puppet 6.14.0-x64-mingw32 → 6.19.0-x64-mingw32

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of puppet might be problematic. Click here for more details.

Files changed (496) hide show
  1. checksums.yaml +4 -4
  2. data/CODEOWNERS +2 -7
  3. data/Gemfile +4 -2
  4. data/Gemfile.lock +36 -34
  5. data/README.md +3 -4
  6. data/Rakefile +4 -12
  7. data/ext/windows/service/daemon.rb +3 -3
  8. data/lib/puppet.rb +33 -9
  9. data/lib/puppet/agent.rb +20 -14
  10. data/lib/puppet/agent/locker.rb +0 -7
  11. data/lib/puppet/application/agent.rb +25 -9
  12. data/lib/puppet/application/apply.rb +18 -20
  13. data/lib/puppet/application/device.rb +1 -1
  14. data/lib/puppet/application/doc.rb +1 -1
  15. data/lib/puppet/application/filebucket.rb +5 -14
  16. data/lib/puppet/application/lookup.rb +16 -4
  17. data/lib/puppet/application/plugin.rb +1 -0
  18. data/lib/puppet/application/ssl.rb +3 -3
  19. data/lib/puppet/configurer.rb +68 -24
  20. data/lib/puppet/configurer/downloader.rb +31 -10
  21. data/lib/puppet/configurer/plugin_handler.rb +1 -1
  22. data/lib/puppet/confine.rb +2 -2
  23. data/lib/puppet/confine/any.rb +1 -1
  24. data/lib/puppet/context/trusted_information.rb +14 -8
  25. data/lib/puppet/daemon.rb +13 -27
  26. data/lib/puppet/defaults.rb +141 -41
  27. data/lib/puppet/environments.rb +55 -15
  28. data/lib/puppet/face/catalog.rb +1 -1
  29. data/lib/puppet/face/config.rb +46 -16
  30. data/lib/puppet/face/facts.rb +1 -1
  31. data/lib/puppet/face/help.rb +29 -3
  32. data/lib/puppet/face/module/search.rb +5 -0
  33. data/lib/puppet/face/node.rb +3 -3
  34. data/lib/puppet/face/node/clean.rb +2 -2
  35. data/lib/puppet/face/plugin.rb +2 -2
  36. data/lib/puppet/face/status.rb +1 -1
  37. data/lib/puppet/feature/base.rb +1 -1
  38. data/lib/puppet/file_bucket/dipper.rb +1 -1
  39. data/lib/puppet/file_serving/http_metadata.rb +14 -2
  40. data/lib/puppet/file_serving/metadata.rb +4 -1
  41. data/lib/puppet/file_serving/mount/locales.rb +1 -2
  42. data/lib/puppet/file_serving/mount/pluginfacts.rb +1 -2
  43. data/lib/puppet/file_serving/mount/plugins.rb +1 -2
  44. data/lib/puppet/file_serving/terminus_selector.rb +7 -8
  45. data/lib/puppet/file_system/file_impl.rb +17 -13
  46. data/lib/puppet/file_system/uniquefile.rb +12 -16
  47. data/lib/puppet/forge.rb +1 -1
  48. data/lib/puppet/forge/cache.rb +1 -1
  49. data/lib/puppet/forge/repository.rb +4 -7
  50. data/lib/puppet/functions/call.rb +1 -1
  51. data/lib/puppet/functions/filter.rb +1 -0
  52. data/lib/puppet/functions/lstrip.rb +4 -4
  53. data/lib/puppet/functions/new.rb +8 -3
  54. data/lib/puppet/functions/reduce.rb +2 -4
  55. data/lib/puppet/functions/reverse_each.rb +1 -1
  56. data/lib/puppet/functions/rstrip.rb +4 -4
  57. data/lib/puppet/functions/step.rb +1 -1
  58. data/lib/puppet/functions/strip.rb +4 -4
  59. data/lib/puppet/gettext/config.rb +5 -5
  60. data/lib/puppet/gettext/module_translations.rb +4 -4
  61. data/lib/puppet/http.rb +3 -0
  62. data/lib/puppet/http/client.rb +215 -60
  63. data/lib/puppet/http/external_client.rb +90 -0
  64. data/lib/puppet/http/redirector.rb +43 -7
  65. data/lib/puppet/http/resolver.rb +43 -3
  66. data/lib/puppet/http/resolver/server_list.rb +66 -24
  67. data/lib/puppet/http/resolver/settings.rb +21 -1
  68. data/lib/puppet/http/resolver/srv.rb +28 -2
  69. data/lib/puppet/http/response.rb +82 -1
  70. data/lib/puppet/http/retry_after_handler.rb +39 -0
  71. data/lib/puppet/http/service.rb +70 -2
  72. data/lib/puppet/http/service/ca.rb +71 -9
  73. data/lib/puppet/http/service/compiler.rb +214 -12
  74. data/lib/puppet/http/service/file_server.rb +106 -5
  75. data/lib/puppet/http/service/puppetserver.rb +39 -0
  76. data/lib/puppet/http/service/report.rb +36 -3
  77. data/lib/puppet/http/session.rb +60 -8
  78. data/lib/puppet/indirector.rb +1 -1
  79. data/lib/puppet/indirector/catalog/compiler.rb +1 -1
  80. data/lib/puppet/indirector/catalog/rest.rb +2 -1
  81. data/lib/puppet/indirector/exec.rb +1 -1
  82. data/lib/puppet/indirector/facts/facter.rb +3 -3
  83. data/lib/puppet/indirector/facts/rest.rb +2 -1
  84. data/lib/puppet/indirector/facts/yaml.rb +1 -1
  85. data/lib/puppet/indirector/file_bucket_file/rest.rb +48 -0
  86. data/lib/puppet/indirector/file_content/http.rb +5 -0
  87. data/lib/puppet/indirector/file_content/rest.rb +1 -1
  88. data/lib/puppet/indirector/file_metadata/http.rb +28 -8
  89. data/lib/puppet/indirector/file_metadata/rest.rb +6 -4
  90. data/lib/puppet/indirector/hiera.rb +4 -0
  91. data/lib/puppet/indirector/indirection.rb +1 -1
  92. data/lib/puppet/indirector/json.rb +1 -1
  93. data/lib/puppet/indirector/msgpack.rb +1 -1
  94. data/lib/puppet/indirector/node/rest.rb +2 -1
  95. data/lib/puppet/indirector/report/processor.rb +2 -2
  96. data/lib/puppet/indirector/report/yaml.rb +23 -0
  97. data/lib/puppet/indirector/request.rb +5 -5
  98. data/lib/puppet/indirector/rest.rb +7 -1
  99. data/lib/puppet/indirector/status/rest.rb +2 -1
  100. data/lib/puppet/indirector/yaml.rb +1 -1
  101. data/lib/puppet/metatype/manager.rb +80 -80
  102. data/lib/puppet/module.rb +1 -2
  103. data/lib/puppet/network/format_support.rb +2 -2
  104. data/lib/puppet/network/http/api/indirected_routes.rb +1 -1
  105. data/lib/puppet/network/http/api/master/v3/environment.rb +3 -0
  106. data/lib/puppet/network/http/api/master/v3/environments.rb +0 -1
  107. data/lib/puppet/network/http/base_pool.rb +6 -1
  108. data/lib/puppet/network/http/compression.rb +7 -0
  109. data/lib/puppet/network/http/connection.rb +2 -0
  110. data/lib/puppet/network/http/connection_adapter.rb +184 -0
  111. data/lib/puppet/network/http/nocache_pool.rb +1 -0
  112. data/lib/puppet/network/http/pool.rb +2 -4
  113. data/lib/puppet/network/http/route.rb +2 -2
  114. data/lib/puppet/network/http_pool.rb +2 -1
  115. data/lib/puppet/node/environment.rb +22 -5
  116. data/lib/puppet/node/facts.rb +17 -0
  117. data/lib/puppet/pal/catalog_compiler.rb +5 -0
  118. data/lib/puppet/pal/pal_impl.rb +30 -31
  119. data/lib/puppet/parameter.rb +1 -1
  120. data/lib/puppet/parser/ast/leaf.rb +5 -5
  121. data/lib/puppet/parser/ast/pops_bridge.rb +0 -4
  122. data/lib/puppet/parser/compiler.rb +43 -33
  123. data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +2 -0
  124. data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +2 -0
  125. data/lib/puppet/parser/environment_compiler.rb +4 -1
  126. data/lib/puppet/parser/functions.rb +18 -9
  127. data/lib/puppet/parser/functions/create_resources.rb +11 -7
  128. data/lib/puppet/parser/functions/filter.rb +1 -0
  129. data/lib/puppet/parser/resource.rb +3 -2
  130. data/lib/puppet/parser/resource/param.rb +6 -0
  131. data/lib/puppet/parser/type_loader.rb +2 -2
  132. data/lib/puppet/pops/adaptable.rb +7 -13
  133. data/lib/puppet/pops/adapters.rb +8 -4
  134. data/lib/puppet/pops/evaluator/collectors/abstract_collector.rb +1 -3
