puppet 6.19.1-x64-mingw32 → 7.0.0-x64-mingw32
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Gemfile +1 -1
- data/Gemfile.lock +19 -20
- data/README.md +1 -1
- data/conf/fileserver.conf +5 -10
- data/ext/build_defaults.yaml +1 -1
- data/ext/osx/file_mapping.yaml +0 -5
- data/ext/project_data.yaml +1 -14
- data/ext/redhat/puppet.spec.erb +0 -1
- data/ext/windows/service/daemon.rb +6 -5
- data/install.rb +21 -17
- data/lib/puppet.rb +11 -20
- data/lib/puppet/application.rb +172 -98
- data/lib/puppet/application/device.rb +100 -104
- data/lib/puppet/application/filebucket.rb +15 -11
- data/lib/puppet/application/ssl.rb +1 -1
- data/lib/puppet/configurer.rb +28 -33
- data/lib/puppet/configurer/plugin_handler.rb +21 -19
- data/lib/puppet/defaults.rb +95 -159
- data/lib/puppet/environments.rb +10 -25
- data/lib/puppet/face/config.rb +10 -0
- data/lib/puppet/face/epp.rb +12 -2
- data/lib/puppet/face/facts.rb +66 -6
- data/lib/puppet/face/help.rb +1 -1
- data/lib/puppet/face/plugin.rb +5 -8
- data/lib/puppet/ffi/windows.rb +12 -0
- data/lib/puppet/ffi/windows/api_types.rb +311 -0
- data/lib/puppet/ffi/windows/constants.rb +404 -0
- data/lib/puppet/ffi/windows/functions.rb +628 -0
- data/lib/puppet/ffi/windows/structs.rb +338 -0
- data/lib/puppet/file_serving/configuration.rb +0 -5
- data/lib/puppet/file_serving/configuration/parser.rb +3 -32
- data/lib/puppet/file_serving/http_metadata.rb +1 -1
- data/lib/puppet/file_serving/mount.rb +1 -2
- data/lib/puppet/forge/repository.rb +0 -1
- data/lib/puppet/functions/epp.rb +1 -0
- data/lib/puppet/functions/inline_epp.rb +1 -0
- data/lib/puppet/generate/models/type/type.rb +4 -1
- data/lib/puppet/http.rb +22 -13
- data/lib/puppet/http/client.rb +164 -114
- data/lib/puppet/{network/resolver.rb → http/dns.rb} +2 -2
- data/lib/puppet/http/errors.rb +16 -0
- data/lib/puppet/http/external_client.rb +5 -7
- data/lib/puppet/{network/http → http}/factory.rb +8 -11
- data/lib/puppet/{network/http → http}/pool.rb +61 -26
- data/lib/puppet/{network/http/session.rb → http/pool_entry.rb} +2 -3
- data/lib/puppet/http/proxy.rb +137 -0
- data/lib/puppet/http/redirector.rb +4 -12
- data/lib/puppet/http/resolver.rb +5 -15
- data/lib/puppet/http/resolver/server_list.rb +6 -10
- data/lib/puppet/http/resolver/settings.rb +4 -7
- data/lib/puppet/http/resolver/srv.rb +7 -11
- data/lib/puppet/http/response.rb +36 -54
- data/lib/puppet/http/response_converter.rb +24 -0
- data/lib/puppet/http/response_net_http.rb +42 -0
- data/lib/puppet/http/retry_after_handler.rb +4 -13
- data/lib/puppet/http/service.rb +12 -26
- data/lib/puppet/http/service/ca.rb +11 -22
- data/lib/puppet/http/service/compiler.rb +22 -69
- data/lib/puppet/http/service/file_server.rb +18 -27
- data/lib/puppet/http/service/puppetserver.rb +26 -12
- data/lib/puppet/http/service/report.rb +8 -10
- data/lib/puppet/http/session.rb +11 -20
- data/lib/puppet/{network/http → http}/site.rb +1 -2
- data/lib/puppet/indirector/catalog/rest.rb +2 -4
- data/lib/puppet/indirector/fact_search.rb +60 -0
- data/lib/puppet/indirector/facts/facter.rb +24 -3
- data/lib/puppet/indirector/facts/json.rb +27 -0
- data/lib/puppet/indirector/facts/rest.rb +3 -22
- data/lib/puppet/indirector/facts/yaml.rb +3 -58
- data/lib/puppet/indirector/file_bucket_file/rest.rb +3 -9
- data/lib/puppet/indirector/file_content/rest.rb +2 -6
- data/lib/puppet/indirector/file_metadata/rest.rb +3 -9
- data/lib/puppet/indirector/file_server.rb +1 -8
- data/lib/puppet/indirector/generic_http.rb +0 -11
- data/lib/puppet/indirector/json.rb +5 -1
- data/lib/puppet/indirector/node/json.rb +8 -0
- data/lib/puppet/indirector/node/rest.rb +2 -4
- data/lib/puppet/indirector/report/json.rb +34 -0
- data/lib/puppet/indirector/report/rest.rb +3 -8
- data/lib/puppet/indirector/request.rb +0 -101
- data/lib/puppet/indirector/rest.rb +12 -263
- data/lib/puppet/module_tool/applications.rb +0 -1
- data/lib/puppet/network/authconfig.rb +2 -96
- data/lib/puppet/network/authorization.rb +13 -35
- data/lib/puppet/network/formats.rb +2 -1
- data/lib/puppet/network/http.rb +3 -3
- data/lib/puppet/network/http/api/indirected_routes.rb +2 -20
- data/lib/puppet/network/http/api/master/v3.rb +11 -13
- data/lib/puppet/network/http/connection.rb +247 -316
- data/lib/puppet/network/http/handler.rb +0 -1
- data/lib/puppet/network/http_pool.rb +16 -34
- data/lib/puppet/node.rb +1 -30
- data/lib/puppet/pal/json_catalog_encoder.rb +4 -0
- data/lib/puppet/pal/pal_impl.rb +73 -18
- data/lib/puppet/parser/ast/pops_bridge.rb +0 -38
- data/lib/puppet/parser/compiler.rb +0 -198
- data/lib/puppet/parser/compiler/catalog_validator/relationship_validator.rb +14 -39
- data/lib/puppet/parser/resource.rb +0 -69
- data/lib/puppet/pops/evaluator/evaluator_impl.rb +22 -8
- data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +3 -3
- data/lib/puppet/pops/evaluator/runtime3_support.rb +1 -1
- data/lib/puppet/pops/issues.rb +0 -5
- data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +6 -8
- data/lib/puppet/pops/model/ast.pp +0 -42
- data/lib/puppet/pops/model/ast.rb +0 -290
- data/lib/puppet/pops/model/factory.rb +0 -45
- data/lib/puppet/pops/model/model_label_provider.rb +0 -5
- data/lib/puppet/pops/model/model_tree_dumper.rb +0 -22
- data/lib/puppet/pops/model/pn_transformer.rb +0 -16
- data/lib/puppet/pops/parser/egrammar.ra +0 -56
- data/lib/puppet/pops/parser/eparser.rb +1520 -1712
- data/lib/puppet/pops/parser/lexer2.rb +4 -4
- data/lib/puppet/pops/parser/parser_support.rb +0 -5
- data/lib/puppet/pops/resource/resource_type_impl.rb +2 -24
- data/lib/puppet/pops/types/type_calculator.rb +0 -7
- data/lib/puppet/pops/types/type_parser.rb +0 -4
- data/lib/puppet/pops/types/types.rb +0 -1
- data/lib/puppet/pops/validation/checker4_0.rb +9 -37
- data/lib/puppet/pops/validation/tasks_checker.rb +0 -12
- data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -2
- data/lib/puppet/provider.rb +0 -13
