puppet 6.14.0-universal-darwin → 6.15.0-universal-darwin
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Gemfile.lock +15 -15
- data/ext/windows/service/daemon.rb +3 -3
- data/lib/puppet.rb +1 -1
- data/lib/puppet/agent.rb +2 -10
- data/lib/puppet/application/agent.rb +2 -1
- data/lib/puppet/application/filebucket.rb +5 -14
- data/lib/puppet/application/ssl.rb +2 -2
- data/lib/puppet/configurer.rb +7 -3
- data/lib/puppet/configurer/plugin_handler.rb +1 -1
- data/lib/puppet/defaults.rb +22 -2
- data/lib/puppet/environments.rb +4 -5
- data/lib/puppet/face/plugin.rb +1 -1
- data/lib/puppet/file_system/file_impl.rb +13 -9
- data/lib/puppet/forge/repository.rb +1 -1
- data/lib/puppet/functions/call.rb +1 -1
- data/lib/puppet/functions/reduce.rb +2 -4
- data/lib/puppet/http.rb +2 -0
- data/lib/puppet/http/client.rb +191 -52
- data/lib/puppet/http/external_client.rb +96 -0
- data/lib/puppet/http/redirector.rb +34 -0
- data/lib/puppet/http/resolver.rb +46 -3
- data/lib/puppet/http/resolver/server_list.rb +75 -15
- data/lib/puppet/http/resolver/settings.rb +22 -2
- data/lib/puppet/http/resolver/srv.rb +28 -2
- data/lib/puppet/http/response.rb +63 -1
- data/lib/puppet/http/retry_after_handler.rb +39 -0
- data/lib/puppet/http/service.rb +67 -1
- data/lib/puppet/http/service/ca.rb +71 -9
- data/lib/puppet/http/service/compiler.rb +213 -11
- data/lib/puppet/http/service/file_server.rb +105 -4
- data/lib/puppet/http/service/report.rb +36 -3
- data/lib/puppet/http/session.rb +59 -8
- data/lib/puppet/indirector/catalog/rest.rb +2 -1
- data/lib/puppet/indirector/facts/rest.rb +2 -1
- data/lib/puppet/indirector/file_bucket_file/rest.rb +48 -0
- data/lib/puppet/indirector/file_metadata/rest.rb +4 -2
- data/lib/puppet/indirector/node/rest.rb +2 -1
- data/lib/puppet/indirector/report/yaml.rb +23 -0
- data/lib/puppet/indirector/status/rest.rb +2 -1
- data/lib/puppet/metatype/manager.rb +80 -80
- data/lib/puppet/network/http/base_pool.rb +6 -1
- data/lib/puppet/network/http/pool.rb +2 -4
- data/lib/puppet/network/http_pool.rb +1 -0
- data/lib/puppet/node/environment.rb +11 -1
- data/lib/puppet/pal/pal_impl.rb +1 -29
- data/lib/puppet/parser/compiler.rb +14 -7
- data/lib/puppet/parser/functions.rb +18 -13
- data/lib/puppet/pops/loaders.rb +7 -5
- data/lib/puppet/provider/group/windows_adsi.rb +3 -3
- data/lib/puppet/provider/package/apt.rb +61 -1
- data/lib/puppet/provider/package/dnfmodule.rb +39 -12
- data/lib/puppet/provider/package/gem.rb +41 -7
- data/lib/puppet/provider/package/pacman.rb +2 -5
- data/lib/puppet/provider/package/pip.rb +105 -33
- data/lib/puppet/provider/package/pip3.rb +0 -2
- data/lib/puppet/provider/package/pkgdmg.rb +1 -1
- data/lib/puppet/provider/package/pkgng.rb +16 -4
- data/lib/puppet/provider/package/puppet_gem.rb +6 -2
- data/lib/puppet/provider/package/rpm.rb +6 -213
- data/lib/puppet/provider/package/yum.rb +92 -19
- data/lib/puppet/provider/service/systemd.rb +2 -1
- data/lib/puppet/reports/http.rb +13 -11
- data/lib/puppet/resource/type_collection.rb +20 -16
- data/lib/puppet/ssl.rb +1 -0
- data/lib/puppet/ssl/host.rb +4 -4
- data/lib/puppet/ssl/oids.rb +1 -0
- data/lib/puppet/ssl/state_machine.rb +50 -33
- data/lib/puppet/transaction/report.rb +2 -2
- data/lib/puppet/type.rb +6 -1
- data/lib/puppet/type/file/source.rb +4 -2
- data/lib/puppet/type/package.rb +25 -2
- data/lib/puppet/type/user.rb +0 -19
- data/lib/puppet/util/at_fork.rb +1 -1
- data/lib/puppet/util/autoload.rb +3 -0
- data/lib/puppet/util/instance_loader.rb +14 -10
- data/lib/puppet/util/package/version/debian.rb +175 -0
- data/lib/puppet/util/package/version/gem.rb +15 -0
- data/lib/puppet/util/package/version/pip.rb +167 -0
- data/lib/puppet/util/package/version/range.rb +50 -0
- data/lib/puppet/util/package/version/range/gt.rb +14 -0
- data/lib/puppet/util/package/version/range/gt_eq.rb +14 -0
- data/lib/puppet/util/package/version/range/lt.rb +14 -0
- data/lib/puppet/util/package/version/range/lt_eq.rb +14 -0
- data/lib/puppet/util/package/version/range/min_max.rb +21 -0
- data/lib/puppet/util/package/version/range/simple.rb +11 -0
- data/lib/puppet/util/package/version/rpm.rb +73 -0
- data/lib/puppet/util/pidlock.rb +13 -7
- data/lib/puppet/util/platform.rb +5 -0
- data/lib/puppet/util/rpm_compare.rb +193 -0
