lib/puppet/file_serving/terminus_selector.rb +7 -8
- data/lib/puppet/file_system/file_impl.rb +17 -13
- data/lib/puppet/file_system/uniquefile.rb +12 -16
- data/lib/puppet/forge.rb +1 -1
- data/lib/puppet/forge/cache.rb +1 -1
- data/lib/puppet/forge/repository.rb +4 -7
- data/lib/puppet/functions/call.rb +1 -1
- data/lib/puppet/functions/eyaml_lookup_key.rb +13 -8
- data/lib/puppet/functions/filter.rb +1 -0
- data/lib/puppet/functions/lstrip.rb +4 -4
- data/lib/puppet/functions/reduce.rb +2 -4
- data/lib/puppet/functions/reverse_each.rb +1 -1
- data/lib/puppet/functions/rstrip.rb +4 -4
- data/lib/puppet/functions/step.rb +1 -1
- data/lib/puppet/functions/strip.rb +4 -4
- data/lib/puppet/gettext/config.rb +5 -5
- data/lib/puppet/gettext/module_translations.rb +4 -4
- data/lib/puppet/http.rb +3 -0
- data/lib/puppet/http/client.rb +263 -73
- data/lib/puppet/http/external_client.rb +90 -0
- data/lib/puppet/http/redirector.rb +43 -7
- data/lib/puppet/http/resolver.rb +46 -3
- data/lib/puppet/http/resolver/server_list.rb +76 -16
- data/lib/puppet/http/resolver/settings.rb +23 -3
- data/lib/puppet/http/resolver/srv.rb +29 -3
- data/lib/puppet/http/response.rb +87 -1
- data/lib/puppet/http/retry_after_handler.rb +39 -0
- data/lib/puppet/http/service.rb +97 -12
- data/lib/puppet/http/service/ca.rb +76 -14
- data/lib/puppet/http/service/compiler.rb +249 -16
- data/lib/puppet/http/service/file_server.rb +141 -20
- data/lib/puppet/http/service/report.rb +47 -17
- data/lib/puppet/http/session.rb +96 -7
- data/lib/puppet/indirector.rb +1 -1
- data/lib/puppet/indirector/catalog/rest.rb +34 -0
- data/lib/puppet/indirector/exec.rb +1 -1
- data/lib/puppet/indirector/facts/facter.rb +3 -3
- data/lib/puppet/indirector/facts/rest.rb +42 -0
- data/lib/puppet/indirector/file_bucket_file/rest.rb +48 -0
- data/lib/puppet/indirector/file_content/http.rb +5 -0
- data/lib/puppet/indirector/file_content/rest.rb +30 -0
- data/lib/puppet/indirector/file_metadata/http.rb +28 -8
- data/lib/puppet/indirector/file_metadata/rest.rb +52 -0
- data/lib/puppet/indirector/hiera.rb +4 -0
- data/lib/puppet/indirector/indirection.rb +1 -1
- data/lib/puppet/indirector/node/rest.rb +24 -0
- data/lib/puppet/indirector/report/processor.rb +2 -2
- data/lib/puppet/indirector/report/rest.rb +19 -0
- data/lib/puppet/indirector/report/yaml.rb +23 -0
- data/lib/puppet/indirector/request.rb +1 -1
- data/lib/puppet/indirector/rest.rb +12 -0
- data/lib/puppet/indirector/status/rest.rb +18 -0
- data/lib/puppet/loaders.rb +6 -0
- data/lib/puppet/metatype/manager.rb +80 -80
- data/lib/puppet/module.rb +1 -2
- data/lib/puppet/network/format_support.rb +2 -2
- data/lib/puppet/network/http/api/indirected_routes.rb +1 -1
- data/lib/puppet/network/http/api/master/v3/environment.rb +3 -0
- data/lib/puppet/network/http/base_pool.rb +7 -2
- data/lib/puppet/network/http/compression.rb +7 -0
- data/lib/puppet/network/http/connection.rb +2 -0
- data/lib/puppet/network/http/connection_adapter.rb +184 -0
- data/lib/puppet/network/http/nocache_pool.rb +1 -0
- data/lib/puppet/network/http/pool.rb +8 -5
- data/lib/puppet/network/http/route.rb +2 -2
- data/lib/puppet/network/http_pool.rb +2 -1
- data/lib/puppet/node/environment.rb +22 -5
- data/lib/puppet/pal/catalog_compiler.rb +5 -0
- data/lib/puppet/pal/pal_impl.rb +30 -31
- data/lib/puppet/parameter.rb +1 -1
- data/lib/puppet/parser/ast/leaf.rb +5 -5
- data/lib/puppet/parser/ast/pops_bridge.rb +0 -4
- data/lib/puppet/parser/compiler.rb +43 -33
- data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +2 -0
- data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +2 -0
- data/lib/puppet/parser/environment_compiler.rb +4 -1
- data/lib/puppet/parser/functions.rb +18 -9
- data/lib/puppet/parser/functions/create_resources.rb +11 -7
- data/lib/puppet/parser/functions/filter.rb +1 -0
- data/lib/puppet/parser/resource.rb +3 -2
- data/lib/puppet/parser/resource/param.rb +6 -0
- data/lib/puppet/parser/type_loader.rb +2 -2
- data/lib/puppet/pops/adaptable.rb +7 -13
- data/lib/puppet/pops/adapters.rb +8 -4
- data/lib/puppet/pops/evaluator/evaluator_impl.rb +5 -5
- data/lib/puppet/pops/issues.rb +5 -0
- data/lib/puppet/pops/loader/runtime3_type_loader.rb +4 -2
- data/lib/puppet/pops/loaders.rb +24 -15
- data/lib/puppet/pops/lookup/context.rb +1 -1
- data/lib/puppet/pops/lookup/hiera_config.rb +14 -1
- data/lib/puppet/pops/resource/resource_type_impl.rb +2 -0
- data/lib/puppet/pops/types/iterable.rb +34 -8
- data/lib/puppet/pops/validation/checker4_0.rb +29 -15
- data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -0
- data/lib/puppet/provider/file/windows.rb +1 -1
- data/lib/puppet/provider/group/groupadd.rb +9 -4
- data/lib/puppet/provider/group/windows_adsi.rb +3 -3
- data/lib/puppet/provider/package/aix.rb +17 -2
- data/lib/puppet/provider/package/apt.rb +98 -1
- data/lib/puppet/provider/package/aptitude.rb +1 -1
- data/lib/puppet/provider/package/dnfmodule.rb +61 -14
- data/lib/puppet/provider/package/gem.rb +45 -9
- data/lib/puppet/provider/package/pacman.rb +2 -5
- data/lib/puppet/provider/package/pip.rb +143 -48
- data/lib/puppet/provider/package/pip3.rb +0 -2
- data/lib/puppet/provider/package/pkgdmg.rb +1 -1
- data/lib/puppet/provider/package/pkgng.rb +16 -4
- data/lib/puppet/provider/package/portage.rb +2 -2
- data/lib/puppet/provider/package/puppet_gem.rb +11 -2
- data/lib/puppet/provider/package/rpm.rb +6 -213
