puppet 6.19.1-universal-darwin → 7.0.0-universal-darwin
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Gemfile +1 -1
- data/Gemfile.lock +19 -20
- data/README.md +1 -1
- data/conf/fileserver.conf +5 -10
- data/ext/build_defaults.yaml +1 -1
- data/ext/osx/file_mapping.yaml +0 -5
- data/ext/project_data.yaml +1 -14
- data/ext/redhat/puppet.spec.erb +0 -1
- data/ext/windows/service/daemon.rb +6 -5
- data/install.rb +21 -17
- data/lib/puppet.rb +11 -20
- data/lib/puppet/application.rb +172 -98
- data/lib/puppet/application/device.rb +100 -104
- data/lib/puppet/application/filebucket.rb +15 -11
- data/lib/puppet/application/ssl.rb +1 -1
- data/lib/puppet/configurer.rb +28 -33
- data/lib/puppet/configurer/plugin_handler.rb +21 -19
- data/lib/puppet/defaults.rb +95 -159
- data/lib/puppet/environments.rb +10 -25
- data/lib/puppet/face/config.rb +10 -0
- data/lib/puppet/face/epp.rb +12 -2
- data/lib/puppet/face/facts.rb +66 -6
- data/lib/puppet/face/help.rb +1 -1
- data/lib/puppet/face/plugin.rb +5 -8
- data/lib/puppet/ffi/windows.rb +12 -0
- data/lib/puppet/ffi/windows/api_types.rb +311 -0
- data/lib/puppet/ffi/windows/constants.rb +404 -0
- data/lib/puppet/ffi/windows/functions.rb +628 -0
- data/lib/puppet/ffi/windows/structs.rb +338 -0
- data/lib/puppet/file_serving/configuration.rb +0 -5
- data/lib/puppet/file_serving/configuration/parser.rb +3 -32
- data/lib/puppet/file_serving/http_metadata.rb +1 -1
- data/lib/puppet/file_serving/mount.rb +1 -2
- data/lib/puppet/forge/repository.rb +0 -1
- data/lib/puppet/functions/epp.rb +1 -0
- data/lib/puppet/functions/inline_epp.rb +1 -0
- data/lib/puppet/generate/models/type/type.rb +4 -1
- data/lib/puppet/http.rb +22 -13
- data/lib/puppet/http/client.rb +164 -114
- data/lib/puppet/{network/resolver.rb → http/dns.rb} +2 -2
- data/lib/puppet/http/errors.rb +16 -0
- data/lib/puppet/http/external_client.rb +5 -7
- data/lib/puppet/{network/http → http}/factory.rb +8 -11
- data/lib/puppet/{network/http → http}/pool.rb +61 -26
- data/lib/puppet/{network/http/session.rb → http/pool_entry.rb} +2 -3
- data/lib/puppet/http/proxy.rb +137 -0
- data/lib/puppet/http/redirector.rb +4 -12
- data/lib/puppet/http/resolver.rb +5 -15
- data/lib/puppet/http/resolver/server_list.rb +6 -10
- data/lib/puppet/http/resolver/settings.rb +4 -7
- data/lib/puppet/http/resolver/srv.rb +7 -11
- data/lib/puppet/http/response.rb +36 -54
- data/lib/puppet/http/response_converter.rb +24 -0
- data/lib/puppet/http/response_net_http.rb +42 -0
- data/lib/puppet/http/retry_after_handler.rb +4 -13
- data/lib/puppet/http/service.rb +12 -26
- data/lib/puppet/http/service/ca.rb +11 -22
- data/lib/puppet/http/service/compiler.rb +22 -69
- data/lib/puppet/http/service/file_server.rb +18 -27
- data/lib/puppet/http/service/puppetserver.rb +26 -12
- data/lib/puppet/http/service/report.rb +8 -10
- data/lib/puppet/http/session.rb +11 -20
- data/lib/puppet/{network/http → http}/site.rb +1 -2
- data/lib/puppet/indirector/catalog/rest.rb +2 -4
- data/lib/puppet/indirector/fact_search.rb +60 -0
- data/lib/puppet/indirector/facts/facter.rb +24 -3
- data/lib/puppet/indirector/facts/json.rb +27 -0
- data/lib/puppet/indirector/facts/rest.rb +3 -22
- data/lib/puppet/indirector/facts/yaml.rb +3 -58
- data/lib/puppet/indirector/file_bucket_file/rest.rb +3 -9
- data/lib/puppet/indirector/file_content/rest.rb +2 -6
- data/lib/puppet/indirector/file_metadata/rest.rb +3 -9
- data/lib/puppet/indirector/file_server.rb +1 -8
- data/lib/puppet/indirector/generic_http.rb +0 -11
- data/lib/puppet/indirector/json.rb +5 -1
- data/lib/puppet/indirector/node/json.rb +8 -0
- data/lib/puppet/indirector/node/rest.rb +2 -4
- data/lib/puppet/indirector/report/json.rb +34 -0
- data/lib/puppet/indirector/report/rest.rb +3 -8
- data/lib/puppet/indirector/request.rb +0 -101
- data/lib/puppet/indirector/rest.rb +12 -263
- data/lib/puppet/module_tool/applications.rb +0 -1
- data/lib/puppet/network/authconfig.rb +2 -96
- data/lib/puppet/network/authorization.rb +13 -35
- data/lib/puppet/network/formats.rb +2 -1
- data/lib/puppet/network/http.rb +3 -3
- data/lib/puppet/network/http/api/indirected_routes.rb +2 -20
- data/lib/puppet/network/http/api/master/v3.rb +11 -13
- data/lib/puppet/network/http/connection.rb +247 -316
- data/lib/puppet/network/http/handler.rb +0 -1
- data/lib/puppet/network/http_pool.rb +16 -34
- data/lib/puppet/node.rb +1 -30
- data/lib/puppet/pal/json_catalog_encoder.rb +4 -0
- data/lib/puppet/pal/pal_impl.rb +73 -18
- data/lib/puppet/parser/ast/pops_bridge.rb +0 -38
- data/lib/puppet/parser/compiler.rb +0 -198
- data/lib/puppet/parser/compiler/catalog_validator/relationship_validator.rb +14 -39
- data/lib/puppet/parser/resource.rb +0 -69
- data/lib/puppet/pops/evaluator/evaluator_impl.rb +22 -8
- data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +3 -3
- data/lib/puppet/pops/evaluator/runtime3_support.rb +1 -1
- data/lib/puppet/pops/issues.rb +0 -5
- data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +6 -8
- data/lib/puppet/pops/model/ast.pp +0 -42
- data/lib/puppet/pops/model/ast.rb +0 -290
- data/lib/puppet/pops/model/factory.rb +0 -45
- data/lib/puppet/pops/model/model_label_provider.rb +0 -5
- data/lib/puppet/pops/model/model_tree_dumper.rb +0 -22
- data/lib/puppet/pops/model/pn_transformer.rb +0 -16
- data/lib/puppet/pops/parser/egrammar.ra +0 -56
- data/lib/puppet/pops/parser/eparser.rb +1520 -1712
- data/lib/puppet/pops/parser/lexer2.rb +4 -4
- data/lib/puppet/pops/parser/parser_support.rb +0 -5
- data/lib/puppet/pops/resource/resource_type_impl.rb +2 -24
- data/lib/puppet/pops/types/type_calculator.rb +0 -7
- data/lib/puppet/pops/types/type_parser.rb +0 -4
- data/lib/puppet/pops/types/types.rb +0 -1
- data/lib/puppet/pops/validation/checker4_0.rb +9 -37
- data/lib/puppet/pops/validation/tasks_checker.rb +0 -12
- data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -2
- data/lib/puppet/provider.rb +0 -13
- data/lib/puppet/provider/nameservice.rb +0 -18
- data/lib/puppet/provider/package/dpkg.rb +0 -10
- data/lib/puppet/provider/package/gem.rb +23 -3
- data/lib/puppet/provider/package/pip.rb +0 -1
- data/lib/puppet/provider/package/pkg.rb +0 -4
- data/lib/puppet/provider/package/portage.rb +1 -1
- data/lib/puppet/provider/package/puppet_gem.rb +1 -4
- data/lib/puppet/provider/service/smf.rb +191 -73
- data/lib/puppet/provider/user/directoryservice.rb +0 -10
- data/lib/puppet/reference/configuration.rb +2 -0
- data/lib/puppet/reference/indirection.rb +1 -1
- data/lib/puppet/resource.rb +1 -89
- data/lib/puppet/resource/catalog.rb +1 -14
