puppet 6.15.0-x64-mingw32 → 6.19.1-x64-mingw32
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CODEOWNERS +2 -7
- data/Gemfile +4 -2
- data/Gemfile.lock +29 -27
- data/README.md +3 -4
- data/Rakefile +4 -12
- data/lib/puppet.rb +32 -8
- data/lib/puppet/agent.rb +18 -4
- data/lib/puppet/agent/locker.rb +0 -7
- data/lib/puppet/application/agent.rb +23 -8
- data/lib/puppet/application/apply.rb +18 -20
- data/lib/puppet/application/device.rb +1 -1
- data/lib/puppet/application/doc.rb +1 -1
- data/lib/puppet/application/lookup.rb +16 -4
- data/lib/puppet/application/plugin.rb +1 -0
- data/lib/puppet/application/ssl.rb +1 -1
- data/lib/puppet/configurer.rb +61 -21
- data/lib/puppet/configurer/downloader.rb +31 -10
- data/lib/puppet/confine.rb +2 -2
- data/lib/puppet/confine/any.rb +1 -1
- data/lib/puppet/context/trusted_information.rb +14 -8
- data/lib/puppet/daemon.rb +13 -27
- data/lib/puppet/defaults.rb +119 -39
- data/lib/puppet/environments.rb +51 -10
- data/lib/puppet/face/catalog.rb +1 -1
- data/lib/puppet/face/config.rb +46 -16
- data/lib/puppet/face/facts.rb +1 -1
- data/lib/puppet/face/help.rb +29 -3
- data/lib/puppet/face/module/search.rb +5 -0
- data/lib/puppet/face/node.rb +3 -3
- data/lib/puppet/face/node/clean.rb +2 -2
- data/lib/puppet/face/plugin.rb +1 -1
- data/lib/puppet/face/status.rb +1 -1
- data/lib/puppet/feature/base.rb +1 -1
- data/lib/puppet/file_bucket/dipper.rb +1 -1
- data/lib/puppet/file_serving/http_metadata.rb +14 -2
- data/lib/puppet/file_serving/metadata.rb +4 -1
- data/lib/puppet/file_serving/mount/locales.rb +1 -2
- data/lib/puppet/file_serving/mount/pluginfacts.rb +1 -2
- data/lib/puppet/file_serving/mount/plugins.rb +1 -2
- data/lib/puppet/file_serving/terminus_selector.rb +7 -8
- data/lib/puppet/file_system/file_impl.rb +4 -4
- data/lib/puppet/file_system/uniquefile.rb +12 -16
- data/lib/puppet/forge.rb +1 -1
- data/lib/puppet/forge/cache.rb +1 -1
- data/lib/puppet/forge/repository.rb +4 -7
- data/lib/puppet/functions/filter.rb +1 -0
- data/lib/puppet/functions/lstrip.rb +4 -4
- data/lib/puppet/functions/new.rb +8 -3
- data/lib/puppet/functions/reverse_each.rb +1 -1
- data/lib/puppet/functions/rstrip.rb +4 -4
- data/lib/puppet/functions/step.rb +1 -1
- data/lib/puppet/functions/strip.rb +4 -4
- data/lib/puppet/gettext/config.rb +5 -5
- data/lib/puppet/gettext/module_translations.rb +4 -4
- data/lib/puppet/http.rb +1 -0
- data/lib/puppet/http/client.rb +28 -12
- data/lib/puppet/http/external_client.rb +0 -6
- data/lib/puppet/http/redirector.rb +9 -7
- data/lib/puppet/http/resolver.rb +5 -8
- data/lib/puppet/http/resolver/server_list.rb +18 -36
- data/lib/puppet/http/resolver/settings.rb +4 -4
- data/lib/puppet/http/resolver/srv.rb +5 -5
- data/lib/puppet/http/response.rb +19 -0
- data/lib/puppet/http/service.rb +3 -1
- data/lib/puppet/http/service/compiler.rb +1 -1
- data/lib/puppet/http/service/file_server.rb +1 -1
- data/lib/puppet/http/service/puppetserver.rb +39 -0
- data/lib/puppet/http/session.rb +5 -4
- data/lib/puppet/indirector.rb +1 -1
- data/lib/puppet/indirector/catalog/compiler.rb +1 -1
- data/lib/puppet/indirector/exec.rb +1 -1
- data/lib/puppet/indirector/facts/facter.rb +3 -3
- data/lib/puppet/indirector/facts/yaml.rb +1 -1
- data/lib/puppet/indirector/file_content/http.rb +5 -0
- data/lib/puppet/indirector/file_content/rest.rb +1 -1
- data/lib/puppet/indirector/file_metadata/http.rb +28 -8
- data/lib/puppet/indirector/file_metadata/rest.rb +2 -2
- data/lib/puppet/indirector/hiera.rb +4 -0
- data/lib/puppet/indirector/indirection.rb +1 -1
- data/lib/puppet/indirector/json.rb +1 -1
- data/lib/puppet/indirector/msgpack.rb +1 -1
- data/lib/puppet/indirector/report/processor.rb +2 -2
- data/lib/puppet/indirector/request.rb +5 -5
- data/lib/puppet/indirector/rest.rb +7 -1
- data/lib/puppet/indirector/yaml.rb +1 -1
- data/lib/puppet/module.rb +1 -2
- data/lib/puppet/network/format_support.rb +2 -2
- data/lib/puppet/network/http/api/indirected_routes.rb +1 -1
- data/lib/puppet/network/http/api/master/v3/environment.rb +3 -0
- data/lib/puppet/network/http/api/master/v3/environments.rb +0 -1
- data/lib/puppet/network/http/compression.rb +7 -0
- data/lib/puppet/network/http/connection.rb +2 -0
- data/lib/puppet/network/http/connection_adapter.rb +184 -0
- data/lib/puppet/network/http/nocache_pool.rb +1 -0
- data/lib/puppet/network/http/route.rb +2 -2
- data/lib/puppet/network/http_pool.rb +2 -2
- data/lib/puppet/node/environment.rb +12 -5
- data/lib/puppet/node/facts.rb +17 -0
- data/lib/puppet/pal/catalog_compiler.rb +5 -0
- data/lib/puppet/pal/pal_impl.rb +31 -4
- data/lib/puppet/parameter.rb +1 -1
- data/lib/puppet/parser/ast/leaf.rb +5 -5
- data/lib/puppet/parser/ast/pops_bridge.rb +0 -4
- data/lib/puppet/parser/compiler.rb +29 -26
- data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +2 -0
- data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +2 -0
- data/lib/puppet/parser/environment_compiler.rb +4 -1
- data/lib/puppet/parser/functions.rb +21 -17
- data/lib/puppet/parser/functions/create_resources.rb +11 -7
- data/lib/puppet/parser/functions/filter.rb +1 -0
- data/lib/puppet/parser/resource.rb +3 -2
- data/lib/puppet/parser/resource/param.rb +6 -0
- data/lib/puppet/parser/type_loader.rb +2 -2
- data/lib/puppet/pops/adaptable.rb +7 -13
- data/lib/puppet/pops/adapters.rb +8 -4
- data/lib/puppet/pops/evaluator/collectors/abstract_collector.rb +1 -3
- data/lib/puppet/pops/evaluator/evaluator_impl.rb +5 -5
- data/lib/puppet/pops/evaluator/runtime3_converter.rb +2 -2
- data/lib/puppet/pops/issues.rb +5 -0
- data/lib/puppet/pops/loader/runtime3_type_loader.rb +4 -2
- data/lib/puppet/pops/loaders.rb +18 -11
- data/lib/puppet/pops/lookup/context.rb +1 -1
- data/lib/puppet/pops/lookup/hiera_config.rb +14 -1
- data/lib/puppet/pops/resource/resource_type_impl.rb +2 -0
- data/lib/puppet/pops/types/iterable.rb +34 -8
- data/lib/puppet/pops/types/p_meta_type.rb +1 -1
- data/lib/puppet/pops/types/p_type_set_type.rb +4 -0
- data/lib/puppet/pops/validation/checker4_0.rb +29 -15
- data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -0
- data/lib/puppet/provider/file/windows.rb +1 -1
- data/lib/puppet/provider/package/aix.rb +17 -2
- data/lib/puppet/provider/package/apt.rb +38 -1
- data/lib/puppet/provider/package/aptitude.rb +1 -1
- data/lib/puppet/provider/package/dnfmodule.rb +24 -4
- data/lib/puppet/provider/package/dpkg.rb +1 -1
- data/lib/puppet/provider/package/gem.rb +4 -2
- data/lib/puppet/provider/package/pip.rb +60 -37
- data/lib/puppet/provider/package/pip2.rb +17 -0
- data/lib/puppet/provider/package/portage.rb +2 -2
- data/lib/puppet/provider/package/puppet_gem.rb +5 -0
- data/lib/puppet/provider/package/puppetserver_gem.rb +180 -0
- data/lib/puppet/provider/package/yum.rb +9 -1
- data/lib/puppet/provider/package/zypper.rb +62 -1
- data/lib/puppet/provider/service/systemd.rb +21 -4
