puppet 6.17.0-x64-mingw32 → 7.1.0-x64-mingw32
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CODEOWNERS +2 -16
- data/Gemfile +3 -4
- data/Gemfile.lock +32 -30
- data/README.md +2 -3
- data/Rakefile +4 -12
- data/conf/fileserver.conf +5 -10
- data/ext/build_defaults.yaml +1 -1
- data/ext/osx/file_mapping.yaml +0 -5
- data/ext/project_data.yaml +2 -14
- data/ext/redhat/puppet.spec.erb +0 -1
- data/ext/windows/service/daemon.rb +6 -5
- data/install.rb +21 -17
- data/lib/puppet.rb +11 -20
- data/lib/puppet/agent/locker.rb +0 -7
- data/lib/puppet/application.rb +172 -98
- data/lib/puppet/application/agent.rb +8 -3
- data/lib/puppet/application/apply.rb +18 -20
- data/lib/puppet/application/device.rb +100 -104
- data/lib/puppet/application/doc.rb +1 -1
- data/lib/puppet/application/filebucket.rb +15 -11
- data/lib/puppet/application/lookup.rb +16 -4
- data/lib/puppet/application/ssl.rb +1 -1
- data/lib/puppet/application_support.rb +7 -0
- data/lib/puppet/configurer.rb +46 -19
- data/lib/puppet/configurer/downloader.rb +31 -10
- data/lib/puppet/configurer/plugin_handler.rb +21 -19
- data/lib/puppet/confine.rb +1 -1
- data/lib/puppet/confine/any.rb +1 -1
- data/lib/puppet/defaults.rb +116 -162
- data/lib/puppet/environments.rb +72 -62
- data/lib/puppet/face/catalog.rb +1 -1
- data/lib/puppet/face/config.rb +56 -16
- data/lib/puppet/face/epp.rb +12 -2
- data/lib/puppet/face/facts.rb +66 -6
- data/lib/puppet/face/help.rb +1 -1
- data/lib/puppet/face/node.rb +3 -3
- data/lib/puppet/face/node/clean.rb +10 -2
- data/lib/puppet/face/plugin.rb +5 -8
- data/lib/puppet/feature/base.rb +1 -1
- data/lib/puppet/ffi/posix.rb +10 -0
- data/lib/puppet/ffi/posix/constants.rb +14 -0
- data/lib/puppet/ffi/posix/functions.rb +24 -0
- data/lib/puppet/ffi/windows.rb +12 -0
- data/lib/puppet/ffi/windows/api_types.rb +311 -0
- data/lib/puppet/ffi/windows/constants.rb +404 -0
- data/lib/puppet/ffi/windows/functions.rb +628 -0
- data/lib/puppet/ffi/windows/structs.rb +338 -0
- data/lib/puppet/file_bucket/dipper.rb +1 -1
- data/lib/puppet/file_serving/configuration.rb +0 -5
- data/lib/puppet/file_serving/configuration/parser.rb +3 -32
- data/lib/puppet/file_serving/http_metadata.rb +1 -1
- data/lib/puppet/file_serving/mount.rb +1 -2
- data/lib/puppet/file_serving/mount/locales.rb +1 -2
- data/lib/puppet/file_serving/mount/pluginfacts.rb +1 -2
- data/lib/puppet/file_serving/mount/plugins.rb +1 -2
- data/lib/puppet/file_system/file_impl.rb +3 -3
- data/lib/puppet/forge/repository.rb +0 -1
- data/lib/puppet/functions/epp.rb +1 -0
- data/lib/puppet/functions/inline_epp.rb +1 -0
- data/lib/puppet/functions/lstrip.rb +4 -4
- data/lib/puppet/functions/new.rb +8 -3
- data/lib/puppet/functions/reverse_each.rb +1 -1
- data/lib/puppet/functions/rstrip.rb +4 -4
- data/lib/puppet/functions/step.rb +1 -1
- data/lib/puppet/functions/strip.rb +4 -4
- data/lib/puppet/generate/models/type/type.rb +4 -1
- data/lib/puppet/gettext/config.rb +5 -5
- data/lib/puppet/gettext/module_translations.rb +4 -4
- data/lib/puppet/http.rb +23 -13
- data/lib/puppet/http/client.rb +165 -115
- data/lib/puppet/{network/resolver.rb → http/dns.rb} +2 -2
- data/lib/puppet/http/errors.rb +16 -0
- data/lib/puppet/http/external_client.rb +5 -7
- data/lib/puppet/{network/http → http}/factory.rb +8 -11
- data/lib/puppet/{network/http → http}/pool.rb +61 -26
- data/lib/puppet/{network/http/session.rb → http/pool_entry.rb} +2 -3
- data/lib/puppet/http/proxy.rb +137 -0
- data/lib/puppet/http/redirector.rb +4 -12
- data/lib/puppet/http/resolver.rb +10 -23
- data/lib/puppet/http/resolver/server_list.rb +23 -45
- data/lib/puppet/http/resolver/settings.rb +7 -10
- data/lib/puppet/http/resolver/srv.rb +11 -15
- data/lib/puppet/http/response.rb +36 -54
- data/lib/puppet/http/response_converter.rb +24 -0
- data/lib/puppet/http/response_net_http.rb +42 -0
- data/lib/puppet/http/retry_after_handler.rb +4 -13
- data/lib/puppet/http/service.rb +15 -27
- data/lib/puppet/http/service/ca.rb +11 -22
- data/lib/puppet/http/service/compiler.rb +23 -70
- data/lib/puppet/http/service/file_server.rb +19 -28
- data/lib/puppet/http/service/puppetserver.rb +53 -0
- data/lib/puppet/http/service/report.rb +8 -10
- data/lib/puppet/http/session.rb +16 -24
- data/lib/puppet/{network/http → http}/site.rb +1 -2
- data/lib/puppet/indirector/catalog/compiler.rb +1 -1
- data/lib/puppet/indirector/catalog/rest.rb +2 -4
- data/lib/puppet/indirector/exec.rb +1 -1
- data/lib/puppet/indirector/fact_search.rb +60 -0
- data/lib/puppet/indirector/facts/facter.rb +27 -6
- data/lib/puppet/indirector/facts/json.rb +27 -0
- data/lib/puppet/indirector/facts/rest.rb +3 -22
- data/lib/puppet/indirector/facts/yaml.rb +4 -59
- data/lib/puppet/indirector/file_bucket_file/rest.rb +3 -9
- data/lib/puppet/indirector/file_content/rest.rb +2 -6
- data/lib/puppet/indirector/file_metadata/http.rb +1 -0
- data/lib/puppet/indirector/file_metadata/rest.rb +3 -9
- data/lib/puppet/indirector/file_server.rb +1 -8
- data/lib/puppet/indirector/generic_http.rb +0 -11
- data/lib/puppet/indirector/hiera.rb +4 -0
- data/lib/puppet/indirector/indirection.rb +1 -1
- data/lib/puppet/indirector/json.rb +5 -1
- data/lib/puppet/indirector/msgpack.rb +1 -1
- data/lib/puppet/indirector/node/json.rb +8 -0
- data/lib/puppet/indirector/node/rest.rb +2 -4
- data/lib/puppet/indirector/report/json.rb +34 -0
- data/lib/puppet/indirector/report/processor.rb +2 -2
- data/lib/puppet/indirector/report/rest.rb +3 -8
- data/lib/puppet/indirector/request.rb +1 -102
- data/lib/puppet/indirector/rest.rb +12 -263
- data/lib/puppet/indirector/yaml.rb +1 -1
- data/lib/puppet/module.rb +1 -2
- data/lib/puppet/module_tool/applications.rb +0 -1
- data/lib/puppet/network/authconfig.rb +2 -96
- data/lib/puppet/network/authorization.rb +13 -35
- data/lib/puppet/network/format_support.rb +2 -2
- data/lib/puppet/network/formats.rb +2 -1
- data/lib/puppet/network/http.rb +3 -3
- data/lib/puppet/network/http/api/indirected_routes.rb +2 -20
- data/lib/puppet/network/http/api/master/v3.rb +11 -13
- data/lib/puppet/network/http/api/master/v3/environments.rb +0 -1
- data/lib/puppet/network/http/connection.rb +247 -316
- data/lib/puppet/network/http/handler.rb +0 -1
- data/lib/puppet/network/http/route.rb +2 -2
- data/lib/puppet/network/http_pool.rb +16 -34
- data/lib/puppet/node.rb +1 -30
- data/lib/puppet/node/environment.rb +12 -5
- data/lib/puppet/node/facts.rb +17 -0
- data/lib/puppet/pal/json_catalog_encoder.rb +4 -0
- data/lib/puppet/pal/pal_impl.rb +93 -14
- data/lib/puppet/parameter.rb +1 -1
- data/lib/puppet/parser/ast/pops_bridge.rb +0 -38
- data/lib/puppet/parser/compiler.rb +0 -198
- data/lib/puppet/parser/compiler/catalog_validator/relationship_validator.rb +14 -39
- data/lib/puppet/parser/functions.rb +21 -17
- data/lib/puppet/parser/functions/create_resources.rb +11 -7