- data/lib/puppet/resource/type.rb +3 -119
- data/lib/puppet/resource/type_collection.rb +3 -48
- data/lib/puppet/runtime.rb +1 -2
- data/lib/puppet/settings.rb +45 -33
- data/lib/puppet/settings/base_setting.rb +26 -2
- data/lib/puppet/settings/integer_setting.rb +17 -0
- data/lib/puppet/settings/port_setting.rb +15 -0
- data/lib/puppet/settings/priority_setting.rb +5 -4
- data/lib/puppet/ssl.rb +10 -6
- data/lib/puppet/ssl/base.rb +3 -5
- data/lib/puppet/ssl/certificate.rb +0 -6
- data/lib/puppet/ssl/certificate_request.rb +1 -12
- data/lib/puppet/ssl/certificate_signer.rb +6 -0
- data/lib/puppet/ssl/oids.rb +3 -1
- data/lib/puppet/ssl/ssl_provider.rb +17 -0
- data/lib/puppet/ssl/state_machine.rb +3 -1
- data/lib/puppet/ssl/verifier.rb +2 -0
- data/lib/puppet/test/test_helper.rb +1 -3
- data/lib/puppet/transaction.rb +1 -7
- data/lib/puppet/transaction/report.rb +2 -4
- data/lib/puppet/type.rb +0 -76
- data/lib/puppet/type/file.rb +5 -7
- data/lib/puppet/type/file/checksum.rb +1 -1
- data/lib/puppet/type/file/source.rb +1 -1
- data/lib/puppet/type/filebucket.rb +3 -3
- data/lib/puppet/type/package.rb +5 -13
- data/lib/puppet/util/execution.rb +0 -11
- data/lib/puppet/util/http_proxy.rb +2 -215
- data/lib/puppet/util/monkey_patches.rb +0 -46
- data/lib/puppet/util/rdoc.rb +0 -7
- data/lib/puppet/util/retry_action.rb +1 -1
- data/lib/puppet/util/rubygems.rb +5 -1
- data/lib/puppet/util/run_mode.rb +9 -1
- data/lib/puppet/util/windows.rb +3 -8
- data/lib/puppet/util/windows/daemon.rb +360 -0
- data/lib/puppet/util/windows/error.rb +1 -0
- data/lib/puppet/util/windows/eventlog.rb +4 -9
- data/lib/puppet/util/windows/file.rb +8 -242
- data/lib/puppet/util/windows/monkey_patches/process.rb +414 -0
- data/lib/puppet/util/windows/process.rb +4 -226
- data/lib/puppet/util/windows/service.rb +9 -460
- data/lib/puppet/util/windows/string.rb +12 -13
- data/lib/puppet/util/yaml.rb +0 -22
- data/lib/puppet/vendor/require_vendored.rb +0 -1
- data/lib/puppet/version.rb +1 -1
- data/lib/puppet/x509.rb +5 -1
- data/lib/puppet/x509/cert_provider.rb +29 -1
- data/locales/puppet.pot +531 -1232
- data/man/man5/puppet.conf.5 +37 -97
- data/man/man8/puppet-agent.8 +1 -1
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +55 -9
- data/man/man8/puppet-filebucket.8 +6 -6
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-module.8 +1 -58
- data/man/man8/puppet-node.8 +4 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +4 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +1 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/unit/provider/service/smf/{svcs.out → svcs_instances.out} +0 -0
- data/spec/integration/application/agent_spec.rb +24 -11
- data/spec/integration/application/apply_spec.rb +1 -1
- data/spec/integration/application/filebucket_spec.rb +16 -16
- data/spec/integration/application/help_spec.rb +2 -0
- data/spec/integration/application/plugin_spec.rb +23 -1
- data/spec/integration/defaults_spec.rb +7 -3
- data/spec/integration/environments/setting_hooks_spec.rb +1 -1
- data/spec/integration/network/http_pool_spec.rb +3 -21
- data/spec/integration/parser/catalog_spec.rb +0 -38
- data/spec/integration/parser/node_spec.rb +0 -9
- data/spec/integration/parser/pcore_resource_spec.rb +0 -37
- data/spec/integration/type/file_spec.rb +5 -4
- data/spec/integration/util/windows/monkey_patches/process_spec.rb +231 -0
- data/spec/integration/util/windows/security_spec.rb +1 -1
- data/spec/lib/puppet_spec/puppetserver.rb +1 -1
- data/spec/lib/puppet_spec/settings.rb +7 -1
- data/spec/spec_helper.rb +2 -0
- data/spec/unit/agent_spec.rb +0 -2
- data/spec/unit/application/config_spec.rb +224 -4
- data/spec/unit/application/facts_spec.rb +35 -0
- data/spec/unit/application/filebucket_spec.rb +41 -39
- data/spec/unit/application/ssl_spec.rb +2 -2
- data/spec/unit/certificate_factory_spec.rb +1 -1
- data/spec/unit/configurer/downloader_spec.rb +6 -2
- data/spec/unit/configurer/plugin_handler_spec.rb +56 -18
- data/spec/unit/configurer_spec.rb +12 -9
- data/spec/unit/context/trusted_information_spec.rb +2 -6
- data/spec/unit/defaults_spec.rb +77 -28
- data/spec/unit/environments_spec.rb +0 -3
- data/spec/unit/face/config_spec.rb +27 -32
- data/spec/unit/face/facts_spec.rb +4 -0
- data/spec/unit/face/plugin_spec.rb +73 -33
- data/spec/unit/file_bucket/file_spec.rb +1 -1
- data/spec/unit/file_serving/configuration/parser_spec.rb +14 -18
- data/spec/unit/file_serving/configuration_spec.rb +6 -12
- data/spec/unit/functions/camelcase_spec.rb +1 -1
- data/spec/unit/functions/capitalize_spec.rb +1 -1
- data/spec/unit/functions/downcase_spec.rb +1 -1
- data/spec/unit/functions/inline_epp_spec.rb +26 -1
- data/spec/unit/functions/upcase_spec.rb +1 -1
- data/spec/unit/http/client_spec.rb +7 -8
- data/spec/unit/{network/resolver_spec.rb → http/dns_spec.rb} +3 -3
- data/spec/unit/http/external_client_spec.rb +4 -4
- data/spec/unit/{network/http → http}/factory_spec.rb +5 -11
- data/spec/unit/{network/http/session_spec.rb → http/pool_entry_spec.rb} +3 -3
- data/spec/unit/{network/http → http}/pool_spec.rb +12 -17
- data/spec/unit/{util/http_proxy_spec.rb → http/proxy_spec.rb} +2 -69
- data/spec/unit/http/resolver_spec.rb +13 -13
- data/spec/unit/http/service/compiler_spec.rb +49 -62
- data/spec/unit/http/service/file_server_spec.rb +3 -3
- data/spec/unit/http/service/puppetserver_spec.rb +34 -4
- data/spec/unit/http/service_spec.rb +1 -2
- data/spec/unit/http/session_spec.rb +16 -14
- data/spec/unit/{network/http → http}/site_spec.rb +3 -3
- data/spec/unit/indirector/facts/facter_spec.rb +97 -0
- data/spec/unit/indirector/facts/json_spec.rb +255 -0
- data/spec/unit/indirector/file_bucket_file/file_spec.rb +5 -3
- data/spec/unit/indirector/file_content/rest_spec.rb +0 -4
- data/spec/unit/indirector/file_metadata/rest_spec.rb +0 -4
- data/spec/unit/indirector/file_server_spec.rb +1 -15
- data/spec/unit/indirector/node/json_spec.rb +33 -0
- data/spec/{integration/indirector/report/yaml.rb → unit/indirector/report/json_spec.rb} +13 -24
- data/spec/unit/indirector/report/rest_spec.rb +2 -17
- data/spec/unit/indirector/report/yaml_spec.rb +72 -8
- data/spec/unit/indirector/request_spec.rb +0 -264
- data/spec/unit/indirector/rest_spec.rb +98 -752
- data/spec/unit/network/authconfig_spec.rb +2 -132
- data/spec/unit/network/authorization_spec.rb +2 -55
- data/spec/unit/network/formats_spec.rb +4 -4
- data/spec/unit/network/http/api/indirected_routes_spec.rb +1 -97
- data/spec/unit/network/http/api/master/v3_spec.rb +28 -7
- data/spec/unit/network/http/api_spec.rb +10 -0
- data/spec/unit/network/http/connection_spec.rb +19 -41