- data/lib/puppet/provider/service/windows.rb +23 -7
- data/lib/puppet/provider/user/aix.rb +1 -1
- data/lib/puppet/provider/user/user_role_add.rb +1 -1
- data/lib/puppet/provider/user/useradd.rb +16 -5
- data/lib/puppet/provider/user/windows_adsi.rb +18 -1
- data/lib/puppet/reports/http.rb +7 -3
- data/lib/puppet/resource.rb +2 -1
- data/lib/puppet/resource/type.rb +10 -1
- data/lib/puppet/rest/route.rb +2 -2
- data/lib/puppet/runtime.rb +25 -2
- data/lib/puppet/settings.rb +43 -6
- data/lib/puppet/ssl/ssl_context.rb +2 -2
- data/lib/puppet/ssl/ssl_provider.rb +20 -1
- data/lib/puppet/ssl/state_machine.rb +33 -8
- data/lib/puppet/ssl/validator/default_validator.rb +1 -1
- data/lib/puppet/ssl/verifier_adapter.rb +9 -1
- data/lib/puppet/test/test_helper.rb +19 -14
- data/lib/puppet/transaction.rb +2 -2
- data/lib/puppet/transaction/persistence.rb +1 -1
- data/lib/puppet/transaction/report.rb +12 -8
- data/lib/puppet/trusted_external.rb +29 -1
- data/lib/puppet/type.rb +15 -7
- data/lib/puppet/type/file.rb +40 -15
- data/lib/puppet/type/file/checksum.rb +4 -4
- data/lib/puppet/type/file/source.rb +33 -13
- data/lib/puppet/type/filebucket.rb +1 -1
- data/lib/puppet/type/notify.rb +2 -2
- data/lib/puppet/type/package.rb +16 -1
- data/lib/puppet/type/service.rb +59 -8
- data/lib/puppet/type/user.rb +19 -10
- data/lib/puppet/util.rb +41 -3
- data/lib/puppet/util/autoload.rb +10 -25
- data/lib/puppet/util/character_encoding.rb +9 -5
- data/lib/puppet/util/checksums.rb +19 -4
- data/lib/puppet/util/connection.rb +8 -8
- data/lib/puppet/util/execution.rb +2 -2
- data/lib/puppet/util/fileparsing.rb +2 -2
- data/lib/puppet/util/log/destinations.rb +1 -10
- data/lib/puppet/util/package/version/range.rb +4 -1
- data/lib/puppet/util/package/version/range/eq.rb +14 -0
- data/lib/puppet/util/provider_features.rb +1 -1
- data/lib/puppet/util/reference.rb +1 -1
- data/lib/puppet/util/run_mode.rb +5 -1
- data/lib/puppet/util/windows.rb +1 -0
- data/lib/puppet/util/windows/api_types.rb +60 -33
- data/lib/puppet/util/windows/eventlog.rb +1 -6
- data/lib/puppet/util/windows/monkey_patches/dir.rb +40 -0
- data/lib/puppet/util/windows/principal.rb +8 -6
- data/lib/puppet/util/windows/registry.rb +11 -11
- data/lib/puppet/util/windows/security.rb +4 -4
- data/lib/puppet/util/windows/service.rb +43 -26
- data/lib/puppet/util/windows/user.rb +242 -8
- data/lib/puppet/version.rb +1 -1
- data/locales/puppet.pot +541 -427
- data/man/man5/puppet.conf.5 +84 -19
- data/man/man8/puppet-agent.8 +7 -4
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +6 -6
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +1 -1
- data/man/man8/puppet-filebucket.8 +1 -1
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +6 -3
- data/man/man8/puppet-key.8 +1 -1
- data/man/man8/puppet-lookup.8 +2 -2
- data/man/man8/puppet-man.8 +1 -1
- data/man/man8/puppet-module.8 +4 -1
- data/man/man8/puppet-node.8 +4 -4
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +1 -1
- data/man/man8/puppet-status.8 +2 -2
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/integration/application/apply/environments/spec/modules/amod/lib/puppet/provider/applytest/applytest.rb +2 -0
- data/spec/fixtures/integration/application/apply/environments/spec/modules/amod/lib/puppet/type/applytest.rb +25 -0
- data/spec/fixtures/unit/forge/bacula-releases.json +128 -0
- data/spec/fixtures/unit/forge/bacula.tar.gz +0 -0
- data/spec/fixtures/unit/provider/package/dnfmodule/{dnf-module-list-enabled.txt → dnf-module-list.txt} +6 -0
- data/spec/fixtures/unit/provider/package/puppetserver_gem/gem-list-local-packages +30 -0
- data/spec/fixtures/unit/provider/package/zypper/zypper-search-uninstalled.out +13 -0
- data/spec/integration/application/agent_spec.rb +202 -52
- data/spec/integration/application/apply_spec.rb +149 -149
- data/spec/integration/application/config_spec.rb +74 -0
- data/spec/integration/application/doc_spec.rb +16 -6
- data/spec/integration/application/filebucket_spec.rb +70 -21
- data/spec/integration/application/help_spec.rb +42 -0
- data/spec/integration/application/lookup_spec.rb +13 -0
- data/spec/integration/application/module_spec.rb +68 -0
- data/spec/integration/application/plugin_spec.rb +75 -2
- data/spec/integration/configurer_spec.rb +14 -0
- data/spec/integration/data_binding_spec.rb +82 -0
- data/spec/integration/defaults_spec.rb +27 -3
- data/spec/integration/directory_environments_spec.rb +17 -17
- data/spec/integration/http/client_spec.rb +6 -1
- data/spec/integration/indirector/facts/facter_spec.rb +8 -6
- data/spec/integration/network/http_pool_spec.rb +73 -0
- data/spec/integration/node/environment_spec.rb +1 -1
- data/spec/integration/parser/compiler_spec.rb +11 -0
- data/spec/integration/type/file_spec.rb +1 -1
- data/spec/integration/util/execution_spec.rb +22 -0
- data/spec/integration/util/windows/adsi_spec.rb +7 -2
- data/spec/integration/util/windows/monkey_patches/dir_spec.rb +11 -0
- data/spec/integration/util/windows/process_spec.rb +26 -32
- data/spec/integration/util/windows/registry_spec.rb +7 -7
- data/spec/integration/util/windows/user_spec.rb +47 -5
- data/spec/integration/util_spec.rb +7 -33
- data/spec/lib/puppet_spec/https.rb +6 -0
- data/spec/lib/puppet_spec/matchers.rb +0 -80
- data/spec/lib/puppet_spec/puppetserver.rb +8 -0
- data/spec/shared_contexts/types_setup.rb +2 -0
- data/spec/unit/agent_spec.rb +47 -1
- data/spec/unit/application/agent_spec.rb +7 -8
- data/spec/unit/application/doc_spec.rb +2 -2
- data/spec/unit/application/face_base_spec.rb +6 -4
- data/spec/unit/application/facts_spec.rb +41 -10
- data/spec/unit/application/man_spec.rb +52 -0
- data/spec/unit/application/resource_spec.rb +3 -1
- data/spec/unit/application/ssl_spec.rb +15 -2
- data/spec/unit/application_spec.rb +9 -4
- data/spec/unit/configurer/downloader_spec.rb +10 -0
- data/spec/unit/configurer/fact_handler_spec.rb +4 -4
- data/spec/unit/configurer_spec.rb +86 -37
- data/spec/unit/confine_spec.rb +2 -1
- data/spec/unit/context/trusted_information_spec.rb +25 -2
- data/spec/unit/daemon_spec.rb +5 -64
- data/spec/unit/environments_spec.rb +99 -32
- data/spec/unit/face/config_spec.rb +59 -1
- data/spec/unit/face/module/search_spec.rb +17 -0
- data/spec/unit/face/node_spec.rb +2 -2
- data/spec/unit/file_serving/http_metadata_spec.rb +37 -14
- data/spec/unit/file_serving/mount/locales_spec.rb +2 -2
- data/spec/unit/file_serving/mount/pluginfacts_spec.rb +2 -2
- data/spec/unit/file_serving/mount/plugins_spec.rb +2 -2
- data/spec/unit/file_serving/terminus_selector_spec.rb +45 -26
- data/spec/unit/file_system/uniquefile_spec.rb +29 -0
- data/spec/unit/file_system_spec.rb +1 -2
- data/spec/unit/http/client_spec.rb +74 -19
- data/spec/unit/http/external_client_spec.rb +9 -9
- data/spec/unit/http/resolver_spec.rb +24 -5
- data/spec/unit/http/response_spec.rb +6 -0
- data/spec/unit/http/service/ca_spec.rb +2 -3