- data/lib/puppet/parser/resource.rb +0 -69
- data/lib/puppet/parser/templatewrapper.rb +1 -1
- data/lib/puppet/parser/type_loader.rb +2 -2
- data/lib/puppet/pops/adaptable.rb +7 -13
- data/lib/puppet/pops/adapters.rb +8 -4
- data/lib/puppet/pops/evaluator/collectors/abstract_collector.rb +1 -3
- data/lib/puppet/pops/evaluator/evaluator_impl.rb +22 -8
- data/lib/puppet/pops/evaluator/runtime3_converter.rb +2 -2
- data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +3 -3
- data/lib/puppet/pops/evaluator/runtime3_support.rb +1 -1
- data/lib/puppet/pops/issues.rb +0 -5
- data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +6 -8
- data/lib/puppet/pops/loader/runtime3_type_loader.rb +4 -2
- data/lib/puppet/pops/loaders.rb +18 -11
- data/lib/puppet/pops/lookup/context.rb +1 -1
- data/lib/puppet/pops/lookup/hiera_config.rb +14 -1
- data/lib/puppet/pops/model/ast.pp +0 -42
- data/lib/puppet/pops/model/ast.rb +0 -290
- data/lib/puppet/pops/model/factory.rb +0 -45
- data/lib/puppet/pops/model/model_label_provider.rb +0 -5
- data/lib/puppet/pops/model/model_tree_dumper.rb +0 -22
- data/lib/puppet/pops/model/pn_transformer.rb +0 -16
- data/lib/puppet/pops/parser/egrammar.ra +0 -56
- data/lib/puppet/pops/parser/eparser.rb +1520 -1712
- data/lib/puppet/pops/parser/lexer2.rb +4 -4
- data/lib/puppet/pops/parser/parser_support.rb +0 -5
- data/lib/puppet/pops/resource/resource_type_impl.rb +2 -24
- data/lib/puppet/pops/types/iterable.rb +34 -8
- data/lib/puppet/pops/types/p_meta_type.rb +1 -1
- data/lib/puppet/pops/types/p_type_set_type.rb +4 -0
- data/lib/puppet/pops/types/type_calculator.rb +0 -7
- data/lib/puppet/pops/types/type_parser.rb +0 -4
- data/lib/puppet/pops/types/types.rb +0 -1
- data/lib/puppet/pops/validation/checker4_0.rb +28 -52
- data/lib/puppet/pops/validation/tasks_checker.rb +0 -12
- data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -2
- data/lib/puppet/provider.rb +0 -13
- data/lib/puppet/provider/file/windows.rb +1 -1
- data/lib/puppet/provider/nameservice.rb +0 -18
- data/lib/puppet/provider/package/apt.rb +34 -0
- data/lib/puppet/provider/package/dpkg.rb +1 -11
- data/lib/puppet/provider/package/gem.rb +27 -5
- data/lib/puppet/provider/package/pip.rb +0 -1
- data/lib/puppet/provider/package/pip2.rb +17 -0
- data/lib/puppet/provider/package/pkg.rb +0 -4
- data/lib/puppet/provider/package/portage.rb +1 -1
- data/lib/puppet/provider/package/puppet_gem.rb +6 -4
- data/lib/puppet/provider/package/puppetserver_gem.rb +180 -0
- data/lib/puppet/provider/package/yum.rb +1 -0
- data/lib/puppet/provider/package/zypper.rb +3 -0
- data/lib/puppet/provider/service/smf.rb +191 -73
- data/lib/puppet/provider/user/aix.rb +3 -3
- data/lib/puppet/provider/user/directoryservice.rb +0 -10
- data/lib/puppet/provider/user/user_role_add.rb +1 -1
- data/lib/puppet/provider/user/windows_adsi.rb +18 -1
- data/lib/puppet/reference/configuration.rb +2 -0
- data/lib/puppet/reference/indirection.rb +1 -1
- data/lib/puppet/resource.rb +1 -89
- data/lib/puppet/resource/catalog.rb +1 -14
- data/lib/puppet/resource/type.rb +5 -120
- data/lib/puppet/resource/type_collection.rb +3 -48
- data/lib/puppet/runtime.rb +1 -2
- data/lib/puppet/settings.rb +84 -35
- data/lib/puppet/settings/base_setting.rb +26 -2
- data/lib/puppet/settings/integer_setting.rb +17 -0
- data/lib/puppet/settings/port_setting.rb +15 -0
- data/lib/puppet/settings/priority_setting.rb +5 -4
- data/lib/puppet/ssl.rb +10 -6
- data/lib/puppet/ssl/base.rb +3 -5
- data/lib/puppet/ssl/certificate.rb +0 -6
- data/lib/puppet/ssl/certificate_request.rb +1 -12
- data/lib/puppet/ssl/certificate_signer.rb +6 -0
- data/lib/puppet/ssl/oids.rb +3 -1
- data/lib/puppet/ssl/ssl_provider.rb +17 -0
- data/lib/puppet/ssl/state_machine.rb +3 -1
- data/lib/puppet/ssl/verifier.rb +2 -0
- data/lib/puppet/test/test_helper.rb +11 -6
- data/lib/puppet/transaction.rb +3 -9
- data/lib/puppet/transaction/persistence.rb +1 -1
- data/lib/puppet/transaction/report.rb +10 -8
- data/lib/puppet/trusted_external.rb +2 -2
- data/lib/puppet/type.rb +4 -79
- data/lib/puppet/type/file.rb +7 -9
- data/lib/puppet/type/file/checksum.rb +1 -1
- data/lib/puppet/type/file/source.rb +29 -9
- data/lib/puppet/type/filebucket.rb +4 -4
- data/lib/puppet/type/notify.rb +2 -2
- data/lib/puppet/type/package.rb +5 -13
- data/lib/puppet/type/service.rb +4 -0
- data/lib/puppet/type/user.rb +19 -4
- data/lib/puppet/util.rb +26 -12
- data/lib/puppet/util/autoload.rb +9 -7
- data/lib/puppet/util/character_encoding.rb +9 -5
- data/lib/puppet/util/execution.rb +2 -13
- data/lib/puppet/util/http_proxy.rb +2 -215
- data/lib/puppet/util/monkey_patches.rb +0 -46
- data/lib/puppet/util/posix.rb +53 -4
- data/lib/puppet/util/rdoc.rb +0 -7
- data/lib/puppet/util/retry_action.rb +1 -1
- data/lib/puppet/util/rubygems.rb +5 -1
- data/lib/puppet/util/run_mode.rb +14 -2
- data/lib/puppet/util/windows.rb +3 -7
- data/lib/puppet/util/windows/daemon.rb +360 -0
- data/lib/puppet/util/windows/error.rb +1 -0
- data/lib/puppet/util/windows/eventlog.rb +4 -9
- data/lib/puppet/util/windows/file.rb +8 -242
- data/lib/puppet/util/windows/monkey_patches/process.rb +414 -0
- data/lib/puppet/util/windows/process.rb +4 -226
- data/lib/puppet/util/windows/security.rb +4 -4
- data/lib/puppet/util/windows/service.rb +9 -460
- data/lib/puppet/util/windows/string.rb +12 -13
- data/lib/puppet/util/windows/user.rb +219 -0
- data/lib/puppet/util/yaml.rb +0 -22
- data/lib/puppet/vendor/require_vendored.rb +0 -1
- data/lib/puppet/version.rb +1 -1
- data/lib/puppet/x509.rb +5 -1
- data/lib/puppet/x509/cert_provider.rb +29 -1
- data/locales/puppet.pot +656 -1351
- data/man/man5/puppet.conf.5 +72 -97
- data/man/man8/puppet-agent.8 +6 -3
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +6 -6
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +55 -9
- data/man/man8/puppet-filebucket.8 +6 -6
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-lookup.8 +2 -2
- data/man/man8/puppet-module.8 +1 -58
- data/man/man8/puppet-node.8 +7 -4
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +4 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +1 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/integration/application/apply/environments/spec/modules/amod/lib/puppet/provider/applytest/applytest.rb +2 -0
- data/spec/fixtures/integration/application/apply/environments/spec/modules/amod/lib/puppet/type/applytest.rb +25 -0
- data/spec/fixtures/unit/forge/bacula-releases.json +128 -0
- data/spec/fixtures/unit/forge/bacula.tar.gz +0 -0
- data/spec/fixtures/unit/provider/package/puppetserver_gem/gem-list-local-packages +30 -0
- data/spec/fixtures/unit/provider/service/smf/{svcs.out → svcs_instances.out} +0 -0
- data/spec/fixtures/unit/provider/user/aix/aix_passwd_file.out +4 -0
- data/spec/integration/application/agent_spec.rb +70 -61
- data/spec/integration/application/apply_spec.rb +150 -150
