puppet 6.20.0-x64-mingw32 → 7.0.0-x64-mingw32

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of puppet might be problematic. Click here for more details.

Files changed (484) hide show
  1. checksums.yaml +4 -4
  2. data/CODEOWNERS +16 -2
  3. data/Gemfile +0 -2
  4. data/Gemfile.lock +18 -24
  5. data/README.md +1 -1
  6. data/conf/fileserver.conf +5 -10
  7. data/ext/build_defaults.yaml +1 -1
  8. data/ext/osx/file_mapping.yaml +0 -5
  9. data/ext/project_data.yaml +1 -14
  10. data/ext/redhat/puppet.spec.erb +0 -1
  11. data/ext/windows/service/daemon.rb +6 -5
  12. data/install.rb +21 -17
  13. data/lib/puppet.rb +11 -20
  14. data/lib/puppet/application.rb +178 -108
  15. data/lib/puppet/application/agent.rb +0 -1
  16. data/lib/puppet/application/apply.rb +2 -3
  17. data/lib/puppet/application/device.rb +100 -105
  18. data/lib/puppet/application/filebucket.rb +13 -9
  19. data/lib/puppet/application/script.rb +0 -1
  20. data/lib/puppet/application/ssl.rb +1 -1
  21. data/lib/puppet/application_support.rb +0 -7
  22. data/lib/puppet/configurer.rb +30 -45
  23. data/lib/puppet/configurer/plugin_handler.rb +21 -19
  24. data/lib/puppet/defaults.rb +97 -167
  25. data/lib/puppet/environments.rb +59 -58
  26. data/lib/puppet/face/facts.rb +51 -51
  27. data/lib/puppet/face/help.rb +1 -1
  28. data/lib/puppet/face/plugin.rb +5 -8
  29. data/lib/puppet/ffi/windows.rb +12 -0
  30. data/lib/puppet/ffi/windows/api_types.rb +311 -0
  31. data/lib/puppet/ffi/windows/constants.rb +404 -0
  32. data/lib/puppet/ffi/windows/functions.rb +628 -0
  33. data/lib/puppet/ffi/windows/structs.rb +338 -0
  34. data/lib/puppet/file_serving/configuration.rb +0 -5
  35. data/lib/puppet/file_serving/configuration/parser.rb +3 -32
  36. data/lib/puppet/file_serving/http_metadata.rb +1 -1
  37. data/lib/puppet/file_serving/mount.rb +1 -2
  38. data/lib/puppet/forge/repository.rb +0 -1
  39. data/lib/puppet/generate/models/type/type.rb +4 -1
  40. data/lib/puppet/http.rb +22 -13
  41. data/lib/puppet/http/client.rb +164 -114
  42. data/lib/puppet/{network/resolver.rb → http/dns.rb} +2 -2
  43. data/lib/puppet/http/errors.rb +16 -0
  44. data/lib/puppet/http/external_client.rb +5 -7
  45. data/lib/puppet/{network/http → http}/factory.rb +8 -11
  46. data/lib/puppet/{network/http → http}/pool.rb +61 -26
  47. data/lib/puppet/{network/http/session.rb → http/pool_entry.rb} +2 -3
  48. data/lib/puppet/http/proxy.rb +137 -0
  49. data/lib/puppet/http/redirector.rb +4 -12
  50. data/lib/puppet/http/resolver.rb +5 -15
  51. data/lib/puppet/http/resolver/server_list.rb +6 -10
  52. data/lib/puppet/http/resolver/settings.rb +4 -7
  53. data/lib/puppet/http/resolver/srv.rb +7 -11
  54. data/lib/puppet/http/response.rb +36 -54
  55. data/lib/puppet/http/response_converter.rb +24 -0
  56. data/lib/puppet/http/response_net_http.rb +42 -0
  57. data/lib/puppet/http/retry_after_handler.rb +4 -13
  58. data/lib/puppet/http/service.rb +12 -26
  59. data/lib/puppet/http/service/ca.rb +11 -22
  60. data/lib/puppet/http/service/compiler.rb +22 -69
  61. data/lib/puppet/http/service/file_server.rb +18 -27
  62. data/lib/puppet/http/service/puppetserver.rb +26 -12
  63. data/lib/puppet/http/service/report.rb +8 -10
  64. data/lib/puppet/http/session.rb +11 -20
  65. data/lib/puppet/{network/http → http}/site.rb +1 -2
  66. data/lib/puppet/indirector/catalog/rest.rb +2 -4
  67. data/lib/puppet/indirector/facts/facter.rb +24 -3
  68. data/lib/puppet/indirector/facts/rest.rb +3 -22
  69. data/lib/puppet/indirector/file_bucket_file/rest.rb +3 -9
  70. data/lib/puppet/indirector/file_content/rest.rb +2 -6
  71. data/lib/puppet/indirector/file_metadata/rest.rb +3 -9
  72. data/lib/puppet/indirector/file_server.rb +1 -8
  73. data/lib/puppet/indirector/generic_http.rb +0 -11
  74. data/lib/puppet/indirector/node/rest.rb +2 -4
  75. data/lib/puppet/indirector/report/rest.rb +3 -8
  76. data/lib/puppet/indirector/request.rb +0 -101
  77. data/lib/puppet/indirector/rest.rb +12 -263
  78. data/lib/puppet/module_tool/applications.rb +0 -1
  79. data/lib/puppet/module_tool/applications/installer.rb +2 -48
  80. data/lib/puppet/module_tool/errors/shared.rb +2 -17
  81. data/lib/puppet/network/authconfig.rb +2 -96
  82. data/lib/puppet/network/authorization.rb +13 -35
  83. data/lib/puppet/network/http.rb +3 -3
  84. data/lib/puppet/network/http/api/indirected_routes.rb +2 -20
  85. data/lib/puppet/network/http/api/master/v3.rb +11 -13
  86. data/lib/puppet/network/http/connection.rb +247 -316
  87. data/lib/puppet/network/http/handler.rb +0 -1
  88. data/lib/puppet/network/http_pool.rb +16 -34
  89. data/lib/puppet/node.rb +1 -30
  90. data/lib/puppet/pal/json_catalog_encoder.rb +4 -0
  91. data/lib/puppet/pal/pal_impl.rb +3 -1
  92. data/lib/puppet/parser/ast/leaf.rb +2 -3
  93. data/lib/puppet/parser/ast/pops_bridge.rb +0 -38
  94. data/lib/puppet/parser/compiler.rb +0 -198
  95. data/lib/puppet/parser/compiler/catalog_validator/relationship_validator.rb +14 -39
  96. data/lib/puppet/parser/resource.rb +0 -69
  97. data/lib/puppet/parser/templatewrapper.rb +1 -1
  98. data/lib/puppet/pops/evaluator/deferred_resolver.rb +3 -5
  99. data/lib/puppet/pops/evaluator/evaluator_impl.rb +0 -5
  100. data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +3 -3
  101. data/lib/puppet/pops/evaluator/runtime3_support.rb +1 -1
  102. data/lib/puppet/pops/issues.rb +0 -5
  103. data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +6 -8
  104. data/lib/puppet/pops/model/ast.pp +0 -42
  105. data/lib/puppet/pops/model/ast.rb +0 -290
  106. data/lib/puppet/pops/model/ast_transformer.rb +1 -1
  107. data/lib/puppet/pops/model/factory.rb +0 -45
  108. data/lib/puppet/pops/model/model_label_provider.rb +0 -5
  109. data/lib/puppet/pops/model/model_tree_dumper.rb +0 -22
  110. data/lib/puppet/pops/model/pn_transformer.rb +0 -16
  111. data/lib/puppet/pops/parser/egrammar.ra +0 -56
  112. data/lib/puppet/pops/parser/eparser.rb +1520 -1712
  113. data/lib/puppet/pops/parser/lexer2.rb +4 -4
  114. data/lib/puppet/pops/parser/parser_support.rb +0 -5
  115. data/lib/puppet/pops/resource/resource_type_impl.rb +2 -24
  116. data/lib/puppet/pops/types/type_calculator.rb +0 -7
  117. data/lib/puppet/pops/types/type_parser.rb +0 -4
  118. data/lib/puppet/pops/types/types.rb +0 -1
  119. data/lib/puppet/pops/validation/checker4_0.rb +9 -37
  120. data/lib/puppet/pops/validation/tasks_checker.rb +0 -12
  121. data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -2
  122. data/lib/puppet/provider.rb +0 -13
  123. data/lib/puppet/provider/nameservice.rb +0 -18
  124. data/lib/puppet/provider/package/apt.rb +0 -4
  125. data/lib/puppet/provider/package/dpkg.rb +0 -10
  126. data/lib/puppet/provider/package/gem.rb +23 -3
  127. data/lib/puppet/provider/package/pip.rb +0 -1
  128. data/lib/puppet/provider/package/pkg.rb +0 -4
  129. data/lib/puppet/provider/package/portage.rb +1 -1
  130. data/lib/puppet/provider/package/puppet_gem.rb +1 -4
  131. data/lib/puppet/provider/service/smf.rb +191 -73
  132. data/lib/puppet/provider/user/aix.rb +2 -2
  133. data/lib/puppet/provider/user/directoryservice.rb +0 -10
  134. data/lib/puppet/reference/configuration.rb +7 -6
  135. data/lib/puppet/reference/indirection.rb +1 -1
  136. data/lib/puppet/resource.rb +1 -89
  137. data/lib/puppet/resource/catalog.rb +1 -14
  138. data/lib/puppet/resource/type.rb +3 -119
  139. data/lib/puppet/resource/type_collection.rb +3 -48
  140. data/lib/puppet/runtime.rb +1 -2
  141. data/lib/puppet/settings.rb +73 -66
  142. data/lib/puppet/settings/integer_setting.rb +17 -0
  143. data/lib/puppet/settings/port_setting.rb +15 -0
  144. data/lib/puppet/settings/priority_setting.rb +5 -4
  145. data/lib/puppet/ssl.rb +10 -6
  146. data/lib/puppet/ssl/base.rb +3 -5
  147. data/lib/puppet/ssl/certificate.rb +0 -6
  148. data/lib/puppet/ssl/certificate_request.rb +1 -12
  149. data/lib/puppet/ssl/certificate_signer.rb +6 -0
  150. data/lib/puppet/ssl/oids.rb +3 -1
  151. data/lib/puppet/ssl/ssl_provider.rb +17 -0
  152. data/lib/puppet/ssl/state_machine.rb +3 -1
  153. data/lib/puppet/ssl/verifier.rb +2 -0
  154. data/lib/puppet/test/test_helper.rb +1 -3
  155. data/lib/puppet/transaction.rb +1 -7
  156. data/lib/puppet/transaction/report.rb +2 -4
  157. data/lib/puppet/type.rb +0 -76
  158. data/lib/puppet/type/file.rb +5 -7
  159. data/lib/puppet/type/file/checksum.rb +1 -1
  160. data/lib/puppet/type/file/source.rb +1 -1
  161. data/lib/puppet/type/filebucket.rb +3 -3
  162. data/lib/puppet/type/package.rb +5 -13
  163. data/lib/puppet/util/autoload.rb +8 -1
  164. data/lib/puppet/util/execution.rb +0 -11
  165. data/lib/puppet/util/http_proxy.rb +2 -215
  166. data/lib/puppet/util/monkey_patches.rb +0 -46
  167. data/lib/puppet/util/posix.rb +5 -54
  168. data/lib/puppet/util/rdoc.rb +0 -7
  169. data/lib/puppet/util/retry_action.rb +1 -1
  170. data/lib/puppet/util/run_mode.rb +9 -1
  171. data/lib/puppet/util/windows.rb +3 -8
  172. data/lib/puppet/util/windows/daemon.rb +360 -0
  173. data/lib/puppet/util/windows/error.rb +1 -0
  174. data/lib/puppet/util/windows/eventlog.rb +4 -9
  175. data/lib/puppet/util/windows/file.rb +8 -242
