puppet 6.15.0-x64-mingw32 → 6.16.0-x64-mingw32
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CODEOWNERS +2 -7
- data/Gemfile.lock +17 -14
- data/lib/puppet.rb +32 -8
- data/lib/puppet/agent.rb +18 -4
- data/lib/puppet/application/agent.rb +1 -2
- data/lib/puppet/application/device.rb +1 -1
- data/lib/puppet/application/plugin.rb +1 -0
- data/lib/puppet/application/ssl.rb +1 -1
- data/lib/puppet/configurer.rb +2 -2
- data/lib/puppet/context/trusted_information.rb +14 -8
- data/lib/puppet/daemon.rb +13 -27
- data/lib/puppet/defaults.rb +19 -0
- data/lib/puppet/face/facts.rb +1 -1
- data/lib/puppet/face/help.rb +29 -3
- data/lib/puppet/face/module/search.rb +5 -0
- data/lib/puppet/face/plugin.rb +1 -1
- data/lib/puppet/file_serving/http_metadata.rb +1 -1
- data/lib/puppet/file_system/uniquefile.rb +4 -0
- data/lib/puppet/forge/repository.rb +7 -6
- data/lib/puppet/functions/filter.rb +1 -0
- data/lib/puppet/http/client.rb +22 -11
- data/lib/puppet/http/external_client.rb +0 -6
- data/lib/puppet/indirector/file_content/http.rb +5 -0
- data/lib/puppet/indirector/file_metadata/http.rb +4 -4
- data/lib/puppet/indirector/rest.rb +7 -1
- data/lib/puppet/network/http/compression.rb +7 -0
- data/lib/puppet/network/http/connection.rb +2 -0
- data/lib/puppet/network/http/connection_adapter.rb +182 -0
- data/lib/puppet/network/http/nocache_pool.rb +1 -0
- data/lib/puppet/network/http_pool.rb +2 -2
- data/lib/puppet/pal/catalog_compiler.rb +5 -0
- data/lib/puppet/pal/pal_impl.rb +4 -1
- data/lib/puppet/parser/compiler.rb +28 -25
- data/lib/puppet/parser/functions/filter.rb +1 -0
- data/lib/puppet/provider/package/aix.rb +17 -2
- data/lib/puppet/provider/package/apt.rb +4 -1
- data/lib/puppet/provider/package/dnfmodule.rb +24 -4
- data/lib/puppet/provider/package/pip.rb +60 -37
- data/lib/puppet/provider/package/portage.rb +2 -2
- data/lib/puppet/provider/package/yum.rb +7 -0
- data/lib/puppet/provider/package/zypper.rb +59 -1
- data/lib/puppet/provider/service/systemd.rb +21 -4
- data/lib/puppet/provider/user/useradd.rb +5 -1
- data/lib/puppet/reports/http.rb +5 -3
- data/lib/puppet/runtime.rb +25 -2
- data/lib/puppet/ssl/state_machine.rb +33 -8
- data/lib/puppet/ssl/verifier_adapter.rb +9 -1
- data/lib/puppet/test/test_helper.rb +1 -1
- data/lib/puppet/type/file/source.rb +1 -1
- data/lib/puppet/type/package.rb +16 -1
- data/lib/puppet/type/service.rb +6 -8
- data/lib/puppet/type/user.rb +1 -7
- data/lib/puppet/util/autoload.rb +1 -18
- data/lib/puppet/util/log/destinations.rb +1 -10
- data/lib/puppet/util/package/version/range.rb +4 -1
- data/lib/puppet/util/package/version/range/eq.rb +14 -0
- data/lib/puppet/version.rb +1 -1
- data/locales/puppet.pot +191 -111
- data/man/man5/puppet.conf.5 +21 -2
- data/man/man8/puppet-agent.8 +1 -1
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +1 -1
- data/man/man8/puppet-filebucket.8 +1 -1
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +6 -3
- data/man/man8/puppet-key.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-man.8 +1 -1
