puppet 6.20.0-x86-mingw32 → 7.4.0-x86-mingw32

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of puppet might be problematic. Click here for more details.

Files changed (430) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +1 -4
  3. data/Gemfile.lock +13 -13
  4. data/README.md +1 -1
  5. data/conf/fileserver.conf +5 -10
  6. data/ext/build_defaults.yaml +1 -2
  7. data/ext/osx/file_mapping.yaml +0 -5
  8. data/ext/project_data.yaml +2 -14
  9. data/ext/redhat/puppet.spec.erb +0 -1
  10. data/ext/windows/service/daemon.rb +6 -5
  11. data/install.rb +21 -17
  12. data/lib/puppet.rb +11 -20
  13. data/lib/puppet/application.rb +172 -98
  14. data/lib/puppet/application/device.rb +100 -104
  15. data/lib/puppet/application/filebucket.rb +13 -9
  16. data/lib/puppet/application/ssl.rb +1 -1
  17. data/lib/puppet/configurer.rb +27 -29
  18. data/lib/puppet/configurer/plugin_handler.rb +21 -19
  19. data/lib/puppet/defaults.rb +57 -162
  20. data/lib/puppet/environments.rb +8 -23
  21. data/lib/puppet/face/facts.rb +73 -49
  22. data/lib/puppet/face/help.rb +1 -1
  23. data/lib/puppet/face/node/clean.rb +8 -0
  24. data/lib/puppet/face/plugin.rb +5 -8
  25. data/lib/puppet/ffi/windows.rb +12 -0
  26. data/lib/puppet/ffi/windows/api_types.rb +311 -0
  27. data/lib/puppet/ffi/windows/constants.rb +404 -0
  28. data/lib/puppet/ffi/windows/functions.rb +628 -0
  29. data/lib/puppet/ffi/windows/structs.rb +338 -0
  30. data/lib/puppet/file_serving/configuration.rb +0 -5
  31. data/lib/puppet/file_serving/configuration/parser.rb +6 -32
  32. data/lib/puppet/file_serving/http_metadata.rb +1 -1
  33. data/lib/puppet/file_serving/mount.rb +1 -2
  34. data/lib/puppet/forge/repository.rb +0 -1
  35. data/lib/puppet/generate/models/type/type.rb +4 -1
  36. data/lib/puppet/http.rb +22 -13
  37. data/lib/puppet/http/client.rb +164 -114
  38. data/lib/puppet/{network/resolver.rb → http/dns.rb} +2 -2
  39. data/lib/puppet/http/errors.rb +16 -0
  40. data/lib/puppet/http/external_client.rb +5 -7
  41. data/lib/puppet/{network/http → http}/factory.rb +8 -11
  42. data/lib/puppet/{network/http → http}/pool.rb +61 -26
  43. data/lib/puppet/{network/http/session.rb → http/pool_entry.rb} +2 -3
  44. data/lib/puppet/http/proxy.rb +137 -0
  45. data/lib/puppet/http/redirector.rb +4 -12
  46. data/lib/puppet/http/resolver.rb +5 -15
  47. data/lib/puppet/http/resolver/server_list.rb +6 -10
  48. data/lib/puppet/http/resolver/settings.rb +4 -7
  49. data/lib/puppet/http/resolver/srv.rb +7 -11
  50. data/lib/puppet/http/response.rb +36 -54
  51. data/lib/puppet/http/response_converter.rb +24 -0
  52. data/lib/puppet/http/response_net_http.rb +42 -0
  53. data/lib/puppet/http/retry_after_handler.rb +4 -13
  54. data/lib/puppet/http/service.rb +12 -26
  55. data/lib/puppet/http/service/ca.rb +11 -22
  56. data/lib/puppet/http/service/compiler.rb +22 -69
  57. data/lib/puppet/http/service/file_server.rb +18 -27
  58. data/lib/puppet/http/service/puppetserver.rb +26 -12
  59. data/lib/puppet/http/service/report.rb +8 -10
  60. data/lib/puppet/http/session.rb +11 -20
  61. data/lib/puppet/{network/http → http}/site.rb +1 -2
  62. data/lib/puppet/indirector/catalog/rest.rb +2 -4
  63. data/lib/puppet/indirector/facts/facter.rb +25 -3
  64. data/lib/puppet/indirector/facts/rest.rb +3 -22
  65. data/lib/puppet/indirector/file_bucket_file/rest.rb +3 -9
  66. data/lib/puppet/indirector/file_content/rest.rb +2 -6
  67. data/lib/puppet/indirector/file_metadata/rest.rb +3 -9
  68. data/lib/puppet/indirector/file_server.rb +1 -8
  69. data/lib/puppet/indirector/generic_http.rb +0 -11
  70. data/lib/puppet/indirector/node/rest.rb +2 -4
  71. data/lib/puppet/indirector/report/rest.rb +3 -8
  72. data/lib/puppet/indirector/request.rb +0 -101
  73. data/lib/puppet/indirector/rest.rb +12 -263
  74. data/lib/puppet/module_tool/applications.rb +0 -1
  75. data/lib/puppet/network/authconfig.rb +2 -96
  76. data/lib/puppet/network/authorization.rb +13 -35
  77. data/lib/puppet/network/formats.rb +67 -0
  78. data/lib/puppet/network/http.rb +3 -3
  79. data/lib/puppet/network/http/api/indirected_routes.rb +2 -20
  80. data/lib/puppet/network/http/api/master/v3.rb +11 -13
  81. data/lib/puppet/network/http/connection.rb +247 -316
  82. data/lib/puppet/network/http/handler.rb +0 -1
  83. data/lib/puppet/network/http_pool.rb +16 -34
  84. data/lib/puppet/node.rb +1 -30
  85. data/lib/puppet/pal/json_catalog_encoder.rb +4 -0
  86. data/lib/puppet/pal/pal_impl.rb +3 -1