  176. data/lib/puppet/util/windows/monkey_patches/process.rb +414 -0
  177. data/lib/puppet/util/windows/process.rb +4 -226
  178. data/lib/puppet/util/windows/service.rb +9 -460
  179. data/lib/puppet/util/windows/string.rb +12 -13
  180. data/lib/puppet/util/yaml.rb +0 -22
  181. data/lib/puppet/vendor/require_vendored.rb +0 -1
  182. data/lib/puppet/version.rb +1 -1
  183. data/lib/puppet/x509.rb +5 -1
  184. data/lib/puppet/x509/cert_provider.rb +29 -1
  185. data/locales/puppet.pot +587 -1312
  186. data/man/man5/puppet.conf.5 +39 -99
  187. data/man/man8/puppet-agent.8 +2 -2
  188. data/man/man8/puppet-apply.8 +2 -2
  189. data/man/man8/puppet-catalog.8 +1 -1
  190. data/man/man8/puppet-config.8 +1 -1
  191. data/man/man8/puppet-describe.8 +1 -1
  192. data/man/man8/puppet-device.8 +2 -2
  193. data/man/man8/puppet-doc.8 +1 -1
  194. data/man/man8/puppet-epp.8 +1 -1
  195. data/man/man8/puppet-facts.8 +51 -36
  196. data/man/man8/puppet-filebucket.8 +4 -4
  197. data/man/man8/puppet-generate.8 +1 -1
  198. data/man/man8/puppet-help.8 +1 -1
  199. data/man/man8/puppet-lookup.8 +1 -1
  200. data/man/man8/puppet-module.8 +1 -58
  201. data/man/man8/puppet-node.8 +1 -1
  202. data/man/man8/puppet-parser.8 +1 -1
  203. data/man/man8/puppet-plugin.8 +1 -1
  204. data/man/man8/puppet-report.8 +1 -1
  205. data/man/man8/puppet-resource.8 +1 -1
  206. data/man/man8/puppet-script.8 +2 -2
  207. data/man/man8/puppet-ssl.8 +1 -1
  208. data/man/man8/puppet.8 +2 -2
  209. data/spec/fixtures/unit/provider/service/smf/{svcs.out → svcs_instances.out} +0 -0
  210. data/spec/fixtures/unit/provider/user/aix/aix_passwd_file.out +0 -4
  211. data/spec/integration/application/agent_spec.rb +27 -138
  212. data/spec/integration/application/apply_spec.rb +1 -20
  213. data/spec/integration/application/filebucket_spec.rb +16 -16
  214. data/spec/integration/application/help_spec.rb +2 -0
  215. data/spec/integration/application/plugin_spec.rb +23 -1
  216. data/spec/integration/defaults_spec.rb +14 -3
  217. data/spec/integration/network/http_pool_spec.rb +3 -21
  218. data/spec/integration/parser/catalog_spec.rb +0 -38
  219. data/spec/integration/parser/node_spec.rb +0 -9
  220. data/spec/integration/parser/pcore_resource_spec.rb +0 -37
  221. data/spec/integration/resource/type_collection_spec.rb +6 -2
  222. data/spec/integration/transaction_spec.rb +9 -4
  223. data/spec/integration/type/file_spec.rb +5 -4
  224. data/spec/integration/util/windows/adsi_spec.rb +1 -3
  225. data/spec/integration/util/windows/monkey_patches/process_spec.rb +231 -0
  226. data/spec/integration/util/windows/registry_spec.rb +10 -0
  227. data/spec/integration/util/windows/security_spec.rb +1 -1
  228. data/spec/lib/puppet_spec/puppetserver.rb +1 -1
  229. data/spec/lib/puppet_spec/settings.rb +1 -0
  230. data/spec/spec_helper.rb +6 -1
  231. data/spec/unit/agent_spec.rb +6 -10
  232. data/spec/unit/application/agent_spec.rb +1 -0
  233. data/spec/unit/application/facts_spec.rb +35 -0
  234. data/spec/unit/application/filebucket_spec.rb +43 -39
  235. data/spec/unit/application/ssl_spec.rb +2 -2
  236. data/spec/unit/application_spec.rb +9 -51
  237. data/spec/unit/certificate_factory_spec.rb +1 -1
  238. data/spec/unit/configurer/downloader_spec.rb +6 -2
  239. data/spec/unit/configurer/plugin_handler_spec.rb +56 -18
  240. data/spec/unit/configurer_spec.rb +12 -9
  241. data/spec/unit/confine/feature_spec.rb +1 -1
  242. data/spec/unit/confine_spec.rb +2 -8
  243. data/spec/unit/context/trusted_information_spec.rb +2 -6
  244. data/spec/unit/defaults_spec.rb +72 -42
  245. data/spec/unit/environments_spec.rb +19 -99
  246. data/spec/unit/face/facts_spec.rb +4 -0
  247. data/spec/unit/face/node_spec.rb +11 -0
  248. data/spec/unit/face/plugin_spec.rb +73 -33
  249. data/spec/unit/file_bucket/file_spec.rb +1 -1
  250. data/spec/unit/file_serving/configuration/parser_spec.rb +15 -18
  251. data/spec/unit/file_serving/configuration_spec.rb +6 -12
  252. data/spec/unit/file_serving/metadata_spec.rb +3 -3
  253. data/spec/unit/file_serving/terminus_helper_spec.rb +4 -11
  254. data/spec/unit/forge/module_release_spec.rb +7 -2
  255. data/spec/unit/functions/camelcase_spec.rb +1 -1
  256. data/spec/unit/functions/capitalize_spec.rb +1 -1
  257. data/spec/unit/functions/downcase_spec.rb +1 -1
  258. data/spec/unit/functions/upcase_spec.rb +1 -1
  259. data/spec/unit/http/client_spec.rb +7 -8
  260. data/spec/unit/{network/resolver_spec.rb → http/dns_spec.rb} +3 -3
  261. data/spec/unit/http/external_client_spec.rb +4 -4
  262. data/spec/unit/{network/http → http}/factory_spec.rb +5 -11
  263. data/spec/unit/{network/http/session_spec.rb → http/pool_entry_spec.rb} +3 -3
  264. data/spec/unit/{network/http → http}/pool_spec.rb +12 -17
  265. data/spec/unit/{util/http_proxy_spec.rb → http/proxy_spec.rb} +2 -69
  266. data/spec/unit/http/resolver_spec.rb +13 -13
  267. data/spec/unit/http/service/compiler_spec.rb +0 -62
  268. data/spec/unit/http/service/file_server_spec.rb +3 -3
  269. data/spec/unit/http/service/puppetserver_spec.rb +34 -4
  270. data/spec/unit/http/service_spec.rb +0 -1
  271. data/spec/unit/http/session_spec.rb +16 -14
  272. data/spec/unit/{network/http → http}/site_spec.rb +3 -3
  273. data/spec/unit/indirector/face_spec.rb +1 -0
  274. data/spec/unit/indirector/facts/facter_spec.rb +98 -0
  275. data/spec/unit/indirector/file_bucket_file/file_spec.rb +5 -3
  276. data/spec/unit/indirector/file_bucket_file/selector_spec.rb +8 -26
  277. data/spec/unit/indirector/file_content/rest_spec.rb +0 -4
  278. data/spec/unit/indirector/file_metadata/rest_spec.rb +0 -4
  279. data/spec/unit/indirector/file_server_spec.rb +1 -15
  280. data/spec/unit/indirector/indirection_spec.rb +12 -8
  281. data/spec/unit/indirector/report/rest_spec.rb +2 -17
  282. data/spec/unit/indirector/request_spec.rb +0 -264
  283. data/spec/unit/indirector/rest_spec.rb +98 -752
  284. data/spec/unit/indirector_spec.rb +2 -2
  285. data/spec/unit/module_tool/applications/installer_spec.rb +0 -66
  286. data/spec/unit/network/authconfig_spec.rb +2 -129
  287. data/spec/unit/network/authorization_spec.rb +2 -55
  288. data/spec/unit/network/formats_spec.rb +4 -4
  289. data/spec/unit/network/http/api/indirected_routes_spec.rb +5 -92
  290. data/spec/unit/network/http/api/master/v3_spec.rb +28 -7
  291. data/spec/unit/network/http/api_spec.rb +10 -0
  292. data/spec/unit/network/http/connection_spec.rb +19 -41
  293. data/spec/unit/network/http/handler_spec.rb +0 -1
  294. data/spec/unit/network/http_pool_spec.rb +0 -4
  295. data/spec/unit/node/environment_spec.rb +33 -21
  296. data/spec/unit/node_spec.rb +2 -54
  297. data/spec/unit/parser/compiler_spec.rb +19 -3
  298. data/spec/unit/parser/functions/create_resources_spec.rb +2 -20
  299. data/spec/unit/parser/resource_spec.rb +8 -14
  300. data/spec/unit/parser/templatewrapper_spec.rb +3 -4
  301. data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +4 -7
  302. data/spec/unit/pops/loaders/loaders_spec.rb +6 -21
  303. data/spec/unit/pops/parser/parse_application_spec.rb +4 -22
  304. data/spec/unit/pops/parser/parse_basic_expressions_spec.rb +0 -1
  305. data/spec/unit/pops/parser/parse_capabilities_spec.rb +8 -21
  306. data/spec/unit/pops/parser/parse_site_spec.rb +20 -24
  307. data/spec/unit/pops/resource/resource_type_impl_spec.rb +0 -71
  308. data/spec/unit/pops/serialization/to_from_hr_spec.rb +1 -1
  309. data/spec/unit/pops/types/type_calculator_spec.rb +6 -6
  310. data/spec/unit/pops/types/type_factory_spec.rb +1 -1
  311. data/spec/unit/pops/validator/validator_spec.rb +61 -46
  312. data/spec/unit/pops/visitor_spec.rb +1 -1
  313. data/spec/unit/property_spec.rb +0 -1
  314. data/spec/unit/provider/nameservice_spec.rb +64 -122
  315. data/spec/unit/provider/package/apt_spec.rb +8 -4
  316. data/spec/unit/provider/package/base_spec.rb +5 -6
  317. data/spec/unit/provider/package/dpkg_spec.rb +0 -48
  318. data/spec/unit/provider/package/gem_spec.rb +32 -0
  319. data/spec/unit/provider/package/pacman_spec.rb +12 -18
  320. data/spec/unit/provider/package/pip_spec.rb +11 -6
  321. data/spec/unit/provider/package/pkgdmg_spec.rb +4 -0
  322. data/spec/unit/provider/package/puppet_gem_spec.rb +3 -2
  323. data/spec/unit/provider/service/smf_spec.rb +401 -165
  324. data/spec/unit/provider/service/windows_spec.rb +0 -1
  325. data/spec/unit/provider/user/aix_spec.rb +0 -5
  326. data/spec/unit/provider/user/hpux_spec.rb +1 -1
  327. data/spec/unit/provider/user/pw_spec.rb +0 -2
  328. data/spec/unit/provider/user/useradd_spec.rb +0 -1
  329. data/spec/unit/provider_spec.rb +8 -18
  330. data/spec/unit/resource/type_collection_spec.rb +2 -22
  331. data/spec/unit/resource/type_spec.rb +1 -1
  332. data/spec/unit/resource_spec.rb +10 -67
  333. data/spec/unit/settings/http_extra_headers_spec.rb +2 -4
  334. data/spec/unit/settings/integer_setting_spec.rb +42 -0
  335. data/spec/unit/settings/port_setting_spec.rb +31 -0
  336. data/spec/unit/settings/priority_setting_spec.rb +4 -4
  337. data/spec/unit/settings_spec.rb +23 -13
  338. data/spec/unit/ssl/base_spec.rb +37 -3