- data/spec/integration/application/doc_spec.rb +16 -6
- data/spec/integration/application/filebucket_spec.rb +78 -29
- data/spec/integration/application/help_spec.rb +44 -0
- data/spec/integration/application/lookup_spec.rb +13 -0
- data/spec/integration/application/module_spec.rb +68 -0
- data/spec/integration/application/plugin_spec.rb +76 -4
- data/spec/integration/configurer_spec.rb +14 -0
- data/spec/integration/data_binding_spec.rb +82 -0
- data/spec/integration/defaults_spec.rb +32 -3
- data/spec/integration/directory_environments_spec.rb +17 -17
- data/spec/integration/environments/setting_hooks_spec.rb +1 -1
- data/spec/integration/indirector/facts/facter_spec.rb +8 -6
- data/spec/integration/network/http_pool_spec.rb +3 -21
- data/spec/integration/node/environment_spec.rb +1 -1
- data/spec/integration/parser/catalog_spec.rb +0 -38
- data/spec/integration/parser/node_spec.rb +0 -9
- data/spec/integration/parser/pcore_resource_spec.rb +0 -37
- data/spec/integration/type/file_spec.rb +5 -4
- data/spec/integration/util/execution_spec.rb +22 -0
- data/spec/integration/util/windows/adsi_spec.rb +2 -2
- data/spec/integration/util/windows/monkey_patches/process_spec.rb +231 -0
- data/spec/integration/util/windows/process_spec.rb +26 -32
- data/spec/integration/util/windows/security_spec.rb +1 -1
- data/spec/integration/util/windows/user_spec.rb +7 -0
- data/spec/integration/util_spec.rb +7 -33
- data/spec/lib/puppet_spec/matchers.rb +0 -80
- data/spec/lib/puppet_spec/puppetserver.rb +9 -1
- data/spec/lib/puppet_spec/settings.rb +7 -1
- data/spec/shared_contexts/types_setup.rb +2 -0
- data/spec/spec_helper.rb +2 -0
- data/spec/unit/agent_spec.rb +0 -2
- data/spec/unit/application/agent_spec.rb +3 -4
- data/spec/unit/application/config_spec.rb +224 -4
- data/spec/unit/application/doc_spec.rb +2 -2
- data/spec/unit/application/face_base_spec.rb +6 -4
- data/spec/unit/application/facts_spec.rb +74 -8
- data/spec/unit/application/filebucket_spec.rb +41 -39
- data/spec/unit/application/resource_spec.rb +3 -1
- data/spec/unit/application/ssl_spec.rb +17 -4
- data/spec/unit/application_spec.rb +43 -4
- data/spec/unit/certificate_factory_spec.rb +1 -1
- data/spec/unit/configurer/downloader_spec.rb +14 -0
- data/spec/unit/configurer/plugin_handler_spec.rb +56 -18
- data/spec/unit/configurer_spec.rb +96 -44
- data/spec/unit/confine_spec.rb +2 -1
- data/spec/unit/context/trusted_information_spec.rb +2 -6
- data/spec/unit/defaults_spec.rb +26 -32
- data/spec/unit/environments_spec.rb +173 -32
- data/spec/unit/face/config_spec.rb +65 -12
- data/spec/unit/face/facts_spec.rb +4 -0
- data/spec/unit/face/node_spec.rb +16 -4
- data/spec/unit/face/plugin_spec.rb +73 -33
- data/spec/unit/file_bucket/file_spec.rb +1 -1
- data/spec/unit/file_serving/configuration/parser_spec.rb +14 -18
- data/spec/unit/file_serving/configuration_spec.rb +6 -12
- data/spec/unit/file_serving/mount/locales_spec.rb +2 -2
- data/spec/unit/file_serving/mount/pluginfacts_spec.rb +2 -2
- data/spec/unit/file_serving/mount/plugins_spec.rb +2 -2
- data/spec/unit/file_system/uniquefile_spec.rb +18 -0
- data/spec/unit/file_system_spec.rb +1 -2
- data/spec/unit/functions/camelcase_spec.rb +1 -1
- data/spec/unit/functions/capitalize_spec.rb +1 -1
- data/spec/unit/functions/downcase_spec.rb +1 -1
- data/spec/unit/functions/inline_epp_spec.rb +26 -1
- data/spec/unit/functions/upcase_spec.rb +1 -1
- data/spec/unit/http/client_spec.rb +7 -9
- data/spec/unit/{network/resolver_spec.rb → http/dns_spec.rb} +3 -3
- data/spec/unit/http/external_client_spec.rb +4 -4
- data/spec/unit/{network/http → http}/factory_spec.rb +5 -11
- data/spec/unit/{network/http/session_spec.rb → http/pool_entry_spec.rb} +3 -3
- data/spec/unit/{network/http → http}/pool_spec.rb +12 -17
- data/spec/unit/{util/http_proxy_spec.rb → http/proxy_spec.rb} +2 -69
- data/spec/unit/http/resolver_spec.rb +34 -15
- data/spec/unit/http/service/ca_spec.rb +2 -3
- data/spec/unit/http/service/compiler_spec.rb +51 -65
- data/spec/unit/http/service/file_server_spec.rb +5 -6
- data/spec/unit/http/service/puppetserver_spec.rb +112 -0
- data/spec/unit/http/service/report_spec.rb +2 -3
- data/spec/unit/http/service_spec.rb +1 -3
- data/spec/unit/http/session_spec.rb +24 -35
- data/spec/unit/{network/http → http}/site_spec.rb +3 -3
- data/spec/unit/indirector/catalog/json_spec.rb +1 -1
- data/spec/unit/indirector/catalog/rest_spec.rb +1 -1
- data/spec/unit/indirector/facts/facter_spec.rb +97 -0
- data/spec/unit/indirector/facts/json_spec.rb +255 -0
- data/spec/unit/indirector/facts/rest_spec.rb +1 -1
- data/spec/unit/indirector/file_bucket_file/file_spec.rb +5 -3
- data/spec/unit/indirector/file_content/rest_spec.rb +0 -4
- data/spec/unit/indirector/file_metadata/rest_spec.rb +0 -4
- data/spec/unit/indirector/file_server_spec.rb +1 -15
- data/spec/unit/indirector/json_spec.rb +8 -8
- data/spec/unit/indirector/msgpack_spec.rb +8 -8
- data/spec/unit/indirector/node/json_spec.rb +33 -0
- data/spec/unit/indirector/node/rest_spec.rb +1 -1
- data/spec/{integration/indirector/report/yaml.rb → unit/indirector/report/json_spec.rb} +13 -24
- data/spec/unit/indirector/report/rest_spec.rb +2 -17
- data/spec/unit/indirector/report/yaml_spec.rb +72 -8
- data/spec/unit/indirector/request_spec.rb +2 -266
- data/spec/unit/indirector/rest_spec.rb +98 -752
- data/spec/unit/indirector/yaml_spec.rb +7 -7
- data/spec/unit/module_tool/tar/mini_spec.rb +20 -0
- data/spec/unit/network/authconfig_spec.rb +2 -132
- data/spec/unit/network/authorization_spec.rb +2 -55
- data/spec/unit/network/format_support_spec.rb +3 -2
- data/spec/unit/network/formats_spec.rb +4 -4
- data/spec/unit/network/http/api/indirected_routes_spec.rb +1 -97
- data/spec/unit/network/http/api/master/v3/environments_spec.rb +12 -23
- data/spec/unit/network/http/api/master/v3_spec.rb +28 -7
- data/spec/unit/network/http/api_spec.rb +10 -0
- data/spec/unit/network/http/connection_spec.rb +19 -41
- data/spec/unit/network/http/handler_spec.rb +0 -6
- data/spec/unit/network/http_pool_spec.rb +0 -4
- data/spec/unit/node/environment_spec.rb +51 -22
- data/spec/unit/node_spec.rb +2 -54
- data/spec/unit/parser/functions/create_resources_spec.rb +2 -20
- data/spec/unit/parser/templatewrapper_spec.rb +4 -3
- data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +4 -7
- data/spec/unit/pops/loaders/loaders_spec.rb +76 -21
- data/spec/unit/pops/lookup/lookup_spec.rb +25 -0
- data/spec/unit/pops/parser/parse_application_spec.rb +4 -22
- data/spec/unit/pops/parser/parse_basic_expressions_spec.rb +0 -1
- data/spec/unit/pops/parser/parse_capabilities_spec.rb +8 -21
- data/spec/unit/pops/parser/parse_site_spec.rb +20 -24
- data/spec/unit/pops/resource/resource_type_impl_spec.rb +0 -71
- data/spec/unit/pops/serialization/to_from_hr_spec.rb +1 -1
- data/spec/unit/pops/types/type_calculator_spec.rb +6 -6