- data/lib/puppet/provider/nameservice.rb +0 -18
- data/lib/puppet/provider/package/dpkg.rb +0 -10
- data/lib/puppet/provider/package/gem.rb +23 -3
- data/lib/puppet/provider/package/pip.rb +0 -1
- data/lib/puppet/provider/package/pkg.rb +0 -4
- data/lib/puppet/provider/package/portage.rb +1 -1
- data/lib/puppet/provider/package/puppet_gem.rb +1 -4
- data/lib/puppet/provider/service/smf.rb +191 -73
- data/lib/puppet/provider/user/directoryservice.rb +0 -10
- data/lib/puppet/reference/configuration.rb +2 -0
- data/lib/puppet/reference/indirection.rb +1 -1
- data/lib/puppet/resource.rb +1 -89
- data/lib/puppet/resource/catalog.rb +1 -14
- data/lib/puppet/resource/type.rb +3 -119
- data/lib/puppet/resource/type_collection.rb +3 -48
- data/lib/puppet/runtime.rb +1 -2
- data/lib/puppet/settings.rb +45 -33
- data/lib/puppet/settings/base_setting.rb +26 -2
- data/lib/puppet/settings/integer_setting.rb +17 -0
- data/lib/puppet/settings/port_setting.rb +15 -0
- data/lib/puppet/settings/priority_setting.rb +5 -4
- data/lib/puppet/ssl.rb +10 -6
- data/lib/puppet/ssl/base.rb +3 -5
- data/lib/puppet/ssl/certificate.rb +0 -6
- data/lib/puppet/ssl/certificate_request.rb +1 -12
- data/lib/puppet/ssl/certificate_signer.rb +6 -0
- data/lib/puppet/ssl/oids.rb +3 -1
- data/lib/puppet/ssl/ssl_provider.rb +17 -0
- data/lib/puppet/ssl/state_machine.rb +3 -1
- data/lib/puppet/ssl/verifier.rb +2 -0
- data/lib/puppet/test/test_helper.rb +1 -3
- data/lib/puppet/transaction.rb +1 -7
- data/lib/puppet/transaction/report.rb +2 -4
- data/lib/puppet/type.rb +0 -76
- data/lib/puppet/type/file.rb +5 -7
- data/lib/puppet/type/file/checksum.rb +1 -1
- data/lib/puppet/type/file/source.rb +1 -1
- data/lib/puppet/type/filebucket.rb +3 -3
- data/lib/puppet/type/package.rb +5 -13
- data/lib/puppet/util/execution.rb +0 -11
- data/lib/puppet/util/http_proxy.rb +2 -215
- data/lib/puppet/util/monkey_patches.rb +0 -46
- data/lib/puppet/util/rdoc.rb +0 -7
- data/lib/puppet/util/retry_action.rb +1 -1
- data/lib/puppet/util/rubygems.rb +5 -1
- data/lib/puppet/util/run_mode.rb +9 -1
- data/lib/puppet/util/windows.rb +3 -8
- data/lib/puppet/util/windows/daemon.rb +360 -0
- data/lib/puppet/util/windows/error.rb +1 -0
- data/lib/puppet/util/windows/eventlog.rb +4 -9
- data/lib/puppet/util/windows/file.rb +8 -242
- data/lib/puppet/util/windows/monkey_patches/process.rb +414 -0
- data/lib/puppet/util/windows/process.rb +4 -226
- data/lib/puppet/util/windows/service.rb +9 -460
- data/lib/puppet/util/windows/string.rb +12 -13
- data/lib/puppet/util/yaml.rb +0 -22
- data/lib/puppet/vendor/require_vendored.rb +0 -1
- data/lib/puppet/version.rb +1 -1
- data/lib/puppet/x509.rb +5 -1
- data/lib/puppet/x509/cert_provider.rb +29 -1
- data/locales/puppet.pot +531 -1232
- data/man/man5/puppet.conf.5 +37 -97
- data/man/man8/puppet-agent.8 +1 -1
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +55 -9
- data/man/man8/puppet-filebucket.8 +6 -6
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-module.8 +1 -58
- data/man/man8/puppet-node.8 +4 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +4 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +1 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/unit/provider/service/smf/{svcs.out → svcs_instances.out} +0 -0
- data/spec/integration/application/agent_spec.rb +24 -11
- data/spec/integration/application/apply_spec.rb +1 -1
- data/spec/integration/application/filebucket_spec.rb +16 -16
- data/spec/integration/application/help_spec.rb +2 -0
- data/spec/integration/application/plugin_spec.rb +23 -1
- data/spec/integration/defaults_spec.rb +7 -3
- data/spec/integration/environments/setting_hooks_spec.rb +1 -1
- data/spec/integration/network/http_pool_spec.rb +3 -21
- data/spec/integration/parser/catalog_spec.rb +0 -38
- data/spec/integration/parser/node_spec.rb +0 -9
- data/spec/integration/parser/pcore_resource_spec.rb +0 -37
- data/spec/integration/type/file_spec.rb +5 -4
- data/spec/integration/util/windows/monkey_patches/process_spec.rb +231 -0
- data/spec/integration/util/windows/security_spec.rb +1 -1
- data/spec/lib/puppet_spec/puppetserver.rb +1 -1
- data/spec/lib/puppet_spec/settings.rb +7 -1
- data/spec/spec_helper.rb +2 -0
- data/spec/unit/agent_spec.rb +0 -2
- data/spec/unit/application/config_spec.rb +224 -4
- data/spec/unit/application/facts_spec.rb +35 -0
- data/spec/unit/application/filebucket_spec.rb +41 -39
- data/spec/unit/application/ssl_spec.rb +2 -2
- data/spec/unit/certificate_factory_spec.rb +1 -1
- data/spec/unit/configurer/downloader_spec.rb +6 -2
- data/spec/unit/configurer/plugin_handler_spec.rb +56 -18
- data/spec/unit/configurer_spec.rb +12 -9
- data/spec/unit/context/trusted_information_spec.rb +2 -6
- data/spec/unit/defaults_spec.rb +77 -28
- data/spec/unit/environments_spec.rb +0 -3
- data/spec/unit/face/config_spec.rb +27 -32
- data/spec/unit/face/facts_spec.rb +4 -0
- data/spec/unit/face/plugin_spec.rb +73 -33
- data/spec/unit/file_bucket/file_spec.rb +1 -1
- data/spec/unit/file_serving/configuration/parser_spec.rb +14 -18
- data/spec/unit/file_serving/configuration_spec.rb +6 -12
- data/spec/unit/functions/camelcase_spec.rb +1 -1
- data/spec/unit/functions/capitalize_spec.rb +1 -1
- data/spec/unit/functions/downcase_spec.rb +1 -1
- data/spec/unit/functions/inline_epp_spec.rb +26 -1
- data/spec/unit/functions/upcase_spec.rb +1 -1
- data/spec/unit/http/client_spec.rb +7 -8
- data/spec/unit/{network/resolver_spec.rb → http/dns_spec.rb} +3 -3
- data/spec/unit/http/external_client_spec.rb +4 -4
- data/spec/unit/{network/http → http}/factory_spec.rb +5 -11
- data/spec/unit/{network/http/session_spec.rb → http/pool_entry_spec.rb} +3 -3
- data/spec/unit/{network/http → http}/pool_spec.rb +12 -17
- data/spec/unit/{util/http_proxy_spec.rb → http/proxy_spec.rb} +2 -69
- data/spec/unit/http/resolver_spec.rb +13 -13
- data/spec/unit/http/service/compiler_spec.rb +49 -62
