puppet 6.16.0-x64-mingw32 → 7.0.0-x64-mingw32
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Gemfile +5 -3
- data/Gemfile.lock +31 -33
- data/README.md +4 -5
- data/Rakefile +4 -12
- data/conf/fileserver.conf +5 -10
- data/ext/build_defaults.yaml +1 -1
- data/ext/osx/file_mapping.yaml +0 -5
- data/ext/project_data.yaml +1 -14
- data/ext/redhat/puppet.spec.erb +0 -1
- data/ext/windows/service/daemon.rb +6 -5
- data/install.rb +21 -17
- data/lib/puppet.rb +11 -20
- data/lib/puppet/agent.rb +2 -2
- data/lib/puppet/agent/locker.rb +0 -7
- data/lib/puppet/application.rb +172 -98
- data/lib/puppet/application/agent.rb +22 -6
- data/lib/puppet/application/apply.rb +18 -20
- data/lib/puppet/application/device.rb +100 -104
- data/lib/puppet/application/doc.rb +1 -1
- data/lib/puppet/application/filebucket.rb +15 -11
- data/lib/puppet/application/lookup.rb +16 -4
- data/lib/puppet/application/ssl.rb +1 -1
- data/lib/puppet/configurer.rb +66 -31
- data/lib/puppet/configurer/downloader.rb +31 -10
- data/lib/puppet/configurer/plugin_handler.rb +21 -19
- data/lib/puppet/confine.rb +2 -2
- data/lib/puppet/confine/any.rb +1 -1
- data/lib/puppet/defaults.rb +166 -169
- data/lib/puppet/environments.rb +41 -15
- data/lib/puppet/face/catalog.rb +1 -1
- data/lib/puppet/face/config.rb +56 -16
- data/lib/puppet/face/epp.rb +12 -2
- data/lib/puppet/face/facts.rb +66 -6
- data/lib/puppet/face/help.rb +1 -1
- data/lib/puppet/face/node.rb +3 -3
- data/lib/puppet/face/node/clean.rb +2 -2
- data/lib/puppet/face/plugin.rb +5 -8
- data/lib/puppet/feature/base.rb +1 -1
- data/lib/puppet/ffi/windows.rb +12 -0
- data/lib/puppet/ffi/windows/api_types.rb +311 -0
- data/lib/puppet/ffi/windows/constants.rb +404 -0
- data/lib/puppet/ffi/windows/functions.rb +628 -0
- data/lib/puppet/ffi/windows/structs.rb +338 -0
- data/lib/puppet/file_bucket/dipper.rb +1 -1
- data/lib/puppet/file_serving/configuration.rb +0 -5
- data/lib/puppet/file_serving/configuration/parser.rb +3 -32
- data/lib/puppet/file_serving/http_metadata.rb +13 -1
- data/lib/puppet/file_serving/metadata.rb +4 -1
- data/lib/puppet/file_serving/mount.rb +1 -2
- data/lib/puppet/file_serving/mount/locales.rb +1 -2
- data/lib/puppet/file_serving/mount/pluginfacts.rb +1 -2
- data/lib/puppet/file_serving/mount/plugins.rb +1 -2
- data/lib/puppet/file_serving/terminus_selector.rb +7 -8
- data/lib/puppet/file_system/file_impl.rb +4 -4
- data/lib/puppet/file_system/uniquefile.rb +8 -16
- data/lib/puppet/forge.rb +1 -1
- data/lib/puppet/forge/cache.rb +1 -1
- data/lib/puppet/forge/repository.rb +3 -8
- data/lib/puppet/functions/epp.rb +1 -0
- data/lib/puppet/functions/inline_epp.rb +1 -0
- data/lib/puppet/functions/lstrip.rb +4 -4
- data/lib/puppet/functions/new.rb +8 -3
- data/lib/puppet/functions/reverse_each.rb +1 -1
- data/lib/puppet/functions/rstrip.rb +4 -4
- data/lib/puppet/functions/step.rb +1 -1
- data/lib/puppet/functions/strip.rb +4 -4
- data/lib/puppet/generate/models/type/type.rb +4 -1
- data/lib/puppet/gettext/config.rb +5 -5
- data/lib/puppet/gettext/module_translations.rb +4 -4
- data/lib/puppet/http.rb +23 -13
- data/lib/puppet/http/client.rb +170 -115
- data/lib/puppet/{network/resolver.rb → http/dns.rb} +2 -2
- data/lib/puppet/http/errors.rb +16 -0
- data/lib/puppet/http/external_client.rb +5 -7
- data/lib/puppet/{network/http → http}/factory.rb +8 -11
- data/lib/puppet/{network/http → http}/pool.rb +61 -26
- data/lib/puppet/{network/http/session.rb → http/pool_entry.rb} +2 -3
- data/lib/puppet/http/proxy.rb +137 -0
- data/lib/puppet/http/redirector.rb +13 -19
- data/lib/puppet/http/resolver.rb +10 -23
- data/lib/puppet/http/resolver/server_list.rb +23 -45
- data/lib/puppet/http/resolver/settings.rb +7 -10
- data/lib/puppet/http/resolver/srv.rb +11 -15
- data/lib/puppet/http/response.rb +49 -48
- data/lib/puppet/http/response_converter.rb +24 -0
- data/lib/puppet/http/response_net_http.rb +42 -0
- data/lib/puppet/http/retry_after_handler.rb +4 -13
- data/lib/puppet/http/service.rb +15 -27
- data/lib/puppet/http/service/ca.rb +11 -22
- data/lib/puppet/http/service/compiler.rb +23 -70
- data/lib/puppet/http/service/file_server.rb +19 -28
- data/lib/puppet/http/service/puppetserver.rb +53 -0
- data/lib/puppet/http/service/report.rb +8 -10
- data/lib/puppet/http/session.rb +16 -24
- data/lib/puppet/{network/http → http}/site.rb +1 -2
- data/lib/puppet/indirector.rb +1 -1
- data/lib/puppet/indirector/catalog/compiler.rb +1 -1
- data/lib/puppet/indirector/catalog/rest.rb +2 -4
- data/lib/puppet/indirector/exec.rb +1 -1
- data/lib/puppet/indirector/fact_search.rb +60 -0
- data/lib/puppet/indirector/facts/facter.rb +27 -6
- data/lib/puppet/indirector/facts/json.rb +27 -0
- data/lib/puppet/indirector/facts/rest.rb +3 -22
- data/lib/puppet/indirector/facts/yaml.rb +4 -59
- data/lib/puppet/indirector/file_bucket_file/rest.rb +3 -9
- data/lib/puppet/indirector/file_content/rest.rb +3 -7
- data/lib/puppet/indirector/file_metadata/http.rb +25 -5
- data/lib/puppet/indirector/file_metadata/rest.rb +5 -11
- data/lib/puppet/indirector/file_server.rb +1 -8
- data/lib/puppet/indirector/generic_http.rb +0 -11
- data/lib/puppet/indirector/hiera.rb +4 -0
- data/lib/puppet/indirector/indirection.rb +1 -1
- data/lib/puppet/indirector/json.rb +5 -1
- data/lib/puppet/indirector/msgpack.rb +1 -1
- data/lib/puppet/indirector/node/json.rb +8 -0
- data/lib/puppet/indirector/node/rest.rb +2 -4
- data/lib/puppet/indirector/report/json.rb +34 -0
- data/lib/puppet/indirector/report/processor.rb +2 -2
- data/lib/puppet/indirector/report/rest.rb +3 -8
- data/lib/puppet/indirector/request.rb +2 -103
- data/lib/puppet/indirector/rest.rb +12 -263
- data/lib/puppet/indirector/yaml.rb +1 -1
- data/lib/puppet/module.rb +1 -2
- data/lib/puppet/module_tool/applications.rb +0 -1
- data/lib/puppet/network/authconfig.rb +2 -96
- data/lib/puppet/network/authorization.rb +13 -35
- data/lib/puppet/network/format_support.rb +2 -2
- data/lib/puppet/network/formats.rb +2 -1
- data/lib/puppet/network/http.rb +3 -3
- data/lib/puppet/network/http/api/indirected_routes.rb +3 -21
- data/lib/puppet/network/http/api/master/v3.rb +11 -13
- data/lib/puppet/network/http/api/master/v3/environments.rb +0 -1
- data/lib/puppet/network/http/connection.rb +247 -316
- data/lib/puppet/network/http/handler.rb +0 -1
- data/lib/puppet/network/http/route.rb +2 -2
- data/lib/puppet/network/http_pool.rb +16 -34
- data/lib/puppet/node.rb +1 -30
