puppet 6.16.0-x64-mingw32 → 7.0.0-x64-mingw32
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Gemfile +5 -3
- data/Gemfile.lock +31 -33
- data/README.md +4 -5
- data/Rakefile +4 -12
- data/conf/fileserver.conf +5 -10
- data/ext/build_defaults.yaml +1 -1
- data/ext/osx/file_mapping.yaml +0 -5
- data/ext/project_data.yaml +1 -14
- data/ext/redhat/puppet.spec.erb +0 -1
- data/ext/windows/service/daemon.rb +6 -5
- data/install.rb +21 -17
- data/lib/puppet.rb +11 -20
- data/lib/puppet/agent.rb +2 -2
- data/lib/puppet/agent/locker.rb +0 -7
- data/lib/puppet/application.rb +172 -98
- data/lib/puppet/application/agent.rb +22 -6
- data/lib/puppet/application/apply.rb +18 -20
- data/lib/puppet/application/device.rb +100 -104
- data/lib/puppet/application/doc.rb +1 -1
- data/lib/puppet/application/filebucket.rb +15 -11
- data/lib/puppet/application/lookup.rb +16 -4
- data/lib/puppet/application/ssl.rb +1 -1
- data/lib/puppet/configurer.rb +66 -31
- data/lib/puppet/configurer/downloader.rb +31 -10
- data/lib/puppet/configurer/plugin_handler.rb +21 -19
- data/lib/puppet/confine.rb +2 -2
- data/lib/puppet/confine/any.rb +1 -1
- data/lib/puppet/defaults.rb +166 -169
- data/lib/puppet/environments.rb +41 -15
- data/lib/puppet/face/catalog.rb +1 -1
- data/lib/puppet/face/config.rb +56 -16
- data/lib/puppet/face/epp.rb +12 -2
- data/lib/puppet/face/facts.rb +66 -6
- data/lib/puppet/face/help.rb +1 -1
- data/lib/puppet/face/node.rb +3 -3
- data/lib/puppet/face/node/clean.rb +2 -2
- data/lib/puppet/face/plugin.rb +5 -8
- data/lib/puppet/feature/base.rb +1 -1
- data/lib/puppet/ffi/windows.rb +12 -0
- data/lib/puppet/ffi/windows/api_types.rb +311 -0
- data/lib/puppet/ffi/windows/constants.rb +404 -0
- data/lib/puppet/ffi/windows/functions.rb +628 -0
- data/lib/puppet/ffi/windows/structs.rb +338 -0
- data/lib/puppet/file_bucket/dipper.rb +1 -1
- data/lib/puppet/file_serving/configuration.rb +0 -5
- data/lib/puppet/file_serving/configuration/parser.rb +3 -32
- data/lib/puppet/file_serving/http_metadata.rb +13 -1
- data/lib/puppet/file_serving/metadata.rb +4 -1
- data/lib/puppet/file_serving/mount.rb +1 -2
- data/lib/puppet/file_serving/mount/locales.rb +1 -2
- data/lib/puppet/file_serving/mount/pluginfacts.rb +1 -2
- data/lib/puppet/file_serving/mount/plugins.rb +1 -2
- data/lib/puppet/file_serving/terminus_selector.rb +7 -8
- data/lib/puppet/file_system/file_impl.rb +4 -4
- data/lib/puppet/file_system/uniquefile.rb +8 -16
- data/lib/puppet/forge.rb +1 -1
- data/lib/puppet/forge/cache.rb +1 -1
- data/lib/puppet/forge/repository.rb +3 -8
- data/lib/puppet/functions/epp.rb +1 -0
- data/lib/puppet/functions/inline_epp.rb +1 -0
- data/lib/puppet/functions/lstrip.rb +4 -4
- data/lib/puppet/functions/new.rb +8 -3
- data/lib/puppet/functions/reverse_each.rb +1 -1
- data/lib/puppet/functions/rstrip.rb +4 -4
- data/lib/puppet/functions/step.rb +1 -1
- data/lib/puppet/functions/strip.rb +4 -4
- data/lib/puppet/generate/models/type/type.rb +4 -1
- data/lib/puppet/gettext/config.rb +5 -5
- data/lib/puppet/gettext/module_translations.rb +4 -4
- data/lib/puppet/http.rb +23 -13
- data/lib/puppet/http/client.rb +170 -115
- data/lib/puppet/{network/resolver.rb → http/dns.rb} +2 -2
- data/lib/puppet/http/errors.rb +16 -0
- data/lib/puppet/http/external_client.rb +5 -7
- data/lib/puppet/{network/http → http}/factory.rb +8 -11
- data/lib/puppet/{network/http → http}/pool.rb +61 -26
- data/lib/puppet/{network/http/session.rb → http/pool_entry.rb} +2 -3
- data/lib/puppet/http/proxy.rb +137 -0
- data/lib/puppet/http/redirector.rb +13 -19
- data/lib/puppet/http/resolver.rb +10 -23
- data/lib/puppet/http/resolver/server_list.rb +23 -45
- data/lib/puppet/http/resolver/settings.rb +7 -10
- data/lib/puppet/http/resolver/srv.rb +11 -15
- data/lib/puppet/http/response.rb +49 -48
- data/lib/puppet/http/response_converter.rb +24 -0
- data/lib/puppet/http/response_net_http.rb +42 -0
- data/lib/puppet/http/retry_after_handler.rb +4 -13
- data/lib/puppet/http/service.rb +15 -27
- data/lib/puppet/http/service/ca.rb +11 -22
- data/lib/puppet/http/service/compiler.rb +23 -70
- data/lib/puppet/http/service/file_server.rb +19 -28
- data/lib/puppet/http/service/puppetserver.rb +53 -0
- data/lib/puppet/http/service/report.rb +8 -10
- data/lib/puppet/http/session.rb +16 -24
- data/lib/puppet/{network/http → http}/site.rb +1 -2
- data/lib/puppet/indirector.rb +1 -1
- data/lib/puppet/indirector/catalog/compiler.rb +1 -1
- data/lib/puppet/indirector/catalog/rest.rb +2 -4
- data/lib/puppet/indirector/exec.rb +1 -1
- data/lib/puppet/indirector/fact_search.rb +60 -0
- data/lib/puppet/indirector/facts/facter.rb +27 -6
- data/lib/puppet/indirector/facts/json.rb +27 -0
- data/lib/puppet/indirector/facts/rest.rb +3 -22
- data/lib/puppet/indirector/facts/yaml.rb +4 -59
- data/lib/puppet/indirector/file_bucket_file/rest.rb +3 -9
- data/lib/puppet/indirector/file_content/rest.rb +3 -7
- data/lib/puppet/indirector/file_metadata/http.rb +25 -5
- data/lib/puppet/indirector/file_metadata/rest.rb +5 -11
- data/lib/puppet/indirector/file_server.rb +1 -8
- data/lib/puppet/indirector/generic_http.rb +0 -11
- data/lib/puppet/indirector/hiera.rb +4 -0
- data/lib/puppet/indirector/indirection.rb +1 -1
- data/lib/puppet/indirector/json.rb +5 -1
- data/lib/puppet/indirector/msgpack.rb +1 -1
- data/lib/puppet/indirector/node/json.rb +8 -0
- data/lib/puppet/indirector/node/rest.rb +2 -4
- data/lib/puppet/indirector/report/json.rb +34 -0
- data/lib/puppet/indirector/report/processor.rb +2 -2
- data/lib/puppet/indirector/report/rest.rb +3 -8
- data/lib/puppet/indirector/request.rb +2 -103
- data/lib/puppet/indirector/rest.rb +12 -263
- data/lib/puppet/indirector/yaml.rb +1 -1
- data/lib/puppet/module.rb +1 -2
- data/lib/puppet/module_tool/applications.rb +0 -1
- data/lib/puppet/network/authconfig.rb +2 -96
- data/lib/puppet/network/authorization.rb +13 -35
- data/lib/puppet/network/format_support.rb +2 -2
- data/lib/puppet/network/formats.rb +2 -1
- data/lib/puppet/network/http.rb +3 -3
- data/lib/puppet/network/http/api/indirected_routes.rb +3 -21
- data/lib/puppet/network/http/api/master/v3.rb +11 -13
- data/lib/puppet/network/http/api/master/v3/environments.rb +0 -1
- data/lib/puppet/network/http/connection.rb +247 -316
- data/lib/puppet/network/http/handler.rb +0 -1
- data/lib/puppet/network/http/route.rb +2 -2
- data/lib/puppet/network/http_pool.rb +16 -34
- data/lib/puppet/node.rb +1 -30
- data/lib/puppet/node/environment.rb +12 -5
- data/lib/puppet/node/facts.rb +17 -0
- data/lib/puppet/pal/json_catalog_encoder.rb +4 -0
- data/lib/puppet/pal/pal_impl.rb +93 -14
- data/lib/puppet/parameter.rb +1 -1