- data/man/man8/puppet-module.8 +4 -1
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +1 -1
- data/man/man8/puppet-status.8 +1 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/unit/provider/package/dnfmodule/{dnf-module-list-enabled.txt → dnf-module-list.txt} +6 -0
- data/spec/fixtures/unit/provider/package/zypper/zypper-search-uninstalled.out +13 -0
- data/spec/integration/application/agent_spec.rb +66 -1
- data/spec/integration/application/plugin_spec.rb +23 -0
- data/spec/integration/http/client_spec.rb +6 -1
- data/spec/integration/network/http_pool_spec.rb +56 -0
- data/spec/integration/util/windows/adsi_spec.rb +5 -0
- data/spec/lib/puppet_spec/https.rb +6 -0
- data/spec/unit/agent_spec.rb +47 -1
- data/spec/unit/application/agent_spec.rb +4 -4
- data/spec/unit/context/trusted_information_spec.rb +17 -0
- data/spec/unit/daemon_spec.rb +5 -64
- data/spec/unit/face/module/search_spec.rb +17 -0
- data/spec/unit/file_system/uniquefile_spec.rb +11 -0
- data/spec/unit/http/client_spec.rb +10 -10
- data/spec/unit/http/external_client_spec.rb +9 -9
- data/spec/unit/indirector/catalog/compiler_spec.rb +1 -0
- data/spec/unit/indirector/file_metadata/http_spec.rb +167 -0
- data/spec/unit/indirector/file_metadata/rest_spec.rb +15 -14
- data/spec/unit/indirector/rest_spec.rb +13 -0
- data/spec/unit/network/http/connection_spec.rb +542 -190
- data/spec/unit/network/http/nocache_pool_spec.rb +22 -0
- data/spec/unit/network/http_pool_spec.rb +63 -57
- data/spec/unit/network/http_spec.rb +1 -1
- data/spec/unit/provider/package/aix_spec.rb +29 -0
- data/spec/unit/provider/package/dnfmodule_spec.rb +25 -5
- data/spec/unit/provider/package/pip_spec.rb +42 -16
- data/spec/unit/provider/package/portage_spec.rb +5 -0
- data/spec/unit/provider/package/yum_spec.rb +16 -8
- data/spec/unit/provider/package/zypper_spec.rb +84 -0
- data/spec/unit/provider/service/init_spec.rb +1 -0
- data/spec/unit/provider/service/openbsd_spec.rb +9 -0
- data/spec/unit/provider/service/openwrt_spec.rb +1 -0
- data/spec/unit/provider/service/redhat_spec.rb +9 -0
- data/spec/unit/provider/service/systemd_spec.rb +84 -13
- data/spec/unit/provider/user/useradd_spec.rb +8 -0
- data/spec/unit/puppet_pal_catalog_spec.rb +43 -0
- data/spec/unit/puppet_spec.rb +33 -0
- data/spec/unit/reports/http_spec.rb +1 -1
- data/spec/unit/ssl/state_machine_spec.rb +52 -8
- data/spec/unit/type/service_spec.rb +9 -8
- data/spec/unit/type/user_spec.rb +1 -1
- data/spec/unit/util/autoload_spec.rb +2 -1
- data/spec/unit/util/log/destinations_spec.rb +1 -29
- data/spec/unit/util/package/version/range_spec.rb +22 -1
- data/tasks/manpages.rake +5 -35
- metadata +10 -4
@@ -20,9 +20,9 @@ Puppet::Type.type(:package).provide :portage, :parent => Puppet::Provider::Packa
|
|
20
20
|
end
|
21
21
|
end
|
22
22
|
|
23
|
-
confine :
|
23
|
+
confine :osfamily => :gentoo
|
24
24
|
|
25
|
-
defaultfor :
|
25
|
+
defaultfor :osfamily => :gentoo
|
26
26
|
|
27
27
|
def self.instances
|
28
28
|
result_format = self.eix_result_format
|
