puppet 6.17.0-x64-mingw32 → 7.1.0-x64-mingw32

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of puppet might be problematic. Click here for more details.

Files changed (622) hide show
  1. checksums.yaml +4 -4
  2. data/CODEOWNERS +2 -16
  3. data/Gemfile +3 -4
  4. data/Gemfile.lock +32 -30
  5. data/README.md +2 -3
  6. data/Rakefile +4 -12
  7. data/conf/fileserver.conf +5 -10
  8. data/ext/build_defaults.yaml +1 -1
  9. data/ext/osx/file_mapping.yaml +0 -5
  10. data/ext/project_data.yaml +2 -14
  11. data/ext/redhat/puppet.spec.erb +0 -1
  12. data/ext/windows/service/daemon.rb +6 -5
  13. data/install.rb +21 -17
  14. data/lib/puppet.rb +11 -20
  15. data/lib/puppet/agent/locker.rb +0 -7
  16. data/lib/puppet/application.rb +172 -98
  17. data/lib/puppet/application/agent.rb +8 -3
  18. data/lib/puppet/application/apply.rb +18 -20
  19. data/lib/puppet/application/device.rb +100 -104
  20. data/lib/puppet/application/doc.rb +1 -1
  21. data/lib/puppet/application/filebucket.rb +15 -11
  22. data/lib/puppet/application/lookup.rb +16 -4
  23. data/lib/puppet/application/ssl.rb +1 -1
  24. data/lib/puppet/application_support.rb +7 -0
  25. data/lib/puppet/configurer.rb +46 -19
  26. data/lib/puppet/configurer/downloader.rb +31 -10
  27. data/lib/puppet/configurer/plugin_handler.rb +21 -19
  28. data/lib/puppet/confine.rb +1 -1
  29. data/lib/puppet/confine/any.rb +1 -1
  30. data/lib/puppet/defaults.rb +116 -162
  31. data/lib/puppet/environments.rb +72 -62
  32. data/lib/puppet/face/catalog.rb +1 -1
  33. data/lib/puppet/face/config.rb +56 -16
  34. data/lib/puppet/face/epp.rb +12 -2
  35. data/lib/puppet/face/facts.rb +66 -6
  36. data/lib/puppet/face/help.rb +1 -1
  37. data/lib/puppet/face/node.rb +3 -3
  38. data/lib/puppet/face/node/clean.rb +10 -2
  39. data/lib/puppet/face/plugin.rb +5 -8
  40. data/lib/puppet/feature/base.rb +1 -1
  41. data/lib/puppet/ffi/posix.rb +10 -0
  42. data/lib/puppet/ffi/posix/constants.rb +14 -0
  43. data/lib/puppet/ffi/posix/functions.rb +24 -0
  44. data/lib/puppet/ffi/windows.rb +12 -0
  45. data/lib/puppet/ffi/windows/api_types.rb +311 -0
  46. data/lib/puppet/ffi/windows/constants.rb +404 -0
  47. data/lib/puppet/ffi/windows/functions.rb +628 -0
  48. data/lib/puppet/ffi/windows/structs.rb +338 -0
  49. data/lib/puppet/file_bucket/dipper.rb +1 -1
  50. data/lib/puppet/file_serving/configuration.rb +0 -5
  51. data/lib/puppet/file_serving/configuration/parser.rb +3 -32
  52. data/lib/puppet/file_serving/http_metadata.rb +1 -1
  53. data/lib/puppet/file_serving/mount.rb +1 -2
  54. data/lib/puppet/file_serving/mount/locales.rb +1 -2
  55. data/lib/puppet/file_serving/mount/pluginfacts.rb +1 -2
  56. data/lib/puppet/file_serving/mount/plugins.rb +1 -2
  57. data/lib/puppet/file_system/file_impl.rb +3 -3
  58. data/lib/puppet/forge/repository.rb +0 -1
  59. data/lib/puppet/functions/epp.rb +1 -0
  60. data/lib/puppet/functions/inline_epp.rb +1 -0
  61. data/lib/puppet/functions/lstrip.rb +4 -4
  62. data/lib/puppet/functions/new.rb +8 -3
  63. data/lib/puppet/functions/reverse_each.rb +1 -1
  64. data/lib/puppet/functions/rstrip.rb +4 -4
  65. data/lib/puppet/functions/step.rb +1 -1
  66. data/lib/puppet/functions/strip.rb +4 -4
  67. data/lib/puppet/generate/models/type/type.rb +4 -1
  68. data/lib/puppet/gettext/config.rb +5 -5
  69. data/lib/puppet/gettext/module_translations.rb +4 -4
  70. data/lib/puppet/http.rb +23 -13
  71. data/lib/puppet/http/client.rb +165 -115
  72. data/lib/puppet/{network/resolver.rb → http/dns.rb} +2 -2
  73. data/lib/puppet/http/errors.rb +16 -0
  74. data/lib/puppet/http/external_client.rb +5 -7
  75. data/lib/puppet/{network/http → http}/factory.rb +8 -11
  76. data/lib/puppet/{network/http → http}/pool.rb +61 -26
  77. data/lib/puppet/{network/http/session.rb → http/pool_entry.rb} +2 -3
  78. data/lib/puppet/http/proxy.rb +137 -0
  79. data/lib/puppet/http/redirector.rb +4 -12
  80. data/lib/puppet/http/resolver.rb +10 -23
  81. data/lib/puppet/http/resolver/server_list.rb +23 -45
  82. data/lib/puppet/http/resolver/settings.rb +7 -10
  83. data/lib/puppet/http/resolver/srv.rb +11 -15
  84. data/lib/puppet/http/response.rb +36 -54
  85. data/lib/puppet/http/response_converter.rb +24 -0
  86. data/lib/puppet/http/response_net_http.rb +42 -0
  87. data/lib/puppet/http/retry_after_handler.rb +4 -13
  88. data/lib/puppet/http/service.rb +15 -27
  89. data/lib/puppet/http/service/ca.rb +11 -22
  90. data/lib/puppet/http/service/compiler.rb +23 -70
  91. data/lib/puppet/http/service/file_server.rb +19 -28
  92. data/lib/puppet/http/service/puppetserver.rb +53 -0
  93. data/lib/puppet/http/service/report.rb +8 -10
  94. data/lib/puppet/http/session.rb +16 -24
  95. data/lib/puppet/{network/http → http}/site.rb +1 -2
  96. data/lib/puppet/indirector/catalog/compiler.rb +1 -1
  97. data/lib/puppet/indirector/catalog/rest.rb +2 -4
  98. data/lib/puppet/indirector/exec.rb +1 -1
  99. data/lib/puppet/indirector/fact_search.rb +60 -0
  100. data/lib/puppet/indirector/facts/facter.rb +27 -6
  101. data/lib/puppet/indirector/facts/json.rb +27 -0
  102. data/lib/puppet/indirector/facts/rest.rb +3 -22
  103. data/lib/puppet/indirector/facts/yaml.rb +4 -59
  104. data/lib/puppet/indirector/file_bucket_file/rest.rb +3 -9
  105. data/lib/puppet/indirector/file_content/rest.rb +2 -6
  106. data/lib/puppet/indirector/file_metadata/http.rb +1 -0
  107. data/lib/puppet/indirector/file_metadata/rest.rb +3 -9
  108. data/lib/puppet/indirector/file_server.rb +1 -8
  109. data/lib/puppet/indirector/generic_http.rb +0 -11
  110. data/lib/puppet/indirector/hiera.rb +4 -0
  111. data/lib/puppet/indirector/indirection.rb +1 -1
  112. data/lib/puppet/indirector/json.rb +5 -1
  113. data/lib/puppet/indirector/msgpack.rb +1 -1
  114. data/lib/puppet/indirector/node/json.rb +8 -0
  115. data/lib/puppet/indirector/node/rest.rb +2 -4
  116. data/lib/puppet/indirector/report/json.rb +34 -0
  117. data/lib/puppet/indirector/report/processor.rb +2 -2
  118. data/lib/puppet/indirector/report/rest.rb +3 -8
  119. data/lib/puppet/indirector/request.rb +1 -102
  120. data/lib/puppet/indirector/rest.rb +12 -263
  121. data/lib/puppet/indirector/yaml.rb +1 -1
  122. data/lib/puppet/module.rb +1 -2
  123. data/lib/puppet/module_tool/applications.rb +0 -1
  124. data/lib/puppet/network/authconfig.rb +2 -96
  125. data/lib/puppet/network/authorization.rb +13 -35
  126. data/lib/puppet/network/format_support.rb +2 -2
  127. data/lib/puppet/network/formats.rb +2 -1
  128. data/lib/puppet/network/http.rb +3 -3
  129. data/lib/puppet/network/http/api/indirected_routes.rb +2 -20
  130. data/lib/puppet/network/http/api/master/v3.rb +11 -13
  131. data/lib/puppet/network/http/api/master/v3/environments.rb +0 -1
  132. data/lib/puppet/network/http/connection.rb +247 -316
  133. data/lib/puppet/network/http/handler.rb +0 -1
  134. data/lib/puppet/network/http/route.rb +2 -2