- data/lib/puppet/parser/ast/leaf.rb +5 -5
- data/lib/puppet/parser/ast/pops_bridge.rb +0 -42
- data/lib/puppet/parser/compiler.rb +1 -199
- data/lib/puppet/parser/compiler/catalog_validator/relationship_validator.rb +14 -39
- data/lib/puppet/parser/functions.rb +21 -17
- data/lib/puppet/parser/functions/create_resources.rb +11 -7
- data/lib/puppet/parser/resource.rb +3 -71
- data/lib/puppet/parser/resource/param.rb +6 -0
- data/lib/puppet/parser/type_loader.rb +2 -2
- data/lib/puppet/pops/adaptable.rb +7 -13
- data/lib/puppet/pops/adapters.rb +8 -4
- data/lib/puppet/pops/evaluator/collectors/abstract_collector.rb +1 -3
- data/lib/puppet/pops/evaluator/evaluator_impl.rb +27 -13
- data/lib/puppet/pops/evaluator/runtime3_converter.rb +2 -2
- data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +3 -3
- data/lib/puppet/pops/evaluator/runtime3_support.rb +1 -1
- data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +6 -8
- data/lib/puppet/pops/loader/runtime3_type_loader.rb +4 -2
- data/lib/puppet/pops/loaders.rb +18 -11
- data/lib/puppet/pops/lookup/context.rb +1 -1
- data/lib/puppet/pops/lookup/hiera_config.rb +14 -1
- data/lib/puppet/pops/model/ast.pp +0 -42
- data/lib/puppet/pops/model/ast.rb +0 -290
- data/lib/puppet/pops/model/factory.rb +0 -45
- data/lib/puppet/pops/model/model_label_provider.rb +0 -5
- data/lib/puppet/pops/model/model_tree_dumper.rb +0 -22
- data/lib/puppet/pops/model/pn_transformer.rb +0 -16
- data/lib/puppet/pops/parser/egrammar.ra +0 -56
- data/lib/puppet/pops/parser/eparser.rb +1520 -1712
- data/lib/puppet/pops/parser/lexer2.rb +4 -4
- data/lib/puppet/pops/parser/parser_support.rb +0 -5
- data/lib/puppet/pops/resource/resource_type_impl.rb +2 -22
- data/lib/puppet/pops/types/iterable.rb +34 -8
- data/lib/puppet/pops/types/p_meta_type.rb +1 -1
- data/lib/puppet/pops/types/p_type_set_type.rb +4 -0
- data/lib/puppet/pops/types/type_calculator.rb +0 -7
- data/lib/puppet/pops/types/type_parser.rb +0 -4
- data/lib/puppet/pops/types/types.rb +0 -1
- data/lib/puppet/pops/validation/checker4_0.rb +28 -42
- data/lib/puppet/pops/validation/tasks_checker.rb +0 -12
- data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -1
- data/lib/puppet/provider.rb +0 -13
- data/lib/puppet/provider/file/windows.rb +1 -1
- data/lib/puppet/provider/nameservice.rb +0 -18
- data/lib/puppet/provider/package/apt.rb +34 -0
- data/lib/puppet/provider/package/aptitude.rb +1 -1
- data/lib/puppet/provider/package/dpkg.rb +1 -11
- data/lib/puppet/provider/package/gem.rb +27 -5
- data/lib/puppet/provider/package/pip.rb +0 -1
- data/lib/puppet/provider/package/pip2.rb +17 -0
- data/lib/puppet/provider/package/pkg.rb +0 -4
- data/lib/puppet/provider/package/portage.rb +1 -1
- data/lib/puppet/provider/package/puppet_gem.rb +6 -4
- data/lib/puppet/provider/package/puppetserver_gem.rb +180 -0
- data/lib/puppet/provider/package/yum.rb +2 -1
- data/lib/puppet/provider/package/zypper.rb +3 -0
- data/lib/puppet/provider/service/smf.rb +191 -73
- data/lib/puppet/provider/service/windows.rb +23 -7
- data/lib/puppet/provider/user/aix.rb +1 -1
- data/lib/puppet/provider/user/directoryservice.rb +0 -10
- data/lib/puppet/provider/user/user_role_add.rb +1 -1
- data/lib/puppet/provider/user/useradd.rb +11 -4
- data/lib/puppet/provider/user/windows_adsi.rb +18 -1
- data/lib/puppet/reference/configuration.rb +2 -0
- data/lib/puppet/reference/indirection.rb +1 -1
- data/lib/puppet/reports/http.rb +2 -0
- data/lib/puppet/resource.rb +3 -90
- data/lib/puppet/resource/catalog.rb +1 -14
- data/lib/puppet/resource/type.rb +5 -112
- data/lib/puppet/resource/type_collection.rb +3 -48
- data/lib/puppet/runtime.rb +1 -2
- data/lib/puppet/settings.rb +84 -35
- data/lib/puppet/settings/base_setting.rb +26 -2
- data/lib/puppet/settings/integer_setting.rb +17 -0
- data/lib/puppet/settings/port_setting.rb +15 -0
- data/lib/puppet/settings/priority_setting.rb +5 -4
- data/lib/puppet/ssl.rb +10 -6
- data/lib/puppet/ssl/base.rb +3 -5
- data/lib/puppet/ssl/certificate.rb +0 -6
- data/lib/puppet/ssl/certificate_request.rb +1 -12
- data/lib/puppet/ssl/certificate_signer.rb +6 -0
- data/lib/puppet/ssl/oids.rb +3 -1
- data/lib/puppet/ssl/ssl_context.rb +2 -2
- data/lib/puppet/ssl/ssl_provider.rb +37 -1
- data/lib/puppet/ssl/state_machine.rb +3 -1
- data/lib/puppet/ssl/verifier.rb +2 -0
- data/lib/puppet/test/test_helper.rb +19 -16
- data/lib/puppet/transaction.rb +3 -9
- data/lib/puppet/transaction/persistence.rb +1 -1
- data/lib/puppet/transaction/report.rb +10 -8
- data/lib/puppet/trusted_external.rb +29 -1
- data/lib/puppet/type.rb +9 -77
- data/lib/puppet/type/file.rb +45 -22
- data/lib/puppet/type/file/checksum.rb +5 -5
- data/lib/puppet/type/file/source.rb +33 -13
- data/lib/puppet/type/filebucket.rb +4 -4
- data/lib/puppet/type/notify.rb +2 -2
- data/lib/puppet/type/package.rb +5 -13
- data/lib/puppet/type/service.rb +53 -0
- data/lib/puppet/type/user.rb +18 -3
- data/lib/puppet/util.rb +41 -3
- data/lib/puppet/util/autoload.rb +9 -7
- data/lib/puppet/util/character_encoding.rb +9 -5
- data/lib/puppet/util/checksums.rb +19 -4
- data/lib/puppet/util/execution.rb +2 -13
- data/lib/puppet/util/fileparsing.rb +2 -2
- data/lib/puppet/util/http_proxy.rb +2 -215
- data/lib/puppet/util/monkey_patches.rb +0 -46
- data/lib/puppet/util/provider_features.rb +1 -1
- data/lib/puppet/util/rdoc.rb +0 -7
- data/lib/puppet/util/reference.rb +1 -1
- data/lib/puppet/util/retry_action.rb +1 -1
- data/lib/puppet/util/rubygems.rb +5 -1
- data/lib/puppet/util/run_mode.rb +14 -2
- data/lib/puppet/util/windows.rb +3 -7
- data/lib/puppet/util/windows/daemon.rb +360 -0
- data/lib/puppet/util/windows/error.rb +1 -0
- data/lib/puppet/util/windows/eventlog.rb +5 -15
- data/lib/puppet/util/windows/file.rb +8 -242
- data/lib/puppet/util/windows/monkey_patches/process.rb +414 -0
- data/lib/puppet/util/windows/principal.rb +8 -6
- data/lib/puppet/util/windows/process.rb +4 -226
- data/lib/puppet/util/windows/registry.rb +11 -11
- data/lib/puppet/util/windows/security.rb +4 -4
- data/lib/puppet/util/windows/service.rb +52 -486
- data/lib/puppet/util/windows/string.rb +12 -13
- data/lib/puppet/util/windows/user.rb +242 -8
- data/lib/puppet/util/yaml.rb +0 -22
- data/lib/puppet/vendor/require_vendored.rb +0 -1
- data/lib/puppet/version.rb +1 -1
- data/lib/puppet/x509.rb +5 -1
- data/lib/puppet/x509/cert_provider.rb +29 -1
- data/locales/puppet.pot +713 -1380
- data/man/man5/puppet.conf.5 +84 -98
- data/man/man8/puppet-agent.8 +7 -4
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +6 -6
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +55 -9
- data/man/man8/puppet-filebucket.8 +6 -6