@@ -43,6 +43,10 @@ defaultfor :osfamily => :redhat, :operatingsystemmajrelease => (4..7).to_a
|
|
43
43
|
if should.is_a?(String)
|
44
44
|
begin
|
45
45
|
should_version = RPM_VERSION_RANGE.parse(should, RPM_VERSION)
|
46
|
+
|
47
|
+
if should_version.is_a?(RPM_VERSION_RANGE::Eq)
|
48
|
+
return super
|
49
|
+
end
|
46
50
|
rescue RPM_VERSION_RANGE::ValidationFailure, RPM_VERSION::ValidationFailure
|
47
51
|
Puppet.debug("Cannot parse #{should} as a RPM version range")
|
48
52
|
return super
|
@@ -192,6 +196,9 @@ defaultfor :osfamily => :redhat, :operatingsystemmajrelease => (4..7).to_a
|
|
192
196
|
if should.is_a?(String)
|
193
197
|
begin
|
194
198
|
should_range = RPM_VERSION_RANGE.parse(should, RPM_VERSION)
|
199
|
+
if should_range.is_a?(RPM_VERSION_RANGE::Eq)
|
200
|
+
return should
|
201
|
+
end
|
195
202
|
rescue RPM_VERSION_RANGE::ValidationFailure, RPM_VERSION::ValidationFailure
|
196
203
|
Puppet.debug("Cannot parse #{should} as a RPM version range")
|
197
204
|
return should
|
@@ -2,7 +2,7 @@ Puppet::Type.type(:package).provide :zypper, :parent => :rpm, :source => :rpm do
|
|
2
2
|
desc "Support for SuSE `zypper` package manager. Found in SLES10sp2+ and SLES11.
|
3
3
|
|
4
4
|
This provider supports the `install_options` attribute, which allows command-line flags to be passed to zypper.
|
5
|
-
These options should be specified as an array where each element is either a
|
5
|
+
These options should be specified as an array where each element is either a
|
6
6
|
string or a hash."
|
7
7
|
|
8
8
|
has_feature :versionable, :install_options, :virtual_packages
|
@@ -50,6 +50,41 @@ Puppet::Type.type(:package).provide :zypper, :parent => :rpm, :source => :rpm do
|
|
50
50
|
execute(cmd, { :failonfail => false, :combine => true})
|
51
51
|
end
|
52
52
|
|
53
|
+
def best_version(should)
|
54
|
+
if should.is_a?(String)
|
55
|
+
begin
|
56
|
+
should_range = Puppet::Util::Package::Version::Range.parse(should, Puppet::Util::Package::Version::Rpm)
|
57
|
+
rescue Puppet::Util::Package::Version::Range::ValidationFailure, Puppet::Util::Package::Version::Rpm::ValidationFailure
|
58
|
+
Puppet.debug("Cannot parse #{should} as a RPM version range")
|
59
|
+
return should
|
60
|
+
end
|
61
|
+
|
62
|
+
if should_range.is_a?(Puppet::Util::Package::Version::Range::Eq)
|
63
|
+
return should
|
64
|
+
end
|
65
|
+
|
66
|
+
sorted_versions = SortedSet.new
|
67
|
+
|
68
|
+
output = zypper('search', '--match-exact', '--type', 'package', '--uninstalled-only', '-s', @resource[:name])
|
69
|
+
output.lines.each do |line|
|
70
|
+
pkg_ver = line.split(/\s*\|\s*/)
|
71
|
+
next unless pkg_ver[1] == @resource[:name]
|
72
|
+
begin
|
73
|
+
rpm_version = Puppet::Util::Package::Version::Rpm.parse(pkg_ver[3])
|
74
|
+
|
75
|
+
sorted_versions << rpm_version if should_range.include?(rpm_version)
|
76
|
+
rescue Puppet::Util::Package::Version::Rpm::ValidationFailure
|
77
|
+
Puppet.debug("Cannot parse #{pkg_ver[3]} as a RPM version")
|
78
|
+
end
|
79
|
+
end
|
80
|
+
|
81
|
+
return sorted_versions.entries.last if sorted_versions.any?