- data/spec/unit/pops/types/type_factory_spec.rb +1 -1
- data/spec/unit/pops/validator/validator_spec.rb +61 -46
- data/spec/unit/pops/visitor_spec.rb +1 -1
- data/spec/unit/provider/exec_spec.rb +4 -3
- data/spec/unit/provider/nameservice_spec.rb +0 -57
- data/spec/unit/provider/package/apt_spec.rb +77 -0
- data/spec/unit/provider/package/aptitude_spec.rb +1 -0
- data/spec/unit/provider/package/dpkg_spec.rb +22 -55
- data/spec/unit/provider/package/gem_spec.rb +32 -0
- data/spec/unit/provider/package/openbsd_spec.rb +2 -0
- data/spec/unit/provider/package/pip2_spec.rb +36 -0
- data/spec/unit/provider/package/puppet_gem_spec.rb +6 -2
- data/spec/unit/provider/package/puppetserver_gem_spec.rb +137 -0
- data/spec/unit/provider/package/yum_spec.rb +31 -0
- data/spec/unit/provider/package/zypper_spec.rb +14 -0
- data/spec/unit/provider/service/base_spec.rb +2 -4
- data/spec/unit/provider/service/bsd_spec.rb +5 -1
- data/spec/unit/provider/service/daemontools_spec.rb +1 -1
- data/spec/unit/provider/service/debian_spec.rb +3 -5
- data/spec/unit/provider/service/freebsd_spec.rb +1 -1
- data/spec/unit/provider/service/gentoo_spec.rb +4 -5
- data/spec/unit/provider/service/init_spec.rb +45 -5
- data/spec/unit/provider/service/launchd_spec.rb +5 -6
- data/spec/unit/provider/service/openrc_spec.rb +4 -5
- data/spec/unit/provider/service/openwrt_spec.rb +1 -1
- data/spec/unit/provider/service/redhat_spec.rb +1 -1
- data/spec/unit/provider/service/runit_spec.rb +2 -1
- data/spec/unit/provider/service/smf_spec.rb +402 -166
- data/spec/unit/provider/service/src_spec.rb +3 -5
- data/spec/unit/provider/service/systemd_spec.rb +3 -6
- data/spec/unit/provider/service/upstart_spec.rb +4 -5
- data/spec/unit/provider/service/windows_spec.rb +28 -1
- data/spec/unit/provider/user/aix_spec.rb +5 -0
- data/spec/unit/provider/user/pw_spec.rb +2 -0
- data/spec/unit/provider/user/useradd_spec.rb +1 -0
- data/spec/unit/provider/user/windows_adsi_spec.rb +82 -0
- data/spec/unit/provider_spec.rb +0 -12
- data/spec/unit/puppet_pal_2pec.rb +40 -0
- data/spec/unit/puppet_pal_catalog_spec.rb +45 -0
- data/spec/unit/reports/store_spec.rb +17 -13
- data/spec/unit/resource/type_collection_spec.rb +2 -22
- data/spec/unit/resource_spec.rb +0 -56
- data/spec/unit/settings/http_extra_headers_spec.rb +2 -4
- data/spec/unit/settings/integer_setting_spec.rb +42 -0
- data/spec/unit/settings/port_setting_spec.rb +31 -0
- data/spec/unit/settings/priority_setting_spec.rb +4 -4
- data/spec/unit/settings_spec.rb +586 -239
- data/spec/unit/ssl/base_spec.rb +36 -3
- data/spec/unit/ssl/certificate_request_spec.rb +15 -45
- data/spec/unit/ssl/certificate_spec.rb +2 -11
- data/spec/unit/ssl/ssl_provider_spec.rb +11 -8
- data/spec/unit/ssl/state_machine_spec.rb +0 -1
- data/spec/unit/ssl/verifier_spec.rb +0 -21
- data/spec/unit/transaction/persistence_spec.rb +15 -0
- data/spec/unit/transaction/report_spec.rb +2 -2
- data/spec/unit/transaction/resource_harness_spec.rb +2 -2
- data/spec/unit/transaction_spec.rb +45 -79
- data/spec/unit/type/file/checksum_spec.rb +6 -6
- data/spec/unit/type/file/content_spec.rb +1 -1
- data/spec/unit/type/file/ensure_spec.rb +1 -1
- data/spec/unit/type/file/mode_spec.rb +1 -1
- data/spec/unit/type/file/source_spec.rb +1 -2
- data/spec/unit/type/file_spec.rb +12 -6
- data/spec/unit/type/filebucket_spec.rb +1 -1
- data/spec/unit/type/package_spec.rb +1 -1
- data/spec/unit/type/service_spec.rb +35 -2
- data/spec/unit/type/user_spec.rb +31 -2
- data/spec/unit/type_spec.rb +20 -0
- data/spec/unit/util/backups_spec.rb +0 -2
- data/spec/unit/util/character_encoding_spec.rb +4 -4
- data/spec/unit/util/command_line_spec.rb +11 -6
- data/spec/unit/util/execution_spec.rb +0 -29
- data/spec/unit/util/monkey_patches_spec.rb +0 -6
- data/spec/unit/util/posix_spec.rb +357 -15
- data/spec/unit/util/rubygems_spec.rb +2 -2
- data/spec/unit/util/run_mode_spec.rb +27 -127
- data/spec/unit/util/storage_spec.rb +3 -1
- data/spec/unit/util/windows/string_spec.rb +1 -3
- data/spec/unit/util/yaml_spec.rb +0 -54
- data/spec/unit/util_spec.rb +0 -18
- metadata +84 -261
- data/conf/auth.conf +0 -150
- data/lib/puppet/application/cert.rb +0 -76
- data/lib/puppet/application/key.rb +0 -4
- data/lib/puppet/application/man.rb +0 -4
- data/lib/puppet/application/status.rb +0 -4
- data/lib/puppet/face/key.rb +0 -16
- data/lib/puppet/face/man.rb +0 -145
- data/lib/puppet/face/module/build.rb +0 -14
- data/lib/puppet/face/module/generate.rb +0 -14
- data/lib/puppet/face/module/search.rb +0 -103
- data/lib/puppet/face/status.rb +0 -51
- data/lib/puppet/indirector/certificate/file.rb +0 -9
- data/lib/puppet/indirector/certificate/rest.rb +0 -18
- data/lib/puppet/indirector/certificate_request/file.rb +0 -9
- data/lib/puppet/indirector/certificate_request/memory.rb +0 -7
- data/lib/puppet/indirector/certificate_request/rest.rb +0 -11
- data/lib/puppet/indirector/file_content/http.rb +0 -22
- data/lib/puppet/indirector/key/file.rb +0 -46
- data/lib/puppet/indirector/key/memory.rb +0 -7
- data/lib/puppet/indirector/ssl_file.rb +0 -162
- data/lib/puppet/indirector/status.rb +0 -3
- data/lib/puppet/indirector/status/local.rb +0 -12
- data/lib/puppet/indirector/status/rest.rb +0 -27
- data/lib/puppet/module_tool/applications/searcher.rb +0 -29
- data/lib/puppet/network/auth_config_parser.rb +0 -90
- data/lib/puppet/network/authstore.rb +0 -283
- data/lib/puppet/network/http/api/master/v3/authorization.rb +0 -18
- data/lib/puppet/network/http/api/master/v3/environment.rb +0 -88
- data/lib/puppet/network/http/base_pool.rb +0 -36
- data/lib/puppet/network/http/compression.rb +0 -127
- data/lib/puppet/network/http/connection_adapter.rb +0 -184
- data/lib/puppet/network/http/nocache_pool.rb +0 -28
- data/lib/puppet/network/rest_controller.rb +0 -2
- data/lib/puppet/network/rights.rb +0 -210
- data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +0 -66
- data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +0 -22
- data/lib/puppet/parser/environment_compiler.rb +0 -202
- data/lib/puppet/pops/types/enumeration.rb +0 -16
- data/lib/puppet/resource/capability_finder.rb +0 -154
- data/lib/puppet/rest/errors.rb +0 -15
- data/lib/puppet/rest/response.rb +0 -35
- data/lib/puppet/rest/route.rb +0 -85
- data/lib/puppet/rest/routes.rb +0 -135
- data/lib/puppet/ssl/host.rb +0 -505
- data/lib/puppet/ssl/key.rb +0 -61
- data/lib/puppet/ssl/validator.rb +0 -61
- data/lib/puppet/ssl/validator/default_validator.rb +0 -209
- data/lib/puppet/ssl/validator/no_validator.rb +0 -22
- data/lib/puppet/ssl/verifier_adapter.rb +0 -58
- data/lib/puppet/status.rb +0 -40
- data/lib/puppet/util/connection.rb +0 -88
- data/lib/puppet/util/ssl.rb +0 -83
- data/lib/puppet/util/windows/api_types.rb +0 -295
- data/lib/puppet/vendor/load_pathspec.rb +0 -1
- data/lib/puppet/vendor/pathspec/CHANGELOG.md +0 -2