- data/spec/unit/http/service/compiler_spec.rb +2 -3
- data/spec/unit/http/service/file_server_spec.rb +2 -3
- data/spec/unit/http/service/puppetserver_spec.rb +82 -0
- data/spec/unit/http/service/report_spec.rb +2 -3
- data/spec/unit/http/service_spec.rb +0 -1
- data/spec/unit/http/session_spec.rb +8 -21
- data/spec/unit/indirector/catalog/compiler_spec.rb +1 -0
- data/spec/unit/indirector/catalog/json_spec.rb +1 -1
- data/spec/unit/indirector/catalog/rest_spec.rb +1 -1
- data/spec/unit/indirector/facts/rest_spec.rb +1 -1
- data/spec/unit/indirector/file_metadata/http_spec.rb +194 -0
- data/spec/unit/indirector/file_metadata/rest_spec.rb +15 -14
- data/spec/unit/indirector/json_spec.rb +8 -8
- data/spec/unit/indirector/msgpack_spec.rb +8 -8
- data/spec/unit/indirector/node/rest_spec.rb +1 -1
- data/spec/unit/indirector/request_spec.rb +5 -5
- data/spec/unit/indirector/rest_spec.rb +14 -1
- data/spec/unit/indirector/status/rest_spec.rb +1 -1
- data/spec/unit/indirector/yaml_spec.rb +7 -7
- data/spec/unit/interface_spec.rb +3 -3
- data/spec/unit/module_tool/tar/mini_spec.rb +20 -0
- data/spec/unit/network/format_support_spec.rb +3 -2
- data/spec/unit/network/http/api/indirected_routes_spec.rb +2 -1
- data/spec/unit/network/http/api/master/v3/environments_spec.rb +12 -23
- data/spec/unit/network/http/connection_spec.rb +552 -190
- data/spec/unit/network/http/nocache_pool_spec.rb +22 -0
- data/spec/unit/network/http_pool_spec.rb +63 -57
- data/spec/unit/network/http_spec.rb +1 -1
- data/spec/unit/node/environment_spec.rb +18 -1
- data/spec/unit/parser/ast/block_expression_spec.rb +1 -1
- data/spec/unit/parser/environment_compiler_spec.rb +7 -0
- data/spec/unit/parser/scope_spec.rb +1 -1
- data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +15 -1
- data/spec/unit/pops/loaders/loaders_spec.rb +71 -1
- data/spec/unit/pops/lookup/lookup_spec.rb +25 -0
- data/spec/unit/pops/types/type_calculator_spec.rb +1 -11
- data/spec/unit/provider/exec_spec.rb +4 -3
- data/spec/unit/provider/package/aix_spec.rb +29 -0
- data/spec/unit/provider/package/apt_spec.rb +77 -0
- data/spec/unit/provider/package/aptitude_spec.rb +1 -0
- data/spec/unit/provider/package/dnfmodule_spec.rb +25 -5
- data/spec/unit/provider/package/dpkg_spec.rb +22 -7
- data/spec/unit/provider/package/openbsd_spec.rb +2 -0
- data/spec/unit/provider/package/pip2_spec.rb +36 -0
- data/spec/unit/provider/package/pip_spec.rb +42 -16
- data/spec/unit/provider/package/portage_spec.rb +5 -0
- data/spec/unit/provider/package/puppet_gem_spec.rb +4 -1
- data/spec/unit/provider/package/puppetserver_gem_spec.rb +137 -0
- data/spec/unit/provider/package/yum_spec.rb +47 -8
- data/spec/unit/provider/package/zypper_spec.rb +98 -0
- data/spec/unit/provider/service/base_spec.rb +2 -4
- data/spec/unit/provider/service/bsd_spec.rb +5 -1
- data/spec/unit/provider/service/daemontools_spec.rb +1 -1
- data/spec/unit/provider/service/debian_spec.rb +3 -5
- data/spec/unit/provider/service/freebsd_spec.rb +1 -1
- data/spec/unit/provider/service/gentoo_spec.rb +4 -5
- data/spec/unit/provider/service/init_spec.rb +46 -5
- data/spec/unit/provider/service/launchd_spec.rb +5 -6
- data/spec/unit/provider/service/openbsd_spec.rb +9 -0
- data/spec/unit/provider/service/openrc_spec.rb +4 -5
- data/spec/unit/provider/service/openwrt_spec.rb +2 -1
- data/spec/unit/provider/service/redhat_spec.rb +10 -1
- data/spec/unit/provider/service/runit_spec.rb +2 -1
- data/spec/unit/provider/service/smf_spec.rb +1 -1
- data/spec/unit/provider/service/src_spec.rb +3 -5
- data/spec/unit/provider/service/systemd_spec.rb +87 -19
- data/spec/unit/provider/service/upstart_spec.rb +4 -5
- data/spec/unit/provider/service/windows_spec.rb +50 -14
- data/spec/unit/provider/user/openbsd_spec.rb +1 -0
- data/spec/unit/provider/user/useradd_spec.rb +30 -16
- data/spec/unit/provider/user/windows_adsi_spec.rb +82 -0
- data/spec/unit/puppet_pal_2pec.rb +40 -0
- data/spec/unit/puppet_pal_catalog_spec.rb +43 -0
- data/spec/unit/puppet_spec.rb +33 -0
- data/spec/unit/reports/http_spec.rb +1 -1
- data/spec/unit/reports/store_spec.rb +17 -13
- data/spec/unit/resource_spec.rb +3 -3
- data/spec/unit/rest/route_spec.rb +4 -4
- data/spec/unit/settings_spec.rb +182 -22
- data/spec/unit/ssl/ssl_provider_spec.rb +69 -43
- data/spec/unit/ssl/state_machine_spec.rb +52 -8
- data/spec/unit/test/test_helper_spec.rb +17 -0
- data/spec/unit/transaction/persistence_spec.rb +15 -0
- data/spec/unit/transaction/report_spec.rb +3 -1
- data/spec/unit/type/file/source_spec.rb +4 -4
- data/spec/unit/type/file_spec.rb +122 -96
- data/spec/unit/type/filebucket_spec.rb +1 -1
- data/spec/unit/type/service_spec.rb +218 -8
- data/spec/unit/type/user_spec.rb +32 -3
- data/spec/unit/type_spec.rb +50 -0
- data/spec/unit/util/autoload_spec.rb +2 -1
- data/spec/unit/util/character_encoding_spec.rb +4 -4
- data/spec/unit/util/checksums_spec.rb +16 -0
- data/spec/unit/util/command_line_spec.rb +11 -6
- data/spec/unit/util/log/destinations_spec.rb +1 -29
- data/spec/unit/util/package/version/range_spec.rb +22 -1
- data/spec/unit/util/run_mode_spec.rb +6 -6
- data/spec/unit/util/windows/api_types_spec.rb +104 -40
- data/spec/unit/util/windows/service_spec.rb +4 -4
- data/spec/unit/util_spec.rb +3 -3
- data/spec/unit/x509/cert_provider_spec.rb +1 -1
- data/tasks/manpages.rake +5 -35
- metadata +43 -49
- data/spec/integration/faces/config_spec.rb +0 -91
- data/spec/integration/faces/documentation_spec.rb +0 -57
- data/spec/integration/file_bucket/file_spec.rb +0 -50
- data/spec/integration/file_serving/content_spec.rb +0 -7
- data/spec/integration/file_serving/fileset_spec.rb +0 -12
- data/spec/integration/file_serving/metadata_spec.rb +0 -8
- data/spec/integration/file_serving/terminus_helper_spec.rb +0 -20
- data/spec/integration/file_system/uniquefile_spec.rb +0 -26
- data/spec/integration/module_tool/forge_spec.rb +0 -51
- data/spec/integration/module_tool/tar/mini_spec.rb +0 -28
- data/spec/integration/provider/service/init_spec.rb +0 -48
- data/spec/integration/provider/service/systemd_spec.rb +0 -25
- data/spec/integration/provider/service/windows_spec.rb +0 -50
- data/spec/integration/reference/providers_spec.rb +0 -21
- data/spec/integration/reports_spec.rb +0 -13
- data/spec/integration/ssl/certificate_request_spec.rb +0 -44
- data/spec/integration/ssl/host_spec.rb +0 -72
- data/spec/integration/ssl/key_spec.rb +0 -99
- data/spec/integration/test/test_helper_spec.rb +0 -31
- data/spec/shared_behaviours/file_serving_model.rb +0 -51
- data/spec/unit/face/man_spec.rb +0 -25
- data/spec/unit/man_spec.rb +0 -31
data/spec/unit/settings_spec.rb
CHANGED
@@ -9,7 +9,7 @@ describe Puppet::Settings do
|
|
9
9
|
include Matchers::Resource
|
10
10
|
|
11
11
|
let(:main_config_file_default_location) do
|
12
|
-
File.join(Puppet::Util::RunMode[:
|
12
|
+
File.join(Puppet::Util::RunMode[:server].conf_dir, "puppet.conf")