|
82
|
+
|
83
|
+
Puppet.debug("No available version for package #{@resource[:name]} is included in range #{should_range}")
|
84
|
+
should
|
85
|
+
end
|
86
|
+
end
|
87
|
+
|
53
88
|
# Install a package using 'zypper'.
|
54
89
|
def install
|
55
90
|
should = @resource.should(:ensure)
|
@@ -62,6 +97,7 @@ Puppet::Type.type(:package).provide :zypper, :parent => :rpm, :source => :rpm do
|
|
62
97
|
should = nil
|
63
98
|
else
|
64
99
|
# Add the package version
|
100
|
+
should = best_version(should)
|
65
101
|
wanted = "#{wanted}-#{should}"
|
66
102
|
end
|
67
103
|
|
@@ -89,6 +125,7 @@ Puppet::Type.type(:package).provide :zypper, :parent => :rpm, :source => :rpm do
|
|
89
125
|
options = []
|
90
126
|
options << quiet
|
91
127
|
options << '--no-gpg-check' unless inst_opts.delete('--no-gpg-check').nil?
|
128
|
+
options << '--no-gpg-checks' unless inst_opts.delete('--no-gpg-checks').nil?
|
92
129
|
options << :install
|
93
130
|
|
94
131
|
#zypper 0.6.13 (OpenSuSE 10.2) does not support auto agree with licenses
|
@@ -142,4 +179,25 @@ Puppet::Type.type(:package).provide :zypper, :parent => :rpm, :source => :rpm do
|
|
142
179
|
end
|
143
180
|
|
144
181
|
end
|
182
|
+
|
183
|
+
def insync?(is)
|
184
|
+
return false if [:purged, :absent].include?(is)
|
185
|
+
|
186
|
+
should = @resource[:ensure]
|
187
|
+
if should.is_a?(String)
|
188
|
+
begin
|
189
|
+
should_version = Puppet::Util::Package::Version::Range.parse(should, Puppet::Util::Package::Version::Rpm)
|
190
|
+
rescue Puppet::Util::Package::Version::Range::ValidationFailure, Puppet::Util::Package::Version::Rpm::ValidationFailure
|
191
|
+
Puppet.debug("Cannot parse #{should} as a RPM version range")
|
192
|
+
return super
|
193
|
+
end
|
194
|
+
|
195
|
+
begin
|
196
|
+
is_version = Puppet::Util::Package::Version::Rpm.parse(is)
|
197
|
+
should_version.include?(is_version)
|
198
|
+
rescue Puppet::Util::Package::Version::Rpm::ValidationFailure
|
199
|
+
Puppet.debug("Cannot parse #{is} as a RPM version")
|
200
|
+
end
|
201
|
+
end
|
202
|
+
end
|
145
203
|
end
|
@@ -30,7 +30,7 @@ Puppet::Type.type(:service).provide :systemd, :parent => :base do
|
|
30
30
|
def self.instances
|
31
31
|
i = []
|
32
32
|
output = systemctl('list-unit-files', '--type', 'service', '--full', '--all', '--no-pager')
|
33
|
-
output.scan(/^(\S+)\s+(disabled|enabled|masked|indirect|bad)\s*$/i).each do |m|
|
33
|
+
output.scan(/^(\S+)\s+(disabled|enabled|masked|indirect|bad|static)\s*$/i).each do |m|
|
34
34
|
Puppet.debug("#{m[0]} marked as bad by `systemctl`. It is recommended to be further checked.") if m[1] == "bad"
|
35
35
|
i << new(:name => m[0])
|
36
36
|
end
|
@@ -39,6 +39,22 @@ Puppet::Type.type(:service).provide :systemd, :parent => :base do
|
|
39
39
|
return []