- data/lib/puppet/node/environment.rb +12 -5
- data/lib/puppet/node/facts.rb +17 -0
- data/lib/puppet/pal/json_catalog_encoder.rb +4 -0
- data/lib/puppet/pal/pal_impl.rb +93 -14
- data/lib/puppet/parameter.rb +1 -1
- data/lib/puppet/parser/ast/leaf.rb +5 -5
- data/lib/puppet/parser/ast/pops_bridge.rb +0 -42
- data/lib/puppet/parser/compiler.rb +1 -199
- data/lib/puppet/parser/compiler/catalog_validator/relationship_validator.rb +14 -39
- data/lib/puppet/parser/functions.rb +21 -17
- data/lib/puppet/parser/functions/create_resources.rb +11 -7
- data/lib/puppet/parser/resource.rb +3 -71
- data/lib/puppet/parser/resource/param.rb +6 -0
- data/lib/puppet/parser/type_loader.rb +2 -2
- data/lib/puppet/pops/adaptable.rb +7 -13
- data/lib/puppet/pops/adapters.rb +8 -4
- data/lib/puppet/pops/evaluator/collectors/abstract_collector.rb +1 -3
- data/lib/puppet/pops/evaluator/evaluator_impl.rb +27 -13
- data/lib/puppet/pops/evaluator/runtime3_converter.rb +2 -2
- data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +3 -3
- data/lib/puppet/pops/evaluator/runtime3_support.rb +1 -1
- data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +6 -8
- data/lib/puppet/pops/loader/runtime3_type_loader.rb +4 -2
- data/lib/puppet/pops/loaders.rb +18 -11
- data/lib/puppet/pops/lookup/context.rb +1 -1
- data/lib/puppet/pops/lookup/hiera_config.rb +14 -1
- data/lib/puppet/pops/model/ast.pp +0 -42
- data/lib/puppet/pops/model/ast.rb +0 -290
- data/lib/puppet/pops/model/factory.rb +0 -45
- data/lib/puppet/pops/model/model_label_provider.rb +0 -5
- data/lib/puppet/pops/model/model_tree_dumper.rb +0 -22
- data/lib/puppet/pops/model/pn_transformer.rb +0 -16
- data/lib/puppet/pops/parser/egrammar.ra +0 -56
- data/lib/puppet/pops/parser/eparser.rb +1520 -1712
- data/lib/puppet/pops/parser/lexer2.rb +4 -4
- data/lib/puppet/pops/parser/parser_support.rb +0 -5
- data/lib/puppet/pops/resource/resource_type_impl.rb +2 -22
- data/lib/puppet/pops/types/iterable.rb +34 -8
- data/lib/puppet/pops/types/p_meta_type.rb +1 -1
- data/lib/puppet/pops/types/p_type_set_type.rb +4 -0
- data/lib/puppet/pops/types/type_calculator.rb +0 -7
- data/lib/puppet/pops/types/type_parser.rb +0 -4
- data/lib/puppet/pops/types/types.rb +0 -1
- data/lib/puppet/pops/validation/checker4_0.rb +28 -42
- data/lib/puppet/pops/validation/tasks_checker.rb +0 -12
- data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -1
- data/lib/puppet/provider.rb +0 -13
- data/lib/puppet/provider/file/windows.rb +1 -1
- data/lib/puppet/provider/nameservice.rb +0 -18
- data/lib/puppet/provider/package/apt.rb +34 -0
- data/lib/puppet/provider/package/aptitude.rb +1 -1
- data/lib/puppet/provider/package/dpkg.rb +1 -11
- data/lib/puppet/provider/package/gem.rb +27 -5
- data/lib/puppet/provider/package/pip.rb +0 -1
- data/lib/puppet/provider/package/pip2.rb +17 -0
- data/lib/puppet/provider/package/pkg.rb +0 -4
- data/lib/puppet/provider/package/portage.rb +1 -1
- data/lib/puppet/provider/package/puppet_gem.rb +6 -4
- data/lib/puppet/provider/package/puppetserver_gem.rb +180 -0
- data/lib/puppet/provider/package/yum.rb +2 -1
- data/lib/puppet/provider/package/zypper.rb +3 -0
- data/lib/puppet/provider/service/smf.rb +191 -73
- data/lib/puppet/provider/service/windows.rb +23 -7
- data/lib/puppet/provider/user/aix.rb +1 -1
- data/lib/puppet/provider/user/directoryservice.rb +0 -10
- data/lib/puppet/provider/user/user_role_add.rb +1 -1
- data/lib/puppet/provider/user/useradd.rb +11 -4
- data/lib/puppet/provider/user/windows_adsi.rb +18 -1
- data/lib/puppet/reference/configuration.rb +2 -0
- data/lib/puppet/reference/indirection.rb +1 -1
- data/lib/puppet/reports/http.rb +2 -0
- data/lib/puppet/resource.rb +3 -90
- data/lib/puppet/resource/catalog.rb +1 -14
- data/lib/puppet/resource/type.rb +5 -112
- data/lib/puppet/resource/type_collection.rb +3 -48
- data/lib/puppet/runtime.rb +1 -2
- data/lib/puppet/settings.rb +84 -35
- data/lib/puppet/settings/base_setting.rb +26 -2
- data/lib/puppet/settings/integer_setting.rb +17 -0
- data/lib/puppet/settings/port_setting.rb +15 -0
- data/lib/puppet/settings/priority_setting.rb +5 -4
- data/lib/puppet/ssl.rb +10 -6
- data/lib/puppet/ssl/base.rb +3 -5
- data/lib/puppet/ssl/certificate.rb +0 -6
- data/lib/puppet/ssl/certificate_request.rb +1 -12
- data/lib/puppet/ssl/certificate_signer.rb +6 -0
- data/lib/puppet/ssl/oids.rb +3 -1
- data/lib/puppet/ssl/ssl_context.rb +2 -2
- data/lib/puppet/ssl/ssl_provider.rb +37 -1
- data/lib/puppet/ssl/state_machine.rb +3 -1
- data/lib/puppet/ssl/verifier.rb +2 -0
- data/lib/puppet/test/test_helper.rb +19 -16
- data/lib/puppet/transaction.rb +3 -9
- data/lib/puppet/transaction/persistence.rb +1 -1
- data/lib/puppet/transaction/report.rb +10 -8
- data/lib/puppet/trusted_external.rb +29 -1
- data/lib/puppet/type.rb +9 -77
- data/lib/puppet/type/file.rb +45 -22
- data/lib/puppet/type/file/checksum.rb +5 -5
- data/lib/puppet/type/file/source.rb +33 -13
- data/lib/puppet/type/filebucket.rb +4 -4
- data/lib/puppet/type/notify.rb +2 -2
- data/lib/puppet/type/package.rb +5 -13
- data/lib/puppet/type/service.rb +53 -0
- data/lib/puppet/type/user.rb +18 -3
- data/lib/puppet/util.rb +41 -3
- data/lib/puppet/util/autoload.rb +9 -7
- data/lib/puppet/util/character_encoding.rb +9 -5
- data/lib/puppet/util/checksums.rb +19 -4
- data/lib/puppet/util/execution.rb +2 -13
- data/lib/puppet/util/fileparsing.rb +2 -2
- data/lib/puppet/util/http_proxy.rb +2 -215
- data/lib/puppet/util/monkey_patches.rb +0 -46
- data/lib/puppet/util/provider_features.rb +1 -1
- data/lib/puppet/util/rdoc.rb +0 -7
- data/lib/puppet/util/reference.rb +1 -1
- data/lib/puppet/util/retry_action.rb +1 -1
- data/lib/puppet/util/rubygems.rb +5 -1
- data/lib/puppet/util/run_mode.rb +14 -2
- data/lib/puppet/util/windows.rb +3 -7
- data/lib/puppet/util/windows/daemon.rb +360 -0
- data/lib/puppet/util/windows/error.rb +1 -0
- data/lib/puppet/util/windows/eventlog.rb +5 -15
- data/lib/puppet/util/windows/file.rb +8 -242
- data/lib/puppet/util/windows/monkey_patches/process.rb +414 -0
- data/lib/puppet/util/windows/principal.rb +8 -6
- data/lib/puppet/util/windows/process.rb +4 -226
- data/lib/puppet/util/windows/registry.rb +11 -11
- data/lib/puppet/util/windows/security.rb +4 -4
- data/lib/puppet/util/windows/service.rb +52 -486
- data/lib/puppet/util/windows/string.rb +12 -13
- data/lib/puppet/util/windows/user.rb +242 -8
- data/lib/puppet/util/yaml.rb +0 -22
- data/lib/puppet/vendor/require_vendored.rb +0 -1