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-lookup.8 +2 -2
- data/man/man8/puppet-module.8 +1 -58
- data/man/man8/puppet-node.8 +7 -4
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +4 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +1 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/integration/application/apply/environments/spec/modules/amod/lib/puppet/provider/applytest/applytest.rb +2 -0
- data/spec/fixtures/integration/application/apply/environments/spec/modules/amod/lib/puppet/type/applytest.rb +25 -0
- data/spec/fixtures/unit/forge/bacula-releases.json +128 -0
- data/spec/fixtures/unit/forge/bacula.tar.gz +0 -0
- data/spec/fixtures/unit/provider/package/puppetserver_gem/gem-list-local-packages +30 -0
- data/spec/fixtures/unit/provider/service/smf/{svcs.out → svcs_instances.out} +0 -0
- data/spec/integration/application/agent_spec.rb +157 -59
- data/spec/integration/application/apply_spec.rb +150 -150
- data/spec/integration/application/doc_spec.rb +16 -6
- data/spec/integration/application/filebucket_spec.rb +78 -29
- data/spec/integration/application/help_spec.rb +44 -0
- data/spec/integration/application/lookup_spec.rb +13 -0
- data/spec/integration/application/module_spec.rb +68 -0
- data/spec/integration/application/plugin_spec.rb +76 -4
- data/spec/integration/configurer_spec.rb +14 -0
- data/spec/integration/data_binding_spec.rb +82 -0
- data/spec/integration/defaults_spec.rb +33 -5
- data/spec/integration/directory_environments_spec.rb +17 -17
- data/spec/integration/environments/setting_hooks_spec.rb +1 -1
- data/spec/integration/indirector/facts/facter_spec.rb +8 -6
- data/spec/integration/network/http_pool_spec.rb +29 -30
- data/spec/integration/node/environment_spec.rb +1 -1
- data/spec/integration/parser/catalog_spec.rb +0 -38
- data/spec/integration/parser/compiler_spec.rb +11 -0
- data/spec/integration/parser/node_spec.rb +0 -9
- data/spec/integration/parser/pcore_resource_spec.rb +0 -37
- data/spec/integration/type/file_spec.rb +6 -5
- data/spec/integration/util/execution_spec.rb +22 -0
- data/spec/integration/util/windows/adsi_spec.rb +2 -2
- data/spec/integration/util/windows/monkey_patches/process_spec.rb +231 -0
- data/spec/integration/util/windows/process_spec.rb +26 -32
- data/spec/integration/util/windows/registry_spec.rb +7 -7
- data/spec/integration/util/windows/security_spec.rb +1 -1
- data/spec/integration/util/windows/user_spec.rb +47 -5
- data/spec/integration/util_spec.rb +7 -33
- data/spec/lib/puppet_spec/matchers.rb +0 -80
- data/spec/lib/puppet_spec/puppetserver.rb +9 -1
- data/spec/lib/puppet_spec/settings.rb +7 -1
- data/spec/shared_contexts/types_setup.rb +2 -0
- data/spec/spec_helper.rb +2 -0
- data/spec/unit/agent_spec.rb +0 -2
- data/spec/unit/application/agent_spec.rb +3 -4
- data/spec/unit/application/config_spec.rb +224 -4
- data/spec/unit/application/doc_spec.rb +2 -2
- data/spec/unit/application/face_base_spec.rb +6 -4
- data/spec/unit/application/facts_spec.rb +74 -8
- data/spec/unit/application/filebucket_spec.rb +41 -39
- data/spec/unit/application/resource_spec.rb +3 -1
- data/spec/unit/application/ssl_spec.rb +17 -4
- data/spec/unit/application_spec.rb +9 -4
- data/spec/unit/certificate_factory_spec.rb +1 -1
- data/spec/unit/configurer/downloader_spec.rb +14 -0
- data/spec/unit/configurer/fact_handler_spec.rb +4 -4
- data/spec/unit/configurer/plugin_handler_spec.rb +56 -18
- data/spec/unit/configurer_spec.rb +96 -44
- data/spec/unit/confine_spec.rb +2 -1
- data/spec/unit/context/trusted_information_spec.rb +12 -10
- data/spec/unit/defaults_spec.rb +77 -28
- data/spec/unit/environments_spec.rb +96 -32
- data/spec/unit/face/config_spec.rb +65 -12
- data/spec/unit/face/facts_spec.rb +4 -0
- data/spec/unit/face/node_spec.rb +2 -2
- data/spec/unit/face/plugin_spec.rb +73 -33
- data/spec/unit/file_bucket/file_spec.rb +1 -1
- data/spec/unit/file_serving/configuration/parser_spec.rb +14 -18
- data/spec/unit/file_serving/configuration_spec.rb +6 -12
- data/spec/unit/file_serving/http_metadata_spec.rb +37 -14
- data/spec/unit/file_serving/mount/locales_spec.rb +2 -2
- data/spec/unit/file_serving/mount/pluginfacts_spec.rb +2 -2
- data/spec/unit/file_serving/mount/plugins_spec.rb +2 -2
- data/spec/unit/file_serving/terminus_selector_spec.rb +45 -26
- data/spec/unit/file_system/uniquefile_spec.rb +18 -0
- data/spec/unit/file_system_spec.rb +1 -2
- data/spec/unit/functions/camelcase_spec.rb +1 -1
- data/spec/unit/functions/capitalize_spec.rb +1 -1
- data/spec/unit/functions/downcase_spec.rb +1 -1
- data/spec/unit/functions/inline_epp_spec.rb +26 -1
- data/spec/unit/functions/upcase_spec.rb +1 -1
- data/spec/unit/http/client_spec.rb +71 -17
- data/spec/unit/{network/resolver_spec.rb → http/dns_spec.rb} +3 -3
- data/spec/unit/http/external_client_spec.rb +4 -4
- data/spec/unit/{network/http → http}/factory_spec.rb +5 -11
- data/spec/unit/{network/http/session_spec.rb → http/pool_entry_spec.rb} +3 -3
- data/spec/unit/{network/http → http}/pool_spec.rb +12 -17
- data/spec/unit/{util/http_proxy_spec.rb → http/proxy_spec.rb} +2 -69
- data/spec/unit/http/resolver_spec.rb +34 -15
- data/spec/unit/http/response_spec.rb +6 -0
- data/spec/unit/http/service/ca_spec.rb +2 -3
- data/spec/unit/http/service/compiler_spec.rb +51 -65
- data/spec/unit/http/service/file_server_spec.rb +5 -6
- data/spec/unit/http/service/puppetserver_spec.rb +112 -0
- data/spec/unit/http/service/report_spec.rb +2 -3
- data/spec/unit/http/service_spec.rb +1 -3
- data/spec/unit/http/session_spec.rb +24 -35
- data/spec/unit/{network/http → http}/site_spec.rb +3 -3
- data/spec/unit/indirector/catalog/json_spec.rb +1 -1
- data/spec/unit/indirector/catalog/rest_spec.rb +1 -1
- data/spec/unit/indirector/facts/facter_spec.rb +97 -0
- data/spec/unit/indirector/facts/json_spec.rb +255 -0
- data/spec/unit/indirector/facts/rest_spec.rb +1 -1
- data/spec/unit/indirector/file_bucket_file/file_spec.rb +5 -3
- data/spec/unit/indirector/file_content/rest_spec.rb +0 -4
- data/spec/unit/indirector/file_metadata/http_spec.rb +27 -0
- data/spec/unit/indirector/file_metadata/rest_spec.rb +0 -4
- data/spec/unit/indirector/file_server_spec.rb +1 -15
- data/spec/unit/indirector/json_spec.rb +8 -8
- data/spec/unit/indirector/msgpack_spec.rb +8 -8
- data/spec/unit/indirector/node/json_spec.rb +33 -0
- data/spec/unit/indirector/node/rest_spec.rb +1 -1
- data/spec/{integration/indirector/report/yaml.rb → unit/indirector/report/json_spec.rb} +13 -24
- data/spec/unit/indirector/report/rest_spec.rb +2 -17
- data/spec/unit/indirector/report/yaml_spec.rb +72 -8
- data/spec/unit/indirector/request_spec.rb +3 -267
- data/spec/unit/indirector/rest_spec.rb +98 -752