|
40
40
|
end
|
41
41
|
|
42
|
+
# Static services cannot be enabled or disabled manually. Indirect services
|
43
|
+
# should not be enabled or disabled due to limitations in systemd (see
|
44
|
+
# https://github.com/systemd/systemd/issues/6681).
|
45
|
+
def enabled_insync?(current)
|
46
|
+
case cached_enabled?[:output]
|
47
|
+
when 'static'
|
48
|
+
Puppet.debug("Unable to enable or disable static service #{@resource[:name]}")
|
49
|
+
return true
|
50
|
+
when 'indirect'
|
51
|
+
Puppet.debug("Service #{@resource[:name]} is in 'indirect' state and cannot be enabled/disabled")
|
52
|
+
return true
|
53
|
+
else
|
54
|
+
current == @resource[:enable]
|
55
|
+
end
|
56
|
+
end
|
57
|
+
|
42
58
|
# This helper ensures that the enable state cache is always reset
|
43
59
|
# after a systemctl enable operation. A particular service state is not guaranteed
|
44
60
|
# after such an operation, so the cache must be emptied to prevent inconsistencies
|
@@ -70,12 +86,13 @@ Puppet::Type.type(:service).provide :systemd, :parent => :base do
|
|
70
86
|
def cached_enabled?
|
71
87
|
return @cached_enabled if @cached_enabled
|
72
88
|
cmd = [command(:systemctl), 'is-enabled', '--', @resource[:name]]
|
73
|
-
|
89
|
+
result = execute(cmd, :failonfail => false)
|
90
|
+
@cached_enabled = { output: result.chomp, exitcode: result.exitstatus }
|
74
91
|
end
|
75
92
|
|
76
93
|
def enabled?
|
77
|
-
output = cached_enabled?
|
78
|
-
code =
|
94
|
+
output = cached_enabled?[:output]
|
95
|
+
code = cached_enabled?[:exitcode]
|
79
96
|
|
80
97
|
# The masked state is equivalent to the disabled state in terms of
|
81
98
|
# comparison so we only care to check if it is masked if we want to keep
|
@@ -21,7 +21,11 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
|
|
21
21
|
options :expiry, :method => :sp_expire,
|
22
22
|
:munge => proc { |value|
|
23
23
|
if value == :absent
|
24
|
-
''
|
24
|
+
if Facter.value(:operatingsystem)=='SLES' && Facter.value(:operatingsystemmajrelease) == "11"
|
25
|
+
-1
|
26
|
+
else
|
27
|
+
''
|
28
|
+
end
|
25
29
|
else
|
26
30
|
case Facter.value(:operatingsystem)
|
27
31
|
when 'Solaris'
|
data/lib/puppet/reports/http.rb
CHANGED
@@ -26,11 +26,13 @@ Puppet::Reports.register_report(:http) do
|
|
26
26
|
}
|
27
27
|
|
28
28
|
if url.user && url.password
|
29
|
-
options[:
|
30
|
-
|
29
|
+
options[:basic_auth] = {
|
30
|
+
user: url.user,
|
31
|
+
password: url.password
|
32
|
+
}
|
31
33
|
end
|
32
34
|
|
33
|
-
client = Puppet.runtime[
|
35
|
+
client = Puppet.runtime[:http]
|
34
36
|
client.post(url, self.to_yaml, headers: headers, options: options) do |response|
|
35
37
|
unless response.success?
|
36
38
|
Puppet.err _("Unable to submit report to %{url} [%{code}] %{message}") % { url: Puppet[:reporturl].to_s, code: response.code, message: response.reason }
|
data/lib/puppet/runtime.rb
CHANGED
@@ -1,16 +1,32 @@
|
|
1
1
|
require 'puppet/http'
|
2
2
|
require 'singleton'
|
3
3
|
|
4
|
+
# Provides access to runtime implementations.
|
5
|
+
#
|
6
|
+
# @api private
|
4
7
|
class Puppet::Runtime
|
5
8
|
include Singleton
|
6
9
|
|
7
10
|
def initialize
|
8
11
|
@runtime_services = {
|
9
|
-
|
12
|
+
http: proc do
|
13
|
+
klass = Puppet::Network::HttpPool.http_client_class
|
14
|
+
if klass == Puppet::Network::HTTP::Connection ||
|
15
|
+
klass == Puppet::Network::HTTP::ConnectionAdapter
|
16
|
+
Puppet::HTTP::Client.new
|
17
|
+
else
|
18
|
+
Puppet::HTTP::ExternalClient.new(klass)