  339. data/spec/unit/ssl/certificate_request_spec.rb +15 -45
  340. data/spec/unit/ssl/certificate_spec.rb +2 -11
  341. data/spec/unit/ssl/ssl_provider_spec.rb +2 -5
  342. data/spec/unit/ssl/state_machine_spec.rb +0 -1
  343. data/spec/unit/ssl/verifier_spec.rb +0 -21
  344. data/spec/unit/transaction/additional_resource_generator_spec.rb +7 -3
  345. data/spec/unit/transaction/event_manager_spec.rb +11 -14
  346. data/spec/unit/transaction/report_spec.rb +0 -2
  347. data/spec/unit/transaction/resource_harness_spec.rb +2 -2
  348. data/spec/unit/transaction_spec.rb +48 -91
  349. data/spec/unit/type/file/checksum_spec.rb +6 -6
  350. data/spec/unit/type/file/content_spec.rb +2 -1
  351. data/spec/unit/type/file/ensure_spec.rb +1 -1
  352. data/spec/unit/type/file/mode_spec.rb +1 -1
  353. data/spec/unit/type/file/selinux_spec.rb +2 -0
  354. data/spec/unit/type/file/source_spec.rb +0 -1
  355. data/spec/unit/type/file_spec.rb +18 -6
  356. data/spec/unit/type/group_spec.rb +6 -13
  357. data/spec/unit/type/package_spec.rb +1 -1
  358. data/spec/unit/type/resources_spec.rb +7 -7
  359. data/spec/unit/type/service_spec.rb +1 -1
  360. data/spec/unit/type/tidy_spec.rb +1 -0
  361. data/spec/unit/type_spec.rb +22 -2
  362. data/spec/unit/util/at_fork_spec.rb +2 -2
  363. data/spec/unit/util/autoload_spec.rb +1 -5
  364. data/spec/unit/util/backups_spec.rb +2 -3
  365. data/spec/unit/util/execution_spec.rb +11 -44
  366. data/spec/unit/util/inifile_spec.rb +14 -6
  367. data/spec/unit/util/log_spec.rb +7 -8
  368. data/spec/unit/util/logging_spec.rb +3 -3
  369. data/spec/unit/util/monkey_patches_spec.rb +0 -6
  370. data/spec/unit/util/posix_spec.rb +15 -363
  371. data/spec/unit/util/run_mode_spec.rb +21 -121
  372. data/spec/unit/util/selinux_spec.rb +52 -76
  373. data/spec/unit/util/storage_spec.rb +1 -3
  374. data/spec/unit/util/suidmanager_spec.rb +41 -44
  375. data/spec/unit/util/windows/string_spec.rb +1 -3
  376. data/spec/unit/util/yaml_spec.rb +0 -54
  377. data/spec/unit/util_spec.rb +6 -31
  378. metadata +40 -233
  379. data/conf/auth.conf +0 -150
  380. data/lib/puppet/application/cert.rb +0 -76
  381. data/lib/puppet/application/key.rb +0 -4
  382. data/lib/puppet/application/man.rb +0 -4
  383. data/lib/puppet/application/status.rb +0 -4
  384. data/lib/puppet/face/key.rb +0 -16
  385. data/lib/puppet/face/man.rb +0 -145
  386. data/lib/puppet/face/module/build.rb +0 -14
  387. data/lib/puppet/face/module/generate.rb +0 -14
  388. data/lib/puppet/face/module/search.rb +0 -103
  389. data/lib/puppet/face/status.rb +0 -51
  390. data/lib/puppet/ffi/posix.rb +0 -10
  391. data/lib/puppet/ffi/posix/constants.rb +0 -14
  392. data/lib/puppet/ffi/posix/functions.rb +0 -24
  393. data/lib/puppet/indirector/certificate/file.rb +0 -9
  394. data/lib/puppet/indirector/certificate/rest.rb +0 -18
  395. data/lib/puppet/indirector/certificate_request/file.rb +0 -9
  396. data/lib/puppet/indirector/certificate_request/memory.rb +0 -7
  397. data/lib/puppet/indirector/certificate_request/rest.rb +0 -11
  398. data/lib/puppet/indirector/file_content/http.rb +0 -22
  399. data/lib/puppet/indirector/key/file.rb +0 -46
  400. data/lib/puppet/indirector/key/memory.rb +0 -7
  401. data/lib/puppet/indirector/ssl_file.rb +0 -162
  402. data/lib/puppet/indirector/status.rb +0 -3
  403. data/lib/puppet/indirector/status/local.rb +0 -12
  404. data/lib/puppet/indirector/status/rest.rb +0 -27
  405. data/lib/puppet/module_tool/applications/searcher.rb +0 -29
  406. data/lib/puppet/network/auth_config_parser.rb +0 -90
  407. data/lib/puppet/network/authstore.rb +0 -283
  408. data/lib/puppet/network/http/api/master/v3/authorization.rb +0 -18
  409. data/lib/puppet/network/http/api/master/v3/environment.rb +0 -88
  410. data/lib/puppet/network/http/base_pool.rb +0 -36
  411. data/lib/puppet/network/http/compression.rb +0 -127
  412. data/lib/puppet/network/http/connection_adapter.rb +0 -184
  413. data/lib/puppet/network/http/nocache_pool.rb +0 -28
  414. data/lib/puppet/network/rest_controller.rb +0 -2
  415. data/lib/puppet/network/rights.rb +0 -210
  416. data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +0 -66
  417. data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +0 -22
  418. data/lib/puppet/parser/environment_compiler.rb +0 -202
  419. data/lib/puppet/pops/types/enumeration.rb +0 -16
  420. data/lib/puppet/resource/capability_finder.rb +0 -154
  421. data/lib/puppet/rest/errors.rb +0 -15
  422. data/lib/puppet/rest/response.rb +0 -35
  423. data/lib/puppet/rest/route.rb +0 -85
  424. data/lib/puppet/rest/routes.rb +0 -135
  425. data/lib/puppet/settings/alias_setting.rb +0 -37
  426. data/lib/puppet/ssl/host.rb +0 -505
  427. data/lib/puppet/ssl/key.rb +0 -61
  428. data/lib/puppet/ssl/validator.rb +0 -61
  429. data/lib/puppet/ssl/validator/default_validator.rb +0 -209
  430. data/lib/puppet/ssl/validator/no_validator.rb +0 -22
  431. data/lib/puppet/ssl/verifier_adapter.rb +0 -58
  432. data/lib/puppet/status.rb +0 -40
  433. data/lib/puppet/util/connection.rb +0 -88
  434. data/lib/puppet/util/fact_dif.rb +0 -62
  435. data/lib/puppet/util/ssl.rb +0 -83
  436. data/lib/puppet/util/windows/api_types.rb +0 -309
  437. data/lib/puppet/util/windows/monkey_patches/dir.rb +0 -40
  438. data/lib/puppet/vendor/load_pathspec.rb +0 -1
  439. data/lib/puppet/vendor/pathspec/CHANGELOG.md +0 -2
  440. data/lib/puppet/vendor/pathspec/LICENSE +0 -201
  441. data/lib/puppet/vendor/pathspec/PUPPET_README.md +0 -6
  442. data/lib/puppet/vendor/pathspec/README.md +0 -53
  443. data/lib/puppet/vendor/pathspec/lib/pathspec.rb +0 -122
  444. data/lib/puppet/vendor/pathspec/lib/pathspec/gitignorespec.rb +0 -275
  445. data/lib/puppet/vendor/pathspec/lib/pathspec/regexspec.rb +0 -17
  446. data/lib/puppet/vendor/pathspec/lib/pathspec/spec.rb +0 -14
  447. data/man/man8/puppet-key.8 +0 -126
  448. data/man/man8/puppet-man.8 +0 -76
  449. data/man/man8/puppet-status.8 +0 -108
  450. data/spec/fixtures/integration/application/agent/cached_deferred_catalog.json +0 -91
  451. data/spec/integration/network/authconfig_spec.rb +0 -256
  452. data/spec/integration/util/windows/monkey_patches/dir_spec.rb +0 -11
  453. data/spec/unit/application/man_spec.rb +0 -52
  454. data/spec/unit/capability_spec.rb +0 -414
  455. data/spec/unit/face/key_spec.rb +0 -9
  456. data/spec/unit/face/module/search_spec.rb +0 -231
  457. data/spec/unit/face/status_spec.rb +0 -9
  458. data/spec/unit/indirector/certificate/file_spec.rb +0 -14
  459. data/spec/unit/indirector/certificate/rest_spec.rb +0 -61
  460. data/spec/unit/indirector/certificate_request/file_spec.rb +0 -14
  461. data/spec/unit/indirector/certificate_request/rest_spec.rb +0 -25
  462. data/spec/unit/indirector/key/file_spec.rb +0 -78
  463. data/spec/unit/indirector/ssl_file_spec.rb +0 -305
  464. data/spec/unit/indirector/status/local_spec.rb +0 -10
  465. data/spec/unit/indirector/status/rest_spec.rb +0 -50
  466. data/spec/unit/module_tool/applications/searcher_spec.rb +0 -38
  467. data/spec/unit/network/auth_config_parser_spec.rb +0 -115
  468. data/spec/unit/network/authstore_spec.rb +0 -422
  469. data/spec/unit/network/http/api/master/v3/authorization_spec.rb +0 -57
  470. data/spec/unit/network/http/api/master/v3/environment_spec.rb +0 -185
  471. data/spec/unit/network/http/compression_spec.rb +0 -240
  472. data/spec/unit/network/http/nocache_pool_spec.rb +0 -64
  473. data/spec/unit/network/http_spec.rb +0 -9
  474. data/spec/unit/network/rights_spec.rb +0 -439
  475. data/spec/unit/parser/environment_compiler_spec.rb +0 -730
  476. data/spec/unit/pops/evaluator/deferred_resolver_spec.rb +0 -20
  477. data/spec/unit/pops/types/enumeration_spec.rb +0 -51
  478. data/spec/unit/resource/capability_finder_spec.rb +0 -148
  479. data/spec/unit/rest/route_spec.rb +0 -132
  480. data/spec/unit/ssl/host_spec.rb +0 -645
  481. data/spec/unit/ssl/key_spec.rb +0 -173
  482. data/spec/unit/ssl/validator_spec.rb +0 -278
  483. data/spec/unit/status_spec.rb +0 -45
  484. data/spec/unit/util/ssl_spec.rb +0 -91
@@ -11,8 +11,7 @@ class Puppet::Runtime
11
11
  @runtime_services = {
12
12
  http: proc do
13
13
  klass = Puppet::Network::HttpPool.http_client_class
14
- if klass == Puppet::Network::HTTP::Connection ||
15
- klass == Puppet::Network::HTTP::ConnectionAdapter
14
+ if klass == Puppet::Network::HTTP::Connection
16
15
  Puppet::HTTP::Client.new
17
16
  else
18
17
  Puppet::HTTP::ExternalClient.new(klass)
@@ -21,6 +21,8 @@ class Puppet::Settings
21
21
  require 'puppet/settings/file_or_directory_setting'
22
22
  require 'puppet/settings/path_setting'
23
23
  require 'puppet/settings/boolean_setting'
24
+ require 'puppet/settings/integer_setting'
25
+ require 'puppet/settings/port_setting'
24
26
  require 'puppet/settings/terminus_setting'
25
27
  require 'puppet/settings/duration_setting'
26
28
  require 'puppet/settings/ttl_setting'
@@ -32,7 +34,6 @@ class Puppet::Settings
32
34
  require 'puppet/settings/server_list_setting'
33
35
  require 'puppet/settings/http_extra_headers_setting'
34
36
  require 'puppet/settings/certificate_revocation_setting'
35
- require 'puppet/settings/alias_setting'
36
37
 
