puppet 6.19.1-universal-darwin → 7.0.0-universal-darwin

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of puppet might be problematic. Click here for more details.

Files changed (440) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +1 -1
  3. data/Gemfile.lock +19 -20
  4. data/README.md +1 -1
  5. data/conf/fileserver.conf +5 -10
  6. data/ext/build_defaults.yaml +1 -1
  7. data/ext/osx/file_mapping.yaml +0 -5
  8. data/ext/project_data.yaml +1 -14
  9. data/ext/redhat/puppet.spec.erb +0 -1
  10. data/ext/windows/service/daemon.rb +6 -5
  11. data/install.rb +21 -17
  12. data/lib/puppet.rb +11 -20
  13. data/lib/puppet/application.rb +172 -98
  14. data/lib/puppet/application/device.rb +100 -104
  15. data/lib/puppet/application/filebucket.rb +15 -11
  16. data/lib/puppet/application/ssl.rb +1 -1
  17. data/lib/puppet/configurer.rb +28 -33
  18. data/lib/puppet/configurer/plugin_handler.rb +21 -19
  19. data/lib/puppet/defaults.rb +95 -159
  20. data/lib/puppet/environments.rb +10 -25
  21. data/lib/puppet/face/config.rb +10 -0
  22. data/lib/puppet/face/epp.rb +12 -2
  23. data/lib/puppet/face/facts.rb +66 -6
  24. data/lib/puppet/face/help.rb +1 -1
  25. data/lib/puppet/face/plugin.rb +5 -8
  26. data/lib/puppet/ffi/windows.rb +12 -0
  27. data/lib/puppet/ffi/windows/api_types.rb +311 -0
  28. data/lib/puppet/ffi/windows/constants.rb +404 -0
  29. data/lib/puppet/ffi/windows/functions.rb +628 -0
  30. data/lib/puppet/ffi/windows/structs.rb +338 -0
  31. data/lib/puppet/file_serving/configuration.rb +0 -5
  32. data/lib/puppet/file_serving/configuration/parser.rb +3 -32
  33. data/lib/puppet/file_serving/http_metadata.rb +1 -1
  34. data/lib/puppet/file_serving/mount.rb +1 -2
  35. data/lib/puppet/forge/repository.rb +0 -1
  36. data/lib/puppet/functions/epp.rb +1 -0
  37. data/lib/puppet/functions/inline_epp.rb +1 -0
  38. data/lib/puppet/generate/models/type/type.rb +4 -1
  39. data/lib/puppet/http.rb +22 -13
  40. data/lib/puppet/http/client.rb +164 -114
  41. data/lib/puppet/{network/resolver.rb → http/dns.rb} +2 -2
  42. data/lib/puppet/http/errors.rb +16 -0
  43. data/lib/puppet/http/external_client.rb +5 -7
  44. data/lib/puppet/{network/http → http}/factory.rb +8 -11
  45. data/lib/puppet/{network/http → http}/pool.rb +61 -26
  46. data/lib/puppet/{network/http/session.rb → http/pool_entry.rb} +2 -3
  47. data/lib/puppet/http/proxy.rb +137 -0
  48. data/lib/puppet/http/redirector.rb +4 -12
  49. data/lib/puppet/http/resolver.rb +5 -15
  50. data/lib/puppet/http/resolver/server_list.rb +6 -10
  51. data/lib/puppet/http/resolver/settings.rb +4 -7
  52. data/lib/puppet/http/resolver/srv.rb +7 -11
  53. data/lib/puppet/http/response.rb +36 -54
  54. data/lib/puppet/http/response_converter.rb +24 -0
  55. data/lib/puppet/http/response_net_http.rb +42 -0
  56. data/lib/puppet/http/retry_after_handler.rb +4 -13
  57. data/lib/puppet/http/service.rb +12 -26
  58. data/lib/puppet/http/service/ca.rb +11 -22
  59. data/lib/puppet/http/service/compiler.rb +22 -69
  60. data/lib/puppet/http/service/file_server.rb +18 -27
  61. data/lib/puppet/http/service/puppetserver.rb +26 -12
  62. data/lib/puppet/http/service/report.rb +8 -10
  63. data/lib/puppet/http/session.rb +11 -20
  64. data/lib/puppet/{network/http → http}/site.rb +1 -2
  65. data/lib/puppet/indirector/catalog/rest.rb +2 -4
  66. data/lib/puppet/indirector/fact_search.rb +60 -0
  67. data/lib/puppet/indirector/facts/facter.rb +24 -3
  68. data/lib/puppet/indirector/facts/json.rb +27 -0
  69. data/lib/puppet/indirector/facts/rest.rb +3 -22
  70. data/lib/puppet/indirector/facts/yaml.rb +3 -58
  71. data/lib/puppet/indirector/file_bucket_file/rest.rb +3 -9
  72. data/lib/puppet/indirector/file_content/rest.rb +2 -6
  73. data/lib/puppet/indirector/file_metadata/rest.rb +3 -9
  74. data/lib/puppet/indirector/file_server.rb +1 -8
  75. data/lib/puppet/indirector/generic_http.rb +0 -11
  76. data/lib/puppet/indirector/json.rb +5 -1
  77. data/lib/puppet/indirector/node/json.rb +8 -0
  78. data/lib/puppet/indirector/node/rest.rb +2 -4
  79. data/lib/puppet/indirector/report/json.rb +34 -0
  80. data/lib/puppet/indirector/report/rest.rb +3 -8
  81. data/lib/puppet/indirector/request.rb +0 -101
  82. data/lib/puppet/indirector/rest.rb +12 -263
  83. data/lib/puppet/module_tool/applications.rb +0 -1
  84. data/lib/puppet/network/authconfig.rb +2 -96
  85. data/lib/puppet/network/authorization.rb +13 -35
  86. data/lib/puppet/network/formats.rb +2 -1
  87. data/lib/puppet/network/http.rb +3 -3
  88. data/lib/puppet/network/http/api/indirected_routes.rb +2 -20
  89. data/lib/puppet/network/http/api/master/v3.rb +11 -13
  90. data/lib/puppet/network/http/connection.rb +247 -316
  91. data/lib/puppet/network/http/handler.rb +0 -1
  92. data/lib/puppet/network/http_pool.rb +16 -34
  93. data/lib/puppet/node.rb +1 -30
  94. data/lib/puppet/pal/json_catalog_encoder.rb +4 -0
  95. data/lib/puppet/pal/pal_impl.rb +73 -18
  96. data/lib/puppet/parser/ast/pops_bridge.rb +0 -38
  97. data/lib/puppet/parser/compiler.rb +0 -198
  98. data/lib/puppet/parser/compiler/catalog_validator/relationship_validator.rb +14 -39
  99. data/lib/puppet/parser/resource.rb +0 -69
  100. data/lib/puppet/pops/evaluator/evaluator_impl.rb +22 -8
  101. data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +3 -3
  102. data/lib/puppet/pops/evaluator/runtime3_support.rb +1 -1
  103. data/lib/puppet/pops/issues.rb +0 -5
  104. data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +6 -8
  105. data/lib/puppet/pops/model/ast.pp +0 -42
  106. data/lib/puppet/pops/model/ast.rb +0 -290
  107. data/lib/puppet/pops/model/factory.rb +0 -45
  108. data/lib/puppet/pops/model/model_label_provider.rb +0 -5
  109. data/lib/puppet/pops/model/model_tree_dumper.rb +0 -22
  110. data/lib/puppet/pops/model/pn_transformer.rb +0 -16
  111. data/lib/puppet/pops/parser/egrammar.ra +0 -56
  112. data/lib/puppet/pops/parser/eparser.rb +1520 -1712
  113. data/lib/puppet/pops/parser/lexer2.rb +4 -4
  114. data/lib/puppet/pops/parser/parser_support.rb +0 -5
  115. data/lib/puppet/pops/resource/resource_type_impl.rb +2 -24
  116. data/lib/puppet/pops/types/type_calculator.rb +0 -7
  117. data/lib/puppet/pops/types/type_parser.rb +0 -4
  118. data/lib/puppet/pops/types/types.rb +0 -1
  119. data/lib/puppet/pops/validation/checker4_0.rb +9 -37
  120. data/lib/puppet/pops/validation/tasks_checker.rb +0 -12
  121. data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -2
  122. data/lib/puppet/provider.rb +0 -13
  123. data/lib/puppet/provider/nameservice.rb +0 -18
  124. data/lib/puppet/provider/package/dpkg.rb +0 -10
  125. data/lib/puppet/provider/package/gem.rb +23 -3
  126. data/lib/puppet/provider/package/pip.rb +0 -1
  127. data/lib/puppet/provider/package/pkg.rb +0 -4
  128. data/lib/puppet/provider/package/portage.rb +1 -1
  129. data/lib/puppet/provider/package/puppet_gem.rb +1 -4
  130. data/lib/puppet/provider/service/smf.rb +191 -73
  131. data/lib/puppet/provider/user/directoryservice.rb +0 -10
  132. data/lib/puppet/reference/configuration.rb +2 -0
  133. data/lib/puppet/reference/indirection.rb +1 -1
  134. data/lib/puppet/resource.rb +1 -89
  135. data/lib/puppet/resource/catalog.rb +1 -14
  136. data/lib/puppet/resource/type.rb +3 -119
  137. data/lib/puppet/resource/type_collection.rb +3 -48
  138. data/lib/puppet/runtime.rb +1 -2
  139. data/lib/puppet/settings.rb +45 -33
  140. data/lib/puppet/settings/base_setting.rb +26 -2
  141. data/lib/puppet/settings/integer_setting.rb +17 -0
  142. data/lib/puppet/settings/port_setting.rb +15 -0
  143. data/lib/puppet/settings/priority_setting.rb +5 -4
  144. data/lib/puppet/ssl.rb +10 -6
  145. data/lib/puppet/ssl/base.rb +3 -5
  146. data/lib/puppet/ssl/certificate.rb +0 -6
  147. data/lib/puppet/ssl/certificate_request.rb +1 -12
  148. data/lib/puppet/ssl/certificate_signer.rb +6 -0
  149. data/lib/puppet/ssl/oids.rb +3 -1
  150. data/lib/puppet/ssl/ssl_provider.rb +17 -0
  151. data/lib/puppet/ssl/state_machine.rb +3 -1
  152. data/lib/puppet/ssl/verifier.rb +2 -0
  153. data/lib/puppet/test/test_helper.rb +1 -3
  154. data/lib/puppet/transaction.rb +1 -7
  155. data/lib/puppet/transaction/report.rb +2 -4
  156. data/lib/puppet/type.rb +0 -76
  157. data/lib/puppet/type/file.rb +5 -7
  158. data/lib/puppet/type/file/checksum.rb +1 -1
  159. data/lib/puppet/type/file/source.rb +1 -1
  160. data/lib/puppet/type/filebucket.rb +3 -3
  161. data/lib/puppet/type/package.rb +5 -13
  162. data/lib/puppet/util/execution.rb +0 -11
  163. data/lib/puppet/util/http_proxy.rb +2 -215
  164. data/lib/puppet/util/monkey_patches.rb +0 -46
  165. data/lib/puppet/util/rdoc.rb +0 -7
  166. data/lib/puppet/util/retry_action.rb +1 -1
  167. data/lib/puppet/util/rubygems.rb +5 -1
  168. data/lib/puppet/util/run_mode.rb +9 -1
  169. data/lib/puppet/util/windows.rb +3 -8
  170. data/lib/puppet/util/windows/daemon.rb +360 -0
  171. data/lib/puppet/util/windows/error.rb +1 -0
  172. data/lib/puppet/util/windows/eventlog.rb +4 -9
  173. data/lib/puppet/util/windows/file.rb +8 -242
  174. data/lib/puppet/util/windows/monkey_patches/process.rb +414 -0
  175. data/lib/puppet/util/windows/process.rb +4 -226
  176. data/lib/puppet/util/windows/service.rb +9 -460
  177. data/lib/puppet/util/windows/string.rb +12 -13
  178. data/lib/puppet/util/yaml.rb +0 -22
  179. data/lib/puppet/vendor/require_vendored.rb +0 -1
  180. data/lib/puppet/version.rb +1 -1
  181. data/lib/puppet/x509.rb +5 -1
  182. data/lib/puppet/x509/cert_provider.rb +29 -1
  183. data/locales/puppet.pot +531 -1232
  184. data/man/man5/puppet.conf.5 +37 -97
  185. data/man/man8/puppet-agent.8 +1 -1
  186. data/man/man8/puppet-apply.8 +1 -1