  135. data/lib/puppet/network/http_pool.rb +16 -34
  136. data/lib/puppet/node.rb +1 -30
  137. data/lib/puppet/node/environment.rb +12 -5
  138. data/lib/puppet/node/facts.rb +17 -0
  139. data/lib/puppet/pal/json_catalog_encoder.rb +4 -0
  140. data/lib/puppet/pal/pal_impl.rb +93 -14
  141. data/lib/puppet/parameter.rb +1 -1
  142. data/lib/puppet/parser/ast/pops_bridge.rb +0 -38
  143. data/lib/puppet/parser/compiler.rb +0 -198
  144. data/lib/puppet/parser/compiler/catalog_validator/relationship_validator.rb +14 -39
  145. data/lib/puppet/parser/functions.rb +21 -17
  146. data/lib/puppet/parser/functions/create_resources.rb +11 -7
  147. data/lib/puppet/parser/resource.rb +0 -69
  148. data/lib/puppet/parser/templatewrapper.rb +1 -1
  149. data/lib/puppet/parser/type_loader.rb +2 -2
  150. data/lib/puppet/pops/adaptable.rb +7 -13
  151. data/lib/puppet/pops/adapters.rb +8 -4
  152. data/lib/puppet/pops/evaluator/collectors/abstract_collector.rb +1 -3
  153. data/lib/puppet/pops/evaluator/evaluator_impl.rb +22 -8
  154. data/lib/puppet/pops/evaluator/runtime3_converter.rb +2 -2
  155. data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +3 -3
  156. data/lib/puppet/pops/evaluator/runtime3_support.rb +1 -1
  157. data/lib/puppet/pops/issues.rb +0 -5
  158. data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +6 -8
  159. data/lib/puppet/pops/loader/runtime3_type_loader.rb +4 -2
  160. data/lib/puppet/pops/loaders.rb +18 -11
  161. data/lib/puppet/pops/lookup/context.rb +1 -1
  162. data/lib/puppet/pops/lookup/hiera_config.rb +14 -1
  163. data/lib/puppet/pops/model/ast.pp +0 -42
  164. data/lib/puppet/pops/model/ast.rb +0 -290
  165. data/lib/puppet/pops/model/factory.rb +0 -45
  166. data/lib/puppet/pops/model/model_label_provider.rb +0 -5
  167. data/lib/puppet/pops/model/model_tree_dumper.rb +0 -22
  168. data/lib/puppet/pops/model/pn_transformer.rb +0 -16
  169. data/lib/puppet/pops/parser/egrammar.ra +0 -56
  170. data/lib/puppet/pops/parser/eparser.rb +1520 -1712
  171. data/lib/puppet/pops/parser/lexer2.rb +4 -4
  172. data/lib/puppet/pops/parser/parser_support.rb +0 -5
  173. data/lib/puppet/pops/resource/resource_type_impl.rb +2 -24
  174. data/lib/puppet/pops/types/iterable.rb +34 -8
  175. data/lib/puppet/pops/types/p_meta_type.rb +1 -1
  176. data/lib/puppet/pops/types/p_type_set_type.rb +4 -0
  177. data/lib/puppet/pops/types/type_calculator.rb +0 -7
  178. data/lib/puppet/pops/types/type_parser.rb +0 -4
  179. data/lib/puppet/pops/types/types.rb +0 -1
  180. data/lib/puppet/pops/validation/checker4_0.rb +28 -52
  181. data/lib/puppet/pops/validation/tasks_checker.rb +0 -12
  182. data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -2
  183. data/lib/puppet/provider.rb +0 -13
  184. data/lib/puppet/provider/file/windows.rb +1 -1
  185. data/lib/puppet/provider/nameservice.rb +0 -18
  186. data/lib/puppet/provider/package/apt.rb +34 -0
  187. data/lib/puppet/provider/package/dpkg.rb +1 -11
  188. data/lib/puppet/provider/package/gem.rb +27 -5
  189. data/lib/puppet/provider/package/pip.rb +0 -1
  190. data/lib/puppet/provider/package/pip2.rb +17 -0
  191. data/lib/puppet/provider/package/pkg.rb +0 -4
  192. data/lib/puppet/provider/package/portage.rb +1 -1
  193. data/lib/puppet/provider/package/puppet_gem.rb +6 -4
  194. data/lib/puppet/provider/package/puppetserver_gem.rb +180 -0
  195. data/lib/puppet/provider/package/yum.rb +1 -0
  196. data/lib/puppet/provider/package/zypper.rb +3 -0
  197. data/lib/puppet/provider/service/smf.rb +191 -73
  198. data/lib/puppet/provider/user/aix.rb +3 -3
  199. data/lib/puppet/provider/user/directoryservice.rb +0 -10
  200. data/lib/puppet/provider/user/user_role_add.rb +1 -1
  201. data/lib/puppet/provider/user/windows_adsi.rb +18 -1
  202. data/lib/puppet/reference/configuration.rb +2 -0
  203. data/lib/puppet/reference/indirection.rb +1 -1
  204. data/lib/puppet/resource.rb +1 -89
  205. data/lib/puppet/resource/catalog.rb +1 -14
  206. data/lib/puppet/resource/type.rb +5 -120
  207. data/lib/puppet/resource/type_collection.rb +3 -48
  208. data/lib/puppet/runtime.rb +1 -2
  209. data/lib/puppet/settings.rb +84 -35
  210. data/lib/puppet/settings/base_setting.rb +26 -2
  211. data/lib/puppet/settings/integer_setting.rb +17 -0
  212. data/lib/puppet/settings/port_setting.rb +15 -0
  213. data/lib/puppet/settings/priority_setting.rb +5 -4
  214. data/lib/puppet/ssl.rb +10 -6
  215. data/lib/puppet/ssl/base.rb +3 -5
  216. data/lib/puppet/ssl/certificate.rb +0 -6
  217. data/lib/puppet/ssl/certificate_request.rb +1 -12
  218. data/lib/puppet/ssl/certificate_signer.rb +6 -0
  219. data/lib/puppet/ssl/oids.rb +3 -1
  220. data/lib/puppet/ssl/ssl_provider.rb +17 -0
  221. data/lib/puppet/ssl/state_machine.rb +3 -1
  222. data/lib/puppet/ssl/verifier.rb +2 -0
  223. data/lib/puppet/test/test_helper.rb +11 -6
  224. data/lib/puppet/transaction.rb +3 -9
  225. data/lib/puppet/transaction/persistence.rb +1 -1
  226. data/lib/puppet/transaction/report.rb +10 -8
  227. data/lib/puppet/trusted_external.rb +2 -2
  228. data/lib/puppet/type.rb +4 -79
  229. data/lib/puppet/type/file.rb +7 -9
  230. data/lib/puppet/type/file/checksum.rb +1 -1
  231. data/lib/puppet/type/file/source.rb +29 -9
  232. data/lib/puppet/type/filebucket.rb +4 -4
  233. data/lib/puppet/type/notify.rb +2 -2
  234. data/lib/puppet/type/package.rb +5 -13
  235. data/lib/puppet/type/service.rb +4 -0
  236. data/lib/puppet/type/user.rb +19 -4
  237. data/lib/puppet/util.rb +26 -12
  238. data/lib/puppet/util/autoload.rb +9 -7
  239. data/lib/puppet/util/character_encoding.rb +9 -5
  240. data/lib/puppet/util/execution.rb +2 -13
  241. data/lib/puppet/util/http_proxy.rb +2 -215
  242. data/lib/puppet/util/monkey_patches.rb +0 -46
  243. data/lib/puppet/util/posix.rb +53 -4
  244. data/lib/puppet/util/rdoc.rb +0 -7
  245. data/lib/puppet/util/retry_action.rb +1 -1
  246. data/lib/puppet/util/rubygems.rb +5 -1
  247. data/lib/puppet/util/run_mode.rb +14 -2
  248. data/lib/puppet/util/windows.rb +3 -7
  249. data/lib/puppet/util/windows/daemon.rb +360 -0
  250. data/lib/puppet/util/windows/error.rb +1 -0
  251. data/lib/puppet/util/windows/eventlog.rb +4 -9
  252. data/lib/puppet/util/windows/file.rb +8 -242
  253. data/lib/puppet/util/windows/monkey_patches/process.rb +414 -0
  254. data/lib/puppet/util/windows/process.rb +4 -226
  255. data/lib/puppet/util/windows/security.rb +4 -4
  256. data/lib/puppet/util/windows/service.rb +9 -460
  257. data/lib/puppet/util/windows/string.rb +12 -13
  258. data/lib/puppet/util/windows/user.rb +219 -0
  259. data/lib/puppet/util/yaml.rb +0 -22
  260. data/lib/puppet/vendor/require_vendored.rb +0 -1
  261. data/lib/puppet/version.rb +1 -1
  262. data/lib/puppet/x509.rb +5 -1
  263. data/lib/puppet/x509/cert_provider.rb +29 -1
  264. data/locales/puppet.pot +656 -1351
  265. data/man/man5/puppet.conf.5 +72 -97