- data/lib/puppet/provider/package/yum.rb +100 -20
- data/lib/puppet/provider/package/zypper.rb +62 -1
- data/lib/puppet/provider/service/systemd.rb +22 -4
- data/lib/puppet/provider/service/windows.rb +23 -7
- data/lib/puppet/provider/user/aix.rb +1 -1
- data/lib/puppet/provider/user/user_role_add.rb +1 -1
- data/lib/puppet/provider/user/useradd.rb +16 -5
- data/lib/puppet/provider/user/windows_adsi.rb +18 -1
- data/lib/puppet/reports/http.rb +15 -9
- data/lib/puppet/resource.rb +2 -1
- data/lib/puppet/resource/type.rb +8 -0
- data/lib/puppet/resource/type_collection.rb +20 -16
- data/lib/puppet/runtime.rb +31 -1
- data/lib/puppet/settings.rb +3 -1
- data/lib/puppet/settings/http_extra_headers_setting.rb +25 -0
- data/lib/puppet/ssl.rb +1 -0
- data/lib/puppet/ssl/host.rb +4 -4
- data/lib/puppet/ssl/oids.rb +1 -0
- data/lib/puppet/ssl/ssl_context.rb +2 -2
- data/lib/puppet/ssl/ssl_provider.rb +20 -1
- data/lib/puppet/ssl/state_machine.rb +81 -35
- data/lib/puppet/ssl/validator/default_validator.rb +1 -1
- data/lib/puppet/ssl/verifier_adapter.rb +9 -1
- data/lib/puppet/test/test_helper.rb +21 -14
- data/lib/puppet/transaction.rb +2 -2
- data/lib/puppet/transaction/persistence.rb +1 -1
- data/lib/puppet/transaction/report.rb +3 -3
- data/lib/puppet/trusted_external.rb +29 -1
- data/lib/puppet/type.rb +21 -8
- data/lib/puppet/type/file.rb +51 -13
- data/lib/puppet/type/file/checksum.rb +4 -4
- data/lib/puppet/type/file/source.rb +75 -64
- data/lib/puppet/type/notify.rb +2 -2
- data/lib/puppet/type/package.rb +41 -3
- data/lib/puppet/type/service.rb +59 -8
- data/lib/puppet/type/user.rb +19 -29
- data/lib/puppet/util.rb +41 -3
- data/lib/puppet/util/at_fork.rb +1 -1
- data/lib/puppet/util/autoload.rb +13 -25
- data/lib/puppet/util/character_encoding.rb +9 -5
- data/lib/puppet/util/checksums.rb +19 -4
- data/lib/puppet/util/execution.rb +2 -2
- data/lib/puppet/util/fileparsing.rb +2 -2
- data/lib/puppet/util/instance_loader.rb +14 -10
- data/lib/puppet/util/log/destinations.rb +1 -10
- data/lib/puppet/util/package/version/debian.rb +175 -0
- data/lib/puppet/util/package/version/gem.rb +15 -0
- data/lib/puppet/util/package/version/pip.rb +167 -0
- data/lib/puppet/util/package/version/range.rb +53 -0
- data/lib/puppet/util/package/version/range/eq.rb +14 -0
- data/lib/puppet/util/package/version/range/gt.rb +14 -0
- data/lib/puppet/util/package/version/range/gt_eq.rb +14 -0
- data/lib/puppet/util/package/version/range/lt.rb +14 -0
- data/lib/puppet/util/package/version/range/lt_eq.rb +14 -0
- data/lib/puppet/util/package/version/range/min_max.rb +21 -0
- data/lib/puppet/util/package/version/range/simple.rb +11 -0
- data/lib/puppet/util/package/version/rpm.rb +73 -0
- data/lib/puppet/util/pidlock.rb +13 -7
- data/lib/puppet/util/platform.rb +5 -0
- data/lib/puppet/util/provider_features.rb +1 -1
- data/lib/puppet/util/reference.rb +1 -1
- data/lib/puppet/util/rpm_compare.rb +193 -0
- data/lib/puppet/util/windows.rb +1 -0
- data/lib/puppet/util/windows/adsi.rb +2 -2
- data/lib/puppet/util/windows/api_types.rb +60 -33
- data/lib/puppet/util/windows/eventlog.rb +1 -6
- data/lib/puppet/util/windows/monkey_patches/dir.rb +40 -0
- data/lib/puppet/util/windows/principal.rb +8 -6
- data/lib/puppet/util/windows/process.rb +15 -14
- data/lib/puppet/util/windows/registry.rb +11 -11
- data/lib/puppet/util/windows/security.rb +5 -4
- data/lib/puppet/util/windows/service.rb +43 -26
- data/lib/puppet/util/windows/sid.rb +3 -3
- data/lib/puppet/util/windows/user.rb +242 -8
- data/lib/puppet/version.rb +1 -1
- data/locales/puppet.pot +641 -511
- data/man/man5/puppet.conf.5 +75 -10
- data/man/man8/puppet-agent.8 +7 -7
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +2 -2
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +1 -1
- data/man/man8/puppet-filebucket.8 +17 -2
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +6 -3
- data/man/man8/puppet-key.8 +1 -1
- data/man/man8/puppet-lookup.8 +2 -2
- data/man/man8/puppet-man.8 +1 -1
- data/man/man8/puppet-module.8 +4 -1
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +2 -2
- data/man/man8/puppet-status.8 +1 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/integration/application/apply/environments/spec/modules/amod/lib/puppet/provider/applytest/applytest.rb +2 -0
- data/spec/fixtures/integration/application/apply/environments/spec/modules/amod/lib/puppet/type/applytest.rb +25 -0
- data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +67 -0
- data/spec/fixtures/ssl/unknown-127.0.0.1.pem +48 -0
- data/spec/fixtures/ssl/unknown-ca-key.pem +67 -0
- data/spec/fixtures/ssl/unknown-ca.pem +59 -0
- data/spec/fixtures/unit/forge/bacula-releases.json +128 -0
- data/spec/fixtures/unit/forge/bacula.tar.gz +0 -0
- data/spec/fixtures/unit/provider/package/dnfmodule/{dnf-module-list-installed.txt → dnf-module-list.txt} +8 -0
- data/spec/fixtures/unit/provider/package/pkgng/pkg.version +2 -0
- data/spec/fixtures/unit/provider/package/yum/yum-check-update-subscription-manager.txt +9 -0
- data/spec/fixtures/unit/provider/package/zypper/zypper-search-uninstalled.out +13 -0
- data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services +9 -0
- data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_md5/should_fetch_if_not_on_the_local_disk.yml +1 -67
- data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_md5/should_not_update_if_content_on_disk_is_up-to-date.yml +1 -69