  87. data/lib/puppet/parser/ast/pops_bridge.rb +0 -38
  88. data/lib/puppet/parser/compiler.rb +0 -198
  89. data/lib/puppet/parser/compiler/catalog_validator/relationship_validator.rb +14 -39
  90. data/lib/puppet/parser/resource.rb +0 -69
  91. data/lib/puppet/pops/evaluator/evaluator_impl.rb +0 -5
  92. data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +3 -3
  93. data/lib/puppet/pops/evaluator/runtime3_support.rb +1 -1
  94. data/lib/puppet/pops/issues.rb +0 -5
  95. data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +6 -8
  96. data/lib/puppet/pops/model/ast.pp +0 -42
  97. data/lib/puppet/pops/model/ast.rb +0 -290
  98. data/lib/puppet/pops/model/factory.rb +0 -45
  99. data/lib/puppet/pops/model/model_label_provider.rb +0 -5
  100. data/lib/puppet/pops/model/model_tree_dumper.rb +0 -22
  101. data/lib/puppet/pops/model/pn_transformer.rb +0 -16
  102. data/lib/puppet/pops/parser/egrammar.ra +0 -56
  103. data/lib/puppet/pops/parser/eparser.rb +1520 -1712
  104. data/lib/puppet/pops/parser/lexer2.rb +4 -4
  105. data/lib/puppet/pops/parser/parser_support.rb +0 -5
  106. data/lib/puppet/pops/resource/resource_type_impl.rb +2 -24
  107. data/lib/puppet/pops/types/type_calculator.rb +0 -7
  108. data/lib/puppet/pops/types/type_parser.rb +0 -4
  109. data/lib/puppet/pops/types/types.rb +0 -1
  110. data/lib/puppet/pops/validation/checker4_0.rb +9 -37
  111. data/lib/puppet/pops/validation/tasks_checker.rb +0 -12
  112. data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -2
  113. data/lib/puppet/property/list.rb +1 -1
  114. data/lib/puppet/provider.rb +0 -13
  115. data/lib/puppet/provider/group/groupadd.rb +13 -8
  116. data/lib/puppet/provider/nameservice.rb +0 -18
  117. data/lib/puppet/provider/package/apt.rb +30 -2
  118. data/lib/puppet/provider/package/aptitude.rb +6 -0
  119. data/lib/puppet/provider/package/dpkg.rb +0 -10
  120. data/lib/puppet/provider/package/gem.rb +23 -3
  121. data/lib/puppet/provider/package/pip.rb +0 -1
  122. data/lib/puppet/provider/package/pkg.rb +0 -4
  123. data/lib/puppet/provider/package/portage.rb +1 -1
  124. data/lib/puppet/provider/package/puppet_gem.rb +1 -4
  125. data/lib/puppet/provider/service/debian.rb +2 -0
  126. data/lib/puppet/provider/service/smf.rb +191 -73
  127. data/lib/puppet/provider/user/directoryservice.rb +0 -10
  128. data/lib/puppet/provider/user/useradd.rb +55 -8
  129. data/lib/puppet/reference/configuration.rb +7 -5
  130. data/lib/puppet/reference/indirection.rb +1 -1
  131. data/lib/puppet/resource.rb +1 -89
  132. data/lib/puppet/resource/catalog.rb +1 -14
  133. data/lib/puppet/resource/type.rb +3 -119
  134. data/lib/puppet/resource/type_collection.rb +3 -48
  135. data/lib/puppet/runtime.rb +1 -2
  136. data/lib/puppet/settings.rb +45 -33
  137. data/lib/puppet/settings/integer_setting.rb +17 -0
  138. data/lib/puppet/settings/port_setting.rb +15 -0
  139. data/lib/puppet/settings/priority_setting.rb +5 -4
  140. data/lib/puppet/ssl.rb +10 -6
  141. data/lib/puppet/ssl/base.rb +3 -5
  142. data/lib/puppet/ssl/certificate.rb +0 -6
  143. data/lib/puppet/ssl/certificate_request.rb +1 -12
  144. data/lib/puppet/ssl/certificate_signer.rb +6 -0
  145. data/lib/puppet/ssl/oids.rb +3 -1
  146. data/lib/puppet/ssl/ssl_provider.rb +17 -0
  147. data/lib/puppet/ssl/state_machine.rb +3 -1
  148. data/lib/puppet/ssl/verifier.rb +2 -0
  149. data/lib/puppet/test/test_helper.rb +1 -3
  150. data/lib/puppet/transaction.rb +1 -7
  151. data/lib/puppet/transaction/report.rb +2 -4
  152. data/lib/puppet/type.rb +0 -76
  153. data/lib/puppet/type/file.rb +5 -7
  154. data/lib/puppet/type/file/checksum.rb +1 -1
  155. data/lib/puppet/type/file/source.rb +1 -1
  156. data/lib/puppet/type/filebucket.rb +3 -3
  157. data/lib/puppet/type/package.rb +8 -16
  158. data/lib/puppet/type/user.rb +1 -1
  159. data/lib/puppet/util/execution.rb +0 -11
  160. data/lib/puppet/util/http_proxy.rb +2 -215
  161. data/lib/puppet/util/monkey_patches.rb +0 -46
  162. data/lib/puppet/util/rdoc.rb +0 -7
  163. data/lib/puppet/util/retry_action.rb +1 -1
  164. data/lib/puppet/util/run_mode.rb +9 -1
  165. data/lib/puppet/util/windows.rb +3 -8
  166. data/lib/puppet/util/windows/daemon.rb +360 -0
  167. data/lib/puppet/util/windows/error.rb +1 -0
  168. data/lib/puppet/util/windows/eventlog.rb +4 -9
  169. data/lib/puppet/util/windows/file.rb +8 -242
  170. data/lib/puppet/util/windows/monkey_patches/process.rb +414 -0
  171. data/lib/puppet/util/windows/process.rb +4 -226
