puppet 6.16.0-x64-mingw32 → 7.0.0-x64-mingw32

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of puppet might be problematic. Click here for more details.

Files changed (645) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +5 -3
  3. data/Gemfile.lock +31 -33
  4. data/README.md +4 -5
  5. data/Rakefile +4 -12
  6. data/conf/fileserver.conf +5 -10
  7. data/ext/build_defaults.yaml +1 -1
  8. data/ext/osx/file_mapping.yaml +0 -5
  9. data/ext/project_data.yaml +1 -14
  10. data/ext/redhat/puppet.spec.erb +0 -1
  11. data/ext/windows/service/daemon.rb +6 -5
  12. data/install.rb +21 -17
  13. data/lib/puppet.rb +11 -20
  14. data/lib/puppet/agent.rb +2 -2
  15. data/lib/puppet/agent/locker.rb +0 -7
  16. data/lib/puppet/application.rb +172 -98
  17. data/lib/puppet/application/agent.rb +22 -6
  18. data/lib/puppet/application/apply.rb +18 -20
  19. data/lib/puppet/application/device.rb +100 -104
  20. data/lib/puppet/application/doc.rb +1 -1
  21. data/lib/puppet/application/filebucket.rb +15 -11
  22. data/lib/puppet/application/lookup.rb +16 -4
  23. data/lib/puppet/application/ssl.rb +1 -1
  24. data/lib/puppet/configurer.rb +66 -31
  25. data/lib/puppet/configurer/downloader.rb +31 -10
  26. data/lib/puppet/configurer/plugin_handler.rb +21 -19
  27. data/lib/puppet/confine.rb +2 -2
  28. data/lib/puppet/confine/any.rb +1 -1
  29. data/lib/puppet/defaults.rb +166 -169
  30. data/lib/puppet/environments.rb +41 -15
  31. data/lib/puppet/face/catalog.rb +1 -1
  32. data/lib/puppet/face/config.rb +56 -16
  33. data/lib/puppet/face/epp.rb +12 -2
  34. data/lib/puppet/face/facts.rb +66 -6
  35. data/lib/puppet/face/help.rb +1 -1
  36. data/lib/puppet/face/node.rb +3 -3
  37. data/lib/puppet/face/node/clean.rb +2 -2
  38. data/lib/puppet/face/plugin.rb +5 -8
  39. data/lib/puppet/feature/base.rb +1 -1
  40. data/lib/puppet/ffi/windows.rb +12 -0
  41. data/lib/puppet/ffi/windows/api_types.rb +311 -0
  42. data/lib/puppet/ffi/windows/constants.rb +404 -0
  43. data/lib/puppet/ffi/windows/functions.rb +628 -0
  44. data/lib/puppet/ffi/windows/structs.rb +338 -0
  45. data/lib/puppet/file_bucket/dipper.rb +1 -1
  46. data/lib/puppet/file_serving/configuration.rb +0 -5
  47. data/lib/puppet/file_serving/configuration/parser.rb +3 -32
  48. data/lib/puppet/file_serving/http_metadata.rb +13 -1
  49. data/lib/puppet/file_serving/metadata.rb +4 -1
  50. data/lib/puppet/file_serving/mount.rb +1 -2
  51. data/lib/puppet/file_serving/mount/locales.rb +1 -2
  52. data/lib/puppet/file_serving/mount/pluginfacts.rb +1 -2
  53. data/lib/puppet/file_serving/mount/plugins.rb +1 -2
  54. data/lib/puppet/file_serving/terminus_selector.rb +7 -8
  55. data/lib/puppet/file_system/file_impl.rb +4 -4
  56. data/lib/puppet/file_system/uniquefile.rb +8 -16
  57. data/lib/puppet/forge.rb +1 -1
  58. data/lib/puppet/forge/cache.rb +1 -1
  59. data/lib/puppet/forge/repository.rb +3 -8
  60. data/lib/puppet/functions/epp.rb +1 -0
  61. data/lib/puppet/functions/inline_epp.rb +1 -0
  62. data/lib/puppet/functions/lstrip.rb +4 -4
  63. data/lib/puppet/functions/new.rb +8 -3
  64. data/lib/puppet/functions/reverse_each.rb +1 -1
  65. data/lib/puppet/functions/rstrip.rb +4 -4
  66. data/lib/puppet/functions/step.rb +1 -1
  67. data/lib/puppet/functions/strip.rb +4 -4
  68. data/lib/puppet/generate/models/type/type.rb +4 -1
  69. data/lib/puppet/gettext/config.rb +5 -5
  70. data/lib/puppet/gettext/module_translations.rb +4 -4
  71. data/lib/puppet/http.rb +23 -13
  72. data/lib/puppet/http/client.rb +170 -115
  73. data/lib/puppet/{network/resolver.rb → http/dns.rb} +2 -2
  74. data/lib/puppet/http/errors.rb +16 -0
  75. data/lib/puppet/http/external_client.rb +5 -7
  76. data/lib/puppet/{network/http → http}/factory.rb +8 -11
  77. data/lib/puppet/{network/http → http}/pool.rb +61 -26
  78. data/lib/puppet/{network/http/session.rb → http/pool_entry.rb} +2 -3
  79. data/lib/puppet/http/proxy.rb +137 -0
  80. data/lib/puppet/http/redirector.rb +13 -19
  81. data/lib/puppet/http/resolver.rb +10 -23
  82. data/lib/puppet/http/resolver/server_list.rb +23 -45
  83. data/lib/puppet/http/resolver/settings.rb +7 -10
  84. data/lib/puppet/http/resolver/srv.rb +11 -15
  85. data/lib/puppet/http/response.rb +49 -48
  86. data/lib/puppet/http/response_converter.rb +24 -0
  87. data/lib/puppet/http/response_net_http.rb +42 -0
  88. data/lib/puppet/http/retry_after_handler.rb +4 -13
  89. data/lib/puppet/http/service.rb +15 -27
  90. data/lib/puppet/http/service/ca.rb +11 -22
  91. data/lib/puppet/http/service/compiler.rb +23 -70
  92. data/lib/puppet/http/service/file_server.rb +19 -28
  93. data/lib/puppet/http/service/puppetserver.rb +53 -0
  94. data/lib/puppet/http/service/report.rb +8 -10
  95. data/lib/puppet/http/session.rb +16 -24
  96. data/lib/puppet/{network/http → http}/site.rb +1 -2
  97. data/lib/puppet/indirector.rb +1 -1
  98. data/lib/puppet/indirector/catalog/compiler.rb +1 -1
  99. data/lib/puppet/indirector/catalog/rest.rb +2 -4
  100. data/lib/puppet/indirector/exec.rb +1 -1
  101. data/lib/puppet/indirector/fact_search.rb +60 -0
  102. data/lib/puppet/indirector/facts/facter.rb +27 -6
  103. data/lib/puppet/indirector/facts/json.rb +27 -0
  104. data/lib/puppet/indirector/facts/rest.rb +3 -22
  105. data/lib/puppet/indirector/facts/yaml.rb +4 -59
  106. data/lib/puppet/indirector/file_bucket_file/rest.rb +3 -9
  107. data/lib/puppet/indirector/file_content/rest.rb +3 -7
  108. data/lib/puppet/indirector/file_metadata/http.rb +25 -5
  109. data/lib/puppet/indirector/file_metadata/rest.rb +5 -11
  110. data/lib/puppet/indirector/file_server.rb +1 -8
  111. data/lib/puppet/indirector/generic_http.rb +0 -11
  112. data/lib/puppet/indirector/hiera.rb +4 -0
  113. data/lib/puppet/indirector/indirection.rb +1 -1
  114. data/lib/puppet/indirector/json.rb +5 -1
  115. data/lib/puppet/indirector/msgpack.rb +1 -1
  116. data/lib/puppet/indirector/node/json.rb +8 -0
  117. data/lib/puppet/indirector/node/rest.rb +2 -4
  118. data/lib/puppet/indirector/report/json.rb +34 -0