- data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_md5/should_update_if_content_differs_on_disk.yml +1 -69
- data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_mtime/should_fetch_if_mtime_is_older_on_disk.yml +1 -67
- data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_mtime/should_fetch_if_no_header_specified.yml +1 -65
- data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_mtime/should_fetch_if_not_on_the_local_disk.yml +1 -67
- data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_mtime/should_not_update_if_mtime_is_newer_on_disk.yml +1 -67
- data/spec/integration/application/agent_spec.rb +475 -0
- data/spec/integration/application/apply_spec.rb +279 -150
- data/spec/integration/application/config_spec.rb +74 -0
- data/spec/integration/application/doc_spec.rb +16 -6
- data/spec/integration/application/filebucket_spec.rb +239 -0
- data/spec/integration/application/help_spec.rb +42 -0
- data/spec/integration/application/lookup_spec.rb +13 -0
- data/spec/integration/application/module_spec.rb +68 -0
- data/spec/integration/application/plugin_spec.rb +123 -0
- data/spec/integration/data_binding_spec.rb +82 -0
- data/spec/integration/defaults_spec.rb +1 -2
- data/spec/integration/directory_environments_spec.rb +17 -17
- data/spec/integration/http/client_spec.rb +47 -37
- data/spec/integration/indirector/facts/facter_spec.rb +8 -6
- data/spec/integration/indirector/report/yaml.rb +83 -0
- data/spec/integration/network/http_pool_spec.rb +93 -20
- data/spec/integration/node/environment_spec.rb +15 -0
- data/spec/integration/parser/compiler_spec.rb +11 -0
- data/spec/integration/type/file_spec.rb +1 -1
- data/spec/integration/util/execution_spec.rb +22 -0
- data/spec/integration/util/windows/adsi_spec.rb +6 -1
- data/spec/integration/util/windows/monkey_patches/dir_spec.rb +11 -0
- data/spec/integration/util/windows/process_spec.rb +26 -32
- data/spec/integration/util/windows/registry_spec.rb +7 -7
- data/spec/integration/util/windows/user_spec.rb +47 -5
- data/spec/integration/util_spec.rb +7 -33
- data/spec/lib/puppet/test_ca.rb +2 -2
- data/spec/lib/puppet_spec/https.rb +16 -7
- data/spec/lib/puppet_spec/matchers.rb +0 -80
- data/spec/lib/puppet_spec/puppetserver.rb +127 -0
- data/spec/shared_contexts/https.rb +29 -0
- data/spec/unit/agent_spec.rb +80 -26
- data/spec/unit/application/agent_spec.rb +12 -9
- data/spec/unit/application/describe_spec.rb +88 -50
- data/spec/unit/application/device_spec.rb +2 -2
- data/spec/unit/application/face_base_spec.rb +6 -4
- data/spec/unit/application/facts_spec.rb +39 -10
- data/spec/unit/application/filebucket_spec.rb +22 -2
- data/spec/unit/application/man_spec.rb +52 -0
- data/spec/unit/application/resource_spec.rb +3 -1
- data/spec/unit/application/ssl_spec.rb +15 -2
- data/spec/unit/configurer/downloader_spec.rb +10 -0
- data/spec/unit/configurer/fact_handler_spec.rb +4 -4
- data/spec/unit/configurer/plugin_handler_spec.rb +36 -19
- data/spec/unit/configurer_spec.rb +64 -46
- data/spec/unit/confine_spec.rb +2 -1
- data/spec/unit/context/trusted_information_spec.rb +25 -2
- data/spec/unit/daemon_spec.rb +5 -64
- data/spec/unit/defaults_spec.rb +24 -1
- data/spec/unit/environments_spec.rb +8 -0
- data/spec/unit/face/config_spec.rb +3 -1
- data/spec/unit/face/module/search_spec.rb +17 -0
- data/spec/unit/face/plugin_spec.rb +12 -10
- data/spec/unit/file_serving/http_metadata_spec.rb +37 -14
- data/spec/unit/file_serving/mount/locales_spec.rb +2 -2
- data/spec/unit/file_serving/mount/pluginfacts_spec.rb +2 -2
- data/spec/unit/file_serving/mount/plugins_spec.rb +2 -2
- data/spec/unit/file_serving/terminus_selector_spec.rb +45 -26
- data/spec/unit/file_system/uniquefile_spec.rb +29 -0
- data/spec/unit/file_system_spec.rb +10 -0
- data/spec/unit/functions/lookup_spec.rb +13 -0
- data/spec/unit/http/client_spec.rb +321 -36
- data/spec/unit/http/external_client_spec.rb +201 -0
- data/spec/unit/http/resolver_spec.rb +34 -3
- data/spec/unit/http/response_spec.rb +75 -0
- data/spec/unit/http/service/ca_spec.rb +53 -12
- data/spec/unit/http/service/compiler_spec.rb +332 -28
- data/spec/unit/http/service/file_server_spec.rb +100 -12
- data/spec/unit/http/service/report_spec.rb +19 -9
- data/spec/unit/http/service_spec.rb +94 -6
- data/spec/unit/http/session_spec.rb +159 -8
- data/spec/unit/indirector/catalog/compiler_spec.rb +1 -0
- data/spec/unit/indirector/catalog/rest_spec.rb +59 -2
- data/spec/unit/indirector/facts/rest_spec.rb +79 -24
- data/spec/unit/indirector/file_bucket_file/rest_spec.rb +82 -2
- data/spec/unit/indirector/file_content/rest_spec.rb +53 -2
- data/spec/unit/indirector/file_metadata/http_spec.rb +194 -0
- data/spec/unit/indirector/file_metadata/rest_spec.rb +110 -2
- data/spec/unit/indirector/node/rest_spec.rb +57 -2
- data/spec/unit/indirector/report/rest_spec.rb +58 -51
- data/spec/unit/indirector/request_spec.rb +1 -1
- data/spec/unit/indirector/resource/ral_spec.rb +7 -8
- data/spec/unit/indirector/rest_spec.rb +13 -0
- data/spec/unit/indirector/status/rest_spec.rb +43 -2
- data/spec/unit/interface_spec.rb +3 -3
- data/spec/unit/module_tool/tar/mini_spec.rb +20 -0
- data/spec/unit/network/format_support_spec.rb +3 -2
- data/spec/unit/network/http/api/indirected_routes_spec.rb +2 -1
- data/spec/unit/network/http/connection_spec.rb +552 -190
- data/spec/unit/network/http/nocache_pool_spec.rb +22 -0
- data/spec/unit/network/http/pool_spec.rb +59 -13