37
38
  # local reference for convenience
38
39
  PuppetOptionParser = Puppet::Util::CommandLine::PuppetOptionParser
@@ -53,13 +54,14 @@ class Puppet::Settings
53
54
  # returns reasonable application default settings values for a given run_mode.
54
55
  def self.app_defaults_for_run_mode(run_mode)
55
56
  {
56
- :name => run_mode.to_s,
57
- :run_mode => run_mode.name,
58
- :confdir => run_mode.conf_dir,
59
- :codedir => run_mode.code_dir,
60
- :vardir => run_mode.var_dir,
61
- :rundir => run_mode.run_dir,
62
- :logdir => run_mode.log_dir,
57
+ :name => run_mode.to_s,
58
+ :run_mode => run_mode.name,
59
+ :confdir => run_mode.conf_dir,
60
+ :codedir => run_mode.code_dir,
61
+ :vardir => run_mode.var_dir,
62
+ :publicdir => run_mode.public_dir,
63
+ :rundir => run_mode.run_dir,
64
+ :logdir => run_mode.log_dir,
63
65
  }
64
66
  end
65
67
 
@@ -386,6 +388,19 @@ class Puppet::Settings
386
388
  call_hooks_deferred_to_application_initialization
387
389
  issue_deprecations
388
390
 