  119. data/lib/puppet/indirector/report/processor.rb +2 -2
  120. data/lib/puppet/indirector/report/rest.rb +3 -8
  121. data/lib/puppet/indirector/request.rb +2 -103
  122. data/lib/puppet/indirector/rest.rb +12 -263
  123. data/lib/puppet/indirector/yaml.rb +1 -1
  124. data/lib/puppet/module.rb +1 -2
  125. data/lib/puppet/module_tool/applications.rb +0 -1
  126. data/lib/puppet/network/authconfig.rb +2 -96
  127. data/lib/puppet/network/authorization.rb +13 -35
  128. data/lib/puppet/network/format_support.rb +2 -2
  129. data/lib/puppet/network/formats.rb +2 -1
  130. data/lib/puppet/network/http.rb +3 -3
  131. data/lib/puppet/network/http/api/indirected_routes.rb +3 -21
  132. data/lib/puppet/network/http/api/master/v3.rb +11 -13
  133. data/lib/puppet/network/http/api/master/v3/environments.rb +0 -1
  134. data/lib/puppet/network/http/connection.rb +247 -316
  135. data/lib/puppet/network/http/handler.rb +0 -1
  136. data/lib/puppet/network/http/route.rb +2 -2
  137. data/lib/puppet/network/http_pool.rb +16 -34
  138. data/lib/puppet/node.rb +1 -30
  139. data/lib/puppet/node/environment.rb +12 -5
  140. data/lib/puppet/node/facts.rb +17 -0
  141. data/lib/puppet/pal/json_catalog_encoder.rb +4 -0
  142. data/lib/puppet/pal/pal_impl.rb +93 -14
  143. data/lib/puppet/parameter.rb +1 -1
  144. data/lib/puppet/parser/ast/leaf.rb +5 -5
  145. data/lib/puppet/parser/ast/pops_bridge.rb +0 -42
  146. data/lib/puppet/parser/compiler.rb +1 -199
  147. data/lib/puppet/parser/compiler/catalog_validator/relationship_validator.rb +14 -39
  148. data/lib/puppet/parser/functions.rb +21 -17
  149. data/lib/puppet/parser/functions/create_resources.rb +11 -7
  150. data/lib/puppet/parser/resource.rb +3 -71
  151. data/lib/puppet/parser/resource/param.rb +6 -0
  152. data/lib/puppet/parser/type_loader.rb +2 -2
  153. data/lib/puppet/pops/adaptable.rb +7 -13
  154. data/lib/puppet/pops/adapters.rb +8 -4
  155. data/lib/puppet/pops/evaluator/collectors/abstract_collector.rb +1 -3
  156. data/lib/puppet/pops/evaluator/evaluator_impl.rb +27 -13
  157. data/lib/puppet/pops/evaluator/runtime3_converter.rb +2 -2
  158. data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +3 -3
  159. data/lib/puppet/pops/evaluator/runtime3_support.rb +1 -1
  160. data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +6 -8
  161. data/lib/puppet/pops/loader/runtime3_type_loader.rb +4 -2
  162. data/lib/puppet/pops/loaders.rb +18 -11
  163. data/lib/puppet/pops/lookup/context.rb +1 -1
  164. data/lib/puppet/pops/lookup/hiera_config.rb +14 -1
  165. data/lib/puppet/pops/model/ast.pp +0 -42
  166. data/lib/puppet/pops/model/ast.rb +0 -290
  167. data/lib/puppet/pops/model/factory.rb +0 -45
  168. data/lib/puppet/pops/model/model_label_provider.rb +0 -5
  169. data/lib/puppet/pops/model/model_tree_dumper.rb +0 -22
  170. data/lib/puppet/pops/model/pn_transformer.rb +0 -16
  171. data/lib/puppet/pops/parser/egrammar.ra +0 -56
  172. data/lib/puppet/pops/parser/eparser.rb +1520 -1712
  173. data/lib/puppet/pops/parser/lexer2.rb +4 -4
  174. data/lib/puppet/pops/parser/parser_support.rb +0 -5
  175. data/lib/puppet/pops/resource/resource_type_impl.rb +2 -22
  176. data/lib/puppet/pops/types/iterable.rb +34 -8
  177. data/lib/puppet/pops/types/p_meta_type.rb +1 -1
  178. data/lib/puppet/pops/types/p_type_set_type.rb +4 -0
  179. data/lib/puppet/pops/types/type_calculator.rb +0 -7
  180. data/lib/puppet/pops/types/type_parser.rb +0 -4
  181. data/lib/puppet/pops/types/types.rb +0 -1
  182. data/lib/puppet/pops/validation/checker4_0.rb +28 -42
  183. data/lib/puppet/pops/validation/tasks_checker.rb +0 -12
  184. data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -1
  185. data/lib/puppet/provider.rb +0 -13
  186. data/lib/puppet/provider/file/windows.rb +1 -1
  187. data/lib/puppet/provider/nameservice.rb +0 -18
  188. data/lib/puppet/provider/package/apt.rb +34 -0
  189. data/lib/puppet/provider/package/aptitude.rb +1 -1
  190. data/lib/puppet/provider/package/dpkg.rb +1 -11
  191. data/lib/puppet/provider/package/gem.rb +27 -5
  192. data/lib/puppet/provider/package/pip.rb +0 -1
  193. data/lib/puppet/provider/package/pip2.rb +17 -0
  194. data/lib/puppet/provider/package/pkg.rb +0 -4
  195. data/lib/puppet/provider/package/portage.rb +1 -1
  196. data/lib/puppet/provider/package/puppet_gem.rb +6 -4
  197. data/lib/puppet/provider/package/puppetserver_gem.rb +180 -0
  198. data/lib/puppet/provider/package/yum.rb +2 -1
  199. data/lib/puppet/provider/package/zypper.rb +3 -0
  200. data/lib/puppet/provider/service/smf.rb +191 -73
  201. data/lib/puppet/provider/service/windows.rb +23 -7
  202. data/lib/puppet/provider/user/aix.rb +1 -1
  203. data/lib/puppet/provider/user/directoryservice.rb +0 -10
  204. data/lib/puppet/provider/user/user_role_add.rb +1 -1
  205. data/lib/puppet/provider/user/useradd.rb +11 -4
  206. data/lib/puppet/provider/user/windows_adsi.rb +18 -1
  207. data/lib/puppet/reference/configuration.rb +2 -0
  208. data/lib/puppet/reference/indirection.rb +1 -1
  209. data/lib/puppet/reports/http.rb +2 -0
  210. data/lib/puppet/resource.rb +3 -90
  211. data/lib/puppet/resource/catalog.rb +1 -14
  212. data/lib/puppet/resource/type.rb +5 -112
  213. data/lib/puppet/resource/type_collection.rb +3 -48
  214. data/lib/puppet/runtime.rb +1 -2
  215. data/lib/puppet/settings.rb +84 -35
  216. data/lib/puppet/settings/base_setting.rb +26 -2
  217. data/lib/puppet/settings/integer_setting.rb +17 -0
  218. data/lib/puppet/settings/port_setting.rb +15 -0
  219. data/lib/puppet/settings/priority_setting.rb +5 -4
  220. data/lib/puppet/ssl.rb +10 -6
  221. data/lib/puppet/ssl/base.rb +3 -5
  222. data/lib/puppet/ssl/certificate.rb +0 -6
  223. data/lib/puppet/ssl/certificate_request.rb +1 -12
  224. data/lib/puppet/ssl/certificate_signer.rb +6 -0
  225. data/lib/puppet/ssl/oids.rb +3 -1
  226. data/lib/puppet/ssl/ssl_context.rb +2 -2
  227. data/lib/puppet/ssl/ssl_provider.rb +37 -1
  228. data/lib/puppet/ssl/state_machine.rb +3 -1