  172. data/lib/puppet/util/windows/service.rb +9 -460
  173. data/lib/puppet/util/windows/string.rb +12 -13
  174. data/lib/puppet/util/yaml.rb +0 -22
  175. data/lib/puppet/vendor/require_vendored.rb +0 -1
  176. data/lib/puppet/version.rb +1 -1
  177. data/lib/puppet/x509.rb +5 -1
  178. data/lib/puppet/x509/cert_provider.rb +29 -1
  179. data/locales/puppet.pot +521 -1226
  180. data/man/man5/puppet.conf.5 +35 -95
  181. data/man/man8/puppet-agent.8 +1 -1
  182. data/man/man8/puppet-apply.8 +1 -1
  183. data/man/man8/puppet-catalog.8 +1 -1
  184. data/man/man8/puppet-config.8 +1 -1
  185. data/man/man8/puppet-describe.8 +1 -1
  186. data/man/man8/puppet-device.8 +1 -1
  187. data/man/man8/puppet-doc.8 +1 -1
  188. data/man/man8/puppet-epp.8 +1 -1
  189. data/man/man8/puppet-facts.8 +57 -36
  190. data/man/man8/puppet-filebucket.8 +4 -4
  191. data/man/man8/puppet-generate.8 +1 -1
  192. data/man/man8/puppet-help.8 +1 -1
  193. data/man/man8/puppet-lookup.8 +1 -1
  194. data/man/man8/puppet-module.8 +1 -58
  195. data/man/man8/puppet-node.8 +1 -1
  196. data/man/man8/puppet-parser.8 +1 -1
  197. data/man/man8/puppet-plugin.8 +1 -1
  198. data/man/man8/puppet-report.8 +1 -1
  199. data/man/man8/puppet-resource.8 +1 -1
  200. data/man/man8/puppet-script.8 +1 -1
  201. data/man/man8/puppet-ssl.8 +1 -1
  202. data/man/man8/puppet.8 +2 -2
  203. data/spec/fixtures/unit/provider/service/smf/{svcs.out → svcs_instances.out} +0 -0
  204. data/spec/integration/application/agent_spec.rb +57 -11
  205. data/spec/integration/application/apply_spec.rb +1 -1
  206. data/spec/integration/application/filebucket_spec.rb +16 -16
  207. data/spec/integration/application/help_spec.rb +2 -0
  208. data/spec/integration/application/plugin_spec.rb +23 -1
  209. data/spec/integration/defaults_spec.rb +7 -3
  210. data/spec/integration/indirector/file_content/file_server_spec.rb +0 -2
  211. data/spec/integration/indirector/file_metadata/file_server_spec.rb +0 -2
  212. data/spec/integration/network/http_pool_spec.rb +3 -21
  213. data/spec/integration/parser/catalog_spec.rb +0 -38
  214. data/spec/integration/parser/node_spec.rb +0 -9
  215. data/spec/integration/parser/pcore_resource_spec.rb +0 -37
  216. data/spec/integration/type/file_spec.rb +5 -4
  217. data/spec/integration/util/windows/monkey_patches/process_spec.rb +231 -0
  218. data/spec/integration/util/windows/security_spec.rb +1 -1
  219. data/spec/lib/puppet_spec/puppetserver.rb +1 -1
  220. data/spec/lib/puppet_spec/settings.rb +1 -0
  221. data/spec/spec_helper.rb +2 -0
  222. data/spec/unit/agent_spec.rb +0 -2
  223. data/spec/unit/application/facts_spec.rb +86 -0
  224. data/spec/unit/application/filebucket_spec.rb +41 -39
  225. data/spec/unit/application/ssl_spec.rb +2 -2
  226. data/spec/unit/certificate_factory_spec.rb +1 -1
  227. data/spec/unit/configurer/downloader_spec.rb +6 -2
  228. data/spec/unit/configurer/plugin_handler_spec.rb +56 -18
  229. data/spec/unit/configurer_spec.rb +12 -9
  230. data/spec/unit/context/trusted_information_spec.rb +2 -6
  231. data/spec/unit/defaults_spec.rb +22 -47
  232. data/spec/unit/environments_spec.rb +0 -3
  233. data/spec/unit/face/facts_spec.rb +4 -0
  234. data/spec/unit/face/node_spec.rb +14 -2
  235. data/spec/unit/face/plugin_spec.rb +73 -33
  236. data/spec/unit/file_bucket/file_spec.rb +1 -1
  237. data/spec/unit/file_serving/configuration/parser_spec.rb +22 -18
  238. data/spec/unit/file_serving/configuration_spec.rb +6 -12
  239. data/spec/unit/functions/camelcase_spec.rb +1 -1
  240. data/spec/unit/functions/capitalize_spec.rb +1 -1
  241. data/spec/unit/functions/downcase_spec.rb +1 -1
  242. data/spec/unit/functions/upcase_spec.rb +1 -1
  243. data/spec/unit/http/client_spec.rb +7 -8
  244. data/spec/unit/{network/resolver_spec.rb → http/dns_spec.rb} +3 -3
  245. data/spec/unit/http/external_client_spec.rb +4 -4
  246. data/spec/unit/{network/http → http}/factory_spec.rb +5 -11
  247. data/spec/unit/{network/http/session_spec.rb → http/pool_entry_spec.rb} +3 -3
  248. data/spec/unit/{network/http → http}/pool_spec.rb +12 -17
  249. data/spec/unit/{util/http_proxy_spec.rb → http/proxy_spec.rb} +2 -69
  250. data/spec/unit/http/resolver_spec.rb +13 -13
  251. data/spec/unit/http/service/compiler_spec.rb +0 -62
  252. data/spec/unit/http/service/file_server_spec.rb +3 -3
  253. data/spec/unit/http/service/puppetserver_spec.rb +34 -4
  254. data/spec/unit/http/service_spec.rb +0 -1
  255. data/spec/unit/http/session_spec.rb +16 -14