- data/lib/puppet/version.rb +1 -1
- data/lib/puppet/x509.rb +5 -1
- data/lib/puppet/x509/cert_provider.rb +29 -1
- data/locales/puppet.pot +713 -1380
- data/man/man5/puppet.conf.5 +84 -98
- data/man/man8/puppet-agent.8 +7 -4
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +6 -6
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +55 -9
- data/man/man8/puppet-filebucket.8 +6 -6
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-lookup.8 +2 -2
- data/man/man8/puppet-module.8 +1 -58
- data/man/man8/puppet-node.8 +7 -4
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +4 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +1 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/integration/application/apply/environments/spec/modules/amod/lib/puppet/provider/applytest/applytest.rb +2 -0
- data/spec/fixtures/integration/application/apply/environments/spec/modules/amod/lib/puppet/type/applytest.rb +25 -0
- data/spec/fixtures/unit/forge/bacula-releases.json +128 -0
- data/spec/fixtures/unit/forge/bacula.tar.gz +0 -0
- data/spec/fixtures/unit/provider/package/puppetserver_gem/gem-list-local-packages +30 -0
- data/spec/fixtures/unit/provider/service/smf/{svcs.out → svcs_instances.out} +0 -0
- data/spec/integration/application/agent_spec.rb +157 -59
- data/spec/integration/application/apply_spec.rb +150 -150
- data/spec/integration/application/doc_spec.rb +16 -6
- data/spec/integration/application/filebucket_spec.rb +78 -29
- data/spec/integration/application/help_spec.rb +44 -0
- data/spec/integration/application/lookup_spec.rb +13 -0
- data/spec/integration/application/module_spec.rb +68 -0
- data/spec/integration/application/plugin_spec.rb +76 -4
- data/spec/integration/configurer_spec.rb +14 -0
- data/spec/integration/data_binding_spec.rb +82 -0
- data/spec/integration/defaults_spec.rb +33 -5
- data/spec/integration/directory_environments_spec.rb +17 -17
- data/spec/integration/environments/setting_hooks_spec.rb +1 -1
- data/spec/integration/indirector/facts/facter_spec.rb +8 -6
- data/spec/integration/network/http_pool_spec.rb +29 -30
- data/spec/integration/node/environment_spec.rb +1 -1
- data/spec/integration/parser/catalog_spec.rb +0 -38
- data/spec/integration/parser/compiler_spec.rb +11 -0
- data/spec/integration/parser/node_spec.rb +0 -9
- data/spec/integration/parser/pcore_resource_spec.rb +0 -37
- data/spec/integration/type/file_spec.rb +6 -5
- data/spec/integration/util/execution_spec.rb +22 -0
- data/spec/integration/util/windows/adsi_spec.rb +2 -2
- data/spec/integration/util/windows/monkey_patches/process_spec.rb +231 -0
- data/spec/integration/util/windows/process_spec.rb +26 -32
- data/spec/integration/util/windows/registry_spec.rb +7 -7
- data/spec/integration/util/windows/security_spec.rb +1 -1
- data/spec/integration/util/windows/user_spec.rb +47 -5
- data/spec/integration/util_spec.rb +7 -33
- data/spec/lib/puppet_spec/matchers.rb +0 -80
- data/spec/lib/puppet_spec/puppetserver.rb +9 -1
- data/spec/lib/puppet_spec/settings.rb +7 -1
- data/spec/shared_contexts/types_setup.rb +2 -0
- data/spec/spec_helper.rb +2 -0
- data/spec/unit/agent_spec.rb +0 -2
- data/spec/unit/application/agent_spec.rb +3 -4
- data/spec/unit/application/config_spec.rb +224 -4
- data/spec/unit/application/doc_spec.rb +2 -2
- data/spec/unit/application/face_base_spec.rb +6 -4
- data/spec/unit/application/facts_spec.rb +74 -8
- data/spec/unit/application/filebucket_spec.rb +41 -39
- data/spec/unit/application/resource_spec.rb +3 -1
- data/spec/unit/application/ssl_spec.rb +17 -4
- data/spec/unit/application_spec.rb +9 -4
- data/spec/unit/certificate_factory_spec.rb +1 -1
- data/spec/unit/configurer/downloader_spec.rb +14 -0
- data/spec/unit/configurer/fact_handler_spec.rb +4 -4
- data/spec/unit/configurer/plugin_handler_spec.rb +56 -18
- data/spec/unit/configurer_spec.rb +96 -44
- data/spec/unit/confine_spec.rb +2 -1
- data/spec/unit/context/trusted_information_spec.rb +12 -10
- data/spec/unit/defaults_spec.rb +77 -28
- data/spec/unit/environments_spec.rb +96 -32
- data/spec/unit/face/config_spec.rb +65 -12
- data/spec/unit/face/facts_spec.rb +4 -0
- data/spec/unit/face/node_spec.rb +2 -2
- data/spec/unit/face/plugin_spec.rb +73 -33
- data/spec/unit/file_bucket/file_spec.rb +1 -1
- data/spec/unit/file_serving/configuration/parser_spec.rb +14 -18
- data/spec/unit/file_serving/configuration_spec.rb +6 -12
- data/spec/unit/file_serving/http_metadata_spec.rb +37 -14
- data/spec/unit/file_serving/mount/locales_spec.rb +2 -2
- data/spec/unit/file_serving/mount/pluginfacts_spec.rb +2 -2
- data/spec/unit/file_serving/mount/plugins_spec.rb +2 -2
- data/spec/unit/file_serving/terminus_selector_spec.rb +45 -26
- data/spec/unit/file_system/uniquefile_spec.rb +18 -0
- data/spec/unit/file_system_spec.rb +1 -2
- data/spec/unit/functions/camelcase_spec.rb +1 -1
- data/spec/unit/functions/capitalize_spec.rb +1 -1
- data/spec/unit/functions/downcase_spec.rb +1 -1
- data/spec/unit/functions/inline_epp_spec.rb +26 -1
- data/spec/unit/functions/upcase_spec.rb +1 -1
- data/spec/unit/http/client_spec.rb +71 -17
- data/spec/unit/{network/resolver_spec.rb → http/dns_spec.rb} +3 -3
- data/spec/unit/http/external_client_spec.rb +4 -4
- data/spec/unit/{network/http → http}/factory_spec.rb +5 -11
- data/spec/unit/{network/http/session_spec.rb → http/pool_entry_spec.rb} +3 -3
- data/spec/unit/{network/http → http}/pool_spec.rb +12 -17
- data/spec/unit/{util/http_proxy_spec.rb → http/proxy_spec.rb} +2 -69
- data/spec/unit/http/resolver_spec.rb +34 -15
- data/spec/unit/http/response_spec.rb +6 -0
- data/spec/unit/http/service/ca_spec.rb +2 -3
- data/spec/unit/http/service/compiler_spec.rb +51 -65
- data/spec/unit/http/service/file_server_spec.rb +5 -6
- data/spec/unit/http/service/puppetserver_spec.rb +112 -0
- data/spec/unit/http/service/report_spec.rb +2 -3
- data/spec/unit/http/service_spec.rb +1 -3
- data/spec/unit/http/session_spec.rb +24 -35
- data/spec/unit/{network/http → http}/site_spec.rb +3 -3
- data/spec/unit/indirector/catalog/json_spec.rb +1 -1
- data/spec/unit/indirector/catalog/rest_spec.rb +1 -1
- data/spec/unit/indirector/facts/facter_spec.rb +97 -0
- data/spec/unit/indirector/facts/json_spec.rb +255 -0
- data/spec/unit/indirector/facts/rest_spec.rb +1 -1
- data/spec/unit/indirector/file_bucket_file/file_spec.rb +5 -3
- data/spec/unit/indirector/file_content/rest_spec.rb +0 -4
- data/spec/unit/indirector/file_metadata/http_spec.rb +27 -0