  187. data/man/man8/puppet-catalog.8 +1 -1
  188. data/man/man8/puppet-config.8 +1 -1
  189. data/man/man8/puppet-describe.8 +1 -1
  190. data/man/man8/puppet-device.8 +1 -1
  191. data/man/man8/puppet-doc.8 +1 -1
  192. data/man/man8/puppet-epp.8 +1 -1
  193. data/man/man8/puppet-facts.8 +55 -9
  194. data/man/man8/puppet-filebucket.8 +6 -6
  195. data/man/man8/puppet-generate.8 +1 -1
  196. data/man/man8/puppet-help.8 +1 -1
  197. data/man/man8/puppet-lookup.8 +1 -1
  198. data/man/man8/puppet-module.8 +1 -58
  199. data/man/man8/puppet-node.8 +4 -1
  200. data/man/man8/puppet-parser.8 +1 -1
  201. data/man/man8/puppet-plugin.8 +1 -1
  202. data/man/man8/puppet-report.8 +4 -1
  203. data/man/man8/puppet-resource.8 +1 -1
  204. data/man/man8/puppet-script.8 +1 -1
  205. data/man/man8/puppet-ssl.8 +1 -1
  206. data/man/man8/puppet.8 +2 -2
  207. data/spec/fixtures/unit/provider/service/smf/{svcs.out → svcs_instances.out} +0 -0
  208. data/spec/integration/application/agent_spec.rb +24 -11
  209. data/spec/integration/application/apply_spec.rb +1 -1
  210. data/spec/integration/application/filebucket_spec.rb +16 -16
  211. data/spec/integration/application/help_spec.rb +2 -0
  212. data/spec/integration/application/plugin_spec.rb +23 -1
  213. data/spec/integration/defaults_spec.rb +7 -3
  214. data/spec/integration/environments/setting_hooks_spec.rb +1 -1
  215. data/spec/integration/network/http_pool_spec.rb +3 -21
  216. data/spec/integration/parser/catalog_spec.rb +0 -38
  217. data/spec/integration/parser/node_spec.rb +0 -9
  218. data/spec/integration/parser/pcore_resource_spec.rb +0 -37
  219. data/spec/integration/type/file_spec.rb +5 -4
  220. data/spec/integration/util/windows/monkey_patches/process_spec.rb +231 -0
  221. data/spec/integration/util/windows/security_spec.rb +1 -1
  222. data/spec/lib/puppet_spec/puppetserver.rb +1 -1
  223. data/spec/lib/puppet_spec/settings.rb +7 -1
  224. data/spec/spec_helper.rb +2 -0
  225. data/spec/unit/agent_spec.rb +0 -2
  226. data/spec/unit/application/config_spec.rb +224 -4
  227. data/spec/unit/application/facts_spec.rb +35 -0
  228. data/spec/unit/application/filebucket_spec.rb +41 -39
  229. data/spec/unit/application/ssl_spec.rb +2 -2
  230. data/spec/unit/certificate_factory_spec.rb +1 -1
  231. data/spec/unit/configurer/downloader_spec.rb +6 -2
  232. data/spec/unit/configurer/plugin_handler_spec.rb +56 -18
  233. data/spec/unit/configurer_spec.rb +12 -9
  234. data/spec/unit/context/trusted_information_spec.rb +2 -6
  235. data/spec/unit/defaults_spec.rb +77 -28
  236. data/spec/unit/environments_spec.rb +0 -3
  237. data/spec/unit/face/config_spec.rb +27 -32
  238. data/spec/unit/face/facts_spec.rb +4 -0
  239. data/spec/unit/face/plugin_spec.rb +73 -33
  240. data/spec/unit/file_bucket/file_spec.rb +1 -1
  241. data/spec/unit/file_serving/configuration/parser_spec.rb +14 -18
  242. data/spec/unit/file_serving/configuration_spec.rb +6 -12
  243. data/spec/unit/functions/camelcase_spec.rb +1 -1
  244. data/spec/unit/functions/capitalize_spec.rb +1 -1
  245. data/spec/unit/functions/downcase_spec.rb +1 -1
  246. data/spec/unit/functions/inline_epp_spec.rb +26 -1
  247. data/spec/unit/functions/upcase_spec.rb +1 -1
  248. data/spec/unit/http/client_spec.rb +7 -8
  249. data/spec/unit/{network/resolver_spec.rb → http/dns_spec.rb} +3 -3
  250. data/spec/unit/http/external_client_spec.rb +4 -4
  251. data/spec/unit/{network/http → http}/factory_spec.rb +5 -11
  252. data/spec/unit/{network/http/session_spec.rb → http/pool_entry_spec.rb} +3 -3
  253. data/spec/unit/{network/http → http}/pool_spec.rb +12 -17
  254. data/spec/unit/{util/http_proxy_spec.rb → http/proxy_spec.rb} +2 -69
  255. data/spec/unit/http/resolver_spec.rb +13 -13
  256. data/spec/unit/http/service/compiler_spec.rb +49 -62
  257. data/spec/unit/http/service/file_server_spec.rb +3 -3
  258. data/spec/unit/http/service/puppetserver_spec.rb +34 -4
  259. data/spec/unit/http/service_spec.rb +1 -2
  260. data/spec/unit/http/session_spec.rb +16 -14
  261. data/spec/unit/{network/http → http}/site_spec.rb +3 -3
  262. data/spec/unit/indirector/facts/facter_spec.rb +97 -0
  263. data/spec/unit/indirector/facts/json_spec.rb +255 -0
  264. data/spec/unit/indirector/file_bucket_file/file_spec.rb +5 -3
  265. data/spec/unit/indirector/file_content/rest_spec.rb +0 -4
  266. data/spec/unit/indirector/file_metadata/rest_spec.rb +0 -4
  267. data/spec/unit/indirector/file_server_spec.rb +1 -15
  268. data/spec/unit/indirector/node/json_spec.rb +33 -0
  269. data/spec/{integration/indirector/report/yaml.rb → unit/indirector/report/json_spec.rb} +13 -24
  270. data/spec/unit/indirector/report/rest_spec.rb +2 -17
  271. data/spec/unit/indirector/report/yaml_spec.rb +72 -8
  272. data/spec/unit/indirector/request_spec.rb +0 -264
  273. data/spec/unit/indirector/rest_spec.rb +98 -752
  274. data/spec/unit/network/authconfig_spec.rb +2 -132
  275. data/spec/unit/network/authorization_spec.rb +2 -55
  276. data/spec/unit/network/formats_spec.rb +4 -4
  277. data/spec/unit/network/http/api/indirected_routes_spec.rb +1 -97
  278. data/spec/unit/network/http/api/master/v3_spec.rb +28 -7
  279. data/spec/unit/network/http/api_spec.rb +10 -0
  280. data/spec/unit/network/http/connection_spec.rb +19 -41
  281. data/spec/unit/network/http/handler_spec.rb +0 -6
  282. data/spec/unit/network/http_pool_spec.rb +0 -4
  283. data/spec/unit/node/environment_spec.rb +33 -21
  284. data/spec/unit/node_spec.rb +2 -54
  285. data/spec/unit/parser/functions/create_resources_spec.rb +2 -20
  286. data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +4 -7
  287. data/spec/unit/pops/loaders/loaders_spec.rb +6 -21
  288. data/spec/unit/pops/parser/parse_application_spec.rb +4 -22
  289. data/spec/unit/pops/parser/parse_basic_expressions_spec.rb +0 -1
  290. data/spec/unit/pops/parser/parse_capabilities_spec.rb +8 -21
  291. data/spec/unit/pops/parser/parse_site_spec.rb +20 -24
  292. data/spec/unit/pops/resource/resource_type_impl_spec.rb +0 -71
  293. data/spec/unit/pops/serialization/to_from_hr_spec.rb +1 -1
  294. data/spec/unit/pops/types/type_calculator_spec.rb +6 -6
  295. data/spec/unit/pops/types/type_factory_spec.rb +1 -1
  296. data/spec/unit/pops/validator/validator_spec.rb +61 -46
  297. data/spec/unit/pops/visitor_spec.rb +1 -1
  298. data/spec/unit/provider/nameservice_spec.rb +0 -57
  299. data/spec/unit/provider/package/dpkg_spec.rb +0 -48
  300. data/spec/unit/provider/package/gem_spec.rb +32 -0
  301. data/spec/unit/provider/package/puppet_gem_spec.rb +3 -2
  302. data/spec/unit/provider/service/smf_spec.rb +401 -165
  303. data/spec/unit/provider/service/windows_spec.rb +0 -1
  304. data/spec/unit/provider_spec.rb +0 -12
  305. data/spec/unit/puppet_pal_catalog_spec.rb +45 -0
  306. data/spec/unit/resource/type_collection_spec.rb +2 -22
  307. data/spec/unit/resource_spec.rb +0 -56
  308. data/spec/unit/settings/http_extra_headers_spec.rb +2 -4
  309. data/spec/unit/settings/integer_setting_spec.rb +42 -0
  310. data/spec/unit/settings/port_setting_spec.rb +31 -0
  311. data/spec/unit/settings/priority_setting_spec.rb +4 -4
  312. data/spec/unit/settings_spec.rb +423 -236
  313. data/spec/unit/ssl/base_spec.rb +36 -3
  314. data/spec/unit/ssl/certificate_request_spec.rb +15 -45
  315. data/spec/unit/ssl/certificate_spec.rb +2 -11
  316. data/spec/unit/ssl/ssl_provider_spec.rb +11 -8
  317. data/spec/unit/ssl/state_machine_spec.rb +0 -1
  318. data/spec/unit/ssl/verifier_spec.rb +0 -21
  319. data/spec/unit/transaction/report_spec.rb +0 -2
  320. data/spec/unit/transaction/resource_harness_spec.rb +2 -2
  321. data/spec/unit/transaction_spec.rb +45 -79
  322. data/spec/unit/type/file/checksum_spec.rb +6 -6
  323. data/spec/unit/type/file/content_spec.rb +1 -1
  324. data/spec/unit/type/file/ensure_spec.rb +1 -1
  325. data/spec/unit/type/file/mode_spec.rb +1 -1
  326. data/spec/unit/type/file/source_spec.rb +0 -1
  327. data/spec/unit/type/file_spec.rb +12 -6
  328. data/spec/unit/type/package_spec.rb +1 -1
  329. data/spec/unit/type_spec.rb +20 -0
  330. data/spec/unit/util/backups_spec.rb +0 -2
  331. data/spec/unit/util/execution_spec.rb +0 -29
  332. data/spec/unit/util/monkey_patches_spec.rb +0 -6
  333. data/spec/unit/util/rubygems_spec.rb +2 -2
  334. data/spec/unit/util/run_mode_spec.rb +21 -121
  335. data/spec/unit/util/windows/string_spec.rb +1 -3
  336. data/spec/unit/util/yaml_spec.rb +0 -54
  337. data/spec/unit/util_spec.rb +0 -18
  338. metadata +50 -176
  339. data/conf/auth.conf +0 -150
  340. data/lib/puppet/application/cert.rb +0 -76
  341. data/lib/puppet/application/key.rb +0 -4
  342. data/lib/puppet/application/man.rb +0 -4
  343. data/lib/puppet/application/status.rb +0 -4
  344. data/lib/puppet/face/key.rb +0 -16
  345. data/lib/puppet/face/man.rb +0 -145
  346. data/lib/puppet/face/module/build.rb +0 -14
  347. data/lib/puppet/face/module/generate.rb +0 -14
  348. data/lib/puppet/face/module/search.rb +0 -103
  349. data/lib/puppet/face/status.rb +0 -51
  350. data/lib/puppet/indirector/certificate/file.rb +0 -9
  351. data/lib/puppet/indirector/certificate/rest.rb +0 -18
  352. data/lib/puppet/indirector/certificate_request/file.rb +0 -9
  353. data/lib/puppet/indirector/certificate_request/memory.rb +0 -7
  354. data/lib/puppet/indirector/certificate_request/rest.rb +0 -11
  355. data/lib/puppet/indirector/file_content/http.rb +0 -22
  356. data/lib/puppet/indirector/key/file.rb +0 -46
  357. data/lib/puppet/indirector/key/memory.rb +0 -7
  358. data/lib/puppet/indirector/ssl_file.rb +0 -162
  359. data/lib/puppet/indirector/status.rb +0 -3
  360. data/lib/puppet/indirector/status/local.rb +0 -12
  361. data/lib/puppet/indirector/status/rest.rb +0 -27