  266. data/man/man8/puppet-agent.8 +6 -3
  267. data/man/man8/puppet-apply.8 +1 -1
  268. data/man/man8/puppet-catalog.8 +1 -1
  269. data/man/man8/puppet-config.8 +6 -6
  270. data/man/man8/puppet-describe.8 +1 -1
  271. data/man/man8/puppet-device.8 +1 -1
  272. data/man/man8/puppet-doc.8 +1 -1
  273. data/man/man8/puppet-epp.8 +1 -1
  274. data/man/man8/puppet-facts.8 +55 -9
  275. data/man/man8/puppet-filebucket.8 +6 -6
  276. data/man/man8/puppet-generate.8 +1 -1
  277. data/man/man8/puppet-help.8 +1 -1
  278. data/man/man8/puppet-lookup.8 +2 -2
  279. data/man/man8/puppet-module.8 +1 -58
  280. data/man/man8/puppet-node.8 +7 -4
  281. data/man/man8/puppet-parser.8 +1 -1
  282. data/man/man8/puppet-plugin.8 +1 -1
  283. data/man/man8/puppet-report.8 +4 -1
  284. data/man/man8/puppet-resource.8 +1 -1
  285. data/man/man8/puppet-script.8 +1 -1
  286. data/man/man8/puppet-ssl.8 +1 -1
  287. data/man/man8/puppet.8 +2 -2
  288. data/spec/fixtures/integration/application/apply/environments/spec/modules/amod/lib/puppet/provider/applytest/applytest.rb +2 -0
  289. data/spec/fixtures/integration/application/apply/environments/spec/modules/amod/lib/puppet/type/applytest.rb +25 -0
  290. data/spec/fixtures/unit/forge/bacula-releases.json +128 -0
  291. data/spec/fixtures/unit/forge/bacula.tar.gz +0 -0
  292. data/spec/fixtures/unit/provider/package/puppetserver_gem/gem-list-local-packages +30 -0
  293. data/spec/fixtures/unit/provider/service/smf/{svcs.out → svcs_instances.out} +0 -0
  294. data/spec/fixtures/unit/provider/user/aix/aix_passwd_file.out +4 -0
  295. data/spec/integration/application/agent_spec.rb +70 -61
  296. data/spec/integration/application/apply_spec.rb +150 -150
  297. data/spec/integration/application/doc_spec.rb +16 -6
  298. data/spec/integration/application/filebucket_spec.rb +78 -29
  299. data/spec/integration/application/help_spec.rb +44 -0
  300. data/spec/integration/application/lookup_spec.rb +13 -0
  301. data/spec/integration/application/module_spec.rb +68 -0
  302. data/spec/integration/application/plugin_spec.rb +76 -4
  303. data/spec/integration/configurer_spec.rb +14 -0
  304. data/spec/integration/data_binding_spec.rb +82 -0
  305. data/spec/integration/defaults_spec.rb +32 -3
  306. data/spec/integration/directory_environments_spec.rb +17 -17
  307. data/spec/integration/environments/setting_hooks_spec.rb +1 -1
  308. data/spec/integration/indirector/facts/facter_spec.rb +8 -6
  309. data/spec/integration/network/http_pool_spec.rb +3 -21
  310. data/spec/integration/node/environment_spec.rb +1 -1
  311. data/spec/integration/parser/catalog_spec.rb +0 -38
  312. data/spec/integration/parser/node_spec.rb +0 -9
  313. data/spec/integration/parser/pcore_resource_spec.rb +0 -37
  314. data/spec/integration/type/file_spec.rb +5 -4
  315. data/spec/integration/util/execution_spec.rb +22 -0
  316. data/spec/integration/util/windows/adsi_spec.rb +2 -2
  317. data/spec/integration/util/windows/monkey_patches/process_spec.rb +231 -0
  318. data/spec/integration/util/windows/process_spec.rb +26 -32
  319. data/spec/integration/util/windows/security_spec.rb +1 -1
  320. data/spec/integration/util/windows/user_spec.rb +7 -0
  321. data/spec/integration/util_spec.rb +7 -33
  322. data/spec/lib/puppet_spec/matchers.rb +0 -80
  323. data/spec/lib/puppet_spec/puppetserver.rb +9 -1
  324. data/spec/lib/puppet_spec/settings.rb +7 -1
  325. data/spec/shared_contexts/types_setup.rb +2 -0
  326. data/spec/spec_helper.rb +2 -0
  327. data/spec/unit/agent_spec.rb +0 -2
  328. data/spec/unit/application/agent_spec.rb +3 -4
  329. data/spec/unit/application/config_spec.rb +224 -4
  330. data/spec/unit/application/doc_spec.rb +2 -2
  331. data/spec/unit/application/face_base_spec.rb +6 -4
  332. data/spec/unit/application/facts_spec.rb +74 -8
  333. data/spec/unit/application/filebucket_spec.rb +41 -39
  334. data/spec/unit/application/resource_spec.rb +3 -1
  335. data/spec/unit/application/ssl_spec.rb +17 -4
  336. data/spec/unit/application_spec.rb +43 -4
  337. data/spec/unit/certificate_factory_spec.rb +1 -1
  338. data/spec/unit/configurer/downloader_spec.rb +14 -0
  339. data/spec/unit/configurer/plugin_handler_spec.rb +56 -18
  340. data/spec/unit/configurer_spec.rb +96 -44
  341. data/spec/unit/confine_spec.rb +2 -1
  342. data/spec/unit/context/trusted_information_spec.rb +2 -6
  343. data/spec/unit/defaults_spec.rb +26 -32
  344. data/spec/unit/environments_spec.rb +173 -32
  345. data/spec/unit/face/config_spec.rb +65 -12
  346. data/spec/unit/face/facts_spec.rb +4 -0
  347. data/spec/unit/face/node_spec.rb +16 -4
  348. data/spec/unit/face/plugin_spec.rb +73 -33
  349. data/spec/unit/file_bucket/file_spec.rb +1 -1
  350. data/spec/unit/file_serving/configuration/parser_spec.rb +14 -18
  351. data/spec/unit/file_serving/configuration_spec.rb +6 -12
  352. data/spec/unit/file_serving/mount/locales_spec.rb +2 -2
  353. data/spec/unit/file_serving/mount/pluginfacts_spec.rb +2 -2
  354. data/spec/unit/file_serving/mount/plugins_spec.rb +2 -2
  355. data/spec/unit/file_system/uniquefile_spec.rb +18 -0
  356. data/spec/unit/file_system_spec.rb +1 -2
  357. data/spec/unit/functions/camelcase_spec.rb +1 -1
  358. data/spec/unit/functions/capitalize_spec.rb +1 -1
  359. data/spec/unit/functions/downcase_spec.rb +1 -1
  360. data/spec/unit/functions/inline_epp_spec.rb +26 -1
  361. data/spec/unit/functions/upcase_spec.rb +1 -1
  362. data/spec/unit/http/client_spec.rb +7 -9
  363. data/spec/unit/{network/resolver_spec.rb → http/dns_spec.rb} +3 -3
  364. data/spec/unit/http/external_client_spec.rb +4 -4
  365. data/spec/unit/{network/http → http}/factory_spec.rb +5 -11
  366. data/spec/unit/{network/http/session_spec.rb → http/pool_entry_spec.rb} +3 -3
  367. data/spec/unit/{network/http → http}/pool_spec.rb +12 -17
  368. data/spec/unit/{util/http_proxy_spec.rb → http/proxy_spec.rb} +2 -69
  369. data/spec/unit/http/resolver_spec.rb +34 -15
  370. data/spec/unit/http/service/ca_spec.rb +2 -3
  371. data/spec/unit/http/service/compiler_spec.rb +51 -65
  372. data/spec/unit/http/service/file_server_spec.rb +5 -6
  373. data/spec/unit/http/service/puppetserver_spec.rb +112 -0
  374. data/spec/unit/http/service/report_spec.rb +2 -3
  375. data/spec/unit/http/service_spec.rb +1 -3
  376. data/spec/unit/http/session_spec.rb +24 -35
  377. data/spec/unit/{network/http → http}/site_spec.rb +3 -3
  378. data/spec/unit/indirector/catalog/json_spec.rb +1 -1
  379. data/spec/unit/indirector/catalog/rest_spec.rb +1 -1
  380. data/spec/unit/indirector/facts/facter_spec.rb +97 -0
  381. data/spec/unit/indirector/facts/json_spec.rb +255 -0
  382. data/spec/unit/indirector/facts/rest_spec.rb +1 -1
  383. data/spec/unit/indirector/file_bucket_file/file_spec.rb +5 -3
  384. data/spec/unit/indirector/file_content/rest_spec.rb +0 -4
  385. data/spec/unit/indirector/file_metadata/rest_spec.rb +0 -4