- data/spec/unit/indirector/yaml_spec.rb +7 -7
- data/spec/unit/interface_spec.rb +3 -3
- data/spec/unit/module_tool/tar/mini_spec.rb +20 -0
- data/spec/unit/network/authconfig_spec.rb +2 -132
- data/spec/unit/network/authorization_spec.rb +2 -55
- data/spec/unit/network/format_support_spec.rb +3 -2
- data/spec/unit/network/formats_spec.rb +4 -4
- data/spec/unit/network/http/api/indirected_routes_spec.rb +3 -98
- data/spec/unit/network/http/api/master/v3/environments_spec.rb +12 -23
- data/spec/unit/network/http/api/master/v3_spec.rb +28 -7
- data/spec/unit/network/http/api_spec.rb +10 -0
- data/spec/unit/network/http/connection_spec.rb +61 -73
- data/spec/unit/network/http/handler_spec.rb +0 -6
- data/spec/unit/network/http_pool_spec.rb +0 -4
- data/spec/unit/node/environment_spec.rb +51 -22
- data/spec/unit/node_spec.rb +2 -54
- data/spec/unit/parser/ast/block_expression_spec.rb +1 -1
- data/spec/unit/parser/functions/create_resources_spec.rb +2 -20
- data/spec/unit/parser/scope_spec.rb +1 -1
- data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +19 -8
- data/spec/unit/pops/loaders/loaders_spec.rb +77 -22
- data/spec/unit/pops/lookup/lookup_spec.rb +25 -0
- data/spec/unit/pops/parser/parse_application_spec.rb +4 -22
- data/spec/unit/pops/parser/parse_basic_expressions_spec.rb +0 -1
- data/spec/unit/pops/parser/parse_capabilities_spec.rb +8 -21
- data/spec/unit/pops/parser/parse_site_spec.rb +20 -24
- data/spec/unit/pops/resource/resource_type_impl_spec.rb +0 -71
- data/spec/unit/pops/serialization/to_from_hr_spec.rb +1 -1
- data/spec/unit/pops/types/type_calculator_spec.rb +7 -17
- data/spec/unit/pops/types/type_factory_spec.rb +1 -1
- data/spec/unit/pops/validator/validator_spec.rb +61 -46
- data/spec/unit/pops/visitor_spec.rb +1 -1
- data/spec/unit/provider/exec_spec.rb +4 -3
- data/spec/unit/provider/nameservice_spec.rb +0 -57
- data/spec/unit/provider/package/apt_spec.rb +77 -0
- data/spec/unit/provider/package/aptitude_spec.rb +1 -0
- data/spec/unit/provider/package/dpkg_spec.rb +22 -55
- data/spec/unit/provider/package/gem_spec.rb +32 -0
- data/spec/unit/provider/package/openbsd_spec.rb +2 -0
- data/spec/unit/provider/package/pip2_spec.rb +36 -0
- data/spec/unit/provider/package/puppet_gem_spec.rb +6 -2
- data/spec/unit/provider/package/puppetserver_gem_spec.rb +137 -0
- data/spec/unit/provider/package/yum_spec.rb +31 -0
- data/spec/unit/provider/package/zypper_spec.rb +14 -0
- data/spec/unit/provider/service/base_spec.rb +2 -4
- data/spec/unit/provider/service/bsd_spec.rb +5 -1
- data/spec/unit/provider/service/daemontools_spec.rb +1 -1
- data/spec/unit/provider/service/debian_spec.rb +3 -5
- data/spec/unit/provider/service/freebsd_spec.rb +1 -1
- data/spec/unit/provider/service/gentoo_spec.rb +4 -5
- data/spec/unit/provider/service/init_spec.rb +45 -5
- data/spec/unit/provider/service/launchd_spec.rb +5 -6
- data/spec/unit/provider/service/openrc_spec.rb +4 -5
- data/spec/unit/provider/service/openwrt_spec.rb +1 -1
- data/spec/unit/provider/service/redhat_spec.rb +1 -1
- data/spec/unit/provider/service/runit_spec.rb +2 -1
- data/spec/unit/provider/service/smf_spec.rb +402 -166
- data/spec/unit/provider/service/src_spec.rb +3 -5
- data/spec/unit/provider/service/systemd_spec.rb +3 -6
- data/spec/unit/provider/service/upstart_spec.rb +4 -5
- data/spec/unit/provider/service/windows_spec.rb +50 -15
- data/spec/unit/provider/user/openbsd_spec.rb +1 -0
- data/spec/unit/provider/user/useradd_spec.rb +22 -16
- data/spec/unit/provider/user/windows_adsi_spec.rb +82 -0
- data/spec/unit/provider_spec.rb +0 -12
- data/spec/unit/puppet_pal_2pec.rb +40 -0
- data/spec/unit/puppet_pal_catalog_spec.rb +45 -0
- data/spec/unit/reports/store_spec.rb +17 -13
- data/spec/unit/resource/type_collection_spec.rb +2 -22
- data/spec/unit/resource_spec.rb +3 -59
- data/spec/unit/settings/http_extra_headers_spec.rb +2 -4
- data/spec/unit/settings/integer_setting_spec.rb +42 -0
- data/spec/unit/settings/port_setting_spec.rb +31 -0
- data/spec/unit/settings/priority_setting_spec.rb +4 -4
- data/spec/unit/settings_spec.rb +586 -239
- data/spec/unit/ssl/base_spec.rb +36 -3
- data/spec/unit/ssl/certificate_request_spec.rb +15 -45
- data/spec/unit/ssl/certificate_spec.rb +2 -11
- data/spec/unit/ssl/ssl_provider_spec.rb +78 -49
- data/spec/unit/ssl/state_machine_spec.rb +0 -1
- data/spec/unit/ssl/verifier_spec.rb +0 -21
- data/spec/unit/test/test_helper_spec.rb +17 -0
- data/spec/unit/transaction/persistence_spec.rb +15 -0
- data/spec/unit/transaction/report_spec.rb +3 -3
- data/spec/unit/transaction/resource_harness_spec.rb +2 -2
- data/spec/unit/transaction_spec.rb +45 -79
- data/spec/unit/type/file/checksum_spec.rb +6 -6
- data/spec/unit/type/file/content_spec.rb +1 -1
- data/spec/unit/type/file/ensure_spec.rb +1 -1
- data/spec/unit/type/file/mode_spec.rb +1 -1
- data/spec/unit/type/file/source_spec.rb +4 -5
- data/spec/unit/type/file_spec.rb +134 -102
- data/spec/unit/type/filebucket_spec.rb +1 -1
- data/spec/unit/type/package_spec.rb +1 -1
- data/spec/unit/type/service_spec.rb +209 -0
- data/spec/unit/type/user_spec.rb +31 -2
- data/spec/unit/type_spec.rb +70 -0
- data/spec/unit/util/backups_spec.rb +0 -2
- data/spec/unit/util/character_encoding_spec.rb +4 -4
- data/spec/unit/util/checksums_spec.rb +16 -0
- data/spec/unit/util/command_line_spec.rb +11 -6
- data/spec/unit/util/execution_spec.rb +0 -29
- data/spec/unit/util/monkey_patches_spec.rb +0 -6
- data/spec/unit/util/rubygems_spec.rb +2 -2
- data/spec/unit/util/run_mode_spec.rb +27 -127
- data/spec/unit/util/windows/api_types_spec.rb +104 -40
- data/spec/unit/util/windows/service_spec.rb +4 -4
- data/spec/unit/util/windows/string_spec.rb +1 -3
- data/spec/unit/util/yaml_spec.rb +0 -54
- data/spec/unit/util_spec.rb +3 -21
- data/spec/unit/x509/cert_provider_spec.rb +1 -1
- metadata +76 -270
- data/conf/auth.conf +0 -150
- data/lib/puppet/application/cert.rb +0 -76
- data/lib/puppet/application/key.rb +0 -4
- data/lib/puppet/application/man.rb +0 -4
- data/lib/puppet/application/status.rb +0 -4
- data/lib/puppet/face/key.rb +0 -16
- data/lib/puppet/face/man.rb +0 -145
- data/lib/puppet/face/module/build.rb +0 -14
- data/lib/puppet/face/module/generate.rb +0 -14
- data/lib/puppet/face/module/search.rb +0 -103
- data/lib/puppet/face/status.rb +0 -51
- data/lib/puppet/indirector/certificate/file.rb +0 -9
- data/lib/puppet/indirector/certificate/rest.rb +0 -18
- data/lib/puppet/indirector/certificate_request/file.rb +0 -9
- data/lib/puppet/indirector/certificate_request/memory.rb +0 -7
- data/lib/puppet/indirector/certificate_request/rest.rb +0 -11
- data/lib/puppet/indirector/file_content/http.rb +0 -22