- data/lib/puppet/util/windows/adsi.rb +2 -2
- data/lib/puppet/util/windows/process.rb +15 -14
- data/lib/puppet/util/windows/security.rb +1 -0
- data/lib/puppet/util/windows/sid.rb +3 -3
- data/lib/puppet/version.rb +1 -1
- data/locales/puppet.pot +207 -201
- data/man/man5/puppet.conf.5 +11 -3
- data/man/man8/puppet-agent.8 +1 -1
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +1 -1
- data/man/man8/puppet-filebucket.8 +1 -1
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-key.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-man.8 +1 -1
- data/man/man8/puppet-module.8 +1 -1
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +1 -1
- data/man/man8/puppet-status.8 +1 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +67 -0
- data/spec/fixtures/ssl/unknown-127.0.0.1.pem +48 -0
- data/spec/fixtures/ssl/unknown-ca-key.pem +67 -0
- data/spec/fixtures/ssl/unknown-ca.pem +59 -0
- data/spec/fixtures/unit/provider/package/dnfmodule/{dnf-module-list-installed.txt → dnf-module-list-enabled.txt} +2 -0
- data/spec/fixtures/unit/provider/package/pkgng/pkg.version +2 -0
- data/spec/fixtures/unit/provider/package/yum/yum-check-update-subscription-manager.txt +9 -0
- data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services +9 -0
- data/spec/integration/application/agent_spec.rb +329 -0
- data/spec/integration/application/apply_spec.rb +132 -3
- data/spec/integration/application/filebucket_spec.rb +190 -0
- data/spec/integration/application/plugin_spec.rb +50 -0
- data/spec/integration/http/client_spec.rb +34 -40
- data/spec/integration/indirector/report/yaml.rb +83 -0
- data/spec/integration/module_tool/forge_spec.rb +2 -15
- data/spec/integration/network/http_pool_spec.rb +11 -19
- data/spec/integration/node/environment_spec.rb +15 -0
- data/spec/integration/util/windows/adsi_spec.rb +1 -1
- data/spec/lib/puppet/test_ca.rb +2 -2
- data/spec/lib/puppet_spec/https.rb +10 -7
- data/spec/lib/puppet_spec/puppetserver.rb +119 -0
- data/spec/shared_contexts/https.rb +29 -0
- data/spec/unit/agent_spec.rb +33 -25
- data/spec/unit/application/agent_spec.rb +5 -1
- data/spec/unit/application/device_spec.rb +2 -2
- data/spec/unit/application/filebucket_spec.rb +22 -2
- data/spec/unit/configurer_spec.rb +1 -1
- data/spec/unit/defaults_spec.rb +24 -1
- data/spec/unit/environments_spec.rb +8 -0
- data/spec/unit/file_system_spec.rb +10 -0
- data/spec/unit/http/client_spec.rb +105 -46
- data/spec/unit/http/external_client_spec.rb +201 -0
- data/spec/unit/http/resolver_spec.rb +20 -0
- data/spec/unit/http/service/ca_spec.rb +25 -2
- data/spec/unit/http/service/compiler_spec.rb +184 -6
- data/spec/unit/http/service/file_server_spec.rb +35 -3
- data/spec/unit/http/service/report_spec.rb +3 -1
- data/spec/unit/http/service_spec.rb +3 -3
- data/spec/unit/http/session_spec.rb +56 -7
- data/spec/unit/indirector/file_bucket_file/rest_spec.rb +82 -2
- data/spec/unit/network/http/pool_spec.rb +3 -3
- data/spec/unit/node/environment_spec.rb +16 -0
- data/spec/unit/provider/group/windows_adsi_spec.rb +43 -10
- data/spec/unit/provider/package/apt_spec.rb +30 -0
- data/spec/unit/provider/package/dnfmodule_spec.rb +33 -14
- data/spec/unit/provider/package/gem_spec.rb +40 -0
- data/spec/unit/provider/package/pacman_spec.rb +6 -21
- data/spec/unit/provider/package/pip_spec.rb +26 -3
- data/spec/unit/provider/package/pkgdmg_spec.rb +1 -1
- data/spec/unit/provider/package/pkgng_spec.rb +38 -0
- data/spec/unit/provider/package/puppet_gem_spec.rb +8 -0
- data/spec/unit/provider/package/rpm_spec.rb +0 -212
- data/spec/unit/provider/package/yum_spec.rb +235 -1
- data/spec/unit/provider/service/systemd_spec.rb +10 -1
- data/spec/unit/provider/user/windows_adsi_spec.rb +3 -3
- data/spec/unit/puppet_pal_2pec.rb +0 -29
- data/spec/unit/reports/http_spec.rb +70 -52
- data/spec/unit/ssl/host_spec.rb +4 -2
- data/spec/unit/ssl/oids_spec.rb +1 -0
- data/spec/unit/ssl/state_machine_spec.rb +38 -6
- data/spec/unit/transaction/report_spec.rb +4 -0
- data/spec/unit/util/at_fork_spec.rb +2 -2
- data/spec/unit/util/package/version/debian_spec.rb +83 -0
- data/spec/unit/util/package/version/pip_spec.rb +464 -0
- data/spec/unit/util/package/version/range_spec.rb +154 -0
- data/spec/unit/util/package/version/rpm_spec.rb +121 -0