- data/spec/unit/indirector/file_metadata/rest_spec.rb +0 -4
- data/spec/unit/indirector/file_server_spec.rb +1 -15
- data/spec/unit/indirector/json_spec.rb +8 -8
- data/spec/unit/indirector/msgpack_spec.rb +8 -8
- data/spec/unit/indirector/node/json_spec.rb +33 -0
- data/spec/unit/indirector/node/rest_spec.rb +1 -1
- data/spec/{integration/indirector/report/yaml.rb → unit/indirector/report/json_spec.rb} +13 -24
- data/spec/unit/indirector/report/rest_spec.rb +2 -17
- data/spec/unit/indirector/report/yaml_spec.rb +72 -8
- data/spec/unit/indirector/request_spec.rb +3 -267
- data/spec/unit/indirector/rest_spec.rb +98 -752
- data/spec/unit/indirector/yaml_spec.rb +7 -7
- data/spec/unit/interface_spec.rb +3 -3
- data/spec/unit/module_tool/tar/mini_spec.rb +20 -0
- data/spec/unit/network/authconfig_spec.rb +2 -132
- data/spec/unit/network/authorization_spec.rb +2 -55
- data/spec/unit/network/format_support_spec.rb +3 -2
- data/spec/unit/network/formats_spec.rb +4 -4
- data/spec/unit/network/http/api/indirected_routes_spec.rb +3 -98
- data/spec/unit/network/http/api/master/v3/environments_spec.rb +12 -23
- data/spec/unit/network/http/api/master/v3_spec.rb +28 -7
- data/spec/unit/network/http/api_spec.rb +10 -0
- data/spec/unit/network/http/connection_spec.rb +61 -73
- data/spec/unit/network/http/handler_spec.rb +0 -6
- data/spec/unit/network/http_pool_spec.rb +0 -4
- data/spec/unit/node/environment_spec.rb +51 -22
- data/spec/unit/node_spec.rb +2 -54
- data/spec/unit/parser/ast/block_expression_spec.rb +1 -1
- data/spec/unit/parser/functions/create_resources_spec.rb +2 -20
- data/spec/unit/parser/scope_spec.rb +1 -1
- data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +19 -8
- data/spec/unit/pops/loaders/loaders_spec.rb +77 -22
- data/spec/unit/pops/lookup/lookup_spec.rb +25 -0
- data/spec/unit/pops/parser/parse_application_spec.rb +4 -22
- data/spec/unit/pops/parser/parse_basic_expressions_spec.rb +0 -1
- data/spec/unit/pops/parser/parse_capabilities_spec.rb +8 -21
- data/spec/unit/pops/parser/parse_site_spec.rb +20 -24
- data/spec/unit/pops/resource/resource_type_impl_spec.rb +0 -71
- data/spec/unit/pops/serialization/to_from_hr_spec.rb +1 -1
- data/spec/unit/pops/types/type_calculator_spec.rb +7 -17
- data/spec/unit/pops/types/type_factory_spec.rb +1 -1
- data/spec/unit/pops/validator/validator_spec.rb +61 -46
- data/spec/unit/pops/visitor_spec.rb +1 -1
- data/spec/unit/provider/exec_spec.rb +4 -3
- data/spec/unit/provider/nameservice_spec.rb +0 -57
- data/spec/unit/provider/package/apt_spec.rb +77 -0
- data/spec/unit/provider/package/aptitude_spec.rb +1 -0
- data/spec/unit/provider/package/dpkg_spec.rb +22 -55
- data/spec/unit/provider/package/gem_spec.rb +32 -0
- data/spec/unit/provider/package/openbsd_spec.rb +2 -0
- data/spec/unit/provider/package/pip2_spec.rb +36 -0
- data/spec/unit/provider/package/puppet_gem_spec.rb +6 -2
- data/spec/unit/provider/package/puppetserver_gem_spec.rb +137 -0
- data/spec/unit/provider/package/yum_spec.rb +31 -0
- data/spec/unit/provider/package/zypper_spec.rb +14 -0
- data/spec/unit/provider/service/base_spec.rb +2 -4
- data/spec/unit/provider/service/bsd_spec.rb +5 -1
- data/spec/unit/provider/service/daemontools_spec.rb +1 -1
- data/spec/unit/provider/service/debian_spec.rb +3 -5
- data/spec/unit/provider/service/freebsd_spec.rb +1 -1
- data/spec/unit/provider/service/gentoo_spec.rb +4 -5
- data/spec/unit/provider/service/init_spec.rb +45 -5
- data/spec/unit/provider/service/launchd_spec.rb +5 -6
- data/spec/unit/provider/service/openrc_spec.rb +4 -5
- data/spec/unit/provider/service/openwrt_spec.rb +1 -1
- data/spec/unit/provider/service/redhat_spec.rb +1 -1
- data/spec/unit/provider/service/runit_spec.rb +2 -1
- data/spec/unit/provider/service/smf_spec.rb +402 -166
- data/spec/unit/provider/service/src_spec.rb +3 -5
- data/spec/unit/provider/service/systemd_spec.rb +3 -6
- data/spec/unit/provider/service/upstart_spec.rb +4 -5
- data/spec/unit/provider/service/windows_spec.rb +50 -15
- data/spec/unit/provider/user/openbsd_spec.rb +1 -0
- data/spec/unit/provider/user/useradd_spec.rb +22 -16
- data/spec/unit/provider/user/windows_adsi_spec.rb +82 -0
- data/spec/unit/provider_spec.rb +0 -12
- data/spec/unit/puppet_pal_2pec.rb +40 -0
- data/spec/unit/puppet_pal_catalog_spec.rb +45 -0
- data/spec/unit/reports/store_spec.rb +17 -13
- data/spec/unit/resource/type_collection_spec.rb +2 -22
- data/spec/unit/resource_spec.rb +3 -59
- data/spec/unit/settings/http_extra_headers_spec.rb +2 -4
- data/spec/unit/settings/integer_setting_spec.rb +42 -0
- data/spec/unit/settings/port_setting_spec.rb +31 -0
- data/spec/unit/settings/priority_setting_spec.rb +4 -4
- data/spec/unit/settings_spec.rb +586 -239
- data/spec/unit/ssl/base_spec.rb +36 -3
- data/spec/unit/ssl/certificate_request_spec.rb +15 -45
- data/spec/unit/ssl/certificate_spec.rb +2 -11
- data/spec/unit/ssl/ssl_provider_spec.rb +78 -49
- data/spec/unit/ssl/state_machine_spec.rb +0 -1
- data/spec/unit/ssl/verifier_spec.rb +0 -21
- data/spec/unit/test/test_helper_spec.rb +17 -0
- data/spec/unit/transaction/persistence_spec.rb +15 -0
- data/spec/unit/transaction/report_spec.rb +3 -3
- data/spec/unit/transaction/resource_harness_spec.rb +2 -2
- data/spec/unit/transaction_spec.rb +45 -79
- data/spec/unit/type/file/checksum_spec.rb +6 -6
- data/spec/unit/type/file/content_spec.rb +1 -1
- data/spec/unit/type/file/ensure_spec.rb +1 -1
- data/spec/unit/type/file/mode_spec.rb +1 -1
- data/spec/unit/type/file/source_spec.rb +4 -5
- data/spec/unit/type/file_spec.rb +134 -102
- data/spec/unit/type/filebucket_spec.rb +1 -1
- data/spec/unit/type/package_spec.rb +1 -1
- data/spec/unit/type/service_spec.rb +209 -0
- data/spec/unit/type/user_spec.rb +31 -2
- data/spec/unit/type_spec.rb +70 -0
- data/spec/unit/util/backups_spec.rb +0 -2
- data/spec/unit/util/character_encoding_spec.rb +4 -4
- data/spec/unit/util/checksums_spec.rb +16 -0
- data/spec/unit/util/command_line_spec.rb +11 -6
- data/spec/unit/util/execution_spec.rb +0 -29
- data/spec/unit/util/monkey_patches_spec.rb +0 -6
- data/spec/unit/util/rubygems_spec.rb +2 -2
- data/spec/unit/util/run_mode_spec.rb +27 -127
- data/spec/unit/util/windows/api_types_spec.rb +104 -40
- data/spec/unit/util/windows/service_spec.rb +4 -4
- data/spec/unit/util/windows/string_spec.rb +1 -3
- data/spec/unit/util/yaml_spec.rb +0 -54
- data/spec/unit/util_spec.rb +3 -21