|
13
13
|
end
|
14
14
|
|
15
15
|
let(:user_config_file_default_location) do
|
@@ -112,9 +112,9 @@ describe Puppet::Settings do
|
|
112
112
|
# case behaviors / uses. However, until that time... we need to make sure that our private run_mode=
|
113
113
|
# setter method gets properly called during app initialization.
|
114
114
|
it "sets the preferred run mode when initializing the app defaults" do
|
115
|
-
@settings.initialize_app_defaults(default_values.merge(:run_mode => :
|
115
|
+
@settings.initialize_app_defaults(default_values.merge(:run_mode => :server))
|
116
116
|
|
117
|
-
expect(@settings.preferred_run_mode).to eq(:
|
117
|
+
expect(@settings.preferred_run_mode).to eq(:server)
|
118
118
|
end
|
119
119
|
|
120
120
|
it "creates ancestor directories for all required app settings" do
|
@@ -326,7 +326,7 @@ describe Puppet::Settings do
|
|
326
326
|
end
|
327
327
|
|
328
328
|
it "should identify configured settings from the specified run mode" do
|
329
|
-
user_config_text = "[
|
329
|
+
user_config_text = "[server]\nmyval = foo"
|
330
330
|
|
331
331
|
allow(Puppet.features).to receive(:root?).and_return(false)
|
332
332
|
expect(Puppet::FileSystem).to receive(:exist?).
|
@@ -337,7 +337,7 @@ describe Puppet::Settings do
|
|
337
337
|
and_return(user_config_text).ordered
|
338
338
|
|
339
339
|
@settings.send(:parse_config_files)
|
340
|
-
expect(@settings.set_by_config?(:myval, nil, :
|
340
|
+
expect(@settings.set_by_config?(:myval, nil, :server)).to be_truthy
|
341
341
|
end
|
342
342
|
|
343
343
|
it "should not identify configured settings from an unspecified run mode" do
|
@@ -382,7 +382,7 @@ describe Puppet::Settings do
|
|
382
382
|
|
383
383
|
it "should clear the cache when the preferred_run_mode is changed" do
|
384
384
|
expect(@settings).to receive(:flush_cache)
|
385
|
-
@settings.preferred_run_mode = :
|
385
|
+
@settings.preferred_run_mode = :server
|
386
386
|
end
|
387
387
|
|
388
388
|
it "should not clear other values when setting getopt-specific values" do
|
@@ -658,6 +658,28 @@ describe Puppet::Settings do
|
|
658
658
|
expect(@settings[:one]).to eq("modeval")
|
659
659
|
end
|
660
660
|
|
661
|
+
[:master, :server].each do |run_mode|
|
662
|
+
describe "when run mode is '#{run_mode}'" do
|
663
|
+
before(:each) { @settings.preferred_run_mode = run_mode }
|
664
|
+
|
665
|
+
it "returns values set in the 'master' section if the 'server' section does not exist" do
|
666
|
+
text = "[main]\none = mainval\n[master]\none = modeval\n"
|
667
|
+
allow(@settings).to receive(:read_file).and_return(text)
|
668
|
+
@settings.send(:parse_config_files)
|
669
|
+
|
670
|
+
expect(@settings[:one]).to eq("modeval")
|
671
|
+
end
|
672
|
+
|
673
|
+
it "prioritizes values set in the 'server' section if set" do
|
674
|
+
text = "[main]\none = mainval\n[server]\none = serverval\n[master]\none = masterval\n"
|
675
|
+
allow(@settings).to receive(:read_file).and_return(text)
|
676
|
+
@settings.send(:parse_config_files)
|
677
|
+
|
678
|
+
expect(@settings[:one]).to eq("serverval")
|
679
|
+
end
|
680
|
+
end
|
681
|
+
end
|
682
|
+
|
661
683
|
it "should not return values outside of its search path" do
|
662
684
|
text = "[other]\none = oval\n"
|
663
685
|
allow(@settings).to receive(:read_file).and_return(text)
|
@@ -854,10 +876,10 @@ describe Puppet::Settings do
|
|
854
876
|
default_values[key] = 'default value'
|
855
877
|
end
|
856
878
|
@settings.define_settings :main, PuppetSpec::Settings::TEST_APP_DEFAULT_DEFINITIONS
|
857
|
-
@settings.define_settings :
|
879
|
+
@settings.define_settings :server, :myfile => { :type => :file, :default => make_absolute("/myfile"), :desc => "a" }
|
858
880
|
|
859
881
|
otherfile = make_absolute("/other/file")
|
860
|
-
text = "[
|
882
|
+
text = "[server]
|
861
883
|
myfile = #{otherfile} {mode = 664}
|
862
884
|
"
|
863
885
|
expect(@settings).to receive(:read_file).and_return(text)
|
@@ -866,15 +888,153 @@ describe Puppet::Settings do
|
|
866
888
|
expect(@settings.preferred_run_mode).to eq(:user)
|
867
889
|
@settings.send(:parse_config_files)
|
868
890
|
|
869
|
-
# change app run_mode to
|
870
|
-
@settings.initialize_app_defaults(default_values.merge(:run_mode => :
|
871
|
-
expect(@settings.preferred_run_mode).to eq(:
|
891
|
+
# change app run_mode to server
|
892
|
+
@settings.initialize_app_defaults(default_values.merge(:run_mode => :server))
|
893
|
+
expect(@settings.preferred_run_mode).to eq(:server)
|
872
894
|
|
873
895
|
# initializing the app should have reloaded the metadata based on run_mode
|
874
896
|
expect(@settings[:myfile]).to eq(otherfile)
|
875
897
|
expect(metadata(@settings.setting(:myfile))).to eq({:mode => "664"})
|
876
898
|
end
|
877
899
|
|
900
|
+
context "when setting serverport and masterport" do
|
901
|
+
before(:each) do
|
902
|
+
default_values = {}
|
903
|
+
PuppetSpec::Settings::TEST_APP_DEFAULT_DEFINITIONS.keys.each do |key|
|
904
|
+
default_values[key] = 'default value'
|
905
|
+
end
|
906
|
+
@settings.define_settings :main, PuppetSpec::Settings::TEST_APP_DEFAULT_DEFINITIONS
|
907
|
+
@settings.define_settings :server, :masterport => { :desc => "a", :default => 1000 }
|
908
|
+
@settings.define_settings :server, :serverport => { :desc => "a", :default => 1000 }
|
909
|
+
@settings.define_settings :server, :ca_port => { :desc => "a", :default => "$serverport" }
|
910
|
+
@settings.define_settings :server, :report_port => { :desc => "a", :default => "$serverport" }
|
911
|
+
expect(@settings).to receive(:read_file).and_return(text)
|
912
|
+
@settings.send(:parse_config_files)
|
913
|
+
@settings.initialize_app_defaults(default_values.merge(:run_mode => :agent))
|
914
|
+
expect(@settings.preferred_run_mode).to eq(:agent)
|
915
|
+
end
|
916
|
+
|
917
|
+
context 'with serverport in main and masterport in agent' do
|
918
|
+
let(:text) do
|
919
|
+
"[main]
|
920
|
+
serverport = 444
|
921
|
+
[agent]
|
922
|
+
masterport = 445
|
923
|
+
"
|
924
|
+
end
|
925
|
+
|
926
|
+
it { expect(@settings[:serverport]).to eq(445) }
|
927
|
+
it { expect(@settings[:ca_port]).to eq("445") }
|
928
|
+
it { expect(@settings[:report_port]).to eq("445") }