  135. data/lib/puppet/pops/evaluator/evaluator_impl.rb +5 -5
  136. data/lib/puppet/pops/evaluator/runtime3_converter.rb +2 -2
  137. data/lib/puppet/pops/issues.rb +5 -0
  138. data/lib/puppet/pops/loader/runtime3_type_loader.rb +4 -2
  139. data/lib/puppet/pops/loaders.rb +24 -15
  140. data/lib/puppet/pops/lookup/context.rb +1 -1
  141. data/lib/puppet/pops/lookup/hiera_config.rb +14 -1
  142. data/lib/puppet/pops/resource/resource_type_impl.rb +2 -0
  143. data/lib/puppet/pops/types/iterable.rb +34 -8
  144. data/lib/puppet/pops/types/p_meta_type.rb +1 -1
  145. data/lib/puppet/pops/types/p_type_set_type.rb +4 -0
  146. data/lib/puppet/pops/validation/checker4_0.rb +29 -15
  147. data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -0
  148. data/lib/puppet/provider/file/windows.rb +1 -1
  149. data/lib/puppet/provider/group/windows_adsi.rb +3 -3
  150. data/lib/puppet/provider/package/aix.rb +17 -2
  151. data/lib/puppet/provider/package/apt.rb +98 -1
  152. data/lib/puppet/provider/package/aptitude.rb +1 -1
  153. data/lib/puppet/provider/package/dnfmodule.rb +61 -14
  154. data/lib/puppet/provider/package/dpkg.rb +1 -1
  155. data/lib/puppet/provider/package/gem.rb +45 -9
  156. data/lib/puppet/provider/package/pacman.rb +2 -5
  157. data/lib/puppet/provider/package/pip.rb +143 -48
  158. data/lib/puppet/provider/package/pip2.rb +17 -0
  159. data/lib/puppet/provider/package/pip3.rb +0 -2
  160. data/lib/puppet/provider/package/pkgdmg.rb +1 -1
  161. data/lib/puppet/provider/package/pkgng.rb +16 -4
  162. data/lib/puppet/provider/package/portage.rb +2 -2
  163. data/lib/puppet/provider/package/puppet_gem.rb +11 -2
  164. data/lib/puppet/provider/package/puppetserver_gem.rb +180 -0
  165. data/lib/puppet/provider/package/rpm.rb +6 -213
  166. data/lib/puppet/provider/package/yum.rb +101 -20
  167. data/lib/puppet/provider/package/zypper.rb +62 -1
  168. data/lib/puppet/provider/service/systemd.rb +22 -4
  169. data/lib/puppet/provider/service/windows.rb +23 -7
  170. data/lib/puppet/provider/user/aix.rb +1 -1
  171. data/lib/puppet/provider/user/user_role_add.rb +1 -1
  172. data/lib/puppet/provider/user/useradd.rb +16 -5
  173. data/lib/puppet/provider/user/windows_adsi.rb +18 -1
  174. data/lib/puppet/reports/http.rb +15 -9
  175. data/lib/puppet/resource.rb +2 -1
  176. data/lib/puppet/resource/type.rb +10 -1
  177. data/lib/puppet/resource/type_collection.rb +20 -16
  178. data/lib/puppet/rest/route.rb +2 -2
  179. data/lib/puppet/runtime.rb +25 -2
  180. data/lib/puppet/settings.rb +20 -6
  181. data/lib/puppet/ssl.rb +1 -0
  182. data/lib/puppet/ssl/host.rb +4 -4
  183. data/lib/puppet/ssl/oids.rb +1 -0
  184. data/lib/puppet/ssl/ssl_context.rb +2 -2
  185. data/lib/puppet/ssl/ssl_provider.rb +20 -1
  186. data/lib/puppet/ssl/state_machine.rb +79 -37
  187. data/lib/puppet/ssl/validator/default_validator.rb +1 -1
  188. data/lib/puppet/ssl/verifier_adapter.rb +9 -1
  189. data/lib/puppet/test/test_helper.rb +19 -14
  190. data/lib/puppet/transaction.rb +2 -2
  191. data/lib/puppet/transaction/persistence.rb +1 -1
  192. data/lib/puppet/transaction/report.rb +14 -10
  193. data/lib/puppet/trusted_external.rb +29 -1
  194. data/lib/puppet/type.rb +21 -8
  195. data/lib/puppet/type/file.rb +40 -15
  196. data/lib/puppet/type/file/checksum.rb +4 -4
  197. data/lib/puppet/type/file/source.rb +35 -13
  198. data/lib/puppet/type/filebucket.rb +1 -1
  199. data/lib/puppet/type/notify.rb +2 -2
  200. data/lib/puppet/type/package.rb +41 -3
  201. data/lib/puppet/type/service.rb +59 -8
  202. data/lib/puppet/type/user.rb +19 -29
  203. data/lib/puppet/util.rb +41 -3
  204. data/lib/puppet/util/at_fork.rb +1 -1
  205. data/lib/puppet/util/autoload.rb +13 -25
  206. data/lib/puppet/util/character_encoding.rb +9 -5
  207. data/lib/puppet/util/checksums.rb +19 -4
  208. data/lib/puppet/util/connection.rb +8 -8
  209. data/lib/puppet/util/execution.rb +2 -2
  210. data/lib/puppet/util/fileparsing.rb +2 -2
  211. data/lib/puppet/util/instance_loader.rb +14 -10
  212. data/lib/puppet/util/log/destinations.rb +1 -10
  213. data/lib/puppet/util/package/version/debian.rb +175 -0
  214. data/lib/puppet/util/package/version/gem.rb +15 -0
  215. data/lib/puppet/util/package/version/pip.rb +167 -0
  216. data/lib/puppet/util/package/version/range.rb +53 -0
  217. data/lib/puppet/util/package/version/range/eq.rb +14 -0
  218. data/lib/puppet/util/package/version/range/gt.rb +14 -0
  219. data/lib/puppet/util/package/version/range/gt_eq.rb +14 -0
  220. data/lib/puppet/util/package/version/range/lt.rb +14 -0
  221. data/lib/puppet/util/package/version/range/lt_eq.rb +14 -0
  222. data/lib/puppet/util/package/version/range/min_max.rb +21 -0
  223. data/lib/puppet/util/package/version/range/simple.rb +11 -0
  224. data/lib/puppet/util/package/version/rpm.rb +73 -0
  225. data/lib/puppet/util/pidlock.rb +13 -7
  226. data/lib/puppet/util/platform.rb +5 -0
  227. data/lib/puppet/util/provider_features.rb +1 -1
  228. data/lib/puppet/util/reference.rb +1 -1
  229. data/lib/puppet/util/rpm_compare.rb +193 -0
  230. data/lib/puppet/util/run_mode.rb +5 -1
  231. data/lib/puppet/util/windows.rb +1 -0
  232. data/lib/puppet/util/windows/adsi.rb +2 -2
  233. data/lib/puppet/util/windows/api_types.rb +60 -33
  234. data/lib/puppet/util/windows/eventlog.rb +1 -6
  235. data/lib/puppet/util/windows/monkey_patches/dir.rb +40 -0
  236. data/lib/puppet/util/windows/principal.rb +8 -6
  237. data/lib/puppet/util/windows/process.rb +15 -14
  238. data/lib/puppet/util/windows/registry.rb +11 -11
  239. data/lib/puppet/util/windows/security.rb +5 -4
  240. data/lib/puppet/util/windows/service.rb +43 -26
  241. data/lib/puppet/util/windows/sid.rb +3 -3
  242. data/lib/puppet/util/windows/user.rb +242 -8
  243. data/lib/puppet/version.rb +1 -1
  244. data/locales/puppet.pot +627 -507
  245. data/man/man5/puppet.conf.5 +93 -20
  246. data/man/man8/puppet-agent.8 +7 -4
  247. data/man/man8/puppet-apply.8 +1 -1
  248. data/man/man8/puppet-catalog.8 +1 -1
  249. data/man/man8/puppet-config.8 +6 -6
  250. data/man/man8/puppet-describe.8 +1 -1
  251. data/man/man8/puppet-device.8 +1 -1
  252. data/man/man8/puppet-doc.8 +1 -1
  253. data/man/man8/puppet-epp.8 +1 -1
  254. data/man/man8/puppet-facts.8 +1 -1
  255. data/man/man8/puppet-filebucket.8 +1 -1
  256. data/man/man8/puppet-generate.8 +1 -1
  257. data/man/man8/puppet-help.8 +6 -3
  258. data/man/man8/puppet-key.8 +1 -1
  259. data/man/man8/puppet-lookup.8 +2 -2
  260. data/man/man8/puppet-man.8 +1 -1
  261. data/man/man8/puppet-module.8 +4 -1
  262. data/man/man8/puppet-node.8 +4 -4
  263. data/man/man8/puppet-parser.8 +1 -1
  264. data/man/man8/puppet-plugin.8 +1 -1
  265. data/man/man8/puppet-report.8 +1 -1
  266. data/man/man8/puppet-resource.8 +1 -1
  267. data/man/man8/puppet-script.8 +1 -1
  268. data/man/man8/puppet-ssl.8 +1 -1
  269. data/man/man8/puppet-status.8 +2 -2
  270. data/man/man8/puppet.8 +2 -2
