puppet 6.19.1-universal-darwin → 7.0.0-universal-darwin

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of puppet might be problematic. Click here for more details.

Files changed (440) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +1 -1
  3. data/Gemfile.lock +19 -20
  4. data/README.md +1 -1
  5. data/conf/fileserver.conf +5 -10
  6. data/ext/build_defaults.yaml +1 -1
  7. data/ext/osx/file_mapping.yaml +0 -5
  8. data/ext/project_data.yaml +1 -14
  9. data/ext/redhat/puppet.spec.erb +0 -1
  10. data/ext/windows/service/daemon.rb +6 -5
  11. data/install.rb +21 -17
  12. data/lib/puppet.rb +11 -20
  13. data/lib/puppet/application.rb +172 -98
  14. data/lib/puppet/application/device.rb +100 -104
  15. data/lib/puppet/application/filebucket.rb +15 -11
  16. data/lib/puppet/application/ssl.rb +1 -1
  17. data/lib/puppet/configurer.rb +28 -33
  18. data/lib/puppet/configurer/plugin_handler.rb +21 -19
  19. data/lib/puppet/defaults.rb +95 -159
  20. data/lib/puppet/environments.rb +10 -25
  21. data/lib/puppet/face/config.rb +10 -0
  22. data/lib/puppet/face/epp.rb +12 -2
  23. data/lib/puppet/face/facts.rb +66 -6
  24. data/lib/puppet/face/help.rb +1 -1
  25. data/lib/puppet/face/plugin.rb +5 -8
  26. data/lib/puppet/ffi/windows.rb +12 -0
  27. data/lib/puppet/ffi/windows/api_types.rb +311 -0
  28. data/lib/puppet/ffi/windows/constants.rb +404 -0
  29. data/lib/puppet/ffi/windows/functions.rb +628 -0
  30. data/lib/puppet/ffi/windows/structs.rb +338 -0
  31. data/lib/puppet/file_serving/configuration.rb +0 -5
  32. data/lib/puppet/file_serving/configuration/parser.rb +3 -32
  33. data/lib/puppet/file_serving/http_metadata.rb +1 -1
  34. data/lib/puppet/file_serving/mount.rb +1 -2
  35. data/lib/puppet/forge/repository.rb +0 -1
  36. data/lib/puppet/functions/epp.rb +1 -0
  37. data/lib/puppet/functions/inline_epp.rb +1 -0
  38. data/lib/puppet/generate/models/type/type.rb +4 -1
  39. data/lib/puppet/http.rb +22 -13
  40. data/lib/puppet/http/client.rb +164 -114
  41. data/lib/puppet/{network/resolver.rb → http/dns.rb} +2 -2
  42. data/lib/puppet/http/errors.rb +16 -0
  43. data/lib/puppet/http/external_client.rb +5 -7
  44. data/lib/puppet/{network/http → http}/factory.rb +8 -11
  45. data/lib/puppet/{network/http → http}/pool.rb +61 -26
  46. data/lib/puppet/{network/http/session.rb → http/pool_entry.rb} +2 -3
  47. data/lib/puppet/http/proxy.rb +137 -0
  48. data/lib/puppet/http/redirector.rb +4 -12
  49. data/lib/puppet/http/resolver.rb +5 -15
  50. data/lib/puppet/http/resolver/server_list.rb +6 -10
  51. data/lib/puppet/http/resolver/settings.rb +4 -7
  52. data/lib/puppet/http/resolver/srv.rb +7 -11
  53. data/lib/puppet/http/response.rb +36 -54
  54. data/lib/puppet/http/response_converter.rb +24 -0
  55. data/lib/puppet/http/response_net_http.rb +42 -0
  56. data/lib/puppet/http/retry_after_handler.rb +4 -13
  57. data/lib/puppet/http/service.rb +12 -26
  58. data/lib/puppet/http/service/ca.rb +11 -22
  59. data/lib/puppet/http/service/compiler.rb +22 -69
  60. data/lib/puppet/http/service/file_server.rb +18 -27
  61. data/lib/puppet/http/service/puppetserver.rb +26 -12
  62. data/lib/puppet/http/service/report.rb +8 -10
  63. data/lib/puppet/http/session.rb +11 -20
  64. data/lib/puppet/{network/http → http}/site.rb +1 -2
  65. data/lib/puppet/indirector/catalog/rest.rb +2 -4
  66. data/lib/puppet/indirector/fact_search.rb +60 -0
  67. data/lib/puppet/indirector/facts/facter.rb +24 -3
  68. data/lib/puppet/indirector/facts/json.rb +27 -0
  69. data/lib/puppet/indirector/facts/rest.rb +3 -22
  70. data/lib/puppet/indirector/facts/yaml.rb +3 -58
  71. data/lib/puppet/indirector/file_bucket_file/rest.rb +3 -9
  72. data/lib/puppet/indirector/file_content/rest.rb +2 -6
  73. data/lib/puppet/indirector/file_metadata/rest.rb +3 -9
  74. data/lib/puppet/indirector/file_server.rb +1 -8
  75. data/lib/puppet/indirector/generic_http.rb +0 -11
  76. data/lib/puppet/indirector/json.rb +5 -1
  77. data/lib/puppet/indirector/node/json.rb +8 -0
  78. data/lib/puppet/indirector/node/rest.rb +2 -4
  79. data/lib/puppet/indirector/report/json.rb +34 -0
  80. data/lib/puppet/indirector/report/rest.rb +3 -8
  81. data/lib/puppet/indirector/request.rb +0 -101
  82. data/lib/puppet/indirector/rest.rb +12 -263
  83. data/lib/puppet/module_tool/applications.rb +0 -1
  84. data/lib/puppet/network/authconfig.rb +2 -96
  85. data/lib/puppet/network/authorization.rb +13 -35
  86. data/lib/puppet/network/formats.rb +2 -1
  87. data/lib/puppet/network/http.rb +3 -3
  88. data/lib/puppet/network/http/api/indirected_routes.rb +2 -20
  89. data/lib/puppet/network/http/api/master/v3.rb +11 -13
  90. data/lib/puppet/network/http/connection.rb +247 -316
  91. data/lib/puppet/network/http/handler.rb +0 -1
  92. data/lib/puppet/network/http_pool.rb +16 -34
  93. data/lib/puppet/node.rb +1 -30
  94. data/lib/puppet/pal/json_catalog_encoder.rb +4 -0
  95. data/lib/puppet/pal/pal_impl.rb +73 -18
  96. data/lib/puppet/parser/ast/pops_bridge.rb +0 -38
  97. data/lib/puppet/parser/compiler.rb +0 -198
  98. data/lib/puppet/parser/compiler/catalog_validator/relationship_validator.rb +14 -39
  99. data/lib/puppet/parser/resource.rb +0 -69
  100. data/lib/puppet/pops/evaluator/evaluator_impl.rb +22 -8
  101. data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +3 -3
  102. data/lib/puppet/pops/evaluator/runtime3_support.rb +1 -1
  103. data/lib/puppet/pops/issues.rb +0 -5
  104. data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +6 -8
  105. data/lib/puppet/pops/model/ast.pp +0 -42
  106. data/lib/puppet/pops/model/ast.rb +0 -290
  107. data/lib/puppet/pops/model/factory.rb +0 -45
  108. data/lib/puppet/pops/model/model_label_provider.rb +0 -5
  109. data/lib/puppet/pops/model/model_tree_dumper.rb +0 -22
  110. data/lib/puppet/pops/model/pn_transformer.rb +0 -16
  111. data/lib/puppet/pops/parser/egrammar.ra +0 -56
  112. data/lib/puppet/pops/parser/eparser.rb +1520 -1712
  113. data/lib/puppet/pops/parser/lexer2.rb +4 -4
  114. data/lib/puppet/pops/parser/parser_support.rb +0 -5
  115. data/lib/puppet/pops/resource/resource_type_impl.rb +2 -24
  116. data/lib/puppet/pops/types/type_calculator.rb +0 -7
  117. data/lib/puppet/pops/types/type_parser.rb +0 -4
  118. data/lib/puppet/pops/types/types.rb +0 -1
  119. data/lib/puppet/pops/validation/checker4_0.rb +9 -37
  120. data/lib/puppet/pops/validation/tasks_checker.rb +0 -12
  121. data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -2
  122. data/lib/puppet/provider.rb +0 -13
  123. data/lib/puppet/provider/nameservice.rb +0 -18
  124. data/lib/puppet/provider/package/dpkg.rb +0 -10
  125. data/lib/puppet/provider/package/gem.rb +23 -3
  126. data/lib/puppet/provider/package/pip.rb +0 -1
  127. data/lib/puppet/provider/package/pkg.rb +0 -4
  128. data/lib/puppet/provider/package/portage.rb +1 -1
  129. data/lib/puppet/provider/package/puppet_gem.rb +1 -4
  130. data/lib/puppet/provider/service/smf.rb +191 -73
  131. data/lib/puppet/provider/user/directoryservice.rb +0 -10
  132. data/lib/puppet/reference/configuration.rb +2 -0
  133. data/lib/puppet/reference/indirection.rb +1 -1
  134. data/lib/puppet/resource.rb +1 -89
  135. data/lib/puppet/resource/catalog.rb +1 -14
  136. data/lib/puppet/resource/type.rb +3 -119
  137. data/lib/puppet/resource/type_collection.rb +3 -48
  138. data/lib/puppet/runtime.rb +1 -2
  139. data/lib/puppet/settings.rb +45 -33