  256. data/spec/unit/{network/http → http}/site_spec.rb +3 -3
  257. data/spec/unit/indirector/facts/facter_spec.rb +113 -0
  258. data/spec/unit/indirector/file_bucket_file/file_spec.rb +5 -3
  259. data/spec/unit/indirector/file_content/rest_spec.rb +0 -4
  260. data/spec/unit/indirector/file_metadata/rest_spec.rb +0 -4
  261. data/spec/unit/indirector/file_server_spec.rb +1 -15
  262. data/spec/unit/indirector/report/rest_spec.rb +2 -17
  263. data/spec/unit/indirector/request_spec.rb +0 -264
  264. data/spec/unit/indirector/rest_spec.rb +98 -752
  265. data/spec/unit/network/authconfig_spec.rb +2 -129
  266. data/spec/unit/network/authorization_spec.rb +2 -55
  267. data/spec/unit/network/formats_spec.rb +45 -4
  268. data/spec/unit/network/http/api/indirected_routes_spec.rb +1 -92
  269. data/spec/unit/network/http/api/master/v3_spec.rb +28 -7
  270. data/spec/unit/network/http/api_spec.rb +10 -0
  271. data/spec/unit/network/http/connection_spec.rb +19 -41
  272. data/spec/unit/network/http/handler_spec.rb +0 -1
  273. data/spec/unit/network/http_pool_spec.rb +0 -4
  274. data/spec/unit/node/environment_spec.rb +33 -21
  275. data/spec/unit/node_spec.rb +2 -54
  276. data/spec/unit/parser/functions/create_resources_spec.rb +2 -20
  277. data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +4 -7
  278. data/spec/unit/pops/loaders/loaders_spec.rb +6 -21
  279. data/spec/unit/pops/parser/parse_application_spec.rb +4 -22
  280. data/spec/unit/pops/parser/parse_basic_expressions_spec.rb +0 -1
  281. data/spec/unit/pops/parser/parse_capabilities_spec.rb +8 -21
  282. data/spec/unit/pops/parser/parse_site_spec.rb +20 -24
  283. data/spec/unit/pops/resource/resource_type_impl_spec.rb +0 -71
  284. data/spec/unit/pops/serialization/to_from_hr_spec.rb +1 -1
  285. data/spec/unit/pops/types/type_calculator_spec.rb +6 -6
  286. data/spec/unit/pops/types/type_factory_spec.rb +1 -1
  287. data/spec/unit/pops/validator/validator_spec.rb +61 -46
  288. data/spec/unit/pops/visitor_spec.rb +1 -1
  289. data/spec/unit/provider/group/groupadd_spec.rb +5 -2
  290. data/spec/unit/provider/nameservice_spec.rb +0 -57
  291. data/spec/unit/provider/package/apt_spec.rb +24 -15
  292. data/spec/unit/provider/package/aptitude_spec.rb +1 -1
  293. data/spec/unit/provider/package/dpkg_spec.rb +0 -48
  294. data/spec/unit/provider/package/gem_spec.rb +32 -0
  295. data/spec/unit/provider/package/puppet_gem_spec.rb +3 -2
  296. data/spec/unit/provider/service/smf_spec.rb +401 -165
  297. data/spec/unit/provider/service/windows_spec.rb +0 -1
  298. data/spec/unit/provider/user/useradd_spec.rb +55 -3
  299. data/spec/unit/provider_spec.rb +0 -12
  300. data/spec/unit/resource/type_collection_spec.rb +2 -22
  301. data/spec/unit/resource_spec.rb +0 -56
  302. data/spec/unit/settings/http_extra_headers_spec.rb +2 -4
  303. data/spec/unit/settings/integer_setting_spec.rb +42 -0
  304. data/spec/unit/settings/port_setting_spec.rb +31 -0
  305. data/spec/unit/settings/priority_setting_spec.rb +4 -4
  306. data/spec/unit/settings_spec.rb +17 -0
  307. data/spec/unit/ssl/base_spec.rb +36 -3
  308. data/spec/unit/ssl/certificate_request_spec.rb +19 -55
  309. data/spec/unit/ssl/certificate_spec.rb +2 -11
  310. data/spec/unit/ssl/state_machine_spec.rb +0 -1
  311. data/spec/unit/ssl/verifier_spec.rb +0 -21
  312. data/spec/unit/transaction/report_spec.rb +0 -2
  313. data/spec/unit/transaction/resource_harness_spec.rb +2 -2
  314. data/spec/unit/transaction_spec.rb +45 -79
  315. data/spec/unit/type/file/checksum_spec.rb +6 -6
  316. data/spec/unit/type/file/content_spec.rb +1 -1
  317. data/spec/unit/type/file/ensure_spec.rb +1 -1
  318. data/spec/unit/type/file/mode_spec.rb +1 -1
  319. data/spec/unit/type/file/source_spec.rb +0 -1
  320. data/spec/unit/type/file_spec.rb +12 -6
  321. data/spec/unit/type/package_spec.rb +1 -1
  322. data/spec/unit/type_spec.rb +20 -0
  323. data/spec/unit/util/backups_spec.rb +0 -2
  324. data/spec/unit/util/execution_spec.rb +0 -29
  325. data/spec/unit/util/monkey_patches_spec.rb +0 -6
  326. data/spec/unit/util/run_mode_spec.rb +21 -121
  327. data/spec/unit/util/windows/string_spec.rb +1 -3
  328. data/spec/unit/util/yaml_spec.rb +0 -54
  329. data/spec/unit/util_spec.rb +0 -18
  330. metadata +48 -219
  331. data/conf/auth.conf +0 -150
  332. data/lib/puppet/application/cert.rb +0 -76
  333. data/lib/puppet/application/key.rb +0 -4
  334. data/lib/puppet/application/man.rb +0 -4