  271. data/spec/fixtures/integration/application/apply/environments/spec/modules/amod/lib/puppet/provider/applytest/applytest.rb +2 -0
  272. data/spec/fixtures/integration/application/apply/environments/spec/modules/amod/lib/puppet/type/applytest.rb +25 -0
  273. data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +67 -0
  274. data/spec/fixtures/ssl/unknown-127.0.0.1.pem +48 -0
  275. data/spec/fixtures/ssl/unknown-ca-key.pem +67 -0
  276. data/spec/fixtures/ssl/unknown-ca.pem +59 -0
  277. data/spec/fixtures/unit/forge/bacula-releases.json +128 -0
  278. data/spec/fixtures/unit/forge/bacula.tar.gz +0 -0
  279. data/spec/fixtures/unit/provider/package/dnfmodule/{dnf-module-list-installed.txt → dnf-module-list.txt} +8 -0
  280. data/spec/fixtures/unit/provider/package/pkgng/pkg.version +2 -0
  281. data/spec/fixtures/unit/provider/package/puppetserver_gem/gem-list-local-packages +30 -0
  282. data/spec/fixtures/unit/provider/package/yum/yum-check-update-subscription-manager.txt +9 -0
  283. data/spec/fixtures/unit/provider/package/zypper/zypper-search-uninstalled.out +13 -0
  284. data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services +9 -0
  285. data/spec/integration/application/agent_spec.rb +479 -0
  286. data/spec/integration/application/apply_spec.rb +279 -150
  287. data/spec/integration/application/config_spec.rb +74 -0
  288. data/spec/integration/application/doc_spec.rb +16 -6
  289. data/spec/integration/application/filebucket_spec.rb +239 -0
  290. data/spec/integration/application/help_spec.rb +42 -0
  291. data/spec/integration/application/lookup_spec.rb +13 -0
  292. data/spec/integration/application/module_spec.rb +68 -0
  293. data/spec/integration/application/plugin_spec.rb +123 -0
  294. data/spec/integration/configurer_spec.rb +14 -0
  295. data/spec/integration/data_binding_spec.rb +82 -0
  296. data/spec/integration/defaults_spec.rb +27 -3
  297. data/spec/integration/directory_environments_spec.rb +17 -17
  298. data/spec/integration/http/client_spec.rb +39 -40
  299. data/spec/integration/indirector/facts/facter_spec.rb +8 -6
  300. data/spec/integration/indirector/report/yaml.rb +83 -0
  301. data/spec/integration/network/http_pool_spec.rb +84 -19
  302. data/spec/integration/node/environment_spec.rb +15 -0
  303. data/spec/integration/parser/compiler_spec.rb +11 -0
  304. data/spec/integration/type/file_spec.rb +1 -1
  305. data/spec/integration/util/execution_spec.rb +22 -0
  306. data/spec/integration/util/windows/adsi_spec.rb +8 -3
  307. data/spec/integration/util/windows/monkey_patches/dir_spec.rb +11 -0
  308. data/spec/integration/util/windows/process_spec.rb +26 -32
  309. data/spec/integration/util/windows/registry_spec.rb +7 -7
  310. data/spec/integration/util/windows/user_spec.rb +47 -5
  311. data/spec/integration/util_spec.rb +7 -33
  312. data/spec/lib/puppet/test_ca.rb +2 -2
  313. data/spec/lib/puppet_spec/https.rb +16 -7
  314. data/spec/lib/puppet_spec/matchers.rb +0 -80
  315. data/spec/lib/puppet_spec/puppetserver.rb +127 -0
  316. data/spec/shared_contexts/https.rb +29 -0
  317. data/spec/shared_contexts/types_setup.rb +2 -0
  318. data/spec/unit/agent_spec.rb +80 -26
  319. data/spec/unit/application/agent_spec.rb +12 -9
  320. data/spec/unit/application/device_spec.rb +2 -2
  321. data/spec/unit/application/doc_spec.rb +2 -2
  322. data/spec/unit/application/face_base_spec.rb +6 -4
  323. data/spec/unit/application/facts_spec.rb +41 -10
  324. data/spec/unit/application/filebucket_spec.rb +22 -2
  325. data/spec/unit/application/man_spec.rb +52 -0
  326. data/spec/unit/application/resource_spec.rb +3 -1
  327. data/spec/unit/application/ssl_spec.rb +15 -2
  328. data/spec/unit/application_spec.rb +9 -4
  329. data/spec/unit/configurer/downloader_spec.rb +10 -0
  330. data/spec/unit/configurer/fact_handler_spec.rb +4 -4
  331. data/spec/unit/configurer_spec.rb +87 -38
  332. data/spec/unit/confine_spec.rb +2 -1
  333. data/spec/unit/context/trusted_information_spec.rb +25 -2
  334. data/spec/unit/daemon_spec.rb +5 -64
  335. data/spec/unit/defaults_spec.rb +24 -1
  336. data/spec/unit/environments_spec.rb +107 -32
  337. data/spec/unit/face/config_spec.rb +59 -1
  338. data/spec/unit/face/module/search_spec.rb +17 -0
  339. data/spec/unit/face/node_spec.rb +2 -2
  340. data/spec/unit/file_serving/http_metadata_spec.rb +37 -14
  341. data/spec/unit/file_serving/mount/locales_spec.rb +2 -2
  342. data/spec/unit/file_serving/mount/pluginfacts_spec.rb +2 -2
  343. data/spec/unit/file_serving/mount/plugins_spec.rb +2 -2
  344. data/spec/unit/file_serving/terminus_selector_spec.rb +45 -26
  345. data/spec/unit/file_system/uniquefile_spec.rb +29 -0
  346. data/spec/unit/file_system_spec.rb +11 -2
  347. data/spec/unit/http/client_spec.rb +173 -59
  348. data/spec/unit/http/external_client_spec.rb +201 -0
  349. data/spec/unit/http/resolver_spec.rb +44 -5
  350. data/spec/unit/http/response_spec.rb +6 -0
  351. data/spec/unit/http/service/ca_spec.rb +27 -5
  352. data/spec/unit/http/service/compiler_spec.rb +186 -9
  353. data/spec/unit/http/service/file_server_spec.rb +37 -6
  354. data/spec/unit/http/service/puppetserver_spec.rb +82 -0
  355. data/spec/unit/http/service/report_spec.rb +5 -4
  356. data/spec/unit/http/service_spec.rb +3 -4
  357. data/spec/unit/http/session_spec.rb +48 -12
  358. data/spec/unit/indirector/catalog/compiler_spec.rb +1 -0
  359. data/spec/unit/indirector/catalog/json_spec.rb +1 -1
  360. data/spec/unit/indirector/catalog/rest_spec.rb +1 -1
  361. data/spec/unit/indirector/facts/rest_spec.rb +1 -1
  362. data/spec/unit/indirector/file_bucket_file/rest_spec.rb +82 -2
  363. data/spec/unit/indirector/file_metadata/http_spec.rb +194 -0
  364. data/spec/unit/indirector/file_metadata/rest_spec.rb +15 -14
  365. data/spec/unit/indirector/json_spec.rb +8 -8
  366. data/spec/unit/indirector/msgpack_spec.rb +8 -8
  367. data/spec/unit/indirector/node/rest_spec.rb +1 -1
  368. data/spec/unit/indirector/request_spec.rb +5 -5
  369. data/spec/unit/indirector/rest_spec.rb +14 -1
  370. data/spec/unit/indirector/status/rest_spec.rb +1 -1
  371. data/spec/unit/indirector/yaml_spec.rb +7 -7
  372. data/spec/unit/interface_spec.rb +3 -3
  373. data/spec/unit/module_tool/tar/mini_spec.rb +20 -0
  374. data/spec/unit/network/format_support_spec.rb +3 -2
  375. data/spec/unit/network/http/api/indirected_routes_spec.rb +2 -1
  376. data/spec/unit/network/http/api/master/v3/environments_spec.rb +12 -23
  377. data/spec/unit/network/http/connection_spec.rb +552 -190
  378. data/spec/unit/network/http/nocache_pool_spec.rb +22 -0
  379. data/spec/unit/network/http/pool_spec.rb +3 -3
  380. data/spec/unit/network/http_pool_spec.rb +63 -57
  381. data/spec/unit/network/http_spec.rb +1 -1
  382. data/spec/unit/node/environment_spec.rb +33 -0
  383. data/spec/unit/parser/ast/block_expression_spec.rb +1 -1
  384. data/spec/unit/parser/environment_compiler_spec.rb +7 -0