|
929
|
+
end
|
930
|
+
|
931
|
+
context 'with serverport and masterport in main' do
|
932
|
+
let(:text) do
|
933
|
+
"[main]
|
934
|
+
serverport = 445
|
935
|
+
masterport = 444
|
936
|
+
"
|
937
|
+
end
|
938
|
+
|
939
|
+
it { expect(@settings[:serverport]).to eq(445) }
|
940
|
+
it { expect(@settings[:ca_port]).to eq("445") }
|
941
|
+
it { expect(@settings[:report_port]).to eq("445") }
|
942
|
+
end
|
943
|
+
|
944
|
+
context 'with serverport and masterport in agent' do
|
945
|
+
let(:text) do
|
946
|
+
"[agent]
|
947
|
+
serverport = 445
|
948
|
+
masterport = 444
|
949
|
+
"
|
950
|
+
end
|
951
|
+
|
952
|
+
it { expect(@settings[:serverport]).to eq(445) }
|
953
|
+
it { expect(@settings[:ca_port]).to eq("445") }
|
954
|
+
it { expect(@settings[:report_port]).to eq("445") }
|
955
|
+
end
|
956
|
+
|
957
|
+
context 'with both serverport and masterport in main and agent' do
|
958
|
+
let(:text) do
|
959
|
+
"[main]
|
960
|
+
serverport = 447
|
961
|
+
masterport = 442
|
962
|
+
[agent]
|
963
|
+
serverport = 445
|
964
|
+
masterport = 444
|
965
|
+
"
|
966
|
+
end
|
967
|
+
|
968
|
+
it { expect(@settings[:serverport]).to eq(445) }
|
969
|
+
it { expect(@settings[:ca_port]).to eq("445") }
|
970
|
+
it { expect(@settings[:report_port]).to eq("445") }
|
971
|
+
end
|
972
|
+
|
973
|
+
context 'with serverport in agent and masterport in main' do
|
974
|
+
let(:text) do
|
975
|
+
"[agent]
|
976
|
+
serverport = 444
|
977
|
+
[main]
|
978
|
+
masterport = 445
|
979
|
+
"
|
980
|
+
end
|
981
|
+
|
982
|
+
it { expect(@settings[:serverport]).to eq(444) }
|
983
|
+
it { expect(@settings[:ca_port]).to eq("444") }
|
984
|
+
it { expect(@settings[:report_port]).to eq("444") }
|
985
|
+
end
|
986
|
+
|
987
|
+
context 'with masterport in main' do
|
988
|
+
let(:text) do
|
989
|
+
"[main]
|
990
|
+
masterport = 445
|
991
|
+
"
|
992
|
+
end
|
993
|
+
|
994
|
+
it { expect(@settings[:serverport]).to eq(445) }
|
995
|
+
it { expect(@settings[:ca_port]).to eq("445") }
|
996
|
+
it { expect(@settings[:report_port]).to eq("445") }
|
997
|
+
end
|
998
|
+
|
999
|
+
context 'with masterport in agent' do
|
1000
|
+
let(:text) do
|
1001
|
+
"[agent]
|
1002
|
+
masterport = 445
|
1003
|
+
"
|
1004
|
+
end
|
1005
|
+
|
1006
|
+
it { expect(@settings[:serverport]).to eq(445) }
|
1007
|
+
it { expect(@settings[:ca_port]).to eq("445") }
|
1008
|
+
it { expect(@settings[:report_port]).to eq("445") }
|
1009
|
+
end
|
1010
|
+
|
1011
|
+
context 'with serverport in agent' do
|
1012
|
+
let(:text) do
|
1013
|
+
"[agent]
|
1014
|
+
serverport = 445
|
1015
|
+
"
|
1016
|
+
end
|
1017
|
+
|
1018
|
+
it { expect(@settings[:serverport]).to eq(445) }
|
1019
|
+
it { expect(@settings[:masterport]).to eq(445) }
|
1020
|
+
it { expect(@settings[:ca_port]).to eq("445") }
|
1021
|
+
it { expect(@settings[:report_port]).to eq("445") }
|
1022
|
+
end
|
1023
|
+
|
1024
|
+
context 'with serverport in main' do
|
1025
|
+
let(:text) do
|
1026
|
+
"[main]
|
1027
|
+
serverport = 445
|
1028
|
+
"
|
1029
|
+
end
|
1030
|
+
|
1031
|
+
it { expect(@settings[:serverport]).to eq(445) }
|
1032
|
+
it { expect(@settings[:masterport]).to eq(445) }
|
1033
|
+
it { expect(@settings[:ca_port]).to eq("445") }
|
1034
|
+
it { expect(@settings[:report_port]).to eq("445") }
|
1035
|
+
end
|
1036
|
+
end
|
1037
|
+
|
878
1038
|
it "does not use the metadata from the same setting in a different section" do
|
879
1039
|
default_values = {}
|
880
1040
|
PuppetSpec::Settings::TEST_APP_DEFAULT_DEFINITIONS.keys.each do |key|
|
@@ -884,9 +1044,9 @@ describe Puppet::Settings do
|
|
884
1044
|
file = make_absolute("/file")
|
885
1045
|
default_mode = "0600"
|
886
1046
|
@settings.define_settings :main, PuppetSpec::Settings::TEST_APP_DEFAULT_DEFINITIONS
|
887
|
-
@settings.define_settings :
|
1047
|
+
@settings.define_settings :server, :myfile => { :type => :file, :default => file, :desc => "a", :mode => default_mode }
|
888
1048
|
|
889
|
-
text = "[
|
1049
|
+
text = "[server]
|
890
1050
|
myfile = #{file}/foo
|
891
1051
|
[agent]
|
892
1052
|
myfile = #{file} {mode = 664}
|
@@ -897,9 +1057,9 @@ describe Puppet::Settings do
|
|
897
1057
|
expect(@settings.preferred_run_mode).to eq(:user)
|
898
1058
|
@settings.send(:parse_config_files)
|
899
1059
|
|
900
|
-
# change app run_mode to
|
901
|
-
@settings.initialize_app_defaults(default_values.merge(:run_mode => :
|
902
|
-
expect(@settings.preferred_run_mode).to eq(:
|
1060
|
+
# change app run_mode to server
|
1061
|
+
@settings.initialize_app_defaults(default_values.merge(:run_mode => :server))
|
1062
|
+
expect(@settings.preferred_run_mode).to eq(:server)
|
903
1063
|
|
904
1064
|
# initializing the app should have reloaded the metadata based on run_mode
|
905
1065
|
expect(@settings[:myfile]).to eq("#{file}/foo")
|
@@ -1900,18 +2060,18 @@ describe Puppet::Settings do
|
|
1900
2060
|
end
|
1901
2061
|
|
1902
2062
|
it "should set preferred run mode from --run_mode <foo> string without error" do
|
1903
|
-
args = ["--run_mode", "
|
1904
|
-
expect(settings).not_to receive(:handlearg).with("--run_mode", "
|
2063
|
+
args = ["--run_mode", "server"]
|
2064
|
+
expect(settings).not_to receive(:handlearg).with("--run_mode", "server")
|
1905
2065
|
expect { settings.send(:parse_global_options, args) } .to_not raise_error
|
1906
|
-
expect(Puppet.settings.preferred_run_mode).to eq(:
|
2066
|
+
expect(Puppet.settings.preferred_run_mode).to eq(:server)
|
1907
2067
|
expect(args.empty?).to eq(true)
|
1908
2068
|
end
|
1909
2069
|
|
1910
2070
|
it "should set preferred run mode from --run_mode=<foo> string without error" do
|
1911
|
-
args = ["--run_mode=
|
1912
|
-
expect(settings).not_to receive(:handlearg).with("--run_mode", "
|
2071
|
+
args = ["--run_mode=server"]
|
2072
|
+
expect(settings).not_to receive(:handlearg).with("--run_mode", "server")
|
1913
2073
|
expect { settings.send(:parse_global_options, args) }.to_not raise_error
|
1914
|
-
expect(Puppet.settings.preferred_run_mode).to eq(:
|
2074
|
+
expect(Puppet.settings.preferred_run_mode).to eq(:server)
|
1915
2075
|
expect(args.empty?).to eq(true)
|
1916
2076
|
end
|
1917
2077
|
end
|