- data/spec/unit/x509/cert_provider_spec.rb +1 -1
- metadata +76 -270
- data/conf/auth.conf +0 -150
- data/lib/puppet/application/cert.rb +0 -76
- data/lib/puppet/application/key.rb +0 -4
- data/lib/puppet/application/man.rb +0 -4
- data/lib/puppet/application/status.rb +0 -4
- data/lib/puppet/face/key.rb +0 -16
- data/lib/puppet/face/man.rb +0 -145
- data/lib/puppet/face/module/build.rb +0 -14
- data/lib/puppet/face/module/generate.rb +0 -14
- data/lib/puppet/face/module/search.rb +0 -103
- data/lib/puppet/face/status.rb +0 -51
- data/lib/puppet/indirector/certificate/file.rb +0 -9
- data/lib/puppet/indirector/certificate/rest.rb +0 -18
- data/lib/puppet/indirector/certificate_request/file.rb +0 -9
- data/lib/puppet/indirector/certificate_request/memory.rb +0 -7
- data/lib/puppet/indirector/certificate_request/rest.rb +0 -11
- data/lib/puppet/indirector/file_content/http.rb +0 -22
- data/lib/puppet/indirector/key/file.rb +0 -46
- data/lib/puppet/indirector/key/memory.rb +0 -7
- data/lib/puppet/indirector/ssl_file.rb +0 -162
- data/lib/puppet/indirector/status.rb +0 -3
- data/lib/puppet/indirector/status/local.rb +0 -12
- data/lib/puppet/indirector/status/rest.rb +0 -27
- data/lib/puppet/module_tool/applications/searcher.rb +0 -29
- data/lib/puppet/network/auth_config_parser.rb +0 -90
- data/lib/puppet/network/authstore.rb +0 -283
- data/lib/puppet/network/http/api/master/v3/authorization.rb +0 -18
- data/lib/puppet/network/http/api/master/v3/environment.rb +0 -85
- data/lib/puppet/network/http/base_pool.rb +0 -36
- data/lib/puppet/network/http/compression.rb +0 -127
- data/lib/puppet/network/http/connection_adapter.rb +0 -182
- data/lib/puppet/network/http/nocache_pool.rb +0 -28
- data/lib/puppet/network/rest_controller.rb +0 -2
- data/lib/puppet/network/rights.rb +0 -210
- data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +0 -64
- data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +0 -20
- data/lib/puppet/parser/environment_compiler.rb +0 -199
- data/lib/puppet/pops/types/enumeration.rb +0 -16
- data/lib/puppet/resource/capability_finder.rb +0 -154
- data/lib/puppet/rest/errors.rb +0 -15
- data/lib/puppet/rest/response.rb +0 -35
- data/lib/puppet/rest/route.rb +0 -85
- data/lib/puppet/rest/routes.rb +0 -135
- data/lib/puppet/ssl/host.rb +0 -505
- data/lib/puppet/ssl/key.rb +0 -61
- data/lib/puppet/ssl/validator.rb +0 -61
- data/lib/puppet/ssl/validator/default_validator.rb +0 -209
- data/lib/puppet/ssl/validator/no_validator.rb +0 -22
- data/lib/puppet/ssl/verifier_adapter.rb +0 -58
- data/lib/puppet/status.rb +0 -40
- data/lib/puppet/util/connection.rb +0 -88
- data/lib/puppet/util/ssl.rb +0 -83
- data/lib/puppet/util/windows/api_types.rb +0 -282
- data/lib/puppet/vendor/load_pathspec.rb +0 -1
- data/lib/puppet/vendor/pathspec/CHANGELOG.md +0 -2
- data/lib/puppet/vendor/pathspec/LICENSE +0 -201
- data/lib/puppet/vendor/pathspec/PUPPET_README.md +0 -6
- data/lib/puppet/vendor/pathspec/README.md +0 -53
- data/lib/puppet/vendor/pathspec/lib/pathspec.rb +0 -122
- data/lib/puppet/vendor/pathspec/lib/pathspec/gitignorespec.rb +0 -275
- data/lib/puppet/vendor/pathspec/lib/pathspec/regexspec.rb +0 -17
- data/lib/puppet/vendor/pathspec/lib/pathspec/spec.rb +0 -14
- data/man/man8/puppet-key.8 +0 -126
- data/man/man8/puppet-man.8 +0 -76
- data/man/man8/puppet-status.8 +0 -108
- data/spec/integration/faces/config_spec.rb +0 -91
- data/spec/integration/faces/documentation_spec.rb +0 -57
- data/spec/integration/file_bucket/file_spec.rb +0 -50
- data/spec/integration/file_serving/content_spec.rb +0 -7
- data/spec/integration/file_serving/fileset_spec.rb +0 -12
- data/spec/integration/file_serving/metadata_spec.rb +0 -8
- data/spec/integration/file_serving/terminus_helper_spec.rb +0 -20
- data/spec/integration/file_system/uniquefile_spec.rb +0 -26
- data/spec/integration/module_tool/forge_spec.rb +0 -51
- data/spec/integration/module_tool/tar/mini_spec.rb +0 -28
- data/spec/integration/network/authconfig_spec.rb +0 -256
- data/spec/integration/provider/service/init_spec.rb +0 -48
- data/spec/integration/provider/service/systemd_spec.rb +0 -25
- data/spec/integration/provider/service/windows_spec.rb +0 -50
- data/spec/integration/reference/providers_spec.rb +0 -21
- data/spec/integration/reports_spec.rb +0 -13
- data/spec/integration/ssl/certificate_request_spec.rb +0 -44
- data/spec/integration/ssl/host_spec.rb +0 -72
- data/spec/integration/ssl/key_spec.rb +0 -99
- data/spec/integration/test/test_helper_spec.rb +0 -31
- data/spec/shared_behaviours/file_serving_model.rb +0 -51
- data/spec/unit/capability_spec.rb +0 -414
- data/spec/unit/face/catalog_spec.rb +0 -6
- data/spec/unit/face/key_spec.rb +0 -9
- data/spec/unit/face/man_spec.rb +0 -25
- data/spec/unit/face/module/search_spec.rb +0 -231
- data/spec/unit/face/module_spec.rb +0 -3
- data/spec/unit/face/status_spec.rb +0 -9
- data/spec/unit/indirector/certificate/file_spec.rb +0 -14
- data/spec/unit/indirector/certificate/rest_spec.rb +0 -61
- data/spec/unit/indirector/certificate_request/file_spec.rb +0 -14
- data/spec/unit/indirector/certificate_request/rest_spec.rb +0 -25
- data/spec/unit/indirector/key/file_spec.rb +0 -79
- data/spec/unit/indirector/ssl_file_spec.rb +0 -305
- data/spec/unit/indirector/status/local_spec.rb +0 -10
- data/spec/unit/indirector/status/rest_spec.rb +0 -50
- data/spec/unit/man_spec.rb +0 -31
- data/spec/unit/module_tool/applications/searcher_spec.rb +0 -38
- data/spec/unit/network/auth_config_parser_spec.rb +0 -115
- data/spec/unit/network/authstore_spec.rb +0 -422
- data/spec/unit/network/http/api/master/v3/authorization_spec.rb +0 -57
- data/spec/unit/network/http/api/master/v3/environment_spec.rb +0 -185
- data/spec/unit/network/http/compression_spec.rb +0 -240
- data/spec/unit/network/http/nocache_pool_spec.rb +0 -64
- data/spec/unit/network/http_spec.rb +0 -9
- data/spec/unit/network/rights_spec.rb +0 -439
- data/spec/unit/parser/environment_compiler_spec.rb +0 -723
- data/spec/unit/pops/types/enumeration_spec.rb +0 -51
- data/spec/unit/resource/capability_finder_spec.rb +0 -143
- data/spec/unit/rest/route_spec.rb +0 -132
- data/spec/unit/ssl/host_spec.rb +0 -650
- data/spec/unit/ssl/key_spec.rb +0 -173
- data/spec/unit/ssl/validator_spec.rb +0 -278
- data/spec/unit/status_spec.rb +0 -45
- data/spec/unit/util/ssl_spec.rb +0 -91
data/lib/puppet/ssl/key.rb
DELETED
@@ -1,61 +0,0 @@
|
|
1
|
-
require 'puppet/ssl/base'
|
2
|
-
require 'puppet/indirector'