  385. data/spec/unit/parser/scope_spec.rb +1 -1
  386. data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +15 -1
  387. data/spec/unit/pops/loaders/loaders_spec.rb +71 -1
  388. data/spec/unit/pops/lookup/lookup_spec.rb +25 -0
  389. data/spec/unit/pops/types/type_calculator_spec.rb +1 -11
  390. data/spec/unit/provider/exec_spec.rb +4 -3
  391. data/spec/unit/provider/group/windows_adsi_spec.rb +43 -10
  392. data/spec/unit/provider/package/aix_spec.rb +29 -0
  393. data/spec/unit/provider/package/apt_spec.rb +107 -0
  394. data/spec/unit/provider/package/aptitude_spec.rb +1 -0
  395. data/spec/unit/provider/package/dnfmodule_spec.rb +54 -15
  396. data/spec/unit/provider/package/dpkg_spec.rb +22 -7
  397. data/spec/unit/provider/package/gem_spec.rb +40 -0
  398. data/spec/unit/provider/package/openbsd_spec.rb +2 -0
  399. data/spec/unit/provider/package/pacman_spec.rb +6 -21
  400. data/spec/unit/provider/package/pip2_spec.rb +36 -0
  401. data/spec/unit/provider/package/pip_spec.rb +68 -19
  402. data/spec/unit/provider/package/pkgdmg_spec.rb +1 -1
  403. data/spec/unit/provider/package/pkgng_spec.rb +38 -0
  404. data/spec/unit/provider/package/portage_spec.rb +5 -0
  405. data/spec/unit/provider/package/puppet_gem_spec.rb +12 -1
  406. data/spec/unit/provider/package/puppetserver_gem_spec.rb +137 -0
  407. data/spec/unit/provider/package/rpm_spec.rb +0 -212
  408. data/spec/unit/provider/package/yum_spec.rb +274 -1
  409. data/spec/unit/provider/package/zypper_spec.rb +98 -0
  410. data/spec/unit/provider/service/base_spec.rb +2 -4
  411. data/spec/unit/provider/service/bsd_spec.rb +5 -1
  412. data/spec/unit/provider/service/daemontools_spec.rb +1 -1
  413. data/spec/unit/provider/service/debian_spec.rb +3 -5
  414. data/spec/unit/provider/service/freebsd_spec.rb +1 -1
  415. data/spec/unit/provider/service/gentoo_spec.rb +4 -5
  416. data/spec/unit/provider/service/init_spec.rb +46 -5
  417. data/spec/unit/provider/service/launchd_spec.rb +5 -6
  418. data/spec/unit/provider/service/openbsd_spec.rb +9 -0
  419. data/spec/unit/provider/service/openrc_spec.rb +4 -5
  420. data/spec/unit/provider/service/openwrt_spec.rb +2 -1
  421. data/spec/unit/provider/service/redhat_spec.rb +10 -1
  422. data/spec/unit/provider/service/runit_spec.rb +2 -1
  423. data/spec/unit/provider/service/smf_spec.rb +1 -1
  424. data/spec/unit/provider/service/src_spec.rb +3 -5
  425. data/spec/unit/provider/service/systemd_spec.rb +95 -18
  426. data/spec/unit/provider/service/upstart_spec.rb +4 -5
  427. data/spec/unit/provider/service/windows_spec.rb +50 -14
  428. data/spec/unit/provider/user/openbsd_spec.rb +1 -0
  429. data/spec/unit/provider/user/useradd_spec.rb +30 -16
  430. data/spec/unit/provider/user/windows_adsi_spec.rb +85 -3
  431. data/spec/unit/puppet_pal_2pec.rb +11 -0
  432. data/spec/unit/puppet_pal_catalog_spec.rb +43 -0
  433. data/spec/unit/puppet_spec.rb +33 -0
  434. data/spec/unit/reports/http_spec.rb +70 -52
  435. data/spec/unit/reports/store_spec.rb +17 -13
  436. data/spec/unit/resource_spec.rb +3 -3
  437. data/spec/unit/rest/route_spec.rb +4 -4
  438. data/spec/unit/settings_spec.rb +44 -22
  439. data/spec/unit/ssl/host_spec.rb +4 -2
  440. data/spec/unit/ssl/oids_spec.rb +1 -0
  441. data/spec/unit/ssl/ssl_provider_spec.rb +69 -43
  442. data/spec/unit/ssl/state_machine_spec.rb +90 -14
  443. data/spec/unit/test/test_helper_spec.rb +17 -0
  444. data/spec/unit/transaction/persistence_spec.rb +15 -0
  445. data/spec/unit/transaction/report_spec.rb +7 -1
  446. data/spec/unit/type/file/source_spec.rb +4 -4
  447. data/spec/unit/type/file_spec.rb +122 -96
  448. data/spec/unit/type/filebucket_spec.rb +1 -1
  449. data/spec/unit/type/service_spec.rb +218 -8
  450. data/spec/unit/type/user_spec.rb +32 -3
  451. data/spec/unit/type_spec.rb +50 -0
  452. data/spec/unit/util/at_fork_spec.rb +2 -2
  453. data/spec/unit/util/autoload_spec.rb +2 -1
  454. data/spec/unit/util/character_encoding_spec.rb +4 -4
  455. data/spec/unit/util/checksums_spec.rb +16 -0
  456. data/spec/unit/util/command_line_spec.rb +11 -6
  457. data/spec/unit/util/log/destinations_spec.rb +1 -29
  458. data/spec/unit/util/package/version/debian_spec.rb +83 -0
  459. data/spec/unit/util/package/version/pip_spec.rb +464 -0
  460. data/spec/unit/util/package/version/range_spec.rb +175 -0
  461. data/spec/unit/util/package/version/rpm_spec.rb +121 -0
  462. data/spec/unit/util/pidlock_spec.rb +83 -47
  463. data/spec/unit/util/rpm_compare_spec.rb +196 -0
  464. data/spec/unit/util/run_mode_spec.rb +6 -6
  465. data/spec/unit/util/windows/adsi_spec.rb +4 -4
  466. data/spec/unit/util/windows/api_types_spec.rb +104 -40
  467. data/spec/unit/util/windows/service_spec.rb +4 -4
  468. data/spec/unit/util/windows/sid_spec.rb +2 -2
  469. data/spec/unit/util_spec.rb +3 -3
  470. data/spec/unit/x509/cert_provider_spec.rb +1 -1
  471. data/tasks/generate_cert_fixtures.rake +15 -1
  472. data/tasks/manpages.rake +5 -35
  473. metadata +90 -51
  474. data/spec/integration/faces/config_spec.rb +0 -91
  475. data/spec/integration/faces/documentation_spec.rb +0 -57
  476. data/spec/integration/faces/plugin_spec.rb +0 -63
  477. data/spec/integration/file_bucket/file_spec.rb +0 -50
  478. data/spec/integration/file_serving/content_spec.rb +0 -7
  479. data/spec/integration/file_serving/fileset_spec.rb +0 -12
  480. data/spec/integration/file_serving/metadata_spec.rb +0 -8
  481. data/spec/integration/file_serving/terminus_helper_spec.rb +0 -20
  482. data/spec/integration/file_system/uniquefile_spec.rb +0 -26
  483. data/spec/integration/module_tool/forge_spec.rb +0 -64
  484. data/spec/integration/module_tool/tar/mini_spec.rb +0 -28
  485. data/spec/integration/provider/service/init_spec.rb +0 -48
  486. data/spec/integration/provider/service/systemd_spec.rb +0 -25
  487. data/spec/integration/provider/service/windows_spec.rb +0 -50
  488. data/spec/integration/reference/providers_spec.rb +0 -21
  489. data/spec/integration/reports_spec.rb +0 -13
  490. data/spec/integration/ssl/certificate_request_spec.rb +0 -44
  491. data/spec/integration/ssl/host_spec.rb +0 -72
  492. data/spec/integration/ssl/key_spec.rb +0 -99
  493. data/spec/integration/test/test_helper_spec.rb +0 -31
  494. data/spec/shared_behaviours/file_serving_model.rb +0 -51
  495. data/spec/unit/face/man_spec.rb +0 -25
  496. data/spec/unit/man_spec.rb +0 -31
@@ -33,6 +33,7 @@ describe Puppet::SSL::Oids do
33
33
  'pp_cloudplatform' => '1.3.6.1.4.1.34380.1.1.23',
34
34
  'pp_apptier' => '1.3.6.1.4.1.34380.1.1.24',
35
35
  'pp_hostname' => '1.3.6.1.4.1.34380.1.1.25',
36
+ 'pp_owner' => '1.3.6.1.4.1.34380.1.1.26',
36
37
  'ppPrivCertExt' => '1.3.6.1.4.1.34380.1.2',
37
38
  'ppAuthCertExt' => '1.3.6.1.4.1.34380.1.3',
38
39
  'pp_authorization' => '1.3.6.1.4.1.34380.1.3.1',
@@ -42,20 +42,20 @@ describe Puppet::SSL::SSLProvider do
42
42
  let(:config) { { cacerts: [], crls: [], revocation: false } }
43
43
 