  140. data/lib/puppet/settings/base_setting.rb +26 -2
  141. data/lib/puppet/settings/integer_setting.rb +17 -0
  142. data/lib/puppet/settings/port_setting.rb +15 -0
  143. data/lib/puppet/settings/priority_setting.rb +5 -4
  144. data/lib/puppet/ssl.rb +10 -6
  145. data/lib/puppet/ssl/base.rb +3 -5
  146. data/lib/puppet/ssl/certificate.rb +0 -6
  147. data/lib/puppet/ssl/certificate_request.rb +1 -12
  148. data/lib/puppet/ssl/certificate_signer.rb +6 -0
  149. data/lib/puppet/ssl/oids.rb +3 -1
  150. data/lib/puppet/ssl/ssl_provider.rb +17 -0
  151. data/lib/puppet/ssl/state_machine.rb +3 -1
  152. data/lib/puppet/ssl/verifier.rb +2 -0
  153. data/lib/puppet/test/test_helper.rb +1 -3
  154. data/lib/puppet/transaction.rb +1 -7
  155. data/lib/puppet/transaction/report.rb +2 -4
  156. data/lib/puppet/type.rb +0 -76
  157. data/lib/puppet/type/file.rb +5 -7
  158. data/lib/puppet/type/file/checksum.rb +1 -1
  159. data/lib/puppet/type/file/source.rb +1 -1
  160. data/lib/puppet/type/filebucket.rb +3 -3
  161. data/lib/puppet/type/package.rb +5 -13
  162. data/lib/puppet/util/execution.rb +0 -11
  163. data/lib/puppet/util/http_proxy.rb +2 -215
  164. data/lib/puppet/util/monkey_patches.rb +0 -46
  165. data/lib/puppet/util/rdoc.rb +0 -7
  166. data/lib/puppet/util/retry_action.rb +1 -1
  167. data/lib/puppet/util/rubygems.rb +5 -1
  168. data/lib/puppet/util/run_mode.rb +9 -1
  169. data/lib/puppet/util/windows.rb +3 -8
  170. data/lib/puppet/util/windows/daemon.rb +360 -0
  171. data/lib/puppet/util/windows/error.rb +1 -0
  172. data/lib/puppet/util/windows/eventlog.rb +4 -9
  173. data/lib/puppet/util/windows/file.rb +8 -242
  174. data/lib/puppet/util/windows/monkey_patches/process.rb +414 -0
  175. data/lib/puppet/util/windows/process.rb +4 -226
  176. data/lib/puppet/util/windows/service.rb +9 -460
  177. data/lib/puppet/util/windows/string.rb +12 -13
  178. data/lib/puppet/util/yaml.rb +0 -22
  179. data/lib/puppet/vendor/require_vendored.rb +0 -1
  180. data/lib/puppet/version.rb +1 -1
  181. data/lib/puppet/x509.rb +5 -1
  182. data/lib/puppet/x509/cert_provider.rb +29 -1
  183. data/locales/puppet.pot +531 -1232
  184. data/man/man5/puppet.conf.5 +37 -97
  185. data/man/man8/puppet-agent.8 +1 -1
  186. data/man/man8/puppet-apply.8 +1 -1
  187. data/man/man8/puppet-catalog.8 +1 -1
  188. data/man/man8/puppet-config.8 +1 -1
  189. data/man/man8/puppet-describe.8 +1 -1
  190. data/man/man8/puppet-device.8 +1 -1
  191. data/man/man8/puppet-doc.8 +1 -1
  192. data/man/man8/puppet-epp.8 +1 -1
  193. data/man/man8/puppet-facts.8 +55 -9
  194. data/man/man8/puppet-filebucket.8 +6 -6
  195. data/man/man8/puppet-generate.8 +1 -1
  196. data/man/man8/puppet-help.8 +1 -1
  197. data/man/man8/puppet-lookup.8 +1 -1
  198. data/man/man8/puppet-module.8 +1 -58
  199. data/man/man8/puppet-node.8 +4 -1
  200. data/man/man8/puppet-parser.8 +1 -1
  201. data/man/man8/puppet-plugin.8 +1 -1
  202. data/man/man8/puppet-report.8 +4 -1
  203. data/man/man8/puppet-resource.8 +1 -1
  204. data/man/man8/puppet-script.8 +1 -1
  205. data/man/man8/puppet-ssl.8 +1 -1
  206. data/man/man8/puppet.8 +2 -2
  207. data/spec/fixtures/unit/provider/service/smf/{svcs.out → svcs_instances.out} +0 -0
  208. data/spec/integration/application/agent_spec.rb +24 -11
  209. data/spec/integration/application/apply_spec.rb +1 -1
  210. data/spec/integration/application/filebucket_spec.rb +16 -16
  211. data/spec/integration/application/help_spec.rb +2 -0
  212. data/spec/integration/application/plugin_spec.rb +23 -1
  213. data/spec/integration/defaults_spec.rb +7 -3
  214. data/spec/integration/environments/setting_hooks_spec.rb +1 -1
  215. data/spec/integration/network/http_pool_spec.rb +3 -21
  216. data/spec/integration/parser/catalog_spec.rb +0 -38
  217. data/spec/integration/parser/node_spec.rb +0 -9
  218. data/spec/integration/parser/pcore_resource_spec.rb +0 -37
  219. data/spec/integration/type/file_spec.rb +5 -4
  220. data/spec/integration/util/windows/monkey_patches/process_spec.rb +231 -0
  221. data/spec/integration/util/windows/security_spec.rb +1 -1
  222. data/spec/lib/puppet_spec/puppetserver.rb +1 -1
  223. data/spec/lib/puppet_spec/settings.rb +7 -1
  224. data/spec/spec_helper.rb +2 -0
  225. data/spec/unit/agent_spec.rb +0 -2
  226. data/spec/unit/application/config_spec.rb +224 -4
  227. data/spec/unit/application/facts_spec.rb +35 -0
  228. data/spec/unit/application/filebucket_spec.rb +41 -39
  229. data/spec/unit/application/ssl_spec.rb +2 -2
  230. data/spec/unit/certificate_factory_spec.rb +1 -1
  231. data/spec/unit/configurer/downloader_spec.rb +6 -2
  232. data/spec/unit/configurer/plugin_handler_spec.rb +56 -18
  233. data/spec/unit/configurer_spec.rb +12 -9
  234. data/spec/unit/context/trusted_information_spec.rb +2 -6
  235. data/spec/unit/defaults_spec.rb +77 -28
  236. data/spec/unit/environments_spec.rb +0 -3
  237. data/spec/unit/face/config_spec.rb +27 -32
  238. data/spec/unit/face/facts_spec.rb +4 -0
  239. data/spec/unit/face/plugin_spec.rb +73 -33
  240. data/spec/unit/file_bucket/file_spec.rb +1 -1
  241. data/spec/unit/file_serving/configuration/parser_spec.rb +14 -18
  242. data/spec/unit/file_serving/configuration_spec.rb +6 -12
  243. data/spec/unit/functions/camelcase_spec.rb +1 -1
  244. data/spec/unit/functions/capitalize_spec.rb +1 -1
  245. data/spec/unit/functions/downcase_spec.rb +1 -1
  246. data/spec/unit/functions/inline_epp_spec.rb +26 -1
  247. data/spec/unit/functions/upcase_spec.rb +1 -1
  248. data/spec/unit/http/client_spec.rb +7 -8
  249. data/spec/unit/{network/resolver_spec.rb → http/dns_spec.rb} +3 -3
  250. data/spec/unit/http/external_client_spec.rb +4 -4
  251. data/spec/unit/{network/http → http}/factory_spec.rb +5 -11
  252. data/spec/unit/{network/http/session_spec.rb → http/pool_entry_spec.rb} +3 -3
  253. data/spec/unit/{network/http → http}/pool_spec.rb +12 -17
  254. data/spec/unit/{util/http_proxy_spec.rb → http/proxy_spec.rb} +2 -69
  255. data/spec/unit/http/resolver_spec.rb +13 -13
  256. data/spec/unit/http/service/compiler_spec.rb +49 -62
  257. data/spec/unit/http/service/file_server_spec.rb +3 -3
  258. data/spec/unit/http/service/puppetserver_spec.rb +34 -4
  259. data/spec/unit/http/service_spec.rb +1 -2
  260. data/spec/unit/http/session_spec.rb +16 -14
  261. data/spec/unit/{network/http → http}/site_spec.rb +3 -3
  262. data/spec/unit/indirector/facts/facter_spec.rb +97 -0
  263. data/spec/unit/indirector/facts/json_spec.rb +255 -0
  264. data/spec/unit/indirector/file_bucket_file/file_spec.rb +5 -3
  265. data/spec/unit/indirector/file_content/rest_spec.rb +0 -4
  266. data/spec/unit/indirector/file_metadata/rest_spec.rb +0 -4
  267. data/spec/unit/indirector/file_server_spec.rb +1 -15
  268. data/spec/unit/indirector/node/json_spec.rb +33 -0
  269. data/spec/{integration/indirector/report/yaml.rb → unit/indirector/report/json_spec.rb} +13 -24
  270. data/spec/unit/indirector/report/rest_spec.rb +2 -17
  271. data/spec/unit/indirector/report/yaml_spec.rb +72 -8
  272. data/spec/unit/indirector/request_spec.rb +0 -264
  273. data/spec/unit/indirector/rest_spec.rb +98 -752
  274. data/spec/unit/network/authconfig_spec.rb +2 -132
  275. data/spec/unit/network/authorization_spec.rb +2 -55
  276. data/spec/unit/network/formats_spec.rb +4 -4
  277. data/spec/unit/network/http/api/indirected_routes_spec.rb +1 -97
  278. data/spec/unit/network/http/api/master/v3_spec.rb +28 -7