  335. data/lib/puppet/application/status.rb +0 -4
  336. data/lib/puppet/face/key.rb +0 -16
  337. data/lib/puppet/face/man.rb +0 -145
  338. data/lib/puppet/face/module/build.rb +0 -14
  339. data/lib/puppet/face/module/generate.rb +0 -14
  340. data/lib/puppet/face/module/search.rb +0 -103
  341. data/lib/puppet/face/status.rb +0 -51
  342. data/lib/puppet/indirector/certificate/file.rb +0 -9
  343. data/lib/puppet/indirector/certificate/rest.rb +0 -18
  344. data/lib/puppet/indirector/certificate_request/file.rb +0 -9
  345. data/lib/puppet/indirector/certificate_request/memory.rb +0 -7
  346. data/lib/puppet/indirector/certificate_request/rest.rb +0 -11
  347. data/lib/puppet/indirector/file_content/http.rb +0 -22
  348. data/lib/puppet/indirector/key/file.rb +0 -46
  349. data/lib/puppet/indirector/key/memory.rb +0 -7
  350. data/lib/puppet/indirector/ssl_file.rb +0 -162
  351. data/lib/puppet/indirector/status.rb +0 -3
  352. data/lib/puppet/indirector/status/local.rb +0 -12
  353. data/lib/puppet/indirector/status/rest.rb +0 -27
  354. data/lib/puppet/module_tool/applications/searcher.rb +0 -29
  355. data/lib/puppet/network/auth_config_parser.rb +0 -90
  356. data/lib/puppet/network/authstore.rb +0 -283
  357. data/lib/puppet/network/http/api/master/v3/authorization.rb +0 -18
  358. data/lib/puppet/network/http/api/master/v3/environment.rb +0 -88
  359. data/lib/puppet/network/http/base_pool.rb +0 -36
  360. data/lib/puppet/network/http/compression.rb +0 -127
  361. data/lib/puppet/network/http/connection_adapter.rb +0 -184
  362. data/lib/puppet/network/http/nocache_pool.rb +0 -28
  363. data/lib/puppet/network/rest_controller.rb +0 -2
  364. data/lib/puppet/network/rights.rb +0 -210
  365. data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +0 -66
  366. data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +0 -22
  367. data/lib/puppet/parser/environment_compiler.rb +0 -202
  368. data/lib/puppet/pops/types/enumeration.rb +0 -16
  369. data/lib/puppet/resource/capability_finder.rb +0 -154
  370. data/lib/puppet/rest/errors.rb +0 -15
  371. data/lib/puppet/rest/response.rb +0 -35
  372. data/lib/puppet/rest/route.rb +0 -85
  373. data/lib/puppet/rest/routes.rb +0 -135
  374. data/lib/puppet/ssl/host.rb +0 -505
  375. data/lib/puppet/ssl/key.rb +0 -61
  376. data/lib/puppet/ssl/validator.rb +0 -61
  377. data/lib/puppet/ssl/validator/default_validator.rb +0 -209
  378. data/lib/puppet/ssl/validator/no_validator.rb +0 -22
  379. data/lib/puppet/ssl/verifier_adapter.rb +0 -58
  380. data/lib/puppet/status.rb +0 -40
  381. data/lib/puppet/util/connection.rb +0 -88
  382. data/lib/puppet/util/fact_dif.rb +0 -62
  383. data/lib/puppet/util/ssl.rb +0 -83
  384. data/lib/puppet/util/windows/api_types.rb +0 -309
  385. data/lib/puppet/util/windows/monkey_patches/dir.rb +0 -40
  386. data/lib/puppet/vendor/load_pathspec.rb +0 -1
  387. data/lib/puppet/vendor/pathspec/CHANGELOG.md +0 -2
  388. data/lib/puppet/vendor/pathspec/LICENSE +0 -201
  389. data/lib/puppet/vendor/pathspec/PUPPET_README.md +0 -6
  390. data/lib/puppet/vendor/pathspec/README.md +0 -53
  391. data/lib/puppet/vendor/pathspec/lib/pathspec.rb +0 -122
  392. data/lib/puppet/vendor/pathspec/lib/pathspec/gitignorespec.rb +0 -275
  393. data/lib/puppet/vendor/pathspec/lib/pathspec/regexspec.rb +0 -17
  394. data/lib/puppet/vendor/pathspec/lib/pathspec/spec.rb +0 -14
  395. data/man/man8/puppet-key.8 +0 -126
  396. data/man/man8/puppet-man.8 +0 -76
  397. data/man/man8/puppet-status.8 +0 -108
  398. data/spec/integration/network/authconfig_spec.rb +0 -256
  399. data/spec/integration/util/windows/monkey_patches/dir_spec.rb +0 -11
  400. data/spec/unit/application/man_spec.rb +0 -52
  401. data/spec/unit/capability_spec.rb +0 -414
  402. data/spec/unit/face/key_spec.rb +0 -9
  403. data/spec/unit/face/module/search_spec.rb +0 -231
  404. data/spec/unit/face/status_spec.rb +0 -9
  405. data/spec/unit/indirector/certificate/file_spec.rb +0 -14
  406. data/spec/unit/indirector/certificate/rest_spec.rb +0 -61
  407. data/spec/unit/indirector/certificate_request/file_spec.rb +0 -14
  408. data/spec/unit/indirector/certificate_request/rest_spec.rb +0 -25
  409. data/spec/unit/indirector/key/file_spec.rb +0 -78
  410. data/spec/unit/indirector/ssl_file_spec.rb +0 -305
  411. data/spec/unit/indirector/status/local_spec.rb +0 -10
  412. data/spec/unit/indirector/status/rest_spec.rb +0 -50
  413. data/spec/unit/module_tool/applications/searcher_spec.rb +0 -38