- data/spec/unit/http/service/file_server_spec.rb +3 -3
- data/spec/unit/http/service/puppetserver_spec.rb +34 -4
- data/spec/unit/http/service_spec.rb +1 -2
- data/spec/unit/http/session_spec.rb +16 -14
- data/spec/unit/{network/http → http}/site_spec.rb +3 -3
- data/spec/unit/indirector/facts/facter_spec.rb +97 -0
- data/spec/unit/indirector/facts/json_spec.rb +255 -0
- data/spec/unit/indirector/file_bucket_file/file_spec.rb +5 -3
- data/spec/unit/indirector/file_content/rest_spec.rb +0 -4
- data/spec/unit/indirector/file_metadata/rest_spec.rb +0 -4
- data/spec/unit/indirector/file_server_spec.rb +1 -15
- data/spec/unit/indirector/node/json_spec.rb +33 -0
- data/spec/{integration/indirector/report/yaml.rb → unit/indirector/report/json_spec.rb} +13 -24
- data/spec/unit/indirector/report/rest_spec.rb +2 -17
- data/spec/unit/indirector/report/yaml_spec.rb +72 -8
- data/spec/unit/indirector/request_spec.rb +0 -264
- data/spec/unit/indirector/rest_spec.rb +98 -752
- data/spec/unit/network/authconfig_spec.rb +2 -132
- data/spec/unit/network/authorization_spec.rb +2 -55
- data/spec/unit/network/formats_spec.rb +4 -4
- data/spec/unit/network/http/api/indirected_routes_spec.rb +1 -97
- data/spec/unit/network/http/api/master/v3_spec.rb +28 -7
- data/spec/unit/network/http/api_spec.rb +10 -0
- data/spec/unit/network/http/connection_spec.rb +19 -41
- data/spec/unit/network/http/handler_spec.rb +0 -6
- data/spec/unit/network/http_pool_spec.rb +0 -4
- data/spec/unit/node/environment_spec.rb +33 -21
- data/spec/unit/node_spec.rb +2 -54
- data/spec/unit/parser/functions/create_resources_spec.rb +2 -20
- data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +4 -7
- data/spec/unit/pops/loaders/loaders_spec.rb +6 -21
- data/spec/unit/pops/parser/parse_application_spec.rb +4 -22
- data/spec/unit/pops/parser/parse_basic_expressions_spec.rb +0 -1
- data/spec/unit/pops/parser/parse_capabilities_spec.rb +8 -21
- data/spec/unit/pops/parser/parse_site_spec.rb +20 -24
- data/spec/unit/pops/resource/resource_type_impl_spec.rb +0 -71
- data/spec/unit/pops/serialization/to_from_hr_spec.rb +1 -1
- data/spec/unit/pops/types/type_calculator_spec.rb +6 -6
- data/spec/unit/pops/types/type_factory_spec.rb +1 -1
- data/spec/unit/pops/validator/validator_spec.rb +61 -46
- data/spec/unit/pops/visitor_spec.rb +1 -1
- data/spec/unit/provider/nameservice_spec.rb +0 -57
- data/spec/unit/provider/package/dpkg_spec.rb +0 -48
- data/spec/unit/provider/package/gem_spec.rb +32 -0
- data/spec/unit/provider/package/puppet_gem_spec.rb +3 -2
- data/spec/unit/provider/service/smf_spec.rb +401 -165
- data/spec/unit/provider/service/windows_spec.rb +0 -1
- data/spec/unit/provider_spec.rb +0 -12
- data/spec/unit/puppet_pal_catalog_spec.rb +45 -0
- data/spec/unit/resource/type_collection_spec.rb +2 -22
- data/spec/unit/resource_spec.rb +0 -56
- data/spec/unit/settings/http_extra_headers_spec.rb +2 -4
- data/spec/unit/settings/integer_setting_spec.rb +42 -0
- data/spec/unit/settings/port_setting_spec.rb +31 -0
- data/spec/unit/settings/priority_setting_spec.rb +4 -4
- data/spec/unit/settings_spec.rb +423 -236
- data/spec/unit/ssl/base_spec.rb +36 -3
- data/spec/unit/ssl/certificate_request_spec.rb +15 -45
- data/spec/unit/ssl/certificate_spec.rb +2 -11
- data/spec/unit/ssl/ssl_provider_spec.rb +11 -8
- data/spec/unit/ssl/state_machine_spec.rb +0 -1
- data/spec/unit/ssl/verifier_spec.rb +0 -21
- data/spec/unit/transaction/report_spec.rb +0 -2
- data/spec/unit/transaction/resource_harness_spec.rb +2 -2
- data/spec/unit/transaction_spec.rb +45 -79
- data/spec/unit/type/file/checksum_spec.rb +6 -6
- data/spec/unit/type/file/content_spec.rb +1 -1
- data/spec/unit/type/file/ensure_spec.rb +1 -1
- data/spec/unit/type/file/mode_spec.rb +1 -1
- data/spec/unit/type/file/source_spec.rb +0 -1
- data/spec/unit/type/file_spec.rb +12 -6
- data/spec/unit/type/package_spec.rb +1 -1
- data/spec/unit/type_spec.rb +20 -0
- data/spec/unit/util/backups_spec.rb +0 -2
- data/spec/unit/util/execution_spec.rb +0 -29
- data/spec/unit/util/monkey_patches_spec.rb +0 -6
- data/spec/unit/util/rubygems_spec.rb +2 -2
- data/spec/unit/util/run_mode_spec.rb +21 -121
- data/spec/unit/util/windows/string_spec.rb +1 -3
- data/spec/unit/util/yaml_spec.rb +0 -54
- data/spec/unit/util_spec.rb +0 -18
- metadata +50 -232
- data/conf/auth.conf +0 -150
- data/lib/puppet/application/cert.rb +0 -76
- data/lib/puppet/application/key.rb +0 -4
- data/lib/puppet/application/man.rb +0 -4
- data/lib/puppet/application/status.rb +0 -4
- data/lib/puppet/face/key.rb +0 -16
- data/lib/puppet/face/man.rb +0 -145
- data/lib/puppet/face/module/build.rb +0 -14
- data/lib/puppet/face/module/generate.rb +0 -14
- data/lib/puppet/face/module/search.rb +0 -103
- data/lib/puppet/face/status.rb +0 -51
- data/lib/puppet/indirector/certificate/file.rb +0 -9
- data/lib/puppet/indirector/certificate/rest.rb +0 -18
- data/lib/puppet/indirector/certificate_request/file.rb +0 -9
- data/lib/puppet/indirector/certificate_request/memory.rb +0 -7
- data/lib/puppet/indirector/certificate_request/rest.rb +0 -11
- data/lib/puppet/indirector/file_content/http.rb +0 -22
- data/lib/puppet/indirector/key/file.rb +0 -46
- data/lib/puppet/indirector/key/memory.rb +0 -7
- data/lib/puppet/indirector/ssl_file.rb +0 -162
- data/lib/puppet/indirector/status.rb +0 -3
- data/lib/puppet/indirector/status/local.rb +0 -12
- data/lib/puppet/indirector/status/rest.rb +0 -27
- data/lib/puppet/module_tool/applications/searcher.rb +0 -29
- data/lib/puppet/network/auth_config_parser.rb +0 -90
- data/lib/puppet/network/authstore.rb +0 -283
- data/lib/puppet/network/http/api/master/v3/authorization.rb +0 -18
- data/lib/puppet/network/http/api/master/v3/environment.rb +0 -88
- data/lib/puppet/network/http/base_pool.rb +0 -36
- data/lib/puppet/network/http/compression.rb +0 -127
- data/lib/puppet/network/http/connection_adapter.rb +0 -184