  279. data/spec/unit/network/http/api_spec.rb +10 -0
  280. data/spec/unit/network/http/connection_spec.rb +19 -41
  281. data/spec/unit/network/http/handler_spec.rb +0 -6
  282. data/spec/unit/network/http_pool_spec.rb +0 -4
  283. data/spec/unit/node/environment_spec.rb +33 -21
  284. data/spec/unit/node_spec.rb +2 -54
  285. data/spec/unit/parser/functions/create_resources_spec.rb +2 -20
  286. data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +4 -7
  287. data/spec/unit/pops/loaders/loaders_spec.rb +6 -21
  288. data/spec/unit/pops/parser/parse_application_spec.rb +4 -22
  289. data/spec/unit/pops/parser/parse_basic_expressions_spec.rb +0 -1
  290. data/spec/unit/pops/parser/parse_capabilities_spec.rb +8 -21
  291. data/spec/unit/pops/parser/parse_site_spec.rb +20 -24
  292. data/spec/unit/pops/resource/resource_type_impl_spec.rb +0 -71
  293. data/spec/unit/pops/serialization/to_from_hr_spec.rb +1 -1
  294. data/spec/unit/pops/types/type_calculator_spec.rb +6 -6
  295. data/spec/unit/pops/types/type_factory_spec.rb +1 -1
  296. data/spec/unit/pops/validator/validator_spec.rb +61 -46
  297. data/spec/unit/pops/visitor_spec.rb +1 -1
  298. data/spec/unit/provider/nameservice_spec.rb +0 -57
  299. data/spec/unit/provider/package/dpkg_spec.rb +0 -48
  300. data/spec/unit/provider/package/gem_spec.rb +32 -0
  301. data/spec/unit/provider/package/puppet_gem_spec.rb +3 -2
  302. data/spec/unit/provider/service/smf_spec.rb +401 -165
  303. data/spec/unit/provider/service/windows_spec.rb +0 -1
  304. data/spec/unit/provider_spec.rb +0 -12
  305. data/spec/unit/puppet_pal_catalog_spec.rb +45 -0
  306. data/spec/unit/resource/type_collection_spec.rb +2 -22
  307. data/spec/unit/resource_spec.rb +0 -56
  308. data/spec/unit/settings/http_extra_headers_spec.rb +2 -4
  309. data/spec/unit/settings/integer_setting_spec.rb +42 -0
  310. data/spec/unit/settings/port_setting_spec.rb +31 -0
  311. data/spec/unit/settings/priority_setting_spec.rb +4 -4
  312. data/spec/unit/settings_spec.rb +423 -236
  313. data/spec/unit/ssl/base_spec.rb +36 -3
  314. data/spec/unit/ssl/certificate_request_spec.rb +15 -45
  315. data/spec/unit/ssl/certificate_spec.rb +2 -11
  316. data/spec/unit/ssl/ssl_provider_spec.rb +11 -8
  317. data/spec/unit/ssl/state_machine_spec.rb +0 -1
  318. data/spec/unit/ssl/verifier_spec.rb +0 -21
  319. data/spec/unit/transaction/report_spec.rb +0 -2
  320. data/spec/unit/transaction/resource_harness_spec.rb +2 -2
  321. data/spec/unit/transaction_spec.rb +45 -79
  322. data/spec/unit/type/file/checksum_spec.rb +6 -6
  323. data/spec/unit/type/file/content_spec.rb +1 -1
  324. data/spec/unit/type/file/ensure_spec.rb +1 -1
  325. data/spec/unit/type/file/mode_spec.rb +1 -1
  326. data/spec/unit/type/file/source_spec.rb +0 -1
  327. data/spec/unit/type/file_spec.rb +12 -6
  328. data/spec/unit/type/package_spec.rb +1 -1
  329. data/spec/unit/type_spec.rb +20 -0
  330. data/spec/unit/util/backups_spec.rb +0 -2
  331. data/spec/unit/util/execution_spec.rb +0 -29
  332. data/spec/unit/util/monkey_patches_spec.rb +0 -6
  333. data/spec/unit/util/rubygems_spec.rb +2 -2
  334. data/spec/unit/util/run_mode_spec.rb +21 -121
  335. data/spec/unit/util/windows/string_spec.rb +1 -3
  336. data/spec/unit/util/yaml_spec.rb +0 -54
  337. data/spec/unit/util_spec.rb +0 -18
  338. metadata +50 -176
  339. data/conf/auth.conf +0 -150
  340. data/lib/puppet/application/cert.rb +0 -76
  341. data/lib/puppet/application/key.rb +0 -4
  342. data/lib/puppet/application/man.rb +0 -4
  343. data/lib/puppet/application/status.rb +0 -4
  344. data/lib/puppet/face/key.rb +0 -16
  345. data/lib/puppet/face/man.rb +0 -145
  346. data/lib/puppet/face/module/build.rb +0 -14
  347. data/lib/puppet/face/module/generate.rb +0 -14
  348. data/lib/puppet/face/module/search.rb +0 -103
  349. data/lib/puppet/face/status.rb +0 -51
  350. data/lib/puppet/indirector/certificate/file.rb +0 -9
  351. data/lib/puppet/indirector/certificate/rest.rb +0 -18
  352. data/lib/puppet/indirector/certificate_request/file.rb +0 -9
  353. data/lib/puppet/indirector/certificate_request/memory.rb +0 -7
  354. data/lib/puppet/indirector/certificate_request/rest.rb +0 -11
  355. data/lib/puppet/indirector/file_content/http.rb +0 -22
  356. data/lib/puppet/indirector/key/file.rb +0 -46
  357. data/lib/puppet/indirector/key/memory.rb +0 -7
  358. data/lib/puppet/indirector/ssl_file.rb +0 -162
  359. data/lib/puppet/indirector/status.rb +0 -3
  360. data/lib/puppet/indirector/status/local.rb +0 -12
  361. data/lib/puppet/indirector/status/rest.rb +0 -27
  362. data/lib/puppet/module_tool/applications/searcher.rb +0 -29
  363. data/lib/puppet/network/auth_config_parser.rb +0 -90
  364. data/lib/puppet/network/authstore.rb +0 -283
  365. data/lib/puppet/network/http/api/master/v3/authorization.rb +0 -18
  366. data/lib/puppet/network/http/api/master/v3/environment.rb +0 -88
  367. data/lib/puppet/network/http/base_pool.rb +0 -36
  368. data/lib/puppet/network/http/compression.rb +0 -127
  369. data/lib/puppet/network/http/connection_adapter.rb +0 -184
  370. data/lib/puppet/network/http/nocache_pool.rb +0 -28
  371. data/lib/puppet/network/rest_controller.rb +0 -2
  372. data/lib/puppet/network/rights.rb +0 -210
  373. data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +0 -66
  374. data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +0 -22
  375. data/lib/puppet/parser/environment_compiler.rb +0 -202
  376. data/lib/puppet/pops/types/enumeration.rb +0 -16
  377. data/lib/puppet/resource/capability_finder.rb +0 -154
  378. data/lib/puppet/rest/errors.rb +0 -15
  379. data/lib/puppet/rest/response.rb +0 -35
  380. data/lib/puppet/rest/route.rb +0 -85
  381. data/lib/puppet/rest/routes.rb +0 -135
  382. data/lib/puppet/ssl/host.rb +0 -505
  383. data/lib/puppet/ssl/key.rb +0 -61
  384. data/lib/puppet/ssl/validator.rb +0 -61
  385. data/lib/puppet/ssl/validator/default_validator.rb +0 -209
  386. data/lib/puppet/ssl/validator/no_validator.rb +0 -22
  387. data/lib/puppet/ssl/verifier_adapter.rb +0 -58
  388. data/lib/puppet/status.rb +0 -40
  389. data/lib/puppet/util/connection.rb +0 -88
  390. data/lib/puppet/util/ssl.rb +0 -83
  391. data/lib/puppet/util/windows/api_types.rb +0 -309
  392. data/lib/puppet/util/windows/monkey_patches/dir.rb +0 -40
  393. data/lib/puppet/vendor/load_pathspec.rb +0 -1
  394. data/lib/puppet/vendor/pathspec/CHANGELOG.md +0 -2
  395. data/lib/puppet/vendor/pathspec/LICENSE +0 -201
  396. data/lib/puppet/vendor/pathspec/PUPPET_README.md +0 -6
  397. data/lib/puppet/vendor/pathspec/README.md +0 -53
  398. data/lib/puppet/vendor/pathspec/lib/pathspec.rb +0 -122
  399. data/lib/puppet/vendor/pathspec/lib/pathspec/gitignorespec.rb +0 -275
  400. data/lib/puppet/vendor/pathspec/lib/pathspec/regexspec.rb +0 -17
  401. data/lib/puppet/vendor/pathspec/lib/pathspec/spec.rb +0 -14
  402. data/man/man8/puppet-key.8 +0 -126
  403. data/man/man8/puppet-man.8 +0 -76
  404. data/man/man8/puppet-status.8 +0 -108
  405. data/spec/integration/application/config_spec.rb +0 -74
  406. data/spec/integration/network/authconfig_spec.rb +0 -256
  407. data/spec/integration/util/windows/monkey_patches/dir_spec.rb +0 -11
  408. data/spec/unit/application/man_spec.rb +0 -52
  409. data/spec/unit/capability_spec.rb +0 -414
  410. data/spec/unit/face/catalog_spec.rb +0 -6
  411. data/spec/unit/face/key_spec.rb +0 -9