- data/spec/unit/network/http_pool_spec.rb +63 -57
- data/spec/unit/network/http_spec.rb +1 -1
- data/spec/unit/node/environment_spec.rb +33 -0
- data/spec/unit/parser/ast/block_expression_spec.rb +1 -1
- data/spec/unit/parser/environment_compiler_spec.rb +7 -0
- data/spec/unit/parser/scope_spec.rb +1 -1
- data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +15 -1
- data/spec/unit/pops/loaders/loaders_spec.rb +71 -1
- data/spec/unit/pops/lookup/lookup_spec.rb +25 -0
- data/spec/unit/pops/types/type_calculator_spec.rb +1 -11
- data/spec/unit/provider/group/groupadd_spec.rb +22 -8
- data/spec/unit/provider/group/windows_adsi_spec.rb +43 -10
- data/spec/unit/provider/package/aix_spec.rb +29 -0
- data/spec/unit/provider/package/apt_spec.rb +107 -0
- data/spec/unit/provider/package/aptitude_spec.rb +1 -0
- data/spec/unit/provider/package/dnfmodule_spec.rb +54 -15
- data/spec/unit/provider/package/gem_spec.rb +40 -0
- data/spec/unit/provider/package/pacman_spec.rb +6 -21
- data/spec/unit/provider/package/pip_spec.rb +68 -19
- data/spec/unit/provider/package/pkgdmg_spec.rb +1 -1
- data/spec/unit/provider/package/pkgng_spec.rb +38 -0
- data/spec/unit/provider/package/portage_spec.rb +5 -0
- data/spec/unit/provider/package/puppet_gem_spec.rb +12 -1
- data/spec/unit/provider/package/rpm_spec.rb +0 -212
- data/spec/unit/provider/package/yum_spec.rb +243 -1
- data/spec/unit/provider/package/zypper_spec.rb +98 -0
- data/spec/unit/provider/service/init_spec.rb +42 -0
- data/spec/unit/provider/service/openbsd_spec.rb +9 -0
- data/spec/unit/provider/service/openwrt_spec.rb +1 -0
- data/spec/unit/provider/service/redhat_spec.rb +9 -0
- data/spec/unit/provider/service/systemd_spec.rb +93 -18
- data/spec/unit/provider/service/windows_spec.rb +50 -14
- data/spec/unit/provider/user/openbsd_spec.rb +1 -0
- data/spec/unit/provider/user/useradd_spec.rb +30 -16
- data/spec/unit/provider/user/windows_adsi_spec.rb +85 -3
- data/spec/unit/puppet_pal_2pec.rb +11 -0
- data/spec/unit/puppet_pal_catalog_spec.rb +43 -0
- data/spec/unit/puppet_spec.rb +33 -0
- data/spec/unit/reports/http_spec.rb +70 -52
- data/spec/unit/reports/store_spec.rb +17 -13
- data/spec/unit/resource_spec.rb +3 -3
- data/spec/unit/settings/autosign_setting_spec.rb +1 -1
- data/spec/unit/settings/http_extra_headers_spec.rb +64 -0
- data/spec/unit/ssl/host_spec.rb +4 -2
- data/spec/unit/ssl/oids_spec.rb +1 -0
- data/spec/unit/ssl/ssl_provider_spec.rb +69 -43
- data/spec/unit/ssl/state_machine_spec.rb +99 -13
- data/spec/unit/test/test_helper_spec.rb +17 -0
- data/spec/unit/transaction/persistence_spec.rb +15 -0
- data/spec/unit/transaction/report_spec.rb +5 -1
- data/spec/unit/transaction_spec.rb +0 -2
- data/spec/unit/type/file/ensure_spec.rb +1 -2
- data/spec/unit/type/file/source_spec.rb +89 -38
- data/spec/unit/type/file_spec.rb +122 -96
- data/spec/unit/type/service_spec.rb +218 -8
- data/spec/unit/type/user_spec.rb +32 -3
- data/spec/unit/type_spec.rb +50 -0
- data/spec/unit/util/at_fork_spec.rb +3 -2
- data/spec/unit/util/autoload_spec.rb +2 -1
- data/spec/unit/util/character_encoding_spec.rb +4 -4
- data/spec/unit/util/checksums_spec.rb +16 -0
- data/spec/unit/util/command_line_spec.rb +11 -6
- data/spec/unit/util/log/destinations_spec.rb +1 -29
- data/spec/unit/util/package/version/debian_spec.rb +83 -0
- data/spec/unit/util/package/version/pip_spec.rb +464 -0
- data/spec/unit/util/package/version/range_spec.rb +175 -0
- data/spec/unit/util/package/version/rpm_spec.rb +121 -0
- data/spec/unit/util/pidlock_spec.rb +102 -54
- data/spec/unit/util/rpm_compare_spec.rb +196 -0
- data/spec/unit/util/windows/adsi_spec.rb +4 -4
- data/spec/unit/util/windows/api_types_spec.rb +104 -40
- data/spec/unit/util/windows/service_spec.rb +4 -4
- data/spec/unit/util/windows/sid_spec.rb +2 -2
- data/spec/unit/util_spec.rb +3 -3
- data/spec/unit/x509/cert_provider_spec.rb +1 -1
- data/tasks/generate_cert_fixtures.rake +15 -1
- data/tasks/manpages.rake +5 -35
- metadata +84 -52
- data/COMMITTERS.md +0 -244
- data/spec/integration/faces/config_spec.rb +0 -91
- data/spec/integration/faces/documentation_spec.rb +0 -57
- data/spec/integration/faces/plugin_spec.rb +0 -61
- data/spec/integration/file_bucket/file_spec.rb +0 -50
- data/spec/integration/file_serving/content_spec.rb +0 -7
- data/spec/integration/file_serving/fileset_spec.rb +0 -12
- data/spec/integration/file_serving/metadata_spec.rb +0 -8
- data/spec/integration/file_serving/terminus_helper_spec.rb +0 -20
- data/spec/integration/file_system/uniquefile_spec.rb +0 -26
- data/spec/integration/module_tool/forge_spec.rb +0 -64
- data/spec/integration/module_tool/tar/mini_spec.rb +0 -28
- data/spec/integration/provider/service/init_spec.rb +0 -48
- data/spec/integration/provider/service/systemd_spec.rb +0 -25
- data/spec/integration/provider/service/windows_spec.rb +0 -50
- data/spec/integration/reference/providers_spec.rb +0 -21
- data/spec/integration/reports_spec.rb +0 -13
- data/spec/integration/ssl/certificate_request_spec.rb +0 -44
- data/spec/integration/ssl/host_spec.rb +0 -72
- data/spec/integration/ssl/key_spec.rb +0 -99
- data/spec/integration/test/test_helper_spec.rb +0 -31
- data/spec/shared_behaviours/file_serving_model.rb +0 -51
- data/spec/unit/face/man_spec.rb +0 -25
- data/spec/unit/man_spec.rb +0 -31
data/lib/puppet/runtime.rb
CHANGED
@@ -1,14 +1,32 @@
|
|
1
1
|
require 'puppet/http'
|
2
2
|
require 'singleton'