- data/lib/puppet/network/http/nocache_pool.rb +0 -28
- data/lib/puppet/network/rest_controller.rb +0 -2
- data/lib/puppet/network/rights.rb +0 -210
- data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +0 -66
- data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +0 -22
- data/lib/puppet/parser/environment_compiler.rb +0 -202
- data/lib/puppet/pops/types/enumeration.rb +0 -16
- data/lib/puppet/resource/capability_finder.rb +0 -154
- data/lib/puppet/rest/errors.rb +0 -15
- data/lib/puppet/rest/response.rb +0 -35
- data/lib/puppet/rest/route.rb +0 -85
- data/lib/puppet/rest/routes.rb +0 -135
- data/lib/puppet/ssl/host.rb +0 -505
- data/lib/puppet/ssl/key.rb +0 -61
- data/lib/puppet/ssl/validator.rb +0 -61
- data/lib/puppet/ssl/validator/default_validator.rb +0 -209
- data/lib/puppet/ssl/validator/no_validator.rb +0 -22
- data/lib/puppet/ssl/verifier_adapter.rb +0 -58
- data/lib/puppet/status.rb +0 -40
- data/lib/puppet/util/connection.rb +0 -88
- data/lib/puppet/util/ssl.rb +0 -83
- data/lib/puppet/util/windows/api_types.rb +0 -309
- data/lib/puppet/util/windows/monkey_patches/dir.rb +0 -40
- data/lib/puppet/vendor/load_pathspec.rb +0 -1
- data/lib/puppet/vendor/pathspec/CHANGELOG.md +0 -2
- data/lib/puppet/vendor/pathspec/LICENSE +0 -201
- data/lib/puppet/vendor/pathspec/PUPPET_README.md +0 -6
- data/lib/puppet/vendor/pathspec/README.md +0 -53
- data/lib/puppet/vendor/pathspec/lib/pathspec.rb +0 -122
- data/lib/puppet/vendor/pathspec/lib/pathspec/gitignorespec.rb +0 -275
- data/lib/puppet/vendor/pathspec/lib/pathspec/regexspec.rb +0 -17
- data/lib/puppet/vendor/pathspec/lib/pathspec/spec.rb +0 -14
- data/man/man8/puppet-key.8 +0 -126
- data/man/man8/puppet-man.8 +0 -76
- data/man/man8/puppet-status.8 +0 -108
- data/spec/integration/application/config_spec.rb +0 -74
- data/spec/integration/network/authconfig_spec.rb +0 -256
- data/spec/integration/util/windows/monkey_patches/dir_spec.rb +0 -11
- data/spec/unit/application/man_spec.rb +0 -52
- data/spec/unit/capability_spec.rb +0 -414
- data/spec/unit/face/catalog_spec.rb +0 -6
- data/spec/unit/face/key_spec.rb +0 -9
- data/spec/unit/face/module/search_spec.rb +0 -231
- data/spec/unit/face/module_spec.rb +0 -3
- data/spec/unit/face/status_spec.rb +0 -9
- data/spec/unit/indirector/certificate/file_spec.rb +0 -14
- data/spec/unit/indirector/certificate/rest_spec.rb +0 -61
- data/spec/unit/indirector/certificate_request/file_spec.rb +0 -14
- data/spec/unit/indirector/certificate_request/rest_spec.rb +0 -25
- data/spec/unit/indirector/key/file_spec.rb +0 -79
- data/spec/unit/indirector/ssl_file_spec.rb +0 -305
- data/spec/unit/indirector/status/local_spec.rb +0 -10
- data/spec/unit/indirector/status/rest_spec.rb +0 -50
- data/spec/unit/module_tool/applications/searcher_spec.rb +0 -38
- data/spec/unit/network/auth_config_parser_spec.rb +0 -115
- data/spec/unit/network/authstore_spec.rb +0 -422
- data/spec/unit/network/http/api/master/v3/authorization_spec.rb +0 -57
- data/spec/unit/network/http/api/master/v3/environment_spec.rb +0 -185
- data/spec/unit/network/http/compression_spec.rb +0 -240
- data/spec/unit/network/http/nocache_pool_spec.rb +0 -64
- data/spec/unit/network/http_spec.rb +0 -9
- data/spec/unit/network/rights_spec.rb +0 -439
- data/spec/unit/parser/environment_compiler_spec.rb +0 -730
- data/spec/unit/pops/types/enumeration_spec.rb +0 -51
- data/spec/unit/resource/capability_finder_spec.rb +0 -143
- data/spec/unit/rest/route_spec.rb +0 -132
- data/spec/unit/ssl/host_spec.rb +0 -650
- data/spec/unit/ssl/key_spec.rb +0 -173
- data/spec/unit/ssl/validator_spec.rb +0 -278
- data/spec/unit/status_spec.rb +0 -45
- data/spec/unit/util/ssl_spec.rb +0 -91
@@ -1,138 +1,8 @@
|
|
1
1
|
require 'spec_helper'
|
2
|
-
|
3
2
|
require 'puppet/network/authconfig'
|
4
3
|
|
5
|
-
describe Puppet::Network::DefaultAuthProvider do
|
6
|
-
before :each do
|
7
|
-
allow(Puppet::FileSystem).to receive(:stat).and_return(double('stat', :ctime => :now))
|
8
|
-
allow(Time).to receive(:now).and_return(Time.now)
|
9
|
-
|
10
|
-
allow_any_instance_of(Puppet::Network::DefaultAuthProvider).to receive(:exists?).and_return(true)
|
11
|
-
# FIXME @authprovider = Puppet::Network::DefaultAuthProvider.new("dummy")
|
12
|
-
end
|
13
|
-
|
14
|
-
describe "when initializing" do
|
15
|
-
it "inserts default ACLs after setting initial rights" do
|
16
|
-
expect_any_instance_of(Puppet::Network::DefaultAuthProvider).to receive(:insert_default_acl)
|
17
|
-
Puppet::Network::DefaultAuthProvider.new
|
18
|
-
end
|
19
|
-
end
|
20
|
-
|
21
|
-
describe "when defining an acl with mk_acl" do
|
22
|
-
before :each do
|
23
|
-
allow_any_instance_of(Puppet::Network::DefaultAuthProvider).to receive(:insert_default_acl)
|
24
|
-
@authprovider = Puppet::Network::DefaultAuthProvider.new
|
25
|
-
end
|
26
|
-
|
27
|
-
it "should create a new right for each default acl" do
|
28
|
-
@authprovider.mk_acl(:acl => '/')
|
29
|
-
expect(@authprovider.rights['/']).to be
|
30
|
-
end
|
31
|
-
|
32
|
-
it "allows everyone for each default right" do
|
33
|
-
@authprovider.mk_acl(:acl => '/')
|
34
|
-
expect(@authprovider.rights['/']).to be_globalallow
|
35
|
-
end
|
36
|
-
|
37
|
-
it "accepts an argument to restrict the method" do
|
38
|
-
@authprovider.mk_acl(:acl => '/', :method => :find)
|
39
|
-
expect(@authprovider.rights['/'].methods).to eq([:find])
|
40
|
-
end
|
41
|
-
|
42
|
-
it "creates rights with authentication set to true by default" do
|
43
|
-
@authprovider.mk_acl(:acl => '/')
|
44
|
-
expect(@authprovider.rights['/'].authentication).to be_truthy
|
45
|
-
end
|
46
|
-
|
47
|
-
it "accepts an argument to set the authentication requirement" do
|
48
|
-
@authprovider.mk_acl(:acl => '/', :authenticated => :any)
|
49
|
-
expect(@authprovider.rights['/'].authentication).to be_falsey
|
50
|
-
end
|
51
|
-
end
|
52
|
-
|
53
|
-
describe "when adding default ACLs" do
|
54
|
-
before :each do
|
55
|
-