  386. data/spec/unit/indirector/file_server_spec.rb +1 -15
  387. data/spec/unit/indirector/json_spec.rb +8 -8
  388. data/spec/unit/indirector/msgpack_spec.rb +8 -8
  389. data/spec/unit/indirector/node/json_spec.rb +33 -0
  390. data/spec/unit/indirector/node/rest_spec.rb +1 -1
  391. data/spec/{integration/indirector/report/yaml.rb → unit/indirector/report/json_spec.rb} +13 -24
  392. data/spec/unit/indirector/report/rest_spec.rb +2 -17
  393. data/spec/unit/indirector/report/yaml_spec.rb +72 -8
  394. data/spec/unit/indirector/request_spec.rb +2 -266
  395. data/spec/unit/indirector/rest_spec.rb +98 -752
  396. data/spec/unit/indirector/yaml_spec.rb +7 -7
  397. data/spec/unit/module_tool/tar/mini_spec.rb +20 -0
  398. data/spec/unit/network/authconfig_spec.rb +2 -132
  399. data/spec/unit/network/authorization_spec.rb +2 -55
  400. data/spec/unit/network/format_support_spec.rb +3 -2
  401. data/spec/unit/network/formats_spec.rb +4 -4
  402. data/spec/unit/network/http/api/indirected_routes_spec.rb +1 -97
  403. data/spec/unit/network/http/api/master/v3/environments_spec.rb +12 -23
  404. data/spec/unit/network/http/api/master/v3_spec.rb +28 -7
  405. data/spec/unit/network/http/api_spec.rb +10 -0
  406. data/spec/unit/network/http/connection_spec.rb +19 -41
  407. data/spec/unit/network/http/handler_spec.rb +0 -6
  408. data/spec/unit/network/http_pool_spec.rb +0 -4
  409. data/spec/unit/node/environment_spec.rb +51 -22
  410. data/spec/unit/node_spec.rb +2 -54
  411. data/spec/unit/parser/functions/create_resources_spec.rb +2 -20
  412. data/spec/unit/parser/templatewrapper_spec.rb +4 -3
  413. data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +4 -7
  414. data/spec/unit/pops/loaders/loaders_spec.rb +76 -21
  415. data/spec/unit/pops/lookup/lookup_spec.rb +25 -0
  416. data/spec/unit/pops/parser/parse_application_spec.rb +4 -22
  417. data/spec/unit/pops/parser/parse_basic_expressions_spec.rb +0 -1
  418. data/spec/unit/pops/parser/parse_capabilities_spec.rb +8 -21
  419. data/spec/unit/pops/parser/parse_site_spec.rb +20 -24
  420. data/spec/unit/pops/resource/resource_type_impl_spec.rb +0 -71
  421. data/spec/unit/pops/serialization/to_from_hr_spec.rb +1 -1
  422. data/spec/unit/pops/types/type_calculator_spec.rb +6 -6
  423. data/spec/unit/pops/types/type_factory_spec.rb +1 -1
  424. data/spec/unit/pops/validator/validator_spec.rb +61 -46
  425. data/spec/unit/pops/visitor_spec.rb +1 -1
  426. data/spec/unit/provider/exec_spec.rb +4 -3
  427. data/spec/unit/provider/nameservice_spec.rb +0 -57
  428. data/spec/unit/provider/package/apt_spec.rb +77 -0
  429. data/spec/unit/provider/package/aptitude_spec.rb +1 -0
  430. data/spec/unit/provider/package/dpkg_spec.rb +22 -55
  431. data/spec/unit/provider/package/gem_spec.rb +32 -0
  432. data/spec/unit/provider/package/openbsd_spec.rb +2 -0
  433. data/spec/unit/provider/package/pip2_spec.rb +36 -0
  434. data/spec/unit/provider/package/puppet_gem_spec.rb +6 -2
  435. data/spec/unit/provider/package/puppetserver_gem_spec.rb +137 -0
  436. data/spec/unit/provider/package/yum_spec.rb +31 -0
  437. data/spec/unit/provider/package/zypper_spec.rb +14 -0
  438. data/spec/unit/provider/service/base_spec.rb +2 -4
  439. data/spec/unit/provider/service/bsd_spec.rb +5 -1
  440. data/spec/unit/provider/service/daemontools_spec.rb +1 -1
  441. data/spec/unit/provider/service/debian_spec.rb +3 -5
  442. data/spec/unit/provider/service/freebsd_spec.rb +1 -1
  443. data/spec/unit/provider/service/gentoo_spec.rb +4 -5
  444. data/spec/unit/provider/service/init_spec.rb +45 -5
  445. data/spec/unit/provider/service/launchd_spec.rb +5 -6
  446. data/spec/unit/provider/service/openrc_spec.rb +4 -5
  447. data/spec/unit/provider/service/openwrt_spec.rb +1 -1
  448. data/spec/unit/provider/service/redhat_spec.rb +1 -1
  449. data/spec/unit/provider/service/runit_spec.rb +2 -1
  450. data/spec/unit/provider/service/smf_spec.rb +402 -166
  451. data/spec/unit/provider/service/src_spec.rb +3 -5
  452. data/spec/unit/provider/service/systemd_spec.rb +3 -6
  453. data/spec/unit/provider/service/upstart_spec.rb +4 -5
  454. data/spec/unit/provider/service/windows_spec.rb +28 -1
  455. data/spec/unit/provider/user/aix_spec.rb +5 -0
  456. data/spec/unit/provider/user/pw_spec.rb +2 -0
  457. data/spec/unit/provider/user/useradd_spec.rb +1 -0
  458. data/spec/unit/provider/user/windows_adsi_spec.rb +82 -0
  459. data/spec/unit/provider_spec.rb +0 -12
  460. data/spec/unit/puppet_pal_2pec.rb +40 -0
  461. data/spec/unit/puppet_pal_catalog_spec.rb +45 -0
  462. data/spec/unit/reports/store_spec.rb +17 -13
  463. data/spec/unit/resource/type_collection_spec.rb +2 -22
  464. data/spec/unit/resource_spec.rb +0 -56
  465. data/spec/unit/settings/http_extra_headers_spec.rb +2 -4
  466. data/spec/unit/settings/integer_setting_spec.rb +42 -0
  467. data/spec/unit/settings/port_setting_spec.rb +31 -0
  468. data/spec/unit/settings/priority_setting_spec.rb +4 -4
  469. data/spec/unit/settings_spec.rb +586 -239
  470. data/spec/unit/ssl/base_spec.rb +36 -3
  471. data/spec/unit/ssl/certificate_request_spec.rb +15 -45
  472. data/spec/unit/ssl/certificate_spec.rb +2 -11
  473. data/spec/unit/ssl/ssl_provider_spec.rb +11 -8
  474. data/spec/unit/ssl/state_machine_spec.rb +0 -1
  475. data/spec/unit/ssl/verifier_spec.rb +0 -21
  476. data/spec/unit/transaction/persistence_spec.rb +15 -0
  477. data/spec/unit/transaction/report_spec.rb +2 -2
  478. data/spec/unit/transaction/resource_harness_spec.rb +2 -2
  479. data/spec/unit/transaction_spec.rb +45 -79
  480. data/spec/unit/type/file/checksum_spec.rb +6 -6
  481. data/spec/unit/type/file/content_spec.rb +1 -1
  482. data/spec/unit/type/file/ensure_spec.rb +1 -1
  483. data/spec/unit/type/file/mode_spec.rb +1 -1
  484. data/spec/unit/type/file/source_spec.rb +1 -2
  485. data/spec/unit/type/file_spec.rb +12 -6
  486. data/spec/unit/type/filebucket_spec.rb +1 -1
  487. data/spec/unit/type/package_spec.rb +1 -1
  488. data/spec/unit/type/service_spec.rb +35 -2
  489. data/spec/unit/type/user_spec.rb +31 -2
  490. data/spec/unit/type_spec.rb +20 -0
  491. data/spec/unit/util/backups_spec.rb +0 -2
  492. data/spec/unit/util/character_encoding_spec.rb +4 -4
  493. data/spec/unit/util/command_line_spec.rb +11 -6
  494. data/spec/unit/util/execution_spec.rb +0 -29
  495. data/spec/unit/util/monkey_patches_spec.rb +0 -6
  496. data/spec/unit/util/posix_spec.rb +357 -15
  497. data/spec/unit/util/rubygems_spec.rb +2 -2
  498. data/spec/unit/util/run_mode_spec.rb +27 -127
  499. data/spec/unit/util/storage_spec.rb +3 -1
  500. data/spec/unit/util/windows/string_spec.rb +1 -3
  501. data/spec/unit/util/yaml_spec.rb +0 -54
  502. data/spec/unit/util_spec.rb +0 -18
  503. metadata +84 -261
  504. data/conf/auth.conf +0 -150
  505. data/lib/puppet/application/cert.rb +0 -76
  506. data/lib/puppet/application/key.rb +0 -4