|
3
3
|
|
4
|
+
# Provides access to runtime implementations.
|
5
|
+
#
|
6
|
+
# @api private
|
4
7
|
class Puppet::Runtime
|
5
8
|
include Singleton
|
6
9
|
|
7
10
|
def initialize
|
8
|
-
@runtime_services = {
|
11
|
+
@runtime_services = {
|
12
|
+
http: proc do
|
13
|
+
klass = Puppet::Network::HttpPool.http_client_class
|
14
|
+
if klass == Puppet::Network::HTTP::Connection ||
|
15
|
+
klass == Puppet::Network::HTTP::ConnectionAdapter
|
16
|
+
Puppet::HTTP::Client.new
|
17
|
+
else
|
18
|
+
Puppet::HTTP::ExternalClient.new(klass)
|
19
|
+
end
|
20
|
+
end
|
21
|
+
}
|
9
22
|
end
|
10
23
|
private :initialize
|
11
24
|
|
25
|
+
# Get a runtime implementation.
|
26
|
+
#
|
27
|
+
# @param name [Symbol] the name of the implementation
|
28
|
+
# @return [Object] the runtime implementation
|
29
|
+
# @api private
|
12
30
|
def [](name)
|
13
31
|
service = @runtime_services[name]
|
14
32
|
raise ArgumentError, "Unknown service #{name}" unless service
|
@@ -20,7 +38,19 @@ class Puppet::Runtime
|
|
20
38
|
end
|
21
39
|
end
|
22
40
|
|
41
|
+
# Register a runtime implementation.
|
42
|
+
#
|
43
|
+
# @param name [Symbol] the name of the implementation
|
44
|
+
# @param impl [Object] the runtime implementation
|
45
|
+
# @api private
|
23
46
|
def []=(name, impl)
|
24
47
|
@runtime_services[name] = impl
|
25
48
|
end
|
49
|
+
|
50
|
+
# Clears all implementations. This is used for testing.
|
51
|
+
#
|
52
|
+
# @api private
|
53
|
+
def clear
|
54
|
+
initialize
|
55
|
+
end
|
26
56
|
end
|
data/lib/puppet/settings.rb
CHANGED
@@ -30,6 +30,7 @@ class Puppet::Settings
|
|
30
30
|
require 'puppet/settings/value_translator'
|
31
31
|
require 'puppet/settings/environment_conf'
|
32
32
|
require 'puppet/settings/server_list_setting'
|
33
|
+
require 'puppet/settings/http_extra_headers_setting'
|
33
34
|
require 'puppet/settings/certificate_revocation_setting'
|
34
35
|
|
35
36
|
# local reference for convenience
|
@@ -727,6 +728,7 @@ class Puppet::Settings
|
|
727
728
|
:priority => PrioritySetting,
|
728
729
|
:autosign => AutosignSetting,
|
729
730
|
:server_list => ServerListSetting,
|
731
|
+
:http_extra_headers => HttpExtraHeadersSetting,
|
730
732
|
:certificate_revocation => CertificateRevocationSetting
|
731
733
|
}
|
732
734
|
|
@@ -1056,7 +1058,7 @@ Generated on #{Time.now}.
|
|
1056
1058
|
|
1057
1059
|
return if sections.empty?
|
1058
1060
|
|
1059
|
-
Puppet.debug
|
1061
|
+
Puppet.debug { "Applying settings catalog for sections #{sections.join(', ')}" }
|
1060
1062
|
|
1061
1063
|
begin
|
1062
1064
|
catalog = to_catalog(*sections).to_ral
|
@@ -0,0 +1,25 @@
|
|
1
|
+
class Puppet::Settings::HttpExtraHeadersSetting < Puppet::Settings::BaseSetting
|
2
|
+
|
3
|
+
def type
|
4
|
+
:http_extra_headers
|
5
|
+
end
|
6
|
+
|
7
|
+
def munge(headers)
|
8
|
+
return headers if headers.is_a?(Hash)
|
9
|
+
|
10
|
+
headers = headers.split(/\s*,\s*/) if headers.is_a?(String)
|
11
|
+
|
12
|
+
raise ArgumentError, _("Expected an Array, String, or Hash, got a %{klass}") % { klass: headers.class } unless headers.is_a?(Array)
|
13
|
+
|
14
|
+
headers.map! { |header|
|
15
|
+
case header
|
16
|
+
when String
|
17
|
+
header.split(':')
|
18
|
+
when Array
|
19
|
+
header
|
20
|
+
else
|
21
|
+
raise ArgumentError, _("Expected an Array or String, got a %{klass}") % { klass: header.class }
|
22
|
+
end
|
23
|
+
}
|
24
|
+
end
|
25
|
+
end
|
data/lib/puppet/ssl.rb
CHANGED
data/lib/puppet/ssl/host.rb
CHANGED
@@ -22,9 +22,9 @@ class Puppet::SSL::Host
|
|
22
22
|
|
23
23
|
attr_writer :key, :certificate, :certificate_request, :crl_usage
|
24
24
|
|
25
|
-
def self.localhost
|
25
|
+
def self.localhost(suppress_warning = false)
|
26
26
|
return @localhost if @localhost
|
27
|
-
@localhost = new
|
27
|
+
@localhost = new(nil, false, suppress_warning)
|
28
28
|
@localhost.generate unless @localhost.certificate
|
29
29
|
@localhost.key
|
30
30
|
@localhost
|
@@ -225,14 +225,14 @@ ERROR_STRING
|
|
225
225
|
end
|
226
226
|
private :validate_csr_with_key
|
227
227
|
|
228
|
-
def initialize(name = nil, device = false)
|
228
|
+
def initialize(name = nil, device = false, suppress_warning = false)
|
229
229
|
@name = (name || Puppet[:certname]).downcase
|
230
230
|
@device = device
|
231
231
|
Puppet::SSL::Base.validate_certname(@name)
|
232
232
|
@key = @certificate = @certificate_request = nil
|
233
233
|
@crl_usage = Puppet.settings[:certificate_revocation]
|
234
234
|
@crl_path = Puppet.settings[:hostcrl]
|
235
|
-
Puppet.deprecation_warning(_("Puppet::SSL::Host is deprecated and will be removed in a future release of Puppet."))