allow_any_instance_of(Puppet::Network::DefaultAuthProvider).to receive(:insert_default_acl)
|
56
|
-
@authprovider = Puppet::Network::DefaultAuthProvider.new
|
57
|
-
allow_any_instance_of(Puppet::Network::DefaultAuthProvider).to receive(:insert_default_acl).and_call_original
|
58
|
-
end
|
59
|
-
|
60
|
-
Puppet::Network::DefaultAuthProvider::default_acl.each do |acl|
|
61
|
-
it "should create a default right for #{acl[:acl]}" do
|
62
|
-
allow(@authprovider).to receive(:mk_acl)
|
63
|
-
expect(@authprovider).to receive(:mk_acl).with(acl)
|
64
|
-
@authprovider.insert_default_acl
|
65
|
-
end
|
66
|
-
end
|
67
|
-
|
68
|
-
it "should log at info loglevel" do
|
69
|
-
expect(Puppet).to receive(:info).at_least(:once)
|
70
|
-
@authprovider.insert_default_acl
|
71
|
-
end
|
72
|
-
|
73
|
-
it "creates an empty catch-all rule for '/' for any authentication request state" do
|
74
|
-
allow(@authprovider).to receive(:mk_acl)
|
75
|
-
|
76
|
-
@authprovider.insert_default_acl
|
77
|
-
expect(@authprovider.rights['/']).to be_empty
|
78
|
-
expect(@authprovider.rights['/'].authentication).to be_falsey
|
79
|
-
end
|
80
|
-
|
81
|
-
it '(CVE-2013-2275) allows report submission only for the node matching the certname by default' do
|
82
|
-
acl = {
|
83
|
-
:acl => "~ ^#{Puppet::Network::HTTP::MASTER_URL_PREFIX}\/v3\/report\/([^\/]+)$",
|
84
|
-
:method => :save,
|
85
|
-
:allow => '$1',
|
86
|
-
:authenticated => true
|
87
|
-
}
|
88
|
-
allow(@authprovider).to receive(:mk_acl)
|
89
|
-
expect(@authprovider).to receive(:mk_acl).with(acl)
|
90
|
-
@authprovider.insert_default_acl
|
91
|
-
end
|
92
|
-
end
|
93
|
-
|
94
|
-
describe "when checking authorization" do
|
95
|
-
it "should ask for authorization to the ACL subsystem" do
|
96
|
-
params = {
|
97
|
-
:ip => "127.0.0.1",
|
98
|
-
:node => "me",
|
99
|
-
:environment => :env,
|
100
|
-
:authenticated => true
|
101
|
-
}
|
102
|
-
|
103
|
-
expect_any_instance_of(Puppet::Network::Rights).to receive(:is_request_forbidden_and_why?).with(:save, "/path/to/resource", params)
|
104
|
-
|
105
|
-
described_class.new.check_authorization(:save, "/path/to/resource", params)
|
106
|
-
end
|
107
|
-
end
|
108
|
-
end
|
109
|
-
|
110
4
|
describe Puppet::Network::AuthConfig do
|
111
|
-
|
112
|
-
Puppet::Network::AuthConfig.authprovider_class =
|
113
|
-
end
|
114
|
-
|
115
|
-
class TestAuthProvider
|
116
|
-
def initialize(rights=nil); end
|
117
|
-
def check_authorization(method, path, params); end
|
118
|
-
end
|
119
|
-
|
120
|
-
it "instantiates authprovider_class with rights" do
|
121
|
-
Puppet::Network::AuthConfig.authprovider_class = TestAuthProvider
|
122
|
-
rights = Puppet::Network::Rights.new
|
123
|
-
expect(TestAuthProvider).to receive(:new).with(rights)
|
124
|
-
described_class.new(rights)
|
125
|
-
end
|
126
|
-
|
127
|
-
it "delegates authorization check to authprovider_class" do
|
128
|
-
Puppet::Network::AuthConfig.authprovider_class = TestAuthProvider
|
129
|
-
expect_any_instance_of(TestAuthProvider).to receive(:check_authorization).with(:save, '/path/to/resource', {})
|
130
|
-
described_class.new.check_authorization(:save, '/path/to/resource', {})
|
131
|
-
end
|
132
|
-
|
133
|
-
it "uses DefaultAuthProvider by default" do
|
134
|
-
Puppet::Network::AuthConfig.authprovider_class = nil
|
135
|
-
expect_any_instance_of(Puppet::Network::DefaultAuthProvider).to receive(:check_authorization).with(:save, '/path/to/resource', {})
|
136
|
-
described_class.new.check_authorization(:save, '/path/to/resource', {})
|
5
|
+
it "accepts an auth provider class" do
|
6
|
+
Puppet::Network::AuthConfig.authprovider_class = Object
|
137
7
|
end
|
138
8
|
end
|
@@ -1,61 +1,8 @@
|
|
1
1
|
require 'spec_helper'
|
2
|
-
require 'puppet/network/http'
|
3
|
-
require 'puppet/network/http/api/indirected_routes'
|
4
2
|
require 'puppet/network/authorization'
|
5
3
|
|
6
4
|
describe Puppet::Network::Authorization do
|
7
|
-
class
|
8
|
-
|
9
|
-
end
|
10
|
-
|
11
|
-
subject { AuthTest.new }
|
12
|
-
|
13
|
-
context "when creating an authconfig object" do
|
14
|
-
before :each do
|
15
|
-
# Other tests may have created an authconfig, so we have to undo that.
|
16
|
-
@orig_auth_config = Puppet::Network::AuthConfigLoader.instance_variable_get(:@auth_config)
|
17
|
-
@orig_auth_config_file = Puppet::Network::AuthConfigLoader.instance_variable_get(:@auth_config_file)
|
18
|
-
|
19
|
-
Puppet::Network::AuthConfigLoader.instance_variable_set(:@auth_config, nil)
|
20
|
-
Puppet::Network::AuthConfigLoader.instance_variable_set(:@auth_config_file, nil)
|
21
|
-
end
|
22
|
-
|
23
|
-
after :each do
|
24
|
-
Puppet::Network::AuthConfigLoader.instance_variable_set(:@auth_config, @orig_auth_config)
|
25
|
-
Puppet::Network::AuthConfigLoader.instance_variable_set(:@auth_config_file, @orig_auth_config_file)
|
26
|
-
end
|
27
|
-
|
28
|
-
it "creates default ACL entries if no file has been read" do
|
29
|
-
expect(Puppet::Network::AuthConfigParser).to receive(:new_from_file).and_raise(Errno::ENOENT)
|
30
|
-
expect_any_instance_of(Puppet::Network::DefaultAuthProvider).to receive(:insert_default_acl)
|
31
|
-
|
32
|
-
subject.authconfig
|
33
|
-
end
|
34
|
-
end
|
35
|
-
|
36
|
-
class TestAuthConfig
|
37
|
-
def check_authorization(method, path, params); end
|
38
|
-
end
|
39
|
-
|
40
|
-
class TestAuthConfigLoader
|
41
|
-
def self.authconfig
|
42
|
-
TestAuthConfig.new
|
43
|
-
end
|
44
|
-
end
|
45
|
-
|
46
|
-
context "when checking authorization" do
|
47
|
-
after :each do
|
48
|
-
Puppet::Network::Authorization.authconfigloader_class = nil
|
49
|
-
end
|
50
|
-
|
51
|
-
it "delegates to the authconfig object" do
|
52
|
-
Puppet::Network::Authorization.authconfigloader_class =
|
53
|
-
TestAuthConfigLoader
|
54
|
-
expect_any_instance_of(TestAuthConfig).to receive(:check_authorization).with(
|
55
|
-
:save, '/mypath', {:param1 => "value1"}).and_return("yay, it worked!")