  229. data/lib/puppet/ssl/verifier.rb +2 -0
  230. data/lib/puppet/test/test_helper.rb +19 -16
  231. data/lib/puppet/transaction.rb +3 -9
  232. data/lib/puppet/transaction/persistence.rb +1 -1
  233. data/lib/puppet/transaction/report.rb +10 -8
  234. data/lib/puppet/trusted_external.rb +29 -1
  235. data/lib/puppet/type.rb +9 -77
  236. data/lib/puppet/type/file.rb +45 -22
  237. data/lib/puppet/type/file/checksum.rb +5 -5
  238. data/lib/puppet/type/file/source.rb +33 -13
  239. data/lib/puppet/type/filebucket.rb +4 -4
  240. data/lib/puppet/type/notify.rb +2 -2
  241. data/lib/puppet/type/package.rb +5 -13
  242. data/lib/puppet/type/service.rb +53 -0
  243. data/lib/puppet/type/user.rb +18 -3
  244. data/lib/puppet/util.rb +41 -3
  245. data/lib/puppet/util/autoload.rb +9 -7
  246. data/lib/puppet/util/character_encoding.rb +9 -5
  247. data/lib/puppet/util/checksums.rb +19 -4
  248. data/lib/puppet/util/execution.rb +2 -13
  249. data/lib/puppet/util/fileparsing.rb +2 -2
  250. data/lib/puppet/util/http_proxy.rb +2 -215
  251. data/lib/puppet/util/monkey_patches.rb +0 -46
  252. data/lib/puppet/util/provider_features.rb +1 -1
  253. data/lib/puppet/util/rdoc.rb +0 -7
  254. data/lib/puppet/util/reference.rb +1 -1
  255. data/lib/puppet/util/retry_action.rb +1 -1
  256. data/lib/puppet/util/rubygems.rb +5 -1
  257. data/lib/puppet/util/run_mode.rb +14 -2
  258. data/lib/puppet/util/windows.rb +3 -7
  259. data/lib/puppet/util/windows/daemon.rb +360 -0
  260. data/lib/puppet/util/windows/error.rb +1 -0
  261. data/lib/puppet/util/windows/eventlog.rb +5 -15
  262. data/lib/puppet/util/windows/file.rb +8 -242
  263. data/lib/puppet/util/windows/monkey_patches/process.rb +414 -0
  264. data/lib/puppet/util/windows/principal.rb +8 -6
  265. data/lib/puppet/util/windows/process.rb +4 -226
  266. data/lib/puppet/util/windows/registry.rb +11 -11
  267. data/lib/puppet/util/windows/security.rb +4 -4
  268. data/lib/puppet/util/windows/service.rb +52 -486
  269. data/lib/puppet/util/windows/string.rb +12 -13
  270. data/lib/puppet/util/windows/user.rb +242 -8
  271. data/lib/puppet/util/yaml.rb +0 -22
  272. data/lib/puppet/vendor/require_vendored.rb +0 -1
  273. data/lib/puppet/version.rb +1 -1
  274. data/lib/puppet/x509.rb +5 -1
  275. data/lib/puppet/x509/cert_provider.rb +29 -1
  276. data/locales/puppet.pot +713 -1380
  277. data/man/man5/puppet.conf.5 +84 -98
  278. data/man/man8/puppet-agent.8 +7 -4
  279. data/man/man8/puppet-apply.8 +1 -1
  280. data/man/man8/puppet-catalog.8 +1 -1
  281. data/man/man8/puppet-config.8 +6 -6
  282. data/man/man8/puppet-describe.8 +1 -1
  283. data/man/man8/puppet-device.8 +1 -1
  284. data/man/man8/puppet-doc.8 +1 -1
  285. data/man/man8/puppet-epp.8 +1 -1
  286. data/man/man8/puppet-facts.8 +55 -9
  287. data/man/man8/puppet-filebucket.8 +6 -6
  288. data/man/man8/puppet-generate.8 +1 -1
  289. data/man/man8/puppet-help.8 +1 -1
  290. data/man/man8/puppet-lookup.8 +2 -2
  291. data/man/man8/puppet-module.8 +1 -58
  292. data/man/man8/puppet-node.8 +7 -4
  293. data/man/man8/puppet-parser.8 +1 -1
  294. data/man/man8/puppet-plugin.8 +1 -1
  295. data/man/man8/puppet-report.8 +4 -1
  296. data/man/man8/puppet-resource.8 +1 -1
  297. data/man/man8/puppet-script.8 +1 -1
  298. data/man/man8/puppet-ssl.8 +1 -1
  299. data/man/man8/puppet.8 +2 -2
  300. data/spec/fixtures/integration/application/apply/environments/spec/modules/amod/lib/puppet/provider/applytest/applytest.rb +2 -0
  301. data/spec/fixtures/integration/application/apply/environments/spec/modules/amod/lib/puppet/type/applytest.rb +25 -0
  302. data/spec/fixtures/unit/forge/bacula-releases.json +128 -0
  303. data/spec/fixtures/unit/forge/bacula.tar.gz +0 -0
  304. data/spec/fixtures/unit/provider/package/puppetserver_gem/gem-list-local-packages +30 -0
  305. data/spec/fixtures/unit/provider/service/smf/{svcs.out → svcs_instances.out} +0 -0
  306. data/spec/integration/application/agent_spec.rb +157 -59
  307. data/spec/integration/application/apply_spec.rb +150 -150
  308. data/spec/integration/application/doc_spec.rb +16 -6
  309. data/spec/integration/application/filebucket_spec.rb +78 -29
  310. data/spec/integration/application/help_spec.rb +44 -0
  311. data/spec/integration/application/lookup_spec.rb +13 -0
  312. data/spec/integration/application/module_spec.rb +68 -0
  313. data/spec/integration/application/plugin_spec.rb +76 -4
  314. data/spec/integration/configurer_spec.rb +14 -0
  315. data/spec/integration/data_binding_spec.rb +82 -0
  316. data/spec/integration/defaults_spec.rb +33 -5
  317. data/spec/integration/directory_environments_spec.rb +17 -17
  318. data/spec/integration/environments/setting_hooks_spec.rb +1 -1
  319. data/spec/integration/indirector/facts/facter_spec.rb +8 -6
  320. data/spec/integration/network/http_pool_spec.rb +29 -30
  321. data/spec/integration/node/environment_spec.rb +1 -1
  322. data/spec/integration/parser/catalog_spec.rb +0 -38
  323. data/spec/integration/parser/compiler_spec.rb +11 -0
  324. data/spec/integration/parser/node_spec.rb +0 -9
  325. data/spec/integration/parser/pcore_resource_spec.rb +0 -37
  326. data/spec/integration/type/file_spec.rb +6 -5
  327. data/spec/integration/util/execution_spec.rb +22 -0
  328. data/spec/integration/util/windows/adsi_spec.rb +2 -2
  329. data/spec/integration/util/windows/monkey_patches/process_spec.rb +231 -0
  330. data/spec/integration/util/windows/process_spec.rb +26 -32
  331. data/spec/integration/util/windows/registry_spec.rb +7 -7
  332. data/spec/integration/util/windows/security_spec.rb +1 -1
  333. data/spec/integration/util/windows/user_spec.rb +47 -5
  334. data/spec/integration/util_spec.rb +7 -33
  335. data/spec/lib/puppet_spec/matchers.rb +0 -80
  336. data/spec/lib/puppet_spec/puppetserver.rb +9 -1
  337. data/spec/lib/puppet_spec/settings.rb +7 -1
  338. data/spec/shared_contexts/types_setup.rb +2 -0
  339. data/spec/spec_helper.rb +2 -0
  340. data/spec/unit/agent_spec.rb +0 -2
  341. data/spec/unit/application/agent_spec.rb +3 -4