|
235
|
+
Puppet.deprecation_warning(_("Puppet::SSL::Host is deprecated and will be removed in a future release of Puppet.")) unless suppress_warning
|
236
236
|
end
|
237
237
|
|
238
238
|
# Extract the public key from the private key.
|
data/lib/puppet/ssl/oids.rb
CHANGED
@@ -61,6 +61,7 @@ module Puppet::SSL::Oids
|
|
61
61
|
["1.3.6.1.4.1.34380.1.1.23", 'pp_cloudplatform', 'Puppet Node Cloud Platform Name'],
|
62
62
|
["1.3.6.1.4.1.34380.1.1.24", 'pp_apptier', 'Puppet Node Application Tier'],
|
63
63
|
["1.3.6.1.4.1.34380.1.1.25", 'pp_hostname', 'Puppet Node Hostname'],
|
64
|
+
["1.3.6.1.4.1.34380.1.1.26", 'pp_owner', 'Puppet Node Owner'],
|
64
65
|
|
65
66
|
["1.3.6.1.4.1.34380.1.2", 'ppPrivCertExt', 'Puppet Private Certificate Extension'],
|
66
67
|
|
@@ -22,9 +22,9 @@ module Puppet::SSL
|
|
22
22
|
# This is an idiom to initialize a Struct from keyword
|
23
23
|
# arguments. Ruby 2.5 introduced `keyword_init: true` for
|
24
24
|
# that purpose, but we need to support older versions.
|
25
|
-
def initialize(
|
25
|
+
def initialize(kwargs = {})
|
26
26
|
super({})
|
27
|
-
DEFAULTS.merge(kwargs).each { |k,v| self[k] = v }
|
27
|
+
DEFAULTS.merge(**kwargs).each { |k,v| self[k] = v }
|
28
28
|
end
|
29
29
|
end
|
30
30
|
end
|
@@ -46,13 +46,32 @@ class Puppet::SSL::SSLProvider
|
|
46
46
|
# perform revocation checking.
|
47
47
|
#
|
48
48
|
# @param cacerts [Array<OpenSSL::X509::Certificate>] Array of trusted CA certs
|
49
|
+
# @param path [String, nil] A file containing additional trusted CA certs.
|
49
50
|
# @return [Puppet::SSL::SSLContext] A context to use to create connections
|
50
51
|
# @raise (see #create_context)
|
51
52
|
# @api private
|
52
|
-
def create_system_context(cacerts:)
|
53
|
+
def create_system_context(cacerts:, path: Puppet[:ssl_trust_store])
|
53
54
|
store = create_x509_store(cacerts, [], false)
|
54
55
|
store.set_default_paths
|
55
56
|
|
57
|
+
if path
|
58
|
+
stat = Puppet::FileSystem.stat(path)
|
59
|
+
if stat
|
60
|
+
if stat.ftype == 'file'
|
61
|
+
# don't add empty files as ruby/openssl will raise
|
62
|
+
if stat.size > 0
|
63
|
+
begin
|
64
|
+
store.add_file(path)
|
65
|
+
rescue => e
|
66
|
+
Puppet.err(_("Failed to add '%{path}' as a trusted CA file: %{detail}" % { path: path, detail: e.message }, e))
|
67
|
+
end
|
68
|
+
end
|
69
|
+
else
|
70
|
+
Puppet.warning(_("The 'ssl_trust_store' setting does not refer to a file and will be ignored: '%{path}'" % { path: path }))
|
71
|
+
end
|
72
|
+
end
|
73
|
+
end
|
74
|
+
|
56
75
|
Puppet::SSL::SSLContext.new(store: store, cacerts: cacerts, crls: [], revocation: false).freeze
|
57
76
|
end
|
58
77
|
|
@@ -45,7 +45,7 @@ class Puppet::SSL::StateMachine
|
|
45
45
|
next_ctx = @ssl_provider.create_root_context(cacerts: cacerts, revocation: false)
|
46
46
|
else
|
47
47
|
route = @machine.session.route_to(:ca, ssl_context: @ssl_context)
|
48
|
-
pem = route.get_certificate(Puppet::SSL::CA_NAME, ssl_context: @ssl_context)
|
48
|
+
_, pem = route.get_certificate(Puppet::SSL::CA_NAME, ssl_context: @ssl_context)
|
49
49
|
if @machine.ca_fingerprint
|
50
50
|
actual_digest = Puppet::SSL::Digest.new(@machine.digest, pem).to_hex
|
51
51
|
expected_digest = @machine.ca_fingerprint.scan(/../).join(':').upcase
|
@@ -146,7 +146,7 @@ class Puppet::SSL::StateMachine
|
|
146
146
|
|
147
147
|
def download_crl(ssl_ctx, last_update)
|
148
148
|
route = @machine.session.route_to(:ca, ssl_context: ssl_ctx)
|
149
|
-
pem = route.get_certificate_revocation_list(if_modified_since: last_update, ssl_context: ssl_ctx)
|
149
|
+
_, pem = route.get_certificate_revocation_list(if_modified_since: last_update, ssl_context: ssl_ctx)
|
150
150
|
crls = @cert_provider.load_crls_from_pem(pem)
|
151
151
|
# verify crls before saving
|
152
152
|
next_ctx = @ssl_provider.create_root_context(cacerts: ssl_ctx[:cacerts], crls: crls)
|
@@ -234,7 +234,7 @@ class Puppet::SSL::StateMachine
|
|
234
234
|
|
235
235
|
route = @machine.session.route_to(:ca, ssl_context: @ssl_context)
|
236
236
|
cert = OpenSSL::X509::Certificate.new(
|
237
|
-
route.get_certificate(Puppet[:certname], ssl_context: @ssl_context)
|
237
|
+
route.get_certificate(Puppet[:certname], ssl_context: @ssl_context)[1]
|
238
238
|
)
|
239
239
|
Puppet.info _("Downloaded certificate for %{name} from %{url}") % { name: Puppet[:certname], url: route.url }
|
240
240
|
# verify client cert before saving
|
@@ -278,16 +278,55 @@ class Puppet::SSL::StateMachine
|
|
278
278
|
else
|
279
279
|
Puppet.info(_("Will try again in %{time} seconds.") % {time: time})
|
280
280
|
|
281
|
+
# close persistent connections and session state before sleeping
|
282
|
+
Puppet.runtime[:http].close
|
283
|
+
@machine.session = Puppet.runtime[:http].create_session
|
284
|
+
|
285
|
+
@machine.unlock
|
281
286
|
Kernel.sleep(time)
|
287
|
+
NeedLock.new(@machine)