  412. data/spec/unit/face/module/search_spec.rb +0 -231
  413. data/spec/unit/face/module_spec.rb +0 -3
  414. data/spec/unit/face/status_spec.rb +0 -9
  415. data/spec/unit/indirector/certificate/file_spec.rb +0 -14
  416. data/spec/unit/indirector/certificate/rest_spec.rb +0 -61
  417. data/spec/unit/indirector/certificate_request/file_spec.rb +0 -14
  418. data/spec/unit/indirector/certificate_request/rest_spec.rb +0 -25
  419. data/spec/unit/indirector/key/file_spec.rb +0 -79
  420. data/spec/unit/indirector/ssl_file_spec.rb +0 -305
  421. data/spec/unit/indirector/status/local_spec.rb +0 -10
  422. data/spec/unit/indirector/status/rest_spec.rb +0 -50
  423. data/spec/unit/module_tool/applications/searcher_spec.rb +0 -38
  424. data/spec/unit/network/auth_config_parser_spec.rb +0 -115
  425. data/spec/unit/network/authstore_spec.rb +0 -422
  426. data/spec/unit/network/http/api/master/v3/authorization_spec.rb +0 -57
  427. data/spec/unit/network/http/api/master/v3/environment_spec.rb +0 -185
  428. data/spec/unit/network/http/compression_spec.rb +0 -240
  429. data/spec/unit/network/http/nocache_pool_spec.rb +0 -64
  430. data/spec/unit/network/http_spec.rb +0 -9
  431. data/spec/unit/network/rights_spec.rb +0 -439
  432. data/spec/unit/parser/environment_compiler_spec.rb +0 -730
  433. data/spec/unit/pops/types/enumeration_spec.rb +0 -51
  434. data/spec/unit/resource/capability_finder_spec.rb +0 -143
  435. data/spec/unit/rest/route_spec.rb +0 -132
  436. data/spec/unit/ssl/host_spec.rb +0 -650
  437. data/spec/unit/ssl/key_spec.rb +0 -173
  438. data/spec/unit/ssl/validator_spec.rb +0 -278
  439. data/spec/unit/status_spec.rb +0 -45
  440. data/spec/unit/util/ssl_spec.rb +0 -91
@@ -1,51 +0,0 @@
1
- require 'spec_helper'
2
- require 'puppet/pops'
3
-
4
- module Puppet::Pops::Types
5
- describe 'The enumeration support' do
6
- it 'produces an enumerator for Array' do
7
- expect(Enumeration.enumerator([1,2,3]).respond_to?(:next)).to eql(true)
8
- end
9
-
10
- it 'produces an enumerator for Hash' do
11
- expect(Enumeration.enumerator({:a=>1}).respond_to?(:next)).to eql(true)
12
- end
13
-
14
- it 'produces a char enumerator for String' do
15
- enum = Enumeration.enumerator("abc")
16
- expect(enum.respond_to?(:next)).to eql(true)
17
- expect(enum.next).to eql('a')
18
- end
19
-
20
- it 'produces an enumerator for integer times' do
21
- enum = Enumeration.enumerator(2)
22
- expect(enum.next).to eql(0)
23
- expect(enum.next).to eql(1)
24
- expect{enum.next}.to raise_error(StopIteration)
25
- end
26
-
27
- it 'produces an enumerator for Integer range' do
28
- range = TypeFactory.range(1,2)
29
- enum = Enumeration.enumerator(range)
30
- expect(enum.next).to eql(1)
31
- expect(enum.next).to eql(2)
32
- expect{enum.next}.to raise_error(StopIteration)
33
- end
34
-
35
- it 'does not produce an enumerator for infinite Integer range' do
36
- range = TypeFactory.range(1,:default)
37
- enum = Enumeration.enumerator(range)
38
- expect(enum).to be_nil
39
- range = TypeFactory.range(:default,2)
40
- enum = Enumeration.enumerator(range)
41
- expect(enum).to be_nil
42
- end
43
-
44
- [3.14, /.*/, true, false, nil, :something].each do |x|
45
- it "does not produce an enumerator for object of type #{x.class}" do
46
- enum = Enumeration.enumerator(x)
47
- expect(enum).to be_nil
48
- end
49
- end
50
- end
51
- end
@@ -1,143 +0,0 @@
1
- require 'spec_helper'
2
- require_relative '../pops/parser/parser_rspec_helper'
3
- require 'puppet/resource/capability_finder'
4
-
5
- describe Puppet::Resource::CapabilityFinder do
6
- context 'when PuppetDB is not configured' do
7
- it 'should error' do
8
- expect(Puppet::Util).to receive(:const_defined?).with('Puppetdb').and_return(false)
9
- expect { Puppet::Resource::CapabilityFinder.find('production', nil, nil) }.to raise_error(/PuppetDB is not available/)
10
- end
11
- end
12
-
13
- context 'when PuppetDB is configured' do
14
- before(:each) do
15
- allow_any_instance_of(Puppet::Parser::Compiler).to receive(:loaders).and_return(loaders)
16
- Puppet.push_context({:loaders => loaders, :current_environment => env})
17
- if mock_pdb
18
- module Puppet::Util::Puppetdb
19
- class Http; end
20
- end
21
- end
22
- make_cap_type
23
- end
24
-
25
- after(:each) do
26
- Puppet::Util.send(:remove_const, 'Puppetdb') if mock_pdb
27
- Puppet::Type.rmtype(:cap)
28
- Puppet.pop_context()
29
- end
30
-
31
- let(:mock_pdb) { !Puppet::Util.const_defined?('Puppetdb') }
32
- let(:env) { Puppet::Node::Environment.create(:testing, []) }
33
- let(:loaders) { Puppet::Pops::Loaders.new(env) }
34
-
35
- let(:response_body) { [{"type"=>"Cap", "title"=>"cap", "parameters"=>{"host"=>"ahost"}}] }
36
- let(:response) { double('response', :body => response_body.to_json) }
37
-
38
- def make_cap_type
39
- Puppet::Type.newtype :cap, :is_capability => true do
40
- newparam :name
41
- newparam :host
42
- end
43
- end
44
-
45
- describe "when query_puppetdb method is available" do
46
- it 'should call use the query_puppetdb method if available' do
47
- expect(Puppet::Util::Puppetdb).to receive(:query_puppetdb).and_return(response_body)
48
- expect(Puppet::Util::Puppetdb::Http).not_to receive(:action)
49
-
50
- result = Puppet::Resource::CapabilityFinder.find('production', nil, Puppet::Resource.new('Cap', 'cap'))
51
- expect(result['host']).to eq('ahost')
52
- end
53
- end
54
-
55
- describe "when query_puppetdb method is unavailable" do
56
- before :each do
57
- allow(Puppet::Util::Puppetdb).to receive(:respond_to?).with(:query_puppetdb).and_return(false)
58
- end
59
-
60
- it 'should call Puppet::Util::PuppetDB::Http.action' do
61
- expect(Puppet::Util::Puppetdb::Http).to receive(:action).and_return(response)
62
- result = Puppet::Resource::CapabilityFinder.find('production', nil, Puppet::Resource.new('Cap', 'cap'))
63
- expect(result['host']).to eq('ahost')
64
- end
65
- end
66
-
67
- describe '#find' do
68
- let(:capability) { Puppet::Resource.new('Cap', 'cap') }
69
- let(:code_id) { 'b59e5df0578ef411f773ee6c33d8073c50e7b8fe' }
70
-
71
- it 'should search for the resource without including code_id or environment' do
72
- resources = [{"type"=>"Cap", "title"=>"cap", "parameters"=>{"host"=>"ahost"}}]
73
- allow(Puppet::Resource::CapabilityFinder).to receive(:search).with(nil, nil, capability).and_return(resources)
74
-
75
- result = Puppet::Resource::CapabilityFinder.find('production', code_id, Puppet::Resource.new('Cap', 'cap'))
76
- expect(result['host']).to eq('ahost')
77
- end
78
-
79
- it 'should return nil if no resource is found' do
80
- allow(Puppet::Resource::CapabilityFinder).to receive(:search).with(nil, nil, capability).and_return([])
81
-
82
- result = Puppet::Resource::CapabilityFinder.find('production', code_id, capability)
83
- expect(result).to be_nil
84
- end
85
-
86
- describe 'when multiple results are returned for different environments' do
87
- let(:resources) do
88
- [{"type"=>"Cap", "title"=>"cap", "parameters"=>{"host"=>"ahost"}, "tags"=>["producer:production"]},
89
- {"type"=>"Cap", "title"=>"cap", "parameters"=>{"host"=>"bhost"}, "tags"=>["producer:other_env"]}]
90
- end
91
-
92
- before :each do
93
- allow(Puppet::Resource::CapabilityFinder).to receive(:search).with(nil, nil, capability).and_return(resources)
94
- end
95
-
96
- it 'should return the resource matching environment' do
97
- result = Puppet::Resource::CapabilityFinder.find('production', code_id, capability)
98
