puppet 6.20.0-x64-mingw32 → 7.0.0-x64-mingw32
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CODEOWNERS +16 -2
- data/Gemfile +0 -2
- data/Gemfile.lock +18 -24
- data/README.md +1 -1
- data/conf/fileserver.conf +5 -10
- data/ext/build_defaults.yaml +1 -1
- data/ext/osx/file_mapping.yaml +0 -5
- data/ext/project_data.yaml +1 -14
- data/ext/redhat/puppet.spec.erb +0 -1
- data/ext/windows/service/daemon.rb +6 -5
- data/install.rb +21 -17
- data/lib/puppet.rb +11 -20
- data/lib/puppet/application.rb +178 -108
- data/lib/puppet/application/agent.rb +0 -1
- data/lib/puppet/application/apply.rb +2 -3
- data/lib/puppet/application/device.rb +100 -105
- data/lib/puppet/application/filebucket.rb +13 -9
- data/lib/puppet/application/script.rb +0 -1
- data/lib/puppet/application/ssl.rb +1 -1
- data/lib/puppet/application_support.rb +0 -7
- data/lib/puppet/configurer.rb +30 -45
- data/lib/puppet/configurer/plugin_handler.rb +21 -19
- data/lib/puppet/defaults.rb +97 -167
- data/lib/puppet/environments.rb +59 -58
- data/lib/puppet/face/facts.rb +51 -51
- data/lib/puppet/face/help.rb +1 -1
- data/lib/puppet/face/plugin.rb +5 -8
- data/lib/puppet/ffi/windows.rb +12 -0
- data/lib/puppet/ffi/windows/api_types.rb +311 -0
- data/lib/puppet/ffi/windows/constants.rb +404 -0
- data/lib/puppet/ffi/windows/functions.rb +628 -0
- data/lib/puppet/ffi/windows/structs.rb +338 -0
- data/lib/puppet/file_serving/configuration.rb +0 -5
- data/lib/puppet/file_serving/configuration/parser.rb +3 -32
- data/lib/puppet/file_serving/http_metadata.rb +1 -1
- data/lib/puppet/file_serving/mount.rb +1 -2
- data/lib/puppet/forge/repository.rb +0 -1
- data/lib/puppet/generate/models/type/type.rb +4 -1
- data/lib/puppet/http.rb +22 -13
- data/lib/puppet/http/client.rb +164 -114
- data/lib/puppet/{network/resolver.rb → http/dns.rb} +2 -2
- data/lib/puppet/http/errors.rb +16 -0
- data/lib/puppet/http/external_client.rb +5 -7
- data/lib/puppet/{network/http → http}/factory.rb +8 -11
- data/lib/puppet/{network/http → http}/pool.rb +61 -26
- data/lib/puppet/{network/http/session.rb → http/pool_entry.rb} +2 -3
- data/lib/puppet/http/proxy.rb +137 -0
- data/lib/puppet/http/redirector.rb +4 -12
- data/lib/puppet/http/resolver.rb +5 -15
- data/lib/puppet/http/resolver/server_list.rb +6 -10
- data/lib/puppet/http/resolver/settings.rb +4 -7
- data/lib/puppet/http/resolver/srv.rb +7 -11
- data/lib/puppet/http/response.rb +36 -54
- data/lib/puppet/http/response_converter.rb +24 -0
- data/lib/puppet/http/response_net_http.rb +42 -0
- data/lib/puppet/http/retry_after_handler.rb +4 -13
- data/lib/puppet/http/service.rb +12 -26
- data/lib/puppet/http/service/ca.rb +11 -22
- data/lib/puppet/http/service/compiler.rb +22 -69
- data/lib/puppet/http/service/file_server.rb +18 -27
- data/lib/puppet/http/service/puppetserver.rb +26 -12
- data/lib/puppet/http/service/report.rb +8 -10
- data/lib/puppet/http/session.rb +11 -20
- data/lib/puppet/{network/http → http}/site.rb +1 -2
- data/lib/puppet/indirector/catalog/rest.rb +2 -4
- data/lib/puppet/indirector/facts/facter.rb +24 -3
- data/lib/puppet/indirector/facts/rest.rb +3 -22
- data/lib/puppet/indirector/file_bucket_file/rest.rb +3 -9
- data/lib/puppet/indirector/file_content/rest.rb +2 -6
- data/lib/puppet/indirector/file_metadata/rest.rb +3 -9
- data/lib/puppet/indirector/file_server.rb +1 -8
- data/lib/puppet/indirector/generic_http.rb +0 -11
- data/lib/puppet/indirector/node/rest.rb +2 -4
- data/lib/puppet/indirector/report/rest.rb +3 -8
- data/lib/puppet/indirector/request.rb +0 -101
- data/lib/puppet/indirector/rest.rb +12 -263
- data/lib/puppet/module_tool/applications.rb +0 -1
- data/lib/puppet/module_tool/applications/installer.rb +2 -48
- data/lib/puppet/module_tool/errors/shared.rb +2 -17
- data/lib/puppet/network/authconfig.rb +2 -96
- data/lib/puppet/network/authorization.rb +13 -35
- data/lib/puppet/network/http.rb +3 -3
- data/lib/puppet/network/http/api/indirected_routes.rb +2 -20
- data/lib/puppet/network/http/api/master/v3.rb +11 -13
- data/lib/puppet/network/http/connection.rb +247 -316
- data/lib/puppet/network/http/handler.rb +0 -1
- data/lib/puppet/network/http_pool.rb +16 -34
- data/lib/puppet/node.rb +1 -30
- data/lib/puppet/pal/json_catalog_encoder.rb +4 -0
- data/lib/puppet/pal/pal_impl.rb +3 -1
- data/lib/puppet/parser/ast/leaf.rb +2 -3
- data/lib/puppet/parser/ast/pops_bridge.rb +0 -38
- data/lib/puppet/parser/compiler.rb +0 -198
- data/lib/puppet/parser/compiler/catalog_validator/relationship_validator.rb +14 -39
- data/lib/puppet/parser/resource.rb +0 -69
- data/lib/puppet/parser/templatewrapper.rb +1 -1
- data/lib/puppet/pops/evaluator/deferred_resolver.rb +3 -5
- data/lib/puppet/pops/evaluator/evaluator_impl.rb +0 -5
- data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +3 -3
- data/lib/puppet/pops/evaluator/runtime3_support.rb +1 -1
- data/lib/puppet/pops/issues.rb +0 -5
- data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +6 -8
- data/lib/puppet/pops/model/ast.pp +0 -42
- data/lib/puppet/pops/model/ast.rb +0 -290
- data/lib/puppet/pops/model/ast_transformer.rb +1 -1
- data/lib/puppet/pops/model/factory.rb +0 -45
- data/lib/puppet/pops/model/model_label_provider.rb +0 -5