  362. data/lib/puppet/module_tool/applications/searcher.rb +0 -29
  363. data/lib/puppet/network/auth_config_parser.rb +0 -90
  364. data/lib/puppet/network/authstore.rb +0 -283
  365. data/lib/puppet/network/http/api/master/v3/authorization.rb +0 -18
  366. data/lib/puppet/network/http/api/master/v3/environment.rb +0 -88
  367. data/lib/puppet/network/http/base_pool.rb +0 -36
  368. data/lib/puppet/network/http/compression.rb +0 -127
  369. data/lib/puppet/network/http/connection_adapter.rb +0 -184
  370. data/lib/puppet/network/http/nocache_pool.rb +0 -28
  371. data/lib/puppet/network/rest_controller.rb +0 -2
  372. data/lib/puppet/network/rights.rb +0 -210
  373. data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +0 -66
  374. data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +0 -22
  375. data/lib/puppet/parser/environment_compiler.rb +0 -202
  376. data/lib/puppet/pops/types/enumeration.rb +0 -16
  377. data/lib/puppet/resource/capability_finder.rb +0 -154
  378. data/lib/puppet/rest/errors.rb +0 -15
  379. data/lib/puppet/rest/response.rb +0 -35
  380. data/lib/puppet/rest/route.rb +0 -85
  381. data/lib/puppet/rest/routes.rb +0 -135
  382. data/lib/puppet/ssl/host.rb +0 -505
  383. data/lib/puppet/ssl/key.rb +0 -61
  384. data/lib/puppet/ssl/validator.rb +0 -61
  385. data/lib/puppet/ssl/validator/default_validator.rb +0 -209
  386. data/lib/puppet/ssl/validator/no_validator.rb +0 -22
  387. data/lib/puppet/ssl/verifier_adapter.rb +0 -58
  388. data/lib/puppet/status.rb +0 -40
  389. data/lib/puppet/util/connection.rb +0 -88
  390. data/lib/puppet/util/ssl.rb +0 -83
  391. data/lib/puppet/util/windows/api_types.rb +0 -309
  392. data/lib/puppet/util/windows/monkey_patches/dir.rb +0 -40
  393. data/lib/puppet/vendor/load_pathspec.rb +0 -1
  394. data/lib/puppet/vendor/pathspec/CHANGELOG.md +0 -2
  395. data/lib/puppet/vendor/pathspec/LICENSE +0 -201
  396. data/lib/puppet/vendor/pathspec/PUPPET_README.md +0 -6
  397. data/lib/puppet/vendor/pathspec/README.md +0 -53
  398. data/lib/puppet/vendor/pathspec/lib/pathspec.rb +0 -122
  399. data/lib/puppet/vendor/pathspec/lib/pathspec/gitignorespec.rb +0 -275
  400. data/lib/puppet/vendor/pathspec/lib/pathspec/regexspec.rb +0 -17
  401. data/lib/puppet/vendor/pathspec/lib/pathspec/spec.rb +0 -14
  402. data/man/man8/puppet-key.8 +0 -126
  403. data/man/man8/puppet-man.8 +0 -76
  404. data/man/man8/puppet-status.8 +0 -108
  405. data/spec/integration/application/config_spec.rb +0 -74
  406. data/spec/integration/network/authconfig_spec.rb +0 -256
  407. data/spec/integration/util/windows/monkey_patches/dir_spec.rb +0 -11
  408. data/spec/unit/application/man_spec.rb +0 -52
  409. data/spec/unit/capability_spec.rb +0 -414
  410. data/spec/unit/face/catalog_spec.rb +0 -6
  411. data/spec/unit/face/key_spec.rb +0 -9
  412. data/spec/unit/face/module/search_spec.rb +0 -231
  413. data/spec/unit/face/module_spec.rb +0 -3
  414. data/spec/unit/face/status_spec.rb +0 -9
  415. data/spec/unit/indirector/certificate/file_spec.rb +0 -14
  416. data/spec/unit/indirector/certificate/rest_spec.rb +0 -61
  417. data/spec/unit/indirector/certificate_request/file_spec.rb +0 -14
  418. data/spec/unit/indirector/certificate_request/rest_spec.rb +0 -25
  419. data/spec/unit/indirector/key/file_spec.rb +0 -79
  420. data/spec/unit/indirector/ssl_file_spec.rb +0 -305
  421. data/spec/unit/indirector/status/local_spec.rb +0 -10
  422. data/spec/unit/indirector/status/rest_spec.rb +0 -50
  423. data/spec/unit/module_tool/applications/searcher_spec.rb +0 -38
  424. data/spec/unit/network/auth_config_parser_spec.rb +0 -115
  425. data/spec/unit/network/authstore_spec.rb +0 -422
  426. data/spec/unit/network/http/api/master/v3/authorization_spec.rb +0 -57
  427. data/spec/unit/network/http/api/master/v3/environment_spec.rb +0 -185
  428. data/spec/unit/network/http/compression_spec.rb +0 -240
  429. data/spec/unit/network/http/nocache_pool_spec.rb +0 -64
  430. data/spec/unit/network/http_spec.rb +0 -9
  431. data/spec/unit/network/rights_spec.rb +0 -439
  432. data/spec/unit/parser/environment_compiler_spec.rb +0 -730
  433. data/spec/unit/pops/types/enumeration_spec.rb +0 -51
  434. data/spec/unit/resource/capability_finder_spec.rb +0 -143
  435. data/spec/unit/rest/route_spec.rb +0 -132
  436. data/spec/unit/ssl/host_spec.rb +0 -650
  437. data/spec/unit/ssl/key_spec.rb +0 -173
  438. data/spec/unit/ssl/validator_spec.rb +0 -278
  439. data/spec/unit/status_spec.rb +0 -45
  440. data/spec/unit/util/ssl_spec.rb +0 -91
@@ -5,7 +5,6 @@ module Puppet::ModuleTool
5
5
  require 'puppet/module_tool/applications/application'
6
6
  require 'puppet/module_tool/applications/checksummer'
7
7
  require 'puppet/module_tool/applications/installer'
8
- require 'puppet/module_tool/applications/searcher'
9
8
  require 'puppet/module_tool/applications/unpacker'
10
9
  require 'puppet/module_tool/applications/uninstaller'
11
10
  require 'puppet/module_tool/applications/upgrader'
@@ -1,101 +1,7 @@
1
- require 'puppet/network/rights'
2
- require 'puppet/network/http'
3
-
4
1
  module Puppet
5
- class ConfigurationError < Puppet::Error; end
6
- class Network::DefaultAuthProvider
7
- attr_accessor :rights
8
-
9
- def self.master_url_prefix
10
- Puppet::Network::HTTP::MASTER_URL_PREFIX
11
- end
12
-
13
- def self.default_acl
14
- [
15
- # Master API V3
16
- { :acl => "#{master_url_prefix}/v3/environments", :method => :find, :allow => '*', :authenticated => true },
17
-
18
- { :acl => "~ ^#{master_url_prefix}\/v3\/catalog\/([^\/]+)$", :method => :find, :allow => '$1', :authenticated => true },
19
- { :acl => "~ ^#{master_url_prefix}\/v3\/node\/([^\/]+)$", :method => :find, :allow => '$1', :authenticated => true },
20
- { :acl => "~ ^#{master_url_prefix}\/v3\/report\/([^\/]+)$", :method => :save, :allow => '$1', :authenticated => true },
21
-
22
- # this one will allow all file access, and thus delegate
23
- # to fileserver.conf
24
- { :acl => "#{master_url_prefix}/v3/file" },
25
-
26
- { :acl => "#{master_url_prefix}/v3/status", :method => [:find], :authenticated => true },
27
- ]
28
- end
29
-
30
- # Just proxy the setting methods to our rights stuff
31
- [:allow, :deny].each do |method|
32
- define_method(method) do |*args|
33
- @rights.send(method, *args)
34
- end
35
- end
36
-
37
- # force regular ACLs to be present
38
- def insert_default_acl
39
- self.class.default_acl.each do |acl|
40
- unless rights[acl[:acl]]
41
- Puppet.info _("Inserting default '%{acl}' (auth %{auth}) ACL") % { acl: acl[:acl], auth: acl[:authenticated] }
42
- mk_acl(acl)
43
- end
44
- end
45
- # queue an empty (ie deny all) right for every other path
46
- # actually this is not strictly necessary as the rights system
47
- # denies not explicitly allowed paths
48
- unless rights["/"]
49
- rights.newright("/").restrict_authenticated(:any)
50
- end
51
- end
52
-
53
- def mk_acl(acl)
54
- right = @rights.newright(acl[:acl])
55
- right.allow(acl[:allow] || "*")
56
-
57
- method = acl[:method]
58
- if method
59
- method = [method] unless method.is_a?(Array)
60
- method.each { |m| right.restrict_method(m) }
61
- end
62
- right.restrict_authenticated(acl[:authenticated]) unless acl[:authenticated].nil?
63
- end
64
-
65
- # check whether this request is allowed in our ACL
66
- # raise an Puppet::Network::AuthorizedError if the request
67
- # is denied.
68
- def check_authorization(method, path, params)
69
- authorization_failure_exception = @rights.is_request_forbidden_and_why?(method, path, params)
70
- if authorization_failure_exception
71
- Puppet.warning(_("Denying access: %{authorization_failure_exception}") % { authorization_failure_exception: authorization_failure_exception })
72
- raise authorization_failure_exception
73
- end
74
- end
75
-
76
- def initialize(rights=nil)
77
- @rights = rights || Puppet::Network::Rights.new
78
- insert_default_acl
79
- end
80
- end
81
-
82
2
  class Network::AuthConfig
83
- @@authprovider_class = nil
84
-
85
- def self.authprovider_class=(klass)
86
- @@authprovider_class = klass
87
- end
88
-
89
- def self.authprovider_class
90
- @@authprovider_class || Puppet::Network::DefaultAuthProvider
91
- end
92
-
93
- def initialize(rights=nil)
94
- @authprovider = self.class.authprovider_class.new(rights)
95
- end
96
-
97
- def check_authorization(method, path, params)
98
- @authprovider.check_authorization(method, path, params)
3
+ def self.authprovider_class=(_)
4
+ # legacy auth is not supported, ignore
99
5
  end
100
6
  end
101
7
  end
@@ -1,41 +1,19 @@
1
- require 'puppet/network/client_request'
2
- require 'puppet/network/authconfig'
3
- require 'puppet/network/auth_config_parser'
4
-
5
1
  module Puppet::Network
6
- class AuthConfigLoader
7
- # Create our config object if necessary. If there's no configuration file
8
- # we install our defaults
9
- def self.authconfig
10
- @auth_config_file ||= Puppet::Util::WatchedFile.new(Puppet[:rest_authconfig])
11
- if (not @auth_config) or @auth_config_file.changed?
12
- begin
13
- @auth_config = Puppet::Network::AuthConfigParser.new_from_file(Puppet[:rest_authconfig]).parse
14
- rescue Errno::ENOENT, Errno::ENOTDIR
15
- @auth_config = Puppet::Network::AuthConfig.new
16
- end
17
- end
18
-
19
- @auth_config
20
- end
21
- end
22
-
23
2
  module Authorization
24
- @@authconfigloader_class = nil
25
-
26
- def self.authconfigloader_class=(klass)
27
- @@authconfigloader_class = klass
28
- end
29
-
30
- def authconfig
31
- authconfigloader = @@authconfigloader_class || AuthConfigLoader
32
- authconfigloader.authconfig
33
- end
3
+ class << self
4
+ # This method is deprecated and will be removed in a future release.
5
+ def authconfigloader_class=(klass)
6
+ @authconfigloader_class = klass
7
+ end
34
8
 