- expect(result['host']).to eq('ahost')
99
- end
100
-
101
- it 'should return nil if no resource matches environment' do
102
- result = Puppet::Resource::CapabilityFinder.find('bad_env', code_id, capability)
103
- expect(result).to be_nil
104
- end
105
- end
106
-
107
- describe 'when multiple results are returned for the same environment' do
108
- let(:resources) do
109
- [{"type"=>"Cap", "title"=>"cap", "parameters"=>{"host"=>"ahost"}, "tags"=>["producer:production"]},
110
- {"type"=>"Cap", "title"=>"cap", "parameters"=>{"host"=>"bhost"}, "tags"=>["producer:production"]}]
111
- end
112
-
113
- before :each do
114
- allow(Puppet::Resource::CapabilityFinder).to receive(:search).with(nil, nil, capability).and_return(resources)
115
- end
116
-
117
- it 'should return the resource matching code_id' do
118
- allow(Puppet::Resource::CapabilityFinder).to receive(:search).with('production', code_id, capability).and_return([{"type"=>"Cap", "title"=>"cap", "parameters"=>{"host"=>"chost"}}])
119
-
120
- result = Puppet::Resource::CapabilityFinder.find('production', code_id, capability)
121
- expect(result['host']).to eq('chost')
122
- end
123
-
124
- it 'should fail if no resource matches code_id' do
125
- allow(Puppet::Resource::CapabilityFinder).to receive(:search).with('production', code_id, capability).and_return([])
126
-
127
- expect { Puppet::Resource::CapabilityFinder.find('production', code_id, capability) }.to raise_error(Puppet::Error, /expected exactly one resource but got 2/)
128
- end
129
-
130
- it 'should fail if multiple resources match code_id' do
131
- allow(Puppet::Resource::CapabilityFinder).to receive(:search).with('production', code_id, capability).and_return(resources)
132
-
133
- expect { Puppet::Resource::CapabilityFinder.find('production', code_id, capability) }.to raise_error(Puppet::DevError, /expected exactly one resource but got 2/)
134
- end
135
-
136
- it 'should fail if no code_id was specified' do
137
- allow(Puppet::Resource::CapabilityFinder).to receive(:search).with('production', nil, capability).and_return(resources)
138
- expect { Puppet::Resource::CapabilityFinder.find('production', nil, capability) }.to raise_error(Puppet::DevError, /expected exactly one resource but got 2/)
139
- end
140
- end
141
- end
142
- end
143
- end
@@ -1,132 +0,0 @@
1
- require 'spec_helper'
2
-
3
- require 'puppet/rest/route'
4
-
5
- describe Puppet::Rest::Route do
6
- describe '#with_base_url'do
7
- let(:dns_resolver) { double('dns resolver') }
8
-
9
- context 'when not using SRV records' do
10
- before :each do
11
- Puppet.settings[:use_srv_records] = false
12
- end
13
-
14
- it "yields a base URL with the values from the specified settings" do
15
- Puppet[:ca_server] = 'testserver'
16
- Puppet[:ca_port] = 555
17
- ca_route = Puppet::Rest::Route.new(api: '/fakeapi/v1/',
18
- server_setting: :ca_server,
19
- port_setting: :ca_port,
20
- srv_service: :test_service)
21
- count = 0
22
- rval = ca_route.with_base_url(dns_resolver) do |url|
23
- count += 1
24
- expect(url.to_s).to eq('https://testserver:555/fakeapi/v1/')
25
- 'Block return value'
26
- end
27
- expect(count).to eq(1)
28
- expect(rval).to eq('Block return value')
29
- end
30
-
31
- it "yields a base URL with Puppet's configured server and port when no defaults are specified" do
32
- Puppet[:server] = 'configured.net'
33
- Puppet[:serverport] = 8140
34
- fallback_route = Puppet::Rest::Route.new(api: '/fakeapi/v1/')
35
- count = 0
36
- rval = fallback_route.with_base_url(dns_resolver) do |url|
37
- count += 1
38
- expect(url.to_s).to eq('https://configured.net:8140/fakeapi/v1/')
39
- 'Block return value'
40
- end
41
- expect(count).to eq(1)
42
- expect(rval).to eq('Block return value')
43
- end
44
-
45
- it 'yields the first entry in the server list when server_list is in use' do
46
- Puppet[:server_list] = [['one.net', 111], ['two.net', 222]]
47
- fallback_route = Puppet::Rest::Route.new(api: '/fakeapi/v1/')
48
- count = 0
49
- rval = fallback_route.with_base_url(dns_resolver) do |url|
50
- count += 1
51
- expect(url.to_s).to eq('https://one.net:111/fakeapi/v1/')
52
- 'Block return value'
53
- end
54
- expect(count).to eq(1)
55
- expect(rval).to eq('Block return value')
56
- end
57
-
58
- it 'falls back to :server and :serverport if nil is passed' do
59
- Puppet[:server] = 'one.net'
60
- Puppet[:serverport] = 111
61
- nil_route = Puppet::Rest::Route.new(api: '/fakeapi/v1/',
62
- server_setting: nil,
63
- port_setting: nil)
64
- count = 0
65
- rval = nil_route.with_base_url(dns_resolver) do |url|
66
- count += 1
67
- expect(url.to_s).to eq('https://one.net:111/fakeapi/v1/')
68
- 'Block return value'
69
- end
70
- expect(count).to eq(1)
71
- expect(rval).to eq('Block return value')
72
- end
73
- end
74
-
75
- context 'when using SRV records' do
76
- context "when SRV returns servers" do
77
- let(:route) { Puppet::Rest::Route.new(api: '/fakeapi/v1/',
78
- srv_service: :test_service) }
79
-
80
- before :each do
81
- Puppet.settings[:use_srv_records] = true
82
- Puppet.settings[:srv_domain] = 'example.com'
83
-
84
- @dns_mock = double('dns')
85
- expect(Resolv::DNS).to receive(:new).and_return(@dns_mock)
86
-
87
- @port = 7502
88
- @target = 'example.com'
89
- record = Resolv::DNS::Resource::IN::SRV.new(0, 0, @port, @target)
90
- record.instance_variable_set(:@ttl, 10)
91
- @srv_records = [record]
92
-
93
- expect(@dns_mock).to receive(:getresources).
94
- with("_x-puppet-test_service._tcp.example.com", Resolv::DNS::Resource::IN::SRV).
95
- and_return(@srv_records)
96
- end
97
-
98
- it "yields a URL using the server and port from the SRV record" do
99
- count = 0
100
- rval = route.with_base_url(Puppet::Network::Resolver.new) do |url|
101
- count += 1
102
- expect(url.to_s).to eq('https://example.com:7502/fakeapi/v1/')
103
- 'Block return value'
104
- end
105
- expect(count).to eq(1)
106
-
107
- expect(rval).to eq('Block return value')
108
- end
109
-
110
- it "should fall back to the default server when the block raises a SystemCallError" do
111
- Puppet[:server] = "testserver"
112
- Puppet[:serverport] = 555
113
-
114
- count = 0
115
- rval = route.with_base_url(Puppet::Network::Resolver.new) do |url|
116
- count += 1
117
- if url.to_s =~ /example.com/ then
118
- raise SystemCallError, "example failure"
119
- else
120
- expect(url.to_s).to eq('https://testserver:555/fakeapi/v1/')
121
- end
122
-
123
- 'Block return value'
124
- end
125
-
126
- expect(count).to eq(2)
127
- expect(rval).to eq('Block return value')
128
- end
129
- end
130
- end
131
- end
132
- end
@@ -1,650 +0,0 @@
1
- require 'spec_helper'
2
- require 'puppet/test_ca'
3
-
4
- require 'puppet/ssl/host'
5
- require 'matchers/json'
6
- require 'puppet_spec/ssl'
7
- require 'puppet/rest/routes'
8
-
9
- def base_json_comparison(result, json_hash)
10
- expect(result["fingerprint"]).to eq(json_hash["fingerprint"])
11
- expect(result["name"]).to eq(json_hash["name"])
12
- expect(result["state"]).to eq(json_hash["desired_state"])
13
- end
14
-
15
- describe Puppet::SSL::Host, if: !Puppet::Util::Platform.jruby? do
16
- include JSONMatchers
17
- include PuppetSpec::Files
18
-
19
- before do
20
- # Get a safe temporary file
21
- dir = tmpdir("ssl_host_testing")
22
- Puppet.settings[:confdir] = dir
23
- Puppet.settings[:vardir] = dir
24
- Puppet.settings.use :main, :ssl
25
-
26
- @host = Puppet::SSL::Host.new("myname")
27
- end
28
-
29
- after do
30
- # Cleaned out any cached localhost instance.