- data/lib/puppet/vendor/pathspec/LICENSE +0 -201
- data/lib/puppet/vendor/pathspec/PUPPET_README.md +0 -6
- data/lib/puppet/vendor/pathspec/README.md +0 -53
- data/lib/puppet/vendor/pathspec/lib/pathspec.rb +0 -122
- data/lib/puppet/vendor/pathspec/lib/pathspec/gitignorespec.rb +0 -275
- data/lib/puppet/vendor/pathspec/lib/pathspec/regexspec.rb +0 -17
- data/lib/puppet/vendor/pathspec/lib/pathspec/spec.rb +0 -14
- data/man/man8/puppet-key.8 +0 -126
- data/man/man8/puppet-man.8 +0 -76
- data/man/man8/puppet-status.8 +0 -108
- data/spec/integration/faces/config_spec.rb +0 -91
- data/spec/integration/faces/documentation_spec.rb +0 -57
- data/spec/integration/file_bucket/file_spec.rb +0 -50
- data/spec/integration/file_serving/content_spec.rb +0 -7
- data/spec/integration/file_serving/fileset_spec.rb +0 -12
- data/spec/integration/file_serving/metadata_spec.rb +0 -8
- data/spec/integration/file_serving/terminus_helper_spec.rb +0 -20
- data/spec/integration/file_system/uniquefile_spec.rb +0 -26
- data/spec/integration/module_tool/forge_spec.rb +0 -51
- data/spec/integration/module_tool/tar/mini_spec.rb +0 -28
- data/spec/integration/network/authconfig_spec.rb +0 -256
- data/spec/integration/provider/service/init_spec.rb +0 -48
- data/spec/integration/provider/service/systemd_spec.rb +0 -25
- data/spec/integration/provider/service/windows_spec.rb +0 -50
- data/spec/integration/reference/providers_spec.rb +0 -21
- data/spec/integration/reports_spec.rb +0 -13
- data/spec/integration/ssl/certificate_request_spec.rb +0 -44
- data/spec/integration/ssl/host_spec.rb +0 -72
- data/spec/integration/ssl/key_spec.rb +0 -99
- data/spec/shared_behaviours/file_serving_model.rb +0 -51
- data/spec/unit/capability_spec.rb +0 -414
- data/spec/unit/face/catalog_spec.rb +0 -6
- data/spec/unit/face/key_spec.rb +0 -9
- data/spec/unit/face/man_spec.rb +0 -25
- data/spec/unit/face/module/search_spec.rb +0 -231
- data/spec/unit/face/module_spec.rb +0 -3
- data/spec/unit/face/status_spec.rb +0 -9
- data/spec/unit/indirector/certificate/file_spec.rb +0 -14
- data/spec/unit/indirector/certificate/rest_spec.rb +0 -61
- data/spec/unit/indirector/certificate_request/file_spec.rb +0 -14
- data/spec/unit/indirector/certificate_request/rest_spec.rb +0 -25
- data/spec/unit/indirector/key/file_spec.rb +0 -79
- data/spec/unit/indirector/ssl_file_spec.rb +0 -305
- data/spec/unit/indirector/status/local_spec.rb +0 -10
- data/spec/unit/indirector/status/rest_spec.rb +0 -50
- data/spec/unit/man_spec.rb +0 -31
- data/spec/unit/module_tool/applications/searcher_spec.rb +0 -38
- data/spec/unit/network/auth_config_parser_spec.rb +0 -115
- data/spec/unit/network/authstore_spec.rb +0 -422
- data/spec/unit/network/http/api/master/v3/authorization_spec.rb +0 -57
- data/spec/unit/network/http/api/master/v3/environment_spec.rb +0 -185
- data/spec/unit/network/http/compression_spec.rb +0 -240
- data/spec/unit/network/http/nocache_pool_spec.rb +0 -64
- data/spec/unit/network/http_spec.rb +0 -9
- data/spec/unit/network/rights_spec.rb +0 -439
- data/spec/unit/parser/environment_compiler_spec.rb +0 -730
- data/spec/unit/pops/types/enumeration_spec.rb +0 -51
- data/spec/unit/resource/capability_finder_spec.rb +0 -143
- data/spec/unit/rest/route_spec.rb +0 -132
- data/spec/unit/ssl/host_spec.rb +0 -650
- data/spec/unit/ssl/key_spec.rb +0 -173
- data/spec/unit/ssl/validator_spec.rb +0 -278
- data/spec/unit/status_spec.rb +0 -45
- data/spec/unit/util/ssl_spec.rb +0 -91
data/spec/unit/ssl/base_spec.rb
CHANGED
|
@@ -38,9 +38,8 @@ describe Puppet::SSL::Certificate do
|
|
|
38
38
|
|
|
39
39
|
describe "when determining a name from a certificate subject" do
|
|
40
40
|
it "should extract only the CN and not any other components" do
|
|
41
|
-
|
|
42
|
-
expect(
|
|
43
|
-
expect(@class.name_from_subject(subject)).to eq('host.domain.com')
|
|
41
|
+
name = OpenSSL::X509::Name.parse('/CN=host.domain.com/L=Portland/ST=Oregon')
|
|
42
|
+
expect(@class.name_from_subject(name)).to eq('host.domain.com')
|
|
44
43
|
end
|
|
45
44
|
end
|
|
46
45
|
|
|
@@ -90,4 +89,38 @@ describe Puppet::SSL::Certificate do
|
|
|
90
89
|
}.to raise_error(Puppet::Error, "Unknown signature algorithm 'nonsense'")
|
|
91
90
|
end
|
|
92
91
|
end
|
|
92
|
+
|
|
93
|
+
describe "when getting a CN from a subject" do
|
|
94
|
+
def parse(dn)
|
|
95
|
+
OpenSSL::X509::Name.parse(dn)
|
|
96
|
+
end
|
|
97
|
+
|
|
98
|
+
def cn_from(subject)
|
|
99
|
+
@class.name_from_subject(subject)
|
|
100
|
+
end
|
|
101
|
+
|
|
102
|
+
it "should correctly parse a subject containing only a CN" do
|
|
103
|
+
subj = parse('/CN=foo')
|
|
104
|
+
expect(cn_from(subj)).to eq('foo')
|
|
105
|
+
end
|
|
106
|
+
|
|
107
|
+
it "should correctly parse a subject containing other components" do
|
|
108
|
+
subj = parse('/CN=Root CA/OU=Server Operations/O=Example Org')
|
|
109
|
+
expect(cn_from(subj)).to eq('Root CA')
|
|
110
|
+
end
|
|
111
|
+
|
|
112
|
+
it "should correctly parse a subject containing other components with CN not first" do
|
|
113
|
+
subj = parse('/emailAddress=foo@bar.com/CN=foo.bar.com/O=Example Org')
|
|
114
|
+
expect(cn_from(subj)).to eq('foo.bar.com')
|
|
115
|
+
end
|
|
116
|
+
|
|
117
|
+
it "should return nil for a subject with no CN" do
|
|
118
|
+
subj = parse('/OU=Server Operations/O=Example Org')
|
|
119
|
+
expect(cn_from(subj)).to eq(nil)
|
|
120
|
+
end
|
|
121
|
+
|
|
122
|
+
it "should return nil for a bare string" do
|
|
123
|
+
expect(cn_from("/CN=foo")).to eq(nil)
|
|
124
|
+
end
|
|
125
|
+
end
|
|
93
126
|
end
|
|
@@ -1,23 +1,10 @@
|
|
|
1
1
|
require 'spec_helper'
|
|
2
2
|
|
|
3
3
|
require 'puppet/ssl/certificate_request'
|
|
4
|
-
require 'puppet/ssl/key'
|
|
5
4
|
|
|
6
5
|
describe Puppet::SSL::CertificateRequest do
|
|
7
6
|
let(:request) { described_class.new("myname") }
|
|
8
|
-
let(:key) {
|
|
9
|
-
k = Puppet::SSL::Key.new("myname")
|
|
10
|
-
k.generate
|
|
11
|
-
k
|
|
12
|
-
}
|
|
13
|
-
|
|
14
|
-
it "should be extended with the Indirector module" do
|
|
15
|
-
expect(described_class.singleton_class).to be_include(Puppet::Indirector)
|
|
16
|
-
end
|
|
17
|
-
|
|
18
|
-
it "should indirect certificate_request" do
|
|
19
|
-
expect(described_class.indirection.name).to eq(:certificate_request)
|
|
20
|
-
end
|
|
7
|
+
let(:key) { OpenSSL::PKey::RSA.new(Puppet[:keylength]) }
|
|
21
8
|
|
|
22
9
|
it "should use any provided name as its name" do
|
|
23
10
|
expect(described_class.new("myname").name).to eq("myname")
|
|
@@ -83,14 +70,9 @@ describe Puppet::SSL::CertificateRequest do
|
|
|
83
70
|
end
|
|
84
71
|
|
|
85
72
|
describe "when generating", :unless => RUBY_PLATFORM == 'java' do
|
|
86
|
-
it "should
|
|
73
|
+
it "should verify the CSR using the public key associated with the private key" do
|
|
87
74
|
request.generate(key)
|
|
88
|
-
expect(request.content.verify(key.