35
- # Verify that our client has access.
36
- def check_authorization(method, path, params)
37
- authconfig.check_authorization(method, path, params)
9
+ # Verify something external to puppet is authorizing REST requests, so
10
+ # we don't fail insecurely due to misconfiguration.
11
+ def check_external_authorization(method, path)
12
+ if @authconfigloader_class.nil?
13
+ message = "Forbidden request: #{path} (method #{method})"
14
+ raise Puppet::Network::HTTP::Error::HTTPNotAuthorizedError.new(message, Puppet::Network::HTTP::Issues::FAILED_AUTHORIZATION)
15
+ end
16
+ end
38
17
  end
39
18
  end
40
19
  end
41
-
@@ -255,7 +255,8 @@ Puppet::Network::FormatHandler.create_serialized_formats(:rich_data_msgpack, mim
255
255
  end
256
256
 
257
257
  def supported?(klass)
258
- klass == Puppet::Resource::Catalog &&
258
+ suitable? &&
259
+ klass == Puppet::Resource::Catalog &&
259
260
  Puppet.lookup(:current_environment).rich_data?
260
261
  end
261
262
  end
@@ -1,3 +1,4 @@
1
+ # This module is used to handle puppet REST requests in puppetserver.
1
2
  module Puppet::Network::HTTP
2
3
  HEADER_ENABLE_PROFILING = "X-Puppet-Profiling"
3
4
  HEADER_PUPPET_VERSION = "X-Puppet-Version"
@@ -8,7 +9,9 @@ module Puppet::Network::HTTP
8
9
  CA_URL_PREFIX = "/puppet-ca"
9
10
  CA_URL_VERSIONS = "v1"
10
11
 