- data/spec/unit/network/http/handler_spec.rb +0 -6
- data/spec/unit/network/http_pool_spec.rb +0 -4
- data/spec/unit/node/environment_spec.rb +33 -21
- data/spec/unit/node_spec.rb +2 -54
- data/spec/unit/parser/functions/create_resources_spec.rb +2 -20
- data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +4 -7
- data/spec/unit/pops/loaders/loaders_spec.rb +6 -21
- data/spec/unit/pops/parser/parse_application_spec.rb +4 -22
- data/spec/unit/pops/parser/parse_basic_expressions_spec.rb +0 -1
- data/spec/unit/pops/parser/parse_capabilities_spec.rb +8 -21
- data/spec/unit/pops/parser/parse_site_spec.rb +20 -24
- data/spec/unit/pops/resource/resource_type_impl_spec.rb +0 -71
- data/spec/unit/pops/serialization/to_from_hr_spec.rb +1 -1
- data/spec/unit/pops/types/type_calculator_spec.rb +6 -6
- data/spec/unit/pops/types/type_factory_spec.rb +1 -1
- data/spec/unit/pops/validator/validator_spec.rb +61 -46
- data/spec/unit/pops/visitor_spec.rb +1 -1
- data/spec/unit/provider/nameservice_spec.rb +0 -57
- data/spec/unit/provider/package/dpkg_spec.rb +0 -48
- data/spec/unit/provider/package/gem_spec.rb +32 -0
- data/spec/unit/provider/package/puppet_gem_spec.rb +3 -2
- data/spec/unit/provider/service/smf_spec.rb +401 -165
- data/spec/unit/provider/service/windows_spec.rb +0 -1
- data/spec/unit/provider_spec.rb +0 -12
- data/spec/unit/puppet_pal_catalog_spec.rb +45 -0
- data/spec/unit/resource/type_collection_spec.rb +2 -22
- data/spec/unit/resource_spec.rb +0 -56
- data/spec/unit/settings/http_extra_headers_spec.rb +2 -4
- data/spec/unit/settings/integer_setting_spec.rb +42 -0
- data/spec/unit/settings/port_setting_spec.rb +31 -0
- data/spec/unit/settings/priority_setting_spec.rb +4 -4
- data/spec/unit/settings_spec.rb +423 -236
- data/spec/unit/ssl/base_spec.rb +36 -3
- data/spec/unit/ssl/certificate_request_spec.rb +15 -45
- data/spec/unit/ssl/certificate_spec.rb +2 -11
- data/spec/unit/ssl/ssl_provider_spec.rb +11 -8
- data/spec/unit/ssl/state_machine_spec.rb +0 -1
- data/spec/unit/ssl/verifier_spec.rb +0 -21
- data/spec/unit/transaction/report_spec.rb +0 -2
- data/spec/unit/transaction/resource_harness_spec.rb +2 -2
- data/spec/unit/transaction_spec.rb +45 -79
- data/spec/unit/type/file/checksum_spec.rb +6 -6
- data/spec/unit/type/file/content_spec.rb +1 -1
- data/spec/unit/type/file/ensure_spec.rb +1 -1
- data/spec/unit/type/file/mode_spec.rb +1 -1
- data/spec/unit/type/file/source_spec.rb +0 -1
- data/spec/unit/type/file_spec.rb +12 -6
- data/spec/unit/type/package_spec.rb +1 -1
- data/spec/unit/type_spec.rb +20 -0
- data/spec/unit/util/backups_spec.rb +0 -2
- data/spec/unit/util/execution_spec.rb +0 -29
- data/spec/unit/util/monkey_patches_spec.rb +0 -6
- data/spec/unit/util/rubygems_spec.rb +2 -2
- data/spec/unit/util/run_mode_spec.rb +21 -121
- data/spec/unit/util/windows/string_spec.rb +1 -3
- data/spec/unit/util/yaml_spec.rb +0 -54
- data/spec/unit/util_spec.rb +0 -18
- metadata +50 -176
- data/conf/auth.conf +0 -150
- data/lib/puppet/application/cert.rb +0 -76
- data/lib/puppet/application/key.rb +0 -4
- data/lib/puppet/application/man.rb +0 -4
- data/lib/puppet/application/status.rb +0 -4
- data/lib/puppet/face/key.rb +0 -16
- data/lib/puppet/face/man.rb +0 -145
- data/lib/puppet/face/module/build.rb +0 -14
- data/lib/puppet/face/module/generate.rb +0 -14
- data/lib/puppet/face/module/search.rb +0 -103
- data/lib/puppet/face/status.rb +0 -51
- data/lib/puppet/indirector/certificate/file.rb +0 -9
- data/lib/puppet/indirector/certificate/rest.rb +0 -18
- data/lib/puppet/indirector/certificate_request/file.rb +0 -9
- data/lib/puppet/indirector/certificate_request/memory.rb +0 -7
- data/lib/puppet/indirector/certificate_request/rest.rb +0 -11
- data/lib/puppet/indirector/file_content/http.rb +0 -22
- data/lib/puppet/indirector/key/file.rb +0 -46
- data/lib/puppet/indirector/key/memory.rb +0 -7
- data/lib/puppet/indirector/ssl_file.rb +0 -162
- data/lib/puppet/indirector/status.rb +0 -3
- data/lib/puppet/indirector/status/local.rb +0 -12
- data/lib/puppet/indirector/status/rest.rb +0 -27
- data/lib/puppet/module_tool/applications/searcher.rb +0 -29
- data/lib/puppet/network/auth_config_parser.rb +0 -90
- data/lib/puppet/network/authstore.rb +0 -283
- data/lib/puppet/network/http/api/master/v3/authorization.rb +0 -18
- data/lib/puppet/network/http/api/master/v3/environment.rb +0 -88
- data/lib/puppet/network/http/base_pool.rb +0 -36
- data/lib/puppet/network/http/compression.rb +0 -127
- data/lib/puppet/network/http/connection_adapter.rb +0 -184
- data/lib/puppet/network/http/nocache_pool.rb +0 -28
- data/lib/puppet/network/rest_controller.rb +0 -2
- data/lib/puppet/network/rights.rb +0 -210
- data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +0 -66
- data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +0 -22
- data/lib/puppet/parser/environment_compiler.rb +0 -202
- data/lib/puppet/pops/types/enumeration.rb +0 -16
- data/lib/puppet/resource/capability_finder.rb +0 -154
- data/lib/puppet/rest/errors.rb +0 -15
- data/lib/puppet/rest/response.rb +0 -35
- data/lib/puppet/rest/route.rb +0 -85
- data/lib/puppet/rest/routes.rb +0 -135
- data/lib/puppet/ssl/host.rb +0 -505
- data/lib/puppet/ssl/key.rb +0 -61
- data/lib/puppet/ssl/validator.rb +0 -61
- data/lib/puppet/ssl/validator/default_validator.rb +0 -209
- data/lib/puppet/ssl/validator/no_validator.rb +0 -22
- data/lib/puppet/ssl/verifier_adapter.rb +0 -58
- data/lib/puppet/status.rb +0 -40
- data/lib/puppet/util/connection.rb +0 -88
- data/lib/puppet/util/ssl.rb +0 -83
- data/lib/puppet/util/windows/api_types.rb +0 -309
- data/lib/puppet/util/windows/monkey_patches/dir.rb +0 -40
- data/lib/puppet/vendor/load_pathspec.rb +0 -1
- data/lib/puppet/vendor/pathspec/CHANGELOG.md +0 -2
- data/lib/puppet/vendor/pathspec/LICENSE +0 -201
- data/lib/puppet/vendor/pathspec/PUPPET_README.md +0 -6
- data/lib/puppet/vendor/pathspec/README.md +0 -53
- data/lib/puppet/vendor/pathspec/lib/pathspec.rb +0 -122
- data/lib/puppet/vendor/pathspec/lib/pathspec/gitignorespec.rb +0 -275
- data/lib/puppet/vendor/pathspec/lib/pathspec/regexspec.rb +0 -17
- data/lib/puppet/vendor/pathspec/lib/pathspec/spec.rb +0 -14
- data/man/man8/puppet-key.8 +0 -126
- data/man/man8/puppet-man.8 +0 -76
- data/man/man8/puppet-status.8 +0 -108
- data/spec/integration/application/config_spec.rb +0 -74
- data/spec/integration/network/authconfig_spec.rb +0 -256
- data/spec/integration/util/windows/monkey_patches/dir_spec.rb +0 -11
- data/spec/unit/application/man_spec.rb +0 -52
- data/spec/unit/capability_spec.rb +0 -414