- data/lib/puppet/pops/model/model_tree_dumper.rb +0 -22
- data/lib/puppet/pops/model/pn_transformer.rb +0 -16
- data/lib/puppet/pops/parser/egrammar.ra +0 -56
- data/lib/puppet/pops/parser/eparser.rb +1520 -1712
- data/lib/puppet/pops/parser/lexer2.rb +4 -4
- data/lib/puppet/pops/parser/parser_support.rb +0 -5
- data/lib/puppet/pops/resource/resource_type_impl.rb +2 -24
- data/lib/puppet/pops/types/type_calculator.rb +0 -7
- data/lib/puppet/pops/types/type_parser.rb +0 -4
- data/lib/puppet/pops/types/types.rb +0 -1
- data/lib/puppet/pops/validation/checker4_0.rb +9 -37
- data/lib/puppet/pops/validation/tasks_checker.rb +0 -12
- data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -2
- data/lib/puppet/provider.rb +0 -13
- data/lib/puppet/provider/nameservice.rb +0 -18
- data/lib/puppet/provider/package/apt.rb +0 -4
- data/lib/puppet/provider/package/dpkg.rb +0 -10
- data/lib/puppet/provider/package/gem.rb +23 -3
- data/lib/puppet/provider/package/pip.rb +0 -1
- data/lib/puppet/provider/package/pkg.rb +0 -4
- data/lib/puppet/provider/package/portage.rb +1 -1
- data/lib/puppet/provider/package/puppet_gem.rb +1 -4
- data/lib/puppet/provider/service/smf.rb +191 -73
- data/lib/puppet/provider/user/aix.rb +2 -2
- data/lib/puppet/provider/user/directoryservice.rb +0 -10
- data/lib/puppet/reference/configuration.rb +7 -6
- data/lib/puppet/reference/indirection.rb +1 -1
- data/lib/puppet/resource.rb +1 -89
- data/lib/puppet/resource/catalog.rb +1 -14
- data/lib/puppet/resource/type.rb +3 -119
- data/lib/puppet/resource/type_collection.rb +3 -48
- data/lib/puppet/runtime.rb +1 -2
- data/lib/puppet/settings.rb +73 -66
- data/lib/puppet/settings/integer_setting.rb +17 -0
- data/lib/puppet/settings/port_setting.rb +15 -0
- data/lib/puppet/settings/priority_setting.rb +5 -4
- data/lib/puppet/ssl.rb +10 -6
- data/lib/puppet/ssl/base.rb +3 -5
- data/lib/puppet/ssl/certificate.rb +0 -6
- data/lib/puppet/ssl/certificate_request.rb +1 -12
- data/lib/puppet/ssl/certificate_signer.rb +6 -0
- data/lib/puppet/ssl/oids.rb +3 -1
- data/lib/puppet/ssl/ssl_provider.rb +17 -0
- data/lib/puppet/ssl/state_machine.rb +3 -1
- data/lib/puppet/ssl/verifier.rb +2 -0
- data/lib/puppet/test/test_helper.rb +1 -3
- data/lib/puppet/transaction.rb +1 -7
- data/lib/puppet/transaction/report.rb +2 -4
- data/lib/puppet/type.rb +0 -76
- data/lib/puppet/type/file.rb +5 -7
- data/lib/puppet/type/file/checksum.rb +1 -1
- data/lib/puppet/type/file/source.rb +1 -1
- data/lib/puppet/type/filebucket.rb +3 -3
- data/lib/puppet/type/package.rb +5 -13
- data/lib/puppet/util/autoload.rb +8 -1
- data/lib/puppet/util/execution.rb +0 -11
- data/lib/puppet/util/http_proxy.rb +2 -215
- data/lib/puppet/util/monkey_patches.rb +0 -46
- data/lib/puppet/util/posix.rb +5 -54
- data/lib/puppet/util/rdoc.rb +0 -7
- data/lib/puppet/util/retry_action.rb +1 -1
- data/lib/puppet/util/run_mode.rb +9 -1
- data/lib/puppet/util/windows.rb +3 -8
- data/lib/puppet/util/windows/daemon.rb +360 -0
- data/lib/puppet/util/windows/error.rb +1 -0
- data/lib/puppet/util/windows/eventlog.rb +4 -9
- data/lib/puppet/util/windows/file.rb +8 -242
- data/lib/puppet/util/windows/monkey_patches/process.rb +414 -0
- data/lib/puppet/util/windows/process.rb +4 -226
- data/lib/puppet/util/windows/service.rb +9 -460
- data/lib/puppet/util/windows/string.rb +12 -13
- data/lib/puppet/util/yaml.rb +0 -22
- data/lib/puppet/vendor/require_vendored.rb +0 -1
- data/lib/puppet/version.rb +1 -1
- data/lib/puppet/x509.rb +5 -1
- data/lib/puppet/x509/cert_provider.rb +29 -1
- data/locales/puppet.pot +587 -1312
- data/man/man5/puppet.conf.5 +39 -99
- data/man/man8/puppet-agent.8 +2 -2
- data/man/man8/puppet-apply.8 +2 -2
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +2 -2
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +51 -36
- data/man/man8/puppet-filebucket.8 +4 -4
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-module.8 +1 -58
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +2 -2
- data/man/man8/puppet-ssl.8 +1 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/unit/provider/service/smf/{svcs.out → svcs_instances.out} +0 -0
- data/spec/fixtures/unit/provider/user/aix/aix_passwd_file.out +0 -4
- data/spec/integration/application/agent_spec.rb +27 -138
- data/spec/integration/application/apply_spec.rb +1 -20
- data/spec/integration/application/filebucket_spec.rb +16 -16
- data/spec/integration/application/help_spec.rb +2 -0
- data/spec/integration/application/plugin_spec.rb +23 -1
- data/spec/integration/defaults_spec.rb +14 -3
- data/spec/integration/network/http_pool_spec.rb +3 -21
- data/spec/integration/parser/catalog_spec.rb +0 -38
- data/spec/integration/parser/node_spec.rb +0 -9
- data/spec/integration/parser/pcore_resource_spec.rb +0 -37
- data/spec/integration/resource/type_collection_spec.rb +6 -2
- data/spec/integration/transaction_spec.rb +9 -4
- data/spec/integration/type/file_spec.rb +5 -4
- data/spec/integration/util/windows/adsi_spec.rb +1 -3
- data/spec/integration/util/windows/monkey_patches/process_spec.rb +231 -0
- data/spec/integration/util/windows/registry_spec.rb +10 -0
- data/spec/integration/util/windows/security_spec.rb +1 -1