391
+ run_mode = Puppet::Util::RunMode[self.preferred_run_mode]
392
+ if run_mode.agent? || run_mode.server?
393
+ if self.set_in_section?(:masterport, run_mode.name) && !self.set_in_section?(:serverport, run_mode.name)
394
+ self[:serverport] = self[:masterport]
395
+ elsif self.set_by_config?(:masterport) && !self.set_by_config?(:serverport)
396
+ self[:serverport] = self[:masterport]
397
+ elsif self.set_in_section?(:serverport, run_mode.name) && !self.set_in_section?(:masterport, run_mode.name)
398
+ self[:masterport] = self[:serverport]
399
+ elsif self.set_by_config?(:serverport) && !self.set_by_config?(:masterport)
400
+ self[:masterport] = self[:serverport]
401
+ end
402
+ end
403
+
389
404
  REQUIRED_APP_SETTINGS.each do |key|
390
405
  create_ancestors(Puppet[key])
391
406
  end
@@ -720,6 +735,8 @@ class Puppet::Settings
720
735
  :file_or_directory => FileOrDirectorySetting,
721
736
  :path => PathSetting,
722
737
  :boolean => BooleanSetting,
738
+ :integer => IntegerSetting,
739
+ :port => PortSetting,
723
740
  :terminus => TerminusSetting,
724
741
  :duration => DurationSetting,
725
742
  :ttl => TTLSetting,
@@ -730,8 +747,7 @@ class Puppet::Settings
730
747
  :autosign => AutosignSetting,
731
748
  :server_list => ServerListSetting,
732
749
  :http_extra_headers => HttpExtraHeadersSetting,
733
- :certificate_revocation => CertificateRevocationSetting,
734
- :alias => AliasSetting
750
+ :certificate_revocation => CertificateRevocationSetting
735
751
  }
736
752
 