- data/lib/puppet/indirector/key/file.rb +0 -46
- data/lib/puppet/indirector/key/memory.rb +0 -7
- data/lib/puppet/indirector/ssl_file.rb +0 -162
- data/lib/puppet/indirector/status.rb +0 -3
- data/lib/puppet/indirector/status/local.rb +0 -12
- data/lib/puppet/indirector/status/rest.rb +0 -27
- data/lib/puppet/module_tool/applications/searcher.rb +0 -29
- data/lib/puppet/network/auth_config_parser.rb +0 -90
- data/lib/puppet/network/authstore.rb +0 -283
- data/lib/puppet/network/http/api/master/v3/authorization.rb +0 -18
- data/lib/puppet/network/http/api/master/v3/environment.rb +0 -85
- data/lib/puppet/network/http/base_pool.rb +0 -36
- data/lib/puppet/network/http/compression.rb +0 -127
- data/lib/puppet/network/http/connection_adapter.rb +0 -182
- data/lib/puppet/network/http/nocache_pool.rb +0 -28
- data/lib/puppet/network/rest_controller.rb +0 -2
- data/lib/puppet/network/rights.rb +0 -210
- data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +0 -64
- data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +0 -20
- data/lib/puppet/parser/environment_compiler.rb +0 -199
- data/lib/puppet/pops/types/enumeration.rb +0 -16
- data/lib/puppet/resource/capability_finder.rb +0 -154
- data/lib/puppet/rest/errors.rb +0 -15
- data/lib/puppet/rest/response.rb +0 -35
- data/lib/puppet/rest/route.rb +0 -85
- data/lib/puppet/rest/routes.rb +0 -135
- data/lib/puppet/ssl/host.rb +0 -505
- data/lib/puppet/ssl/key.rb +0 -61
- data/lib/puppet/ssl/validator.rb +0 -61
- data/lib/puppet/ssl/validator/default_validator.rb +0 -209
- data/lib/puppet/ssl/validator/no_validator.rb +0 -22
- data/lib/puppet/ssl/verifier_adapter.rb +0 -58
- data/lib/puppet/status.rb +0 -40
- data/lib/puppet/util/connection.rb +0 -88
- data/lib/puppet/util/ssl.rb +0 -83
- data/lib/puppet/util/windows/api_types.rb +0 -282
- data/lib/puppet/vendor/load_pathspec.rb +0 -1
- data/lib/puppet/vendor/pathspec/CHANGELOG.md +0 -2
- data/lib/puppet/vendor/pathspec/LICENSE +0 -201
- data/lib/puppet/vendor/pathspec/PUPPET_README.md +0 -6
- data/lib/puppet/vendor/pathspec/README.md +0 -53
- data/lib/puppet/vendor/pathspec/lib/pathspec.rb +0 -122
- data/lib/puppet/vendor/pathspec/lib/pathspec/gitignorespec.rb +0 -275
- data/lib/puppet/vendor/pathspec/lib/pathspec/regexspec.rb +0 -17
- data/lib/puppet/vendor/pathspec/lib/pathspec/spec.rb +0 -14
- data/man/man8/puppet-key.8 +0 -126
- data/man/man8/puppet-man.8 +0 -76
- data/man/man8/puppet-status.8 +0 -108
- data/spec/integration/faces/config_spec.rb +0 -91
- data/spec/integration/faces/documentation_spec.rb +0 -57
- data/spec/integration/file_bucket/file_spec.rb +0 -50
- data/spec/integration/file_serving/content_spec.rb +0 -7
- data/spec/integration/file_serving/fileset_spec.rb +0 -12
- data/spec/integration/file_serving/metadata_spec.rb +0 -8
- data/spec/integration/file_serving/terminus_helper_spec.rb +0 -20
- data/spec/integration/file_system/uniquefile_spec.rb +0 -26
- data/spec/integration/module_tool/forge_spec.rb +0 -51
- data/spec/integration/module_tool/tar/mini_spec.rb +0 -28
- data/spec/integration/network/authconfig_spec.rb +0 -256
- data/spec/integration/provider/service/init_spec.rb +0 -48
- data/spec/integration/provider/service/systemd_spec.rb +0 -25
- data/spec/integration/provider/service/windows_spec.rb +0 -50
- data/spec/integration/reference/providers_spec.rb +0 -21
- data/spec/integration/reports_spec.rb +0 -13
- data/spec/integration/ssl/certificate_request_spec.rb +0 -44
- data/spec/integration/ssl/host_spec.rb +0 -72
- data/spec/integration/ssl/key_spec.rb +0 -99
- data/spec/integration/test/test_helper_spec.rb +0 -31
- data/spec/shared_behaviours/file_serving_model.rb +0 -51
- data/spec/unit/capability_spec.rb +0 -414
- data/spec/unit/face/catalog_spec.rb +0 -6
- data/spec/unit/face/key_spec.rb +0 -9
- data/spec/unit/face/man_spec.rb +0 -25
- data/spec/unit/face/module/search_spec.rb +0 -231
- data/spec/unit/face/module_spec.rb +0 -3
- data/spec/unit/face/status_spec.rb +0 -9
- data/spec/unit/indirector/certificate/file_spec.rb +0 -14
- data/spec/unit/indirector/certificate/rest_spec.rb +0 -61
- data/spec/unit/indirector/certificate_request/file_spec.rb +0 -14
- data/spec/unit/indirector/certificate_request/rest_spec.rb +0 -25
- data/spec/unit/indirector/key/file_spec.rb +0 -79
- data/spec/unit/indirector/ssl_file_spec.rb +0 -305
- data/spec/unit/indirector/status/local_spec.rb +0 -10
- data/spec/unit/indirector/status/rest_spec.rb +0 -50
- data/spec/unit/man_spec.rb +0 -31
- data/spec/unit/module_tool/applications/searcher_spec.rb +0 -38
- data/spec/unit/network/auth_config_parser_spec.rb +0 -115
- data/spec/unit/network/authstore_spec.rb +0 -422
- data/spec/unit/network/http/api/master/v3/authorization_spec.rb +0 -57
- data/spec/unit/network/http/api/master/v3/environment_spec.rb +0 -185
- data/spec/unit/network/http/compression_spec.rb +0 -240
- data/spec/unit/network/http/nocache_pool_spec.rb +0 -64
- data/spec/unit/network/http_spec.rb +0 -9
- data/spec/unit/network/rights_spec.rb +0 -439
- data/spec/unit/parser/environment_compiler_spec.rb +0 -723
- data/spec/unit/pops/types/enumeration_spec.rb +0 -51
- data/spec/unit/resource/capability_finder_spec.rb +0 -143
- data/spec/unit/rest/route_spec.rb +0 -132
- data/spec/unit/ssl/host_spec.rb +0 -650
- data/spec/unit/ssl/key_spec.rb +0 -173
- data/spec/unit/ssl/validator_spec.rb +0 -278
- data/spec/unit/status_spec.rb +0 -45
- data/spec/unit/util/ssl_spec.rb +0 -91
@@ -1,283 +0,0 @@
|
|
1
|
-
# standard module for determining whether a given hostname or IP has access to
|
2
|
-
# the requested resource
|
3
|
-
|
4
|
-
require 'ipaddr'
|
5
|
-
require 'puppet/util/logging'
|
6
|
-
|
7
|
-
module Puppet
|
8
|
-
class AuthStoreError < Puppet::Error; end
|
9
|
-
class AuthorizationError < Puppet::Error; end
|
10
|
-
|
11
|
-
class Network::AuthStore
|
12
|
-
include Puppet::Util::Logging
|
13
|
-
|
14
|
-
# Is a given combination of name and ip address allowed? If either input
|
15
|
-
# is non-nil, then both inputs must be provided. If neither input
|
16
|
-
# is provided, then the authstore is considered local and defaults to "true".
|
17
|
-
def allowed?(name, ip)
|
18
|
-
if name or ip
|
19
|
-
# This is probably unnecessary, and can cause some weirdness in
|
20
|
-
# cases where we're operating over localhost but don't have a real
|
21
|
-
# IP defined.
|
22
|
-
raise Puppet::DevError, _("Name and IP must be passed to 'allowed?'") unless name and ip
|
23
|
-
# else, we're networked and such
|
24
|
-
else
|
25
|
-
# we're local
|
26
|
-
return true
|
27
|
-
end
|
28
|
-
|
29
|
-
# yay insecure overrides
|
30
|
-
return true if globalallow?