44
44
  it 'accepts empty list of certs and crls' do
45
- sslctx = subject.create_root_context(config)
45
+ sslctx = subject.create_root_context(**config)
46
46
  expect(sslctx.cacerts).to eq([])
47
47
  expect(sslctx.crls).to eq([])
48
48
  end
49
49
 
50
50
  it 'accepts valid root certs' do
51
51
  certs = [cert_fixture('ca.pem')]
52
- sslctx = subject.create_root_context(config.merge(cacerts: certs))
52
+ sslctx = subject.create_root_context(**config.merge(cacerts: certs))
53
53
  expect(sslctx.cacerts).to eq(certs)
54
54
  end
55
55
 
56
56
  it 'accepts valid intermediate certs' do
57
57
  certs = [cert_fixture('ca.pem'), cert_fixture('intermediate.pem')]
58
- sslctx = subject.create_root_context(config.merge(cacerts: certs))
58
+ sslctx = subject.create_root_context(**config.merge(cacerts: certs))
59
59
  expect(sslctx.cacerts).to eq(certs)
60
60
  end
61
61
 
@@ -63,19 +63,19 @@ describe Puppet::SSL::SSLProvider do
63
63
  expired = [cert_fixture('ca.pem'), cert_fixture('intermediate.pem')]
64
64
  expired.each { |x509| x509.not_after = Time.at(0) }
65
65
 
66
- sslctx = subject.create_root_context(config.merge(cacerts: expired))
66
+ sslctx = subject.create_root_context(**config.merge(cacerts: expired))
67
67
  expect(sslctx.cacerts).to eq(expired)
68
68
  end
69
69
 
70
70
  it 'raises if the frozen context is modified' do
71
- sslctx = subject.create_root_context(config)
71
+ sslctx = subject.create_root_context(**config)
72
72
  expect {
73
73
  sslctx.verify_peer = false
74
74
  }.to raise_error(/can't modify frozen/)
75
75
  end
76
76
 
77
77
  it 'verifies peer' do
78
- sslctx = subject.create_root_context(config)
78
+ sslctx = subject.create_root_context(**config)
79
79
  expect(sslctx.verify_peer).to eq(true)
80
80
  end
81
81
  end
@@ -134,6 +134,32 @@ describe Puppet::SSL::SSLProvider do
134
134
  expect(sslctx.client_cert).to be_nil
135
135
  expect(sslctx.private_key).to be_nil
136
136
  end
137
+
138
+ it 'trusts additional system certs' do
139
+ path = tmpfile('system_cacerts')
140
+ File.write(path, cert_fixture('ca.pem').to_pem)
141
+
142
+ expect_any_instance_of(OpenSSL::X509::Store).to receive(:add_file).with(path)
143
+
144
+ subject.create_system_context(cacerts: [], path: path)
145
+ end
146
+
147
+ it 'ignores empty files' do
148
+ path = tmpfile('system_cacerts')
149
+ FileUtils.touch(path)
150
+
151
+ subject.create_system_context(cacerts: [], path: path)
152
+
153
+ expect(@logs).to eq([])
154
+ end
155
+
156
+ it 'prints an error if it is not a file' do
157
+ path = tmpdir('system_cacerts')
158
+
159
+ subject.create_system_context(cacerts: [], path: path)
160
+
161
+ expect(@logs).to include(an_object_having_attributes(level: :warning, message: /^The 'ssl_trust_store' setting does not refer to a file and will be ignored/))
162
+ end
137
163
  end
138
164
 
139
165
  context 'when creating an ssl context with crls' do
@@ -142,14 +168,14 @@ describe Puppet::SSL::SSLProvider do
142
168
  it 'accepts valid CRLs' do
143
169
  certs = [cert_fixture('ca.pem')]
144
170
  crls = [crl_fixture('crl.pem')]
145
- sslctx = subject.create_root_context(config.merge(cacerts: certs, crls: crls))
171
+ sslctx = subject.create_root_context(**config.merge(cacerts: certs, crls: crls))
146
172
  expect(sslctx.crls).to eq(crls)
147
173
  end
148
174
 
149
175
  it 'accepts valid CRLs for intermediate certs' do
150
176
  certs = [cert_fixture('ca.pem'), cert_fixture('intermediate.pem')]
151
177
  crls = [crl_fixture('crl.pem'), crl_fixture('intermediate-crl.pem')]
152
- sslctx = subject.create_root_context(config.merge(cacerts: certs, crls: crls))
178
+ sslctx = subject.create_root_context(**config.merge(cacerts: certs, crls: crls))
153
179
  expect(sslctx.crls).to eq(crls)
154
180
  end
155
181
 