737
753
  # Create a new setting. The value is passed in because it's used to determine
@@ -1074,41 +1090,48 @@ Generated on #{Time.now}.
1074
1090
  # Create the necessary objects to use a section. This is idempotent;
1075
1091
  # you can 'use' a section as many times as you want.
1076
1092
  def use(*sections)
1077
- Puppet.warning(":master section deprecated in favor of :server section") if sections.include?(:master)
1093
+ if Puppet[:settings_catalog]
1094
+ sections = sections.collect { |s| s.to_sym }
1095
+ sections = sections.reject { |s| @used.include?(s) }
1078
1096
 
1079
- # add :server if sections include :master or :master if sections include :server
1080
- sections |= [:master, :server] if (sections & [:master, :server]).any?
1097
+ Puppet.warning(":master section deprecated in favor of :server section") if sections.include?(:master)
1081
1098
 
1082
- sections = sections.collect { |s| s.to_sym }
1083
- sections = sections.reject { |s| @used.include?(s) }
1099
+ # add :server if sections include :master or :master if sections include :server
1100
+ sections |= [:master, :server] if (sections & [:master, :server]).any?
1084
1101
 
1085
- return if sections.empty?
1102
+ sections = sections.collect { |s| s.to_sym }
1103
+ sections = sections.reject { |s| @used.include?(s) }
1086
1104
 
1087
- Puppet.debug { "Applying settings catalog for sections #{sections.join(', ')}" }
1105
+ return if sections.empty?
1088
1106
 
1089
- begin
1090
- catalog = to_catalog(*sections).to_ral
1091
- rescue => detail
1092
- Puppet.log_and_raise(detail, "Could not create resources for managing Puppet's files and directories in sections #{sections.inspect}: #{detail}")
1093
- end
1107
+ Puppet.debug { "Applying settings catalog for sections #{sections.join(', ')}" }
1094
1108
 
1095
- catalog.host_config = false
1096
- catalog.apply do |transaction|
1097
- if transaction.any_failed?
1098
- report = transaction.report
1099
- status_failures = report.resource_statuses.values.select { |r| r.failed? }
1100
- status_fail_msg = status_failures.
1101
- collect(&:events).
1102
- flatten.
1103
- select { |event| event.status == 'failure' }.
1104
- collect { |event| "#{event.resource}: #{event.message}" }.join("; ")
1109
+ begin
1110
+ catalog = to_catalog(*sections).to_ral
1111
+ rescue => detail
1112
+ Puppet.log_and_raise(detail, "Could not create resources for managing Puppet's files and directories in sections #{sections.inspect}: #{detail}")
1113
+ end
1105
1114
 
1106
- raise "Got #{status_failures.length} failure(s) while initializing: #{status_fail_msg}"
1115
+ catalog.host_config = false
1116
+ catalog.apply do |transaction|
1117
+ if transaction.any_failed?
1118
+ report = transaction.report
1119
+ status_failures = report.resource_statuses.values.select { |r| r.failed? }
1120
+ status_fail_msg = status_failures.
1121
+ collect(&:events).
1122
+ flatten.
1123
+ select { |event| event.status == 'failure' }.
1124
+ collect { |event| "#{event.resource}: #{event.message}" }.join("; ")
1125
+
1126
+ raise "Got #{status_failures.length} failure(s) while initializing: #{status_fail_msg}"
1127
+ end
1107
1128
  end
1108
- end
1109
1129
 
1110
- sections.each { |s| @used << s }
1111
- @used.uniq!
1130
+ sections.each { |s| @used << s }
1131
+ @used.uniq!
1132
+ else
1133
+ Puppet.debug("Skipping settings catalog for sections #{sections.join(', ')}")
1134
+ end
1112
1135
  end
1113
1136
 
1114
1137
  def valid?(param)
@@ -1262,37 +1285,27 @@ Generated on #{Time.now}.
1262
1285
  end
1263
1286
 