  414. data/spec/unit/network/auth_config_parser_spec.rb +0 -115
  415. data/spec/unit/network/authstore_spec.rb +0 -422
  416. data/spec/unit/network/http/api/master/v3/authorization_spec.rb +0 -57
  417. data/spec/unit/network/http/api/master/v3/environment_spec.rb +0 -185
  418. data/spec/unit/network/http/compression_spec.rb +0 -240
  419. data/spec/unit/network/http/nocache_pool_spec.rb +0 -64
  420. data/spec/unit/network/http_spec.rb +0 -9
  421. data/spec/unit/network/rights_spec.rb +0 -439
  422. data/spec/unit/parser/environment_compiler_spec.rb +0 -730
  423. data/spec/unit/pops/types/enumeration_spec.rb +0 -51
  424. data/spec/unit/resource/capability_finder_spec.rb +0 -148
  425. data/spec/unit/rest/route_spec.rb +0 -132
  426. data/spec/unit/ssl/host_spec.rb +0 -645
  427. data/spec/unit/ssl/key_spec.rb +0 -173
  428. data/spec/unit/ssl/validator_spec.rb +0 -278
  429. data/spec/unit/status_spec.rb +0 -45
  430. data/spec/unit/util/ssl_spec.rb +0 -91
@@ -1,61 +0,0 @@
1
- require 'puppet/ssl/base'
2
- require 'puppet/indirector'
3
-
4
- # Manage private and public keys as a pair.
5
- #
6
- # @deprecated Use {Puppet::SSL::SSLProvider} instead.
7
- class Puppet::SSL::Key < Puppet::SSL::Base
8
- wraps OpenSSL::PKey::RSA
9
-
10
- extend Puppet::Indirector
11
- indirects :key, :terminus_class => :file, :doc => <<DOC
12
- This indirection wraps an `OpenSSL::PKey::RSA object, representing a private key.
13
- The indirection key is the certificate CN (generally a hostname).
14
- DOC
15
-
16
- # Because of how the format handler class is included, this
17
- # can't be in the base class.
18
- def self.supported_formats
19
- [:s]
20
- end
21
-
22
- attr_accessor :password_file
23
-
24
- # Knows how to create keys with our system defaults.
25
- def generate
26
- Puppet.info _("Creating a new SSL key for %{name}") % { name: name }
27
- @content = OpenSSL::PKey::RSA.new(Puppet[:keylength].to_i)
28
- end
29
-
30
- def initialize(name)
31
- super
32
-
33
- @password_file = Puppet[:passfile]
34
- end
35
-
36
- def password
37
- return nil unless password_file and Puppet::FileSystem.exist?(password_file)
38
-
39
- # Puppet generates files at the default Puppet[:capass] using ASCII
40
- # User configured :passfile could be in any encoding
41
- # Use BINARY given the string is passed to an OpenSSL API accepting bytes
42
- # note this is only called internally
43
- Puppet::FileSystem.read(password_file, :encoding => Encoding::BINARY)
44
- end
45
-
46
- # Optionally support specifying a password file.
47
- def read(path)
48
- return super unless password_file
49
-
50
- # RFC 1421 states PEM is 7-bit ASCII https://tools.ietf.org/html/rfc1421
51
- @content = wrapped_class.new(Puppet::FileSystem.read(path, :encoding => Encoding::ASCII), password)
52
- end
53
-
54
- def to_s
55
- if password
56
- @content.export(OpenSSL::Cipher::DES.new(:EDE3, :CBC), password)
57
- else
58
- return super
59
- end
60
- end
61
- end
@@ -1,61 +0,0 @@
1
- require 'puppet/ssl/openssl_loader'
2
-
3
- # API for certificate verification
4
- #
5
- # @deprecated
6
- # @api public
7
- class Puppet::SSL::Validator
8
-
9
- # Factory method for creating an instance of a null/no validator.
10
- # This method does not have to be implemented by concrete implementations of this API.
11
- #
12
- # @return [Puppet::SSL::Validator] produces a validator that performs no validation
13
- #
14
- # @api public
15
- #
16
- def self.no_validator()
17
- @@no_validator_cache ||= Puppet::SSL::Validator::NoValidator.new()
18
- end
19
-
20
- # Factory method for creating an instance of the default Puppet validator.
21
- # This method does not have to be implemented by concrete implementations of this API.
22
- #
23
- # @return [Puppet::SSL::Validator] produces a validator that performs no validation
24
- #
25
- # @api public
26
- #
27
- def self.default_validator()
28
- Puppet::SSL::Validator::DefaultValidator.new()
29
- end
30
-
31
- # Array of peer certificates
32
- # @return [Array<Puppet::SSL::Certificate>] peer certificates
33
- #
34
- # @api public
35
- #
36
- def peer_certs
37
- raise NotImplementedError, "Concrete class should have implemented this method"
38
- end
39
-
40
- # Contains the result of validation
41
- # @return [Array<String>, nil] nil, empty Array, or Array with messages
42
- #
43
- # @api public
44
- #
45
- def verify_errors
46
- raise NotImplementedError, "Concrete class should have implemented this method"
47
- end
48
-
49
- # Registers the connection to validate.