  507. data/lib/puppet/application/man.rb +0 -4
  508. data/lib/puppet/application/status.rb +0 -4
  509. data/lib/puppet/face/key.rb +0 -16
  510. data/lib/puppet/face/man.rb +0 -145
  511. data/lib/puppet/face/module/build.rb +0 -14
  512. data/lib/puppet/face/module/generate.rb +0 -14
  513. data/lib/puppet/face/module/search.rb +0 -103
  514. data/lib/puppet/face/status.rb +0 -51
  515. data/lib/puppet/indirector/certificate/file.rb +0 -9
  516. data/lib/puppet/indirector/certificate/rest.rb +0 -18
  517. data/lib/puppet/indirector/certificate_request/file.rb +0 -9
  518. data/lib/puppet/indirector/certificate_request/memory.rb +0 -7
  519. data/lib/puppet/indirector/certificate_request/rest.rb +0 -11
  520. data/lib/puppet/indirector/file_content/http.rb +0 -22
  521. data/lib/puppet/indirector/key/file.rb +0 -46
  522. data/lib/puppet/indirector/key/memory.rb +0 -7
  523. data/lib/puppet/indirector/ssl_file.rb +0 -162
  524. data/lib/puppet/indirector/status.rb +0 -3
  525. data/lib/puppet/indirector/status/local.rb +0 -12
  526. data/lib/puppet/indirector/status/rest.rb +0 -27
  527. data/lib/puppet/module_tool/applications/searcher.rb +0 -29
  528. data/lib/puppet/network/auth_config_parser.rb +0 -90
  529. data/lib/puppet/network/authstore.rb +0 -283
  530. data/lib/puppet/network/http/api/master/v3/authorization.rb +0 -18
  531. data/lib/puppet/network/http/api/master/v3/environment.rb +0 -88
  532. data/lib/puppet/network/http/base_pool.rb +0 -36
  533. data/lib/puppet/network/http/compression.rb +0 -127
  534. data/lib/puppet/network/http/connection_adapter.rb +0 -184
  535. data/lib/puppet/network/http/nocache_pool.rb +0 -28
  536. data/lib/puppet/network/rest_controller.rb +0 -2
  537. data/lib/puppet/network/rights.rb +0 -210
  538. data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +0 -66
  539. data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +0 -22
  540. data/lib/puppet/parser/environment_compiler.rb +0 -202
  541. data/lib/puppet/pops/types/enumeration.rb +0 -16
  542. data/lib/puppet/resource/capability_finder.rb +0 -154
  543. data/lib/puppet/rest/errors.rb +0 -15
  544. data/lib/puppet/rest/response.rb +0 -35
  545. data/lib/puppet/rest/route.rb +0 -85
  546. data/lib/puppet/rest/routes.rb +0 -135
  547. data/lib/puppet/ssl/host.rb +0 -505
  548. data/lib/puppet/ssl/key.rb +0 -61
  549. data/lib/puppet/ssl/validator.rb +0 -61
  550. data/lib/puppet/ssl/validator/default_validator.rb +0 -209
  551. data/lib/puppet/ssl/validator/no_validator.rb +0 -22
  552. data/lib/puppet/ssl/verifier_adapter.rb +0 -58
  553. data/lib/puppet/status.rb +0 -40
  554. data/lib/puppet/util/connection.rb +0 -88
  555. data/lib/puppet/util/ssl.rb +0 -83
  556. data/lib/puppet/util/windows/api_types.rb +0 -295
  557. data/lib/puppet/vendor/load_pathspec.rb +0 -1
  558. data/lib/puppet/vendor/pathspec/CHANGELOG.md +0 -2
  559. data/lib/puppet/vendor/pathspec/LICENSE +0 -201
  560. data/lib/puppet/vendor/pathspec/PUPPET_README.md +0 -6
  561. data/lib/puppet/vendor/pathspec/README.md +0 -53
  562. data/lib/puppet/vendor/pathspec/lib/pathspec.rb +0 -122
  563. data/lib/puppet/vendor/pathspec/lib/pathspec/gitignorespec.rb +0 -275
  564. data/lib/puppet/vendor/pathspec/lib/pathspec/regexspec.rb +0 -17
  565. data/lib/puppet/vendor/pathspec/lib/pathspec/spec.rb +0 -14
  566. data/man/man8/puppet-key.8 +0 -126
  567. data/man/man8/puppet-man.8 +0 -76
  568. data/man/man8/puppet-status.8 +0 -108
  569. data/spec/integration/faces/config_spec.rb +0 -91
  570. data/spec/integration/faces/documentation_spec.rb +0 -57
  571. data/spec/integration/file_bucket/file_spec.rb +0 -50
  572. data/spec/integration/file_serving/content_spec.rb +0 -7
  573. data/spec/integration/file_serving/fileset_spec.rb +0 -12
  574. data/spec/integration/file_serving/metadata_spec.rb +0 -8
  575. data/spec/integration/file_serving/terminus_helper_spec.rb +0 -20
  576. data/spec/integration/file_system/uniquefile_spec.rb +0 -26
  577. data/spec/integration/module_tool/forge_spec.rb +0 -51
  578. data/spec/integration/module_tool/tar/mini_spec.rb +0 -28
  579. data/spec/integration/network/authconfig_spec.rb +0 -256
  580. data/spec/integration/provider/service/init_spec.rb +0 -48
  581. data/spec/integration/provider/service/systemd_spec.rb +0 -25
  582. data/spec/integration/provider/service/windows_spec.rb +0 -50
  583. data/spec/integration/reference/providers_spec.rb +0 -21
  584. data/spec/integration/reports_spec.rb +0 -13
  585. data/spec/integration/ssl/certificate_request_spec.rb +0 -44
  586. data/spec/integration/ssl/host_spec.rb +0 -72
  587. data/spec/integration/ssl/key_spec.rb +0 -99
  588. data/spec/shared_behaviours/file_serving_model.rb +0 -51
  589. data/spec/unit/capability_spec.rb +0 -414
  590. data/spec/unit/face/catalog_spec.rb +0 -6
  591. data/spec/unit/face/key_spec.rb +0 -9
  592. data/spec/unit/face/man_spec.rb +0 -25
  593. data/spec/unit/face/module/search_spec.rb +0 -231
  594. data/spec/unit/face/module_spec.rb +0 -3
  595. data/spec/unit/face/status_spec.rb +0 -9
  596. data/spec/unit/indirector/certificate/file_spec.rb +0 -14
  597. data/spec/unit/indirector/certificate/rest_spec.rb +0 -61
  598. data/spec/unit/indirector/certificate_request/file_spec.rb +0 -14
  599. data/spec/unit/indirector/certificate_request/rest_spec.rb +0 -25
  600. data/spec/unit/indirector/key/file_spec.rb +0 -79
  601. data/spec/unit/indirector/ssl_file_spec.rb +0 -305
  602. data/spec/unit/indirector/status/local_spec.rb +0 -10
  603. data/spec/unit/indirector/status/rest_spec.rb +0 -50
  604. data/spec/unit/man_spec.rb +0 -31
  605. data/spec/unit/module_tool/applications/searcher_spec.rb +0 -38
  606. data/spec/unit/network/auth_config_parser_spec.rb +0 -115
  607. data/spec/unit/network/authstore_spec.rb +0 -422
  608. data/spec/unit/network/http/api/master/v3/authorization_spec.rb +0 -57
  609. data/spec/unit/network/http/api/master/v3/environment_spec.rb +0 -185
  610. data/spec/unit/network/http/compression_spec.rb +0 -240
  611. data/spec/unit/network/http/nocache_pool_spec.rb +0 -64
  612. data/spec/unit/network/http_spec.rb +0 -9
  613. data/spec/unit/network/rights_spec.rb +0 -439
  614. data/spec/unit/parser/environment_compiler_spec.rb +0 -730
  615. data/spec/unit/pops/types/enumeration_spec.rb +0 -51
  616. data/spec/unit/resource/capability_finder_spec.rb +0 -143
  617. data/spec/unit/rest/route_spec.rb +0 -132
  618. data/spec/unit/ssl/host_spec.rb +0 -650
  619. data/spec/unit/ssl/key_spec.rb +0 -173
  620. data/spec/unit/ssl/validator_spec.rb +0 -278
  621. data/spec/unit/status_spec.rb +0 -45
  622. data/spec/unit/util/ssl_spec.rb +0 -91
@@ -1,16 +1,15 @@
1
- require 'puppet/util/windows'
1
+ module Puppet
2
+ module Util
3
+ module Windows
4
+ module String
5
+ def wide_string(str)
6
+ # if given a nil string, assume caller wants to pass a nil pointer to win32
7
+ return nil if str.nil?