|
56
|
-
expect(subject.check_authorization(
|
57
|
-
:save, '/mypath',
|
58
|
-
{:param1 => "value1"})).to eq("yay, it worked!")
|
59
|
-
end
|
5
|
+
it "accepts an auth config loader class" do
|
6
|
+
Puppet::Network::Authorization.authconfigloader_class = Object
|
60
7
|
end
|
61
8
|
end
|
@@ -161,19 +161,19 @@ describe "Puppet Network Format" do
|
|
161
161
|
end
|
162
162
|
|
163
163
|
it 'raises when interning an instance of an unacceptable indirected type' do
|
164
|
-
obj =
|
164
|
+
obj = :something
|
165
165
|
|
166
166
|
expect {
|
167
167
|
yaml.intern(obj.class, YAML.dump(obj))
|
168
|
-
}.to raise_error(Puppet::Network::FormatHandler::FormatError, /Tried to load unspecified class:
|
168
|
+
}.to raise_error(Puppet::Network::FormatHandler::FormatError, /Tried to load unspecified class: Symbol/)
|
169
169
|
end
|
170
170
|
|
171
171
|
it 'raises when interning multple instances of an unacceptable indirected type' do
|
172
|
-
obj =
|
172
|
+
obj = :something
|
173
173
|
|
174
174
|
expect {
|
175
175
|
yaml.intern_multiple(obj.class, YAML.dump([obj]))
|
176
|
-
}.to raise_error(Puppet::Network::FormatHandler::FormatError, /Tried to load unspecified class:
|
176
|
+
}.to raise_error(Puppet::Network::FormatHandler::FormatError, /Tried to load unspecified class: Symbol/)
|
177
177
|
end
|
178
178
|
end
|
179
179
|
|
@@ -17,7 +17,6 @@ describe Puppet::Network::HTTP::API::IndirectedRoutes do
|
|
17
17
|
before do
|
18
18
|
Puppet::IndirectorTesting.indirection.terminus_class = :memory
|
19
19
|
Puppet::IndirectorTesting.indirection.terminus.clear
|
20
|
-
allow(handler).to receive(:warn_if_near_expiration)
|
21
20
|
end
|
22
21
|
|
23
22
|
describe "when converting a URI into a request" do
|
@@ -63,7 +62,7 @@ describe Puppet::Network::HTTP::API::IndirectedRoutes do
|
|
63
62
|
}.to raise_error(bad_request_error)
|
64
63
|
end
|
65
64
|
|
66
|
-
it "should not pass a
|
65
|
+
it "should not pass a bucket_path parameter through (See Bugs #13553, #13518, #13511)" do
|
67
66
|
expect(handler.uri2indirection("GET", "#{master_url_prefix}/node/bar",
|
68
67
|
{ :environment => "env",
|
69
68
|
:bucket_path => "/malicious/path" })[3]).not_to include({ :bucket_path => "/malicious/path" })
|
@@ -123,10 +122,6 @@ describe Puppet::Network::HTTP::API::IndirectedRoutes do
|
|
123
122
|
expect(handler.uri2indirection("PUT", "#{master_url_prefix}/facts/puppet.node.test", params)[0].name).to eq(:facts)
|
124
123
|
end
|
125
124
|
|
126
|
-
it "should change indirection name to 'status' if the http method is a GET and the indirection name is statuses" do
|
127
|
-
expect(handler.uri2indirection("GET", "#{master_url_prefix}/statuses/bar", params)[0].name).to eq(:status)
|
128
|
-
end
|
129
|
-
|
130
125
|
it "should change indirection name to 'node' if the http method is a GET and the indirection name is nodes" do
|
131
126
|
expect(handler.uri2indirection("GET", "#{master_url_prefix}/nodes/bar", params)[0].name).to eq(:node)
|
132
127
|
end
|
@@ -150,100 +145,9 @@ describe Puppet::Network::HTTP::API::IndirectedRoutes do
|
|
150
145
|
_, _, key, _ = handler.uri2indirection("GET", "#{master_url_prefix}/node/#{escaped}", params)
|
151
146
|
expect(key).to eq(escaped)
|
152
147
|
end
|
153
|
-
|
154
|
-
it "should not unescape the URI passed through in a call to check_authorization" do
|
155
|
-
key_escaped = Puppet::Util.uri_encode("foo bar")
|
156
|
-
uri_escaped = "#{master_url_prefix}/node/#{key_escaped}"
|
157
|
-
expect(handler).to receive(:check_authorization).with(anything, uri_escaped, anything)
|
158
|
-
handler.uri2indirection("GET", uri_escaped, params)
|
159
|
-
end
|
160
|
-
|
161
|
-
it "when the environment is unknown should remove :environment from params passed to check_authorization and therefore fail" do
|
162
|
-
expect(handler).to receive(:check_authorization).with(anything,
|
163
|
-
anything,
|
164
|
-
excluding(:environment))
|
165
|
-
expect { handler.uri2indirection("GET",
|
166
|
-
"#{master_url_prefix}/node/bar",
|
167
|
-
{:environment => 'bogus'})
|
168
|
-
}.to raise_error(not_found_error)
|
169
|
-
end
|
170
|
-
|
171
|
-
it "should not URI unescape the indirection key as passed through to a call to check_authorization" do
|
172
|
-
expect(handler).to receive(:check_authorization).with(anything, anything, hash_including(environment: be_a(Puppet::Node::Environment).and(have_attributes(name: :env))))
|
173
|
-
|
174
|
-
handler.uri2indirection("GET", "#{master_url_prefix}/node/bar", params)
|
175
|
-
end
|
176
|
-
|
177
|
-
end
|
178
|
-
|
179
|
-
describe "when converting a request into a URI" do
|
180
|
-
let(:environment) { Puppet::Node::Environment.create(:myenv, []) }
|
181
|
-
let(:request) { Puppet::Indirector::Request.new(:foo, :find, "with spaces", nil, :foo => :bar, :environment => environment) }
|
182
|
-
|
183
|
-
before do
|
184
|
-
allow(handler).to receive(:handler).and_return("foo")
|
185
|
-
end
|
186
|
-
|
187
|
-
it "should include the environment in the query string of the URI" do
|
188
|
-
expect(handler.class.request_to_uri(request)).to eq("#{master_url_prefix}/foo/with%20spaces?environment=myenv&foo=bar")
|
189
|
-
end
|
190
|
-
|
191
|
-
it "should include the correct url prefix if it is a ca request" do
|
192
|
-
allow(request).to receive(:indirection_name).and_return("certificate")
|
193
|
-
expect(handler.class.request_to_uri(request)).to eq("#{ca_url_prefix}/certificate/with%20spaces?environment=myenv&foo=bar")
|
194
|
-
end
|
195
|
-
|
196
|
-
it "should pluralize the indirection name if the method is 'search'" do
|
197
|
-
allow(request).to receive(:method).and_return(:search)
|
198
|
-
expect(handler.class.request_to_uri(request).split("/")[3]).to eq("foos")
|
199
|
-
end
|
200
|
-
|
201
|
-
it "should add the query string to the URI" do
|
202
|
-
expect(request).to receive(:query_string).and_return("query")
|
203
|