- data/spec/unit/util/pidlock_spec.rb +83 -47
- data/spec/unit/util/rpm_compare_spec.rb +196 -0
- data/spec/unit/util/windows/adsi_spec.rb +4 -4
- data/spec/unit/util/windows/sid_spec.rb +2 -2
- data/tasks/generate_cert_fixtures.rake +15 -1
- metadata +51 -6
- data/spec/integration/faces/plugin_spec.rb +0 -63
@@ -0,0 +1,59 @@
|
|
1
|
+
Certificate:
|
2
|
+
Data:
|
3
|
+
Version: 3 (0x2)
|
4
|
+
Serial Number: 0 (0x0)
|
5
|
+
Signature Algorithm: sha256WithRSAEncryption
|
6
|
+
Issuer: CN=Unknown CA
|
7
|
+
Validity
|
8
|
+
Not Before: Jan 1 00:00:00 1970 GMT
|
9
|
+
Not After : Mar 10 06:54:16 2030 GMT
|
10
|
+
Subject: CN=Unknown CA
|
11
|
+
Subject Public Key Info:
|
12
|
+
Public Key Algorithm: rsaEncryption
|
13
|
+
RSA Public-Key: (1024 bit)
|
14
|
+
Modulus:
|
15
|
+
00:c1:5e:5d:26:ae:73:17:5a:70:37:ac:42:25:ca:
|
16
|
+
05:10:86:17:23:6c:28:84:48:2a:4a:d4:b0:3a:2a:
|
17
|
+
d8:33:ae:58:67:6f:9b:4f:a6:b4:87:b1:ec:37:00:
|
18
|
+
69:8d:d5:cf:71:8a:96:e1:4a:f8:c8:81:36:f9:43:
|
19
|
+
ad:d8:d6:76:83:27:99:a4:48:17:c2:ef:9c:22:40:
|
20
|
+
4b:c6:58:21:88:e5:1d:37:79:4e:ba:31:e6:52:ec:
|
21
|
+
8c:23:ed:d6:ce:3b:58:ad:82:c7:ae:28:47:d4:e7:
|
22
|
+
cc:31:ac:78:c9:02:87:d0:b1:91:09:f6:1e:9a:c3:
|
23
|
+
4f:f6:5a:fe:a2:21:0e:c0:95
|
24
|
+
Exponent: 65537 (0x10001)
|
25
|
+
X509v3 extensions:
|
26
|
+
X509v3 Basic Constraints: critical
|
27
|
+
CA:TRUE
|
28
|
+
X509v3 Key Usage: critical
|
29
|
+
Certificate Sign, CRL Sign
|
30
|
+
X509v3 Subject Key Identifier:
|
31
|
+
E9:58:70:FE:F1:C1:AA:5A:70:7A:C1:02:11:1D:9A:F4:60:4F:70:76
|
32
|
+
Netscape Comment:
|
33
|
+
Puppet Server Internal Certificate
|
34
|
+
X509v3 Authority Key Identifier:
|
35
|
+
keyid:E9:58:70:FE:F1:C1:AA:5A:70:7A:C1:02:11:1D:9A:F4:60:4F:70:76
|
36
|
+
|
37
|
+
Signature Algorithm: sha256WithRSAEncryption
|
38
|
+
00:45:89:e8:68:a7:50:8c:92:84:3c:c4:e6:10:00:29:27:99:
|
39
|
+
c6:82:aa:aa:b5:0b:ef:97:58:bc:bb:e6:e7:93:7c:a7:ea:e5:
|
40
|
+
9a:61:1d:e3:4f:3f:f9:ac:c4:96:14:a5:1f:77:a6:01:dc:08:
|
41
|
+
15:9c:3f:66:29:92:80:49:e9:db:d9:22:fb:c3:86:bf:40:ab:
|
42
|
+
46:bf:c5:47:bb:c8:89:df:d4:ca:36:f5:08:c4:08:c6:0b:d6:
|
43
|
+
9e:8a:86:41:1e:7e:6f:a9:75:ef:8a:94:a9:fd:1a:9b:0f:55:
|
44
|
+
3a:55:e5:04:82:71:c3:47:78:62:8e:07:ed:dc:4e:ac:f9:33:
|
45
|
+
7b:27
|
46
|
+
-----BEGIN CERTIFICATE-----
|
47
|
+
MIICODCCAaGgAwIBAgIBADANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDApVbmtu
|
48
|
+
b3duIENBMB4XDTcwMDEwMTAwMDAwMFoXDTMwMDMxMDA2NTQxNlowFTETMBEGA1UE
|
49
|
+
AwwKVW5rbm93biBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwV5dJq5z
|
50
|
+
F1pwN6xCJcoFEIYXI2wohEgqStSwOirYM65YZ2+bT6a0h7HsNwBpjdXPcYqW4Ur4
|
51
|
+
yIE2+UOt2NZ2gyeZpEgXwu+cIkBLxlghiOUdN3lOujHmUuyMI+3WzjtYrYLHrihH
|
52
|
+
1OfMMax4yQKH0LGRCfYemsNP9lr+oiEOwJUCAwEAAaOBlzCBlDAPBgNVHRMBAf8E
|
53
|
+
BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU6Vhw/vHBqlpwesECER2a
|
54
|
+
9GBPcHYwMQYJYIZIAYb4QgENBCQWIlB1cHBldCBTZXJ2ZXIgSW50ZXJuYWwgQ2Vy
|
55
|
+
dGlmaWNhdGUwHwYDVR0jBBgwFoAU6Vhw/vHBqlpwesECER2a9GBPcHYwDQYJKoZI
|
56
|
+
hvcNAQELBQADgYEAAEWJ6GinUIyShDzE5hAAKSeZxoKqqrUL75dYvLvm55N8p+rl
|
57
|
+
mmEd408/+azElhSlH3emAdwIFZw/ZimSgEnp29ki+8OGv0CrRr/FR7vIid/Uyjb1
|
58
|
+
CMQIxgvWnoqGQR5+b6l174qUqf0amw9VOlXlBIJxw0d4Yo4H7dxOrPkzeyc=
|
59
|
+
-----END CERTIFICATE-----
|
@@ -1,10 +1,12 @@
|
|
1
1
|
localmirror-appstream
|
2
2
|
Name Stream Profiles Summary
|
3
|
+
389-ds 1.4 [e] 389 Directory Server (base)
|
3
4
|
gimp 2.8 [d][e] common [d], devel [i] gimp module
|
4
5
|
mariadb 10.3 [d][e] client [i], server [d], galera MariaDB Module
|
5
6
|
nodejs 10 [d][e] common [d], development, minimal [i], s2i Javascript runtime
|
6
7
|
perl 5.26 [d][e] common [d], minimal [i] Practical Extraction and Report Language
|
7
8
|
postgresql 10 [d][e] client, server [d] [i] PostgreSQL server and client module
|
9
|
+
ruby 2.5 [d][e] common [d] An interpreter of object-oriented scripting language
|
8
10
|
rust-toolset rhel8 [d][e] common [d] [i] Rust
|
9
11
|
subversion 1.10 [d][e] common [d], server [i] Apache Subversion
|
10
12
|
|
@@ -0,0 +1,9 @@
|
|
1
|
+
Loaded plugins: product-id, search-disabled-repos, subscription-manager
|
2
|
+
|
3
|
+
This system is not registered with an entitlement server. You can use subscription-manager to register on.