|
288
|
+
end
|
289
|
+
end
|
290
|
+
end
|
282
291
|
|
292
|
+
# Acquire the ssl lock or return LockFailure causing us to exit.
|
293
|
+
#
|
294
|
+
class NeedLock < SSLState
|
295
|
+
def initialize(machine)
|
296
|
+
super(machine, nil)
|
297
|
+
end
|
298
|
+
|
299
|
+
def next_state
|
300
|
+
if @machine.lock
|
283
301
|
# our ssl directory may have been cleaned while we were
|
284
302
|
# sleeping, start over from the top
|
285
|
-
@machine.session = Puppet.runtime['http'].create_session
|
286
303
|
NeedCACerts.new(@machine)
|
304
|
+
elsif @machine.waitforlock < 1
|
305
|
+
LockFailure.new(@machine, _("Another puppet instance is already running and the waitforlock setting is set to 0; exiting"))
|
306
|
+
elsif Time.now.to_i >= @machine.waitlock_deadline
|
307
|
+
LockFailure.new(@machine, _("Another puppet instance is already running and the maxwaitforlock timeout has been exceeded; exiting"))
|
308
|
+
else
|
309
|
+
Puppet.info _("Another puppet instance is already running; waiting for it to finish")
|
310
|
+
Puppet.info _("Will try again in %{time} seconds.") % {time: @machine.waitforlock}
|
311
|
+
Kernel.sleep @machine.waitforlock
|
312
|
+
|
313
|
+
# try again
|
314
|
+
self
|
287
315
|
end
|
288
316
|
end
|
289
317
|
end
|
290
318
|
|
319
|
+
# We failed to acquire the lock, so exit
|
320
|
+
#
|
321
|
+
class LockFailure < SSLState
|
322
|
+
attr_reader :message
|
323
|
+
|
324
|
+
def initialize(machine, message)
|
325
|
+
super(machine, nil)
|
326
|
+
@message = message
|
327
|
+
end
|
328
|
+
end
|
329
|
+
|
291
330
|
# We cannot make progress due to an error.
|
292
331
|
#
|
293
332
|
class Error < SSLState
|
@@ -310,7 +349,7 @@ class Puppet::SSL::StateMachine
|
|
310
349
|
#
|
311
350
|
class Done < SSLState; end
|
312
351
|
|
313
|
-
attr_reader :waitforcert, :wait_deadline, :cert_provider, :ssl_provider, :ca_fingerprint, :digest
|
352
|
+
attr_reader :waitforcert, :wait_deadline, :waitforlock, :waitlock_deadline, :cert_provider, :ssl_provider, :ca_fingerprint, :digest
|
314
353
|
attr_accessor :session
|
315
354
|
|
316
355
|
# Construct a state machine to manage the SSL initialization process. By
|
@@ -323,7 +362,12 @@ class Puppet::SSL::StateMachine
|
|
323
362
|
# then then state machine will exit instead of wait.
|
324
363
|
#
|
325
364
|
# @param waitforcert [Integer] how many seconds to wait between attempts
|
326
|
-
# @param
|
365
|
+
# @param maxwaitforcert [Integer] maximum amount of seconds to wait for the
|
366
|
+
# server to sign the certificate request
|
367
|
+
# @param waitforlock [Integer] how many seconds to wait between attempts for
|
368
|
+
# acquiring the ssl lock
|
369
|
+
# @param maxwaitforlock [Integer] maximum amount of seconds to wait for an
|
370
|
+
# already running process to release the ssl lock
|
327
371
|
# @param onetime [Boolean] whether to run onetime
|
328
372
|
# @param lockfile [Puppet::Util::Pidlock] lockfile to protect against
|
329
373
|
# concurrent modification by multiple processes
|
@@ -336,6 +380,8 @@ class Puppet::SSL::StateMachine
|
|
336
380
|
# downloaded CA bundle
|
337
381
|
def initialize(waitforcert: Puppet[:waitforcert],
|
338
382
|
maxwaitforcert: Puppet[:maxwaitforcert],
|
383
|
+
waitforlock: Puppet[:waitforlock],
|
384
|
+
maxwaitforlock: Puppet[:maxwaitforlock],
|
339
385
|
onetime: Puppet[:onetime],
|
340
386
|
cert_provider: Puppet::X509::CertProvider.new,
|
341
387
|
ssl_provider: Puppet::SSL::SSLProvider.new,
|
@@ -344,13 +390,15 @@ class Puppet::SSL::StateMachine
|
|
344
390
|
ca_fingerprint: Puppet[:ca_fingerprint])
|
345
391
|
@waitforcert = waitforcert
|
346
392
|
@wait_deadline = Time.now.to_i + maxwaitforcert
|
393
|
+
@waitforlock = waitforlock
|
394
|
+
@waitlock_deadline = Time.now.to_i + maxwaitforlock
|
347
395
|
@onetime = onetime
|
348
396
|
@cert_provider = cert_provider
|
349
397
|
@ssl_provider = ssl_provider
|
350
398
|
@lockfile = lockfile
|
351
399
|
@digest = digest
|
352
400
|
@ca_fingerprint = ca_fingerprint
|
353
|
-
@session = Puppet.runtime[
|
401
|
+
@session = Puppet.runtime[:http].create_session
|
354
402
|
end
|
355
403
|
|
356
404
|
# Run the state machine for CA certs and CRLs.
|
@@ -358,7 +406,7 @@ class Puppet::SSL::StateMachine
|
|
358
406
|
# @return [Puppet::SSL::SSLContext] initialized SSLContext
|
359
407
|
# @raise [Puppet::Error] If we fail to generate an SSLContext
|
360
408
|
def ensure_ca_certificates
|
361
|
-
final_state = run_machine(
|
409
|
+
final_state = run_machine(NeedLock.new(self), NeedKey)
|
362
410
|
final_state.ssl_context
|
363
411
|
end
|
364
412
|
|
@@ -367,7 +415,7 @@ class Puppet::SSL::StateMachine
|
|
367
415
|
# @return [Puppet::SSL::SSLContext] initialized SSLContext
|
368
416
|
# @raise [Puppet::Error] If we fail to generate an SSLContext
|
369
417
|
def ensure_client_certificate
|
370
|
-
final_state = run_machine(
|
418
|
+
final_state = run_machine(NeedLock.new(self), Done)
|
371
419
|
ssl_context = final_state.ssl_context
|
372
420
|
|
373
421
|
if Puppet::Util::Log.sendlevel?(:debug)
|
@@ -386,40 +434,38 @@ class Puppet::SSL::StateMachine
|
|
386
434
|
ssl_context
|
387
435
|
end
|
388
436
|
|
437
|
+
def lock
|
438
|
+
@lockfile.lock
|
439
|
+
end
|
440
|
+
|
441
|
+
def unlock
|
442
|
+
@lockfile.unlock
|
443
|
+
end
|
444
|
+
|
389
445
|
private
|
390
446
|
|
391
447
|
def run_machine(state, stop)
|
392
|
-
|
393
|
-
|
394
|
-
|
395
|
-
|
396
|
-
|
397
|
-
|
398
|
-
|
399
|
-
|
400
|
-
|
401
|
-
|
402
|
-
|
403
|
-
|
404
|
-
else
|
405
|
-
# fall through
|
448
|
+
loop do
|
449
|
+
state = run_step(state)
|
450
|
+
|
451
|
+
case state
|
452
|
+
when stop
|
453
|
+
break
|
454
|
+
when LockFailure
|
455
|
+
raise Puppet::Error, state.message
|
456
|
+
when Error
|
457
|
+
if @onetime
|
458
|
+
Puppet.log_exception(state.error)
|
459
|
+
raise state.error
|
406
460
|
end
|
461
|
+
else
|
462
|
+
# fall through
|
407
463
|
end
|
408
464
|
end
|
409
465
|
|
410
466
|
state
|
411
|
-
|
412
|
-
|
413
|
-
def with_lock
|
414
|
-
if @lockfile.lock
|
415
|
-
begin
|
416
|
-
yield
|
417
|
-
ensure
|
418
|
-
@lockfile.unlock
|
419
|
-
end
|
420
|
-
else
|
421
|
-
raise Puppet::Error, _('Another puppet instance is already running; exiting')
|
422
|
-
end
|
467
|
+
ensure
|
468
|
+
@lockfile.unlock if @lockfile.locked?