12
+ require 'puppet/network/authconfig'
11
13
  require 'puppet/network/authorization'
14
+
12
15
  require 'puppet/network/http/issues'
13
16
  require 'puppet/network/http/error'
14
17
  require 'puppet/network/http/route'
@@ -19,7 +22,4 @@ module Puppet::Network::HTTP
19
22
  require 'puppet/network/http/response'
20
23
  require 'puppet/network/http/request'
21
24
  require 'puppet/network/http/memory_response'
22
- require 'puppet/network/http/compression'
23
-
24
- require 'puppet/http'
25
25
  end
@@ -1,8 +1,6 @@
1
- require 'puppet/network/authorization'
2
1
  require 'puppet/network/http/api/indirection_type'
3
2
 
4
3
  class Puppet::Network::HTTP::API::IndirectedRoutes
5
- include Puppet::Network::Authorization
6
4
 
7
5
  # How we map http methods and the indirection name in the URI
8
6
  # to an indirection method.
@@ -31,7 +29,8 @@ class Puppet::Network::HTTP::API::IndirectedRoutes
31
29
  Puppet::Network::HTTP::Route.path(/.*/).any(new)
32
30
  end
33
31
 
34
- # handle an HTTP request
32
+ # Handle an HTTP request. The request has already been authenticated prior
33
+ # to calling this method.
35
34
  def call(request, response)
36
35
  indirection, method, key, params = uri2indirection(request.method, request.path, request.params)
37
36
  certificate = request.client_cert
@@ -99,12 +98,6 @@ class Puppet::Network::HTTP::API::IndirectedRoutes
99
98
  params[:environment] = configured_environment
100
99
  end
101
100
 
102
- begin
103
- check_authorization(method, "#{url_prefix}/#{indirection_name}/#{key}", params)
104
- rescue Puppet::Network::AuthorizationError => e
105
- raise Puppet::Network::HTTP::Error::HTTPNotAuthorizedError.new(e.message)
106
- end
107
-
108
101
  if configured_environment.nil?
109
102
  raise Puppet::Network::HTTP::Error::HTTPNotFoundError.new(
110
103
  _("Could not find environment '%{environment}'") % { environment: environment })
@@ -120,17 +113,6 @@ class Puppet::Network::HTTP::API::IndirectedRoutes
120
113
  [indirection, method, key, params]
121
114
  end
122
115
 
123
- def self.request_to_uri(request)
124
- uri, body = request_to_uri_and_body(request)
125
- "#{uri}?#{body}"
126
- end
127
-
128
- def self.request_to_uri_and_body(request)
129
- url_prefix = IndirectionType.url_prefix_for(request.indirection_name.to_s)
130
- indirection = request.method == :search ? pluralize(request.indirection_name.to_s) : request.indirection_name.to_s
131
- ["#{url_prefix}/#{indirection}/#{Puppet::Util.uri_encode(request.key)}", "environment=#{request.environment.name}&#{request.query_string}"]
132
- end
133
-
134
116
  private
135
117
 
136
118
  # Execute our find.
@@ -1,28 +1,26 @@
1
1
  class Puppet::Network::HTTP::API::Master::V3
2
- require 'puppet/network/http/api/master/v3/authorization'
3
2
  require 'puppet/network/http/api/master/v3/environments'
4
- require 'puppet/network/http/api/master/v3/environment'
5
3
  require 'puppet/network/http/api/indirected_routes'
6
4
 
7
- AUTHZ = Authorization.new
5
+ def self.wrap(&block)
6
+ lambda do |request, response|
7
+ Puppet::Network::Authorization.check_external_authorization(request.method, request.path)
8
+
9
+ block.call.call(request, response)
10
+ end
11
+ end
8
12
 
9
13
  INDIRECTED = Puppet::Network::HTTP::Route.
10
14
  path(/.*/).
11
- any(Puppet::Network::HTTP::API::IndirectedRoutes.new)
15
+ any(wrap { Puppet::Network::HTTP::API::IndirectedRoutes.new } )
12
16
 