1264
1287
  def add_environment_resources(catalog, sections)
1288
+ path = self[:environmentpath]
1289
+ envdir = path.split(File::PATH_SEPARATOR).first if path
1265
1290
  configured_environment = self[:environment]
1266
-
1267
- if configured_environment == "production" && !production_environment_exists?
1268
- environment_path = self[:environmentpath]
1269
- first_environment_path = environment_path.split(File::PATH_SEPARATOR).first
1270
-
1271
- if Puppet::FileSystem.exist?(first_environment_path)
1272
- production_environment_path = File.join(first_environment_path, configured_environment)
1291
+ if configured_environment == "production" && envdir && Puppet::FileSystem.exist?(envdir)
1292
+ configured_environment_path = File.join(envdir, configured_environment)
1293
+ # If configured_environment_path is a symlink, assume the source path is being managed
1294
+ # elsewhere, so don't do any of this configuration
1295
+ if !Puppet::FileSystem.symlink?(configured_environment_path)
1273
1296
  parameters = { :ensure => 'directory' }
1274
- parameters[:mode] = '0750'
1275
- if Puppet.features.root?
1276
- parameters[:owner] = Puppet[:user] if service_user_available?
1277
- parameters[:group] = Puppet[:group] if service_group_available?
1297
+ unless Puppet::FileSystem.exist?(configured_environment_path)
1298
+ parameters[:mode] = '0750'
1299
+ if Puppet.features.root?
1300
+ parameters[:owner] = Puppet[:user] if service_user_available?
1301
+ parameters[:group] = Puppet[:group] if service_group_available?
1302
+ end
1278
1303
  end
1279
- catalog.add_resource(Puppet::Resource.new(:file, production_environment_path, :parameters => parameters))
1304
+ catalog.add_resource(Puppet::Resource.new(:file, configured_environment_path, :parameters => parameters))
1280
1305
  end
1281
1306
  end
1282
1307
  end
1283
1308
 
1284
- def production_environment_exists?
1285
- environment_path = self[:environmentpath]
1286
- paths = environment_path.split(File::PATH_SEPARATOR)
1287
-
1288
- paths.any? do |path|
1289
- # If expected_path is a symlink, assume the source path is being managed
1290
- # elsewhere, so accept it also as a valid production environment path
1291
- expected_path = File.join(path, 'production')
1292
- Puppet::FileSystem.directory?(expected_path) || Puppet::FileSystem.symlink?(expected_path)
1293
- end
1294
- end
1295
-
1296
1309
  def add_user_resources(catalog, sections)
1297
1310
  return unless Puppet.features.root?
1298
1311
  return if Puppet::Util::Platform.windows?
@@ -1393,12 +1406,6 @@ Generated on #{Time.now}.
1393
1406
  end
1394
1407
  end
1395
1408
 
1396
- setting = @defaults[name]
1397
- if setting.respond_to?(:alias_name)
1398
- val = lookup(setting.alias_name)
1399
- return val if val
1400
- end
1401
-
1402
1409
  @defaults[name].default
1403
1410
  end
1404
1411
 
@@ -0,0 +1,17 @@
1
+ class Puppet::Settings::IntegerSetting < Puppet::Settings::BaseSetting
2
+ def munge(value)
3
+ return value if Integer === value
4
+
5
+ begin
6
+ value = Integer(value)
7
+ rescue ArgumentError, TypeError
8
+ raise Puppet::Settings::ValidationError, _("Cannot convert '%{value}' to an integer for parameter: %{name}") % { value: value.inspect, name: @name }
9
+ end
10
+
11
+ value
12
+ end
13
+
14
+ def type
15
+ :integer
16
+ end
17
+ end
@@ -0,0 +1,15 @@
1
+ class Puppet::Settings::PortSetting < Puppet::Settings::IntegerSetting
2
+ def munge(value)
3
+ value = super
4
+
5
+ if value < 0 || value > 65535
6
+ raise Puppet::Settings::ValidationError, _("Value '%{value}' is not a valid port number for parameter: %{name}") % { value: value.inspect, name: @name }
7
+ end
8
+
9
+ value
10
+ end
11
+
12
+ def type
13
+ :port
14
+ end
15
+ end
@@ -6,11 +6,12 @@ class Puppet::Settings::PrioritySetting < Puppet::Settings::BaseSetting
6
6
  PRIORITY_MAP =
7
7
  if Puppet::Util::Platform.windows?
8
8
  require 'puppet/util/windows/process'
9
+ require 'puppet/ffi/windows/constants'
9
10
  {
10
- :high => Puppet::Util::Windows::Process::HIGH_PRIORITY_CLASS,
11
- :normal => Puppet::Util::Windows::Process::NORMAL_PRIORITY_CLASS,
12
- :low => Puppet::Util::Windows::Process::BELOW_NORMAL_PRIORITY_CLASS,
13
- :idle => Puppet::Util::Windows::Process::IDLE_PRIORITY_CLASS
11
+ :high => Puppet::FFI::Windows::Constants::HIGH_PRIORITY_CLASS,
12
+ :normal => Puppet::FFI::Windows::Constants::NORMAL_PRIORITY_CLASS,
13
+ :low => Puppet::FFI::Windows::Constants::BELOW_NORMAL_PRIORITY_CLASS,
14
+ :idle => Puppet::FFI::Windows::Constants::IDLE_PRIORITY_CLASS
14
15
  }
15
16
  else
16
17
  {
data/lib/puppet/ssl.rb CHANGED
@@ -2,18 +2,22 @@
2
2
  require 'puppet'
3
3
  require 'puppet/ssl/openssl_loader'
4
4
 
5
+ # Responsible for bootstrapping an agent's certificate and private key, generating
6
+ # SSLContexts for use in making HTTPS connections, and handling CSR attributes and
7
+ # certificate extensions.
8
+ #
9
+ # @see Puppet::SSL::SSLProvider
5
10
  # @api private
6
- module Puppet::SSL # :nodoc:
11
+ module Puppet::SSL
7
12
  CA_NAME = "ca".freeze
8
- require 'puppet/ssl/host'
13
+
9
14
  require 'puppet/ssl/oids'
10
- require 'puppet/ssl/validator'
11
- require 'puppet/ssl/validator/no_validator'
12
- require 'puppet/ssl/validator/default_validator'
13
15
  require 'puppet/ssl/error'
14
16
  require 'puppet/ssl/ssl_context'
15
17
  require 'puppet/ssl/verifier'
16
- require 'puppet/ssl/verifier_adapter'
17
18
  require 'puppet/ssl/ssl_provider'
18
19
  require 'puppet/ssl/state_machine'
20
+ require 'puppet/ssl/certificate'
21
+ require 'puppet/ssl/certificate_request'
22
+ require 'puppet/ssl/certificate_request_attributes'
19
23
  end
@@ -1,7 +1,6 @@
1
1
  require 'puppet/ssl/openssl_loader'
2
2
  require 'puppet/ssl'
3
3
  require 'puppet/ssl/digest'
4
- require 'puppet/util/ssl'
5
4
 