- data/spec/unit/face/catalog_spec.rb +0 -6
- data/spec/unit/face/key_spec.rb +0 -9
- data/spec/unit/face/module/search_spec.rb +0 -231
- data/spec/unit/face/module_spec.rb +0 -3
- data/spec/unit/face/status_spec.rb +0 -9
- data/spec/unit/indirector/certificate/file_spec.rb +0 -14
- data/spec/unit/indirector/certificate/rest_spec.rb +0 -61
- data/spec/unit/indirector/certificate_request/file_spec.rb +0 -14
- data/spec/unit/indirector/certificate_request/rest_spec.rb +0 -25
- data/spec/unit/indirector/key/file_spec.rb +0 -79
- data/spec/unit/indirector/ssl_file_spec.rb +0 -305
- data/spec/unit/indirector/status/local_spec.rb +0 -10
- data/spec/unit/indirector/status/rest_spec.rb +0 -50
- data/spec/unit/module_tool/applications/searcher_spec.rb +0 -38
- data/spec/unit/network/auth_config_parser_spec.rb +0 -115
- data/spec/unit/network/authstore_spec.rb +0 -422
- data/spec/unit/network/http/api/master/v3/authorization_spec.rb +0 -57
- data/spec/unit/network/http/api/master/v3/environment_spec.rb +0 -185
- data/spec/unit/network/http/compression_spec.rb +0 -240
- data/spec/unit/network/http/nocache_pool_spec.rb +0 -64
- data/spec/unit/network/http_spec.rb +0 -9
- data/spec/unit/network/rights_spec.rb +0 -439
- data/spec/unit/parser/environment_compiler_spec.rb +0 -730
- data/spec/unit/pops/types/enumeration_spec.rb +0 -51
- data/spec/unit/resource/capability_finder_spec.rb +0 -143
- data/spec/unit/rest/route_spec.rb +0 -132
- data/spec/unit/ssl/host_spec.rb +0 -650
- data/spec/unit/ssl/key_spec.rb +0 -173
- data/spec/unit/ssl/validator_spec.rb +0 -278
- data/spec/unit/status_spec.rb +0 -45
- data/spec/unit/util/ssl_spec.rb +0 -91
@@ -5,7 +5,6 @@ module Puppet::ModuleTool
|
|
5
5
|
require 'puppet/module_tool/applications/application'
|
6
6
|
require 'puppet/module_tool/applications/checksummer'
|
7
7
|
require 'puppet/module_tool/applications/installer'
|
8
|
-
require 'puppet/module_tool/applications/searcher'
|
9
8
|
require 'puppet/module_tool/applications/unpacker'
|
10
9
|
require 'puppet/module_tool/applications/uninstaller'
|
11
10
|
require 'puppet/module_tool/applications/upgrader'
|
@@ -1,101 +1,7 @@
|
|
1
|
-
require 'puppet/network/rights'
|
2
|
-
require 'puppet/network/http'
|
3
|
-
|
4
1
|
module Puppet
|
5
|
-
class ConfigurationError < Puppet::Error; end
|
6
|
-
class Network::DefaultAuthProvider
|
7
|
-
attr_accessor :rights
|
8
|
-
|
9
|
-
def self.master_url_prefix
|
10
|
-
Puppet::Network::HTTP::MASTER_URL_PREFIX
|
11
|
-
end
|
12
|
-
|
13
|
-
def self.default_acl
|
14
|
-
[
|
15
|
-
# Master API V3
|
16
|
-
{ :acl => "#{master_url_prefix}/v3/environments", :method => :find, :allow => '*', :authenticated => true },
|
17
|
-
|
18
|
-
{ :acl => "~ ^#{master_url_prefix}\/v3\/catalog\/([^\/]+)$", :method => :find, :allow => '$1', :authenticated => true },
|
19
|
-
{ :acl => "~ ^#{master_url_prefix}\/v3\/node\/([^\/]+)$", :method => :find, :allow => '$1', :authenticated => true },
|
20
|
-
{ :acl => "~ ^#{master_url_prefix}\/v3\/report\/([^\/]+)$", :method => :save, :allow => '$1', :authenticated => true },
|
21
|
-
|
22
|
-
# this one will allow all file access, and thus delegate
|
23
|
-
# to fileserver.conf
|
24
|
-
{ :acl => "#{master_url_prefix}/v3/file" },
|
25
|
-
|
26
|
-
{ :acl => "#{master_url_prefix}/v3/status", :method => [:find], :authenticated => true },
|
27
|
-
]
|
28
|
-
end
|
29
|
-
|
30
|
-
# Just proxy the setting methods to our rights stuff
|
31
|
-
[:allow, :deny].each do |method|
|
32
|
-
define_method(method) do |*args|
|
33
|
-
@rights.send(method, *args)
|
34
|
-
end
|
35
|
-
end
|
36
|
-
|
37
|
-
# force regular ACLs to be present
|
38
|
-
def insert_default_acl
|
39
|
-
self.class.default_acl.each do |acl|
|
40
|
-
unless rights[acl[:acl]]
|
41
|
-
Puppet.info _("Inserting default '%{acl}' (auth %{auth}) ACL") % { acl: acl[:acl], auth: acl[:authenticated] }
|
42
|
-
mk_acl(acl)
|
43
|
-
end
|
44
|
-
end
|
45
|
-
# queue an empty (ie deny all) right for every other path
|
46
|
-
# actually this is not strictly necessary as the rights system
|
47
|
-
# denies not explicitly allowed paths
|
48
|
-
unless rights["/"]
|
49
|
-
rights.newright("/").restrict_authenticated(:any)
|
50
|
-
end
|
51
|
-
end
|
52
|
-
|
53
|
-
def mk_acl(acl)
|
54
|
-
right = @rights.newright(acl[:acl])
|
55
|
-
right.allow(acl[:allow] || "*")
|
56
|
-
|
57
|
-
method = acl[:method]
|
58
|
-
if method
|
59
|
-
method = [method] unless method.is_a?(Array)
|
60
|
-
method.each { |m| right.restrict_method(m) }
|
61
|
-
end
|
62
|
-
right.restrict_authenticated(acl[:authenticated]) unless acl[:authenticated].nil?
|
63
|
-
end
|
64
|
-
|
65
|
-
# check whether this request is allowed in our ACL
|
66
|
-
# raise an Puppet::Network::AuthorizedError if the request
|
67
|
-
# is denied.
|
68
|
-
def check_authorization(method, path, params)
|
69
|
-
authorization_failure_exception = @rights.is_request_forbidden_and_why?(method, path, params)
|
70
|
-
if authorization_failure_exception
|
71
|
-
Puppet.warning(_("Denying access: %{authorization_failure_exception}") % { authorization_failure_exception: authorization_failure_exception })
|
72
|
-
raise authorization_failure_exception
|
73
|
-
end
|
74
|
-
end
|
75
|
-
|
76
|
-
def initialize(rights=nil)
|
77
|
-
@rights = rights || Puppet::Network::Rights.new
|
78
|
-
insert_default_acl
|
79
|
-
end
|
80
|
-
end
|
81
|
-
|
82
2
|
class Network::AuthConfig
|
83
|
-
|
84
|
-
|
85
|
-
def self.authprovider_class=(klass)
|
86
|
-
@@authprovider_class = klass
|
87
|
-
end
|
88
|
-
|
89
|
-
def self.authprovider_class
|
90
|
-
@@authprovider_class || Puppet::Network::DefaultAuthProvider
|
91
|
-
end
|
92
|
-
|
93
|
-
def initialize(rights=nil)
|
94
|
-
@authprovider = self.class.authprovider_class.new(rights)
|
95
|
-
end
|
96
|
-
|
97
|
-
def check_authorization(method, path, params)
|
98
|
-
@authprovider.check_authorization(method, path, params)
|
3
|
+
def self.authprovider_class=(_)
|
4
|
+
# legacy auth is not supported, ignore
|
99
5
|
end
|
100
6
|
end
|
101
7
|
end
|
@@ -1,41 +1,19 @@
|
|
1
|
-
require 'puppet/network/client_request'
|
2
|
-
require 'puppet/network/authconfig'
|
3
|
-
require 'puppet/network/auth_config_parser'
|
4
|
-
|
5
1
|
module Puppet::Network
|
6
|
-
class AuthConfigLoader
|
7
|
-
# Create our config object if necessary. If there's no configuration file
|
8
|
-
# we install our defaults
|
9
|
-
def self.authconfig
|
10
|
-
@auth_config_file ||= Puppet::Util::WatchedFile.new(Puppet[:rest_authconfig])
|
11
|
-
if (not @auth_config) or @auth_config_file.changed?