2
8
 
3
- module Puppet::Util::Windows::String
4
- def wide_string(str)
5
- # if given a nil string, assume caller wants to pass a nil pointer to win32
6
- return nil if str.nil?
7
- # ruby (< 2.1) does not respect multibyte terminators, so it is possible
8
- # for a string to contain a single trailing null byte, followed by garbage
9
- # causing buffer overruns.
10
- #
11
- # See http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?revision=41920&view=revision
12
- newstr = str + "\0".encode(str.encoding)
13
- newstr.encode!('UTF-16LE')
9
+ str.encode('UTF-16LE')
10
+ end
11
+ module_function :wide_string
12
+ end
13
+ end
14
14
  end
15
- module_function :wide_string
16
15
  end
@@ -145,6 +145,125 @@ module Puppet::Util::Windows::User
145
145
  end
146
146
  module_function :load_profile
147
147
 
148
+ def get_rights(name)
149
+ user_info = Puppet::Util::Windows::SID.name_to_principal(name.sub(/^\.\\/, "#{Puppet::Util::Windows::ADSI.computer_name}\\"))
150
+ return "" unless user_info
151
+
152
+ rights = []
153
+ rights_pointer = FFI::MemoryPointer.new(:pointer)
154
+ number_of_rights = FFI::MemoryPointer.new(:ulong)
155
+ sid_pointer = FFI::MemoryPointer.new(:byte, user_info.sid_bytes.length).write_array_of_uchar(user_info.sid_bytes)
156
+
157
+ new_lsa_policy_handle do |policy_handle|
158
+ result = LsaEnumerateAccountRights(policy_handle.read_pointer, sid_pointer, rights_pointer, number_of_rights)
159
+ check_lsa_nt_status_and_raise_failures(result, "LsaEnumerateAccountRights")
160
+ end
161
+
162
+ number_of_rights.read_ulong.times do |index|
163
+ right = LSA_UNICODE_STRING.new(rights_pointer.read_pointer + index * LSA_UNICODE_STRING.size)
164
+ rights << right[:Buffer].read_arbitrary_wide_string_up_to
165
+ end
166
+
167
+ result = LsaFreeMemory(rights_pointer.read_pointer)
168
+ check_lsa_nt_status_and_raise_failures(result, "LsaFreeMemory")
169
+
170
+ rights.join(",")
171
+ end
172
+ module_function :get_rights
173
+
174
+ def set_rights(name, rights)
175
+ rights_pointer = new_lsa_unicode_strings_pointer(rights)
176
+ user_info = Puppet::Util::Windows::SID.name_to_principal(name.sub(/^\.\\/, "#{Puppet::Util::Windows::ADSI.computer_name}\\"))
177
+ sid_pointer = FFI::MemoryPointer.new(:byte, user_info.sid_bytes.length).write_array_of_uchar(user_info.sid_bytes)
178
+
179
+ new_lsa_policy_handle do |policy_handle|
180
+ result = LsaAddAccountRights(policy_handle.read_pointer, sid_pointer, rights_pointer, rights.size)
181
+ check_lsa_nt_status_and_raise_failures(result, "LsaAddAccountRights")
182
+ end
183
+ end
184
+ module_function :set_rights
185
+
186
+ def remove_rights(name, rights)
187
+ rights_pointer = new_lsa_unicode_strings_pointer(rights)
188
+ user_info = Puppet::Util::Windows::SID.name_to_principal(name.sub(/^\.\\/, "#{Puppet::Util::Windows::ADSI.computer_name}\\"))
189
+ sid_pointer = FFI::MemoryPointer.new(:byte, user_info.sid_bytes.length).write_array_of_uchar(user_info.sid_bytes)
190
+
191
+ new_lsa_policy_handle do |policy_handle|
192
+ result = LsaRemoveAccountRights(policy_handle.read_pointer, sid_pointer, false, rights_pointer, rights.size)
193
+ check_lsa_nt_status_and_raise_failures(result, "LsaRemoveAccountRights")
194
+ end
195
+ end
196
+ module_function :remove_rights
197
+
198
+ # ACCESS_MASK flags for Policy Objects
199
+ # https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/b61b7268-987a-420b-84f9-6c75f8dc8558
200
+ POLICY_VIEW_LOCAL_INFORMATION = 0x00000001
201
+ POLICY_VIEW_AUDIT_INFORMATION = 0x00000002
202
+ POLICY_GET_PRIVATE_INFORMATION = 0x00000004
203
+ POLICY_TRUST_ADMIN = 0x00000008
204
+ POLICY_CREATE_ACCOUNT = 0x00000010
205
+ POLICY_CREATE_SECRET = 0x00000020
206
+ POLICY_CREATE_PRIVILEGE = 0x00000040
207
+ POLICY_SET_DEFAULT_QUOTA_LIMITS = 0x00000080
208
+ POLICY_SET_AUDIT_REQUIREMENTS = 0x00000100
209
+ POLICY_AUDIT_LOG_ADMIN = 0x00000200
210
+ POLICY_SERVER_ADMIN = 0x00000400
211
+ POLICY_LOOKUP_NAMES = 0x00000800
212
+ POLICY_NOTIFICATION = 0x00001000
213
+
214
+ def self.new_lsa_policy_handle
215
+ access = 0
216
+ access |= POLICY_LOOKUP_NAMES
217
+ access |= POLICY_CREATE_ACCOUNT
218
+ policy_handle = FFI::MemoryPointer.new(:pointer)
219
+
220
+ result = LsaOpenPolicy(nil, LSA_OBJECT_ATTRIBUTES.new, access, policy_handle)
221
+ check_lsa_nt_status_and_raise_failures(result, "LsaOpenPolicy")
222
+
223
+ begin
224
+ yield policy_handle
225
+ ensure
226
+ result = LsaClose(policy_handle.read_pointer)
227
+ check_lsa_nt_status_and_raise_failures(result, "LsaClose")
228
+ end
229
+ end
230
+ private_class_method :new_lsa_policy_handle
231
+
232
+ def self.new_lsa_unicode_strings_pointer(strings)
233
+ lsa_unicode_strings_pointer = FFI::MemoryPointer.new(LSA_UNICODE_STRING, strings.size)
234
+
235
+ strings.each_with_index do |string, index|
236
+ lsa_string = LSA_UNICODE_STRING.new(lsa_unicode_strings_pointer + index * LSA_UNICODE_STRING.size)
237
+ lsa_string[:Buffer] = FFI::MemoryPointer.from_string(wide_string(string))
238
+ lsa_string[:Length] = string.length * 2
239
+ lsa_string[:MaximumLength] = lsa_string[:Length] + 2
240
+ end
241
+
242
+ lsa_unicode_strings_pointer
243
+ end
244
+ private_class_method :new_lsa_unicode_strings_pointer
245
+
246
+ # https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-erref/18d8fbe8-a967-4f1c-ae50-99ca8e491d2d
247
+ def self.check_lsa_nt_status_and_raise_failures(status, method_name)
248
+ error_code = LsaNtStatusToWinError(status)
249
+
250
+ error_reason = case error_code.to_s(16)
251
+ when '0' # ERROR_SUCCESS
252
+ return # Method call succeded
253
+ when '2' # ERROR_FILE_NOT_FOUND
254
+ return # No rights/privilleges assigned to given user
255
+ when '5' # ERROR_ACCESS_DENIED
256
+ "Access is denied. Please make sure that puppet is running as administrator."