- data/spec/lib/puppet_spec/puppetserver.rb +1 -1
- data/spec/lib/puppet_spec/settings.rb +1 -0
- data/spec/spec_helper.rb +6 -1
- data/spec/unit/agent_spec.rb +6 -10
- data/spec/unit/application/agent_spec.rb +1 -0
- data/spec/unit/application/facts_spec.rb +35 -0
- data/spec/unit/application/filebucket_spec.rb +43 -39
- data/spec/unit/application/ssl_spec.rb +2 -2
- data/spec/unit/application_spec.rb +9 -51
- data/spec/unit/certificate_factory_spec.rb +1 -1
- data/spec/unit/configurer/downloader_spec.rb +6 -2
- data/spec/unit/configurer/plugin_handler_spec.rb +56 -18
- data/spec/unit/configurer_spec.rb +12 -9
- data/spec/unit/confine/feature_spec.rb +1 -1
- data/spec/unit/confine_spec.rb +2 -8
- data/spec/unit/context/trusted_information_spec.rb +2 -6
- data/spec/unit/defaults_spec.rb +72 -42
- data/spec/unit/environments_spec.rb +19 -99
- data/spec/unit/face/facts_spec.rb +4 -0
- data/spec/unit/face/node_spec.rb +11 -0
- data/spec/unit/face/plugin_spec.rb +73 -33
- data/spec/unit/file_bucket/file_spec.rb +1 -1
- data/spec/unit/file_serving/configuration/parser_spec.rb +15 -18
- data/spec/unit/file_serving/configuration_spec.rb +6 -12
- data/spec/unit/file_serving/metadata_spec.rb +3 -3
- data/spec/unit/file_serving/terminus_helper_spec.rb +4 -11
- data/spec/unit/forge/module_release_spec.rb +7 -2
- data/spec/unit/functions/camelcase_spec.rb +1 -1
- data/spec/unit/functions/capitalize_spec.rb +1 -1
- data/spec/unit/functions/downcase_spec.rb +1 -1
- data/spec/unit/functions/upcase_spec.rb +1 -1
- data/spec/unit/http/client_spec.rb +7 -8
- data/spec/unit/{network/resolver_spec.rb → http/dns_spec.rb} +3 -3
- data/spec/unit/http/external_client_spec.rb +4 -4
- data/spec/unit/{network/http → http}/factory_spec.rb +5 -11
- data/spec/unit/{network/http/session_spec.rb → http/pool_entry_spec.rb} +3 -3
- data/spec/unit/{network/http → http}/pool_spec.rb +12 -17
- data/spec/unit/{util/http_proxy_spec.rb → http/proxy_spec.rb} +2 -69
- data/spec/unit/http/resolver_spec.rb +13 -13
- data/spec/unit/http/service/compiler_spec.rb +0 -62
- data/spec/unit/http/service/file_server_spec.rb +3 -3
- data/spec/unit/http/service/puppetserver_spec.rb +34 -4
- data/spec/unit/http/service_spec.rb +0 -1
- data/spec/unit/http/session_spec.rb +16 -14
- data/spec/unit/{network/http → http}/site_spec.rb +3 -3
- data/spec/unit/indirector/face_spec.rb +1 -0
- data/spec/unit/indirector/facts/facter_spec.rb +98 -0
- data/spec/unit/indirector/file_bucket_file/file_spec.rb +5 -3
- data/spec/unit/indirector/file_bucket_file/selector_spec.rb +8 -26
- data/spec/unit/indirector/file_content/rest_spec.rb +0 -4
- data/spec/unit/indirector/file_metadata/rest_spec.rb +0 -4
- data/spec/unit/indirector/file_server_spec.rb +1 -15
- data/spec/unit/indirector/indirection_spec.rb +12 -8
- data/spec/unit/indirector/report/rest_spec.rb +2 -17
- data/spec/unit/indirector/request_spec.rb +0 -264
- data/spec/unit/indirector/rest_spec.rb +98 -752
- data/spec/unit/indirector_spec.rb +2 -2
- data/spec/unit/module_tool/applications/installer_spec.rb +0 -66
- data/spec/unit/network/authconfig_spec.rb +2 -129
- data/spec/unit/network/authorization_spec.rb +2 -55
- data/spec/unit/network/formats_spec.rb +4 -4
- data/spec/unit/network/http/api/indirected_routes_spec.rb +5 -92
- data/spec/unit/network/http/api/master/v3_spec.rb +28 -7
- data/spec/unit/network/http/api_spec.rb +10 -0
- data/spec/unit/network/http/connection_spec.rb +19 -41
- data/spec/unit/network/http/handler_spec.rb +0 -1
- data/spec/unit/network/http_pool_spec.rb +0 -4
- data/spec/unit/node/environment_spec.rb +33 -21
- data/spec/unit/node_spec.rb +2 -54
- data/spec/unit/parser/compiler_spec.rb +19 -3
- data/spec/unit/parser/functions/create_resources_spec.rb +2 -20
- data/spec/unit/parser/resource_spec.rb +8 -14
- data/spec/unit/parser/templatewrapper_spec.rb +3 -4
- data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +4 -7
- data/spec/unit/pops/loaders/loaders_spec.rb +6 -21
- data/spec/unit/pops/parser/parse_application_spec.rb +4 -22
- data/spec/unit/pops/parser/parse_basic_expressions_spec.rb +0 -1
- data/spec/unit/pops/parser/parse_capabilities_spec.rb +8 -21
- data/spec/unit/pops/parser/parse_site_spec.rb +20 -24
- data/spec/unit/pops/resource/resource_type_impl_spec.rb +0 -71
- data/spec/unit/pops/serialization/to_from_hr_spec.rb +1 -1
- data/spec/unit/pops/types/type_calculator_spec.rb +6 -6
- data/spec/unit/pops/types/type_factory_spec.rb +1 -1
- data/spec/unit/pops/validator/validator_spec.rb +61 -46
- data/spec/unit/pops/visitor_spec.rb +1 -1
- data/spec/unit/property_spec.rb +0 -1
- data/spec/unit/provider/nameservice_spec.rb +64 -122
- data/spec/unit/provider/package/apt_spec.rb +8 -4
- data/spec/unit/provider/package/base_spec.rb +5 -6
- data/spec/unit/provider/package/dpkg_spec.rb +0 -48
- data/spec/unit/provider/package/gem_spec.rb +32 -0
- data/spec/unit/provider/package/pacman_spec.rb +12 -18
- data/spec/unit/provider/package/pip_spec.rb +11 -6
- data/spec/unit/provider/package/pkgdmg_spec.rb +4 -0
- data/spec/unit/provider/package/puppet_gem_spec.rb +3 -2
- data/spec/unit/provider/service/smf_spec.rb +401 -165
- data/spec/unit/provider/service/windows_spec.rb +0 -1