13
17
  ENVIRONMENTS = Puppet::Network::HTTP::Route.
14
- path(%r{^/environments$}).get(AUTHZ.wrap do
15
- Environments.new(Puppet.lookup(:environments))
16
- end)
17
-
18
- ENVIRONMENT = Puppet::Network::HTTP::Route.
19
- path(%r{^/environment/[^/]+$}).get(AUTHZ.wrap do
20
- Environment.new
21
- end)
18
+ path(%r{^/environments$}).
19
+ get(wrap { Environments.new(Puppet.lookup(:environments)) } )
22
20
 
23
21
  def self.routes
24
22
  Puppet::Network::HTTP::Route.path(%r{v3}).
25
23
  any.
26
- chain(ENVIRONMENTS, ENVIRONMENT, INDIRECTED)
24
+ chain(ENVIRONMENTS, INDIRECTED)
27
25
  end
28
26
  end
@@ -1,355 +1,286 @@
1
- require 'puppet/ssl/openssl_loader'
2
- require 'puppet/ssl/host'
3
- require 'puppet/ssl/validator'
4
- require 'puppet/network/http'
5
- require 'uri'
6
- require 'date'
7
- require 'time'
8
-
9
- module Puppet::Network::HTTP
10
-
11
- # This will be raised if too many redirects happen for a given HTTP request
12
- class RedirectionLimitExceededException < Puppet::Error ; end
13
-
14
- # This class provides simple methods for issuing various types of HTTP
15
- # requests. It's interface is intended to mirror Ruby's Net::HTTP
16
- # object, but it provides a few important bits of additional
17
- # functionality. Notably:
1
+ require 'puppet/http'
2
+
3
+ # This will be raised if too many redirects happen for a given HTTP request
4
+ class Puppet::Network::HTTP::RedirectionLimitExceededException < Puppet::Error ; end
5
+
6
+ # This class provides simple methods for issuing various types of HTTP
7
+ # requests. It's interface is intended to mirror Ruby's Net::HTTP
8
+ # object, but it provides a few important bits of additional
9
+ # functionality. Notably:
10
+ #
11
+ # * Any HTTPS requests made using this class will use Puppet's SSL
12
+ # certificate configuration for their authentication, and
13
+ # * Provides some useful error handling for any SSL errors that occur
14
+ # during a request.
15
+ #
16
+ # @deprecated Use {Puppet.runtime[:http]}
17
+ # @api public
18
+ class Puppet::Network::HTTP::Connection
19
+ include Puppet::HTTP::ResponseConverter
20
+
21
+ OPTION_DEFAULTS = {
22
+ :use_ssl => true,
23
+ :verifier => nil,
24
+ :redirect_limit => 10,
25
+ }
26
+
27
+ # Creates a new HTTP client connection to `host`:`port`.
28
+ # @param host [String] the host to which this client will connect to
29
+ # @param port [Integer] the port to which this client will connect to
30
+ # @param options [Hash] options influencing the properties of the created
31
+ # connection,
32
+ # @option options [Boolean] :use_ssl true to connect with SSL, false
33
+ # otherwise, defaults to true
34
+ # @option options [Puppet::SSL::Verifier] :verifier An object that will configure
35
+ # any verification to do on the connection
36
+ # @option options [Integer] :redirect_limit the number of allowed
37
+ # redirections, defaults to 10 passing any other option in the options
38
+ # hash results in a Puppet::Error exception
18
39
  #
19
- # * Any HTTPS requests made using this class will use Puppet's SSL
20
- # certificate configuration for their authentication, and
21
- # * Provides some useful error handling for any SSL errors that occur
22
- # during a request.
23
- # @api public
24
- class Connection
25
-
26
- OPTION_DEFAULTS = {
27
- :use_ssl => true,
28
- :verify => nil, # Puppet::SSL::Validator is deprecated
29
- :verifier => nil,
30
- :redirect_limit => 10,
31
- }
32
-
33
- # Creates a new HTTP client connection to `host`:`port`.
34
- # @param host [String] the host to which this client will connect to
35
- # @param port [Integer] the port to which this client will connect to
36
- # @param options [Hash] options influencing the properties of the created
37
- # connection,
38
- # @option options [Boolean] :use_ssl true to connect with SSL, false
39
- # otherwise, defaults to true
40
- # @option options [#setup_connection] :verify An object that will configure
41
- # any verification to do on the connection
42
- # @option options [Integer] :redirect_limit the number of allowed
43
- # redirections, defaults to 10 passing any other option in the options
44
- # hash results in a Puppet::Error exception
45
- #
46
- # @note the HTTP connection itself happens lazily only when {#request}, or
47
- # one of the {#get}, {#post}, {#delete}, {#head} or {#put} is called
48
- # @note The correct way to obtain a connection is to use one of the factory
49
- # methods on {Puppet::Network::HttpPool}
50
- # @api private
51
- def initialize(host, port, options = {})
52
- @host = host
53
- @port = port
54
-
55
- unknown_options = options.keys - OPTION_DEFAULTS.keys
56
- raise Puppet::Error, _("Unrecognized option(s): %{opts}") % { opts: unknown_options.map(&:inspect).sort.join(', ') } unless unknown_options.empty?
57
-
58
- options = OPTION_DEFAULTS.merge(options)
59
- @use_ssl = options[:use_ssl]
60
- if @use_ssl
61
- if options[:verifier]
62
- unless options[:verifier].is_a?(Puppet::SSL::Verifier)
63
- raise ArgumentError, _("Expected an instance of Puppet::SSL::Verifier but was passed a %{klass}") % { klass: options[:verifier].class }
64
- end
65
-
66
- @verifier = options[:verifier]
67
- else
68
- @verifier = Puppet::SSL::VerifierAdapter.new(options[:verify])
69
- end
40
+ # @note the HTTP connection itself happens lazily only when {#request}, or
41
+ # one of the {#get}, {#post}, {#delete}, {#head} or {#put} is called
42
+ # @note The correct way to obtain a connection is to use one of the factory
43
+ # methods on {Puppet::Network::HttpPool}
44
+ # @api private
45
+ def initialize(host, port, options = {})
46
+ unknown_options = options.keys - OPTION_DEFAULTS.keys
47
+ raise Puppet::Error, _("Unrecognized option(s): %{opts}") % { opts: unknown_options.map(&:inspect).sort.join(', ') } unless unknown_options.empty?
48
+
49
+ options = OPTION_DEFAULTS.merge(options)
50
+ @use_ssl = options[:use_ssl]
51
+ if @use_ssl
52
+ unless options[:verifier].is_a?(Puppet::SSL::Verifier)
53
+ raise ArgumentError, _("Expected an instance of Puppet::SSL::Verifier but was passed a %{klass}") % { klass: options[:verifier].class }
70
54
  end
71
- @redirect_limit = options[:redirect_limit]
72
- @site = Puppet::Network::HTTP::Site.new(@use_ssl ? 'https' : 'http', host, port)
73
- @pool = Puppet.lookup(:http_pool)
74
- end
75
55
 
76
- # @!macro [new] common_options
77
- # @param options [Hash] options influencing the request made. Any
78
- # options not recognized by this class will be ignored - no error will
79
- # be thrown.
80
- # @option options [Hash{Symbol => String}] :basic_auth The basic auth
81
- # :username and :password to use for the request, :metric_id Ignored
82
- # by this class - used by Puppet Server only. The metric id by which
83
- # to track metrics on requests.
84
-
85
- # @param path [String]
86
- # @param headers [Hash{String => String}]
87
- # @!macro common_options
88
- # @api public
89
- def get(path, headers = {}, options = {})
90
- do_request(Net::HTTP::Get.new(path, headers), options)
56
+ @verifier = options[:verifier]
91
57
  end
58
+ @redirect_limit = options[:redirect_limit]
59
+ @site = Puppet::HTTP::Site.new(@use_ssl ? 'https' : 'http', host, port)
60
+ @client = Puppet.runtime[:http]
61
+ end
92
62
 
93
- # @param path [String]
94
- # @param data [String]
95
- # @param headers [Hash{String => String}]
96
- # @!macro common_options
97
- # @api public
98
- def post(path, data, headers = nil, options = {})
99
- request = Net::HTTP::Post.new(path, headers)
100
- request.body = data
101
- do_request(request, options)
102
- end
63
+ # The address to connect to.
64
+ def address
65
+ @site.host
66
+ end
103
67
 