|
|
89
|
-
end
|
|
90
|
-
|
|
91
|
-
it "should set the subject to [CN, name]" do
|
|
92
|
-
request.generate(key)
|
|
93
|
-
expect(request.content.subject).to eq OpenSSL::X509::Name.new([['CN', key.name]])
|
|
75
|
+
expect(request.content.verify(key.public_key)).to be_truthy
|
|
94
76
|
end
|
|
95
77
|
|
|
96
78
|
it "should set the version to 0" do
|
|
@@ -101,7 +83,7 @@ describe Puppet::SSL::CertificateRequest do
|
|
|
101
83
|
it "should set the public key to the provided key's public key" do
|
|
102
84
|
request.generate(key)
|
|
103
85
|
# The openssl bindings do not define equality on keys so we use to_s
|
|
104
|
-
expect(request.content.public_key.to_s).to eq(key.
|
|
86
|
+
expect(request.content.public_key.to_s).to eq(key.public_key.to_s)
|
|
105
87
|
end
|
|
106
88
|
|
|
107
89
|
context "without subjectAltName / dns_alt_names" do
|
|
@@ -295,20 +277,20 @@ describe Puppet::SSL::CertificateRequest do
|
|
|
295
277
|
|
|
296
278
|
it "should sign the csr with the provided key" do
|
|
297
279
|
request.generate(key)
|
|
298
|
-
expect(request.content.verify(key.
|
|
280
|
+
expect(request.content.verify(key.public_key)).to be_truthy
|
|
299
281
|
end
|
|
300
282
|
|
|
301
283
|
it "should verify the generated request using the public key" do
|
|
302
284
|
# Stupid keys don't have a competent == method.
|
|
303
285
|
expect_any_instance_of(OpenSSL::X509::Request).to receive(:verify) do |public_key|
|
|
304
|
-
public_key.to_s == key.
|
|
286
|
+
public_key.to_s == key.public_key.to_s
|
|
305
287
|
end.and_return(true)
|
|
306
288
|
request.generate(key)
|
|
307
289
|
end
|
|
308
290
|
|
|
309
291
|
it "should fail if verification fails" do
|
|
310
292
|
expect_any_instance_of(OpenSSL::X509::Request).to receive(:verify) do |public_key|
|
|
311
|
-
public_key.to_s == key.
|
|
293
|
+
public_key.to_s == key.public_key.to_s
|
|
312
294
|
end.and_return(false)
|
|
313
295
|
|
|
314
296
|
expect do
|
|
@@ -334,8 +316,8 @@ describe Puppet::SSL::CertificateRequest do
|
|
|
334
316
|
expect(OpenSSL::Digest).to receive(:const_defined?).with("SHA256").and_return(false)
|
|
335
317
|
expect(OpenSSL::Digest).to receive(:const_defined?).with("SHA1").and_return(true)
|
|
336
318
|
signer = Puppet::SSL::CertificateSigner.new
|
|
337
|
-
signer.sign(csr, key
|
|
338
|
-
expect(csr.verify(key
|
|
319
|
+
signer.sign(csr, key)
|
|
320
|
+
expect(csr.verify(key)).to be_truthy
|
|
339
321
|
end
|
|
340
322
|
|
|
341
323
|
# Attempts to use SHA512 and SHA384 for signing certificates don't seem to work
|
|
@@ -348,8 +330,8 @@ describe Puppet::SSL::CertificateRequest do
|
|
|
348
330
|
expect(OpenSSL::Digest).to receive(:const_defined?).with("SHA1").and_return(false)
|
|
349
331
|
expect(OpenSSL::Digest).to receive(:const_defined?).with("SHA512").and_return(true)
|
|
350
332
|
signer = Puppet::SSL::CertificateSigner.new
|
|
351
|
-
signer.sign(csr, key
|
|
352
|
-
expect(csr.verify(key
|
|
333
|
+
signer.sign(csr, key)
|
|
334
|
+
expect(csr.verify(key)).to be_truthy
|
|
353
335
|
end
|
|
354
336
|
|
|
355
337
|
# Attempts to use SHA512 and SHA384 for signing certificates don't seem to work
|
|
@@ -363,8 +345,8 @@ describe Puppet::SSL::CertificateRequest do
|
|
|
363
345
|
expect(OpenSSL::Digest).to receive(:const_defined?).with("SHA512").and_return(false)
|
|
364
346
|
expect(OpenSSL::Digest).to receive(:const_defined?).with("SHA384").and_return(true)
|
|
365
347
|
signer = Puppet::SSL::CertificateSigner.new
|
|
366
|
-
signer.sign(csr, key
|
|
367
|
-
expect(csr.verify(key
|
|
348
|
+
signer.sign(csr, key)
|
|
349
|
+
expect(csr.verify(key)).to be_truthy
|
|
368
350
|
end
|
|
369
351
|
|
|
370
352
|
it "should use SHA224 to sign the csr when SHA256/SHA1/SHA512/SHA384 aren't available" do
|
|
@@ -375,8 +357,8 @@ describe Puppet::SSL::CertificateRequest do
|
|
|
375
357
|
expect(OpenSSL::Digest).to receive(:const_defined?).with("SHA384").and_return(false)
|
|
376
358
|
expect(OpenSSL::Digest).to receive(:const_defined?).with("SHA224").and_return(true)
|
|
377
359
|
signer = Puppet::SSL::CertificateSigner.new
|
|
378
|
-
signer.sign(csr, key
|
|
379
|
-
expect(csr.verify(key
|
|
360
|
+
signer.sign(csr, key)
|
|
361
|
+
expect(csr.verify(key)).to be_truthy
|
|
380
362
|
end
|
|
381
363
|
|
|
382
364
|
it "should raise an error if neither SHA256/SHA1/SHA512/SHA384/SHA224 are available" do
|
|
@@ -390,16 +372,4 @@ describe Puppet::SSL::CertificateRequest do
|
|
|
390
372
|
}.to raise_error(Puppet::Error)
|
|
391
373
|
end
|
|
392
374
|
end
|
|
393
|
-
|
|
394
|
-
it "should save the CSR" do
|
|
395
|
-
csr = Puppet::SSL::CertificateRequest.new("me")
|
|
396
|
-
terminus = double('terminus')
|
|
397
|
-
allow(terminus).to receive(:validate)
|
|
398
|
-
expect(Puppet::SSL::CertificateRequest.indirection).to receive(:prepare).and_return(terminus)
|
|
399
|
-
expect(terminus).to receive(:save) do |request|
|
|
400
|
-
expect(request.instance).to eq(csr)
|
|
401
|
-
expect(request.key).to eq("me")
|
|
402
|
-
end
|
|
403
|
-
Puppet::SSL::CertificateRequest.indirection.save(csr)
|
|
404
|
-
end
|
|
405
375
|
end
|
|
@@ -4,7 +4,7 @@ require 'puppet/certificate_factory'
|
|
|
4
4
|
require 'puppet/ssl/certificate'
|
|
5
5
|
|
|
6
6
|
describe Puppet::SSL::Certificate do
|
|
7
|
-
let :key do
|
|
7
|
+
let :key do OpenSSL::PKey::RSA.new(Puppet[:keylength]) end