|
12
|
-
begin
|
13
|
-
@auth_config = Puppet::Network::AuthConfigParser.new_from_file(Puppet[:rest_authconfig]).parse
|
14
|
-
rescue Errno::ENOENT, Errno::ENOTDIR
|
15
|
-
@auth_config = Puppet::Network::AuthConfig.new
|
16
|
-
end
|
17
|
-
end
|
18
|
-
|
19
|
-
@auth_config
|
20
|
-
end
|
21
|
-
end
|
22
|
-
|
23
2
|
module Authorization
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
def authconfig
|
31
|
-
authconfigloader = @@authconfigloader_class || AuthConfigLoader
|
32
|
-
authconfigloader.authconfig
|
33
|
-
end
|
3
|
+
class << self
|
4
|
+
# This method is deprecated and will be removed in a future release.
|
5
|
+
def authconfigloader_class=(klass)
|
6
|
+
@authconfigloader_class = klass
|
7
|
+
end
|
34
8
|
|
35
|
-
|
36
|
-
|
37
|
-
|
9
|
+
# Verify something external to puppet is authorizing REST requests, so
|
10
|
+
# we don't fail insecurely due to misconfiguration.
|
11
|
+
def check_external_authorization(method, path)
|
12
|
+
if @authconfigloader_class.nil?
|
13
|
+
message = "Forbidden request: #{path} (method #{method})"
|
14
|
+
raise Puppet::Network::HTTP::Error::HTTPNotAuthorizedError.new(message, Puppet::Network::HTTP::Issues::FAILED_AUTHORIZATION)
|
15
|
+
end
|
16
|
+
end
|
38
17
|
end
|
39
18
|
end
|
40
19
|
end
|
41
|
-
|
@@ -255,7 +255,8 @@ Puppet::Network::FormatHandler.create_serialized_formats(:rich_data_msgpack, mim
|
|
255
255
|
end
|
256
256
|
|
257
257
|
def supported?(klass)
|
258
|
-
|
258
|
+
suitable? &&
|
259
|
+
klass == Puppet::Resource::Catalog &&
|
259
260
|
Puppet.lookup(:current_environment).rich_data?
|
260
261
|
end
|
261
262
|
end
|
data/lib/puppet/network/http.rb
CHANGED
@@ -1,3 +1,4 @@
|
|
1
|
+
# This module is used to handle puppet REST requests in puppetserver.
|
1
2
|
module Puppet::Network::HTTP
|
2
3
|
HEADER_ENABLE_PROFILING = "X-Puppet-Profiling"
|
3
4
|
HEADER_PUPPET_VERSION = "X-Puppet-Version"
|
@@ -8,7 +9,9 @@ module Puppet::Network::HTTP
|
|
8
9
|
CA_URL_PREFIX = "/puppet-ca"
|
9
10
|
CA_URL_VERSIONS = "v1"
|
10
11
|
|
12
|
+
require 'puppet/network/authconfig'
|
11
13
|
require 'puppet/network/authorization'
|
14
|
+
|
12
15
|
require 'puppet/network/http/issues'
|
13
16
|
require 'puppet/network/http/error'
|
14
17
|
require 'puppet/network/http/route'
|
@@ -19,7 +22,4 @@ module Puppet::Network::HTTP
|
|
19
22
|
require 'puppet/network/http/response'
|
20
23
|
require 'puppet/network/http/request'
|
21
24
|
require 'puppet/network/http/memory_response'
|
22
|
-
require 'puppet/network/http/compression'
|
23
|
-
|
24
|
-
require 'puppet/http'
|
25
25
|
end
|
@@ -1,8 +1,6 @@
|
|
1
|
-
require 'puppet/network/authorization'
|
2
1
|
require 'puppet/network/http/api/indirection_type'
|
3
2
|
|
4
3
|
class Puppet::Network::HTTP::API::IndirectedRoutes
|
5
|
-
include Puppet::Network::Authorization
|
6
4
|
|
7
5
|
# How we map http methods and the indirection name in the URI
|
8
6
|
# to an indirection method.
|
@@ -31,7 +29,8 @@ class Puppet::Network::HTTP::API::IndirectedRoutes
|
|
31
29
|
Puppet::Network::HTTP::Route.path(/.*/).any(new)
|
32
30
|
end
|
33
31
|
|
34
|
-
#
|
32
|
+
# Handle an HTTP request. The request has already been authenticated prior
|
33
|
+
# to calling this method.
|
35
34
|
def call(request, response)
|
36
35
|
indirection, method, key, params = uri2indirection(request.method, request.path, request.params)
|
37
36
|
certificate = request.client_cert
|
@@ -99,12 +98,6 @@ class Puppet::Network::HTTP::API::IndirectedRoutes
|
|
99
98
|
params[:environment] = configured_environment
|
100
99
|
end
|
101
100
|
|
102
|
-
begin
|
103
|
-
check_authorization(method, "#{url_prefix}/#{indirection_name}/#{key}", params)
|
104
|
-
rescue Puppet::Network::AuthorizationError => e
|
105
|
-
raise Puppet::Network::HTTP::Error::HTTPNotAuthorizedError.new(e.message)
|
106
|
-
end
|
107
|
-
|
108
101
|
if configured_environment.nil?
|
109
102
|
raise Puppet::Network::HTTP::Error::HTTPNotFoundError.new(
|
110
103
|
_("Could not find environment '%{environment}'") % { environment: environment })
|
@@ -120,17 +113,6 @@ class Puppet::Network::HTTP::API::IndirectedRoutes
|
|
120
113
|
[indirection, method, key, params]
|
121
114
|
end
|
122
115
|
|
123
|
-
def self.request_to_uri(request)
|
124
|
-
uri, body = request_to_uri_and_body(request)
|
125
|
-
"#{uri}?#{body}"
|
126
|
-
end
|
127
|
-
|
128
|
-
def self.request_to_uri_and_body(request)
|
129
|
-
url_prefix = IndirectionType.url_prefix_for(request.indirection_name.to_s)
|
130
|
-
indirection = request.method == :search ? pluralize(request.indirection_name.to_s) : request.indirection_name.to_s
|
131
|
-
["#{url_prefix}/#{indirection}/#{Puppet::Util.uri_encode(request.key)}", "environment=#{request.environment.name}&#{request.query_string}"]
|
132
|
-
end
|
133
|
-
|
134
116
|
private
|
135
117
|
|
136
118
|
# Execute our find.
|
@@ -1,28 +1,26 @@
|
|
1
1
|
class Puppet::Network::HTTP::API::Master::V3
|
2
|
-
require 'puppet/network/http/api/master/v3/authorization'
|
3
2
|
require 'puppet/network/http/api/master/v3/environments'
|
4
|
-
require 'puppet/network/http/api/master/v3/environment'
|
5
3
|
require 'puppet/network/http/api/indirected_routes'
|
6
4
|
|
7
|
-
|
5
|
+
def self.wrap(&block)
|
6
|
+
lambda do |request, response|
|
7
|
+
Puppet::Network::Authorization.check_external_authorization(request.method, request.path)
|
8
|
+
|
9
|
+
block.call.call(request, response)
|
10
|
+
end
|
11
|
+
end
|
8
12
|
|
9
13
|
INDIRECTED = Puppet::Network::HTTP::Route.
|
10
14
|
path(/.*/).
|
11
|
-
any(Puppet::Network::HTTP::API::IndirectedRoutes.new)
|
15
|
+
any(wrap { Puppet::Network::HTTP::API::IndirectedRoutes.new } )
|
12
16
|
|
13
17
|
ENVIRONMENTS = Puppet::Network::HTTP::Route.
|
14
|
-
path(%r{^/environments$}).
|
15
|
-
|
16
|
-
end)
|
17
|
-
|
18
|
-
ENVIRONMENT = Puppet::Network::HTTP::Route.
|
19
|
-
path(%r{^/environment/[^/]+$}).get(AUTHZ.wrap do
|
20
|
-
Environment.new
|
21
|
-
end)
|
18
|
+
path(%r{^/environments$}).
|
19
|
+
get(wrap { Environments.new(Puppet.lookup(:environments)) } )
|
22
20
|
|
23
21
|
def self.routes
|
24
22
|
Puppet::Network::HTTP::Route.path(%r{v3}).
|
25
23
|
any.