|
4
|
+
|
5
|
+
curl.i686 7.32.0-10.fc20 updates
|
6
|
+
curl.x86_64 7.32.0-10.fc20 updates
|
7
|
+
gawk.i686 4.1.0-3.fc20 updates
|
8
|
+
dhclient.i686 12:4.1.1-38.P1.fc20 updates
|
9
|
+
java-1.8.0-openjdk.x86_64 1:1.8.0.131-2.b11.el7_3 updates
|
@@ -5,3 +5,12 @@ autovt@.service disabled
|
|
5
5
|
avahi-daemon.service enabled
|
6
6
|
blk-availability.service disabled
|
7
7
|
brandbot.service static
|
8
|
+
apparmor.service bad
|
9
|
+
udev.service enabled-runtime
|
10
|
+
ufw.service linked
|
11
|
+
umountfs.service linked-runtime
|
12
|
+
umountnfs.service masked
|
13
|
+
umountroot.service masked-runtime
|
14
|
+
urandom.service indirect
|
15
|
+
user@.service generated
|
16
|
+
uuidd.service transient
|
@@ -0,0 +1,329 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
require 'puppet_spec/files'
|
3
|
+
require 'puppet_spec/puppetserver'
|
4
|
+
require 'puppet_spec/compiler'
|
5
|
+
require 'puppet_spec/https'
|
6
|
+
|
7
|
+
describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
|
8
|
+
include PuppetSpec::Files
|
9
|
+
include PuppetSpec::Compiler
|
10
|
+
include_context "https client"
|
11
|
+
|
12
|
+
let(:server) { PuppetSpec::Puppetserver.new }
|
13
|
+
let(:agent) { Puppet::Application[:agent] }
|
14
|
+
let(:node) { Puppet::Node.new(Puppet[:certname], environment: 'production')}
|
15
|
+
let(:formatter) { Puppet::Network::FormatHandler.format(:rich_data_json) }
|
16
|
+
|
17
|
+
context 'server_list' do
|
18
|
+
before :each do
|
19
|
+
Puppet[:log_level] = 'debug'
|
20
|
+
end
|
21
|
+
|
22
|
+
it "uses the first server in the list" do
|
23
|
+
Puppet[:server_list] = '127.0.0.1'
|
24
|
+
|
25
|
+
server.start_server do |port|
|
26
|
+
Puppet[:masterport] = port
|
27
|
+
expect {
|
28
|
+
expect {
|
29
|
+
agent.command_line.args << '--test'
|
30
|
+
agent.run
|
31
|
+
}.to exit_with(0)
|
32
|
+
}.to output(%r{HTTP GET https://127.0.0.1:#{port}/status/v1/simple/master returned 200 OK}).to_stdout
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
36
|
+
it "falls back, recording the first viable server in the report" do
|
37
|
+
Puppet[:server_list] = "puppet.example.com,#{Puppet[:server]}"
|
38
|
+
|
39
|
+
server.start_server do |port|
|
40
|
+
Puppet[:masterport] = port
|
41
|
+
expect {
|
42
|
+
expect {
|
43
|
+
agent.command_line.args << '--test'
|
44
|
+
agent.run
|
45
|
+
}.to exit_with(0)
|
46
|
+
}.to output(%r{Unable to connect to server from server_list setting: Request to https://puppet.example.com:#{port}/status/v1/simple/master failed}).to_stdout
|
47
|
+
|
48
|
+
report = Puppet::Transaction::Report.convert_from(:yaml, File.read(Puppet[:lastrunreport]))
|
49
|
+
expect(report.master_used).to eq("127.0.0.1:#{port}")
|
50
|
+
end
|
51
|
+
end
|
52
|
+
|
53
|
+
it "doesn't write a report if no servers could be contacted" do
|
54
|
+
Puppet[:server_list] = "puppet.example.com"
|
55
|
+
|
56
|
+
expect {
|
57
|
+
expect {
|
58
|
+
expect {
|
59
|
+
agent.command_line.args << '--test'
|
60
|
+
agent.run
|
61
|
+
}.to exit_with(1)
|
62
|
+
}.to output(%r{Unable to connect to server from server_list setting: Could not select a functional puppet master from server_list: 'puppet.example.com'}).to_stdout
|
63
|
+
}.to output(/Error: Could not run Puppet configuration client: Could not select a functional puppet master from server_list: 'puppet.example.com'/).to_stderr
|
64
|
+
|
65
|
+
# I'd expect puppet to update the last run report even if the server_list was
|
66
|
+
# exhausted, but it doesn't work that way currently, see PUP-6708
|
67
|
+
expect(File).to_not be_exist(Puppet[:lastrunreport])
|
68
|
+
end
|
69
|
+
|
70
|
+
it "omits master_used when not using server_list" do
|
71
|
+
server.start_server do |port|
|
72
|
+
Puppet[:masterport] = port
|
73
|
+
expect {
|
74
|
+
expect {
|
75
|
+
agent.command_line.args << '--test'
|
76
|
+
agent.run
|
77
|
+
}.to exit_with(0)
|
78
|
+