  342. data/spec/unit/application/config_spec.rb +224 -4
  343. data/spec/unit/application/doc_spec.rb +2 -2
  344. data/spec/unit/application/face_base_spec.rb +6 -4
  345. data/spec/unit/application/facts_spec.rb +74 -8
  346. data/spec/unit/application/filebucket_spec.rb +41 -39
  347. data/spec/unit/application/resource_spec.rb +3 -1
  348. data/spec/unit/application/ssl_spec.rb +17 -4
  349. data/spec/unit/application_spec.rb +9 -4
  350. data/spec/unit/certificate_factory_spec.rb +1 -1
  351. data/spec/unit/configurer/downloader_spec.rb +14 -0
  352. data/spec/unit/configurer/fact_handler_spec.rb +4 -4
  353. data/spec/unit/configurer/plugin_handler_spec.rb +56 -18
  354. data/spec/unit/configurer_spec.rb +96 -44
  355. data/spec/unit/confine_spec.rb +2 -1
  356. data/spec/unit/context/trusted_information_spec.rb +12 -10
  357. data/spec/unit/defaults_spec.rb +77 -28
  358. data/spec/unit/environments_spec.rb +96 -32
  359. data/spec/unit/face/config_spec.rb +65 -12
  360. data/spec/unit/face/facts_spec.rb +4 -0
  361. data/spec/unit/face/node_spec.rb +2 -2
  362. data/spec/unit/face/plugin_spec.rb +73 -33
  363. data/spec/unit/file_bucket/file_spec.rb +1 -1
  364. data/spec/unit/file_serving/configuration/parser_spec.rb +14 -18
  365. data/spec/unit/file_serving/configuration_spec.rb +6 -12
  366. data/spec/unit/file_serving/http_metadata_spec.rb +37 -14
  367. data/spec/unit/file_serving/mount/locales_spec.rb +2 -2
  368. data/spec/unit/file_serving/mount/pluginfacts_spec.rb +2 -2
  369. data/spec/unit/file_serving/mount/plugins_spec.rb +2 -2
  370. data/spec/unit/file_serving/terminus_selector_spec.rb +45 -26
  371. data/spec/unit/file_system/uniquefile_spec.rb +18 -0
  372. data/spec/unit/file_system_spec.rb +1 -2
  373. data/spec/unit/functions/camelcase_spec.rb +1 -1
  374. data/spec/unit/functions/capitalize_spec.rb +1 -1
  375. data/spec/unit/functions/downcase_spec.rb +1 -1
  376. data/spec/unit/functions/inline_epp_spec.rb +26 -1
  377. data/spec/unit/functions/upcase_spec.rb +1 -1
  378. data/spec/unit/http/client_spec.rb +71 -17
  379. data/spec/unit/{network/resolver_spec.rb → http/dns_spec.rb} +3 -3
  380. data/spec/unit/http/external_client_spec.rb +4 -4
  381. data/spec/unit/{network/http → http}/factory_spec.rb +5 -11
  382. data/spec/unit/{network/http/session_spec.rb → http/pool_entry_spec.rb} +3 -3
  383. data/spec/unit/{network/http → http}/pool_spec.rb +12 -17
  384. data/spec/unit/{util/http_proxy_spec.rb → http/proxy_spec.rb} +2 -69
  385. data/spec/unit/http/resolver_spec.rb +34 -15
  386. data/spec/unit/http/response_spec.rb +6 -0
  387. data/spec/unit/http/service/ca_spec.rb +2 -3
  388. data/spec/unit/http/service/compiler_spec.rb +51 -65
  389. data/spec/unit/http/service/file_server_spec.rb +5 -6
  390. data/spec/unit/http/service/puppetserver_spec.rb +112 -0
  391. data/spec/unit/http/service/report_spec.rb +2 -3
  392. data/spec/unit/http/service_spec.rb +1 -3
  393. data/spec/unit/http/session_spec.rb +24 -35
  394. data/spec/unit/{network/http → http}/site_spec.rb +3 -3
  395. data/spec/unit/indirector/catalog/json_spec.rb +1 -1
  396. data/spec/unit/indirector/catalog/rest_spec.rb +1 -1
  397. data/spec/unit/indirector/facts/facter_spec.rb +97 -0
  398. data/spec/unit/indirector/facts/json_spec.rb +255 -0
  399. data/spec/unit/indirector/facts/rest_spec.rb +1 -1
  400. data/spec/unit/indirector/file_bucket_file/file_spec.rb +5 -3
  401. data/spec/unit/indirector/file_content/rest_spec.rb +0 -4
  402. data/spec/unit/indirector/file_metadata/http_spec.rb +27 -0
  403. data/spec/unit/indirector/file_metadata/rest_spec.rb +0 -4
  404. data/spec/unit/indirector/file_server_spec.rb +1 -15
  405. data/spec/unit/indirector/json_spec.rb +8 -8
  406. data/spec/unit/indirector/msgpack_spec.rb +8 -8
  407. data/spec/unit/indirector/node/json_spec.rb +33 -0
  408. data/spec/unit/indirector/node/rest_spec.rb +1 -1
  409. data/spec/{integration/indirector/report/yaml.rb → unit/indirector/report/json_spec.rb} +13 -24
  410. data/spec/unit/indirector/report/rest_spec.rb +2 -17
  411. data/spec/unit/indirector/report/yaml_spec.rb +72 -8
  412. data/spec/unit/indirector/request_spec.rb +3 -267
  413. data/spec/unit/indirector/rest_spec.rb +98 -752
  414. data/spec/unit/indirector/yaml_spec.rb +7 -7
  415. data/spec/unit/interface_spec.rb +3 -3
  416. data/spec/unit/module_tool/tar/mini_spec.rb +20 -0
  417. data/spec/unit/network/authconfig_spec.rb +2 -132
  418. data/spec/unit/network/authorization_spec.rb +2 -55
  419. data/spec/unit/network/format_support_spec.rb +3 -2
  420. data/spec/unit/network/formats_spec.rb +4 -4
  421. data/spec/unit/network/http/api/indirected_routes_spec.rb +3 -98
  422. data/spec/unit/network/http/api/master/v3/environments_spec.rb +12 -23
  423. data/spec/unit/network/http/api/master/v3_spec.rb +28 -7
  424. data/spec/unit/network/http/api_spec.rb +10 -0
  425. data/spec/unit/network/http/connection_spec.rb +61 -73
  426. data/spec/unit/network/http/handler_spec.rb +0 -6
  427. data/spec/unit/network/http_pool_spec.rb +0 -4
  428. data/spec/unit/node/environment_spec.rb +51 -22
  429. data/spec/unit/node_spec.rb +2 -54
  430. data/spec/unit/parser/ast/block_expression_spec.rb +1 -1
  431. data/spec/unit/parser/functions/create_resources_spec.rb +2 -20
  432. data/spec/unit/parser/scope_spec.rb +1 -1
  433. data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +19 -8
  434. data/spec/unit/pops/loaders/loaders_spec.rb +77 -22
  435. data/spec/unit/pops/lookup/lookup_spec.rb +25 -0
  436. data/spec/unit/pops/parser/parse_application_spec.rb +4 -22
  437. data/spec/unit/pops/parser/parse_basic_expressions_spec.rb +0 -1
  438. data/spec/unit/pops/parser/parse_capabilities_spec.rb +8 -21
  439. data/spec/unit/pops/parser/parse_site_spec.rb +20 -24
  440. data/spec/unit/pops/resource/resource_type_impl_spec.rb +0 -71
  441. data/spec/unit/pops/serialization/to_from_hr_spec.rb +1 -1
  442. data/spec/unit/pops/types/type_calculator_spec.rb +7 -17
  443. data/spec/unit/pops/types/type_factory_spec.rb +1 -1