|
26
|
-
chain(ENVIRONMENTS,
|
24
|
+
chain(ENVIRONMENTS, INDIRECTED)
|
27
25
|
end
|
28
26
|
end
|
@@ -1,355 +1,286 @@
|
|
1
|
-
require 'puppet/
|
2
|
-
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
1
|
+
require 'puppet/http'
|
2
|
+
|
3
|
+
# This will be raised if too many redirects happen for a given HTTP request
|
4
|
+
class Puppet::Network::HTTP::RedirectionLimitExceededException < Puppet::Error ; end
|
5
|
+
|
6
|
+
# This class provides simple methods for issuing various types of HTTP
|
7
|
+
# requests. It's interface is intended to mirror Ruby's Net::HTTP
|
8
|
+
# object, but it provides a few important bits of additional
|
9
|
+
# functionality. Notably:
|
10
|
+
#
|
11
|
+
# * Any HTTPS requests made using this class will use Puppet's SSL
|
12
|
+
# certificate configuration for their authentication, and
|
13
|
+
# * Provides some useful error handling for any SSL errors that occur
|
14
|
+
# during a request.
|
15
|
+
#
|
16
|
+
# @deprecated Use {Puppet.runtime[:http]}
|
17
|
+
# @api public
|
18
|
+
class Puppet::Network::HTTP::Connection
|
19
|
+
include Puppet::HTTP::ResponseConverter
|
20
|
+
|
21
|
+
OPTION_DEFAULTS = {
|
22
|
+
:use_ssl => true,
|
23
|
+
:verifier => nil,
|
24
|
+
:redirect_limit => 10,
|
25
|
+
}
|
26
|
+
|
27
|
+
# Creates a new HTTP client connection to `host`:`port`.
|
28
|
+
# @param host [String] the host to which this client will connect to
|
29
|
+
# @param port [Integer] the port to which this client will connect to
|
30
|
+
# @param options [Hash] options influencing the properties of the created
|
31
|
+
# connection,
|
32
|
+
# @option options [Boolean] :use_ssl true to connect with SSL, false
|
33
|
+
# otherwise, defaults to true
|
34
|
+
# @option options [Puppet::SSL::Verifier] :verifier An object that will configure
|
35
|
+
# any verification to do on the connection
|
36
|
+
# @option options [Integer] :redirect_limit the number of allowed
|
37
|
+
# redirections, defaults to 10 passing any other option in the options
|
38
|
+
# hash results in a Puppet::Error exception
|
18
39
|
#
|
19
|
-
#
|
20
|
-
#
|
21
|
-
#
|
22
|
-
#
|
23
|
-
# @api
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
# Creates a new HTTP client connection to `host`:`port`.
|
34
|
-
# @param host [String] the host to which this client will connect to
|
35
|
-
# @param port [Integer] the port to which this client will connect to
|
36
|
-
# @param options [Hash] options influencing the properties of the created
|
37
|
-
# connection,
|
38
|
-
# @option options [Boolean] :use_ssl true to connect with SSL, false
|
39
|
-
# otherwise, defaults to true
|
40
|
-
# @option options [#setup_connection] :verify An object that will configure
|
41
|
-
# any verification to do on the connection
|
42
|
-
# @option options [Integer] :redirect_limit the number of allowed
|
43
|
-
# redirections, defaults to 10 passing any other option in the options
|
44
|
-
# hash results in a Puppet::Error exception
|
45
|
-
#
|
46
|
-
# @note the HTTP connection itself happens lazily only when {#request}, or
|
47
|
-
# one of the {#get}, {#post}, {#delete}, {#head} or {#put} is called
|
48
|
-
# @note The correct way to obtain a connection is to use one of the factory
|
49
|
-
# methods on {Puppet::Network::HttpPool}
|
50
|
-
# @api private
|
51
|
-
def initialize(host, port, options = {})
|
52
|
-
@host = host
|
53
|
-
@port = port
|
54
|
-
|
55
|
-
unknown_options = options.keys - OPTION_DEFAULTS.keys
|
56
|
-
raise Puppet::Error, _("Unrecognized option(s): %{opts}") % { opts: unknown_options.map(&:inspect).sort.join(', ') } unless unknown_options.empty?
|
57
|
-
|
58
|
-
options = OPTION_DEFAULTS.merge(options)
|
59
|
-
@use_ssl = options[:use_ssl]
|
60
|
-
if @use_ssl
|
61
|
-
if options[:verifier]
|
62
|
-
unless options[:verifier].is_a?(Puppet::SSL::Verifier)
|
63
|
-
raise ArgumentError, _("Expected an instance of Puppet::SSL::Verifier but was passed a %{klass}") % { klass: options[:verifier].class }
|
64
|
-
end
|
65
|
-
|
66
|
-
@verifier = options[:verifier]
|
67
|
-
else
|
68
|
-
@verifier = Puppet::SSL::VerifierAdapter.new(options[:verify])
|
69
|
-
end
|
40
|
+
# @note the HTTP connection itself happens lazily only when {#request}, or
|
41
|
+
# one of the {#get}, {#post}, {#delete}, {#head} or {#put} is called
|
42
|
+
# @note The correct way to obtain a connection is to use one of the factory
|
43
|
+
# methods on {Puppet::Network::HttpPool}
|
44
|
+
# @api private
|
45
|
+
def initialize(host, port, options = {})
|
46
|
+
unknown_options = options.keys - OPTION_DEFAULTS.keys
|
47
|
+
raise Puppet::Error, _("Unrecognized option(s): %{opts}") % { opts: unknown_options.map(&:inspect).sort.join(', ') } unless unknown_options.empty?
|
48
|
+
|
49
|
+
options = OPTION_DEFAULTS.merge(options)
|
50
|
+
@use_ssl = options[:use_ssl]
|
51
|
+
if @use_ssl
|
52
|
+
unless options[:verifier].is_a?(Puppet::SSL::Verifier)
|
53
|
+
raise ArgumentError, _("Expected an instance of Puppet::SSL::Verifier but was passed a %{klass}") % { klass: options[:verifier].class }
|
70
54
|
end
|
71
|
-
@redirect_limit = options[:redirect_limit]
|
72
|
-
@site = Puppet::Network::HTTP::Site.new(@use_ssl ? 'https' : 'http', host, port)
|
73
|
-
@pool = Puppet.lookup(:http_pool)
|
74
|
-
end
|
75
55
|
|
76
|
-
|
77
|
-
# @param options [Hash] options influencing the request made. Any
|
78
|
-
# options not recognized by this class will be ignored - no error will
|
79
|
-
# be thrown.
|
80
|
-
# @option options [Hash{Symbol => String}] :basic_auth The basic auth
|
81
|
-
# :username and :password to use for the request, :metric_id Ignored
|
82
|
-
# by this class - used by Puppet Server only. The metric id by which
|
83
|
-
# to track metrics on requests.
|
84
|
-
|
85
|
-
# @param path [String]
|
86
|
-
# @param headers [Hash{String => String}]
|
87
|
-
# @!macro common_options
|
88
|
-
# @api public
|
89
|
-
def get(path, headers = {}, options = {})
|
90
|
-
do_request(Net::HTTP::Get.new(path, headers), options)
|
56
|
+
@verifier = options[:verifier]
|
91
57
|
end
|
58
|
+
@redirect_limit = options[:redirect_limit]
|
59
|
+
@site = Puppet::HTTP::Site.new(@use_ssl ? 'https' : 'http', host, port)
|
60
|
+
@client = Puppet.runtime[:http]
|
61
|
+
end
|
92
62
|
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
# @api public
|
98
|
-
def post(path, data, headers = nil, options = {})
|
99
|
-
request = Net::HTTP::Post.new(path, headers)
|
100
|
-
request.body = data
|
101
|
-
do_request(request, options)
|
102
|
-
end
|
63
|
+
# The address to connect to.
|
64
|
+
def address
|
65
|
+
@site.host
|
66
|
+
end
|
103
67
|
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
def head(path, headers = {}, options = {})
|
109
|
-
do_request(Net::HTTP::Head.new(path, headers), options)
|
110
|
-
end
|
68
|
+
# The port to connect to.
|
69
|
+
def port
|
70
|
+
@site.port
|
71
|
+
end
|
111
72
|
|
112
|
-
|
113
|
-
|
114
|
-
|
115
|
-
|
116
|
-
def delete(path, headers = {'Depth' => 'Infinity'}, options = {})
|
117
|
-
do_request(Net::HTTP::Delete.new(path, headers), options)
|
118
|
-
end
|
73
|
+
# Whether to use ssl
|
74
|
+
def use_ssl?
|
75
|
+
@site.use_ssl?