257
+ when '521' # ERROR_NO_SUCH_PRIVILEGE
258
+ "One or more of the given rights/privilleges are incorrect."
259
+ when '6ba' # RPC_S_SERVER_UNAVAILABLE
260
+ "The RPC server is unavailable or given domain name is invalid."
261
+ end
262
+
263
+ raise Puppet::Error.new("Calling `#{method_name}` returned 'Win32 Error Code 0x%08X'. #{error_reason}" % error_code)
264
+ end
265
+ private_class_method :check_lsa_nt_status_and_raise_failures
266
+
148
267
  ffi_convention :stdcall
149
268
 
150
269
  # https://msdn.microsoft.com/en-us/library/windows/desktop/aa378184(v=vs.85).aspx
@@ -329,4 +448,104 @@ module Puppet::Util::Windows::User
329
448
  ffi_lib :advapi32
330
449
  attach_function_private :IsValidSid,
331
450
  [:pointer], :win32_bool
451
+
452
+ # https://docs.microsoft.com/en-us/windows/win32/api/lsalookup/ns-lsalookup-lsa_object_attributes
453
+ # typedef struct _LSA_OBJECT_ATTRIBUTES {
454
+ # ULONG Length;
455
+ # HANDLE RootDirectory;
456
+ # PLSA_UNICODE_STRING ObjectName;
457
+ # ULONG Attributes;
458
+ # PVOID SecurityDescriptor;
459
+ # PVOID SecurityQualityOfService;
460
+ # } LSA_OBJECT_ATTRIBUTES, *PLSA_OBJECT_ATTRIBUTES;
461
+ class LSA_OBJECT_ATTRIBUTES < FFI::Struct
462
+ layout :Length, :ulong,
463
+ :RootDirectory, :handle,
464
+ :ObjectName, :plsa_unicode_string,
465
+ :Attributes, :ulong,
466
+ :SecurityDescriptor, :pvoid,
467
+ :SecurityQualityOfService, :pvoid
468
+ end
469
+
470
+ # https://docs.microsoft.com/en-us/windows/win32/api/lsalookup/ns-lsalookup-lsa_unicode_string
471
+ # typedef struct _LSA_UNICODE_STRING {
472
+ # USHORT Length;
473
+ # USHORT MaximumLength;
474
+ # PWSTR Buffer;
475
+ # } LSA_UNICODE_STRING, *PLSA_UNICODE_STRING;
476
+ class LSA_UNICODE_STRING < FFI::Struct
477
+ layout :Length, :ushort,
478
+ :MaximumLength, :ushort,
479
+ :Buffer, :pwstr
480
+ end
481
+
482
+ # https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/nf-ntsecapi-lsaenumerateaccountrights
483
+ # https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/user-rights-assignment
484
+ # NTSTATUS LsaEnumerateAccountRights(
485
+ # LSA_HANDLE PolicyHandle,
486
+ # PSID AccountSid,
487
+ # PLSA_UNICODE_STRING *UserRights,
488
+ # PULONG CountOfRights
489
+ # );
490
+ ffi_lib :advapi32
491
+ attach_function_private :LsaEnumerateAccountRights,
492
+ [:lsa_handle, :psid, :plsa_unicode_string, :pulong], :ntstatus
493
+
494
+ # https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/nf-ntsecapi-lsaaddaccountrights
495
+ # NTSTATUS LsaAddAccountRights(
496
+ # LSA_HANDLE PolicyHandle,
497
+ # PSID AccountSid,
498
+ # PLSA_UNICODE_STRING UserRights,
499
+ # ULONG CountOfRights
500
+ # );
501
+ ffi_lib :advapi32
502
+ attach_function_private :LsaAddAccountRights,
503
+ [:lsa_handle, :psid, :plsa_unicode_string, :ulong], :ntstatus
504
+
505
+ # https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/nf-ntsecapi-lsaremoveaccountrights
506
+ # NTSTATUS LsaRemoveAccountRights(
507
+ # LSA_HANDLE PolicyHandle,
508
+ # PSID AccountSid,
509
+ # BOOLEAN AllRights,
510
+ # PLSA_UNICODE_STRING UserRights,
511
+ # ULONG CountOfRights
512
+ # );
513
+ ffi_lib :advapi32
514
+ attach_function_private :LsaRemoveAccountRights,
515
+ [:lsa_handle, :psid, :bool, :plsa_unicode_string, :ulong], :ntstatus
516
+
517
+ # https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/nf-ntsecapi-lsaopenpolicy
518
+ # NTSTATUS LsaOpenPolicy(
519
+ # PLSA_UNICODE_STRING SystemName,
520
+ # PLSA_OBJECT_ATTRIBUTES ObjectAttributes,
521
+ # ACCESS_MASK DesiredAccess,
522
+ # PLSA_HANDLE PolicyHandle
523
+ # );
524
+ ffi_lib :advapi32
525
+ attach_function_private :LsaOpenPolicy,
526
+ [:plsa_unicode_string, :plsa_object_attributes, :access_mask, :plsa_handle], :ntstatus
527
+
528
+ # https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/nf-ntsecapi-lsaclose
529
+ # NTSTATUS LsaClose(
530
+ # LSA_HANDLE ObjectHandle
531
+ # );
532
+ ffi_lib :advapi32
533
+ attach_function_private :LsaClose,
534
+ [:lsa_handle], :ntstatus
535
+
536
+ # https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/nf-ntsecapi-lsafreememory
537
+ # NTSTATUS LsaFreeMemory(
538
+ # PVOID Buffer
539
+ # );
540
+ ffi_lib :advapi32
541
+ attach_function_private :LsaFreeMemory,
542
+ [:pvoid], :ntstatus
543
+
544
+ # https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/nf-ntsecapi-lsantstatustowinerror
545
+ # ULONG LsaNtStatusToWinError(
546
+ # NTSTATUS Status
547
+ # );
548
+ ffi_lib :advapi32
549
+ attach_function_private :LsaNtStatusToWinError,
550
+ [:ntstatus], :ulong
332
551
  end
@@ -42,28 +42,6 @@ module Puppet::Util::Yaml
42
42
  safe_load(yaml, allowed_classes, filename)
43
43
  end
44
44
 
45
- # @deprecated Use {#safe_load_file} instead.
46
- def self.load_file(filename, default_value = false, strip_classes = false)
47
- Puppet.deprecation_warning(_("Puppet::Util::Yaml.load_file is deprecated. Use safe_load_file instead."))
48
-
49
- if(strip_classes) then
50
- data = YAML::parse_file(filename)
51
- data.root.each do |o|
52
- if o.respond_to?(:tag=) and
53
- o.tag != nil and
54
- o.tag.start_with?("!ruby")
55
- o.tag = nil
56
- end
57
- end
58
- data.to_ruby || default_value
59
- else
60
- yaml = YAML.load_file(filename)
61
- yaml || default_value
62
- end
63
- rescue *YamlLoadExceptions => detail
64
- raise YamlLoadError.new(detail.message, detail)
65
- end
66
-
67
45
  def self.dump(structure, filename)
68
46
  Puppet::FileSystem.replace_file(filename, 0660) do |fh|
69
47
  YAML.dump(structure, fh)
@@ -2,4 +2,3 @@
2
2
  # Add one requirement per vendored package (or a comment if it is loaded on demand).
3
3
 
4
4
  # The vendored library 'rgen' is loaded on demand.
5
- # The vendored library 'pathspec' is loaded on demand.
@@ -6,7 +6,7 @@
6
6
  # Raketasks and such to set the version based on the output of `git describe`
7
7
 
8
8
  module Puppet
9
- PUPPETVERSION = '6.17.0'
9
+ PUPPETVERSION = '7.1.0'
10
10
 
11
11
  ##
12
12
  # version is a public API method intended to always provide a fast and
@@ -1,7 +1,11 @@
1
1
  require 'puppet'
2
2
  require 'puppet/ssl/openssl_loader'
3
3
 
4
- module Puppet::X509 # :nodoc:
4
+ # Responsible for loading and saving certificates and private keys.
5
+ #
6
+ # @see Puppet::X509::CertProvider
7
+ # @api private
8
+ module Puppet::X509
5
9
  require 'puppet/x509/pem_store'
6
10
  require 'puppet/x509/cert_provider'
7
11
  end
@@ -1,6 +1,11 @@
1
1
  require 'puppet/x509'
2
2
 
3
- # Class for loading and saving cert related objects.
3
+ # Class for loading and saving cert related objects. By default the provider
4
+ # loads and saves based on puppet's default settings, such as `Puppet[:localcacert]`.
5
+ # The providers sets the permissions on files it saves, such as the private key.