|
19
|
+
end
|
20
|
+
end
|
10
21
|
}
|
11
22
|
end
|
12
23
|
private :initialize
|
13
24
|
|
25
|
+
# Get a runtime implementation.
|
26
|
+
#
|
27
|
+
# @param name [Symbol] the name of the implementation
|
28
|
+
# @return [Object] the runtime implementation
|
29
|
+
# @api private
|
14
30
|
def [](name)
|
15
31
|
service = @runtime_services[name]
|
16
32
|
raise ArgumentError, "Unknown service #{name}" unless service
|
@@ -22,11 +38,18 @@ class Puppet::Runtime
|
|
22
38
|
end
|
23
39
|
end
|
24
40
|
|
41
|
+
# Register a runtime implementation.
|
42
|
+
#
|
43
|
+
# @param name [Symbol] the name of the implementation
|
44
|
+
# @param impl [Object] the runtime implementation
|
45
|
+
# @api private
|
25
46
|
def []=(name, impl)
|
26
47
|
@runtime_services[name] = impl
|
27
48
|
end
|
28
49
|
|
29
|
-
# for testing
|
50
|
+
# Clears all implementations. This is used for testing.
|
51
|
+
#
|
52
|
+
# @api private
|
30
53
|
def clear
|
31
54
|
initialize
|
32
55
|
end
|
@@ -279,8 +279,8 @@ class Puppet::SSL::StateMachine
|
|
279
279
|
Puppet.info(_("Will try again in %{time} seconds.") % {time: time})
|
280
280
|
|
281
281
|
# close persistent connections and session state before sleeping
|
282
|
-
Puppet.runtime[
|
283
|
-
@machine.session = Puppet.runtime[
|
282
|
+
Puppet.runtime[:http].close
|
283
|
+
@machine.session = Puppet.runtime[:http].create_session
|
284
284
|
|
285
285
|
@machine.unlock
|
286
286
|
Kernel.sleep(time)
|
@@ -301,15 +301,31 @@ class Puppet::SSL::StateMachine
|
|
301
301
|
# our ssl directory may have been cleaned while we were
|
302
302
|
# sleeping, start over from the top
|
303
303
|
NeedCACerts.new(@machine)
|
304
|
+
elsif @machine.waitforlock < 1
|
305
|
+
LockFailure.new(@machine, _("Another puppet instance is already running and the waitforlock setting is set to 0; exiting"))
|
306
|
+
elsif Time.now.to_i >= @machine.waitlock_deadline
|
307
|
+
LockFailure.new(@machine, _("Another puppet instance is already running and the maxwaitforlock timeout has been exceeded; exiting"))
|
304
308
|
else
|
305
|
-
|
309
|
+
Puppet.info _("Another puppet instance is already running; waiting for it to finish")
|
310
|
+
Puppet.info _("Will try again in %{time} seconds.") % {time: @machine.waitforlock}
|
311
|
+
Kernel.sleep @machine.waitforlock
|
312
|
+
|
313
|
+
# try again
|
314
|
+
self
|
306
315
|
end
|
307
316
|
end
|
308
317
|
end
|
309
318
|
|
310
319
|
# We failed to acquire the lock, so exit
|
311
320
|
#
|
312
|
-
class LockFailure < SSLState
|
321
|
+
class LockFailure < SSLState
|
322
|
+
attr_reader :message
|
323
|
+
|
324
|
+
def initialize(machine, message)
|
325
|
+
super(machine, nil)
|
326
|
+
@message = message
|
327
|
+
end
|
328
|
+
end
|
313
329
|
|
314
330
|
# We cannot make progress due to an error.
|
315
331
|
#
|
@@ -333,7 +349,7 @@ class Puppet::SSL::StateMachine
|
|
333
349
|
#
|
334
350
|
class Done < SSLState; end
|
335
351
|
|
336
|
-
attr_reader :waitforcert, :wait_deadline, :cert_provider, :ssl_provider, :ca_fingerprint, :digest
|
352
|
+
attr_reader :waitforcert, :wait_deadline, :waitforlock, :waitlock_deadline, :cert_provider, :ssl_provider, :ca_fingerprint, :digest