|
31
|
-
|
32
|
-
decl = declarations.find { |d| d.match?(name, ip) }
|
33
|
-
if decl
|
34
|
-
return decl.result
|
35
|
-
end
|
36
|
-
|
37
|
-
info _("defaulting to no access for %{name}") % { name: name }
|
38
|
-
false
|
39
|
-
end
|
40
|
-
|
41
|
-
# Mark a given pattern as allowed.
|
42
|
-
def allow(pattern)
|
43
|
-
# a simple way to allow anyone at all to connect
|
44
|
-
if pattern == "*"
|
45
|
-
@globalallow = true
|
46
|
-
else
|
47
|
-
store(:allow, pattern)
|
48
|
-
end
|
49
|
-
|
50
|
-
nil
|
51
|
-
end
|
52
|
-
|
53
|
-
def allow_ip(pattern)
|
54
|
-
store(:allow_ip, pattern)
|
55
|
-
end
|
56
|
-
|
57
|
-
# Deny a given pattern.
|
58
|
-
def deny(pattern)
|
59
|
-
store(:deny, pattern)
|
60
|
-
end
|
61
|
-
|
62
|
-
def deny_ip(pattern)
|
63
|
-
store(:deny_ip, pattern)
|
64
|
-
end
|
65
|
-
|
66
|
-
# Is global allow enabled?
|
67
|
-
def globalallow?
|
68
|
-
@globalallow
|
69
|
-
end
|
70
|
-
|
71
|
-
# does this auth store has any rules?
|
72
|
-
def empty?
|
73
|
-
@globalallow.nil? && @declarations.size == 0
|
74
|
-
end
|
75
|
-
|
76
|
-
def initialize
|
77
|
-
@globalallow = nil
|
78
|
-
@declarations = []
|
79
|
-
end
|
80
|
-
|
81
|
-
def to_s
|
82
|
-
"authstore"
|
83
|
-
end
|
84
|
-
|
85
|
-
def interpolate(match)
|
86
|
-
@modified_declarations = @declarations.collect { |ace| ace.interpolate(match) }.sort
|
87
|
-
end
|
88
|
-
|
89
|
-
def reset_interpolation
|
90
|
-
@modified_declarations = nil
|
91
|
-
end
|
92
|
-
|
93
|
-
private
|
94
|
-
|
95
|
-
# Returns our ACEs list, but if we have a modification of it, let's return
|
96
|
-
# it. This is used if we want to override the this purely immutable list
|
97
|
-
# by a modified version.
|
98
|
-
def declarations
|
99
|
-
@modified_declarations || @declarations
|
100
|
-
end
|
101
|
-
|
102
|
-
# Store the results of a pattern into our hash. Basically just
|
103
|
-
# converts the pattern and sticks it into the hash.
|
104
|
-
def store(type, pattern)
|
105
|
-
@declarations << Declaration.new(type, pattern)
|
106
|
-
@declarations.sort!
|
107
|
-
|
108
|
-
nil
|
109
|
-
end
|
110
|
-
|
111
|
-
# A single declaration. Stores the info for a given declaration,
|
112
|
-
# provides the methods for determining whether a declaration matches,
|
113
|
-
# and handles sorting the declarations appropriately.
|
114
|
-
class Declaration
|
115
|
-
include Puppet::Util
|
116
|
-
include Comparable
|
117
|
-
|
118
|
-
# The type of declaration: either :allow or :deny
|
119
|
-
attr_reader :type
|
120
|
-
VALID_TYPES = [ :allow, :deny, :allow_ip, :deny_ip ]
|
121
|
-
|
122
|
-
attr_accessor :name
|
123
|
-
|
124
|
-
# The pattern we're matching against. Can be an IPAddr instance,
|
125
|
-
# or an array of strings, resulting from reversing a hostname
|
126
|
-
# or domain name.
|
127
|
-
attr_reader :pattern
|
128
|
-
|
129
|
-
# The length. Only used for iprange and domain.
|
130
|
-
attr_accessor :length
|
131
|
-
|
132
|
-
# Sort the declarations most specific first.
|
133
|
-
def <=>(other)
|
134
|
-
compare(exact?, other.exact?) ||
|
135
|
-
compare(ip?, other.ip?) ||
|
136
|
-
((length != other.length) && (other.length <=> length)) ||
|
137
|
-
compare(deny?, other.deny?) ||
|
138
|
-
( ip? ? pattern.to_s <=> other.pattern.to_s : pattern <=> other.pattern)
|
139
|
-
end
|
140
|
-
|
141
|
-
def deny?
|
142
|
-
type == :deny
|
143
|
-
end
|
144
|
-
|
145
|
-
def exact?
|
146
|
-
@exact == :exact
|
147
|
-
end
|
148
|
-
|
149
|
-
def initialize(type, pattern)
|
150
|
-
self.type = type
|
151
|
-
self.pattern = pattern
|
152
|
-
end
|
153
|
-
|
154
|
-
# Are we an IP type?
|
155
|
-
def ip?
|
156
|
-
name == :ip
|
157
|
-
end
|
158
|
-
|
159
|
-
# Does this declaration match the name/ip combo?
|
160
|
-
def match?(name, ip)
|
161
|
-
if ip?
|
162
|
-
pattern.include?(IPAddr.new(ip))
|
163
|
-
else
|
164
|
-
matchname?(name)
|
165
|
-
end
|
166
|
-
end
|
167
|
-
|
168
|
-
# Set the pattern appropriately. Also sets the name and length.
|
169
|
-
def pattern=(pattern)
|
170
|
-
if [:allow_ip, :deny_ip].include?(self.type)
|
171
|
-
parse_ip(pattern)
|
172
|
-
else
|
173
|
-
parse(pattern)
|
174
|
-
end
|
175
|
-
@orig = pattern
|
176
|
-
end
|
177
|
-
|
178
|
-
# Mapping a type of statement into a return value.
|
179
|
-
def result
|
180
|
-
[:allow, :allow_ip].include?(type)
|
181
|
-
end
|
182
|
-
|
183
|
-
def to_s
|
184
|
-
"#{type}: #{pattern}"
|
185
|
-
end
|
186
|
-
|
187
|
-
# Set the declaration type. Either :allow or :deny.
|
188
|
-
def type=(type)
|
189
|
-
type = type.intern
|
190
|
-
raise ArgumentError, _("Invalid declaration type %{type}") % { type: type } unless VALID_TYPES.include?(type)
|
191
|
-
@type = type
|
192
|
-
end
|
193
|
-
|
194
|
-
# interpolate a pattern to replace any
|
195
|
-
# backreferences by the given match
|
196
|
-
# for instance if our pattern is $1.reductivelabs.com
|
197
|
-
# and we're called with a MatchData whose capture 1 is puppet
|
198
|
-
# we'll return a pattern of puppet.reductivelabs.com
|
199
|
-
def interpolate(match)
|
200
|
-
clone = dup
|
201
|
-
if @name == :dynamic
|
202
|
-
clone.pattern = clone.pattern.reverse.collect do |p|
|
203
|
-
p.gsub(/\$(\d)/) { |m| match[$1.to_i] }
|
204
|
-
end.join(".")
|
205
|
-
end
|
206
|
-
clone
|
207
|
-
end
|
208
|
-
|
209
|
-
private
|
210
|
-
|
211
|
-
# Returns nil if both values are true or both are false, returns
|
212
|
-
# -1 if the first is true, and 1 if the second is true. Used
|
213
|
-
# in the <=> operator.
|
214
|
-
def compare(me, them)
|
215
|
-
(me and them) ? nil : me ? -1 : them ? 1 : nil
|
216
|
-
end
|
217
|
-
|
218
|
-
# Does the name match our pattern?
|
219
|
-
def matchname?(name)
|
220
|
-
case @name
|
221
|
-
when :domain, :dynamic, :opaque
|
222
|
-
name = munge_name(name)
|
223
|
-
(pattern == name) or (not exact? and pattern.zip(name).all? { |p,n| p == n })
|
224
|
-
when :regex
|
225
|
-
Regexp.new(pattern.slice(1..-2)).match(name)
|
226
|
-
end
|
227
|
-
end
|
228
|
-
|
229
|
-
# Convert the name to a common pattern.
|
230
|
-
def munge_name(name)
|
231
|
-
# Change to name.downcase.split(".",-1).reverse for FQDN support
|
232
|
-
name.downcase.split(".").reverse
|
233
|
-
end
|
234
|
-
|
235
|
-
# Parse our input pattern and figure out what kind of allowable
|
236
|
-
# statement it is. The output of this is used for later matching.
|
237
|
-
Octet = '(\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])'
|
238
|
-
IPv4 = "#{Octet}\.#{Octet}\.#{Octet}\.#{Octet}"
|
239
|
-
IPv6_full = "_:_:_:_:_:_:_:_|_:_:_:_:_:_::_?|_:_:_:_:_::((_:)?_)?|_:_:_:_::((_:){0,2}_)?|_:_:_::((_:){0,3}_)?|_:_::((_:){0,4}_)?|_::((_:){0,5}_)?|::((_:){0,6}_)?"