@@ -42,20 +42,20 @@ describe Puppet::SSL::SSLProvider do
|
|
42
42
|
let(:config) { { cacerts: [], crls: [], revocation: false } }
|
43
43
|
|
44
44
|
it 'accepts empty list of certs and crls' do
|
45
|
-
sslctx = subject.create_root_context(config)
|
45
|
+
sslctx = subject.create_root_context(**config)
|
46
46
|
expect(sslctx.cacerts).to eq([])
|
47
47
|
expect(sslctx.crls).to eq([])
|
48
48
|
end
|
49
49
|
|
50
50
|
it 'accepts valid root certs' do
|
51
51
|
certs = [cert_fixture('ca.pem')]
|
52
|
-
sslctx = subject.create_root_context(config.merge(cacerts: certs))
|
52
|
+
sslctx = subject.create_root_context(**config.merge(cacerts: certs))
|
53
53
|
expect(sslctx.cacerts).to eq(certs)
|
54
54
|
end
|
55
55
|
|
56
56
|
it 'accepts valid intermediate certs' do
|
57
57
|
certs = [cert_fixture('ca.pem'), cert_fixture('intermediate.pem')]
|
58
|
-
sslctx = subject.create_root_context(config.merge(cacerts: certs))
|
58
|
+
sslctx = subject.create_root_context(**config.merge(cacerts: certs))
|
59
59
|
expect(sslctx.cacerts).to eq(certs)
|
60
60
|
end
|
61
61
|
|
@@ -63,19 +63,19 @@ describe Puppet::SSL::SSLProvider do
|
|
63
63
|
expired = [cert_fixture('ca.pem'), cert_fixture('intermediate.pem')]
|
64
64
|
expired.each { |x509| x509.not_after = Time.at(0) }
|
65
65
|
|
66
|
-
sslctx = subject.create_root_context(config.merge(cacerts: expired))
|
66
|
+
sslctx = subject.create_root_context(**config.merge(cacerts: expired))
|
67
67
|
expect(sslctx.cacerts).to eq(expired)
|
68
68
|
end
|
69
69
|
|
70
70
|
it 'raises if the frozen context is modified' do
|
71
|
-
sslctx = subject.create_root_context(config)
|
71
|
+
sslctx = subject.create_root_context(**config)
|
72
72
|
expect {
|
73
73
|
sslctx.verify_peer = false
|
74
74
|
}.to raise_error(/can't modify frozen/)
|
75
75
|
end
|
76
76
|
|
77
77
|
it 'verifies peer' do
|
78
|
-
sslctx = subject.create_root_context(config)
|
78
|
+
sslctx = subject.create_root_context(**config)
|
79
79
|
expect(sslctx.verify_peer).to eq(true)
|
80
80
|
end
|
81
81
|
end
|
@@ -134,6 +134,32 @@ describe Puppet::SSL::SSLProvider do
|
|
134
134
|
expect(sslctx.client_cert).to be_nil
|
135
135
|
expect(sslctx.private_key).to be_nil
|
136
136
|
end
|
137
|
+
|
138
|
+
it 'trusts additional system certs' do
|
139
|
+
path = tmpfile('system_cacerts')
|
140
|
+
File.write(path, cert_fixture('ca.pem').to_pem)
|
141
|
+
|
142
|
+
expect_any_instance_of(OpenSSL::X509::Store).to receive(:add_file).with(path)
|
143
|
+
|
144
|
+
subject.create_system_context(cacerts: [], path: path)
|
145
|
+
end
|
146
|
+
|
147
|
+
it 'ignores empty files' do
|
148
|
+
path = tmpfile('system_cacerts')
|
149
|
+
FileUtils.touch(path)
|
150
|
+
|
151
|
+
subject.create_system_context(cacerts: [], path: path)
|
152
|
+
|
153
|
+
expect(@logs).to eq([])
|
154
|
+
end
|
155
|
+
|
156
|
+
it 'prints an error if it is not a file' do
|
157
|
+
path = tmpdir('system_cacerts')
|
158
|
+
|
159
|
+
subject.create_system_context(cacerts: [], path: path)
|
160
|
+
|
161
|
+
expect(@logs).to include(an_object_having_attributes(level: :warning, message: /^The 'ssl_trust_store' setting does not refer to a file and will be ignored/))
|
162
|
+
end
|
137
163
|
end
|
138
164
|
|
139
165
|
context 'when creating an ssl context with crls' do
|
@@ -142,14 +168,14 @@ describe Puppet::SSL::SSLProvider do
|
|
142
168
|
it 'accepts valid CRLs' do
|
143
169
|
certs = [cert_fixture('ca.pem')]
|
144
170
|
crls = [crl_fixture('crl.pem')]
|
145
|
-
sslctx = subject.create_root_context(config.merge(cacerts: certs, crls: crls))
|
171
|
+
sslctx = subject.create_root_context(**config.merge(cacerts: certs, crls: crls))
|
146
172
|
expect(sslctx.crls).to eq(crls)
|
147
173
|
end
|
148
174
|
|
149
175
|
it 'accepts valid CRLs for intermediate certs' do
|
150
176
|
certs = [cert_fixture('ca.pem'), cert_fixture('intermediate.pem')]
|
151
177
|
crls = [crl_fixture('crl.pem'), crl_fixture('intermediate-crl.pem')]
|
152
|
-
sslctx = subject.create_root_context(config.merge(cacerts: certs, crls: crls))
|
178
|
+
sslctx = subject.create_root_context(**config.merge(cacerts: certs, crls: crls))
|
153
179
|
expect(sslctx.crls).to eq(crls)
|
154
180
|
end
|
155
181
|
|
@@ -157,12 +183,12 @@ describe Puppet::SSL::SSLProvider do
|
|
157
183
|
expired = [crl_fixture('crl.pem'), crl_fixture('intermediate-crl.pem')]
|
158
184
|
expired.each { |x509| x509.last_update = Time.at(0) }
|
159
185
|
|
160
|
-
sslctx = subject.create_root_context(config.merge(crls: expired))
|
186
|
+
sslctx = subject.create_root_context(**config.merge(crls: expired))
|
161
187
|
expect(sslctx.crls).to eq(expired)
|
162
188
|
end
|
163
189
|
|
164
190
|
it 'verifies peer' do
|
165
|
-
sslctx = subject.create_root_context(config)
|
191
|
+
sslctx = subject.create_root_context(**config)
|
166
192
|
expect(sslctx.verify_peer).to eq(true)
|
167
193
|
end
|
168
194
|
end
|
@@ -174,49 +200,49 @@ describe Puppet::SSL::SSLProvider do
|
|
174
200
|
|
175
201
|
it 'raises if CA certs are missing' do
|
176
202
|
expect {
|
177
|
-
subject.create_context(config.merge(cacerts: nil))
|
203
|
+
subject.create_context(**config.merge(cacerts: nil))
|
178
204
|
}.to raise_error(ArgumentError, /CA certs are missing/)
|
179
205
|
end
|
180
206
|
|
181
207
|
it 'raises if CRLs are are missing' do
|
182
208
|
expect {
|
183
|
-
subject.create_context(config.merge(crls: nil))
|
209
|
+
subject.create_context(**config.merge(crls: nil))
|
184
210
|
}.to raise_error(ArgumentError, /CRLs are missing/)
|
185
211
|
end
|
186
212
|
|
187
213
|
it 'raises if private key is missing' do
|
188
214
|
expect {
|
189
|
-
subject.create_context(config.merge(private_key: nil))
|
215
|
+
subject.create_context(**config.merge(private_key: nil))
|
190
216
|
}.to raise_error(ArgumentError, /Private key is missing/)
|
191
217
|
end
|
192
218
|
|
193
219
|
it 'raises if client cert is missing' do
|
194
220
|
expect {
|
195
|
-
subject.create_context(config.merge(client_cert: nil))
|
221
|
+
subject.create_context(**config.merge(client_cert: nil))
|
196
222
|
}.to raise_error(ArgumentError, /Client cert is missing/)
|
197
223
|
end
|
198
224
|
|
199
225
|