|
|
8
8
|
|
|
9
9
|
# Sign the provided cert so that it can be DER-decoded later
|
|
10
10
|
def sign_wrapped_cert(cert)
|
|
@@ -16,14 +16,6 @@ describe Puppet::SSL::Certificate do
|
|
|
16
16
|
@class = Puppet::SSL::Certificate
|
|
17
17
|
end
|
|
18
18
|
|
|
19
|
-
it "should be extended with the Indirector module" do
|
|
20
|
-
expect(@class.singleton_class).to be_include(Puppet::Indirector)
|
|
21
|
-
end
|
|
22
|
-
|
|
23
|
-
it "should indirect certificate" do
|
|
24
|
-
expect(@class.indirection.name).to eq(:certificate)
|
|
25
|
-
end
|
|
26
|
-
|
|
27
19
|
it "should only support the text format" do
|
|
28
20
|
expect(@class.supported_formats).to eq([:s])
|
|
29
21
|
end
|
|
@@ -82,8 +74,7 @@ describe Puppet::SSL::Certificate do
|
|
|
82
74
|
|
|
83
75
|
describe "when managing instances" do
|
|
84
76
|
def build_cert(opts)
|
|
85
|
-
key =
|
|
86
|
-
key.generate
|
|
77
|
+
key = OpenSSL::PKey::RSA.new(Puppet[:keylength])
|
|
87
78
|
csr = Puppet::SSL::CertificateRequest.new('quux')
|
|
88
79
|
csr.generate(key, opts)
|
|
89
80
|
|
|
@@ -271,14 +271,17 @@ describe Puppet::SSL::SSLProvider do
|
|
|
271
271
|
end
|
|
272
272
|
|
|
273
273
|
# This option is only available in openssl 1.1
|
|
274
|
-
|
|
275
|
-
|
|
276
|
-
|
|
277
|
-
|
|
278
|
-
|
|
279
|
-
|
|
280
|
-
|
|
281
|
-
|
|
274
|
+
# TODO PUP-10689 behavior changed in openssl 1.1.1h
|
|
275
|
+
if Puppet::Util::Package.versioncmp(OpenSSL::OPENSSL_LIBRARY_VERSION.split[1], '1.1.1h') < 0
|
|
276
|
+
it 'raises if root cert signature is invalid', if: defined?(OpenSSL::X509::V_FLAG_CHECK_SS_SIGNATURE) do
|
|
277
|
+
ca = global_cacerts.first
|
|
278
|
+
ca.sign(wrong_key, OpenSSL::Digest::SHA256.new)
|
|
279
|
+
|
|
280
|
+
expect {
|
|
281
|
+
subject.create_context(**config.merge(cacerts: global_cacerts))
|
|
282
|
+
}.to raise_error(Puppet::SSL::CertVerifyError,
|
|
283
|
+
"Invalid signature for certificate 'CN=Test CA'")
|
|
284
|
+
end
|
|
282
285
|
end
|
|
283
286
|
|
|
284
287
|
it 'raises if intermediate CA signature is invalid' do
|
|
@@ -505,7 +505,6 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
|
|
|
505
505
|
Puppet[:certificate_revocation] = false
|
|
506
506
|
|
|
507
507
|
expect(cert_provider).not_to receive(:load_crls)
|
|
508
|
-
expect(Puppet::Rest::Routes).not_to receive(:get_crls)
|
|
509
508
|
|
|
510
509
|
state.next_state
|
|
511
510
|
|
|
@@ -6,7 +6,6 @@ describe Puppet::SSL::Verifier do
|
|
|
6
6
|
let(:host) { 'example.com' }
|
|
7
7
|
let(:http) { Net::HTTP.new(host) }
|
|
8
8
|
let(:verifier) { described_class.new(host, ssl_context) }
|
|
9
|
-
let(:adapter) { Puppet::SSL::VerifierAdapter.new(Puppet::SSL::Validator::DefaultValidator.new) }
|
|
10
9
|
|
|
11
10
|
context '#reusable?' do
|
|
12
11
|
it 'Verifiers with the same ssl_context are reusable' do
|
|
@@ -16,26 +15,6 @@ describe Puppet::SSL::Verifier do
|
|
|
16
15
|
it 'Verifiers with different ssl_contexts are not reusable' do
|
|
17
16
|
expect(verifier).to_not be_reusable(described_class.new(host, Puppet::SSL::SSLContext.new))
|
|
18
17
|
end
|
|
19
|
-
|
|
20
|
-
it 'Verifier is not reusable with VerifierAdapter' do
|
|
21
|
-
expect(verifier).to_not be_reusable(adapter)
|
|
22
|
-
end
|
|
23
|
-
|
|
24
|
-
it 'VerifierAdapter is not reusable with Verifier' do
|
|
25
|
-
expect(adapter).to_not be_reusable(verifier)
|
|
26
|
-
end
|
|
27
|
-
|
|
28
|
-
it 'VerifierAdapters with the same class of Validator are reusable' do
|
|
29
|
-
expect(
|
|
30
|
-
adapter
|
|
31
|
-
).to be_reusable(Puppet::SSL::VerifierAdapter.new(Puppet::SSL::Validator::DefaultValidator.new))
|
|
32
|
-
end
|
|
33
|
-
|
|
34
|
-
it 'VerifierAdapters with different classes of Validators are not reusable' do
|
|
35
|
-
expect(
|
|
36
|
-
adapter
|
|
37
|
-
).to_not be_reusable(Puppet::SSL::VerifierAdapter.new(Puppet::SSL::Validator::NoValidator.new))
|
|
38
|
-
end
|
|
39
18
|
end
|
|
40
19
|
|
|
41
20
|
context '#setup_connection' do
|
|
@@ -123,6 +123,21 @@ describe Puppet::Transaction::Persistence do
|
|
|
123
123
|
persistence = Puppet::Transaction::Persistence.new
|
|
124
124
|
persistence.load
|
|
125
125
|
end
|
|
126
|
+
|
|
127
|
+
it 'should load Time and Symbols' do
|
|
128
|
+
write_state_file(<<~END)
|
|
129
|
+
File[/tmp/audit]:
|
|
130
|
+
parameters:
|
|
131
|
+
mtime:
|
|
132
|
+
system_value:
|
|
133
|
+
- 2020-07-15 05:38:12.427678398 +00:00
|
|
134
|
+
ensure:
|
|
135
|
+
system_value:
|
|
136
|
+
END
|
|
137
|
+
|
|
138
|
+
persistence = Puppet::Transaction::Persistence.new
|
|
139
|
+
expect(persistence.load.dig("File[/tmp/audit]", "parameters", "mtime", "system_value")).to contain_exactly(be_a(Time))
|
|
140
|
+
end
|
|
126
141
|
end
|
|
127
142
|
end
|
|
128
143
|
|
|
@@ -675,7 +675,7 @@ Version:
|
|
|
675
675
|
report.code_id = "some code id"
|
|
676
676
|
report.catalog_uuid = "some catalog uuid"
|
|
677
677
|
report.cached_catalog_status = "not_used"
|
|
678
|
-
report.
|
|
678
|
+
report.server_used = "test:000"
|
|
679
679
|
report.add_resource_status(status)
|
|
680
680
|
report.transaction_completed = true
|
|
681
681
|
report.finalize_report
|
|
@@ -693,7 +693,7 @@ Version:
|
|
|
693
693
|
report.code_id = "some code id"
|
|
694
694
|
report.catalog_uuid = "some catalog uuid"
|
|
695
695
|
report.cached_catalog_status = "not_used"
|
|
696
|
-
report.