|
423
469
|
end
|
424
470
|
|
425
471
|
def run_step(state)
|
@@ -104,7 +104,7 @@ class Puppet::SSL::Validator::DefaultValidator #< class Puppet::SSL::Validator
|
|
104
104
|
crl = store_context.current_crl
|
105
105
|
if crl
|
106
106
|
if crl.last_update && crl.last_update < Time.now + FIVE_MINUTES_AS_SECONDS
|
107
|
-
Puppet.debug
|
107
|
+
Puppet.debug { "Ignoring CRL not yet valid, current time #{Time.now.utc}, CRL last updated #{crl.last_update.utc}" }
|
108
108
|
preverify_ok = true
|
109
109
|
else
|
110
110
|
@verify_errors << "#{error_string} for #{crl.issuer.to_utf8}"
|
@@ -6,10 +6,18 @@
|
|
6
6
|
# loaded above.
|
7
7
|
#
|
8
8
|
class Puppet::SSL::VerifierAdapter
|
9
|
-
attr_reader :validator
|
9
|
+
attr_reader :validator, :ssl_context
|
10
10
|
|
11
11
|
def initialize(validator)
|
12
12
|
@validator = validator
|
13
|
+
|
14
|
+
if validator.is_a?(Puppet::SSL::Validator::NoValidator)
|
15
|
+
ssl = Puppet::SSL::SSLProvider.new
|
16
|
+
@ssl_context = ssl.create_insecure_context
|
17
|
+
else
|
18
|
+
# nil means use the default SSLContext
|
19
|
+
@ssl_context = nil
|
20
|
+
end
|
13
21
|
end
|
14
22
|
|
15
23
|
# Return true if `self` is reusable with `verifier` meaning they
|
@@ -68,7 +68,14 @@ module Puppet::Test
|
|
68
68
|
# any individual tests.
|
69
69
|
# @return nil
|
70
70
|
def self.before_all_tests()
|
71
|
-
#
|
71
|
+
# The process environment is a shared, persistent resource.
|
72
|
+
# Can't use Puppet.features.microsoft_windows? as it may be mocked out in a test. This can cause test recurring test failures
|
73
|
+
if (!!File::ALT_SEPARATOR)
|
74
|
+
mode = :windows
|
75
|
+
else
|
76
|
+
mode = :posix
|
77
|
+
end
|
78
|
+
$old_env = Puppet::Util.get_environment(mode)
|
72
79
|
end
|
73
80
|
|
74
81
|
# Call this method once, at the end of a test run, when no more tests
|
@@ -113,20 +120,14 @@ module Puppet::Test
|
|
113
120
|
indirections = Puppet::Indirector::Indirection.send(:class_variable_get, :@@indirections)
|
114
121
|
indirections.each do |indirector|
|
115
122
|
$saved_indirection_state[indirector.name] = {
|
116
|
-
|
117
|
-
|
123
|
+
:@terminus_class => indirector.instance_variable_get(:@terminus_class).value,
|
124
|
+
:@cache_class => indirector.instance_variable_get(:@cache_class).value,
|
125
|
+
# dup the termini hash so termini created and registered during
|
126
|
+
# the test aren't stored in our saved_indirection_state
|
127
|
+
:@termini => indirector.instance_variable_get(:@termini).dup
|
118
128
|
}
|
119
129
|
end
|
120
130
|
|
121
|
-
# The process environment is a shared, persistent resource.
|
122
|
-
# Can't use Puppet.features.microsoft_windows? as it may be mocked out in a test. This can cause test recurring test failures
|
123
|
-
if (!!File::ALT_SEPARATOR)
|
124
|
-
mode = :windows
|
125
|
-
else
|
126
|
-
mode = :posix
|
127
|
-
end
|
128
|
-
$old_env = Puppet::Util.get_environment(mode)
|
129
|
-
|
130
131
|
# So is the load_path
|
131
132
|
$old_load_path = $LOAD_PATH.dup
|
132
133
|
|
@@ -136,10 +137,12 @@ module Puppet::Test
|
|
136
137
|
{
|
137
138
|
trusted_information:
|
138
139
|
Puppet::Context::TrustedInformation.new('local', 'testing', {}, { "trusted_testhelper" => true }),
|
139
|
-
ssl_context: Puppet::SSL::SSLContext.new(cacerts: []).freeze
|
140
|
+
ssl_context: Puppet::SSL::SSLContext.new(cacerts: []).freeze,
|
141
|
+
http_session: proc { Puppet.runtime[:http].create_session }
|
140
142
|
},
|
141
143
|
"Context for specs")
|
142
144
|
|
145
|
+
Puppet.runtime.clear
|
143
146
|
Puppet::Parser::Functions.reset
|
144
147
|
Puppet::Application.clear!
|
145
148
|
Puppet::Util::Profiler.clear
|
@@ -176,7 +179,11 @@ module Puppet::Test
|
|
176
179
|
indirections = Puppet::Indirector::Indirection.send(:class_variable_get, :@@indirections)
|
177
180
|
indirections.each do |indirector|
|
178
181
|
$saved_indirection_state.fetch(indirector.name, {}).each do |variable, value|
|
179
|
-
|
182
|
+
if variable == :@termini
|
183
|
+
indirector.instance_variable_set(variable, value)
|
184
|
+
else
|
185
|
+
indirector.instance_variable_get(variable).value = value
|
186
|
+
end
|
180
187
|
end
|
181
188
|
end
|
182
189
|
$saved_indirection_state = nil
|