104
- # @param path [String]
105
- # @param headers [Hash{String => String}]
106
- # @!macro common_options
107
- # @api public
108
- def head(path, headers = {}, options = {})
109
- do_request(Net::HTTP::Head.new(path, headers), options)
110
- end
68
+ # The port to connect to.
69
+ def port
70
+ @site.port
71
+ end
111
72
 
112
- # @param path [String]
113
- # @param headers [Hash{String => String}]
114
- # @!macro common_options
115
- # @api public
116
- def delete(path, headers = {'Depth' => 'Infinity'}, options = {})
117
- do_request(Net::HTTP::Delete.new(path, headers), options)
118
- end
73
+ # Whether to use ssl
74
+ def use_ssl?
75
+ @site.use_ssl?
76
+ end
119
77
 
120
- # @param path [String]
121
- # @param data [String]
122
- # @param headers [Hash{String => String}]
123
- # @!macro common_options
124
- # @api public
125
- def put(path, data, headers = nil, options = {})
126
- request = Net::HTTP::Put.new(path, headers)
127
- request.body = data
128
- do_request(request, options)
129
- end
78
+ # @api private
79
+ def verifier
80
+ @verifier
81
+ end
130
82
 
131
- def request(method, *args)
132
- self.send(method, *args)
133
- end
83
+ # @!macro [new] common_options
84
+ # @param options [Hash] options influencing the request made. Any
85
+ # options not recognized by this class will be ignored - no error will
86
+ # be thrown.
87
+ # @option options [Hash{Symbol => String}] :basic_auth The basic auth
88
+ # :username and :password to use for the request, :metric_id Ignored
89
+ # by this class - used by Puppet Server only. The metric id by which
90
+ # to track metrics on requests.
91
+
92
+ # @param path [String]
93
+ # @param headers [Hash{String => String}]
94
+ # @!macro common_options
95
+ # @api public
96
+ def get(path, headers = {}, options = {})
97
+ headers ||= {}
98
+ options[:ssl_context] ||= resolve_ssl_context
99
+ options[:redirect_limit] ||= @redirect_limit
134
100
 
135
- # TODO: These are proxies for the Net::HTTP#request_* methods, which are
136
- # almost the same as the "get", "post", etc. methods that we've ported above,
137
- # but they are able to accept a code block and will yield to it, which is
138
- # necessary to stream responses, e.g. file content. For now
139
- # we're not funneling these proxy implementations through our #request
140
- # method above, so they will not inherit the same error handling. In the
141
- # future we may want to refactor these so that they are funneled through
142
- # that method and do inherit the error handling.
143
- def request_get(*args, &block)
144
- with_connection(@site) do |http|
145
- resp = http.request_get(*args, &block)
146
- Puppet.debug("HTTP GET #{@site}#{args.first.split('?').first} returned #{resp.code} #{resp.message}")
147
- resp
148
- end
101
+ with_error_handling do
102
+ to_ruby_response(@client.get(to_url(path), headers: headers, options: options))
149
103
  end
104
+ end
150
105
 
151
- def request_head(*args, &block)
152
- with_connection(@site) do |http|
153
- resp = http.request_head(*args, &block)
154
- Puppet.debug("HTTP HEAD #{@site}#{args.first.split('?').first} returned #{resp.code} #{resp.message}")
155
- resp
156
- end
106
+ # @param path [String]
107
+ # @param data [String]
108
+ # @param headers [Hash{String => String}]
109
+ # @!macro common_options
110
+ # @api public
111
+ def post(path, data, headers = nil, options = {})
112
+ headers ||= {}
113
+ headers['Content-Type'] ||= "application/x-www-form-urlencoded"
114
+ data ||= ''
115
+ options[:ssl_context] ||= resolve_ssl_context
116
+ options[:redirect_limit] ||= @redirect_limit
117
+
118
+ with_error_handling do
119
+ to_ruby_response(@client.post(to_url(path), data, headers: headers, options: options))
157
120
  end
121
+ end
158
122
 
159
- def request_post(*args, &block)
160
- with_connection(@site) do |http|
161
- resp = http.request_post(*args, &block)
162
- Puppet.debug("HTTP POST #{@site}#{args.first.split('?').first} returned #{resp.code} #{resp.message}")
163
- resp
164
- end
165
- end
166
- # end of Net::HTTP#request_* proxies
123
+ # @param path [String]
124
+ # @param headers [Hash{String => String}]
125
+ # @!macro common_options
126
+ # @api public
127
+ def head(path, headers = {}, options = {})
128
+ headers ||= {}
129
+ options[:ssl_context] ||= resolve_ssl_context
130
+ options[:redirect_limit] ||= @redirect_limit
167
131
 
168
- # The address to connect to.
169
- def address
170
- @site.host
132
+ with_error_handling do
133
+ to_ruby_response(@client.head(to_url(path), headers: headers, options: options))
171
134
  end
135
+ end
172
136
 
173
- # The port to connect to.
174
- def port
175
- @site.port
176
- end
137
+ # @param path [String]
138
+ # @param headers [Hash{String => String}]
139
+ # @!macro common_options
140
+ # @api public
141
+ def delete(path, headers = {'Depth' => 'Infinity'}, options = {})
142
+ headers ||= {}
143
+ options[:ssl_context] ||= resolve_ssl_context
144
+ options[:redirect_limit] ||= @redirect_limit
177
145
 
178
- # Whether to use ssl
179
- def use_ssl?
180
- @site.use_ssl?
146
+ with_error_handling do
147
+ to_ruby_response(@client.delete(to_url(path), headers: headers, options: options))
181
148
  end
149
+ end
182
150
 
183
- # @api private
184
- def verifier
185
- @verifier
151
+ # @param path [String]
152
+ # @param data [String]
153
+ # @param headers [Hash{String => String}]
154
+ # @!macro common_options
155
+ # @api public
156
+ def put(path, data, headers = nil, options = {})
157
+ headers ||= {}
158
+ headers['Content-Type'] ||= "application/x-www-form-urlencoded"
159
+ data ||= ''
160
+ options[:ssl_context] ||= resolve_ssl_context
161
+ options[:redirect_limit] ||= @redirect_limit
162
+
163
+ with_error_handling do
164
+ to_ruby_response(@client.put(to_url(path), data, headers: headers, options: options))
186
165
  end
166
+ end
187
167
 
188
- private
189
-
190
- def do_request(request, options)
191
- current_request = request
192
- current_site = @site
193
- response = nil
194
-
195
- 0.upto(@redirect_limit) do |redirection|
196
- return response if response
197
-
198
- with_connection(current_site) do |connection|
199
- apply_options_to(current_request, options)
200
-
201
- current_response = execute_request(connection, current_request)
202
-
203
- case current_response.code.to_i
204
- when 301, 302, 307
205
- # handle redirection
206
- location = URI.parse(current_response['location'])
207
- current_site = current_site.move_to(location)
208
-
209
- # update to the current request path
210
- current_request = current_request.class.new(location.path)
211
- current_request.body = request.body
212
- request.each do |header, value|
213
- current_request[header] = value
214
- end
215
- when 429, 503
216
- if connection.started?
217
- Puppet.debug("Closing connection for #{current_site}")
218
- connection.finish
219
- end
220
- response = handle_retry_after(current_response)
221
- else
222
- response = current_response
223
- end
224
- end
225
-
226
- # and try again...
227
- end
168
+ def request_get(*args, &block)
169
+ path, headers = *args
170
+ headers ||= {}
171
+ options = {
172
+ ssl_context: resolve_ssl_context,
173
+ redirect_limit: @redirect_limit
174
+ }
228
175
 
229
- raise RedirectionLimitExceededException, _("Too many HTTP redirections for %{host}:%{port}") % { host: @host, port: @port }
176
+ ruby_response = nil
177
+ @client.get(to_url(path), headers: headers, options: options) do |response|
178
+ ruby_response = to_ruby_response(response)
179
+ yield ruby_response if block_given?
230
180
  end
181
+ ruby_response
182
+ end
231
183
 