|
76
|
+
end
|
119
77
|
|
120
|
-
|
121
|
-
|
122
|
-
|
123
|
-
|
124
|
-
# @api public
|
125
|
-
def put(path, data, headers = nil, options = {})
|
126
|
-
request = Net::HTTP::Put.new(path, headers)
|
127
|
-
request.body = data
|
128
|
-
do_request(request, options)
|
129
|
-
end
|
78
|
+
# @api private
|
79
|
+
def verifier
|
80
|
+
@verifier
|
81
|
+
end
|
130
82
|
|
131
|
-
|
132
|
-
|
133
|
-
|
83
|
+
# @!macro [new] common_options
|
84
|
+
# @param options [Hash] options influencing the request made. Any
|
85
|
+
# options not recognized by this class will be ignored - no error will
|
86
|
+
# be thrown.
|
87
|
+
# @option options [Hash{Symbol => String}] :basic_auth The basic auth
|
88
|
+
# :username and :password to use for the request, :metric_id Ignored
|
89
|
+
# by this class - used by Puppet Server only. The metric id by which
|
90
|
+
# to track metrics on requests.
|
91
|
+
|
92
|
+
# @param path [String]
|
93
|
+
# @param headers [Hash{String => String}]
|
94
|
+
# @!macro common_options
|
95
|
+
# @api public
|
96
|
+
def get(path, headers = {}, options = {})
|
97
|
+
headers ||= {}
|
98
|
+
options[:ssl_context] ||= resolve_ssl_context
|
99
|
+
options[:redirect_limit] ||= @redirect_limit
|
134
100
|
|
135
|
-
|
136
|
-
|
137
|
-
# but they are able to accept a code block and will yield to it, which is
|
138
|
-
# necessary to stream responses, e.g. file content. For now
|
139
|
-
# we're not funneling these proxy implementations through our #request
|
140
|
-
# method above, so they will not inherit the same error handling. In the
|
141
|
-
# future we may want to refactor these so that they are funneled through
|
142
|
-
# that method and do inherit the error handling.
|
143
|
-
def request_get(*args, &block)
|
144
|
-
with_connection(@site) do |http|
|
145
|
-
resp = http.request_get(*args, &block)
|
146
|
-
Puppet.debug("HTTP GET #{@site}#{args.first.split('?').first} returned #{resp.code} #{resp.message}")
|
147
|
-
resp
|
148
|
-
end
|
101
|
+
with_error_handling do
|
102
|
+
to_ruby_response(@client.get(to_url(path), headers: headers, options: options))
|
149
103
|
end
|
104
|
+
end
|
150
105
|
|
151
|
-
|
152
|
-
|
153
|
-
|
154
|
-
|
155
|
-
|
156
|
-
|
106
|
+
# @param path [String]
|
107
|
+
# @param data [String]
|
108
|
+
# @param headers [Hash{String => String}]
|
109
|
+
# @!macro common_options
|
110
|
+
# @api public
|
111
|
+
def post(path, data, headers = nil, options = {})
|
112
|
+
headers ||= {}
|
113
|
+
headers['Content-Type'] ||= "application/x-www-form-urlencoded"
|
114
|
+
data ||= ''
|
115
|
+
options[:ssl_context] ||= resolve_ssl_context
|
116
|
+
options[:redirect_limit] ||= @redirect_limit
|
117
|
+
|
118
|
+
with_error_handling do
|
119
|
+
to_ruby_response(@client.post(to_url(path), data, headers: headers, options: options))
|
157
120
|
end
|
121
|
+
end
|
158
122
|
|
159
|
-
|
160
|
-
|
161
|
-
|
162
|
-
|
163
|
-
|
164
|
-
|
165
|
-
|
166
|
-
|
123
|
+
# @param path [String]
|
124
|
+
# @param headers [Hash{String => String}]
|
125
|
+
# @!macro common_options
|
126
|
+
# @api public
|
127
|
+
def head(path, headers = {}, options = {})
|
128
|
+
headers ||= {}
|
129
|
+
options[:ssl_context] ||= resolve_ssl_context
|
130
|
+
options[:redirect_limit] ||= @redirect_limit
|
167
131
|
|
168
|
-
|
169
|
-
|
170
|
-
@site.host
|
132
|
+
with_error_handling do
|
133
|
+
to_ruby_response(@client.head(to_url(path), headers: headers, options: options))
|
171
134
|
end
|
135
|
+
end
|
172
136
|
|
173
|
-
|
174
|
-
|
175
|
-
|
176
|
-
|
137
|
+
# @param path [String]
|
138
|
+
# @param headers [Hash{String => String}]
|
139
|
+
# @!macro common_options
|
140
|
+
# @api public
|
141
|
+
def delete(path, headers = {'Depth' => 'Infinity'}, options = {})
|
142
|
+
headers ||= {}
|
143
|
+
options[:ssl_context] ||= resolve_ssl_context
|
144
|
+
options[:redirect_limit] ||= @redirect_limit
|
177
145
|
|
178
|
-
|
179
|
-
|
180
|
-
@site.use_ssl?
|
146
|
+
with_error_handling do
|
147
|
+
to_ruby_response(@client.delete(to_url(path), headers: headers, options: options))
|
181
148
|
end
|
149
|
+
end
|
182
150
|
|
183
|
-
|
184
|
-
|
185
|
-
|
151
|
+
# @param path [String]
|
152
|
+
# @param data [String]
|
153
|
+
# @param headers [Hash{String => String}]
|
154
|
+
# @!macro common_options
|
155
|
+
# @api public
|
156
|
+
def put(path, data, headers = nil, options = {})
|
157
|
+
headers ||= {}
|
158
|
+
headers['Content-Type'] ||= "application/x-www-form-urlencoded"
|
159
|
+
data ||= ''
|
160
|
+
options[:ssl_context] ||= resolve_ssl_context
|
161
|
+
options[:redirect_limit] ||= @redirect_limit
|
162
|
+
|
163
|
+
with_error_handling do
|
164
|
+
to_ruby_response(@client.put(to_url(path), data, headers: headers, options: options))
|
186
165
|
end
|
166
|
+
end
|
187
167
|
|
188
|
-
|
189
|
-
|
190
|
-
|
191
|
-
|
192
|
-
|
193
|
-
|
194
|
-
|
195
|
-
0.upto(@redirect_limit) do |redirection|
|
196
|
-
return response if response
|
197
|
-
|
198
|
-
with_connection(current_site) do |connection|
|
199
|
-
apply_options_to(current_request, options)
|
200
|
-
|
201
|
-
current_response = execute_request(connection, current_request)
|
202
|
-
|
203
|
-
case current_response.code.to_i
|
204
|
-
when 301, 302, 307
|
205
|
-
# handle redirection
|
206
|
-
location = URI.parse(current_response['location'])
|
207
|
-
current_site = current_site.move_to(location)
|
208
|
-
|
209
|
-
# update to the current request path
|
210
|
-
current_request = current_request.class.new(location.path)
|
211
|
-
current_request.body = request.body
|
212
|
-
request.each do |header, value|
|
213
|
-
current_request[header] = value
|
214
|
-
end
|
215
|
-
when 429, 503
|
216
|
-
if connection.started?
|
217
|
-
Puppet.debug("Closing connection for #{current_site}")
|
218
|
-
connection.finish
|
219
|
-
end
|
220
|
-
response = handle_retry_after(current_response)
|
221
|
-
else
|
222
|
-
response = current_response
|
223
|
-
end
|
224
|
-
end
|
225
|
-
|
226
|
-
# and try again...
|
227
|
-
end
|
168
|
+
def request_get(*args, &block)
|
169
|
+
path, headers = *args
|
170
|
+
headers ||= {}
|
171
|
+
options = {
|
172
|
+
ssl_context: resolve_ssl_context,
|
173
|
+
redirect_limit: @redirect_limit
|
174
|
+
}
|
228
175
|
|
229
|
-
|
176
|
+
ruby_response = nil
|
177
|
+
@client.get(to_url(path), headers: headers, options: options) do |response|
|
178
|
+
ruby_response = to_ruby_response(response)
|
179
|
+
yield ruby_response if block_given?
|
230
180
|
end
|
181
|
+
ruby_response
|
182
|
+
end
|
231
183
|
|
232
|
-
|
233
|
-
|
234
|
-
|
235
|
-
|
236
|
-
|
237
|
-
|
238
|
-
|
239
|
-
# HTTP client.
|
240
|
-
#
|
241
|
-
# @return [nil] Sleeps and returns nil if the response contained a
|
242
|
-
# Retry-After header that indicated the request should be retried.
|
243
|
-
# @return [Net::HTTPResponse] Returns the `response` unmodified if
|
244
|
-
# no Retry-After header was present or the Retry-After header could
|
245
|
-
# not be parsed as an integer or RFC 2822 date.
|
246
|
-
def handle_retry_after(response)
|
247
|
-
retry_after = response['Retry-After']
|
248
|
-
return response if retry_after.nil?