it 'accepts RSA keys' do
|
200
|
-
sslctx = subject.create_context(config)
|
226
|
+
sslctx = subject.create_context(**config)
|
201
227
|
expect(sslctx.private_key).to eq(private_key)
|
202
228
|
end
|
203
229
|
|
204
230
|
it 'accepts EC keys' do
|
205
231
|
ec_key = ec_key_fixture('ec-key.pem')
|
206
232
|
ec_cert = cert_fixture('ec.pem')
|
207
|
-
sslctx = subject.create_context(config.merge(client_cert: ec_cert, private_key: ec_key))
|
233
|
+
sslctx = subject.create_context(**config.merge(client_cert: ec_cert, private_key: ec_key))
|
208
234
|
expect(sslctx.private_key).to eq(ec_key)
|
209
235
|
end
|
210
236
|
|
211
237
|
it 'raises if private key is unsupported' do
|
212
238
|
dsa_key = OpenSSL::PKey::DSA.new
|
213
239
|
expect {
|
214
|
-
subject.create_context(config.merge(private_key: dsa_key))
|
240
|
+
subject.create_context(**config.merge(private_key: dsa_key))
|
215
241
|
}.to raise_error(Puppet::SSL::SSLError, /Unsupported key 'OpenSSL::PKey::DSA'/)
|
216
242
|
end
|
217
243
|
|
218
244
|
it 'resolves the client chain from leaf to root' do
|
219
|
-
sslctx = subject.create_context(config)
|
245
|
+
sslctx = subject.create_context(**config)
|
220
246
|
expect(
|
221
247
|
sslctx.client_chain.map(&:subject).map(&:to_utf8)
|
222
248
|
).to eq(['CN=signed', 'CN=Test CA Subauthority', 'CN=Test CA'])
|
@@ -225,21 +251,21 @@ describe Puppet::SSL::SSLProvider do
|
|
225
251
|
it 'raises if client cert signature is invalid' do
|
226
252
|
client_cert.sign(wrong_key, OpenSSL::Digest::SHA256.new)
|
227
253
|
expect {
|
228
|
-
subject.create_context(config.merge(client_cert: client_cert))
|
254
|
+
subject.create_context(**config.merge(client_cert: client_cert))
|
229
255
|
}.to raise_error(Puppet::SSL::CertVerifyError,
|
230
256
|
"Invalid signature for certificate 'CN=signed'")
|
231
257
|
end
|
232
258
|
|
233
259
|
it 'raises if client cert and private key are mismatched' do
|
234
260
|
expect {
|
235
|
-
subject.create_context(config.merge(private_key: wrong_key))
|
261
|
+
subject.create_context(**config.merge(private_key: wrong_key))
|
236
262
|
}.to raise_error(Puppet::SSL::SSLError,
|
237
263
|
"The certificate for 'CN=signed' does not match its private key")
|
238
264
|
end
|
239
265
|
|
240
266
|
it "raises if client cert's public key has been replaced" do
|
241
267
|
expect {
|
242
|
-
subject.create_context(config.merge(client_cert: cert_fixture('tampered-cert.pem')))
|
268
|
+
subject.create_context(**config.merge(client_cert: cert_fixture('tampered-cert.pem')))
|
243
269
|
}.to raise_error(Puppet::SSL::CertVerifyError,
|
244
270
|
"Invalid signature for certificate 'CN=signed'")
|
245
271
|
end
|
@@ -250,7 +276,7 @@ describe Puppet::SSL::SSLProvider do
|
|
250
276
|
ca.sign(wrong_key, OpenSSL::Digest::SHA256.new)
|
251
277
|
|
252
278
|
expect {
|
253
|
-
subject.create_context(config.merge(cacerts: global_cacerts))
|
279
|
+
subject.create_context(**config.merge(cacerts: global_cacerts))
|
254
280
|
}.to raise_error(Puppet::SSL::CertVerifyError,
|
255
281
|
"Invalid signature for certificate 'CN=Test CA'")
|
256
282
|
end
|
@@ -260,7 +286,7 @@ describe Puppet::SSL::SSLProvider do
|
|
260
286
|
int.sign(wrong_key, OpenSSL::Digest::SHA256.new)
|
261
287
|
|
262
288
|
expect {
|
263
|
-
subject.create_context(config.merge(cacerts: global_cacerts))
|
289
|
+
subject.create_context(**config.merge(cacerts: global_cacerts))
|
264
290
|
}.to raise_error(Puppet::SSL::CertVerifyError,
|
265
291
|
"Invalid signature for certificate 'CN=Test CA Subauthority'")
|
266
292
|
end
|
@@ -270,7 +296,7 @@ describe Puppet::SSL::SSLProvider do
|
|
270
296
|
crl.sign(wrong_key, OpenSSL::Digest::SHA256.new)
|
271
297
|
|
272
298
|
expect {
|
273
|
-
subject.create_context(config.merge(crls: global_crls))
|
299
|
+
subject.create_context(**config.merge(crls: global_crls))
|
274
300
|
}.to raise_error(Puppet::SSL::CertVerifyError,
|
275
301
|
"Invalid signature for CRL issued by 'CN=Test CA'")
|
276
302
|
end
|
@@ -280,14 +306,14 @@ describe Puppet::SSL::SSLProvider do
|
|
280
306
|
crl.sign(wrong_key, OpenSSL::Digest::SHA256.new)
|
281
307
|
|
282
308
|
expect {
|
283
|
-
subject.create_context(config.merge(crls: global_crls))
|
309
|
+
subject.create_context(**config.merge(crls: global_crls))
|
284
310
|
}.to raise_error(Puppet::SSL::CertVerifyError,
|
285
311
|
"Invalid signature for CRL issued by 'CN=Test CA Subauthority'")
|
286
312
|
end
|
287
313
|
|
288
314
|
it 'raises if client cert is revoked' do
|
289
315
|
expect {
|
290
|
-
subject.create_context(config.merge(private_key: key_fixture('revoked-key.pem'), client_cert: cert_fixture('revoked.pem')))
|
316
|
+
subject.create_context(**config.merge(private_key: key_fixture('revoked-key.pem'), client_cert: cert_fixture('revoked.pem')))
|
291
317
|
}.to raise_error(Puppet::SSL::CertVerifyError,
|
292
318
|
"Certificate 'CN=revoked' is revoked")
|
293
319
|
end
|
@@ -295,12 +321,12 @@ describe Puppet::SSL::SSLProvider do
|
|
295
321
|
it 'warns if intermediate issuer is missing' do
|
296
322
|
expect(Puppet).to receive(:warning).with("The issuer 'CN=Test CA Subauthority' of certificate 'CN=signed' cannot be found locally")
|
297
323
|
|
298
|
-
subject.create_context(config.merge(cacerts: [cert_fixture('ca.pem')]))
|
324
|
+
subject.create_context(**config.merge(cacerts: [cert_fixture('ca.pem')]))
|
299
325
|
end
|
300
326
|
|
301
327
|
it 'raises if root issuer is missing' do
|
302
328
|
expect {
|
303
|
-
subject.create_context(config.merge(cacerts: [cert_fixture('intermediate.pem')]))
|
329
|
+
subject.create_context(**config.merge(cacerts: [cert_fixture('intermediate.pem')]))
|
304
330
|
}.to raise_error(Puppet::SSL::CertVerifyError,
|
305
331
|
"The issuer 'CN=Test CA' of certificate 'CN=Test CA Subauthority' is missing")
|
306
332
|
end
|
@@ -308,7 +334,7 @@ describe Puppet::SSL::SSLProvider do
|
|
308
334
|
it 'raises if cert is not valid yet', unless: Puppet::Util::Platform.jruby? do
|
309
335
|
client_cert.not_before = Time.now + (5 * 60 * 60)
|
310
336
|
expect {
|
311
|
-
subject.create_context(config.merge(client_cert: client_cert))
|
337
|
+
subject.create_context(**config.merge(client_cert: client_cert))