|
240
|
-
IPv6_partial = "_:_:_:_:_:_:|_:_:_:_::(_:)?|_:_::(_:){0,2}|_::(_:){0,3}"
|
241
|
-
# It should be:
|
242
|
-
# IP = "#{IPv4}|#{IPv6_full}|(#{IPv6_partial}#{IPv4})".gsub(/_/,'([0-9a-fA-F]{1,4})').gsub(/\(/,'(?:')
|
243
|
-
# but ruby's ipaddr lib doesn't support the hybrid format
|
244
|
-
IP = "#{IPv4}|#{IPv6_full}".gsub(/_/,'([0-9a-fA-F]{1,4})').gsub(/\(/,'(?:')
|
245
|
-
|
246
|
-
def parse_ip(value)
|
247
|
-
@name = :ip
|
248
|
-
@exact, @length, @pattern = *case value
|
249
|
-
when /^(?:#{IP})\/(\d+)$/ # 12.34.56.78/24, a001:b002::efff/120, c444:1000:2000::9:192.168.0.1/112
|
250
|
-
[:inexact, $1.to_i, IPAddr.new(value)]
|
251
|
-
when /^(#{IP})$/ # 10.20.30.40,
|
252
|
-
[:exact, nil, IPAddr.new(value)]
|
253
|
-
when /^(#{Octet}\.){1,3}\*$/ # an ip address with a '*' at the end
|
254
|
-
segments = value.split(".")[0..-2]
|
255
|
-
bits = 8*segments.length
|
256
|
-
[:inexact, bits, IPAddr.new((segments+[0,0,0])[0,4].join(".") + "/#{bits}")]
|
257
|
-
else
|
258
|
-
raise AuthStoreError, _("Invalid IP pattern %{value}") % { value: value }
|
259
|
-
end
|
260
|
-
end
|
261
|
-
|
262
|
-
def parse(value)
|
263
|
-
@name,@exact,@length,@pattern = *case value
|
264
|
-
when /^(\w[-\w]*\.)+[-\w]+$/ # a full hostname
|
265
|
-
# Change to /^(\w[-\w]*\.)+[-\w]+\.?$/ for FQDN support
|
266
|
-
[:domain,:exact,nil,munge_name(value)]
|
267
|
-
when /^\*(\.(\w[-\w]*)){1,}$/ # *.domain.com
|
268
|
-
host_sans_star = munge_name(value)[0..-2]
|
269
|
-
[:domain,:inexact,host_sans_star.length,host_sans_star]
|
270
|
-
when /\$\d+/ # a backreference pattern ala $1.reductivelabs.com or 192.168.0.$1 or $1.$2
|
271
|
-
[:dynamic,:exact,nil,munge_name(value)]
|
272
|
-
when /^\w[-.@\w]*$/ # ? Just like a host name but allow '@'s and ending '.'s
|
273
|
-
[:opaque,:exact,nil,[value]]
|
274
|
-
when /^\/.*\/$/ # a regular expression
|
275
|
-
[:regex,:inexact,nil,value]
|
276
|
-
else
|
277
|
-
raise AuthStoreError, "Invalid pattern #{value}"
|
278
|
-
end
|
279
|
-
end
|
280
|
-
end
|
281
|
-
end
|
282
|
-
end
|
283
|
-
|
@@ -1,18 +0,0 @@
|
|
1
|
-
require 'puppet/network/authorization'
|
2
|
-
|
3
|
-
class Puppet::Network::HTTP::API::Master::V3::Authorization
|
4
|
-
include Puppet::Network::Authorization
|
5
|
-
|
6
|
-
def wrap(&block)
|
7
|
-
lambda do |request, response|
|
8
|
-
begin
|
9
|
-
authconfig.check_authorization(:find, request.path, request.params)
|
10
|
-
rescue Puppet::Network::AuthorizationError => e
|
11
|
-
raise Puppet::Network::HTTP::Error::HTTPNotAuthorizedError.new(e.message, Puppet::Network::HTTP::Issues::FAILED_AUTHORIZATION)
|
12
|
-
end
|
13
|
-
|
14
|
-
block.call.call(request, response)
|
15
|
-
end
|
16
|
-
end
|
17
|
-
|
18
|
-
end
|
@@ -1,85 +0,0 @@
|
|
1
|
-
require 'puppet/util/json'
|
2
|
-
require 'puppet/parser/environment_compiler'
|
3
|
-
|
4
|
-
class Puppet::Network::HTTP::API::Master::V3::Environment
|
5
|
-
def call(request, response)
|
6
|
-
env_name = request.routing_path.split('/').last
|
7
|
-
env = Puppet.lookup(:environments).get(env_name)
|
8
|
-
code_id = request.params[:code_id]
|
9
|
-
|
10
|
-
if env.nil?
|
11
|
-
raise Puppet::Network::HTTP::Error::HTTPNotFoundError.new(_("%{env_name} is not a known environment") % { env_name: env_name }, Puppet::Network::HTTP::Issues::RESOURCE_NOT_FOUND)
|
12
|
-
end
|
13
|
-
|
14
|
-
catalog = Puppet::Parser::EnvironmentCompiler.compile(env, code_id).to_resource
|
15
|
-
|
16
|
-
env_graph = build_environment_graph(catalog)
|
17
|
-
|
18
|
-
response.respond_with(200, "application/json", Puppet::Util::Json.dump(env_graph))
|
19
|
-
end
|
20
|
-
|
21
|
-
def build_environment_graph(catalog)
|
22
|
-
# This reads catalog and code_id off the catalog rather than using the one
|
23
|
-
# from the request. There shouldn't really be a case where the two differ,
|
24
|
-
# but if they do, the one from the catalog itself is authoritative.
|
25
|
-
env_graph = {:environment => catalog.environment, :applications => {}, :code_id => catalog.code_id}
|
26
|
-
applications = catalog.resources.select do |res|
|
27
|
-
type = res.resource_type
|
28
|
-
type.is_a?(Puppet::Resource::Type) && type.application?
|
29
|
-
end
|
30
|
-
applications.each do |app|
|
31
|
-
file, line = app.file, app.line
|
32
|
-
nodes = app['nodes']
|
33
|
-
|
34
|
-
required_components = catalog.direct_dependents_of(app).map {|comp| comp.ref}
|
35
|
-
mapped_components = nodes.values.flatten.map {|comp| comp.ref}
|
36
|
-
|
37
|
-
nonexistent_components = mapped_components - required_components
|
38
|
-
if nonexistent_components.any?
|
39
|
-
raise Puppet::ParseError.new(
|
40
|
-
_("Application %{application} assigns nodes to non-existent components: %{component_list}") %
|
41
|
-
{ application: app, component_list: nonexistent_components.join(', ') }, file, line)
|
42
|
-
end
|
43
|
-
|
44
|
-
missing_components = required_components - mapped_components
|
45
|
-
if missing_components.any?
|
46
|
-
raise Puppet::ParseError.new(_("Application %{application} has components without assigned nodes: %{component_list}") %
|
47
|
-
{ application: app, component_list: missing_components.join(', ') }, file, line)
|
48
|
-
end
|
49
|
-
|
50
|
-
# Turn the 'nodes' hash into a map component ref => node name
|
51
|
-
node_mapping = {}
|
52
|
-
nodes.each do |node, comps|
|
53
|
-
comps = [comps] unless comps.is_a?(Array)
|
54
|
-
comps.each do |comp|
|
55
|
-
raise Puppet::ParseError.new(_("Application %{app} assigns multiple nodes to component %{comp}") % { app: app, comp: comp }, file, line) if node_mapping.include?(comp.ref)
|
56
|
-
node_mapping[comp.ref] = node.title
|
57
|
-
end
|
58
|
-
end
|
59
|
-
|
60
|
-
app_components = {}
|
61
|
-
catalog.direct_dependents_of(app).each do |comp|
|
62
|
-
app_components[comp.ref] = {
|
63
|
-
:produces => comp.export.map(&:ref),
|
64
|
-
:consumes => prerequisites(comp).map(&:ref),
|
65
|
-
:node => node_mapping[comp.ref]
|
66
|
-
}
|
67
|
-
end
|
68
|
-
env_graph[:applications][app.ref] = app_components
|
69
|
-
end
|
70
|
-
|
71
|
-
env_graph
|
72
|
-
end
|
73
|
-
|
74
|
-
private
|
75
|
-
|
76
|
-
# Finds all the prerequisites of component +comp+. They are all the
|
77
|
-
# capability resources that +comp+ depends on; this includes resources
|
78
|
-
# that +comp+ consumes but also resources it merely requires
|
79
|
-
def prerequisites(comp)
|
80
|
-
params = Puppet::Type.relationship_params.select { |p| p.direction == :in }.map(&:name)
|
81
|
-
params.map { |rel| comp[rel] }.flatten.compact.select do |rel|
|
82
|
-
rel.resource_type && rel.resource_type.is_capability?