|
3
|
-
|
4
|
-
# Manage private and public keys as a pair.
|
5
|
-
#
|
6
|
-
# @deprecated Use {Puppet::SSL::SSLProvider} instead.
|
7
|
-
class Puppet::SSL::Key < Puppet::SSL::Base
|
8
|
-
wraps OpenSSL::PKey::RSA
|
9
|
-
|
10
|
-
extend Puppet::Indirector
|
11
|
-
indirects :key, :terminus_class => :file, :doc => <<DOC
|
12
|
-
This indirection wraps an `OpenSSL::PKey::RSA object, representing a private key.
|
13
|
-
The indirection key is the certificate CN (generally a hostname).
|
14
|
-
DOC
|
15
|
-
|
16
|
-
# Because of how the format handler class is included, this
|
17
|
-
# can't be in the base class.
|
18
|
-
def self.supported_formats
|
19
|
-
[:s]
|
20
|
-
end
|
21
|
-
|
22
|
-
attr_accessor :password_file
|
23
|
-
|
24
|
-
# Knows how to create keys with our system defaults.
|
25
|
-
def generate
|
26
|
-
Puppet.info _("Creating a new SSL key for %{name}") % { name: name }
|
27
|
-
@content = OpenSSL::PKey::RSA.new(Puppet[:keylength].to_i)
|
28
|
-
end
|
29
|
-
|
30
|
-
def initialize(name)
|
31
|
-
super
|
32
|
-
|
33
|
-
@password_file = Puppet[:passfile]
|
34
|
-
end
|
35
|
-
|
36
|
-
def password
|
37
|
-
return nil unless password_file and Puppet::FileSystem.exist?(password_file)
|
38
|
-
|
39
|
-
# Puppet generates files at the default Puppet[:capass] using ASCII
|
40
|
-
# User configured :passfile could be in any encoding
|
41
|
-
# Use BINARY given the string is passed to an OpenSSL API accepting bytes
|
42
|
-
# note this is only called internally
|
43
|
-
Puppet::FileSystem.read(password_file, :encoding => Encoding::BINARY)
|
44
|
-
end
|
45
|
-
|
46
|
-
# Optionally support specifying a password file.
|
47
|
-
def read(path)
|
48
|
-
return super unless password_file
|
49
|
-
|
50
|
-
# RFC 1421 states PEM is 7-bit ASCII https://tools.ietf.org/html/rfc1421
|
51
|
-
@content = wrapped_class.new(Puppet::FileSystem.read(path, :encoding => Encoding::ASCII), password)
|
52
|
-
end
|
53
|
-
|
54
|
-
def to_s
|
55
|
-
if password
|
56
|
-
@content.export(OpenSSL::Cipher::DES.new(:EDE3, :CBC), password)
|
57
|
-
else
|
58
|
-
return super
|
59
|
-
end
|
60
|
-
end
|
61
|
-
end
|
data/lib/puppet/ssl/validator.rb
DELETED
@@ -1,61 +0,0 @@
|
|
1
|
-
require 'puppet/ssl/openssl_loader'
|
2
|
-
|
3
|
-
# API for certificate verification
|
4
|
-
#
|
5
|
-
# @deprecated
|
6
|
-
# @api public
|
7
|
-
class Puppet::SSL::Validator
|
8
|
-
|
9
|
-
# Factory method for creating an instance of a null/no validator.
|
10
|
-
# This method does not have to be implemented by concrete implementations of this API.
|
11
|
-
#
|
12
|
-
# @return [Puppet::SSL::Validator] produces a validator that performs no validation
|
13
|
-
#
|
14
|
-
# @api public
|
15
|
-
#
|
16
|
-
def self.no_validator()
|
17
|
-
@@no_validator_cache ||= Puppet::SSL::Validator::NoValidator.new()
|
18
|
-
end
|
19
|
-
|
20
|
-
# Factory method for creating an instance of the default Puppet validator.
|
21
|
-
# This method does not have to be implemented by concrete implementations of this API.
|
22
|
-
#
|
23
|
-
# @return [Puppet::SSL::Validator] produces a validator that performs no validation
|
24
|
-
#
|
25
|
-
# @api public
|
26
|
-
#
|
27
|
-
def self.default_validator()
|
28
|
-
Puppet::SSL::Validator::DefaultValidator.new()
|
29
|
-
end
|
30
|
-
|
31
|
-
# Array of peer certificates
|
32
|
-
# @return [Array<Puppet::SSL::Certificate>] peer certificates
|
33
|
-
#
|
34
|
-
# @api public
|
35
|
-
#
|
36
|
-
def peer_certs
|
37
|
-
raise NotImplementedError, "Concrete class should have implemented this method"
|
38
|
-
end
|
39
|
-
|
40
|
-
# Contains the result of validation
|
41
|
-
# @return [Array<String>, nil] nil, empty Array, or Array with messages
|
42
|
-
#
|
43
|
-
# @api public
|
44
|
-
#
|
45
|
-
def verify_errors
|
46
|
-
raise NotImplementedError, "Concrete class should have implemented this method"
|
47
|
-
end
|
48
|
-
|
49
|
-
# Registers the connection to validate.
|
50
|
-
#
|
51
|
-
# @param [Net::HTTP] connection The connection to validate
|
52
|
-
#
|
53
|
-
# @return [void]
|
54
|
-
#
|
55
|
-
# @api public
|
56
|
-
#
|
57
|
-
def setup_connection(connection)
|
58
|
-
raise NotImplementedError, "Concrete class should have implemented this method"
|
59
|
-
end
|
60
|
-
end
|
61
|
-
|
@@ -1,209 +0,0 @@
|
|
1
|
-
require 'puppet/ssl/openssl_loader'
|
2
|
-
require 'puppet/ssl'
|
3
|
-
|
4
|
-
# Perform peer certificate verification against the known CA.
|
5
|
-
# If there is no CA information known, then no verification is performed
|
6
|
-
#
|
7
|
-
# @deprecated
|
8
|
-
# @api private
|
9
|
-
#
|
10
|
-
class Puppet::SSL::Validator::DefaultValidator #< class Puppet::SSL::Validator
|
11
|
-
attr_reader :peer_certs
|
12
|
-
attr_reader :verify_errors
|
13
|
-
attr_reader :last_error
|
14
|
-
|
15
|
-
FIVE_MINUTES_AS_SECONDS = 5 * 60
|
16
|
-
|
17
|
-
# Creates a new DefaultValidator, optionally with an SSL Configuration and SSL Host.
|
18
|
-
#
|
19
|
-
# @param ca_path [String] Filepath for the cacert
|
20
|
-
#
|
21
|
-
# @api private
|
22
|
-
#
|
23
|
-
def initialize(
|
24
|
-
ca_path = Puppet[:ssl_client_ca_auth] || Puppet[:localcacert])
|
25
|
-
|
26
|
-
reset!