}.to output(%r{Resolved service 'puppet' to https://127.0.0.1:#{port}/puppet/v3}).to_stdout
|
79
|
+
end
|
80
|
+
|
81
|
+
report = Puppet::Transaction::Report.convert_from(:yaml, File.read(Puppet[:lastrunreport]))
|
82
|
+
expect(report.master_used).to be_nil
|
83
|
+
end
|
84
|
+
end
|
85
|
+
|
86
|
+
context 'rich data' do
|
87
|
+
it "applies deferred values" do
|
88
|
+
catalog_handler = -> (req, res) {
|
89
|
+
catalog = compile_to_catalog(<<-MANIFEST, node)
|
90
|
+
notify { 'deferred':
|
91
|
+
message => Deferred('join', [[1,2,3], ':'])
|
92
|
+
}
|
93
|
+
MANIFEST
|
94
|
+
|
95
|
+
res.body = formatter.render(catalog)
|
96
|
+
res['Content-Type'] = formatter.mime
|
97
|
+
}
|
98
|
+
|
99
|
+
server.start_server(mounts: {catalog: catalog_handler}) do |port|
|
100
|
+
Puppet[:masterport] = port
|
101
|
+
expect {
|
102
|
+
expect {
|
103
|
+
agent.command_line.args << '--test'
|
104
|
+
agent.run
|
105
|
+
}.to exit_with(2)
|
106
|
+
}.to output(%r{Notice: /Stage\[main\]/Main/Notify\[deferred\]/message: defined 'message' as '1:2:3'}).to_stdout
|
107
|
+
end
|
108
|
+
end
|
109
|
+
|
110
|
+
it "redacts sensitive values" do
|
111
|
+
catalog_handler = -> (req, res) {
|
112
|
+
catalog = compile_to_catalog(<<-MANIFEST, node)
|
113
|
+
notify { 'sensitive':
|
114
|
+
message => Sensitive('supersecret')
|
115
|
+
}
|
116
|
+
MANIFEST
|
117
|
+
|
118
|
+
res.body = formatter.render(catalog)
|
119
|
+
res['Content-Type'] = formatter.mime
|
120
|
+
}
|
121
|
+
|
122
|
+
server.start_server(mounts: {catalog: catalog_handler}) do |port|
|
123
|
+
Puppet[:masterport] = port
|
124
|
+
expect {
|
125
|
+
expect {
|
126
|
+
agent.command_line.args << '--test'
|
127
|
+
agent.run
|
128
|
+
}.to exit_with(2)
|
129
|
+
}.to output(a_string_matching(
|
130
|
+
/Notice: Sensitive \[value redacted\]/
|
131
|
+
).and matching(
|
132
|
+
/Notify\[sensitive\]\/message: changed \[redacted\] to \[redacted\]/
|
133
|
+
)).to_stdout
|
134
|
+
end
|
135
|
+
end
|
136
|
+
end
|
137
|
+
|
138
|
+
context 'static catalogs' do
|
139
|
+
let(:path) { tmpfile('file') }
|
140
|
+
let(:metadata) { Puppet::FileServing::Metadata.new(path) }
|
141
|
+
let(:source) { "puppet:///modules/foo/foo.txt" }
|
142
|
+
|
143
|
+
before :each do
|
144
|
+
Puppet::FileSystem.touch(path)
|
145
|
+
|
146
|
+
metadata.collect
|
147
|
+
metadata.source = source
|
148
|
+
metadata.content_uri = "puppet:///modules/foo/files/foo.txt"
|
149
|
+
end
|
150
|
+
|
151
|
+
it 'uses inline file metadata to determine the file is insync' do
|
152
|
+
catalog_handler = -> (req, res) {
|
153
|
+
catalog = compile_to_catalog(<<-MANIFEST, node)
|
154
|
+
file { "#{path}":
|
155
|
+
ensure => file,
|
156
|
+
source => "#{source}"
|
157
|
+
}
|
158
|
+
MANIFEST
|
159
|
+
catalog.metadata = { path => metadata }
|
160
|
+
|
161
|
+
res.body = formatter.render(catalog)
|
162
|
+
res['Content-Type'] = formatter.mime
|
163
|
+
}
|
164
|
+
|
165
|
+
server.start_server(mounts: {catalog: catalog_handler}) do |port|
|
166
|
+
Puppet[:masterport] = port
|
167
|
+
expect {
|
168
|
+
expect {
|
169
|
+
agent.command_line.args << '--test'
|
170
|
+
agent.run
|
171
|
+
}.to exit_with(0)
|
172
|
+
}.to_not output(/content changed/).to_stdout
|
173
|
+
end
|
174
|
+
end
|
175
|
+
|
176
|
+
it 'retrieves file content using the content_uri from the inlined file metadata' do
|
177
|
+
# create file with binary content
|
178
|
+
binary_content = "\xC0\xFF".force_encoding('binary')
|
179
|
+
File.binwrite(path, binary_content)
|
180
|
+
|
181
|
+
# recollect metadata
|
182
|
+
metadata.collect
|
183
|
+
|
184
|
+
# overwrite local file so it is no longer in sync
|
185
|
+
File.binwrite(path, "")
|
186
|
+
|
187
|
+
catalog_handler = -> (req, res) {
|
188
|
+
catalog = compile_to_catalog(<<-MANIFEST, node)
|
189
|
+
file { "#{path}":
|
190
|
+
ensure => file,
|
191
|
+
source => "#{source}",
|
192
|
+
}
|
193
|
+
MANIFEST
|
194
|
+