- data/spec/unit/provider/user/aix_spec.rb +0 -5
- data/spec/unit/provider/user/hpux_spec.rb +1 -1
- data/spec/unit/provider/user/pw_spec.rb +0 -2
- data/spec/unit/provider/user/useradd_spec.rb +0 -1
- data/spec/unit/provider_spec.rb +8 -18
- data/spec/unit/resource/type_collection_spec.rb +2 -22
- data/spec/unit/resource/type_spec.rb +1 -1
- data/spec/unit/resource_spec.rb +10 -67
- data/spec/unit/settings/http_extra_headers_spec.rb +2 -4
- data/spec/unit/settings/integer_setting_spec.rb +42 -0
- data/spec/unit/settings/port_setting_spec.rb +31 -0
- data/spec/unit/settings/priority_setting_spec.rb +4 -4
- data/spec/unit/settings_spec.rb +23 -13
- data/spec/unit/ssl/base_spec.rb +37 -3
- data/spec/unit/ssl/certificate_request_spec.rb +15 -45
- data/spec/unit/ssl/certificate_spec.rb +2 -11
- data/spec/unit/ssl/ssl_provider_spec.rb +2 -5
- data/spec/unit/ssl/state_machine_spec.rb +0 -1
- data/spec/unit/ssl/verifier_spec.rb +0 -21
- data/spec/unit/transaction/additional_resource_generator_spec.rb +7 -3
- data/spec/unit/transaction/event_manager_spec.rb +11 -14
- data/spec/unit/transaction/report_spec.rb +0 -2
- data/spec/unit/transaction/resource_harness_spec.rb +2 -2
- data/spec/unit/transaction_spec.rb +48 -91
- data/spec/unit/type/file/checksum_spec.rb +6 -6
- data/spec/unit/type/file/content_spec.rb +2 -1
- data/spec/unit/type/file/ensure_spec.rb +1 -1
- data/spec/unit/type/file/mode_spec.rb +1 -1
- data/spec/unit/type/file/selinux_spec.rb +2 -0
- data/spec/unit/type/file/source_spec.rb +0 -1
- data/spec/unit/type/file_spec.rb +18 -6
- data/spec/unit/type/group_spec.rb +6 -13
- data/spec/unit/type/package_spec.rb +1 -1
- data/spec/unit/type/resources_spec.rb +7 -7
- data/spec/unit/type/service_spec.rb +1 -1
- data/spec/unit/type/tidy_spec.rb +1 -0
- data/spec/unit/type_spec.rb +22 -2
- data/spec/unit/util/at_fork_spec.rb +2 -2
- data/spec/unit/util/autoload_spec.rb +1 -5
- data/spec/unit/util/backups_spec.rb +2 -3
- data/spec/unit/util/execution_spec.rb +11 -44
- data/spec/unit/util/inifile_spec.rb +14 -6
- data/spec/unit/util/log_spec.rb +7 -8
- data/spec/unit/util/logging_spec.rb +3 -3
- data/spec/unit/util/monkey_patches_spec.rb +0 -6
- data/spec/unit/util/posix_spec.rb +15 -363
- data/spec/unit/util/run_mode_spec.rb +21 -121
- data/spec/unit/util/selinux_spec.rb +52 -76
- data/spec/unit/util/storage_spec.rb +1 -3
- data/spec/unit/util/suidmanager_spec.rb +41 -44
- data/spec/unit/util/windows/string_spec.rb +1 -3
- data/spec/unit/util/yaml_spec.rb +0 -54
- data/spec/unit/util_spec.rb +6 -31
- metadata +40 -233
- data/conf/auth.conf +0 -150
- data/lib/puppet/application/cert.rb +0 -76
- data/lib/puppet/application/key.rb +0 -4
- data/lib/puppet/application/man.rb +0 -4
- data/lib/puppet/application/status.rb +0 -4
- data/lib/puppet/face/key.rb +0 -16
- data/lib/puppet/face/man.rb +0 -145
- data/lib/puppet/face/module/build.rb +0 -14
- data/lib/puppet/face/module/generate.rb +0 -14
- data/lib/puppet/face/module/search.rb +0 -103
- data/lib/puppet/face/status.rb +0 -51
- data/lib/puppet/ffi/posix.rb +0 -10
- data/lib/puppet/ffi/posix/constants.rb +0 -14
- data/lib/puppet/ffi/posix/functions.rb +0 -24
- data/lib/puppet/indirector/certificate/file.rb +0 -9
- data/lib/puppet/indirector/certificate/rest.rb +0 -18
- data/lib/puppet/indirector/certificate_request/file.rb +0 -9
- data/lib/puppet/indirector/certificate_request/memory.rb +0 -7
- data/lib/puppet/indirector/certificate_request/rest.rb +0 -11
- data/lib/puppet/indirector/file_content/http.rb +0 -22
- data/lib/puppet/indirector/key/file.rb +0 -46
- data/lib/puppet/indirector/key/memory.rb +0 -7
- data/lib/puppet/indirector/ssl_file.rb +0 -162
- data/lib/puppet/indirector/status.rb +0 -3
- data/lib/puppet/indirector/status/local.rb +0 -12
- data/lib/puppet/indirector/status/rest.rb +0 -27
- data/lib/puppet/module_tool/applications/searcher.rb +0 -29
- data/lib/puppet/network/auth_config_parser.rb +0 -90
- data/lib/puppet/network/authstore.rb +0 -283
- data/lib/puppet/network/http/api/master/v3/authorization.rb +0 -18
- data/lib/puppet/network/http/api/master/v3/environment.rb +0 -88
- data/lib/puppet/network/http/base_pool.rb +0 -36
- data/lib/puppet/network/http/compression.rb +0 -127
- data/lib/puppet/network/http/connection_adapter.rb +0 -184
- data/lib/puppet/network/http/nocache_pool.rb +0 -28
- data/lib/puppet/network/rest_controller.rb +0 -2
- data/lib/puppet/network/rights.rb +0 -210
- data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +0 -66
- data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +0 -22
- data/lib/puppet/parser/environment_compiler.rb +0 -202
- data/lib/puppet/pops/types/enumeration.rb +0 -16
- data/lib/puppet/resource/capability_finder.rb +0 -154
- data/lib/puppet/rest/errors.rb +0 -15
- data/lib/puppet/rest/response.rb +0 -35
- data/lib/puppet/rest/route.rb +0 -85
- data/lib/puppet/rest/routes.rb +0 -135
- data/lib/puppet/settings/alias_setting.rb +0 -37
- data/lib/puppet/ssl/host.rb +0 -505
- data/lib/puppet/ssl/key.rb +0 -61
- data/lib/puppet/ssl/validator.rb +0 -61
- data/lib/puppet/ssl/validator/default_validator.rb +0 -209
- data/lib/puppet/ssl/validator/no_validator.rb +0 -22