|
27
|
-
@ca_path = ca_path
|
28
|
-
end
|
29
|
-
|
30
|
-
|
31
|
-
# Resets this validator to its initial validation state. The ssl configuration is not changed.
|
32
|
-
#
|
33
|
-
# @api private
|
34
|
-
#
|
35
|
-
def reset!
|
36
|
-
@peer_certs = []
|
37
|
-
@verify_errors = []
|
38
|
-
@hostname = nil
|
39
|
-
@last_error = nil
|
40
|
-
end
|
41
|
-
|
42
|
-
# Performs verification of the SSL connection and collection of the
|
43
|
-
# certificates for use in constructing the error message if the verification
|
44
|
-
# failed. This callback will be executed once for each certificate in a
|
45
|
-
# chain being verified.
|
46
|
-
#
|
47
|
-
# From the [OpenSSL
|
48
|
-
# documentation](https://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html):
|
49
|
-
# The `verify_callback` function is used to control the behaviour when the
|
50
|
-
# SSL_VERIFY_PEER flag is set. It must be supplied by the application and
|
51
|
-
# receives two arguments: preverify_ok indicates, whether the verification of
|
52
|
-
# the certificate in question was passed (preverify_ok=1) or not
|
53
|
-
# (preverify_ok=0). x509_store_ctx is a pointer to the complete context used for
|
54
|
-
# the certificate chain verification.
|
55
|
-
#
|
56
|
-
# See {Puppet::Network::HTTP::Connection} for more information and where this
|
57
|
-
# class is intended to be used.
|
58
|
-
#
|
59
|
-
# @param [Boolean] preverify_ok indicates whether the verification of the
|
60
|
-
# certificate in question was passed (preverify_ok=true)
|
61
|
-
# @param [OpenSSL::X509::StoreContext] store_context holds the X509 store context
|
62
|
-
# for the chain being verified.
|
63
|
-
#
|
64
|
-
# @return [Boolean] false if the peer is invalid, true otherwise.
|
65
|
-
#
|
66
|
-
# @api private
|
67
|
-
#
|
68
|
-
def call(preverify_ok, store_context)
|
69
|
-
current_cert = store_context.current_cert
|
70
|
-
@peer_certs << current_cert
|
71
|
-
|
72
|
-
# We must make a copy since the scope of the store_context will be lost
|
73
|
-
# across invocations of this method.
|
74
|
-
if preverify_ok
|
75
|
-
# If we've copied all of the certs in the chain out of the SSL library
|
76
|
-
if @peer_certs.length == store_context.chain.length
|
77
|
-
# (#20027) The peer cert must be issued by a specific authority
|
78
|
-
preverify_ok = valid_peer?
|
79
|
-
end
|
80
|
-
else
|
81
|
-
error = store_context.error || 0
|
82
|
-
error_string = store_context.error_string || "OpenSSL error #{error}"
|
83
|
-
|
84
|
-
case error
|
85
|
-
when OpenSSL::X509::V_OK
|
86
|
-
if @hostname
|
87
|
-
# chain is from leaf to root, opposite of the order that `call` is invoked
|
88
|
-
chain_cert = store_context.chain.first
|
89
|
-
|
90
|
-
# ruby 2.4 doesn't compare certs based on value, so force to DER byte array
|
91
|
-
if current_cert && chain_cert && current_cert.to_der == chain_cert.to_der && !OpenSSL::SSL.verify_certificate_identity(current_cert, @hostname)
|
92
|
-
@last_error = Puppet::SSL::CertMismatchError.new(current_cert, @hostname)
|
93
|
-
return false
|
94
|
-
else
|
95
|
-
@verify_errors << "#{error_string} for #{current_cert.subject.to_utf8}"
|
96
|
-
end
|
97
|
-
else
|
98
|
-
@verify_errors << "#{error_string} for #{current_cert.subject.to_utf8}"
|
99
|
-
end
|
100
|
-
|
101
|
-
when OpenSSL::X509::V_ERR_CRL_NOT_YET_VALID
|
102
|
-
# current_crl can be nil
|
103
|
-
# https://github.com/ruby/ruby/blob/ruby_1_9_3/ext/openssl/ossl_x509store.c#L501-L510
|
104
|
-
crl = store_context.current_crl
|
105
|
-
if crl
|
106
|
-
if crl.last_update && crl.last_update < Time.now + FIVE_MINUTES_AS_SECONDS
|
107
|
-
Puppet.debug("Ignoring CRL not yet valid, current time #{Time.now.utc}, CRL last updated #{crl.last_update.utc}")
|
108
|
-
preverify_ok = true
|
109
|
-
else
|
110
|
-
@verify_errors << "#{error_string} for #{crl.issuer.to_utf8}"
|
111
|
-
end
|
112
|
-
else
|
113
|
-
@verify_errors << error_string
|
114
|
-
end
|
115
|
-
else
|
116
|
-
@verify_errors << "#{error_string} for #{current_cert.subject.to_utf8}"
|
117
|
-
end
|
118
|
-
end
|
119
|
-
preverify_ok
|
120
|
-
rescue => ex
|
121
|
-
@verify_errors << ex.message
|
122
|
-
false
|
123
|
-
end
|
124
|
-
|
125
|
-
# Registers the instance's call method with the connection.
|
126
|
-
#
|
127
|
-
# @param [Net::HTTP] connection The connection to validate
|
128
|
-
#
|
129
|
-
# @param [Puppet::SSL::Host] host The host object containing SSL data
|
130
|
-
# @return [void]
|
131
|
-
#
|
132
|
-
# @api private
|
133
|
-
#
|
134
|
-
def setup_connection(connection, ssl_host = Puppet.lookup(:ssl_host))
|
135
|
-
@hostname = connection.address
|
136
|
-
|
137
|
-
if ssl_certificates_are_present?
|
138
|
-
connection.cert_store = ssl_host.ssl_store
|
139
|
-
connection.ca_file = @ca_path
|
140
|
-
connection.cert = ssl_host.certificate.content
|
141
|
-
connection.key = ssl_host.key.content
|
142
|
-
connection.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
143
|
-
connection.verify_callback = self
|
144
|
-
else
|
145
|
-
connection.verify_mode = OpenSSL::SSL::VERIFY_NONE
|
146
|
-
end
|
147
|
-
end
|
148
|
-
|
149
|
-
##
|
150
|
-
# Decode a string of concatenated certificates
|
151
|
-
#
|
152
|
-
# @return [Array<OpenSSL::X509::Certificate>]
|
153
|
-
def decode_cert_bundle(bundle_str)
|
154
|
-
re = /-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----/m
|
155
|
-
pem_ary = bundle_str.scan(re)
|
156
|
-
pem_ary.map do |pem_str|
|
157
|
-
OpenSSL::X509::Certificate.new(pem_str)
|
158
|
-
end
|
159
|
-
end
|
160
|
-
|
161
|
-
# read_file makes testing easier.
|
162
|
-
def read_file(path)
|
163
|
-
# https://www.ietf.org/rfc/rfc2459.txt defines the x509 V3 certificate format
|
164
|
-
# CA bundles are concatenated X509 certificates, but may also include
|
165
|
-
# comments, which could have UTF-8 characters
|
166
|
-
Puppet::FileSystem.read(path, :encoding => Encoding::UTF_8)
|
167
|
-
end
|
168
|
-
|
169
|
-
# Validates the peer certificates against the authorized certificates.
|
170
|
-
#
|
171
|
-
# @api private
|
172
|
-
#
|
173
|
-
def valid_peer?