@@ -157,12 +183,12 @@ describe Puppet::SSL::SSLProvider do
157
183
  expired = [crl_fixture('crl.pem'), crl_fixture('intermediate-crl.pem')]
158
184
  expired.each { |x509| x509.last_update = Time.at(0) }
159
185
 
160
- sslctx = subject.create_root_context(config.merge(crls: expired))
186
+ sslctx = subject.create_root_context(**config.merge(crls: expired))
161
187
  expect(sslctx.crls).to eq(expired)
162
188
  end
163
189
 
164
190
  it 'verifies peer' do
165
- sslctx = subject.create_root_context(config)
191
+ sslctx = subject.create_root_context(**config)
166
192
  expect(sslctx.verify_peer).to eq(true)
167
193
  end
168
194
  end
@@ -174,49 +200,49 @@ describe Puppet::SSL::SSLProvider do
174
200
 
175
201
  it 'raises if CA certs are missing' do
176
202
  expect {
177
- subject.create_context(config.merge(cacerts: nil))
203
+ subject.create_context(**config.merge(cacerts: nil))
178
204
  }.to raise_error(ArgumentError, /CA certs are missing/)
179
205
  end
180
206
 
181
207
  it 'raises if CRLs are are missing' do
182
208
  expect {
183
- subject.create_context(config.merge(crls: nil))
209
+ subject.create_context(**config.merge(crls: nil))
184
210
  }.to raise_error(ArgumentError, /CRLs are missing/)
185
211
  end
186
212
 
187
213
  it 'raises if private key is missing' do
188
214
  expect {
189
- subject.create_context(config.merge(private_key: nil))
215
+ subject.create_context(**config.merge(private_key: nil))
190
216
  }.to raise_error(ArgumentError, /Private key is missing/)
191
217
  end
192
218
 
193
219
  it 'raises if client cert is missing' do
194
220
  expect {
195
- subject.create_context(config.merge(client_cert: nil))
221
+ subject.create_context(**config.merge(client_cert: nil))
196
222
  }.to raise_error(ArgumentError, /Client cert is missing/)
197
223
  end
198
224
 
199
225
  it 'accepts RSA keys' do
200
- sslctx = subject.create_context(config)
226
+ sslctx = subject.create_context(**config)
201
227
  expect(sslctx.private_key).to eq(private_key)
202
228
  end
203
229
 
204
230
  it 'accepts EC keys' do
205
231
  ec_key = ec_key_fixture('ec-key.pem')
206
232
  ec_cert = cert_fixture('ec.pem')
207
- sslctx = subject.create_context(config.merge(client_cert: ec_cert, private_key: ec_key))
233
+ sslctx = subject.create_context(**config.merge(client_cert: ec_cert, private_key: ec_key))
208
234
  expect(sslctx.private_key).to eq(ec_key)
209
235
  end
210
236
 
211
237
  it 'raises if private key is unsupported' do
212
238
  dsa_key = OpenSSL::PKey::DSA.new
213
239
  expect {
214
- subject.create_context(config.merge(private_key: dsa_key))
240
+ subject.create_context(**config.merge(private_key: dsa_key))
215
241
  }.to raise_error(Puppet::SSL::SSLError, /Unsupported key 'OpenSSL::PKey::DSA'/)
216
242
  end
217
243
 
218
244
  it 'resolves the client chain from leaf to root' do
219
- sslctx = subject.create_context(config)
245
+ sslctx = subject.create_context(**config)
220
246
  expect(
221
247
  sslctx.client_chain.map(&:subject).map(&:to_utf8)
222
248
  ).to eq(['CN=signed', 'CN=Test CA Subauthority', 'CN=Test CA'])
@@ -225,21 +251,21 @@ describe Puppet::SSL::SSLProvider do
225
251
  it 'raises if client cert signature is invalid' do
226
252
  client_cert.sign(wrong_key, OpenSSL::Digest::SHA256.new)
227
253
  expect {
228
- subject.create_context(config.merge(client_cert: client_cert))
254
+ subject.create_context(**config.merge(client_cert: client_cert))
229
255
  }.to raise_error(Puppet::SSL::CertVerifyError,
230
256
  "Invalid signature for certificate 'CN=signed'")
231
257
  end
232
258
 
233
259
  it 'raises if client cert and private key are mismatched' do
234
260
  expect {
235
- subject.create_context(config.merge(private_key: wrong_key))
261
+ subject.create_context(**config.merge(private_key: wrong_key))
236
262
  }.to raise_error(Puppet::SSL::SSLError,
237
263
  "The certificate for 'CN=signed' does not match its private key")
238
264
  end
239
265
 
240
266
  it "raises if client cert's public key has been replaced" do
241
267
  expect {
242
- subject.create_context(config.merge(client_cert: cert_fixture('tampered-cert.pem')))
268
+ subject.create_context(**config.merge(client_cert: cert_fixture('tampered-cert.pem')))
243
269
  }.to raise_error(Puppet::SSL::CertVerifyError,
244
270
  "Invalid signature for certificate 'CN=signed'")
245
271
  end
@@ -250,7 +276,7 @@ describe Puppet::SSL::SSLProvider do
250
276
  ca.sign(wrong_key, OpenSSL::Digest::SHA256.new)
251
277
 
252
278
  expect {
253
- subject.create_context(config.merge(cacerts: global_cacerts))
279
+ subject.create_context(**config.merge(cacerts: global_cacerts))
254
280
  }.to raise_error(Puppet::SSL::CertVerifyError,
255
281
  "Invalid signature for certificate 'CN=Test CA'")
256
282
  end
@@ -260,7 +286,7 @@ describe Puppet::SSL::SSLProvider do
260
286
  int.sign(wrong_key, OpenSSL::Digest::SHA256.new)
261
287
 
262
288
  expect {
263
- subject.create_context(config.merge(cacerts: global_cacerts))
289
+ subject.create_context(**config.merge(cacerts: global_cacerts))
264
290
  }.to raise_error(Puppet::SSL::CertVerifyError,
265
291
  "Invalid signature for certificate 'CN=Test CA Subauthority'")
266
292
  end
@@ -270,7 +296,7 @@ describe Puppet::SSL::SSLProvider do
270
296
  crl.sign(wrong_key, OpenSSL::Digest::SHA256.new)
271
297
 
272
298
  expect {
273
- subject.create_context(config.merge(crls: global_crls))
299
+ subject.create_context(**config.merge(crls: global_crls))
274
300
  }.to raise_error(Puppet::SSL::CertVerifyError,
275
301
  "Invalid signature for CRL issued by 'CN=Test CA'")
276
302
  end
@@ -280,14 +306,14 @@ describe Puppet::SSL::SSLProvider do
280
306
  crl.sign(wrong_key, OpenSSL::Digest::SHA256.new)
281
307
 
282
308
  expect {
283
- subject.create_context(config.merge(crls: global_crls))
309
+ subject.create_context(**config.merge(crls: global_crls))
284
310
  }.to raise_error(Puppet::SSL::CertVerifyError,
285
311
  "Invalid signature for CRL issued by 'CN=Test CA Subauthority'")
286
312
  end
287
313
 
288
314
  it 'raises if client cert is revoked' do
289
315
  expect {
290
- subject.create_context(config.merge(private_key: key_fixture('revoked-key.pem'), client_cert: cert_fixture('revoked.pem')))
316
+ subject.create_context(**config.merge(private_key: key_fixture('revoked-key.pem'), client_cert: cert_fixture('revoked.pem')))
291
317
  }.to raise_error(Puppet::SSL::CertVerifyError,
292
318
  "Certificate 'CN=revoked' is revoked")
293
319
  end
@@ -295,12 +321,12 @@ describe Puppet::SSL::SSLProvider do
295
321
  it 'warns if intermediate issuer is missing' do
296
322
  expect(Puppet).to receive(:warning).with("The issuer 'CN=Test CA Subauthority' of certificate 'CN=signed' cannot be found locally")
297
323
 