- data/lib/puppet/ssl/verifier_adapter.rb +0 -58
- data/lib/puppet/status.rb +0 -40
- data/lib/puppet/util/connection.rb +0 -88
- data/lib/puppet/util/fact_dif.rb +0 -62
- data/lib/puppet/util/ssl.rb +0 -83
- data/lib/puppet/util/windows/api_types.rb +0 -309
- data/lib/puppet/util/windows/monkey_patches/dir.rb +0 -40
- data/lib/puppet/vendor/load_pathspec.rb +0 -1
- data/lib/puppet/vendor/pathspec/CHANGELOG.md +0 -2
- data/lib/puppet/vendor/pathspec/LICENSE +0 -201
- data/lib/puppet/vendor/pathspec/PUPPET_README.md +0 -6
- data/lib/puppet/vendor/pathspec/README.md +0 -53
- data/lib/puppet/vendor/pathspec/lib/pathspec.rb +0 -122
- data/lib/puppet/vendor/pathspec/lib/pathspec/gitignorespec.rb +0 -275
- data/lib/puppet/vendor/pathspec/lib/pathspec/regexspec.rb +0 -17
- data/lib/puppet/vendor/pathspec/lib/pathspec/spec.rb +0 -14
- data/man/man8/puppet-key.8 +0 -126
- data/man/man8/puppet-man.8 +0 -76
- data/man/man8/puppet-status.8 +0 -108
- data/spec/fixtures/integration/application/agent/cached_deferred_catalog.json +0 -91
- data/spec/integration/network/authconfig_spec.rb +0 -256
- data/spec/integration/util/windows/monkey_patches/dir_spec.rb +0 -11
- data/spec/unit/application/man_spec.rb +0 -52
- data/spec/unit/capability_spec.rb +0 -414
- data/spec/unit/face/key_spec.rb +0 -9
- data/spec/unit/face/module/search_spec.rb +0 -231
- data/spec/unit/face/status_spec.rb +0 -9
- data/spec/unit/indirector/certificate/file_spec.rb +0 -14
- data/spec/unit/indirector/certificate/rest_spec.rb +0 -61
- data/spec/unit/indirector/certificate_request/file_spec.rb +0 -14
- data/spec/unit/indirector/certificate_request/rest_spec.rb +0 -25
- data/spec/unit/indirector/key/file_spec.rb +0 -78
- data/spec/unit/indirector/ssl_file_spec.rb +0 -305
- data/spec/unit/indirector/status/local_spec.rb +0 -10
- data/spec/unit/indirector/status/rest_spec.rb +0 -50
- data/spec/unit/module_tool/applications/searcher_spec.rb +0 -38
- data/spec/unit/network/auth_config_parser_spec.rb +0 -115
- data/spec/unit/network/authstore_spec.rb +0 -422
- data/spec/unit/network/http/api/master/v3/authorization_spec.rb +0 -57
- data/spec/unit/network/http/api/master/v3/environment_spec.rb +0 -185
- data/spec/unit/network/http/compression_spec.rb +0 -240
- data/spec/unit/network/http/nocache_pool_spec.rb +0 -64
- data/spec/unit/network/http_spec.rb +0 -9
- data/spec/unit/network/rights_spec.rb +0 -439
- data/spec/unit/parser/environment_compiler_spec.rb +0 -730
- data/spec/unit/pops/evaluator/deferred_resolver_spec.rb +0 -20
- data/spec/unit/pops/types/enumeration_spec.rb +0 -51
- data/spec/unit/resource/capability_finder_spec.rb +0 -148
- data/spec/unit/rest/route_spec.rb +0 -132
- data/spec/unit/ssl/host_spec.rb +0 -645
- data/spec/unit/ssl/key_spec.rb +0 -173
- data/spec/unit/ssl/validator_spec.rb +0 -278
- data/spec/unit/status_spec.rb +0 -45
- data/spec/unit/util/ssl_spec.rb +0 -91
data/lib/puppet/runtime.rb
CHANGED
@@ -11,8 +11,7 @@ class Puppet::Runtime
|
|
11
11
|
@runtime_services = {
|
12
12
|
http: proc do
|
13
13
|
klass = Puppet::Network::HttpPool.http_client_class
|
14
|
-
if klass == Puppet::Network::HTTP::Connection
|
15
|
-
klass == Puppet::Network::HTTP::ConnectionAdapter
|
14
|
+
if klass == Puppet::Network::HTTP::Connection
|
16
15
|
Puppet::HTTP::Client.new
|
17
16
|
else
|
18
17
|
Puppet::HTTP::ExternalClient.new(klass)
|
data/lib/puppet/settings.rb
CHANGED
@@ -21,6 +21,8 @@ class Puppet::Settings
|
|
21
21
|
require 'puppet/settings/file_or_directory_setting'
|
22
22
|
require 'puppet/settings/path_setting'
|
23
23
|
require 'puppet/settings/boolean_setting'
|
24
|
+
require 'puppet/settings/integer_setting'
|
25
|
+
require 'puppet/settings/port_setting'
|
24
26
|
require 'puppet/settings/terminus_setting'
|
25
27
|
require 'puppet/settings/duration_setting'
|
26
28
|
require 'puppet/settings/ttl_setting'
|
@@ -32,7 +34,6 @@ class Puppet::Settings
|
|
32
34
|
require 'puppet/settings/server_list_setting'
|
33
35
|
require 'puppet/settings/http_extra_headers_setting'
|
34
36
|
require 'puppet/settings/certificate_revocation_setting'
|
35
|
-
require 'puppet/settings/alias_setting'
|
36
37
|
|
37
38
|
# local reference for convenience
|
38
39
|
PuppetOptionParser = Puppet::Util::CommandLine::PuppetOptionParser
|
@@ -53,13 +54,14 @@ class Puppet::Settings
|
|
53
54
|
# returns reasonable application default settings values for a given run_mode.
|
54
55
|
def self.app_defaults_for_run_mode(run_mode)
|
55
56
|
{
|
56
|
-
:name
|
57
|
-
:run_mode
|
58
|
-
:confdir
|
59
|
-
:codedir
|
60
|
-
:vardir
|
61
|
-
:
|
62
|
-
:
|
57
|
+
:name => run_mode.to_s,
|
58
|
+
:run_mode => run_mode.name,
|
59
|
+
:confdir => run_mode.conf_dir,
|
60
|
+
:codedir => run_mode.code_dir,
|
61
|
+
:vardir => run_mode.var_dir,
|
62
|
+
:publicdir => run_mode.public_dir,
|
63
|
+
:rundir => run_mode.run_dir,
|
64
|
+
:logdir => run_mode.log_dir,
|
63
65
|
}
|
64
66
|
end
|
65
67
|
|
@@ -386,6 +388,19 @@ class Puppet::Settings
|
|
386
388
|
call_hooks_deferred_to_application_initialization
|
387
389
|
issue_deprecations
|
388
390
|
|
391
|
+
run_mode = Puppet::Util::RunMode[self.preferred_run_mode]
|
392
|
+
if run_mode.agent? || run_mode.server?