6
+ # All of the `load_*` methods take an optional `required` parameter. If an object
7
+ # doesn't exist, then by default the provider returns `nil`. However, if the
8
+ # `required` parameter is true, then an exception will be raised instead.
4
9
  #
5
10
  # @api private
6
11
  class Puppet::X509::CertProvider
@@ -32,6 +37,7 @@ class Puppet::X509::CertProvider
32
37
  #
33
38
  # @param certs [Array<OpenSSL::X509::Certificate>] Array of CA certs to save
34
39
  # @raise [Puppet::Error] if the certs cannot be saved
40
+ #
35
41
  # @api private
36
42
  def save_cacerts(certs)
37
43
  save_pem(certs.map(&:to_pem).join, @capath, **permissions_for_setting(:localcacert))
@@ -45,6 +51,7 @@ class Puppet::X509::CertProvider
45
51
  # @return (see #load_cacerts_from_pem)
46
52
  # @raise (see #load_cacerts_from_pem)
47
53
  # @raise [Puppet::Error] if the certs cannot be loaded
54
+ #
48
55
  # @api private
49
56
  def load_cacerts(required: false)
50
57
  pem = load_pem(@capath)
@@ -61,6 +68,7 @@ class Puppet::X509::CertProvider
61
68
  # @param pem [String] PEM encoded certificate(s)
62
69
  # @return [Array<OpenSSL::X509::Certificate>] Array of CA certs
63
70
  # @raise [OpenSSL::X509::CertificateError] The `pem` text does not contain a valid cert
71
+ #
64
72
  # @api private
65
73
  def load_cacerts_from_pem(pem)
66
74
  # TRANSLATORS 'PEM' is an acronym and shouldn't be translated
@@ -75,6 +83,7 @@ class Puppet::X509::CertProvider
75
83
  #
76
84
  # @param crls [Array<OpenSSL::X509::CRL>] Array of CRLs to save
77
85
  # @raise [Puppet::Error] if the CRLs cannot be saved
86
+ #
78
87
  # @api private
79
88
  def save_crls(crls)
80
89
  save_pem(crls.map(&:to_pem).join, @crlpath, **permissions_for_setting(:hostcrl))
@@ -88,6 +97,7 @@ class Puppet::X509::CertProvider
88
97
  # @return (see #load_crls_from_pem)
89
98
  # @raise (see #load_crls_from_pem)
90
99
  # @raise [Puppet::Error] if the CRLs cannot be loaded
100
+ #
91
101
  # @api private
92
102
  def load_crls(required: false)
93
103
  pem = load_pem(@crlpath)
@@ -104,6 +114,7 @@ class Puppet::X509::CertProvider
104
114
  # @param pem [String] PEM encoded CRL(s)
105
115
  # @return [Array<OpenSSL::X509::CRL>] Array of CRLs
106
116
  # @raise [OpenSSL::X509::CRLError] The `pem` text does not contain a valid CRL
117
+ #
107
118
  # @api private
108
119
  def load_crls_from_pem(pem)
109
120
  # TRANSLATORS 'PEM' is an acronym and shouldn't be translated
@@ -118,6 +129,8 @@ class Puppet::X509::CertProvider
118
129
  #
119
130
  # @return [Time, nil] Time when the CRL was last updated, or nil if we don't
120
131
  # have a CRL
132
+ #
133
+ # @api private
121
134
  def crl_last_update
122
135
  stat = Puppet::FileSystem.stat(@crlpath)
123
136
  Time.at(stat.mtime)
@@ -129,6 +142,7 @@ class Puppet::X509::CertProvider
129
142
  #
130
143
  # @param time [Time] The last updated time
131
144
  #
145
+ # @api private
132
146
  def crl_last_update=(time)
133
147
  Puppet::FileSystem.touch(@crlpath, mtime: time)
134
148
  end
@@ -142,6 +156,7 @@ class Puppet::X509::CertProvider
142
156
  # from the password, and use that to encrypt the private key. If nil,
143
157
  # save the private key unencrypted.
144
158
  # @raise [Puppet::Error] if the private key cannot be saved
159
+ #
145
160
  # @api private
146
161
  def save_private_key(name, key, password: nil)
147
162
  pem = if password
@@ -167,6 +182,7 @@ class Puppet::X509::CertProvider
167
182
  # @return (see #load_private_key_from_pem)
168
183
  # @raise (see #load_private_key_from_pem)
169
184
  # @raise [Puppet::Error] if the private key cannot be loaded
185
+ #
170
186
  # @api private
171
187
  def load_private_key(name, required: false, password: nil)
172
188
  path = @hostprivkey || to_path(@privatekeydir, name)
@@ -187,6 +203,7 @@ class Puppet::X509::CertProvider
187
203
  # not specified, then the key cannot be loaded.
188
204
  # @return [OpenSSL::PKey::RSA, OpenSSL::PKey::EC] The private key
189
205
  # @raise [OpenSSL::PKey::PKeyError] The `pem` text does not contain a valid key
206
+ #
190
207
  # @api private
191
208
  def load_private_key_from_pem(pem, password: nil)
192
209
  # set a non-nil password to ensure openssl doesn't prompt
@@ -216,6 +233,8 @@ class Puppet::X509::CertProvider
216
233
  #
217
234
  # @return [String, nil] The private key password as a binary string or nil
218
235
  # if there is none.
236
+ #
237
+ # @api private
219
238
  def load_private_key_password
220
239
  Puppet::FileSystem.read(Puppet[:passfile], :encoding => Encoding::BINARY)
221
240
  rescue Errno::ENOENT
@@ -227,6 +246,7 @@ class Puppet::X509::CertProvider
227
246
  # @param name [String] The client cert identity
228
247
  # @param cert [OpenSSL::X509::Certificate] The cert to save
229
248
  # @raise [Puppet::Error] if the client cert cannot be saved
249
+ #
230
250
  # @api private
231
251
  def save_client_cert(name, cert)
232
252
  path = @hostcert || to_path(@certdir, name)
@@ -242,6 +262,7 @@ class Puppet::X509::CertProvider
242
262
  # @return (see #load_request_from_pem)
243
263
  # @raise (see #load_client_cert_from_pem)
244
264
  # @raise [Puppet::Error] if the client cert cannot be loaded
265
+ #
245
266
  # @api private
246
267
  def load_client_cert(name, required: false)
247
268
  path = @hostcert || to_path(@certdir, name)
@@ -259,6 +280,7 @@ class Puppet::X509::CertProvider
259
280
  # @param pem [String] PEM encoded cert
260
281
  # @return [OpenSSL::X509::Certificate] the certificate
261
282
  # @raise [OpenSSL::X509::CertificateError] The `pem` text does not contain a valid cert
283
+ #
262
284
  # @api private
263
285
  def load_client_cert_from_pem(pem)
264
286
  OpenSSL::X509::Certificate.new(pem)
@@ -270,6 +292,7 @@ class Puppet::X509::CertProvider
270
292
  # @param private_key [OpenSSL::PKey::RSA] private key
271
293
  # @return [Puppet::X509::Request] The request
272
294
  #
295
+ # @api private
273
296
  def create_request(name, private_key)
274
297
  options = {}
275
298
 
@@ -292,6 +315,7 @@ class Puppet::X509::CertProvider
292
315
  # @param name [String] the request identity
293
316
  # @param csr [OpenSSL::X509::Request] the request
294
317
  # @raise [Puppet::Error] if the cert request cannot be saved
318
+ #
295
319
  # @api private
296
320
  def save_request(name, csr)
297
321
  path = to_path(@requestdir, name)
@@ -306,6 +330,7 @@ class Puppet::X509::CertProvider
306
330
  # @return (see #load_request_from_pem)
307
331
  # @raise (see #load_request_from_pem)
308
332
  # @raise [Puppet::Error] if the cert request cannot be saved
333
+ #
309
334
  # @api private
310
335
  def load_request(name)
311
336
  path = to_path(@requestdir, name)
@@ -319,6 +344,8 @@ class Puppet::X509::CertProvider
319
344
  #
320
345
  # @param name [String] The request identity
321
346
  # @return [Boolean] true if the CSR was deleted
347
+ #
348
+ # @api private
322
349
  def delete_request(name)
323
350
  path = to_path(@requestdir, name)
324
351
  delete_pem(path)
@@ -331,6 +358,7 @@ class Puppet::X509::CertProvider
331
358
  # @param pem [String] PEM encoded request
332
359
  # @return [OpenSSL::X509::Request] the request
333
360
  # @raise [OpenSSL::X509::RequestError] The `pem` text does not contain a valid request
361
+ #
334
362
  # @api private
335
363
  def load_request_from_pem(pem)
336
364
  OpenSSL::X509::Request.new(pem)