  444. data/spec/unit/pops/validator/validator_spec.rb +61 -46
  445. data/spec/unit/pops/visitor_spec.rb +1 -1
  446. data/spec/unit/provider/exec_spec.rb +4 -3
  447. data/spec/unit/provider/nameservice_spec.rb +0 -57
  448. data/spec/unit/provider/package/apt_spec.rb +77 -0
  449. data/spec/unit/provider/package/aptitude_spec.rb +1 -0
  450. data/spec/unit/provider/package/dpkg_spec.rb +22 -55
  451. data/spec/unit/provider/package/gem_spec.rb +32 -0
  452. data/spec/unit/provider/package/openbsd_spec.rb +2 -0
  453. data/spec/unit/provider/package/pip2_spec.rb +36 -0
  454. data/spec/unit/provider/package/puppet_gem_spec.rb +6 -2
  455. data/spec/unit/provider/package/puppetserver_gem_spec.rb +137 -0
  456. data/spec/unit/provider/package/yum_spec.rb +31 -0
  457. data/spec/unit/provider/package/zypper_spec.rb +14 -0
  458. data/spec/unit/provider/service/base_spec.rb +2 -4
  459. data/spec/unit/provider/service/bsd_spec.rb +5 -1
  460. data/spec/unit/provider/service/daemontools_spec.rb +1 -1
  461. data/spec/unit/provider/service/debian_spec.rb +3 -5
  462. data/spec/unit/provider/service/freebsd_spec.rb +1 -1
  463. data/spec/unit/provider/service/gentoo_spec.rb +4 -5
  464. data/spec/unit/provider/service/init_spec.rb +45 -5
  465. data/spec/unit/provider/service/launchd_spec.rb +5 -6
  466. data/spec/unit/provider/service/openrc_spec.rb +4 -5
  467. data/spec/unit/provider/service/openwrt_spec.rb +1 -1
  468. data/spec/unit/provider/service/redhat_spec.rb +1 -1
  469. data/spec/unit/provider/service/runit_spec.rb +2 -1
  470. data/spec/unit/provider/service/smf_spec.rb +402 -166
  471. data/spec/unit/provider/service/src_spec.rb +3 -5
  472. data/spec/unit/provider/service/systemd_spec.rb +3 -6
  473. data/spec/unit/provider/service/upstart_spec.rb +4 -5
  474. data/spec/unit/provider/service/windows_spec.rb +50 -15
  475. data/spec/unit/provider/user/openbsd_spec.rb +1 -0
  476. data/spec/unit/provider/user/useradd_spec.rb +22 -16
  477. data/spec/unit/provider/user/windows_adsi_spec.rb +82 -0
  478. data/spec/unit/provider_spec.rb +0 -12
  479. data/spec/unit/puppet_pal_2pec.rb +40 -0
  480. data/spec/unit/puppet_pal_catalog_spec.rb +45 -0
  481. data/spec/unit/reports/store_spec.rb +17 -13
  482. data/spec/unit/resource/type_collection_spec.rb +2 -22
  483. data/spec/unit/resource_spec.rb +3 -59
  484. data/spec/unit/settings/http_extra_headers_spec.rb +2 -4
  485. data/spec/unit/settings/integer_setting_spec.rb +42 -0
  486. data/spec/unit/settings/port_setting_spec.rb +31 -0
  487. data/spec/unit/settings/priority_setting_spec.rb +4 -4
  488. data/spec/unit/settings_spec.rb +586 -239
  489. data/spec/unit/ssl/base_spec.rb +36 -3
  490. data/spec/unit/ssl/certificate_request_spec.rb +15 -45
  491. data/spec/unit/ssl/certificate_spec.rb +2 -11
  492. data/spec/unit/ssl/ssl_provider_spec.rb +78 -49
  493. data/spec/unit/ssl/state_machine_spec.rb +0 -1
  494. data/spec/unit/ssl/verifier_spec.rb +0 -21
  495. data/spec/unit/test/test_helper_spec.rb +17 -0
  496. data/spec/unit/transaction/persistence_spec.rb +15 -0
  497. data/spec/unit/transaction/report_spec.rb +3 -3
  498. data/spec/unit/transaction/resource_harness_spec.rb +2 -2
  499. data/spec/unit/transaction_spec.rb +45 -79
  500. data/spec/unit/type/file/checksum_spec.rb +6 -6
  501. data/spec/unit/type/file/content_spec.rb +1 -1
  502. data/spec/unit/type/file/ensure_spec.rb +1 -1
  503. data/spec/unit/type/file/mode_spec.rb +1 -1
  504. data/spec/unit/type/file/source_spec.rb +4 -5
  505. data/spec/unit/type/file_spec.rb +134 -102
  506. data/spec/unit/type/filebucket_spec.rb +1 -1
  507. data/spec/unit/type/package_spec.rb +1 -1
  508. data/spec/unit/type/service_spec.rb +209 -0
  509. data/spec/unit/type/user_spec.rb +31 -2
  510. data/spec/unit/type_spec.rb +70 -0
  511. data/spec/unit/util/backups_spec.rb +0 -2
  512. data/spec/unit/util/character_encoding_spec.rb +4 -4
  513. data/spec/unit/util/checksums_spec.rb +16 -0
  514. data/spec/unit/util/command_line_spec.rb +11 -6
  515. data/spec/unit/util/execution_spec.rb +0 -29
  516. data/spec/unit/util/monkey_patches_spec.rb +0 -6
  517. data/spec/unit/util/rubygems_spec.rb +2 -2
  518. data/spec/unit/util/run_mode_spec.rb +27 -127
  519. data/spec/unit/util/windows/api_types_spec.rb +104 -40
  520. data/spec/unit/util/windows/service_spec.rb +4 -4
  521. data/spec/unit/util/windows/string_spec.rb +1 -3
  522. data/spec/unit/util/yaml_spec.rb +0 -54
  523. data/spec/unit/util_spec.rb +3 -21
  524. data/spec/unit/x509/cert_provider_spec.rb +1 -1
  525. metadata +76 -270
  526. data/conf/auth.conf +0 -150
  527. data/lib/puppet/application/cert.rb +0 -76
  528. data/lib/puppet/application/key.rb +0 -4
  529. data/lib/puppet/application/man.rb +0 -4
  530. data/lib/puppet/application/status.rb +0 -4
  531. data/lib/puppet/face/key.rb +0 -16
  532. data/lib/puppet/face/man.rb +0 -145
  533. data/lib/puppet/face/module/build.rb +0 -14
  534. data/lib/puppet/face/module/generate.rb +0 -14
  535. data/lib/puppet/face/module/search.rb +0 -103
  536. data/lib/puppet/face/status.rb +0 -51
  537. data/lib/puppet/indirector/certificate/file.rb +0 -9
  538. data/lib/puppet/indirector/certificate/rest.rb +0 -18
  539. data/lib/puppet/indirector/certificate_request/file.rb +0 -9
  540. data/lib/puppet/indirector/certificate_request/memory.rb +0 -7
  541. data/lib/puppet/indirector/certificate_request/rest.rb +0 -11
  542. data/lib/puppet/indirector/file_content/http.rb +0 -22
  543. data/lib/puppet/indirector/key/file.rb +0 -46
  544. data/lib/puppet/indirector/key/memory.rb +0 -7
  545. data/lib/puppet/indirector/ssl_file.rb +0 -162
  546. data/lib/puppet/indirector/status.rb +0 -3
  547. data/lib/puppet/indirector/status/local.rb +0 -12
  548. data/lib/puppet/indirector/status/rest.rb +0 -27
  549. data/lib/puppet/module_tool/applications/searcher.rb +0 -29
  550. data/lib/puppet/network/auth_config_parser.rb +0 -90
  551. data/lib/puppet/network/authstore.rb +0 -283
  552. data/lib/puppet/network/http/api/master/v3/authorization.rb +0 -18