|
393
|
+
if self.set_in_section?(:masterport, run_mode.name) && !self.set_in_section?(:serverport, run_mode.name)
|
394
|
+
self[:serverport] = self[:masterport]
|
395
|
+
elsif self.set_by_config?(:masterport) && !self.set_by_config?(:serverport)
|
396
|
+
self[:serverport] = self[:masterport]
|
397
|
+
elsif self.set_in_section?(:serverport, run_mode.name) && !self.set_in_section?(:masterport, run_mode.name)
|
398
|
+
self[:masterport] = self[:serverport]
|
399
|
+
elsif self.set_by_config?(:serverport) && !self.set_by_config?(:masterport)
|
400
|
+
self[:masterport] = self[:serverport]
|
401
|
+
end
|
402
|
+
end
|
403
|
+
|
389
404
|
REQUIRED_APP_SETTINGS.each do |key|
|
390
405
|
create_ancestors(Puppet[key])
|
391
406
|
end
|
@@ -720,6 +735,8 @@ class Puppet::Settings
|
|
720
735
|
:file_or_directory => FileOrDirectorySetting,
|
721
736
|
:path => PathSetting,
|
722
737
|
:boolean => BooleanSetting,
|
738
|
+
:integer => IntegerSetting,
|
739
|
+
:port => PortSetting,
|
723
740
|
:terminus => TerminusSetting,
|
724
741
|
:duration => DurationSetting,
|
725
742
|
:ttl => TTLSetting,
|
@@ -730,8 +747,7 @@ class Puppet::Settings
|
|
730
747
|
:autosign => AutosignSetting,
|
731
748
|
:server_list => ServerListSetting,
|
732
749
|
:http_extra_headers => HttpExtraHeadersSetting,
|
733
|
-
:certificate_revocation => CertificateRevocationSetting
|
734
|
-
:alias => AliasSetting
|
750
|
+
:certificate_revocation => CertificateRevocationSetting
|
735
751
|
}
|
736
752
|
|
737
753
|
# Create a new setting. The value is passed in because it's used to determine
|
@@ -1074,41 +1090,48 @@ Generated on #{Time.now}.
|
|
1074
1090
|
# Create the necessary objects to use a section. This is idempotent;
|
1075
1091
|
# you can 'use' a section as many times as you want.
|
1076
1092
|
def use(*sections)
|
1077
|
-
|
1093
|
+
if Puppet[:settings_catalog]
|
1094
|
+
sections = sections.collect { |s| s.to_sym }
|
1095
|
+
sections = sections.reject { |s| @used.include?(s) }
|
1078
1096
|
|
1079
|
-
|
1080
|
-
sections |= [:master, :server] if (sections & [:master, :server]).any?
|
1097
|
+
Puppet.warning(":master section deprecated in favor of :server section") if sections.include?(:master)
|
1081
1098
|
|
1082
|
-
|
1083
|
-
|
1099
|
+
# add :server if sections include :master or :master if sections include :server
|
1100
|
+
sections |= [:master, :server] if (sections & [:master, :server]).any?
|
1084
1101
|
|
1085
|
-
|
1102
|
+
sections = sections.collect { |s| s.to_sym }
|
1103
|
+
sections = sections.reject { |s| @used.include?(s) }
|
1086
1104
|
|
1087
|
-
|
1105
|
+
return if sections.empty?
|
1088
1106
|
|
1089
|
-
|
1090
|
-
catalog = to_catalog(*sections).to_ral
|
1091
|
-
rescue => detail
|
1092
|
-
Puppet.log_and_raise(detail, "Could not create resources for managing Puppet's files and directories in sections #{sections.inspect}: #{detail}")
|
1093
|
-
end
|
1107
|
+
Puppet.debug { "Applying settings catalog for sections #{sections.join(', ')}" }
|
1094
1108
|
|
1095
|
-
|
1096
|
-
|
1097
|
-
|
1098
|
-
|
1099
|
-
|
1100
|
-
status_fail_msg = status_failures.
|
1101
|
-
collect(&:events).
|
1102
|
-
flatten.
|
1103
|
-
select { |event| event.status == 'failure' }.
|
1104
|
-
collect { |event| "#{event.resource}: #{event.message}" }.join("; ")
|
1109
|
+
begin
|
1110
|
+
catalog = to_catalog(*sections).to_ral
|
1111
|
+
rescue => detail
|
1112
|
+
Puppet.log_and_raise(detail, "Could not create resources for managing Puppet's files and directories in sections #{sections.inspect}: #{detail}")
|
1113
|
+
end
|
1105
1114
|
|
1106
|
-
|
1115
|
+
catalog.host_config = false
|
1116
|
+
catalog.apply do |transaction|
|
1117
|
+
if transaction.any_failed?
|
1118
|
+
report = transaction.report
|
1119
|
+
status_failures = report.resource_statuses.values.select { |r| r.failed? }
|
1120
|
+
status_fail_msg = status_failures.
|
1121
|
+
collect(&:events).
|
1122
|
+
flatten.
|
1123
|
+
select { |event| event.status == 'failure' }.
|
1124
|
+
collect { |event| "#{event.resource}: #{event.message}" }.join("; ")
|
1125
|
+
|
1126
|
+
raise "Got #{status_failures.length} failure(s) while initializing: #{status_fail_msg}"
|
1127
|
+
end
|
1107
1128
|
end
|
1108
|
-
end
|
1109
1129
|
|
1110
|
-
|
1111
|
-
|
1130
|
+
sections.each { |s| @used << s }
|
1131
|
+
@used.uniq!
|
1132
|
+
else
|
1133
|
+
Puppet.debug("Skipping settings catalog for sections #{sections.join(', ')}")
|
1134
|
+
end
|
1112
1135
|
end
|
1113
1136
|
|
1114
1137
|
def valid?(param)
|
@@ -1262,37 +1285,27 @@ Generated on #{Time.now}.
|
|
1262
1285
|
end
|
1263
1286
|
|
1264
1287
|
def add_environment_resources(catalog, sections)
|
1288
|
+
path = self[:environmentpath]
|
1289
|
+
envdir = path.split(File::PATH_SEPARATOR).first if path
|
1265
1290
|
configured_environment = self[:environment]
|
1266
|
-
|
1267
|
-
|
1268
|
-
|
1269
|
-
|
1270
|
-
|
1271
|
-
if Puppet::FileSystem.exist?(first_environment_path)
|
1272
|
-
production_environment_path = File.join(first_environment_path, configured_environment)
|
1291
|
+
if configured_environment == "production" && envdir && Puppet::FileSystem.exist?(envdir)
|
1292
|
+
configured_environment_path = File.join(envdir, configured_environment)
|
1293
|
+
# If configured_environment_path is a symlink, assume the source path is being managed
|
1294
|
+
# elsewhere, so don't do any of this configuration
|
1295
|
+
if !Puppet::FileSystem.symlink?(configured_environment_path)
|
1273
1296
|
parameters = { :ensure => 'directory' }
|
1274
|
-
|
1275
|
-
|
1276
|
-
|
1277
|
-
|
1297
|
+
unless Puppet::FileSystem.exist?(configured_environment_path)
|
1298
|
+
parameters[:mode] = '0750'
|
1299
|
+
if Puppet.features.root?
|
1300
|
+
parameters[:owner] = Puppet[:user] if service_user_available?
|
1301
|
+
parameters[:group] = Puppet[:group] if service_group_available?
|
1302
|
+
end
|
1278
1303
|
end
|
1279
|
-
catalog.add_resource(Puppet::Resource.new(:file,
|
1304
|
+
catalog.add_resource(Puppet::Resource.new(:file, configured_environment_path, :parameters => parameters))
|
1280
1305
|
end
|
1281
1306
|
end
|
1282
1307
|
end
|
1283
1308
|
|
1284
|
-
def production_environment_exists?