50
- #
51
- # @param [Net::HTTP] connection The connection to validate
52
- #
53
- # @return [void]
54
- #
55
- # @api public
56
- #
57
- def setup_connection(connection)
58
- raise NotImplementedError, "Concrete class should have implemented this method"
59
- end
60
- end
61
-
@@ -1,209 +0,0 @@
1
- require 'puppet/ssl/openssl_loader'
2
- require 'puppet/ssl'
3
-
4
- # Perform peer certificate verification against the known CA.
5
- # If there is no CA information known, then no verification is performed
6
- #
7
- # @deprecated
8
- # @api private
9
- #
10
- class Puppet::SSL::Validator::DefaultValidator #< class Puppet::SSL::Validator
11
- attr_reader :peer_certs
12
- attr_reader :verify_errors
13
- attr_reader :last_error
14
-
15
- FIVE_MINUTES_AS_SECONDS = 5 * 60
16
-
17
- # Creates a new DefaultValidator, optionally with an SSL Configuration and SSL Host.
18
- #
19
- # @param ca_path [String] Filepath for the cacert
20
- #
21
- # @api private
22
- #
23
- def initialize(
24
- ca_path = Puppet[:ssl_client_ca_auth] || Puppet[:localcacert])
25
-
26
- reset!
27
- @ca_path = ca_path
28
- end
29
-
30
-
31
- # Resets this validator to its initial validation state. The ssl configuration is not changed.
32
- #
33
- # @api private
34
- #
35
- def reset!
36
- @peer_certs = []
37
- @verify_errors = []
38
- @hostname = nil
39
- @last_error = nil
40
- end
41
-
42
- # Performs verification of the SSL connection and collection of the
43
- # certificates for use in constructing the error message if the verification
44
- # failed. This callback will be executed once for each certificate in a
45
- # chain being verified.
46
- #
47
- # From the [OpenSSL
48
- # documentation](https://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html):
49
- # The `verify_callback` function is used to control the behaviour when the
50
- # SSL_VERIFY_PEER flag is set. It must be supplied by the application and
51
- # receives two arguments: preverify_ok indicates, whether the verification of
52
- # the certificate in question was passed (preverify_ok=1) or not
53
- # (preverify_ok=0). x509_store_ctx is a pointer to the complete context used for
54
- # the certificate chain verification.
55
- #
56
- # See {Puppet::Network::HTTP::Connection} for more information and where this
57
- # class is intended to be used.
58
- #
59
- # @param [Boolean] preverify_ok indicates whether the verification of the
60
- # certificate in question was passed (preverify_ok=true)
61
- # @param [OpenSSL::X509::StoreContext] store_context holds the X509 store context
62
- # for the chain being verified.
63
- #
64
- # @return [Boolean] false if the peer is invalid, true otherwise.
65
- #
66
- # @api private
67
- #
68
- def call(preverify_ok, store_context)
69
- current_cert = store_context.current_cert
70
- @peer_certs << current_cert
71
-
72
- # We must make a copy since the scope of the store_context will be lost
73
- # across invocations of this method.
74
- if preverify_ok
75
- # If we've copied all of the certs in the chain out of the SSL library
76
- if @peer_certs.length == store_context.chain.length
77
- # (#20027) The peer cert must be issued by a specific authority
78
- preverify_ok = valid_peer?
79
- end
80
- else
81
- error = store_context.error || 0
82
- error_string = store_context.error_string || "OpenSSL error #{error}"
83
-
84
- case error
85
- when OpenSSL::X509::V_OK
86
- if @hostname
87
- # chain is from leaf to root, opposite of the order that `call` is invoked
88
- chain_cert = store_context.chain.first
89
-
90
- # ruby 2.4 doesn't compare certs based on value, so force to DER byte array
91
- if current_cert && chain_cert && current_cert.to_der == chain_cert.to_der && !OpenSSL::SSL.verify_certificate_identity(current_cert, @hostname)
92
- @last_error = Puppet::SSL::CertMismatchError.new(current_cert, @hostname)
93
- return false
94
- else
95
- @verify_errors << "#{error_string} for #{current_cert.subject.to_utf8}"
96
- end
97
- else
98
- @verify_errors << "#{error_string} for #{current_cert.subject.to_utf8}"
99
- end
100
-
101
- when OpenSSL::X509::V_ERR_CRL_NOT_YET_VALID
102
- # current_crl can be nil
103
- # https://github.com/ruby/ruby/blob/ruby_1_9_3/ext/openssl/ossl_x509store.c#L501-L510
104
- crl = store_context.current_crl
105
- if crl
106
- if crl.last_update && crl.last_update < Time.now + FIVE_MINUTES_AS_SECONDS
107
- Puppet.debug { "Ignoring CRL not yet valid, current time #{Time.now.utc}, CRL last updated #{crl.last_update.utc}" }
108
- preverify_ok = true
109
- else
110
- @verify_errors << "#{error_string} for #{crl.issuer.to_utf8}"
111
- end
112
- else
113
- @verify_errors << error_string
114
- end
115
- else
116
- @verify_errors << "#{error_string} for #{current_cert.subject.to_utf8}"
117
- end
118
- end
119
- preverify_ok
120
- rescue => ex
121
- @verify_errors << ex.message
122
- false
123
- end
124
-
125
- # Registers the instance's call method with the connection.
126
- #
127
- # @param [Net::HTTP] connection The connection to validate
128
- #
129
- # @param [Puppet::SSL::Host] host The host object containing SSL data
130
- # @return [void]
131
- #
132
- # @api private
133
- #
134
- def setup_connection(connection, ssl_host = Puppet.lookup(:ssl_host))
135
- @hostname = connection.address
136
-
137
- if ssl_certificates_are_present?