-
expect(handler.class.request_to_uri(request)).to match(/\&query$/)
|
204
|
-
end
|
205
|
-
end
|
206
|
-
|
207
|
-
describe "when converting a request into a URI with body" do
|
208
|
-
let(:environment) { Puppet::Node::Environment.create(:myenv, []) }
|
209
|
-
let(:request) { Puppet::Indirector::Request.new(:foo, :find, "with spaces", nil, :foo => :bar, :environment => environment) }
|
210
|
-
|
211
|
-
it "should use the indirection as the first field of the URI" do
|
212
|
-
expect(handler.class.request_to_uri_and_body(request).first.split("/")[3]).to eq("foo")
|
213
|
-
end
|
214
|
-
|
215
|
-
it "should use the escaped key as the remainder of the URI" do
|
216
|
-
escaped = Puppet::Util.uri_encode("with spaces")
|
217
|
-
expect(handler.class.request_to_uri_and_body(request).first.split("/")[4].sub(/\?.+/, '')).to eq(escaped)
|
218
|
-
end
|
219
|
-
|
220
|
-
it "should include the correct url prefix if it is a master request" do
|
221
|
-
expect(handler.class.request_to_uri_and_body(request).first).to eq("#{master_url_prefix}/foo/with%20spaces")
|
222
|
-
end
|
223
|
-
|
224
|
-
it "should include the correct url prefix if it is a ca request" do
|
225
|
-
allow(request).to receive(:indirection_name).and_return("certificate")
|
226
|
-
expect(handler.class.request_to_uri_and_body(request).first).to eq("#{ca_url_prefix}/certificate/with%20spaces")
|
227
|
-
end
|
228
|
-
|
229
|
-
it "should return the URI and body separately" do
|
230
|
-
expect(handler.class.request_to_uri_and_body(request)).to eq(["#{master_url_prefix}/foo/with%20spaces", "environment=myenv&foo=bar"])
|
231
|
-
end
|
232
148
|
end
|
233
149
|
|
234
150
|
describe "when processing a request" do
|
235
|
-
it "should raise not_authorized_error when authorization fails" do
|
236
|
-
data = Puppet::IndirectorTesting.new("my data")
|
237
|
-
indirection.save(data, "my data")
|
238
|
-
request = a_request_that_heads(data)
|
239
|
-
|
240
|
-
expect(handler).to receive(:check_authorization).and_raise(Puppet::Network::AuthorizationError.new("forbidden"))
|
241
|
-
|
242
|
-
expect {
|
243
|
-
handler.call(request, response)
|
244
|
-
}.to raise_error(not_authorized_error)
|
245
|
-
end
|
246
|
-
|
247
151
|
it "should raise not_found_error if the indirection does not support remote requests" do
|
248
152
|
request = a_request_that_heads(Puppet::IndirectorTesting.new("my data"))
|
249
153
|
|
@@ -15,15 +15,18 @@ describe Puppet::Network::HTTP::API::Master::V3 do
|
|
15
15
|
chain(Puppet::Network::HTTP::API::Master::V3.routes)
|
16
16
|
}
|
17
17
|
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
18
|
+
# simulate puppetserver registering its authconfigloader class
|
19
|
+
around :each do |example|
|
20
|
+
Puppet::Network::Authorization.authconfigloader_class = Object
|
21
|
+
begin
|
22
|
+
example.run
|
23
|
+
ensure
|
24
|
+
Puppet::Network::Authorization.authconfigloader_class = nil
|
25
|
+
end
|
23
26
|
end
|
24
27
|
|
25
|
-
it "mounts the
|
26
|
-
request = Puppet::Network::HTTP::Request.from_hash(:path => "#{master_url_prefix}/
|
28
|
+
it "mounts the environments endpoint" do
|
29
|
+
request = Puppet::Network::HTTP::Request.from_hash(:path => "#{master_url_prefix}/environments")
|
27
30
|
master_routes.process(request, response)
|
28
31
|
|
29
32
|
expect(response.code).to eq(200)
|
@@ -54,4 +57,22 @@ describe Puppet::Network::HTTP::API::Master::V3 do
|
|
54
57
|
master_routes.process(request, response)
|
55
58
|
}.to raise_error(not_found_error)
|
56
59
|
end
|
60
|
+
|
61
|
+
it "checks authorization for indirected routes" do
|
62
|
+
Puppet::Network::Authorization.authconfigloader_class = nil
|
63
|
+
|
64
|
+
request = Puppet::Network::HTTP::Request.from_hash(:path => "#{master_url_prefix}/catalog/foo")
|
65
|
+
expect {
|
66
|
+
master_routes.process(request, response)
|
67
|
+
}.to raise_error(Puppet::Network::HTTP::Error::HTTPNotAuthorizedError, %r{Not Authorized: Forbidden request: /puppet/v3/catalog/foo \(method GET\)})
|
68
|
+
end
|
69
|
+
|
70
|
+
it "checks authorization for environments" do
|
71
|
+
Puppet::Network::Authorization.authconfigloader_class = nil
|
72
|
+
|
73
|
+
request = Puppet::Network::HTTP::Request.from_hash(:path => "#{master_url_prefix}/environments")
|
74
|
+
expect {
|
75
|
+
master_routes.process(request, response)
|
76
|
+
}.to raise_error(Puppet::Network::HTTP::Error::HTTPNotAuthorizedError, %r{Not Authorized: Forbidden request: /puppet/v3/environments \(method GET\)})
|
77
|
+
end
|
57
78
|
end
|
@@ -70,6 +70,16 @@ describe Puppet::Network::HTTP::API do
|
|
70
70
|
end
|
71
71
|
|
72
72
|
describe "when processing master routes" do
|
73
|
+
# simulate puppetserver registering its authconfigloader class
|
74
|
+
around :each do |example|
|
75
|
+
Puppet::Network::Authorization.authconfigloader_class = Object
|
76
|
+
begin
|
77
|
+
example.run
|
78
|
+
ensure
|
79
|
+
Puppet::Network::Authorization.authconfigloader_class = nil
|
80
|
+
end
|
81
|
+
end
|
82
|
+
|
73
83
|
it "responds to v3 indirector requests" do
|
74
84
|
req = Puppet::Network::HTTP::Request.from_hash(:path => "#{master_prefix}/v3/node/foo",
|
75
85
|
:params => {:environment => "production"},
|
@@ -1,6 +1,5 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
require 'puppet/network/http/connection'
|
3
|
-
require 'puppet/network/http/connection_adapter'
|
4
3
|
require 'puppet/test_ca'
|
5
4
|
|
6
5
|
describe Puppet::Network::HTTP::Connection do
|
@@ -10,21 +9,23 @@ describe Puppet::Network::HTTP::Connection do
|
|
10
9
|
let(:url) { "https://#{host}:#{port}#{path}" }
|
11
10
|
let(:params) { { 'key' => 'a value' } }
|
12
11
|
let(:encoded_url_with_params) { "#{url}?%7B%22key%22:%22a%20value%22%7D" }
|
12
|
+
let(:ssl_context) { Puppet::SSL::SSLProvider.new.create_system_context(cacerts: []) }
|
13
|
+
let(:verifier) { Puppet::SSL::Verifier.new(host, ssl_context) }
|