  553. data/lib/puppet/network/http/api/master/v3/environment.rb +0 -85
  554. data/lib/puppet/network/http/base_pool.rb +0 -36
  555. data/lib/puppet/network/http/compression.rb +0 -127
  556. data/lib/puppet/network/http/connection_adapter.rb +0 -182
  557. data/lib/puppet/network/http/nocache_pool.rb +0 -28
  558. data/lib/puppet/network/rest_controller.rb +0 -2
  559. data/lib/puppet/network/rights.rb +0 -210
  560. data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +0 -64
  561. data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +0 -20
  562. data/lib/puppet/parser/environment_compiler.rb +0 -199
  563. data/lib/puppet/pops/types/enumeration.rb +0 -16
  564. data/lib/puppet/resource/capability_finder.rb +0 -154
  565. data/lib/puppet/rest/errors.rb +0 -15
  566. data/lib/puppet/rest/response.rb +0 -35
  567. data/lib/puppet/rest/route.rb +0 -85
  568. data/lib/puppet/rest/routes.rb +0 -135
  569. data/lib/puppet/ssl/host.rb +0 -505
  570. data/lib/puppet/ssl/key.rb +0 -61
  571. data/lib/puppet/ssl/validator.rb +0 -61
  572. data/lib/puppet/ssl/validator/default_validator.rb +0 -209
  573. data/lib/puppet/ssl/validator/no_validator.rb +0 -22
  574. data/lib/puppet/ssl/verifier_adapter.rb +0 -58
  575. data/lib/puppet/status.rb +0 -40
  576. data/lib/puppet/util/connection.rb +0 -88
  577. data/lib/puppet/util/ssl.rb +0 -83
  578. data/lib/puppet/util/windows/api_types.rb +0 -282
  579. data/lib/puppet/vendor/load_pathspec.rb +0 -1
  580. data/lib/puppet/vendor/pathspec/CHANGELOG.md +0 -2
  581. data/lib/puppet/vendor/pathspec/LICENSE +0 -201
  582. data/lib/puppet/vendor/pathspec/PUPPET_README.md +0 -6
  583. data/lib/puppet/vendor/pathspec/README.md +0 -53
  584. data/lib/puppet/vendor/pathspec/lib/pathspec.rb +0 -122
  585. data/lib/puppet/vendor/pathspec/lib/pathspec/gitignorespec.rb +0 -275
  586. data/lib/puppet/vendor/pathspec/lib/pathspec/regexspec.rb +0 -17
  587. data/lib/puppet/vendor/pathspec/lib/pathspec/spec.rb +0 -14
  588. data/man/man8/puppet-key.8 +0 -126
  589. data/man/man8/puppet-man.8 +0 -76
  590. data/man/man8/puppet-status.8 +0 -108
  591. data/spec/integration/faces/config_spec.rb +0 -91
  592. data/spec/integration/faces/documentation_spec.rb +0 -57
  593. data/spec/integration/file_bucket/file_spec.rb +0 -50
  594. data/spec/integration/file_serving/content_spec.rb +0 -7
  595. data/spec/integration/file_serving/fileset_spec.rb +0 -12
  596. data/spec/integration/file_serving/metadata_spec.rb +0 -8
  597. data/spec/integration/file_serving/terminus_helper_spec.rb +0 -20
  598. data/spec/integration/file_system/uniquefile_spec.rb +0 -26
  599. data/spec/integration/module_tool/forge_spec.rb +0 -51
  600. data/spec/integration/module_tool/tar/mini_spec.rb +0 -28
  601. data/spec/integration/network/authconfig_spec.rb +0 -256
  602. data/spec/integration/provider/service/init_spec.rb +0 -48
  603. data/spec/integration/provider/service/systemd_spec.rb +0 -25
  604. data/spec/integration/provider/service/windows_spec.rb +0 -50
  605. data/spec/integration/reference/providers_spec.rb +0 -21
  606. data/spec/integration/reports_spec.rb +0 -13
  607. data/spec/integration/ssl/certificate_request_spec.rb +0 -44
  608. data/spec/integration/ssl/host_spec.rb +0 -72
  609. data/spec/integration/ssl/key_spec.rb +0 -99
  610. data/spec/integration/test/test_helper_spec.rb +0 -31
  611. data/spec/shared_behaviours/file_serving_model.rb +0 -51
  612. data/spec/unit/capability_spec.rb +0 -414
  613. data/spec/unit/face/catalog_spec.rb +0 -6
  614. data/spec/unit/face/key_spec.rb +0 -9
  615. data/spec/unit/face/man_spec.rb +0 -25
  616. data/spec/unit/face/module/search_spec.rb +0 -231
  617. data/spec/unit/face/module_spec.rb +0 -3
  618. data/spec/unit/face/status_spec.rb +0 -9
  619. data/spec/unit/indirector/certificate/file_spec.rb +0 -14
  620. data/spec/unit/indirector/certificate/rest_spec.rb +0 -61
  621. data/spec/unit/indirector/certificate_request/file_spec.rb +0 -14
  622. data/spec/unit/indirector/certificate_request/rest_spec.rb +0 -25
  623. data/spec/unit/indirector/key/file_spec.rb +0 -79
  624. data/spec/unit/indirector/ssl_file_spec.rb +0 -305
  625. data/spec/unit/indirector/status/local_spec.rb +0 -10
  626. data/spec/unit/indirector/status/rest_spec.rb +0 -50
  627. data/spec/unit/man_spec.rb +0 -31
  628. data/spec/unit/module_tool/applications/searcher_spec.rb +0 -38
  629. data/spec/unit/network/auth_config_parser_spec.rb +0 -115
  630. data/spec/unit/network/authstore_spec.rb +0 -422
  631. data/spec/unit/network/http/api/master/v3/authorization_spec.rb +0 -57
  632. data/spec/unit/network/http/api/master/v3/environment_spec.rb +0 -185
  633. data/spec/unit/network/http/compression_spec.rb +0 -240
  634. data/spec/unit/network/http/nocache_pool_spec.rb +0 -64
  635. data/spec/unit/network/http_spec.rb +0 -9
  636. data/spec/unit/network/rights_spec.rb +0 -439
  637. data/spec/unit/parser/environment_compiler_spec.rb +0 -723
  638. data/spec/unit/pops/types/enumeration_spec.rb +0 -51
  639. data/spec/unit/resource/capability_finder_spec.rb +0 -143
  640. data/spec/unit/rest/route_spec.rb +0 -132
  641. data/spec/unit/ssl/host_spec.rb +0 -650
  642. data/spec/unit/ssl/key_spec.rb +0 -173
  643. data/spec/unit/ssl/validator_spec.rb +0 -278
  644. data/spec/unit/status_spec.rb +0 -45
  645. data/spec/unit/util/ssl_spec.rb +0 -91
@@ -1,61 +0,0 @@
1
- require 'puppet/ssl/base'
2
- require 'puppet/indirector'
3
-
4
- # Manage private and public keys as a pair.
5
- #
6
- # @deprecated Use {Puppet::SSL::SSLProvider} instead.
7
- class Puppet::SSL::Key < Puppet::SSL::Base
8
- wraps OpenSSL::PKey::RSA
9
-
10
- extend Puppet::Indirector
11
- indirects :key, :terminus_class => :file, :doc => <<DOC
12
- This indirection wraps an `OpenSSL::PKey::RSA object, representing a private key.
13
- The indirection key is the certificate CN (generally a hostname).
14
- DOC
15
-
16
- # Because of how the format handler class is included, this
17
- # can't be in the base class.