catalog.metadata = { path => metadata }
|
195
|
+
|
196
|
+
res.body = formatter.render(catalog)
|
197
|
+
res['Content-Type'] = formatter.mime
|
198
|
+
}
|
199
|
+
|
200
|
+
static_file_content_handler = -> (req, res) {
|
201
|
+
res.body = binary_content
|
202
|
+
res['Content-Type'] = 'application/octet-stream'
|
203
|
+
}
|
204
|
+
|
205
|
+
mounts = {
|
206
|
+
catalog: catalog_handler,
|
207
|
+
static_file_content: static_file_content_handler
|
208
|
+
}
|
209
|
+
|
210
|
+
server.start_server(mounts: mounts) do |port|
|
211
|
+
Puppet[:masterport] = port
|
212
|
+
expect {
|
213
|
+
expect {
|
214
|
+
agent.command_line.args << '--test'
|
215
|
+
agent.run
|
216
|
+
}.to exit_with(2)
|
217
|
+
}.to output(/content changed '{md5}d41d8cd98f00b204e9800998ecf8427e' to '{md5}4cf49285ae567157ebfba72bd04ccf32'/).to_stdout
|
218
|
+
|
219
|
+
# verify puppet restored binary content
|
220
|
+
expect(File.binread(path)).to eq(binary_content)
|
221
|
+
end
|
222
|
+
end
|
223
|
+
end
|
224
|
+
|
225
|
+
context 'https file sources' do
|
226
|
+
let(:path) { tmpfile('https_file_source') }
|
227
|
+
let(:response_body) { "from https server" }
|
228
|
+
let(:digest) { Digest::SHA1.hexdigest(response_body) }
|
229
|
+
|
230
|
+
it 'rejects HTTPS servers whose root cert is not in the system CA store' do
|
231
|
+
unknown_ca_cert = cert_fixture('unknown-ca.pem')
|
232
|
+
https = PuppetSpec::HTTPSServer.new(
|
233
|
+
ca_cert: unknown_ca_cert,
|
234
|
+
server_cert: cert_fixture('unknown-127.0.0.1.pem'),
|
235
|
+
server_key: key_fixture('unknown-127.0.0.1-key.pem')
|
236
|
+
)
|
237
|
+
|
238
|
+
# create a temp cacert bundle
|
239
|
+
ssl_file = tmpfile('systemstore')
|
240
|
+
# add CA cert that is neither the puppet CA nor unknown CA
|
241
|
+
File.write(ssl_file, cert_fixture('netlock-arany-utf8.pem').to_pem)
|
242
|
+
|
243
|
+
https.start_server do |https_port|
|
244
|
+
catalog_handler = -> (req, res) {
|
245
|
+
catalog = compile_to_catalog(<<-MANIFEST, node)
|
246
|
+
file { "#{path}":
|
247
|
+
ensure => file,
|
248
|
+
backup => false,
|
249
|
+
checksum => sha1,
|
250
|
+
checksum_value => '#{digest}',
|
251
|
+
source => "https://127.0.0.1:#{https_port}/path/to/file"
|
252
|
+
}
|
253
|
+
MANIFEST
|
254
|
+
|
255
|
+
res.body = formatter.render(catalog)
|
256
|
+
res['Content-Type'] = formatter.mime
|
257
|
+
}
|
258
|
+
|
259
|
+
server.start_server(mounts: {catalog: catalog_handler}) do |puppetserver_port|
|
260
|
+
Puppet[:masterport] = puppetserver_port
|
261
|
+
|
262
|
+
# override path to system cacert bundle, this must be done before
|
263
|
+
# the SSLContext is created and the call to X509::Store.set_default_paths
|
264
|
+
Puppet::Util.withenv("SSL_CERT_FILE" => ssl_file) do
|
265
|
+
expect {
|
266
|
+
agent.command_line.args << '--test'
|
267
|
+
agent.run
|
268
|
+
}.to exit_with(4)
|
269
|
+
.and output(/Notice: Applied catalog/).to_stdout
|
270
|
+
.and output(%r{Error: Could not retrieve file metadata for https://127.0.0.1:#{https_port}/path/to/file: .* certificate verify failed}).to_stderr
|
271
|
+
end
|
272
|
+
|
273
|
+
expect(File).to_not be_exist(path)
|
274
|
+
end
|
275
|
+
end
|
276
|
+
end
|
277
|
+
|
278
|
+
it 'accepts HTTPS servers whose cert is in the system CA store' do
|
279
|
+
unknown_ca_cert = cert_fixture('unknown-ca.pem')
|
280
|
+
https = PuppetSpec::HTTPSServer.new(
|
281
|
+
ca_cert: unknown_ca_cert,
|
282
|
+
server_cert: cert_fixture('unknown-127.0.0.1.pem'),
|
283
|
+
server_key: key_fixture('unknown-127.0.0.1-key.pem')
|
284
|
+
)
|
285
|
+
|
286
|
+
# create a temp cacert bundle
|
287
|
+
ssl_file = tmpfile('systemstore')
|
288
|
+
File.write(ssl_file, unknown_ca_cert.to_pem)
|
289
|
+
|
290
|
+
response_proc = -> (req, res) {
|
291
|
+
res.status = 200
|
292
|
+
res.body = response_body
|
293
|
+
}
|
294
|
+
|
295
|
+
https.start_server(response_proc: response_proc) do |https_port|