|
249
|
-
|
250
|
-
retry_sleep = parse_retry_after_header(retry_after)
|
251
|
-
# Recover remote hostname if Net::HTTPResponse was generated by a
|
252
|
-
# method that fills in the uri attribute.
|
253
|
-
#
|
254
|
-
server_hostname = if response.uri.is_a?(URI)
|
255
|
-
response.uri.host
|
256
|
-
else
|
257
|
-
# TRANSLATORS: Used in the phrase:
|
258
|
-
# "Received a response from the remote server."
|
259
|
-
_('the remote server')
|
260
|
-
end
|
261
|
-
|
262
|
-
if retry_sleep.nil?
|
263
|
-
Puppet.err(_('Received a %{status_code} response from %{server_hostname}, but the Retry-After header value of "%{retry_after}" could not be converted to an integer or RFC 2822 date.') %
|
264
|
-
{status_code: response.code,
|
265
|
-
server_hostname: server_hostname,
|
266
|
-
retry_after: retry_after.inspect})
|
267
|
-
|
268
|
-
return response
|
269
|
-
end
|
270
|
-
|
271
|
-
# Cap maximum sleep at the run interval of the Puppet agent.
|
272
|
-
retry_sleep = [retry_sleep, Puppet[:runinterval]].min
|
184
|
+
def request_head(*args, &block)
|
185
|
+
path, headers = *args
|
186
|
+
headers ||= {}
|
187
|
+
options = {
|
188
|
+
ssl_context: resolve_ssl_context,
|
189
|
+
redirect_limit: @redirect_limit
|
190
|
+
}
|
273
191
|
|
274
|
-
|
275
|
-
|
276
|
-
|
277
|
-
|
192
|
+
response = @client.head(to_url(path), headers: headers, options: options)
|
193
|
+
ruby_response = to_ruby_response(response)
|
194
|
+
yield ruby_response if block_given?
|
195
|
+
ruby_response
|
196
|
+
end
|
278
197
|
|
279
|
-
|
198
|
+
def request_post(*args, &block)
|
199
|
+
path, data, headers = *args
|
200
|
+
headers ||= {}
|
201
|
+
headers['Content-Type'] ||= "application/x-www-form-urlencoded"
|
202
|
+
options = {
|
203
|
+
ssl_context: resolve_ssl_context,
|
204
|
+
redirect_limit: @redirect_limit
|
205
|
+
}
|
280
206
|
|
281
|
-
|
207
|
+
ruby_response = nil
|
208
|
+
@client.post(to_url(path), data, headers: headers, options: options) do |response|
|
209
|
+
ruby_response = to_ruby_response(response)
|
210
|
+
yield ruby_response if block_given?
|
282
211
|
end
|
212
|
+
ruby_response
|
213
|
+
end
|
283
214
|
|
284
|
-
|
285
|
-
|
286
|
-
|
287
|
-
|
288
|
-
|
289
|
-
|
290
|
-
|
291
|
-
#
|
292
|
-
|
293
|
-
|
294
|
-
#
|
295
|
-
|
296
|
-
|
297
|
-
|
298
|
-
|
299
|
-
|
300
|
-
|
301
|
-
|
302
|
-
|
303
|
-
|
304
|
-
|
305
|
-
|
306
|
-
|
307
|
-
|
308
|
-
|
309
|
-
|
310
|
-
|
311
|
-
sleep = (retry_after.to_time - DateTime.now.to_time).to_i
|
312
|
-
(sleep > 0) ? sleep : 0
|
313
|
-
end
|
215
|
+
private
|
216
|
+
|
217
|
+
# Resolve the ssl_context based on the verifier associated with this
|
218
|
+
# connection or load the available set of certs and key on disk.
|
219
|
+
# Don't try to bootstrap the agent, as we only want that to be triggered
|
220
|
+
# when running `puppet ssl` or `puppet agent`.
|
221
|
+
def resolve_ssl_context
|
222
|
+
# don't need an ssl context for http connections
|
223
|
+
return nil unless @site.use_ssl?
|
224
|
+
|
225
|
+
# if our verifier has an ssl_context, use that
|
226
|
+
ctx = @verifier.ssl_context
|
227
|
+
return ctx if ctx
|
228
|
+
|
229
|
+
# load available certs
|
230
|
+
cert = Puppet::X509::CertProvider.new
|
231
|
+
ssl = Puppet::SSL::SSLProvider.new
|
232
|
+
begin
|
233
|
+
password = cert.load_private_key_password
|
234
|
+
ssl.load_context(certname: Puppet[:certname], password: password)
|
235
|
+
rescue Puppet::SSL::SSLError => e
|
236
|
+
Puppet.log_exception(e)
|
237
|
+
|
238
|
+
# if we don't have cacerts, then create a root context that doesn't
|
239
|
+
# trust anything. The old code used to fallback to VERIFY_NONE,
|
240
|
+
# which we don't want to emulate.
|
241
|
+
ssl.create_root_context(cacerts: [])
|
314
242
|
end
|
243
|
+
end
|
315
244
|
|
316
|
-
|
317
|
-
|
318
|
-
|
319
|
-
|
320
|
-
|
321
|
-
|
245
|
+
def to_url(path)
|
246
|
+
if path =~ /^https?:\/\//
|
247
|
+
# The old Connection class accepts a URL as the request path, and sends
|
248
|
+
# it in "absolute-form" in the request line, e.g. GET https://puppet:8140/.
|
249
|
+
# See https://httpwg.org/specs/rfc7230.html#absolute-form. It just so happens
|
250
|
+
# to work because HTTP 1.1 servers are required to accept absolute-form even
|
251
|
+
# though clients are only supposed to send them to proxies, so the proxy knows
|
252
|
+
# what upstream server to CONNECT to. This method creates a URL using the
|
253
|
+
# scheme/host/port that the connection was created with, and appends the path
|
254
|
+
# and query portions of the absolute-form. The resulting request will use "origin-form"
|
255
|
+
# as it should have done all along.
|
256
|
+
abs_form = URI(path)
|
257
|
+
url = URI("#{@site.addr}/#{normalize_path(abs_form.path)}")
|
258
|
+
url.query = abs_form.query if abs_form.query
|
259
|
+
url
|
260
|
+
else
|
261
|
+
URI("#{@site.addr}/#{normalize_path(path)}")
|
322
262
|
end
|
263
|
+
end
|
323
264
|
|
324
|
-
|
325
|
-
|
326
|
-
|
327
|
-
|
328
|
-
|
329
|
-
rescue => exception
|
330
|
-
elapsed = (Time.now - start).to_f.round(3)
|
331
|
-
uri = [@site.addr, request.path.split('?')[0]].join('/')
|
332
|
-
|
333
|
-
case exception
|
334
|
-
when EOFError
|
335
|
-
Puppet.log_exception(exception, _('request %{uri} interrupted after %{elapsed} seconds') % {uri: uri, elapsed: elapsed})
|
336
|
-
when Timeout::Error
|
337
|
-
Puppet.log_exception(exception, _('request %{uri} timed out after %{elapsed} seconds') % {uri: uri, elapsed: elapsed})
|
338
|
-
else
|
339
|
-
Puppet.log_exception(exception, _('request %{uri} failed: %{msg}') % {uri: uri, msg: exception.message})
|
340
|
-
end
|
341
|
-
|
342
|
-
raise exception
|
265
|
+
def normalize_path(path)
|
266
|
+
if path[0] == '/'
|
267
|
+
path[1..-1]
|
268
|
+
else
|
269
|
+
path
|
343
270
|
end
|
271
|
+
end
|
344
272
|
|
345
|
-
|
346
|
-
|
347
|
-
|
348
|
-
|
349
|
-
|
350
|
-
|
351
|
-
|
352
|
-
|
273
|
+
def with_error_handling(&block)
|
274
|
+
yield
|
275
|
+
rescue Puppet::HTTP::TooManyRedirects => e
|
276
|
+
raise Puppet::Network::HTTP::RedirectionLimitExceededException.new(_("Too many HTTP redirections for %{host}:%{port}") % { host: @host, port: @port }, e)
|
277
|
+
rescue Puppet::HTTP::HTTPError => e
|
278
|
+
Puppet.log_exception(e, e.message)
|
279
|
+
case e.cause
|
280
|
+
when Net::OpenTimeout, Net::ReadTimeout, Net::HTTPError, EOFError
|
281
|
+
raise e.cause
|
282
|
+
else
|
283
|
+
raise e
|
353
284
|
end
|
354
285
|
end
|
355
286
|
end
|