298
- subject.create_context(config.merge(cacerts: [cert_fixture('ca.pem')]))
324
+ subject.create_context(**config.merge(cacerts: [cert_fixture('ca.pem')]))
299
325
  end
300
326
 
301
327
  it 'raises if root issuer is missing' do
302
328
  expect {
303
- subject.create_context(config.merge(cacerts: [cert_fixture('intermediate.pem')]))
329
+ subject.create_context(**config.merge(cacerts: [cert_fixture('intermediate.pem')]))
304
330
  }.to raise_error(Puppet::SSL::CertVerifyError,
305
331
  "The issuer 'CN=Test CA' of certificate 'CN=Test CA Subauthority' is missing")
306
332
  end
@@ -308,7 +334,7 @@ describe Puppet::SSL::SSLProvider do
308
334
  it 'raises if cert is not valid yet', unless: Puppet::Util::Platform.jruby? do
309
335
  client_cert.not_before = Time.now + (5 * 60 * 60)
310
336
  expect {
311
- subject.create_context(config.merge(client_cert: client_cert))
337
+ subject.create_context(**config.merge(client_cert: client_cert))
312
338
  }.to raise_error(Puppet::SSL::CertVerifyError,
313
339
  "The certificate 'CN=signed' is not yet valid, verify time is synchronized")
314
340
  end
@@ -316,7 +342,7 @@ describe Puppet::SSL::SSLProvider do
316
342
  it 'raises if cert is expired', unless: Puppet::Util::Platform.jruby? do
317
343
  client_cert.not_after = Time.at(0)
318
344
  expect {
319
- subject.create_context(config.merge(client_cert: client_cert))
345
+ subject.create_context(**config.merge(client_cert: client_cert))
320
346
  }.to raise_error(Puppet::SSL::CertVerifyError,
321
347
  "The certificate 'CN=signed' has expired, verify time is synchronized")
322
348
  end
@@ -327,7 +353,7 @@ describe Puppet::SSL::SSLProvider do
327
353
  future_crls.first.last_update = Time.now + (5 * 60 * 60)
328
354
 
329
355
  expect {
330
- subject.create_context(config.merge(crls: future_crls))
356
+ subject.create_context(**config.merge(crls: future_crls))
331
357
  }.to raise_error(Puppet::SSL::CertVerifyError,
332
358
  "The CRL issued by 'CN=Test CA' is not yet valid, verify time is synchronized")
333
359
  end
@@ -338,7 +364,7 @@ describe Puppet::SSL::SSLProvider do
338
364
  past_crls.first.next_update = Time.at(0)
339
365
 
340
366
  expect {
341
- subject.create_context(config.merge(crls: past_crls))
367
+ subject.create_context(**config.merge(crls: past_crls))
342
368
  }.to raise_error(Puppet::SSL::CertVerifyError,
343
369
  "The CRL issued by 'CN=Test CA' has expired, verify time is synchronized")
344
370
  end
@@ -346,7 +372,7 @@ describe Puppet::SSL::SSLProvider do
346
372
  it 'raises if the root CRL is missing' do
347
373
  crls = [crl_fixture('intermediate-crl.pem')]
348
374
  expect {
349
- subject.create_context(config.merge(crls: crls, revocation: :chain))
375
+ subject.create_context(**config.merge(crls: crls, revocation: :chain))
350
376
  }.to raise_error(Puppet::SSL::CertVerifyError,
351
377
  "The CRL issued by 'CN=Test CA' is missing")
352
378
  end
@@ -354,23 +380,23 @@ describe Puppet::SSL::SSLProvider do
354
380
  it 'raises if the intermediate CRL is missing' do
355
381
  crls = [crl_fixture('crl.pem')]
356
382
  expect {
357
- subject.create_context(config.merge(crls: crls))
383
+ subject.create_context(**config.merge(crls: crls))
358
384
  }.to raise_error(Puppet::SSL::CertVerifyError,
359
385
  "The CRL issued by 'CN=Test CA Subauthority' is missing")
360
386
  end
361
387
 
362
388
  it "doesn't raise if the root CRL is missing and we're just checking the leaf" do
363
389
  crls = [crl_fixture('intermediate-crl.pem')]
364
- subject.create_context(config.merge(crls: crls, revocation: :leaf))
390
+ subject.create_context(**config.merge(crls: crls, revocation: :leaf))
365
391
  end
366
392
 
367
393
  it "doesn't raise if the intermediate CRL is missing and revocation checking is disabled" do
368
394
  crls = [crl_fixture('crl.pem')]
369
- subject.create_context(config.merge(crls: crls, revocation: false))
395
+ subject.create_context(**config.merge(crls: crls, revocation: false))
370
396
  end
371
397
 
372
398
  it "doesn't raise if both CRLs are missing and revocation checking is disabled" do
373
- subject.create_context(config.merge(crls: [], revocation: false))
399
+ subject.create_context(**config.merge(crls: [], revocation: false))
374
400
  end
375
401
 
376
402
  # OpenSSL < 1.1 does not verify basicConstraints
@@ -378,7 +404,7 @@ describe Puppet::SSL::SSLProvider do
378
404
  certs = [cert_fixture('bad-basic-constraints.pem'), cert_fixture('intermediate.pem')]
379
405
 
380
406
  expect {
381
- subject.create_context(config.merge(cacerts: certs, crls: [], revocation: false))
407
+ subject.create_context(**config.merge(cacerts: certs, crls: [], revocation: false))
382
408
  }.to raise_error(Puppet::SSL::CertVerifyError,
383
409
  "Certificate 'CN=Test CA' failed verification (24): invalid CA certificate")
384
410
  end
@@ -388,32 +414,32 @@ describe Puppet::SSL::SSLProvider do
388
414
  certs = [cert_fixture('ca.pem'), cert_fixture('bad-int-basic-constraints.pem')]
389
415
 
390
416
  expect {
391
- subject.create_context(config.merge(cacerts: certs, crls: [], revocation: false))
417
+ subject.create_context(**config.merge(cacerts: certs, crls: [], revocation: false))
392
418
  }.to raise_error(Puppet::SSL::CertVerifyError,
393
419
  "Certificate 'CN=Test CA Subauthority' failed verification (24): invalid CA certificate")
394
420
  end
395
421
 
396
422
  it 'accepts CA certs in any order' do
397
- sslctx = subject.create_context(config.merge(cacerts: global_cacerts.reverse))
423
+ sslctx = subject.create_context(**config.merge(cacerts: global_cacerts.reverse))
398
424
  # certs in ruby+openssl 1.0.x are not comparable, so compare subjects
399
425
  expect(sslctx.client_chain.map(&:subject).map(&:to_utf8)).to contain_exactly('CN=Test CA', 'CN=Test CA Subauthority', 'CN=signed')
400
426
  end
401
427
 
402
428
  it 'accepts CRLs in any order' do
403
- sslctx = subject.create_context(config.merge(crls: global_crls.reverse))
429
+ sslctx = subject.create_context(**config.merge(crls: global_crls.reverse))
404
430
  # certs in ruby+openssl 1.0.x are not comparable, so compare subjects
405
431
  expect(sslctx.client_chain.map(&:subject).map(&:to_utf8)).to contain_exactly('CN=Test CA', 'CN=Test CA Subauthority', 'CN=signed')
406
432
  end
407
433
 
408
434
  it 'raises if the frozen context is modified' do
409
- sslctx = subject.create_context(config)
435
+ sslctx = subject.create_context(**config)
410
436
  expect {
411
437
  sslctx.verify_peer = false
412
438
  }.to raise_error(/can't modify frozen/)
413
439
  end
414
440
 
415
441
  it 'verifies peer' do
416
- sslctx = subject.create_context(config)
442
+ sslctx = subject.create_context(**config)
417
443
  expect(sslctx.verify_peer).to eq(true)
418
444
  end
419
445
  end
@@ -197,7 +197,7 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
197
197
  end
198
198
 