13
14
|
|
14
|
-
shared_examples_for "an HTTP connection" do |klass
|
15
|
-
subject { klass.new(host, port, :
|
15
|
+
shared_examples_for "an HTTP connection" do |klass|
|
16
|
+
subject { klass.new(host, port, :verifier => verifier) }
|
16
17
|
|
17
18
|
context "when providing HTTP connections" do
|
18
19
|
context "when initializing http instances" do
|
19
20
|
it "should return an http instance created with the passed host and port" do
|
20
|
-
conn = klass.new(host, port, :
|
21
|
+
conn = klass.new(host, port, :verifier => verifier)
|
21
22
|
|
22
23
|
expect(conn.address).to eq(host)
|
23
24
|
expect(conn.port).to eq(port)
|
24
25
|
end
|
25
26
|
|
26
27
|
it "should enable ssl on the http instance by default" do
|
27
|
-
conn = klass.new(host, port, :
|
28
|
+
conn = klass.new(host, port, :verifier => verifier)
|
28
29
|
|
29
30
|
expect(conn).to be_use_ssl
|
30
31
|
end
|
@@ -36,21 +37,21 @@ describe Puppet::Network::HTTP::Connection do
|
|
36
37
|
end
|
37
38
|
|
38
39
|
it "can enable ssl using an option" do
|
39
|
-
conn = klass.new(host, port, :use_ssl => true, :
|
40
|
+
conn = klass.new(host, port, :use_ssl => true, :verifier => verifier)
|
40
41
|
|
41
42
|
expect(conn).to be_use_ssl
|
42
43
|
end
|
43
44
|
|
44
45
|
it "ignores the ':verify' option when ssl is disabled" do
|
45
|
-
conn = klass.new(host, port, :use_ssl => false, :
|
46
|
+
conn = klass.new(host, port, :use_ssl => false, :verifier => verifier)
|
46
47
|
|
47
48
|
expect(conn.verifier).to be_nil
|
48
49
|
end
|
49
50
|
|
50
51
|
it "wraps the validator in an adapter" do
|
51
|
-
conn = klass.new(host, port, :
|
52
|
+
conn = klass.new(host, port, :verifier => verifier)
|
52
53
|
|
53
|
-
expect(conn.verifier).to
|
54
|
+
expect(conn.verifier).to be_a(Puppet::SSL::Verifier)
|
54
55
|
end
|
55
56
|
|
56
57
|
it "should raise Puppet::Error when invalid options are specified" do
|
@@ -66,9 +67,9 @@ describe Puppet::Network::HTTP::Connection do
|
|
66
67
|
|
67
68
|
it "raises if the wrong verifier class is specified" do
|
68
69
|
expect {
|
69
|
-
klass.new(host, port, :verifier =>
|
70
|
+
klass.new(host, port, :verifier => Object.new)
|
70
71
|
}.to raise_error(ArgumentError,
|
71
|
-
"Expected an instance of Puppet::SSL::Verifier but was passed a
|
72
|
+
"Expected an instance of Puppet::SSL::Verifier but was passed a Object")
|
72
73
|
end
|
73
74
|
end
|
74
75
|
end
|
@@ -306,8 +307,6 @@ describe Puppet::Network::HTTP::Connection do
|
|
306
307
|
end
|
307
308
|
|
308
309
|
it 'defaults content-type to application/x-www-form-urlencoded' do
|
309
|
-
skip("Net::HTTP sends a default content-type header, but it's not visible to webmock") if legacy_api
|
310
|
-
|
311
310
|
stub_request(:put, url).with(headers: {'Content-Type' => 'application/x-www-form-urlencoded'})
|
312
311
|
|
313
312
|
subject.put(path, '')
|
@@ -362,8 +361,6 @@ describe Puppet::Network::HTTP::Connection do
|
|
362
361
|
end
|
363
362
|
|
364
363
|
it 'defaults content-type to application/x-www-form-urlencoded' do
|
365
|
-
skip("Net::HTTP sends a default content-type header, but it's not visible to webmock") if legacy_api
|
366
|
-
|
367
364
|
stub_request(:post, url).with(headers: {'Content-Type' => 'application/x-www-form-urlencoded'})
|
368
365
|
|
369
366
|
subject.post(path, "")
|
@@ -425,7 +422,7 @@ describe Puppet::Network::HTTP::Connection do
|
|
425
422
|
|
426
423
|
def create_connection(options = {})
|
427
424
|
options[:use_ssl] = false
|
428
|
-
options[:
|
425
|
+
options[:verifier] = verifier
|
429
426
|
subject.new(host, port, options)
|
430
427
|
end
|
431
428
|
|
@@ -474,15 +471,9 @@ describe Puppet::Network::HTTP::Connection do
|
|
474
471
|
it 'raises an exception when the location header is missing' do
|
475
472
|
stub_request(:get, "http://me.example.com:8140/").to_return(status: 302)
|
476
473
|
|
477
|
-
|
478
|
-
expect {
|
479
|
-
create_connection.get('/')
|
480
|
-
}.to raise_error(URI::InvalidURIError, /bad URI/)
|
481
|
-
else
|
482
|
-
expect {
|
474
|
+
expect {
|
483
475
|
create_connection.get('/')
|
484
476
|
}.to raise_error(Puppet::HTTP::ProtocolError, /Location response header is missing/)
|
485
|
-
end
|
486
477
|
end
|
487
478
|
end
|
488
479
|
|
@@ -503,14 +494,9 @@ describe Puppet::Network::HTTP::Connection do
|
|
503
494
|
it "should return a 503 response if Retry-After is not convertible to an Integer or RFC 2822 Date" do
|
504
495
|
retry_after('foo')
|
505
496
|
|
506
|
-
|
507
|
-
|
508
|
-
|
509
|
-
else
|
510
|
-
expect {
|
511
|
-
subject.get('/foo')
|
512
|
-
}.to raise_error(Puppet::HTTP::ProtocolError, /Failed to parse Retry-After header 'foo'/)
|
513
|
-
end
|
497
|
+
expect {
|
498
|
+
subject.get('/foo')
|
499
|
+
}.to raise_error(Puppet::HTTP::ProtocolError, /Failed to parse Retry-After header 'foo'/)
|
514
500
|
end
|
515
501
|
|
516
502
|
it "should close the connection before sleeping" do
|
@@ -525,11 +511,7 @@ describe Puppet::Network::HTTP::Connection do
|
|
525
511
|
allow(http1).to receive(:started?).and_return(true)
|
526
512
|
|
527
513
|
# The "with_connection" method is required to yield started connections
|
528
|
-
pool =
|
529
|
-
Puppet.lookup(:http_pool)
|
530
|
-
else
|
531
|
-
Puppet.runtime[:http].pool
|
532
|
-
end
|
514
|
+
pool = Puppet.runtime[:http].pool
|
533
515
|
|
534
516
|
allow(pool).to receive(:with_connection).and_yield(http1).and_yield(http2)
|
535
517
|
|
@@ -649,10 +631,6 @@ describe Puppet::Network::HTTP::Connection do
|
|
649
631
|
end
|
650
632
|
|
651
633
|
describe Puppet::Network::HTTP::Connection do
|
652
|
-
it_behaves_like "an HTTP connection", described_class
|
653
|
-
end
|
654
|
-
|
655
|
-
describe Puppet::Network::HTTP::ConnectionAdapter do
|
656
|
-
it_behaves_like "an HTTP connection", described_class, false
|
634
|
+
it_behaves_like "an HTTP connection", described_class
|
657
635
|
end
|
658
636
|
end
|