|
|
696
|
+
report.server_used = "test:000"
|
|
697
697
|
report.add_resource_status(status)
|
|
698
698
|
report.transaction_completed = true
|
|
699
699
|
report.finalize_report
|
|
@@ -612,14 +612,14 @@ describe Puppet::Transaction::ResourceHarness do
|
|
|
612
612
|
allow_any_instance_of(Puppet::Transaction::Event).to receive(:corrective_change).and_return(true)
|
|
613
613
|
status = @harness.evaluate(resource)
|
|
614
614
|
sync_event = status.events[0]
|
|
615
|
-
expect(sync_event.message).to match(/content changed '{
|
|
615
|
+
expect(sync_event.message).to match(/content changed '{sha256}[0-9a-f]+' to '{sha256}[0-9a-f]+' \(corrective\)/)
|
|
616
616
|
end
|
|
617
617
|
|
|
618
618
|
it "contains no modifier when intentional change" do
|
|
619
619
|
allow_any_instance_of(Puppet::Transaction::Event).to receive(:corrective_change).and_return(false)
|
|
620
620
|
status = @harness.evaluate(resource)
|
|
621
621
|
sync_event = status.events[0]
|
|
622
|
-
expect(sync_event.message).to match(/content changed '{
|
|
622
|
+
expect(sync_event.message).to match(/content changed '{sha256}[0-9a-f]+' to '{sha256}[0-9a-f]+'$/)
|
|
623
623
|
end
|
|
624
624
|
end
|
|
625
625
|
end
|
|
@@ -598,115 +598,81 @@ describe Puppet::Transaction do
|
|
|
598
598
|
transaction.prefetch_if_necessary(resource)
|
|
599
599
|
end
|
|
600
600
|
|
|
601
|
-
it "should not rescue SystemExit
|
|
602
|
-
Puppet.settings[:future_features] = false
|
|
601
|
+
it "should not rescue SystemExit" do
|
|
603
602
|
expect(resource.provider.class).to receive(:prefetch).and_raise(SystemExit, "SystemMessage")
|
|
604
603
|
expect { transaction.prefetch_if_necessary(resource) }.to raise_error(SystemExit, "SystemMessage")
|
|
605
604
|
end
|
|
606
605
|
|
|
607
|
-
it "should
|
|
608
|
-
Puppet.settings[:future_features] = true
|
|
609
|
-
expect(resource.provider.class).to receive(:prefetch).and_raise(SystemExit, "SystemMessage")
|
|
610
|
-
expect { transaction.prefetch_if_necessary(resource) }.to raise_error(SystemExit, "SystemMessage")
|
|
611
|
-
end
|
|
612
|
-
|
|
613
|
-
it "should rescue LoadError without future_features flag" do
|
|
614
|
-
Puppet.settings[:future_features] = false
|
|
615
|
-
expect(resource.provider.class).to receive(:prefetch).and_raise(LoadError, "LoadMessage")
|
|
616
|
-
expect { transaction.prefetch_if_necessary(resource) }.not_to raise_error
|
|
617
|
-
end
|
|
618
|
-
|
|
619
|
-
it "should rescue LoadError with future_features flag" do
|
|
620
|
-
Puppet.settings[:future_features] = true
|
|
606
|
+
it "should mark resources as failed when prefetching raises LoadError" do
|
|
621
607
|
expect(resource.provider.class).to receive(:prefetch).and_raise(LoadError, "LoadMessage")
|
|
622
|
-
|
|
608
|
+
transaction.prefetch_if_necessary(resource)
|
|
609
|
+
expect(transaction.prefetched_providers[:package][:pkgng]).to be_truthy
|
|
623
610
|
end
|
|
624
611
|
|
|
625
|
-
describe "and prefetching
|
|
612
|
+
describe "and prefetching raises Puppet::Error" do
|
|
626
613
|
before :each do
|
|
627
614
|
expect(resource.provider.class).to receive(:prefetch).and_raise(Puppet::Error, "message")
|
|
628
615
|
end
|
|
629
616
|
|
|
630
|
-
|
|
631
|
-
|
|
632
|
-
Puppet.settings[:future_features] = false
|
|
633
|
-
end
|
|
634
|
-
|
|
635
|
-
it "should not rescue prefetch executions" do
|
|
636
|
-
expect { transaction.prefetch_if_necessary(resource) }.to raise_error(Puppet::Error)
|
|
637
|
-
end
|
|
617
|
+
it "should rescue prefetch executions" do
|
|
618
|
+
transaction.prefetch_if_necessary(resource)
|
|
638
619
|
|
|
639
|
-
|
|
640
|
-
expect(Puppet).to receive(:log_exception).with(anything, "Could not prefetch package provider 'pkgng': message")
|
|
641
|
-
expect { transaction.prefetch_if_necessary(resource) }.to raise_error(Puppet::Error, "message")
|
|
642
|
-
end
|
|
620
|
+
expect(transaction.prefetched_providers[:package][:pkgng]).to be_truthy
|
|
643
621
|
end
|
|
644
622
|
|
|
645
|
-
|
|
646
|
-
|
|
647
|
-
Puppet.settings[:future_features] = true
|
|
648
|
-
end
|
|
623
|
+
it "should mark resources as failed", :unless => RUBY_PLATFORM == 'java' do
|
|
624
|
+
transaction.evaluate
|
|
649
625
|
|
|
650
|
-
|
|
651
|
-
|
|
626
|
+
expect(transaction.resource_status(resource).failed?).to be_truthy
|
|
627
|
+
end
|
|
652
628
|
|
|
653
|
-
|
|
654
|
-
|
|
629
|
+
it "should mark a provider that has failed prefetch" do
|
|
630
|
+
transaction.prefetch_if_necessary(resource)
|
|
655
631
|
|
|
656
|
-
|
|
657
|
-
|
|
632
|
+
expect(transaction.prefetch_failed_providers[:package][:pkgng]).to be_truthy
|
|
633
|
+
end
|
|
658
634
|
|
|
659
|
-
|
|
635
|
+
describe "and new resources are generated" do
|
|
636
|
+
let(:generator) { Puppet::Type.type(:notify).new :title => "generator" }
|
|
637
|
+
let(:generated) do
|
|
638
|
+
%w[a b c].map { |name| Puppet::Type.type(:package).new :title => "foo", :name => name, :provider => :apt }
|
|
660
639
|
end
|
|
661
640
|
|
|
662
|
-
|
|
663
|
-
|
|
664
|
-
|
|
665
|
-
|
|
641
|
+
before :each do
|
|
642
|
+
catalog.add_resource generator
|
|
643
|
+
allow(generator).to receive(:generate).and_return(generated)
|
|
644
|
+
allow(catalog).to receive(:container_of).and_return(generator)
|
|
666
645
|
end
|
|
667
646
|
|
|
668
|
-
|
|
669
|
-
|
|
670
|
-
|
|
671
|
-
|
|
672
|
-
end
|
|
673
|
-
|
|
674
|
-
before :each do
|
|
675
|
-
catalog.add_resource generator
|
|
676
|
-
allow(generator).to receive(:generate).and_return(generated)
|
|
677
|
-
allow(catalog).to receive(:container_of).and_return(generator)
|
|
678
|
-
end
|
|
679
|
-
|
|
680
|
-
it "should not evaluate resources with a failed provider, even if the prefetch is rescued" do
|
|
681
|
-
#Only the generator resource should be applied, all the other resources are failed, and skipped.
|
|
682
|
-
catalog.remove_resource resource2
|
|
683
|
-
expect(transaction).to receive(:apply).once
|
|
647
|
+
it "should not evaluate resources with a failed provider, even if the prefetch is rescued" do
|
|
648
|
+
#Only the generator resource should be applied, all the other resources are failed, and skipped.
|
|
649
|
+
catalog.remove_resource resource2
|
|
650
|
+
expect(transaction).to receive(:apply).once
|
|
684
651
|
|
|
685
|
-
|
|
686
|
-
|
|
652
|
+
transaction.evaluate
|
|
653
|
+
end
|
|
687
654
|
|
|
688
|
-
|
|
689
|
-
|
|
690
|
-
|
|
655
|
+
it "should not fail other resources added after the failing resource", :unless => RUBY_PLATFORM == 'java' do
|
|
656
|
+
new_resource = Puppet::Type.type(:notify).new :name => "baz"
|
|
657
|
+
catalog.add_resource(new_resource)
|
|
691
658
|
|
|
692
|
-
|
|
659
|
+
transaction.evaluate
|
|
693
660
|
|
|
694
|
-
|
|
695
|
-
|
|
661
|
+
expect(transaction.resource_status(new_resource).failed?).to be_falsey
|
|
662
|
+
end
|
|
696
663
|
|
|
697
|
-
|
|
698
|
-
|
|
699
|
-
|
|
664
|
+
it "should fail other resources that require the failing resource" do
|
|
665
|
+
new_resource = Puppet::Type.type(:notify).new(:name => "baz", :require => resource)
|
|
666
|
+
catalog.add_resource(new_resource)
|
|
700
667
|
|
|
701
|
-
|
|
702
|
-
|
|
668
|
+
catalog.remove_resource resource2
|
|
669
|
+
expect(transaction).to receive(:apply).once
|
|
703
670
|
|
|
704
|
-
|
|
671
|
+
transaction.evaluate
|
|
705
672
|
|
|
706
|
-
|
|
707
|
-
|
|
708
|
-
|
|
709
|
-
end
|
|
673
|
+
expect(transaction.resource_status(resource).failed?).to be_truthy
|
|
674
|
+
expect(transaction.resource_status(new_resource).dependency_failed?).to be_truthy
|
|
675
|
+
expect(transaction.skip?(new_resource)).to be_truthy
|
|
710
676
|
end
|
|
711
677
|
end
|
|
712
678
|
end
|