18
- def self.supported_formats
19
- [:s]
20
- end
21
-
22
- attr_accessor :password_file
23
-
24
- # Knows how to create keys with our system defaults.
25
- def generate
26
- Puppet.info _("Creating a new SSL key for %{name}") % { name: name }
27
- @content = OpenSSL::PKey::RSA.new(Puppet[:keylength].to_i)
28
- end
29
-
30
- def initialize(name)
31
- super
32
-
33
- @password_file = Puppet[:passfile]
34
- end
35
-
36
- def password
37
- return nil unless password_file and Puppet::FileSystem.exist?(password_file)
38
-
39
- # Puppet generates files at the default Puppet[:capass] using ASCII
40
- # User configured :passfile could be in any encoding
41
- # Use BINARY given the string is passed to an OpenSSL API accepting bytes
42
- # note this is only called internally
43
- Puppet::FileSystem.read(password_file, :encoding => Encoding::BINARY)
44
- end
45
-
46
- # Optionally support specifying a password file.
47
- def read(path)
48
- return super unless password_file
49
-
50
- # RFC 1421 states PEM is 7-bit ASCII https://tools.ietf.org/html/rfc1421
51
- @content = wrapped_class.new(Puppet::FileSystem.read(path, :encoding => Encoding::ASCII), password)
52
- end
53
-
54
- def to_s
55
- if password
56
- @content.export(OpenSSL::Cipher::DES.new(:EDE3, :CBC), password)
57
- else
58
- return super
59
- end
60
- end
61
- end
@@ -1,61 +0,0 @@
1
- require 'puppet/ssl/openssl_loader'
2
-
3
- # API for certificate verification
4
- #
5
- # @deprecated
6
- # @api public
7
- class Puppet::SSL::Validator
8
-
9
- # Factory method for creating an instance of a null/no validator.
10
- # This method does not have to be implemented by concrete implementations of this API.
11
- #
12
- # @return [Puppet::SSL::Validator] produces a validator that performs no validation
13
- #
14
- # @api public
15
- #
16
- def self.no_validator()
17
- @@no_validator_cache ||= Puppet::SSL::Validator::NoValidator.new()
18
- end
19
-
20
- # Factory method for creating an instance of the default Puppet validator.
21
- # This method does not have to be implemented by concrete implementations of this API.
22
- #
23
- # @return [Puppet::SSL::Validator] produces a validator that performs no validation
24
- #
25
- # @api public
26
- #
27
- def self.default_validator()
28
- Puppet::SSL::Validator::DefaultValidator.new()
29
- end
30
-
31
- # Array of peer certificates
32
- # @return [Array<Puppet::SSL::Certificate>] peer certificates
33
- #
34
- # @api public
35
- #
36
- def peer_certs
37
- raise NotImplementedError, "Concrete class should have implemented this method"
38
- end
39
-
40
- # Contains the result of validation
41
- # @return [Array<String>, nil] nil, empty Array, or Array with messages
42
- #
43
- # @api public
44
- #
45
- def verify_errors
46
- raise NotImplementedError, "Concrete class should have implemented this method"
47
- end
48
-
49
- # Registers the connection to validate.
50
- #
51
- # @param [Net::HTTP] connection The connection to validate
52
- #
53
- # @return [void]
54
- #
55
- # @api public
56
- #
57
- def setup_connection(connection)
58
- raise NotImplementedError, "Concrete class should have implemented this method"
59
- end
60
- end
61
-
@@ -1,209 +0,0 @@
1
- require 'puppet/ssl/openssl_loader'
2
- require 'puppet/ssl'
3
-
4
- # Perform peer certificate verification against the known CA.
5
- # If there is no CA information known, then no verification is performed
6
- #
7
- # @deprecated
8
- # @api private
9
- #
10
- class Puppet::SSL::Validator::DefaultValidator #< class Puppet::SSL::Validator
11
- attr_reader :peer_certs
12
- attr_reader :verify_errors
13
- attr_reader :last_error
14
-
15
- FIVE_MINUTES_AS_SECONDS = 5 * 60
16
-
17
- # Creates a new DefaultValidator, optionally with an SSL Configuration and SSL Host.
18
- #
19
- # @param ca_path [String] Filepath for the cacert
20
- #
21
- # @api private
22
- #
23
- def initialize(
24
- ca_path = Puppet[:ssl_client_ca_auth] || Puppet[:localcacert])
25
-
26
- reset!
27
- @ca_path = ca_path
28
- end
29
-
30
-
31
- # Resets this validator to its initial validation state. The ssl configuration is not changed.
32
- #
33
- # @api private
34
- #
35
- def reset!
36
- @peer_certs = []
37
- @verify_errors = []
38
- @hostname = nil
39
- @last_error = nil
40
- end
41
-
42
- # Performs verification of the SSL connection and collection of the
43
- # certificates for use in constructing the error message if the verification
44
- # failed. This callback will be executed once for each certificate in a
45
- # chain being verified.
46
- #
47
- # From the [OpenSSL
48
- # documentation](https://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html):
49
- # The `verify_callback` function is used to control the behaviour when the
50
- # SSL_VERIFY_PEER flag is set. It must be supplied by the application and
51
- # receives two arguments: preverify_ok indicates, whether the verification of
52
- # the certificate in question was passed (preverify_ok=1) or not
53
- # (preverify_ok=0). x509_store_ctx is a pointer to the complete context used for
54
- # the certificate chain verification.
55
- #
56
- # See {Puppet::Network::HTTP::Connection} for more information and where this
57
- # class is intended to be used.
58
- #
59
- # @param [Boolean] preverify_ok indicates whether the verification of the
60
- # certificate in question was passed (preverify_ok=true)
61
- # @param [OpenSSL::X509::StoreContext] store_context holds the X509 store context
62
- # for the chain being verified.
63
- #
64
- # @return [Boolean] false if the peer is invalid, true otherwise.
65
- #
66
- # @api private
67
- #
68
- def call(preverify_ok, store_context)
69
- current_cert = store_context.current_cert
70
- @peer_certs << current_cert
71
-
72
- # We must make a copy since the scope of the store_context will be lost
73
- # across invocations of this method.
74
- if preverify_ok
75
- # If we've copied all of the certs in the chain out of the SSL library
76
- if @peer_certs.length == store_context.chain.length
77
- # (#20027) The peer cert must be issued by a specific authority
78
- preverify_ok = valid_peer?
79
- end
80
- else
81
- error = store_context.error || 0
82
- error_string = store_context.error_string || "OpenSSL error #{error}"
83
-
84
- case error
85
- when OpenSSL::X509::V_OK
86
- if @hostname
87
- # chain is from leaf to root, opposite of the order that `call` is invoked
88
- chain_cert = store_context.chain.first
89
-
90
- # ruby 2.4 doesn't compare certs based on value, so force to DER byte array
91
- if current_cert && chain_cert && current_cert.to_der == chain_cert.to_der && !OpenSSL::SSL.verify_certificate_identity(current_cert, @hostname)
92
- @last_error = Puppet::SSL::CertMismatchError.new(current_cert, @hostname)
93
- return false
94
- else
95
- @verify_errors << "#{error_string} for #{current_cert.subject.to_utf8}"
96
- end
97
- else
98
- @verify_errors << "#{error_string} for #{current_cert.subject.to_utf8}"
99
- end
100
-
101
- when OpenSSL::X509::V_ERR_CRL_NOT_YET_VALID
102
- # current_crl can be nil
103
- # https://github.com/ruby/ruby/blob/ruby_1_9_3/ext/openssl/ossl_x509store.c#L501-L510
104
- crl = store_context.current_crl
105
- if crl
106
- if crl.last_update && crl.last_update < Time.now + FIVE_MINUTES_AS_SECONDS
107
- Puppet.debug("Ignoring CRL not yet valid, current time #{Time.now.utc}, CRL last updated #{crl.last_update.utc}")
108
- preverify_ok = true
109
- else
110
- @verify_errors << "#{error_string} for #{crl.issuer.to_utf8}"
111
- end
112
- else
113
- @verify_errors << error_string
114
- end
115
- else
116
- @verify_errors << "#{error_string} for #{current_cert.subject.to_utf8}"
117
- end
118
- end
119
- preverify_ok
120
- rescue => ex
121
- @verify_errors << ex.message
122
- false
123
- end
124
-
125
- # Registers the instance's call method with the connection.