31
- Puppet::SSL::Host.reset
32
- end
33
-
34
- it "should use any provided name as its name" do
35
- expect(@host.name).to eq("myname")
36
- end
37
-
38
- it "should retrieve its public key from its private key" do
39
- realkey = double('realkey')
40
- key = double('key', :content => realkey)
41
- allow(Puppet::SSL::Key.indirection).to receive(:find).and_return(key)
42
- pubkey = double('public_key')
43
- expect(realkey).to receive(:public_key).and_return(pubkey)
44
-
45
- expect(@host.public_key).to equal(pubkey)
46
- end
47
-
48
- describe 'localhost' do
49
- before(:each) do
50
- allow_any_instance_of(Puppet::SSL::Host).to receive(:certificate).and_return(nil)
51
- allow_any_instance_of(Puppet::SSL::Host).to receive(:generate)
52
- end
53
-
54
- it "is deprecated" do
55
- Puppet::SSL::Host.localhost
56
-
57
- expect(@logs).to include(an_object_having_attributes(message: /Puppet::SSL::Host is deprecated/))
58
- end
59
-
60
- it "should allow to reset localhost" do
61
- previous_host = Puppet::SSL::Host.localhost
62
- Puppet::SSL::Host.reset
63
- expect(Puppet::SSL::Host.localhost).not_to eq(previous_host)
64
- end
65
-
66
- it "should generate the certificate for the localhost instance if no certificate is available" do
67
- host = double('host', :key => nil)
68
- expect(Puppet::SSL::Host).to receive(:new).and_return(host)
69
-
70
- expect(host).to receive(:certificate).and_return(nil)
71
- expect(host).to receive(:generate)
72
-
73
- expect(Puppet::SSL::Host.localhost).to equal(host)
74
- end
75
-
76
- it "should always read the key for the localhost instance in from disk" do
77
- host = double('host', :certificate => "eh")
78
- expect(host).to receive(:key)
79
- expect(Puppet::SSL::Host).to receive(:new).and_return(host)
80
-
81
- Puppet::SSL::Host.localhost
82
- end
83
-
84
- it "should cache the localhost instance" do
85
- host = double('host', :certificate => "eh", :key => 'foo')
86
- expect(Puppet::SSL::Host).to receive(:new).once.and_return(host)
87
- expect(Puppet::SSL::Host.localhost).to eq(Puppet::SSL::Host.localhost)
88
- end
89
- end
90
-
91
- context "with dns_alt_names" do
92
- before :each do
93
- @key = double('key content')
94
- key = double('key', :generate => true, :content => @key)
95
- allow(Puppet::SSL::Key).to receive(:new).and_return(key)
96
- allow(Puppet::SSL::Key.indirection).to receive(:save).with(key)
97
-
98
- @cr = double('certificate request', :render => "csr pem")
99
- allow(Puppet::SSL::CertificateRequest).to receive(:new).and_return(@cr)
100
- allow_any_instance_of(Puppet::SSL::Host).to receive(:submit_certificate_request)
101
- end
102
-
103
- describe "explicitly specified" do
104
- before :each do
105
- Puppet[:dns_alt_names] = 'one, two'
106
- end
107
-
108
- it "should not include subjectAltName if not the local node" do
109
- expect(@cr).to receive(:generate).with(@key, {})
110
-
111
- Puppet::SSL::Host.new('not-the-' + Puppet[:certname]).generate_certificate_request
112
- end
113
-
114
- it "should include subjectAltName if the local node" do
115
- expect(@cr).to receive(:generate).with(@key, { :dns_alt_names => 'one, two' })
116
-
117
- Puppet::SSL::Host.new(Puppet[:certname]).generate_certificate_request
118
- end
119
- end
120
- end
121
-
122
- it "should be able to verify its certificate matches its key" do
123
- expect(Puppet::SSL::Host.new("foo")).to respond_to(:validate_certificate_with_key)
124
- end
125
-
126
- it "should consider the certificate invalid if it cannot find a key" do
127
- host = Puppet::SSL::Host.new("foo")
128
- certificate = double('cert', :fingerprint => 'DEADBEEF')
129
- expect(host).to receive(:key).and_return(nil)
130
- expect { host.validate_certificate_with_key(certificate) }.to raise_error(Puppet::Error, "No private key with which to validate certificate with fingerprint: DEADBEEF")
131
- end
132
-
133
- it "should consider the certificate invalid if it cannot find a certificate" do
134
- host = Puppet::SSL::Host.new("foo")
135
- expect(host).not_to receive(:key)
136
- expect { host.validate_certificate_with_key(nil) }.to raise_error(Puppet::Error, "No certificate to validate.")
137
- end
138
-
139
- it "should consider the certificate invalid if the SSL certificate's key verification fails" do
140
- host = Puppet::SSL::Host.new("foo")
141
- key = double('key', :content => "private_key")
142
- sslcert = double('sslcert')
143
- certificate = double('cert', {:content => sslcert, :fingerprint => 'DEADBEEF'})
144
- allow(host).to receive(:key).and_return(key)
145
- expect(sslcert).to receive(:check_private_key).with("private_key").and_return(false)
146
- expect { host.validate_certificate_with_key(certificate) }.to raise_error(Puppet::Error, /DEADBEEF/)
147
- end
148
-
149
- it "should consider the certificate valid if the SSL certificate's key verification succeeds" do
150
- host = Puppet::SSL::Host.new("foo")
151
- key = double('key', :content => "private_key")
152
- sslcert = double('sslcert')
153
- certificate = double('cert', :content => sslcert)
154
- allow(host).to receive(:key).and_return(key)
155
- expect(sslcert).to receive(:check_private_key).with("private_key").and_return(true)
156
- expect{ host.validate_certificate_with_key(certificate) }.not_to raise_error
157
- end
158
-
159
- it "should output agent-specific commands when validation fails" do
160
- host = Puppet::SSL::Host.new("foo")
161
- key = double('key', :content => "private_key")
162
- sslcert = double('sslcert')
163
- certificate = double('cert', {:content => sslcert, :fingerprint => 'DEADBEEF'})
164
- allow(host).to receive(:key).and_return(key)
165
- expect(sslcert).to receive(:check_private_key).with("private_key").and_return(false)
166
- expect { host.validate_certificate_with_key(certificate) }.to raise_error(Puppet::Error, /puppet ssl clean \n/)
167
- end
168
-
169
- it "should output device-specific commands when validation fails" do
170
- Puppet[:certname] = "device.example.com"
171
- host = Puppet::SSL::Host.new("device.example.com", true)
172
- key = double('key', :content => "private_key")
173
- sslcert = double('sslcert')
174
- certificate = double('cert', {:content => sslcert, :fingerprint => 'DEADBEEF'})
175
- allow(host).to receive(:key).and_return(key)
176
- expect(sslcert).to receive(:check_private_key).with("private_key").and_return(false)
177
- expect { host.validate_certificate_with_key(certificate) }.to raise_error(Puppet::Error, /puppet ssl clean --target device.example.com/)
178
- end
179
-
180
- describe "when initializing" do
181
- it "should default its name to the :certname setting" do
182
- Puppet[:certname] = "myname"
183
-
184
- expect(Puppet::SSL::Host.new.name).to eq("myname")
185
- end
186
-
187
- it "should downcase a passed in name" do
188
- expect(Puppet::SSL::Host.new("Host.Domain.Com").name).to eq("host.domain.com")
189
- end
190
- end
191
-
192
- describe "when managing its private key" do
193
- before do
194
- @realkey = "mykey"
195
- @key = Puppet::SSL::Key.new("mykey")
196
- @key.content = @realkey
197
- end
198
-
199
- it "should return nil if the key is not set and cannot be found" do
200
- expect(Puppet::SSL::Key.indirection).to receive(:find).with("myname").and_return(nil)
201
- expect(@host.key).to be_nil
202
- end
203
-
204
- it "should find the key in the Key class and return the Puppet instance" do
205
- expect(Puppet::SSL::Key.indirection).to receive(:find).with("myname").and_return(@key)
206
- expect(@host.key).to equal(@key)
207
- end
208
-
209
- it "should be able to generate and save a new key" do
210
- expect(Puppet::SSL::Key).to receive(:new).with("myname").and_return(@key)
211
-
212
- expect(@key).to receive(:generate)
213
- expect(Puppet::SSL::Key.indirection).to receive(:save)
214
-
215
- expect(@host.generate_key).to be_truthy
216
- expect(@host.key).to equal(@key)
217
- end
218
-
219
- it "should not retain keys that could not be saved" do
220
- expect(Puppet::SSL::Key).to receive(:new).with("myname").and_return(@key)
221
-
222
- expect(@key).to receive(:generate)
223
- expect(Puppet::SSL::Key.indirection).to receive(:save).and_raise("eh")
224
-
225
- expect { @host.generate_key }.to raise_error(RuntimeError)
226
- expect(@host.key).to be_nil
227
- end
228
-
229
- it "should return any previously found key without requerying" do
230
- expect(Puppet::SSL::Key.indirection).to receive(:find).with("myname").and_return(@key).once
231
- expect(@host.key).to equal(@key)