|
296
|
+
catalog_handler = -> (req, res) {
|
297
|
+
catalog = compile_to_catalog(<<-MANIFEST, node)
|
298
|
+
file { "#{path}":
|
299
|
+
ensure => file,
|
300
|
+
backup => false,
|
301
|
+
checksum => sha1,
|
302
|
+
checksum_value => '#{digest}',
|
303
|
+
source => "https://127.0.0.1:#{https_port}/path/to/file"
|
304
|
+
}
|
305
|
+
MANIFEST
|
306
|
+
|
307
|
+
res.body = formatter.render(catalog)
|
308
|
+
res['Content-Type'] = formatter.mime
|
309
|
+
}
|
310
|
+
|
311
|
+
server.start_server(mounts: {catalog: catalog_handler}) do |puppetserver_port|
|
312
|
+
Puppet[:masterport] = puppetserver_port
|
313
|
+
|
314
|
+
# override path to system cacert bundle, this must be done before
|
315
|
+
# the SSLContext is created and the call to X509::Store.set_default_paths
|
316
|
+
Puppet::Util.withenv("SSL_CERT_FILE" => ssl_file) do
|
317
|
+
expect {
|
318
|
+
agent.command_line.args << '--test'
|
319
|
+
agent.run
|
320
|
+
}.to exit_with(2)
|
321
|
+
.and output(%r{https_file_source.*/ensure: created}).to_stdout
|
322
|
+
end
|
323
|
+
|
324
|
+
expect(File.binread(path)).to eq("from https server")
|
325
|
+
end
|
326
|
+
end
|
327
|
+
end
|
328
|
+
end
|
329
|
+
end
|
@@ -1,8 +1,9 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
require 'puppet_spec/files'
|
3
3
|
require 'puppet_spec/compiler'
|
4
|
+
require 'puppet_spec/https'
|
4
5
|
|
5
|
-
describe "apply" do
|
6
|
+
describe "apply", unless: Puppet::Util::Platform.jruby? do
|
6
7
|
include PuppetSpec::Files
|
7
8
|
|
8
9
|
before :each do
|
@@ -257,7 +258,7 @@ end
|
|
257
258
|
expect(@logs.map(&:to_s)).to include(/{environment =>.*/)
|
258
259
|
end
|
259
260
|
|
260
|
-
it "applies a given file even when an ENC is configured", :unless => Puppet::Util::Platform.windows? ||
|
261
|
+
it "applies a given file even when an ENC is configured", :unless => Puppet::Util::Platform.windows? || Puppet::Util::Platform.jruby? do
|
261
262
|
manifest = file_containing("manifest.pp", "notice('specific manifest applied')")
|
262
263
|
enc = script_containing('enc_script',
|
263
264
|
:windows => '@echo classes: []' + "\n" + '@echo environment: special',
|
@@ -378,7 +379,7 @@ end
|
|
378
379
|
# External node script execution will fail, likely due to the tampering
|
379
380
|
# with the basic file descriptors.
|
380
381
|
# Workaround: Define a log destination and merely inspect logs.
|
381
|
-
context "with an ENC"
|
382
|
+
context "with an ENC" do
|
382
383
|
let(:logdest) { tmpfile('logdest') }
|
383
384
|
let(:args) { ['-e', execute, '--logdest', logdest ] }
|
384
385
|
let(:enc) do
|
@@ -534,4 +535,132 @@ class amod::bad_type {
|
|
534
535
|
end
|
535
536
|
end
|
536
537
|
end
|
538
|
+
|
539
|
+
context 'puppet file sources' do
|
540
|
+
let(:env_name) { 'dev' }
|
541
|
+
let(:env_dir) { File.join(Puppet[:environmentpath], env_name) }
|
542
|
+
let(:env) { Puppet::Node::Environment.create(env_name.to_sym, [File.join(env_dir, 'modules')]) }
|
543
|
+
let(:node) { Puppet::Node.new(Puppet[:certname], environment: environment) }
|
544
|
+
let(:apply) { Puppet::Application[:apply] }
|
545
|
+
|
546
|
+
before :each do
|
547
|
+
Puppet[:environment] = env_name
|
548
|
+
Puppet::FileSystem.mkpath(env_dir)
|
549
|
+
end
|
550
|
+
|
551
|
+
it "recursively copies a directory from a module" do
|
552
|
+
dir = File.join(env.full_modulepath, 'amod', 'files', 'dir1', 'dir2')
|
553
|
+
Puppet::FileSystem.mkpath(dir)
|
554
|
+
File.write(File.join(dir, 'file'), 'content from the module')
|
555
|
+
|
556
|
+
base_dir = tmpdir('apply_spec_base')
|
557
|
+
manifest = file_containing("manifest.pp", <<-MANIFEST)
|
558
|
+
file { "#{base_dir}/dir1":
|
559
|
+
ensure => file,
|
560
|
+
source => "puppet:///modules/amod/dir1",
|
561
|
+
recurse => true,
|
562
|
+
}
|
563
|
+
MANIFEST
|
564
|
+
|
565
|
+
expect {
|
566
|
+
apply.command_line.args << manifest
|
567
|
+
apply.run
|
568
|
+