|
337
353
|
attr_accessor :session
|
338
354
|
|
339
355
|
# Construct a state machine to manage the SSL initialization process. By
|
@@ -346,7 +362,12 @@ class Puppet::SSL::StateMachine
|
|
346
362
|
# then then state machine will exit instead of wait.
|
347
363
|
#
|
348
364
|
# @param waitforcert [Integer] how many seconds to wait between attempts
|
349
|
-
# @param
|
365
|
+
# @param maxwaitforcert [Integer] maximum amount of seconds to wait for the
|
366
|
+
# server to sign the certificate request
|
367
|
+
# @param waitforlock [Integer] how many seconds to wait between attempts for
|
368
|
+
# acquiring the ssl lock
|
369
|
+
# @param maxwaitforlock [Integer] maximum amount of seconds to wait for an
|
370
|
+
# already running process to release the ssl lock
|
350
371
|
# @param onetime [Boolean] whether to run onetime
|
351
372
|
# @param lockfile [Puppet::Util::Pidlock] lockfile to protect against
|
352
373
|
# concurrent modification by multiple processes
|
@@ -359,6 +380,8 @@ class Puppet::SSL::StateMachine
|
|
359
380
|
# downloaded CA bundle
|
360
381
|
def initialize(waitforcert: Puppet[:waitforcert],
|
361
382
|
maxwaitforcert: Puppet[:maxwaitforcert],
|
383
|
+
waitforlock: Puppet[:waitforlock],
|
384
|
+
maxwaitforlock: Puppet[:maxwaitforlock],
|
362
385
|
onetime: Puppet[:onetime],
|
363
386
|
cert_provider: Puppet::X509::CertProvider.new,
|
364
387
|
ssl_provider: Puppet::SSL::SSLProvider.new,
|
@@ -367,13 +390,15 @@ class Puppet::SSL::StateMachine
|
|
367
390
|
ca_fingerprint: Puppet[:ca_fingerprint])
|
368
391
|
@waitforcert = waitforcert
|
369
392
|
@wait_deadline = Time.now.to_i + maxwaitforcert
|
393
|
+
@waitforlock = waitforlock
|
394
|
+
@waitlock_deadline = Time.now.to_i + maxwaitforlock
|
370
395
|
@onetime = onetime
|
371
396
|
@cert_provider = cert_provider
|
372
397
|
@ssl_provider = ssl_provider
|
373
398
|
@lockfile = lockfile
|
374
399
|
@digest = digest
|
375
400
|
@ca_fingerprint = ca_fingerprint
|
376
|
-
@session = Puppet.runtime[
|
401
|
+
@session = Puppet.runtime[:http].create_session
|
377
402
|
end
|
378
403
|
|
379
404
|
# Run the state machine for CA certs and CRLs.
|
@@ -427,7 +452,7 @@ class Puppet::SSL::StateMachine
|
|
427
452
|
when stop
|
428
453
|
break
|
429
454
|
when LockFailure
|
430
|
-
raise Puppet::Error,
|
455
|
+
raise Puppet::Error, state.message
|
431
456
|
when Error
|
432
457
|
if @onetime
|
433
458
|
Puppet.log_exception(state.error)