232
- expect(@host.key).to equal(@key)
233
- end
234
- end
235
-
236
- describe "when managing its certificate request" do
237
- before(:all) do
238
- @pki = PuppetSpec::SSL.create_chained_pki
239
- end
240
-
241
- before(:each) do
242
- Puppet[:requestdir] = tmpdir('requests')
243
- end
244
-
245
- let(:key) { Puppet::SSL::Key.from_s(@pki[:leaf_key].to_s, @host.name) }
246
-
247
- it "should generate a new key when generating the cert request if no key exists" do
248
- expect(@host).to receive(:key).exactly(2).times.and_return(nil, key)
249
- expect(@host).to receive(:generate_key).and_return(key)
250
-
251
- allow(@host).to receive(:submit_certificate_request)
252
-
253
- @host.generate_certificate_request
254
- expect(Puppet::FileSystem.exist?(File.join(Puppet[:requestdir], "#{@host.name}.pem"))).to be true
255
- end
256
-
257
- it "should be able to generate and save a new request using the private key" do
258
- allow(@host).to receive(:key).and_return(key)
259
- allow(@host).to receive(:submit_certificate_request)
260
-
261
- expect(@host.generate_certificate_request).to be_truthy
262
- expect(Puppet::FileSystem.exist?(File.join(Puppet[:requestdir], "#{@host.name}.pem"))).to be true
263
- end
264
-
265
- it "should send a new request to the CA for signing" do
266
- @http = double("http")
267
- allow(@host).to receive(:http_client).and_return(@http)
268
- allow(@host).to receive(:ssl_store).and_return(double("ssl store"))
269
- allow(@host).to receive(:key).and_return(key)
270
- request = double("request")
271
- allow(request).to receive(:generate)
272
- expect(request).to receive(:render).and_return("my request").twice
273
- expect(Puppet::SSL::CertificateRequest).to receive(:new).and_return(request)
274
-
275
- expect(Puppet::Rest::Routes).to receive(:put_certificate_request)
276
- .with("my request", @host.name, anything)
277
- .and_return(nil)
278
-
279
- expect(@host.generate_certificate_request).to be true
280
- end
281
-
282
- it "should return any previously found request without requerying" do
283
- request = double("request")
284
- expect(@host).to receive(:load_certificate_request_from_file).and_return(request).once
285
-
286
- expect(@host.certificate_request).to equal(request)
287
- expect(@host.certificate_request).to equal(request)
288
- end
289
-
290
- it "should not keep its certificate request in memory if the request cannot be saved" do
291
- allow(@host).to receive(:key).and_return(key)
292
- allow(@host).to receive(:submit_certificate_request)
293
- expect(Puppet::Util).to receive(:replace_file).and_raise(RuntimeError)
294
-
295
- expect { @host.generate_certificate_request }.to raise_error(RuntimeError)
296
-
297
- expect(@host.instance_eval { @certificate_request }).to be_nil
298
- end
299
- end
300
-
301
- describe "when managing its certificate" do
302
- before(:all) do
303
- @pki = PuppetSpec::SSL.create_chained_pki
304
- end
305
-
306
- before(:each) do
307
- Puppet[:certdir] = tmpdir('certs')
308
- allow(@host).to receive(:key).and_return(double("key"))
309
- allow(@host).to receive(:validate_certificate_with_key)
310
- allow(@host).to receive(:http_client).and_return(@http)
311
- allow(@host).to receive(:ssl_store).and_return(double("ssl store"))
312
- end
313
-
314
- let(:ca_cert_response) { @pki[:ca_bundle] }
315
- let(:crl_response) { @pki[:crl_chain] }
316
- let(:host_cert_response) { @pki[:unrevoked_leaf_node_cert] }
317
-
318
- it "should find the CA certificate and save it to disk" do
319
- stub_request(:get, %r{puppet-ca/v1/certificate/ca}).to_return(status: 200, body: ca_cert_response)
320
- stub_request(:get, %r{puppet-ca/v1/certificate_revocation_list/ca}).to_return(status: 200, body: crl_response)
321
- stub_request(:get, %r{puppet-ca/v1/certificate/#{@host.name}}).to_return(status: 404)
322
-
323
- @host.certificate
324
- actual_ca_bundle = Puppet::FileSystem.read(Puppet[:localcacert])
325
- expect(actual_ca_bundle).to match(/BEGIN CERTIFICATE.*END CERTIFICATE.*BEGIN CERTIFICATE/m)
326
- end
327
-
328
- it "should raise if it cannot find a CA certificate" do
329
- stub_request(:get, %r{puppet-ca/v1/certificate/ca}).to_return(status: 404)
330
-
331
- expect(@host).not_to receive(:get_host_certificate)
332
-
333
- expect {
334
- @host.certificate
335
- }.to raise_error(Puppet::Error, /CA certificate is missing from the server/)
336
- end
337
-
338
- it "should find the key if it does not have one" do
339
- stub_request(:get, %r{puppet-ca/v1/certificate/ca}).to_return(status: 200, body: ca_cert_response)
340
- stub_request(:get, %r{puppet-ca/v1/certificate_revocation_list/ca}).to_return(status: 200, body: crl_response)
341
-
342
- expect(@host).to receive(:get_host_certificate).and_return(nil)
343
- expect(@host).to receive(:key).and_return(double("key"))
344
- @host.certificate
345
- end
346
-
347
- it "should generate the key if one cannot be found" do
348
- stub_request(:get, %r{puppet-ca/v1/certificate/ca}).to_return(status: 200, body: ca_cert_response)
349
- stub_request(:get, %r{puppet-ca/v1/certificate_revocation_list/ca}).to_return(status: 200, body: crl_response)
350
-
351
- expect(@host).to receive(:get_host_certificate).and_return(nil)
352
- expect(@host).to receive(:key).and_return(nil)
353
- expect(@host).to receive(:generate_key)
354
- @host.certificate
355
- end
356
-
357
- it "should find the host certificate, write it to file, and return the Puppet certificate instance" do
358
- stub_request(:get, %r{puppet-ca/v1/certificate/ca}).to_return(status: 200, body: ca_cert_response)
359
- stub_request(:get, %r{puppet-ca/v1/certificate_revocation_list/ca}).to_return(status: 200, body: crl_response)
360
- stub_request(:get, %r{puppet-ca/v1/certificate/#{@host.name}}).to_return(status: 200, body: host_cert_response.to_pem)
361
-
362
- expected_cert = Puppet::SSL::Certificate.from_s(@pki[:unrevoked_leaf_node_cert])
363
- actual_cert = @host.certificate
364
- expect(actual_cert).to be_a(Puppet::SSL::Certificate)
365
- expect(actual_cert.to_s).to eq(expected_cert.to_s)
366
- host_cert_from_file = Puppet::FileSystem.read(File.join(Puppet[:certdir], "#{@host.name}.pem"))
367
- expect(host_cert_from_file).to eq(expected_cert.to_s)
368
- end
369
-
370
- it "should return any previously found certificate" do
371
- cert = double('cert')
372
- stub_request(:get, %r{puppet-ca/v1/certificate/ca}).to_return(status: 200, body: ca_cert_response)
373
- stub_request(:get, %r{puppet-ca/v1/certificate_revocation_list/ca}).to_return(status: 200, body: crl_response)
374
- expect(@host).to receive(:get_host_certificate).and_return(cert).once
375
-
376
- expect(@host.certificate).to equal(cert)
377
- expect(@host.certificate).to equal(cert)
378
- end
379
-
380
- context 'invalid certificates' do
381
- it "should raise if the CA certificate downloaded from CA is invalid" do
382
- stub_request(:get, %r{puppet-ca/v1/certificate/ca}).to_return(status: 200, body: 'garbage')
383
-
384
- expect { @host.certificate }.to raise_error(OpenSSL::X509::CertificateError, /Failed to parse CA certificates as PEM/)
385
- end
386
-
387
- it "should warn if the host certificate downloaded from CA is invalid" do
388
- stub_request(:get, %r{puppet-ca/v1/certificate/ca}).to_return(status: 200, body: ca_cert_response)
389
- stub_request(:get, %r{puppet-ca/v1/certificate_revocation_list/ca}).to_return(status: 200, body: crl_response)
390
- stub_request(:get, %r{puppet-ca/v1/certificate/#{@host.name}}).to_return(status: 200, body: 'garbage')
391
-
392
- expect { @host.certificate }.to raise_error(Puppet::Error, /did not contain a valid certificate for #{@host.name}/)
393
- end
394
-
395
- it 'should warn if the CA certificate loaded from disk is invalid' do
396
- Puppet::FileSystem.open(Puppet[:localcacert], nil, "w:ASCII") do |f|
397
- f.puts 'garbage'
398
- end
399
- expect { @host.certificate }.to raise_error(OpenSSL::X509::CertificateError, /Failed to parse CA certificates as PEM/)
400
- end
401
-
402
- it 'should warn if the host certificate loaded from disk in invalid' do
403
- stub_request(:get, %r{puppet-ca/v1/certificate/ca}).to_return(status: 200, body: ca_cert_response)
404
- stub_request(:get, %r{puppet-ca/v1/certificate_revocation_list/ca}).to_return(status: 200, body: crl_response)
405
-
406
- Puppet::FileSystem.open(File.join(Puppet[:certdir], "#{@host.name}.pem"), nil, "w:ASCII") do |f|
407
- f.puts 'garbage'
408
- end
409