|
1285
|
-
environment_path = self[:environmentpath]
|
1286
|
-
paths = environment_path.split(File::PATH_SEPARATOR)
|
1287
|
-
|
1288
|
-
paths.any? do |path|
|
1289
|
-
# If expected_path is a symlink, assume the source path is being managed
|
1290
|
-
# elsewhere, so accept it also as a valid production environment path
|
1291
|
-
expected_path = File.join(path, 'production')
|
1292
|
-
Puppet::FileSystem.directory?(expected_path) || Puppet::FileSystem.symlink?(expected_path)
|
1293
|
-
end
|
1294
|
-
end
|
1295
|
-
|
1296
1309
|
def add_user_resources(catalog, sections)
|
1297
1310
|
return unless Puppet.features.root?
|
1298
1311
|
return if Puppet::Util::Platform.windows?
|
@@ -1393,12 +1406,6 @@ Generated on #{Time.now}.
|
|
1393
1406
|
end
|
1394
1407
|
end
|
1395
1408
|
|
1396
|
-
setting = @defaults[name]
|
1397
|
-
if setting.respond_to?(:alias_name)
|
1398
|
-
val = lookup(setting.alias_name)
|
1399
|
-
return val if val
|
1400
|
-
end
|
1401
|
-
|
1402
1409
|
@defaults[name].default
|
1403
1410
|
end
|
1404
1411
|
|
@@ -0,0 +1,17 @@
|
|
1
|
+
class Puppet::Settings::IntegerSetting < Puppet::Settings::BaseSetting
|
2
|
+
def munge(value)
|
3
|
+
return value if Integer === value
|
4
|
+
|
5
|
+
begin
|
6
|
+
value = Integer(value)
|
7
|
+
rescue ArgumentError, TypeError
|
8
|
+
raise Puppet::Settings::ValidationError, _("Cannot convert '%{value}' to an integer for parameter: %{name}") % { value: value.inspect, name: @name }
|
9
|
+
end
|
10
|
+
|
11
|
+
value
|
12
|
+
end
|
13
|
+
|
14
|
+
def type
|
15
|
+
:integer
|
16
|
+
end
|
17
|
+
end
|
@@ -0,0 +1,15 @@
|
|
1
|
+
class Puppet::Settings::PortSetting < Puppet::Settings::IntegerSetting
|
2
|
+
def munge(value)
|
3
|
+
value = super
|
4
|
+
|
5
|
+
if value < 0 || value > 65535
|
6
|
+
raise Puppet::Settings::ValidationError, _("Value '%{value}' is not a valid port number for parameter: %{name}") % { value: value.inspect, name: @name }
|
7
|
+
end
|
8
|
+
|
9
|
+
value
|
10
|
+
end
|
11
|
+
|
12
|
+
def type
|
13
|
+
:port
|
14
|
+
end
|
15
|
+
end
|
@@ -6,11 +6,12 @@ class Puppet::Settings::PrioritySetting < Puppet::Settings::BaseSetting
|
|
6
6
|
PRIORITY_MAP =
|
7
7
|
if Puppet::Util::Platform.windows?
|
8
8
|
require 'puppet/util/windows/process'
|
9
|
+
require 'puppet/ffi/windows/constants'
|
9
10
|
{
|
10
|
-
:high => Puppet::
|
11
|
-
:normal => Puppet::
|
12
|
-
:low => Puppet::
|
13
|
-
:idle => Puppet::
|
11
|
+
:high => Puppet::FFI::Windows::Constants::HIGH_PRIORITY_CLASS,
|
12
|
+
:normal => Puppet::FFI::Windows::Constants::NORMAL_PRIORITY_CLASS,
|
13
|
+
:low => Puppet::FFI::Windows::Constants::BELOW_NORMAL_PRIORITY_CLASS,
|
14
|
+
:idle => Puppet::FFI::Windows::Constants::IDLE_PRIORITY_CLASS
|
14
15
|
}
|
15
16
|
else
|
16
17
|
{
|
data/lib/puppet/ssl.rb
CHANGED
@@ -2,18 +2,22 @@
|
|
2
2
|
require 'puppet'
|
3
3
|
require 'puppet/ssl/openssl_loader'
|
4
4
|
|
5
|
+
# Responsible for bootstrapping an agent's certificate and private key, generating
|
6
|
+
# SSLContexts for use in making HTTPS connections, and handling CSR attributes and
|
7
|
+
# certificate extensions.
|
8
|
+
#
|
9
|
+
# @see Puppet::SSL::SSLProvider
|
5
10
|
# @api private
|
6
|
-
module Puppet::SSL
|
11
|
+
module Puppet::SSL
|
7
12
|
CA_NAME = "ca".freeze
|
8
|
-
|
13
|
+
|
9
14
|
require 'puppet/ssl/oids'
|
10
|
-
require 'puppet/ssl/validator'
|
11
|
-
require 'puppet/ssl/validator/no_validator'
|
12
|
-
require 'puppet/ssl/validator/default_validator'
|
13
15
|
require 'puppet/ssl/error'
|
14
16
|
require 'puppet/ssl/ssl_context'
|
15
17
|
require 'puppet/ssl/verifier'
|
16
|
-
require 'puppet/ssl/verifier_adapter'
|
17
18
|
require 'puppet/ssl/ssl_provider'
|
18
19
|
require 'puppet/ssl/state_machine'
|
20
|
+
require 'puppet/ssl/certificate'
|
21
|
+
require 'puppet/ssl/certificate_request'
|
22
|
+
require 'puppet/ssl/certificate_request_attributes'
|
19
23
|
end
|
data/lib/puppet/ssl/base.rb
CHANGED
@@ -1,7 +1,6 @@
|
|
1
1
|
require 'puppet/ssl/openssl_loader'
|
2
2
|
require 'puppet/ssl'
|
3
3
|
require 'puppet/ssl/digest'
|
4
|
-
require 'puppet/util/ssl'
|
5
4
|
|
6
5
|
# The base class for wrapping SSL instances.
|
7
6
|
class Puppet::SSL::Base
|
@@ -54,7 +53,9 @@ class Puppet::SSL::Base
|
|
54
53
|
#
|
55
54
|
# @return [String] the name (CN) extracted from the subject.
|
56
55
|
def self.name_from_subject(subject)
|
57
|
-
|
56
|
+
if subject.respond_to? :to_a
|
57
|
+
(subject.to_a.assoc('CN') || [])[1]