|
@@ -6,10 +6,18 @@
|
|
6
6
|
# loaded above.
|
7
7
|
#
|
8
8
|
class Puppet::SSL::VerifierAdapter
|
9
|
-
attr_reader :validator
|
9
|
+
attr_reader :validator, :ssl_context
|
10
10
|
|
11
11
|
def initialize(validator)
|
12
12
|
@validator = validator
|
13
|
+
|
14
|
+
if validator.is_a?(Puppet::SSL::Validator::NoValidator)
|
15
|
+
ssl = Puppet::SSL::SSLProvider.new
|
16
|
+
@ssl_context = ssl.create_insecure_context
|
17
|
+
else
|
18
|
+
# nil means use the default SSLContext
|
19
|
+
@ssl_context = nil
|
20
|
+
end
|
13
21
|
end
|
14
22
|
|
15
23
|
# Return true if `self` is reusable with `verifier` meaning they
|
@@ -137,7 +137,7 @@ module Puppet::Test
|
|
137
137
|
trusted_information:
|
138
138
|
Puppet::Context::TrustedInformation.new('local', 'testing', {}, { "trusted_testhelper" => true }),
|
139
139
|
ssl_context: Puppet::SSL::SSLContext.new(cacerts: []).freeze,
|
140
|
-
http_session: proc { Puppet.runtime[
|
140
|
+
http_session: proc { Puppet.runtime[:http].create_session }
|
141
141
|
},
|
142
142
|
"Context for specs")
|
143
143
|
|
@@ -297,7 +297,7 @@ module Puppet
|
|
297
297
|
end
|
298
298
|
|
299
299
|
def get_from_http_source(url, &block)
|
300
|
-
client = Puppet.runtime[
|
300
|
+
client = Puppet.runtime[:http]
|
301
301
|
client.get(url, options: {include_system_store: true}) do |response|
|
302
302
|
raise Puppet::HTTP::ResponseError.new(response) unless response.success?
|
303
303
|
|
data/lib/puppet/type/package.rb
CHANGED
@@ -62,6 +62,9 @@ module Puppet
|
|
62
62
|
passed to the installer command."
|
63
63
|
feature :uninstall_options, "The provider accepts options to be
|
64
64
|
passed to the uninstaller command."
|
65
|
+
feature :disableable, "The provider can disable packages. This feature is used by specifying `disabled` as the
|
66
|
+
desired value for the package.",
|
67
|
+
:methods => [:disable]
|
65
68
|
feature :supports_flavors, "The provider accepts flavors, which are specific variants of packages."
|
66
69
|
feature :package_settings, "The provider accepts package_settings to be
|
67
70
|
ensured for the given package. The meaning and format of these settings is
|
@@ -107,6 +110,10 @@ module Puppet
|
|
107
110
|
provider.deprecated_hold
|
108
111
|
end
|
109
112
|
|
113
|
+
newvalue(:disabled, :required_features => :disableable) do
|
114
|
+
provider.disable
|
115
|
+
end
|
116
|
+
|
110
117
|
# Alias the 'present' value.
|
111
118
|
aliasvalue(:installed, :present)
|
112
119
|
|
@@ -154,7 +161,7 @@ module Puppet
|
|
154
161
|
@should.each { |should|
|
155
162
|
case should
|
156
163
|
when :present
|
157
|
-
return true unless [:absent, :purged, :held].include?(is)
|
164
|
+
return true unless [:absent, :purged, :held, :disabled].include?(is)
|
158
165
|
when :latest
|
159
166
|
# Short-circuit packages that are not present
|
160
167
|
return false if is == :absent || is == :purged
|
@@ -411,6 +418,11 @@ module Puppet
|
|
411
418
|
newproperty(:flavor, :required_features => :supports_flavors) do
|
412
419
|
desc "OpenBSD and DNF modules support 'flavors', which are
|
413
420
|
further specifications for which type of package you want."
|
421
|
+
validate do |value|
|
422
|
+
if [:disabled, "disabled"].include?(@resource[:ensure]) && value
|
423
|
+
raise ArgumentError, _('Cannot have both `ensure => disabled` and `flavor`')
|
424
|
+
end
|
425
|
+
end
|
414
426
|
end
|
415
427
|
|
416
428
|
newparam(:source) do
|
@@ -509,6 +521,9 @@ module Puppet
|
|
509
521
|
if [true, :true, "true"].include?(value) && @resource[:flavor]
|
510
522
|
raise ArgumentError, _('Cannot have both `enable_only => true` and `flavor`')
|
511
523
|
end
|
524
|
+
if [:disabled, "disabled"].include?(@resource[:ensure])
|
525
|
+
raise ArgumentError, _('Cannot have both `ensure => disabled` and `enable_only => true`')
|
526
|
+
end
|
512
527
|
end
|
513
528
|
end
|
514
529
|
|