|
83
|
-
end
|
84
|
-
end
|
85
|
-
end
|
@@ -1,36 +0,0 @@
|
|
1
|
-
# Base pool for HTTP connections.
|
2
|
-
#
|
3
|
-
# @api private
|
4
|
-
class Puppet::Network::HTTP::BasePool
|
5
|
-
def start(site, verifier, http)
|
6
|
-
Puppet.debug("Starting connection for #{site}")
|
7
|
-
if site.use_ssl?
|
8
|
-
verifier.setup_connection(http)
|
9
|
-
begin
|
10
|
-
http.start
|
11
|
-
print_ssl_info(http) if Puppet::Util::Log.sendlevel?(:debug)
|
12
|
-
rescue OpenSSL::SSL::SSLError => error
|
13
|
-
verifier.handle_connection_error(http, error)
|
14
|
-
end
|
15
|
-
else
|
16
|
-
http.start
|
17
|
-
end
|
18
|
-
end
|
19
|
-
|
20
|
-
private
|
21
|
-
|
22
|
-
def print_ssl_info(http)
|
23
|
-
buffered_io = http.instance_variable_get(:@socket)
|
24
|
-
return unless buffered_io
|
25
|
-
|
26
|
-
socket = buffered_io.io
|
27
|
-
return unless socket
|
28
|
-
|
29
|
-
cipher = if Puppet::Util::Platform.jruby?
|
30
|
-
socket.cipher
|
31
|
-
else
|
32
|
-
socket.cipher.first
|
33
|
-
end
|
34
|
-
Puppet.debug("Using #{socket.ssl_version} with cipher #{cipher}")
|
35
|
-
end
|
36
|
-
end
|
@@ -1,127 +0,0 @@
|
|
1
|
-
require 'puppet/network/http'
|
2
|
-
|
3
|
-
module Puppet::Network::HTTP::Compression
|
4
|
-
# from https://github.com/ruby/ruby/blob/v2_1_3/lib/net/http/generic_request.rb#L40
|
5
|
-
ACCEPT_ENCODING = "gzip;q=1.0,deflate;q=0.6,identity;q=0.3"
|
6
|
-
|
7
|
-
# this module function allows to use the right underlying
|
8
|
-
# methods depending on zlib presence
|
9
|
-
def module
|
10
|
-
return(Puppet.features.zlib? ? Active : None)
|
11
|
-
end
|
12
|
-
module_function :module
|
13
|
-
|
14
|
-
module Active
|
15
|
-
require 'zlib'
|
16
|
-
require 'stringio'
|
17
|
-
|
18
|
-
# return an uncompressed body if the response has been
|
19
|
-
# compressed
|
20
|
-
def uncompress_body(response)
|
21
|
-
case response['content-encoding']
|
22
|
-
when 'gzip'
|
23
|
-
Puppet.deprecation_warning(_('Puppet::Network::HTTP::Compression::Active#uncompress_body is deprecated.'))
|
24
|
-
# ZLib::GzipReader has an associated encoding, by default Encoding.default_external
|
25
|
-
return Zlib::GzipReader.new(StringIO.new(response.body), :encoding => Encoding::BINARY).read
|
26
|
-
when 'deflate'
|
27
|
-
Puppet.deprecation_warning(_('Puppet::Network::HTTP::Compression::Active#uncompress_body is deprecated.'))
|
28
|
-
return Zlib::Inflate.new.inflate(response.body)
|
29
|
-
when nil, 'identity'
|
30
|
-
return response.body
|
31
|
-
else
|
32
|
-
raise Net::HTTPError.new(_("Unknown content encoding - %{encoding}") % { encoding: response['content-encoding'] }, response)
|
33
|
-
end
|
34
|
-
end
|
35
|
-
|
36
|
-
def uncompress(response)
|
37
|
-
Puppet.deprecation_warning(_('Puppet::Network::HTTP::Compression::Active#uncompress is deprecated.'))
|
38
|
-
raise Net::HTTPError.new("No block passed", response) unless block_given?
|
39
|
-
|
40
|
-
case response['content-encoding']
|
41
|
-
when 'gzip','deflate'
|
42
|
-
uncompressor = ZlibAdapter.new
|
43
|
-
when nil, 'identity'
|
44
|
-
uncompressor = IdentityAdapter.new
|
45
|
-
else
|
46
|
-
raise Net::HTTPError.new(_("Unknown content encoding - %{encoding}") % { encoding: response['content-encoding'] }, response)
|
47
|
-
end
|
48
|
-
|
49
|
-
begin
|
50
|
-
yield uncompressor
|
51
|
-
ensure
|
52
|
-
uncompressor.close
|
53
|
-
end
|
54
|
-
end
|
55
|
-
|
56
|
-
def add_accept_encoding(headers={})
|
57
|
-
headers['accept-encoding'] = Puppet::Network::HTTP::Compression::ACCEPT_ENCODING
|
58
|
-
headers
|
59
|
-
end
|
60
|
-
|
61
|
-
# This adapters knows how to uncompress both 'zlib' stream (the deflate algorithm from Content-Encoding)
|
62
|
-
# and GZip streams.
|
63
|
-
class ZlibAdapter
|
64
|
-
def initialize(uncompressor = Zlib::Inflate.new(15 + 32))
|
65
|
-
# Create an inflater that knows to parse GZip streams and zlib streams.
|
66
|
-
# This uses a property of the C Zlib library, documented as follow:
|
67
|
-
# windowBits can also be greater than 15 for optional gzip decoding. Add
|
68
|
-
# 32 to windowBits to enable zlib and gzip decoding with automatic header
|
69
|
-
# detection, or add 16 to decode only the gzip format (the zlib format will
|
70
|
-
# return a Z_DATA_ERROR). If a gzip stream is being decoded, strm->adler is
|
71
|
-
# a crc32 instead of an adler32.
|
72
|
-
@uncompressor = uncompressor
|
73
|
-
@first = true
|
74
|
-
end
|
75
|
-
|
76
|
-
def uncompress(chunk)
|
77
|
-
Puppet.deprecation_warning(_('Puppet::Network::HTTP::Compression::ZlibAdapter#uncompress is deprecated.'))
|
78
|
-
out = @uncompressor.inflate(chunk)
|
79
|
-
@first = false
|
80
|
-
return out
|
81
|
-
rescue Zlib::DataError
|
82
|
-
# it can happen that we receive a raw deflate stream
|
83
|
-
# which might make our inflate throw a data error.
|
84
|
-
# in this case, we try with a verbatim (no header)
|
85
|
-
# deflater.
|
86
|
-
@uncompressor = Zlib::Inflate.new
|
87
|
-
if @first then
|
88
|
-
@first = false
|
89
|
-
retry
|
90
|
-
end
|
91
|
-
raise
|
92
|
-
end
|
93
|
-
|
94
|
-
def close
|
95
|
-
@uncompressor.finish
|
96
|
-
ensure
|
97
|
-
@uncompressor.close
|
98
|
-
end
|
99
|
-
end
|
100
|
-
end
|
101
|
-
|
102
|
-
module None
|
103
|
-
def uncompress_body(response)
|
104
|
-
Puppet.deprecation_warning(_('Puppet::Network::HTTP::Compression::None#uncompress_body is deprecated.'))
|
105
|
-
response.body
|
106
|
-
end
|
107
|
-
|
108
|
-
def add_accept_encoding(headers)
|
109
|
-
headers
|
110
|
-
end
|
111
|
-
|
112
|
-
def uncompress(response)
|
113
|
-
Puppet.deprecation_warning(_('Puppet::Network::HTTP::Compression::None#uncompress is deprecated.'))
|
114
|
-
yield IdentityAdapter.new
|
115
|
-
end
|
116
|
-
end
|
117
|
-
|
118
|
-
class IdentityAdapter
|
119
|
-
def uncompress(chunk)
|
120
|
-
Puppet.deprecation_warning(_('Puppet::Network::HTTP::Compression::IdentityAdapter#uncompress is deprecated.'))
|
121
|
-
chunk
|
122
|
-
end
|
123
|
-
|
124
|
-
def close
|
125
|
-
end
|
126
|
-
end
|
127
|
-
end
|