}.to exit_with(0)
|
569
|
+
.and output(a_string_matching(
|
570
|
+
/dir1\]\/ensure: created/
|
571
|
+
).and matching(
|
572
|
+
/dir1\/dir2\]\/ensure: created/
|
573
|
+
).and matching(
|
574
|
+
/dir1\/dir2\/file\]\/ensure: defined content as '{md5}51f37efb13c3a1e486106f90db6490a5'/
|
575
|
+
)).to_stdout
|
576
|
+
|
577
|
+
dest_file = File.join(base_dir, 'dir1', 'dir2', 'file')
|
578
|
+
expect(File.read(dest_file)).to eq("content from the module")
|
579
|
+
end
|
580
|
+
end
|
581
|
+
|
582
|
+
context 'http report processor' do
|
583
|
+
include_context 'https client'
|
584
|
+
|
585
|
+
before :each do
|
586
|
+
Puppet[:reports] = 'http'
|
587
|
+
end
|
588
|
+
|
589
|
+
let(:apply) { Puppet::Application[:apply] }
|
590
|
+
let(:unknown_server) do
|
591
|
+
unknown_ca_cert = cert_fixture('unknown-ca.pem')
|
592
|
+
PuppetSpec::HTTPSServer.new(
|
593
|
+
ca_cert: unknown_ca_cert,
|
594
|
+
server_cert: cert_fixture('unknown-127.0.0.1.pem'),
|
595
|
+
server_key: key_fixture('unknown-127.0.0.1-key.pem')
|
596
|
+
)
|
597
|
+
end
|
598
|
+
|
599
|
+
it 'submits a report via reporturl' do
|
600
|
+
report = nil
|
601
|
+
|
602
|
+
response_proc = -> (req, res) {
|
603
|
+
report = Puppet::Transaction::Report.convert_from(:yaml, req.body)
|
604
|
+
}
|
605
|
+
|
606
|
+
https = PuppetSpec::HTTPSServer.new
|
607
|
+
https.start_server(response_proc: response_proc) do |https_port|
|
608
|
+
Puppet[:reporturl] = "https://127.0.0.1:#{https_port}/reports/upload"
|
609
|
+
|
610
|
+
expect {
|
611
|
+
apply.command_line.args = ['-e', 'notify { "hi": }']
|
612
|
+
apply.run
|
613
|
+
}.to exit_with(0)
|
614
|
+
.and output(/Applied catalog/).to_stdout
|
615
|
+
|
616
|
+
expect(report).to be_a(Puppet::Transaction::Report)
|
617
|
+
expect(report.resource_statuses['Notify[hi]']).to be_a(Puppet::Resource::Status)
|
618
|
+
end
|
619
|
+
end
|
620
|
+
|
621
|
+
it 'rejects an HTTPS report server whose root cert is not the puppet CA' do
|
622
|
+
unknown_server.start_server do |https_port|
|
623
|
+
Puppet[:reporturl] = "https://127.0.0.1:#{https_port}/reports/upload"
|
624
|
+
|
625
|
+
# processing the report happens after the transaction is finished,
|
626
|
+
# so we expect exit code 0, with a later failure on stderr
|
627
|
+
expect {
|
628
|
+
apply.command_line.args = ['-e', 'notify { "hi": }']
|
629
|
+
apply.run
|
630
|
+
}.to exit_with(0)
|
631
|
+
.and output(/Applied catalog/).to_stdout
|
632
|
+
.and output(/Report processor failed: certificate verify failed \[self signed certificate in certificate chain for CN=Unknown CA\]/).to_stderr
|
633
|
+
end
|
634
|
+
end
|
635
|
+
|
636
|
+
it 'accepts an HTTPS report servers whose cert is in the system CA store' do
|
637
|
+
Puppet[:report_include_system_store] = true
|
638
|
+
report = nil
|
639
|
+
|
640
|
+
response_proc = -> (req, res) {
|
641
|
+
report = Puppet::Transaction::Report.convert_from(:yaml, req.body)
|
642
|
+
}
|
643
|
+
|
644
|
+
# create a temp cacert bundle
|
645
|
+
ssl_file = tmpfile('systemstore')
|
646
|
+
File.write(ssl_file, unknown_server.ca_cert.to_pem)
|
647
|
+
|
648
|
+
unknown_server.start_server(response_proc: response_proc) do |https_port|
|
649
|
+
Puppet[:reporturl] = "https://127.0.0.1:#{https_port}/reports/upload"
|
650
|
+
|
651
|
+
# override path to system cacert bundle, this must be done before
|
652
|
+
# the SSLContext is created and the call to X509::Store.set_default_paths
|
653
|
+
Puppet::Util.withenv("SSL_CERT_FILE" => ssl_file) do
|
654
|
+
expect {
|
655
|
+
apply.command_line.args = ['-e', 'notify { "hi": }']
|
656
|
+
apply.run
|
657
|
+
}.to exit_with(0)
|
658
|
+
.and output(/Applied catalog/).to_stdout
|
659
|
+
end
|
660
|
+
|
661
|
+
expect(report).to be_a(Puppet::Transaction::Report)
|
662
|
+
expect(report.resource_statuses['Notify[hi]']).to be_a(Puppet::Resource::Status)
|
663
|
+
end
|
664
|
+
end
|
665
|
+
end
|
537
666
|
end
|