- expect { @host.certificate }.to raise_error(Puppet::Error, /The certificate.*invalid/)
410
- end
411
- end
412
- end
413
-
414
- it "should have a method for generating all necessary files" do
415
- expect(Puppet::SSL::Host.new("me")).to respond_to(:generate)
416
- end
417
-
418
- describe "when generating files" do
419
- before do
420
- @host = Puppet::SSL::Host.new("me")
421
- allow(@host).to receive(:generate_key)
422
- allow(@host).to receive(:generate_certificate_request)
423
- allow(@host).to receive(:certificate_request)
424
- allow(@host).to receive(:certificate)
425
- end
426
-
427
- it "should generate a key if one is not present" do
428
- allow(@host).to receive(:key).and_return nil
429
- expect(@host).to receive(:generate_key)
430
-
431
- @host.generate
432
- end
433
-
434
- it "should generate a certificate request if one is not present" do
435
- expect(@host).to receive(:certificate_request).and_return nil
436
- expect(@host).to receive(:generate_certificate_request)
437
-
438
- @host.generate
439
- end
440
- end
441
-
442
- it "should have a method for creating an SSL store" do
443
- expect(Puppet::SSL::Host.new("me")).to respond_to(:ssl_store)
444
- end
445
-
446
- describe "when creating an SSL store" do
447
- before do
448
- Puppet[:localcacert] = "ssl_host_testing"
449
- end
450
-
451
- it "should accept a purpose" do
452
- store = double('store', :add_file => nil)
453
- expect(OpenSSL::X509::Store).to receive(:new).and_return(store)
454
- expect(store).to receive(:purpose=).with(OpenSSL::X509::PURPOSE_SSL_SERVER)
455
- host = Puppet::SSL::Host.new("me")
456
- host.crl_usage = false
457
-
458
- host.ssl_store(OpenSSL::X509::PURPOSE_SSL_SERVER)
459
- end
460
-
461
- context "and the CRL is not on disk" do
462
- before do
463
- @pki = PuppetSpec::SSL.create_chained_pki
464
- @revoked_cert = @pki[:revoked_root_node_cert]
465
- localcacert = Puppet.settings[:localcacert]
466
- Puppet::Util.replace_file(localcacert, 0644) {|f| f.write @pki[:ca_bundle] }
467
- @http = double('http')
468
- allow(@host).to receive(:http_client).and_return(@http)
469
- end
470
-
471
- after do
472
- Puppet::FileSystem.unlink(Puppet.settings[:localcacert])
473
- Puppet::FileSystem.unlink(Puppet.settings[:hostcrl])
474
- end
475
-
476
- it "retrieves it from the server" do
477
- expect(Puppet::Rest::Routes).to receive(:get_crls)
478
- .with(Puppet::SSL::CA_NAME, anything)
479
- .and_return(@pki[:crl_chain])
480
-
481
- @host.ssl_store
482
- expect(Puppet::FileSystem.read(Puppet.settings[:hostcrl], :encoding => Encoding::UTF_8)).to eq(@pki[:crl_chain])
483
- end
484
- end
485
-
486
- describe "and a CRL is available" do
487
- before do
488
- pki = PuppetSpec::SSL.create_chained_pki
489
-
490
- @revoked_cert_from_self_signed_root = pki[:revoked_root_node_cert]
491
- @revoked_cert_from_ca_with_untrusted_chain = pki[:revoked_leaf_node_cert]
492
- @unrevoked_cert_from_self_signed_root = pki[:unrevoked_root_node_cert]
493
- @unrevoked_cert_from_revoked_ca = pki[:unrevoked_int_node_cert]
494
- @unrevoked_cert_from_ca_with_untrusted_chain = pki[:unrevoked_leaf_node_cert]
495
-
496
- localcacert = Puppet.settings[:localcacert]
497
- hostcrl = Puppet.settings[:hostcrl]
498
-
499
- Puppet::Util.replace_file(localcacert, 0644) {|f| f.write pki[:ca_bundle] }
500
- Puppet::Util.replace_file(hostcrl, 0644) {|f| f.write pki[:crl_chain] }
501
- end
502
-
503
- after do
504
- Puppet::FileSystem.unlink(Puppet.settings[:localcacert])
505
- Puppet::FileSystem.unlink(Puppet.settings[:hostcrl])
506
- end
507
-
508
- [true, :chain].each do |crl_setting|
509
- describe "and 'certificate_revocation' is #{crl_setting}" do
510
- before do
511
- @host = Puppet::SSL::Host.new(crl_setting.to_s)
512
- @host.crl_usage = crl_setting
513
- end
514
-
515
- it "should verify unrevoked certs" do
516
- expect(
517
- @host.ssl_store.verify(@unrevoked_cert_from_self_signed_root)
518
- ).to be true
519
- end
520
-
521
- it "should not verify revoked certs" do
522
- [@revoked_cert_from_self_signed_root,
523
- @revoked_cert_from_ca_with_untrusted_chain,
524
- @unrevoked_cert_from_revoked_ca,
525
- @unrevoked_cert_from_ca_with_untrusted_chain].each do |cert|
526
- expect(@host.ssl_store.verify(cert)).to be false
527
- end
528
- end
529
- end
530
- end
531
-
532
- describe "and 'certificate_revocation' is leaf" do
533
- before do
534
- @host = Puppet::SSL::Host.new("leaf")
535
- @host.crl_usage = :leaf
536
- end
537
-
538
- it "should verify unrevoked certs regardless of signing CA's revocation status" do
539
- [@unrevoked_cert_from_self_signed_root,
540
- @unrevoked_cert_from_revoked_ca,
541
- @unrevoked_cert_from_ca_with_untrusted_chain].each do |cert|
542
- expect(@host.ssl_store.verify(cert)).to be true
543
- end
544
- end
545
-
546
- it "should not verify certs revoked by their signing CA" do
547
- [@revoked_cert_from_self_signed_root,
548
- @revoked_cert_from_ca_with_untrusted_chain].each do |cert|
549
- expect(@host.ssl_store.verify(cert)).to be false
550
- end
551
- end
552
- end
553
-
554
- describe "and 'certificate_revocation' is false" do
555
- before do
556
- @host = Puppet::SSL::Host.new("host")
557
- @host.crl_usage = false
558
- end
559
-
560
- it "should verify valid certs regardless of revocation status" do
561
- [@revoked_cert_from_self_signed_root,
562
- @revoked_cert_from_ca_with_untrusted_chain,
563
- @unrevoked_cert_from_self_signed_root,
564
- @unrevoked_cert_from_revoked_ca,
565
- @unrevoked_cert_from_ca_with_untrusted_chain].each do |cert|
566
- expect(@host.ssl_store.verify(cert)).to be true
567
- end
568
- end
569
- end
570
- end
571
- end
572
-
573
- describe "when waiting for a cert" do
574
- before do
575
- @host = Puppet::SSL::Host.new("me")
576
- end
577
-
578
- it "should generate its certificate request and attempt to read the certificate again if no certificate is found" do
579
- expect(@host).to receive(:certificate).twice.and_return(nil, "foo")
580
- expect(@host).to receive(:generate)
581
- @host.wait_for_cert(1)
582
- end
583
-
584
- it "should catch and log errors during CSR saving" do
585
- expect(@host).to receive(:certificate).twice.and_return(nil, "foo")
586
- times_generate_called = 0
587
- expect(@host).to receive(:generate) do
588
- times_generate_called += 1
589
- raise RuntimeError if times_generate_called == 1
590
- nil
591
- end
592
- allow(@host).to receive(:sleep)
593
- @host.wait_for_cert(1)
594
- end
595
-
596
- it "should sleep and retry after failures saving the CSR if waitforcert is enabled" do
597
- expect(@host).to receive(:certificate).twice.and_return(nil, "foo")
598
- times_generate_called = 0
599
- expect(@host).to receive(:generate) do
600
- times_generate_called += 1
601
- raise RuntimeError if times_generate_called == 1
602
- nil
603
- end
604
- expect(@host).to receive(:sleep).with(1)
605
- @host.wait_for_cert(1)
606
- end
607
-
608
- it "should exit after failures saving the CSR of waitforcert is disabled" do
609
- expect(@host).to receive(:certificate).and_return(nil)
610
- expect(@host).to receive(:generate).and_raise(RuntimeError)
611
- expect(@host).to receive(:puts)
612
- expect { @host.wait_for_cert(0) }.to exit_with 1
613
- end
614
-
615
- it "should exit if the wait time is 0 and it can neither find nor retrieve a certificate" do
616
- allow(@host).to receive(:certificate).and_return(nil)
617
- expect(@host).to receive(:generate)
618
- expect(@host).to receive(:puts)
619
- expect { @host.wait_for_cert(0) }.to exit_with 1
620
- end
621
-
622
- it "should sleep for the specified amount of time if no certificate is found after generating its certificate request" do
623
- expect(@host).to receive(:certificate).exactly(3).times().and_return(nil, nil, "foo")
624
- expect(@host).to receive(:generate)
625
-
626
- expect(@host).to receive(:sleep).with(1)
627
-
628
- @host.wait_for_cert(1)
629
- end
630
-
631
- it "should catch and log exceptions during certificate retrieval" do
632
- times_certificate_called = 0
633
- expect(@host).to receive(:certificate) do
634
- times_certificate_called += 1
635
- if times_certificate_called == 1
636
- return nil
637
- elsif times_certificate_called == 2
638
- raise RuntimeError
639
- end
640
- "foo"
641
- end.exactly(3).times()
642
- allow(@host).to receive(:generate)
643
- allow(@host).to receive(:sleep)
644
-
645
- expect(Puppet).to receive(:log_exception).at_least(:once)
646
-
647
- @host.wait_for_cert(1)
648
- end
649
- end
650
- end