|
58
|
+
end
|
58
59
|
end
|
59
60
|
|
60
61
|
# Create an instance of our Puppet::SSL::* class using a given instance of the wrapped class
|
@@ -82,15 +83,12 @@ class Puppet::SSL::Base
|
|
82
83
|
# Read content from disk appropriately.
|
83
84
|
def read(path)
|
84
85
|
# applies to Puppet::SSL::Certificate, Puppet::SSL::CertificateRequest
|
85
|
-
# Puppet::SSL::Key uses this, but also provides its own override
|
86
86
|
# nothing derives from Puppet::SSL::Certificate, but it is called by a number of other SSL Indirectors:
|
87
87
|
# Puppet::Indirector::CertificateStatus::File (.indirection.find)
|
88
88
|
# Puppet::Network::HTTP::WEBrick (.indirection.find)
|
89
89
|
# Puppet::Network::HTTP::RackREST (.from_instance)
|
90
90
|
# Puppet::Network::HTTP::WEBrickREST (.from_instance)
|
91
|
-
# Puppet::SSL::Host (.indirection.find)
|
92
91
|
# Puppet::SSL::Inventory (.indirection.search, implements its own add / rebuild / serials with encoding UTF8)
|
93
|
-
# Puppet::SSL::Validator::DefaultValidator (.from_instance) / Puppet::SSL::Validator::NoValidator does nothing
|
94
92
|
@content = wrapped_class.new(Puppet::FileSystem.read(path, :encoding => Encoding::ASCII))
|
95
93
|
end
|
96
94
|
|
@@ -11,12 +11,6 @@ class Puppet::SSL::Certificate < Puppet::SSL::Base
|
|
11
11
|
# This is defined from the base class
|
12
12
|
wraps OpenSSL::X509::Certificate
|
13
13
|
|
14
|
-
extend Puppet::Indirector
|
15
|
-
indirects :certificate, :terminus_class => :file, :doc => <<DOC
|
16
|
-
This indirection wraps an `OpenSSL::X509::Certificate` object, representing a certificate (signed public key).
|
17
|
-
The indirection key is the certificate CN (generally a hostname).
|
18
|
-
DOC
|
19
|
-
|
20
14
|
# Because of how the format handler class is included, this
|
21
15
|
# can't be in the base class.
|
22
16
|
def self.supported_formats
|
@@ -28,13 +28,6 @@ require 'puppet/ssl/certificate_signer'
|
|
28
28
|
class Puppet::SSL::CertificateRequest < Puppet::SSL::Base
|
29
29
|
wraps OpenSSL::X509::Request
|
30
30
|
|
31
|
-
extend Puppet::Indirector
|
32
|
-
|
33
|
-
indirects :certificate_request, :terminus_class => :file, :doc => <<DOC
|
34
|
-
This indirection wraps an `OpenSSL::X509::Request` object, representing a certificate signing request (CSR).
|
35
|
-
The indirection key is the certificate CN (generally a hostname).
|
36
|
-
DOC
|
37
|
-
|
38
31
|
# Because of how the format handler class is included, this
|
39
32
|
# can't be in the base class.
|
40
33
|
def self.supported_formats
|
@@ -47,8 +40,7 @@ DOC
|
|
47
40
|
|
48
41
|
# Create a certificate request with our system settings.
|
49
42
|
#
|
50
|
-
# @param key [OpenSSL::X509::Key
|
51
|
-
# with this CSR.
|
43
|
+
# @param key [OpenSSL::X509::Key] The private key associated with this CSR.
|
52
44
|
# @param options [Hash]
|
53
45
|
# @option options [String] :dns_alt_names A comma separated list of
|
54
46
|
# Subject Alternative Names to include in the CSR extension request.
|
@@ -64,9 +56,6 @@ DOC
|
|
64
56
|
def generate(key, options = {})
|
65
57
|
Puppet.info _("Creating a new SSL certificate request for %{name}") % { name: name }
|
66
58
|
|
67
|
-
# Support either an actual SSL key, or a Puppet key.
|
68
|
-
key = key.content if key.is_a?(Puppet::SSL::Key)
|
69
|
-
|
70
59
|
# If we're a CSR for the CA, then use the real ca_name, rather than the
|
71
60
|
# fake 'ca' name. This is mostly for backward compatibility with 0.24.x,
|
72
61
|
# but it's also just a good idea.
|
@@ -27,6 +27,12 @@ class Puppet::SSL::CertificateSigner
|
|
27
27
|
@digest
|
28
28
|
end
|
29
29
|
|
30
|
+
# Sign a certificate signing request (CSR) with a private key.
|
31
|
+
#
|
32
|
+
# @param [OpenSSL::X509::Request] content The CSR to sign
|
33
|
+
# @param [OpenSSL::X509::PKey] key The private key to sign with
|
34
|
+
#
|
35
|
+
# @api private
|
30
36
|
def sign(content, key)
|
31
37
|
content.sign(key, @digest.new)
|
32
38
|
end
|
data/lib/puppet/ssl/oids.rb
CHANGED
@@ -2,10 +2,11 @@ require 'puppet/ssl'
|
|
2
2
|
|
3
3
|
# This module defines OIDs for use within Puppet.
|
4
4
|
#
|
5
|
-
#
|
5
|
+
# # ASN.1 Definition
|
6
6
|
#
|
7
7
|
# The following is the formal definition of OIDs specified in this file.
|
8
8
|
#
|
9
|
+
# ```
|
9
10
|
# puppetCertExtensions OBJECT IDENTIFIER ::= {iso(1) identified-organization(3)
|
10
11
|
# dod(6) internet(1) private(4) enterprise(1) 34380 1}
|
11
12
|
#
|
@@ -22,6 +23,7 @@ require 'puppet/ssl'
|
|
22
23
|
# pp_instance_id OBJECT IDENTIFIER ::= { registeredExtensions 2 }
|
23
24
|
# pp_image_name OBJECT IDENTIFIER ::= { registeredExtensions 3 }
|
24
25
|
# pp_preshared_key OBJECT IDENTIFIER ::= { registeredExtensions 4 }
|
26
|
+
# ```
|
25
27
|
#
|
26
28
|
# @api private
|
27
29
|
module Puppet::SSL::Oids
|
@@ -3,6 +3,23 @@ require 'puppet/ssl'
|
|
3
3
|
# SSL Provider creates `SSLContext` objects that can be used to create
|
4
4
|
# secure connections.
|
5
5
|
#
|
6
|
+
# @example To load an SSLContext from an existing private key and related certs/crls:
|
7
|
+
# ssl_context = provider.load_context
|
8
|
+
#
|
9
|
+
# @example To load an SSLContext from an existing password-protected private key and related certs/crls:
|
10
|
+
# ssl_context = provider.load_context(password: 'opensesame')
|
11
|
+
#
|
12
|
+
# @example To create an SSLContext from in-memory certs and keys:
|
13
|
+
# cacerts = [<OpenSSL::X509::Certificate>]
|
14
|
+
# crls = [<OpenSSL::X509::CRL>]
|
15
|
+
# key = <OpenSSL::X509::PKey>
|
16
|
+
# cert = <OpenSSL::X509::Certificate>
|
17
|
+
# ssl_context = provider.create_context(cacerts: cacerts, crls: crls, private_key: key, client_cert: cert)
|
18
|
+
#
|
19
|
+
# @example To create an SSLContext to connect to non-puppet HTTPS servers:
|
20
|
+
# cacerts = [<OpenSSL::X509::Certificate>]
|
21
|
+
# ssl_context = provider.create_root_context(cacerts: cacerts)
|
22
|
+
#
|
6
23
|
# @api private
|
7
24
|
class Puppet::SSL::SSLProvider
|
8
25
|
# Create an insecure `SSLContext`. Connections made from the returned context
|