6
5
  # The base class for wrapping SSL instances.
7
6
  class Puppet::SSL::Base
@@ -54,7 +53,9 @@ class Puppet::SSL::Base
54
53
  #
55
54
  # @return [String] the name (CN) extracted from the subject.
56
55
  def self.name_from_subject(subject)
57
- Puppet::Util::SSL.cn_from_subject(subject)
56
+ if subject.respond_to? :to_a
57
+ (subject.to_a.assoc('CN') || [])[1]
58
+ end
58
59
  end
59
60
 
60
61
  # Create an instance of our Puppet::SSL::* class using a given instance of the wrapped class
@@ -82,15 +83,12 @@ class Puppet::SSL::Base
82
83
  # Read content from disk appropriately.
83
84
  def read(path)
84
85
  # applies to Puppet::SSL::Certificate, Puppet::SSL::CertificateRequest
85
- # Puppet::SSL::Key uses this, but also provides its own override
86
86
  # nothing derives from Puppet::SSL::Certificate, but it is called by a number of other SSL Indirectors:
87
87
  # Puppet::Indirector::CertificateStatus::File (.indirection.find)
88
88
  # Puppet::Network::HTTP::WEBrick (.indirection.find)
89
89
  # Puppet::Network::HTTP::RackREST (.from_instance)
90
90
  # Puppet::Network::HTTP::WEBrickREST (.from_instance)
91
- # Puppet::SSL::Host (.indirection.find)
92
91
  # Puppet::SSL::Inventory (.indirection.search, implements its own add / rebuild / serials with encoding UTF8)
93
- # Puppet::SSL::Validator::DefaultValidator (.from_instance) / Puppet::SSL::Validator::NoValidator does nothing
94
92
  @content = wrapped_class.new(Puppet::FileSystem.read(path, :encoding => Encoding::ASCII))
95
93
  end
96
94
 
@@ -11,12 +11,6 @@ class Puppet::SSL::Certificate < Puppet::SSL::Base
11
11
  # This is defined from the base class
12
12
  wraps OpenSSL::X509::Certificate
13
13
 
14
- extend Puppet::Indirector
15
- indirects :certificate, :terminus_class => :file, :doc => <<DOC
16
- This indirection wraps an `OpenSSL::X509::Certificate` object, representing a certificate (signed public key).
17
- The indirection key is the certificate CN (generally a hostname).
18
- DOC
19
-
20
14
  # Because of how the format handler class is included, this
21
15
  # can't be in the base class.
22
16
  def self.supported_formats
@@ -28,13 +28,6 @@ require 'puppet/ssl/certificate_signer'
28
28
  class Puppet::SSL::CertificateRequest < Puppet::SSL::Base
29
29
  wraps OpenSSL::X509::Request
30
30
 
31
- extend Puppet::Indirector
32
-
33
- indirects :certificate_request, :terminus_class => :file, :doc => <<DOC
34
- This indirection wraps an `OpenSSL::X509::Request` object, representing a certificate signing request (CSR).
35
- The indirection key is the certificate CN (generally a hostname).
36
- DOC
37
-
38
31
  # Because of how the format handler class is included, this
39
32
  # can't be in the base class.
40
33
  def self.supported_formats
@@ -47,8 +40,7 @@ DOC
47
40
 
48
41
  # Create a certificate request with our system settings.
49
42
  #
50
- # @param key [OpenSSL::X509::Key, Puppet::SSL::Key] The key pair associated
51
- # with this CSR.
43
+ # @param key [OpenSSL::X509::Key] The private key associated with this CSR.
52
44
  # @param options [Hash]
53
45
  # @option options [String] :dns_alt_names A comma separated list of
54
46
  # Subject Alternative Names to include in the CSR extension request.
@@ -64,9 +56,6 @@ DOC
64
56
  def generate(key, options = {})
65
57
  Puppet.info _("Creating a new SSL certificate request for %{name}") % { name: name }
66
58
 
67
- # Support either an actual SSL key, or a Puppet key.
68
- key = key.content if key.is_a?(Puppet::SSL::Key)
69
-
70
59
  # If we're a CSR for the CA, then use the real ca_name, rather than the
71
60
  # fake 'ca' name. This is mostly for backward compatibility with 0.24.x,
72
61
  # but it's also just a good idea.
@@ -27,6 +27,12 @@ class Puppet::SSL::CertificateSigner
27
27
  @digest
28
28
  end
29
29
 
30
+ # Sign a certificate signing request (CSR) with a private key.
31
+ #
32
+ # @param [OpenSSL::X509::Request] content The CSR to sign
33
+ # @param [OpenSSL::X509::PKey] key The private key to sign with
34
+ #
35
+ # @api private
30
36
  def sign(content, key)
31
37
  content.sign(key, @digest.new)
32
38
  end
@@ -2,10 +2,11 @@ require 'puppet/ssl'
2
2
 
3
3
  # This module defines OIDs for use within Puppet.
4
4
  #
5
- # == ASN.1 Definition
5
+ # # ASN.1 Definition
6
6
  #
7
7
  # The following is the formal definition of OIDs specified in this file.
8
8
  #
9
+ # ```
9
10
  # puppetCertExtensions OBJECT IDENTIFIER ::= {iso(1) identified-organization(3)
10
11
  # dod(6) internet(1) private(4) enterprise(1) 34380 1}
11
12
  #
@@ -22,6 +23,7 @@ require 'puppet/ssl'
22
23
  # pp_instance_id OBJECT IDENTIFIER ::= { registeredExtensions 2 }
23
24
  # pp_image_name OBJECT IDENTIFIER ::= { registeredExtensions 3 }
24
25
  # pp_preshared_key OBJECT IDENTIFIER ::= { registeredExtensions 4 }
26
+ # ```
25
27
  #
26
28
  # @api private
27
29
  module Puppet::SSL::Oids
@@ -3,6 +3,23 @@ require 'puppet/ssl'
3
3
  # SSL Provider creates `SSLContext` objects that can be used to create
4
4
  # secure connections.
5
5
  #
6
+ # @example To load an SSLContext from an existing private key and related certs/crls:
7
+ # ssl_context = provider.load_context
8
+ #
9
+ # @example To load an SSLContext from an existing password-protected private key and related certs/crls:
10
+ # ssl_context = provider.load_context(password: 'opensesame')
11
+ #
12
+ # @example To create an SSLContext from in-memory certs and keys:
13
+ # cacerts = [<OpenSSL::X509::Certificate>]
14
+ # crls = [<OpenSSL::X509::CRL>]
15
+ # key = <OpenSSL::X509::PKey>
16
+ # cert = <OpenSSL::X509::Certificate>
17
+ # ssl_context = provider.create_context(cacerts: cacerts, crls: crls, private_key: key, client_cert: cert)
18
+ #
19
+ # @example To create an SSLContext to connect to non-puppet HTTPS servers:
20
+ # cacerts = [<OpenSSL::X509::Certificate>]
21
+ # ssl_context = provider.create_root_context(cacerts: cacerts)
22
+ #
6
23
  # @api private
7
24
  class Puppet::SSL::SSLProvider
8
25
  # Create an insecure `SSLContext`. Connections made from the returned context