|
312
338
|
}.to raise_error(Puppet::SSL::CertVerifyError,
|
313
339
|
"The certificate 'CN=signed' is not yet valid, verify time is synchronized")
|
314
340
|
end
|
@@ -316,7 +342,7 @@ describe Puppet::SSL::SSLProvider do
|
|
316
342
|
it 'raises if cert is expired', unless: Puppet::Util::Platform.jruby? do
|
317
343
|
client_cert.not_after = Time.at(0)
|
318
344
|
expect {
|
319
|
-
subject.create_context(config.merge(client_cert: client_cert))
|
345
|
+
subject.create_context(**config.merge(client_cert: client_cert))
|
320
346
|
}.to raise_error(Puppet::SSL::CertVerifyError,
|
321
347
|
"The certificate 'CN=signed' has expired, verify time is synchronized")
|
322
348
|
end
|
@@ -327,7 +353,7 @@ describe Puppet::SSL::SSLProvider do
|
|
327
353
|
future_crls.first.last_update = Time.now + (5 * 60 * 60)
|
328
354
|
|
329
355
|
expect {
|
330
|
-
subject.create_context(config.merge(crls: future_crls))
|
356
|
+
subject.create_context(**config.merge(crls: future_crls))
|
331
357
|
}.to raise_error(Puppet::SSL::CertVerifyError,
|
332
358
|
"The CRL issued by 'CN=Test CA' is not yet valid, verify time is synchronized")
|
333
359
|
end
|
@@ -338,7 +364,7 @@ describe Puppet::SSL::SSLProvider do
|
|
338
364
|
past_crls.first.next_update = Time.at(0)
|
339
365
|
|
340
366
|
expect {
|
341
|
-
subject.create_context(config.merge(crls: past_crls))
|
367
|
+
subject.create_context(**config.merge(crls: past_crls))
|
342
368
|
}.to raise_error(Puppet::SSL::CertVerifyError,
|
343
369
|
"The CRL issued by 'CN=Test CA' has expired, verify time is synchronized")
|
344
370
|
end
|
@@ -346,7 +372,7 @@ describe Puppet::SSL::SSLProvider do
|
|
346
372
|
it 'raises if the root CRL is missing' do
|
347
373
|
crls = [crl_fixture('intermediate-crl.pem')]
|
348
374
|
expect {
|
349
|
-
subject.create_context(config.merge(crls: crls, revocation: :chain))
|
375
|
+
subject.create_context(**config.merge(crls: crls, revocation: :chain))
|
350
376
|
}.to raise_error(Puppet::SSL::CertVerifyError,
|
351
377
|
"The CRL issued by 'CN=Test CA' is missing")
|
352
378
|
end
|
@@ -354,23 +380,23 @@ describe Puppet::SSL::SSLProvider do
|
|
354
380
|
it 'raises if the intermediate CRL is missing' do
|
355
381
|
crls = [crl_fixture('crl.pem')]
|
356
382
|
expect {
|
357
|
-
subject.create_context(config.merge(crls: crls))
|
383
|
+
subject.create_context(**config.merge(crls: crls))
|
358
384
|
}.to raise_error(Puppet::SSL::CertVerifyError,
|
359
385
|
"The CRL issued by 'CN=Test CA Subauthority' is missing")
|
360
386
|
end
|
361
387
|
|
362
388
|
it "doesn't raise if the root CRL is missing and we're just checking the leaf" do
|
363
389
|
crls = [crl_fixture('intermediate-crl.pem')]
|
364
|
-
subject.create_context(config.merge(crls: crls, revocation: :leaf))
|
390
|
+
subject.create_context(**config.merge(crls: crls, revocation: :leaf))
|
365
391
|
end
|
366
392
|
|
367
393
|
it "doesn't raise if the intermediate CRL is missing and revocation checking is disabled" do
|
368
394
|
crls = [crl_fixture('crl.pem')]
|
369
|
-
subject.create_context(config.merge(crls: crls, revocation: false))
|
395
|
+
subject.create_context(**config.merge(crls: crls, revocation: false))
|
370
396
|
end
|
371
397
|
|
372
398
|
it "doesn't raise if both CRLs are missing and revocation checking is disabled" do
|
373
|
-
subject.create_context(config.merge(crls: [], revocation: false))
|
399
|
+
subject.create_context(**config.merge(crls: [], revocation: false))
|
374
400
|
end
|
375
401
|
|
376
402
|
# OpenSSL < 1.1 does not verify basicConstraints
|
@@ -378,7 +404,7 @@ describe Puppet::SSL::SSLProvider do
|
|
378
404
|
certs = [cert_fixture('bad-basic-constraints.pem'), cert_fixture('intermediate.pem')]
|
379
405
|
|
380
406
|
expect {
|
381
|
-
subject.create_context(config.merge(cacerts: certs, crls: [], revocation: false))
|
407
|
+
subject.create_context(**config.merge(cacerts: certs, crls: [], revocation: false))
|
382
408
|
}.to raise_error(Puppet::SSL::CertVerifyError,
|
383
409
|
"Certificate 'CN=Test CA' failed verification (24): invalid CA certificate")
|
384
410
|
end
|
@@ -388,32 +414,32 @@ describe Puppet::SSL::SSLProvider do
|
|
388
414
|
certs = [cert_fixture('ca.pem'), cert_fixture('bad-int-basic-constraints.pem')]
|
389
415
|
|
390
416
|
expect {
|
391
|
-
subject.create_context(config.merge(cacerts: certs, crls: [], revocation: false))
|
417
|
+
subject.create_context(**config.merge(cacerts: certs, crls: [], revocation: false))
|
392
418
|
}.to raise_error(Puppet::SSL::CertVerifyError,
|
393
419
|
"Certificate 'CN=Test CA Subauthority' failed verification (24): invalid CA certificate")
|
394
420
|
end
|
395
421
|
|
396
422
|
it 'accepts CA certs in any order' do
|
397
|
-
sslctx = subject.create_context(config.merge(cacerts: global_cacerts.reverse))
|
423
|
+
sslctx = subject.create_context(**config.merge(cacerts: global_cacerts.reverse))
|
398
424
|
# certs in ruby+openssl 1.0.x are not comparable, so compare subjects
|
399
425
|
expect(sslctx.client_chain.map(&:subject).map(&:to_utf8)).to contain_exactly('CN=Test CA', 'CN=Test CA Subauthority', 'CN=signed')
|
400
426
|
end
|
401
427
|
|
402
428
|
it 'accepts CRLs in any order' do
|
403
|
-
sslctx = subject.create_context(config.merge(crls: global_crls.reverse))
|
429
|
+
sslctx = subject.create_context(**config.merge(crls: global_crls.reverse))
|
404
430
|
# certs in ruby+openssl 1.0.x are not comparable, so compare subjects
|
405
431
|
expect(sslctx.client_chain.map(&:subject).map(&:to_utf8)).to contain_exactly('CN=Test CA', 'CN=Test CA Subauthority', 'CN=signed')
|
406
432
|
end
|
407
433
|
|
408
434
|
it 'raises if the frozen context is modified' do
|
409
|
-
sslctx = subject.create_context(config)
|
435
|
+
sslctx = subject.create_context(**config)
|
410
436
|
expect {
|
411
437
|
sslctx.verify_peer = false
|
412
438
|
}.to raise_error(/can't modify frozen/)
|
413
439
|
end
|
414
440
|
|
415
441
|
it 'verifies peer' do
|
416
|
-
sslctx = subject.create_context(config)
|
442
|
+
sslctx = subject.create_context(**config)
|
417
443
|
expect(sslctx.verify_peer).to eq(true)
|
418
444
|
end
|
419
445
|
end
|