199
199
  context 'when locking' do
200
- let(:lockfile) { double('ssllockfile') }
200
+ let(:lockfile) { Puppet::Util::Pidlock.new(Puppet[:ssl_lockfile]) }
201
201
  let(:machine) { described_class.new(cert_provider: cert_provider, ssl_provider: ssl_provider, lockfile: lockfile) }
202
202
 
203
203
  # lockfile is deleted before `ensure_ca_certificates` returns, so
@@ -210,7 +210,7 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
210
210
  end
211
211
 
212
212
  it 'locks the file prior to running the state machine and unlocks when done' do
213
- expect(lockfile).to receive(:lock).and_return(true).ordered
213
+ expect(lockfile).to receive(:lock).and_call_original.ordered
214
214
  expect(cert_provider).to receive(:load_cacerts).and_return(cacerts).ordered
215
215
  expect(cert_provider).to receive(:load_crls).and_return(crls).ordered
216
216
  expect(lockfile).to receive(:unlock).ordered
@@ -228,13 +228,6 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
228
228
  expect(File).to_not be_exist(Puppet[:ssl_lockfile])
229
229
  end
230
230
 
231
- it 'raises an exception when locking fails' do
232
- allow(lockfile).to receive(:lock).and_return(false)
233
- expect {
234
- machine.ensure_ca_certificates
235
- }.to raise_error(Puppet::Error, /Another puppet instance is already running; exiting/)
236
- end
237
-
238
231
  it 'acquires an empty lockfile' do
239
232
  Puppet::FileSystem.touch(Puppet[:ssl_lockfile])
240
233
 
@@ -262,6 +255,57 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
262
255
  machine = described_class.new(cert_provider: cert_provider, ssl_provider: ssl_provider)
263
256
  machine.ensure_ca_certificates
264
257
  end
258
+
259
+ context 'and another puppet process is running' do
260
+ let(:now) { Time.now }
261
+ let(:future) { now + (5 * 60)} # 5 mins in the future
262
+
263
+ before :each do
264
+ allow(lockfile).to receive(:lock).and_return(false)
265
+ end
266
+
267
+ it 'raises a puppet exception' do
268
+ expect {
269
+ machine.ensure_ca_certificates
270
+ }.to raise_error(Puppet::Error, /Another puppet instance is already running and the waitforlock setting is set to 0; exiting/)
271
+ end
272
+
273
+ it 'sleeps and retries successfully' do
274
+ machine = described_class.new(lockfile: lockfile, cert_provider: cert_provider, waitforlock: 1, maxwaitforlock: 10)
275
+ allow(cert_provider).to receive(:load_cacerts).and_return(cacerts)
276
+ allow(cert_provider).to receive(:load_crls).and_return(crls)
277
+ allow(Time).to receive(:now).and_return(now, future)
278
+
279
+ expect(Kernel).to receive(:sleep).with(1)
280
+ expect(Puppet).to receive(:info).with("Another puppet instance is already running; waiting for it to finish")
281
+ expect(Puppet).to receive(:info).with("Will try again in 1 seconds.")
282
+
283
+ allow(lockfile).to receive(:lock).and_return(false, true)
284
+
285
+ expect(machine.ensure_ca_certificates).to be_an_instance_of(Puppet::SSL::SSLContext)
286
+ end
287
+
288
+ it 'sleeps and retries unsuccessfully until the deadline is exceeded' do
289
+ machine = described_class.new(lockfile: lockfile, waitforlock: 1, maxwaitforlock: 10)
290
+ allow(Time).to receive(:now).and_return(now, future)
291
+
292
+ expect(Kernel).to receive(:sleep).with(1)
293
+ expect(Puppet).to receive(:info).with("Another puppet instance is already running; waiting for it to finish")
294
+ expect(Puppet).to receive(:info).with("Will try again in 1 seconds.")
295
+
296
+ allow(lockfile).to receive(:lock).and_return(false)
297
+ expect {
298
+ machine.ensure_ca_certificates
299
+ }.to raise_error(Puppet::Error, /Another puppet instance is already running and the maxwaitforlock timeout has been exceeded; exiting/)
300
+ end
301
+
302
+ it 'defaults the waitlock deadline to 60 seconds' do
303
+ allow(Time).to receive(:now).and_return(now)
304
+
305
+ machine = described_class.new
306
+ expect(machine.waitlock_deadline).to eq(now.to_i + 60)
307
+ end
308
+ end
265
309
  end
266
310
 
267
311
  context 'NeedCACerts' do
@@ -837,7 +881,7 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
837
881
  }.to output(/Exiting now because the waitforcert setting is set to 0./).to_stdout
838
882
  end
839
883
 
840
- it 'sleeps and transitions to NeedCACerts' do
884
+ it 'sleeps and transitions to NeedLock' do
841
885
  machine = described_class.new(waitforcert: 15)
842
886
 
843
887
  state = Puppet::SSL::StateMachine::Wait.new(machine)
@@ -845,10 +889,10 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
845
889
 
846
890
  expect(Puppet).to receive(:info).with(/Will try again in 15 seconds./)
847
891
 
848
- expect(state.next_state).to be_an_instance_of(Puppet::SSL::StateMachine::NeedCACerts)
892
+ expect(state.next_state).to be_an_instance_of(Puppet::SSL::StateMachine::NeedLock)
849
893
  end
850
894
 
851
- it 'sleeps and transitions to NeedCACerts when maxwaitforcert is set' do
895
+ it 'sleeps and transitions to NeedLock when maxwaitforcert is set' do
852
896
  machine = described_class.new(waitforcert: 15, maxwaitforcert: 30)
853
897
 
854
898
  state = Puppet::SSL::StateMachine::Wait.new(machine)
@@ -856,7 +900,7 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
856
900
 
857
901
  expect(Puppet).to receive(:info).with(/Will try again in 15 seconds./)
858
902
 
859
- expect(state.next_state).to be_an_instance_of(Puppet::SSL::StateMachine::NeedCACerts)
903
+ expect(state.next_state).to be_an_instance_of(Puppet::SSL::StateMachine::NeedLock)
860
904
  end
861
905
 
862
906
  it 'waits indefinitely by default' do
@@ -882,11 +926,43 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
882
926
  machine = described_class.new(waitforcert: 15)
883
927
 
884
928
  state = Puppet::SSL::StateMachine::Wait.new(machine)
885
- expect(Puppet.runtime['http'].pool).to receive(:close).and_call_original
929
+ expect(Puppet.runtime[:http].pool).to receive(:close).and_call_original
886
930
  expect(Kernel).to receive(:sleep).with(15).ordered
887
931
 
888
932
  state.next_state
889
933
  end
934
+
935
+ it 'releases the lock while sleeping' do
936
+ lockfile = Puppet::Util::Pidlock.new(Puppet[:ssl_lockfile])
937
+ machine = described_class.new(lockfile: lockfile)
938
+ state = Puppet::SSL::StateMachine::Wait.new(machine)
939
+
940
+ # pidlock should be unlocked while sleeping
941
+ allow(Kernel).to receive(:sleep) do
942
+ expect(lockfile).to_not be_locked
943
+ end
944
+
945
+ # lock before running the state
946
+ lockfile.lock
947
+ state.next_state
948
+ end
949
+ end
950
+
951
+ context 'in state NeedLock' do
952
+ let(:ssl_context) { Puppet::SSL::SSLContext.new(cacerts: []) }
953
+ let(:lockfile) { Puppet::Util::Pidlock.new(Puppet[:ssl_lockfile]) }
954
+ let(:machine) { described_class.new(lockfile: lockfile) }
955
+ let(:state) { Puppet::SSL::StateMachine::NeedLock.new(machine) }
956
+
957
+ it 'acquires the lock and transitions to NeedCACerts' do
958
+ expect(state.next_state).to be_an_instance_of(Puppet::SSL::StateMachine::NeedCACerts)
959
+ expect(lockfile).to be_locked
960
+ end
961
+
962
+ it 'transitions to LockFailure if it fails to acquire the lock' do
963
+ expect(lockfile).to receive(:lock).and_return(false)
964
+ expect(state.next_state).to be_an_instance_of(Puppet::SSL::StateMachine::LockFailure)
965
+ end
890
966
  end
891
967
  end
892
968
  end