|
174
|
-
descending_cert_chain = @peer_certs.reverse
|
175
|
-
authz_ca_certs = decode_cert_bundle(read_file(@ca_path))
|
176
|
-
|
177
|
-
if not has_authz_peer_cert(descending_cert_chain, authz_ca_certs)
|
178
|
-
msg = "The server presented a SSL certificate chain which does not include a " <<
|
179
|
-
"CA listed in the ssl_client_ca_auth file. "
|
180
|
-
msg << "Authorized Issuers: #{authz_ca_certs.collect {|c| c.subject.to_utf8}.join(', ')} " <<
|
181
|
-
"Peer Chain: #{descending_cert_chain.collect {|c| c.subject.to_utf8}.join(' => ')}"
|
182
|
-
@verify_errors << msg
|
183
|
-
false
|
184
|
-
else
|
185
|
-
true
|
186
|
-
end
|
187
|
-
end
|
188
|
-
|
189
|
-
# Checks if the set of peer_certs contains at least one certificate issued
|
190
|
-
# by a certificate listed in authz_certs
|
191
|
-
#
|
192
|
-
# @return [Boolean]
|
193
|
-
#
|
194
|
-
# @api private
|
195
|
-
#
|
196
|
-
def has_authz_peer_cert(peer_certs, authz_certs)
|
197
|
-
peer_certs.any? do |peer_cert|
|
198
|
-
authz_certs.any? do |authz_cert|
|
199
|
-
peer_cert.verify(authz_cert.public_key)
|
200
|
-
end
|
201
|
-
end
|
202
|
-
end
|
203
|
-
|
204
|
-
# @api private
|
205
|
-
#
|
206
|
-
def ssl_certificates_are_present?
|
207
|
-
Puppet::FileSystem.exist?(Puppet[:hostcert]) && Puppet::FileSystem.exist?(@ca_path)
|
208
|
-
end
|
209
|
-
end
|
@@ -1,22 +0,0 @@
|
|
1
|
-
require 'puppet/ssl/openssl_loader'
|
2
|
-
require 'puppet/ssl'
|
3
|
-
|
4
|
-
# Performs no SSL verification
|
5
|
-
#
|
6
|
-
# @deprecated
|
7
|
-
# @api private
|
8
|
-
#
|
9
|
-
class Puppet::SSL::Validator::NoValidator < Puppet::SSL::Validator
|
10
|
-
|
11
|
-
def setup_connection(connection)
|
12
|
-
connection.verify_mode = OpenSSL::SSL::VERIFY_NONE
|
13
|
-
end
|
14
|
-
|
15
|
-
def peer_certs
|
16
|
-
[]
|
17
|
-
end
|
18
|
-
|
19
|
-
def verify_errors
|
20
|
-
[]
|
21
|
-
end
|
22
|
-
end
|
@@ -1,58 +0,0 @@
|
|
1
|
-
# Allows a `Puppet::SSL::Validator` to be used in situations where a
|
2
|
-
# `Verifier` is required, while preserving the legacy validator behavior of:
|
3
|
-
#
|
4
|
-
# * Loading CA certs from `ssl_client_ca_auth` or `localcacert`
|
5
|
-
# * Verifying each cert in the peer's chain is contained in the file
|
6
|
-
# loaded above.
|
7
|
-
#
|
8
|
-
class Puppet::SSL::VerifierAdapter
|
9
|
-
attr_reader :validator, :ssl_context
|
10
|
-
|
11
|
-
def initialize(validator)
|
12
|
-
@validator = validator
|
13
|
-
|
14
|
-
if validator.is_a?(Puppet::SSL::Validator::NoValidator)
|
15
|
-
ssl = Puppet::SSL::SSLProvider.new
|
16
|
-
@ssl_context = ssl.create_insecure_context
|
17
|
-
else
|
18
|
-
# nil means use the default SSLContext
|
19
|
-
@ssl_context = nil
|
20
|
-
end
|
21
|
-
end
|
22
|
-
|
23
|
-
# Return true if `self` is reusable with `verifier` meaning they
|
24
|
-
# are both using the same class of `Puppet::SSL::Validator`. In this
|
25
|
-
# case we only care the Validator class is the same. We can't require
|
26
|
-
# the same instances, because a new instance is created each time
|
27
|
-
# HttpPool.http_instance is called.
|
28
|
-
#
|
29
|
-
# @param verifier [Puppet::SSL::Verifier] the verifier to compare against
|
30
|
-
# @return [Boolean] return true if a cached connection can be used, false otherwise
|
31
|
-
def reusable?(verifier)
|
32
|
-
verifier.instance_of?(self.class) &&
|
33
|
-
verifier.validator.instance_of?(@validator.class)
|
34
|
-
end
|
35
|
-
|
36
|
-
# Configure the `http` connection based on the current `ssl_context`.
|
37
|
-
#
|
38
|
-
# @param http [Net::HTTP] connection
|
39
|
-
# @api private
|
40
|
-
def setup_connection(http)
|
41
|
-
@validator.setup_connection(http)
|
42
|
-
end
|
43
|
-
|
44
|
-
# Handle an SSL connection error.
|
45
|
-
#
|
46
|
-
# @param http [Net::HTTP] connection
|
47
|
-
# @param error [OpenSSL::SSL::SSLError] connection error
|
48
|
-
# @return (see Puppet::SSL::Verifier#handle_connection_error)
|
49
|
-
# @raise [Puppet::SSL::CertVerifyError] SSL connection failed due to a
|
50
|
-
# verification error with the server's certificate or chain
|
51
|
-
# @raise [Puppet::Error] server hostname does not match certificate
|
52
|
-
# @raise [OpenSSL::SSL::SSLError] low-level SSL connection failure
|
53
|
-
def handle_connection_error(http, error)
|
54
|
-
raise @validator.last_error if @validator.respond_to?(:last_error) && @validator.last_error
|
55
|
-
|
56
|
-
Puppet::Util::SSL.handle_connection_error(error, @validator, http.address)
|
57
|
-
end
|
58
|
-
end
|
data/lib/puppet/status.rb
DELETED
@@ -1,40 +0,0 @@
|
|
1
|
-
require 'puppet/indirector'
|
2
|
-
|
3
|
-
class Puppet::Status
|
4
|
-
extend Puppet::Indirector
|
5
|
-
indirects :status, :terminus_class => :local
|
6
|
-
|
7
|
-
attr_accessor :status
|
8
|
-
|
9
|
-
def initialize( status = nil )
|
10
|
-
@status = status || {"is_alive" => true}
|
11
|
-
end
|
12
|
-
|
13
|
-
def to_data_hash
|
14
|
-
@status
|
15
|
-
end
|
16
|
-
|
17
|
-
def self.from_data_hash(data)
|
18
|
-
if data.include?('status')
|
19
|
-
self.new(data['status'])
|
20
|
-
else
|
21
|
-
self.new(data)
|
22
|
-
end
|
23
|
-
end
|
24
|
-
|
25
|
-
def name
|
26
|
-
"status"
|
27
|
-
end
|
28
|
-
|
29
|
-
def name=(name)
|
30
|
-
# NOOP
|
31
|
-
end
|
32
|
-
|
33
|
-
def version
|
34
|
-
@status['version']
|
35
|
-
end
|
36
|
-
|
37
|
-
def version=(version)
|
38
|
-
@status['version'] = version
|
39
|
-
end
|
40
|
-
end
|