232
- # Handles the Retry-After header of a HTTPResponse
233
- #
234
- # This method checks the response for a Retry-After header and handles
235
- # it by sleeping for the indicated number of seconds. The response is
236
- # returned unmodified if no Retry-After header is present.
237
- #
238
- # @param response [Net::HTTPResponse] A response received from the
239
- # HTTP client.
240
- #
241
- # @return [nil] Sleeps and returns nil if the response contained a
242
- # Retry-After header that indicated the request should be retried.
243
- # @return [Net::HTTPResponse] Returns the `response` unmodified if
244
- # no Retry-After header was present or the Retry-After header could
245
- # not be parsed as an integer or RFC 2822 date.
246
- def handle_retry_after(response)
247
- retry_after = response['Retry-After']
248
- return response if retry_after.nil?
249
-
250
- retry_sleep = parse_retry_after_header(retry_after)
251
- # Recover remote hostname if Net::HTTPResponse was generated by a
252
- # method that fills in the uri attribute.
253
- #
254
- server_hostname = if response.uri.is_a?(URI)
255
- response.uri.host
256
- else
257
- # TRANSLATORS: Used in the phrase:
258
- # "Received a response from the remote server."
259
- _('the remote server')
260
- end
261
-
262
- if retry_sleep.nil?
263
- Puppet.err(_('Received a %{status_code} response from %{server_hostname}, but the Retry-After header value of "%{retry_after}" could not be converted to an integer or RFC 2822 date.') %
264
- {status_code: response.code,
265
- server_hostname: server_hostname,
266
- retry_after: retry_after.inspect})
267
-
268
- return response
269
- end
270
-
271
- # Cap maximum sleep at the run interval of the Puppet agent.
272
- retry_sleep = [retry_sleep, Puppet[:runinterval]].min
184
+ def request_head(*args, &block)
185
+ path, headers = *args
186
+ headers ||= {}
187
+ options = {
188
+ ssl_context: resolve_ssl_context,
189
+ redirect_limit: @redirect_limit
190
+ }
273
191
 
274
- Puppet.warning(_('Received a %{status_code} response from %{server_hostname}. Sleeping for %{retry_sleep} seconds before retrying the request.') %
275
- {status_code: response.code,
276
- server_hostname: server_hostname,
277
- retry_sleep: retry_sleep})
192
+ response = @client.head(to_url(path), headers: headers, options: options)
193
+ ruby_response = to_ruby_response(response)
194
+ yield ruby_response if block_given?
195
+ ruby_response
196
+ end
278
197
 
279
- ::Kernel.sleep(retry_sleep)
198
+ def request_post(*args, &block)
199
+ path, data, headers = *args
200
+ headers ||= {}
201
+ headers['Content-Type'] ||= "application/x-www-form-urlencoded"
202
+ options = {
203
+ ssl_context: resolve_ssl_context,
204
+ redirect_limit: @redirect_limit
205
+ }
280
206
 
281
- return nil
207
+ ruby_response = nil
208
+ @client.post(to_url(path), data, headers: headers, options: options) do |response|
209
+ ruby_response = to_ruby_response(response)
210
+ yield ruby_response if block_given?
282
211
  end
212
+ ruby_response
213
+ end
283
214
 
284
- # Parse the value of a Retry-After header
285
- #
286
- # Parses a string containing an Integer or RFC 2822 datestamp and returns
287
- # an integer number of seconds before a request can be retried.
288
- #
289
- # @param header_value [String] The value of the Retry-After header.
290
- #
291
- # @return [Integer] Number of seconds to wait before retrying the
292
- # request. Will be equal to 0 for the case of date that has already
293
- # passed.
294
- # @return [nil] Returns `nil` when the `header_value` can't be
295
- # parsed as an Integer or RFC 2822 date.
296
- def parse_retry_after_header(header_value)
297
- retry_after = begin
298
- Integer(header_value)
299
- rescue TypeError, ArgumentError
300
- begin
301
- DateTime.rfc2822(header_value)
302
- rescue ArgumentError
303
- return nil
304
- end
305
- end
306
-
307
- case retry_after
308
- when Integer
309
- retry_after
310
- when DateTime
311
- sleep = (retry_after.to_time - DateTime.now.to_time).to_i
312
- (sleep > 0) ? sleep : 0
313
- end
215
+ private
216
+
217
+ # Resolve the ssl_context based on the verifier associated with this
218
+ # connection or load the available set of certs and key on disk.
219
+ # Don't try to bootstrap the agent, as we only want that to be triggered
220
+ # when running `puppet ssl` or `puppet agent`.
221
+ def resolve_ssl_context
222
+ # don't need an ssl context for http connections
223
+ return nil unless @site.use_ssl?
224
+
225
+ # if our verifier has an ssl_context, use that
226
+ ctx = @verifier.ssl_context
227
+ return ctx if ctx
228
+
229
+ # load available certs
230
+ cert = Puppet::X509::CertProvider.new
231
+ ssl = Puppet::SSL::SSLProvider.new
232
+ begin
233
+ password = cert.load_private_key_password
234
+ ssl.load_context(certname: Puppet[:certname], password: password)
235
+ rescue Puppet::SSL::SSLError => e
236
+ Puppet.log_exception(e)
237
+
238
+ # if we don't have cacerts, then create a root context that doesn't
239
+ # trust anything. The old code used to fallback to VERIFY_NONE,
240
+ # which we don't want to emulate.
241
+ ssl.create_root_context(cacerts: [])
314
242
  end
243
+ end
315
244
 
316
- def apply_options_to(request, options)
317
- request["User-Agent"] = Puppet[:http_user_agent]
318
-
319
- if options[:basic_auth]
320
- request.basic_auth(options[:basic_auth][:user], options[:basic_auth][:password])
321
- end
245
+ def to_url(path)
246
+ if path =~ /^https?:\/\//
247
+ # The old Connection class accepts a URL as the request path, and sends
248
+ # it in "absolute-form" in the request line, e.g. GET https://puppet:8140/.
249
+ # See https://httpwg.org/specs/rfc7230.html#absolute-form. It just so happens
250
+ # to work because HTTP 1.1 servers are required to accept absolute-form even
251
+ # though clients are only supposed to send them to proxies, so the proxy knows
252
+ # what upstream server to CONNECT to. This method creates a URL using the
253
+ # scheme/host/port that the connection was created with, and appends the path
254
+ # and query portions of the absolute-form. The resulting request will use "origin-form"
255
+ # as it should have done all along.
256
+ abs_form = URI(path)
257
+ url = URI("#{@site.addr}/#{normalize_path(abs_form.path)}")
258
+ url.query = abs_form.query if abs_form.query
259
+ url
260
+ else
261
+ URI("#{@site.addr}/#{normalize_path(path)}")
322
262
  end
263
+ end
323
264
 
324
- def execute_request(connection, request)
325
- start = Time.now
326
- resp = connection.request(request)
327
- Puppet.debug("HTTP #{request.method.upcase} #{@site}#{request.path.split('?').first} returned #{resp.code} #{resp.message}")
328
- resp
329
- rescue => exception
330
- elapsed = (Time.now - start).to_f.round(3)
331
- uri = [@site.addr, request.path.split('?')[0]].join('/')
332
-
333
- case exception
334
- when EOFError
335
- Puppet.log_exception(exception, _('request %{uri} interrupted after %{elapsed} seconds') % {uri: uri, elapsed: elapsed})
336
- when Timeout::Error
337
- Puppet.log_exception(exception, _('request %{uri} timed out after %{elapsed} seconds') % {uri: uri, elapsed: elapsed})
338
- else
339
- Puppet.log_exception(exception, _('request %{uri} failed: %{msg}') % {uri: uri, msg: exception.message})
340
- end
341
-
342
- raise exception
265
+ def normalize_path(path)
266
+ if path[0] == '/'
267
+ path[1..-1]
268
+ else
269
+ path
343
270
  end
271
+ end
344
272
 
345
- def with_connection(site, &block)
346
- Puppet.deprecation_warning(_('Puppet::Network::HTTP::Connection is deprecated. Please use Puppet::Network::HTTP::ConnectionAdapter instead.'))
347
-
348
- response = nil
349
- @pool.with_connection(site, @verifier) do |conn|
350
- response = yield conn
351
- end
352
- response
273
+ def with_error_handling(&block)
274
+ yield
275
+ rescue Puppet::HTTP::TooManyRedirects => e
276
+ raise Puppet::Network::HTTP::RedirectionLimitExceededException.new(_("Too many HTTP redirections for %{host}:%{port}") % { host: @host, port: @port }, e)
277
+ rescue Puppet::HTTP::HTTPError => e
278
+ Puppet.log_exception(e, e.message)
279
+ case e.cause
280
+ when Net::OpenTimeout, Net::ReadTimeout, Net::HTTPError, EOFError
281
+ raise e.cause
282
+ else
283
+ raise e
353
284
  end
354
285
  end
355
286
  end