126
- #
127
- # @param [Net::HTTP] connection The connection to validate
128
- #
129
- # @param [Puppet::SSL::Host] host The host object containing SSL data
130
- # @return [void]
131
- #
132
- # @api private
133
- #
134
- def setup_connection(connection, ssl_host = Puppet.lookup(:ssl_host))
135
- @hostname = connection.address
136
-
137
- if ssl_certificates_are_present?
138
- connection.cert_store = ssl_host.ssl_store
139
- connection.ca_file = @ca_path
140
- connection.cert = ssl_host.certificate.content
141
- connection.key = ssl_host.key.content
142
- connection.verify_mode = OpenSSL::SSL::VERIFY_PEER
143
- connection.verify_callback = self
144
- else
145
- connection.verify_mode = OpenSSL::SSL::VERIFY_NONE
146
- end
147
- end
148
-
149
- ##
150
- # Decode a string of concatenated certificates
151
- #
152
- # @return [Array<OpenSSL::X509::Certificate>]
153
- def decode_cert_bundle(bundle_str)
154
- re = /-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----/m
155
- pem_ary = bundle_str.scan(re)
156
- pem_ary.map do |pem_str|
157
- OpenSSL::X509::Certificate.new(pem_str)
158
- end
159
- end
160
-
161
- # read_file makes testing easier.
162
- def read_file(path)
163
- # https://www.ietf.org/rfc/rfc2459.txt defines the x509 V3 certificate format
164
- # CA bundles are concatenated X509 certificates, but may also include
165
- # comments, which could have UTF-8 characters
166
- Puppet::FileSystem.read(path, :encoding => Encoding::UTF_8)
167
- end
168
-
169
- # Validates the peer certificates against the authorized certificates.
170
- #
171
- # @api private
172
- #
173
- def valid_peer?
174
- descending_cert_chain = @peer_certs.reverse
175
- authz_ca_certs = decode_cert_bundle(read_file(@ca_path))
176
-
177
- if not has_authz_peer_cert(descending_cert_chain, authz_ca_certs)
178
- msg = "The server presented a SSL certificate chain which does not include a " <<
179
- "CA listed in the ssl_client_ca_auth file. "
180
- msg << "Authorized Issuers: #{authz_ca_certs.collect {|c| c.subject.to_utf8}.join(', ')} " <<
181
- "Peer Chain: #{descending_cert_chain.collect {|c| c.subject.to_utf8}.join(' => ')}"
182
- @verify_errors << msg
183
- false
184
- else
185
- true
186
- end
187
- end
188
-
189
- # Checks if the set of peer_certs contains at least one certificate issued
190
- # by a certificate listed in authz_certs
191
- #
192
- # @return [Boolean]
193
- #
194
- # @api private
195
- #
196
- def has_authz_peer_cert(peer_certs, authz_certs)
197
- peer_certs.any? do |peer_cert|
198
- authz_certs.any? do |authz_cert|
199
- peer_cert.verify(authz_cert.public_key)
200
- end
201
- end
202
- end
203
-
204
- # @api private
205
- #
206
- def ssl_certificates_are_present?
207
- Puppet::FileSystem.exist?(Puppet[:hostcert]) && Puppet::FileSystem.exist?(@ca_path)
208
- end
209
- end
@@ -1,22 +0,0 @@
1
- require 'puppet/ssl/openssl_loader'
2
- require 'puppet/ssl'
3
-
4
- # Performs no SSL verification
5
- #
6
- # @deprecated
7
- # @api private
8
- #
9
- class Puppet::SSL::Validator::NoValidator < Puppet::SSL::Validator
10
-
11
- def setup_connection(connection)
12
- connection.verify_mode = OpenSSL::SSL::VERIFY_NONE
13
- end
14
-
15
- def peer_certs
16
- []
17
- end
18
-
19
- def verify_errors
20
- []
21
- end
22
- end
@@ -1,58 +0,0 @@
1
- # Allows a `Puppet::SSL::Validator` to be used in situations where a
2
- # `Verifier` is required, while preserving the legacy validator behavior of:
3
- #
4
- # * Loading CA certs from `ssl_client_ca_auth` or `localcacert`
5
- # * Verifying each cert in the peer's chain is contained in the file
6
- # loaded above.
7
- #
8
- class Puppet::SSL::VerifierAdapter
9
- attr_reader :validator, :ssl_context
10
-
11
- def initialize(validator)
12
- @validator = validator
13
-
14
- if validator.is_a?(Puppet::SSL::Validator::NoValidator)
15
- ssl = Puppet::SSL::SSLProvider.new
16
- @ssl_context = ssl.create_insecure_context
17
- else
18
- # nil means use the default SSLContext
19
- @ssl_context = nil
20
- end
21
- end
22
-
23
- # Return true if `self` is reusable with `verifier` meaning they
24
- # are both using the same class of `Puppet::SSL::Validator`. In this
25
- # case we only care the Validator class is the same. We can't require
26
- # the same instances, because a new instance is created each time
27
- # HttpPool.http_instance is called.
28
- #
29
- # @param verifier [Puppet::SSL::Verifier] the verifier to compare against
30
- # @return [Boolean] return true if a cached connection can be used, false otherwise
31
- def reusable?(verifier)
32
- verifier.instance_of?(self.class) &&
33
- verifier.validator.instance_of?(@validator.class)
34
- end
35
-
36
- # Configure the `http` connection based on the current `ssl_context`.
37
- #
38
- # @param http [Net::HTTP] connection
39
- # @api private
40
- def setup_connection(http)
41
- @validator.setup_connection(http)
42
- end
43
-
44
- # Handle an SSL connection error.
45
- #
46
- # @param http [Net::HTTP] connection
47
- # @param error [OpenSSL::SSL::SSLError] connection error
48
- # @return (see Puppet::SSL::Verifier#handle_connection_error)
49
- # @raise [Puppet::SSL::CertVerifyError] SSL connection failed due to a
50
- # verification error with the server's certificate or chain
51
- # @raise [Puppet::Error] server hostname does not match certificate
52
- # @raise [OpenSSL::SSL::SSLError] low-level SSL connection failure
53
- def handle_connection_error(http, error)
54
- raise @validator.last_error if @validator.respond_to?(:last_error) && @validator.last_error
55
-
56
- Puppet::Util::SSL.handle_connection_error(error, @validator, http.address)
57
- end
58
- end
@@ -1,40 +0,0 @@
1
- require 'puppet/indirector'
2
-
3
- class Puppet::Status
4
- extend Puppet::Indirector
5
- indirects :status, :terminus_class => :local
6
-
7
- attr_accessor :status
8
-
9
- def initialize( status = nil )
10
- @status = status || {"is_alive" => true}
11
- end
12
-
13
- def to_data_hash
14
- @status
15
- end
16
-
17
- def self.from_data_hash(data)
18
- if data.include?('status')
19
- self.new(data['status'])
20
- else
21
- self.new(data)
22
- end
23
- end
24
-
25
- def name
26
- "status"
27
- end
28
-
29
- def name=(name)
30
- # NOOP
31
- end
32
-
33
- def version
34
- @status['version']
35
- end
36
-
37
- def version=(version)
38
- @status['version'] = version
39
- end
40
- end