138
- connection.cert_store = ssl_host.ssl_store
139
- connection.ca_file = @ca_path
140
- connection.cert = ssl_host.certificate.content
141
- connection.key = ssl_host.key.content
142
- connection.verify_mode = OpenSSL::SSL::VERIFY_PEER
143
- connection.verify_callback = self
144
- else
145
- connection.verify_mode = OpenSSL::SSL::VERIFY_NONE
146
- end
147
- end
148
-
149
- ##
150
- # Decode a string of concatenated certificates
151
- #
152
- # @return [Array<OpenSSL::X509::Certificate>]
153
- def decode_cert_bundle(bundle_str)
154
- re = /-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----/m
155
- pem_ary = bundle_str.scan(re)
156
- pem_ary.map do |pem_str|
157
- OpenSSL::X509::Certificate.new(pem_str)
158
- end
159
- end
160
-
161
- # read_file makes testing easier.
162
- def read_file(path)
163
- # https://www.ietf.org/rfc/rfc2459.txt defines the x509 V3 certificate format
164
- # CA bundles are concatenated X509 certificates, but may also include
165
- # comments, which could have UTF-8 characters
166
- Puppet::FileSystem.read(path, :encoding => Encoding::UTF_8)
167
- end
168
-
169
- # Validates the peer certificates against the authorized certificates.
170
- #
171
- # @api private
172
- #
173
- def valid_peer?
174
- descending_cert_chain = @peer_certs.reverse
175
- authz_ca_certs = decode_cert_bundle(read_file(@ca_path))
176
-
177
- if not has_authz_peer_cert(descending_cert_chain, authz_ca_certs)
178
- msg = "The server presented a SSL certificate chain which does not include a " <<
179
- "CA listed in the ssl_client_ca_auth file. "
180
- msg << "Authorized Issuers: #{authz_ca_certs.collect {|c| c.subject.to_utf8}.join(', ')} " <<
181
- "Peer Chain: #{descending_cert_chain.collect {|c| c.subject.to_utf8}.join(' => ')}"
182
- @verify_errors << msg
183
- false
184
- else
185
- true
186
- end
187
- end
188
-
189
- # Checks if the set of peer_certs contains at least one certificate issued
190
- # by a certificate listed in authz_certs
191
- #
192
- # @return [Boolean]
193
- #
194
- # @api private
195
- #
196
- def has_authz_peer_cert(peer_certs, authz_certs)
197
- peer_certs.any? do |peer_cert|
198
- authz_certs.any? do |authz_cert|
199
- peer_cert.verify(authz_cert.public_key)
200
- end
201
- end
202
- end
203
-
204
- # @api private
205
- #
206
- def ssl_certificates_are_present?
207
- Puppet::FileSystem.exist?(Puppet[:hostcert]) && Puppet::FileSystem.exist?(@ca_path)
208
- end
209
- end
@@ -1,22 +0,0 @@
1
- require 'puppet/ssl/openssl_loader'
2
- require 'puppet/ssl'
3
-
4
- # Performs no SSL verification
5
- #
6
- # @deprecated
7
- # @api private
8
- #
9
- class Puppet::SSL::Validator::NoValidator < Puppet::SSL::Validator
10
-
11
- def setup_connection(connection)
12
- connection.verify_mode = OpenSSL::SSL::VERIFY_NONE
13
- end
14
-
15
- def peer_certs
16
- []
17
- end
18
-
19
- def verify_errors
20
- []
21
- end
22
- end
@@ -1,58 +0,0 @@
1
- # Allows a `Puppet::SSL::Validator` to be used in situations where a
2
- # `Verifier` is required, while preserving the legacy validator behavior of:
3
- #
4
- # * Loading CA certs from `ssl_client_ca_auth` or `localcacert`
5
- # * Verifying each cert in the peer's chain is contained in the file
6
- # loaded above.
7
- #
8
- class Puppet::SSL::VerifierAdapter
9
- attr_reader :validator, :ssl_context
10
-
11
- def initialize(validator)
12
- @validator = validator
13
-
14
- if validator.is_a?(Puppet::SSL::Validator::NoValidator)
15
- ssl = Puppet::SSL::SSLProvider.new
16
- @ssl_context = ssl.create_insecure_context
17
- else
18
- # nil means use the default SSLContext
19
- @ssl_context = nil
20
- end
21
- end
22
-
23
- # Return true if `self` is reusable with `verifier` meaning they
24
- # are both using the same class of `Puppet::SSL::Validator`. In this
25
- # case we only care the Validator class is the same. We can't require
26
- # the same instances, because a new instance is created each time
27
- # HttpPool.http_instance is called.
28
- #
29
- # @param verifier [Puppet::SSL::Verifier] the verifier to compare against
30
- # @return [Boolean] return true if a cached connection can be used, false otherwise
31
- def reusable?(verifier)
32
- verifier.instance_of?(self.class) &&
33
- verifier.validator.instance_of?(@validator.class)
34
- end
35
-
36
- # Configure the `http` connection based on the current `ssl_context`.
37
- #
38
- # @param http [Net::HTTP] connection
39
- # @api private
40
- def setup_connection(http)
41
- @validator.setup_connection(http)
42
- end
43
-
44
- # Handle an SSL connection error.
45
- #
46
- # @param http [Net::HTTP] connection
47
- # @param error [OpenSSL::SSL::SSLError] connection error
48
- # @return (see Puppet::SSL::Verifier#handle_connection_error)
49
- # @raise [Puppet::SSL::CertVerifyError] SSL connection failed due to a
50
- # verification error with the server's certificate or chain
51
- # @raise [Puppet::Error] server hostname does not match certificate
52
- # @raise [OpenSSL::SSL::SSLError] low-level SSL connection failure
53
- def handle_connection_error(http, error)
54
- raise @validator.last_error if @validator.respond_to?(:last_error) && @validator.last_error
55
-
56
- Puppet::Util::SSL.handle_connection_error(error, @validator, http.address)
57
- end
58
- end
data/lib/puppet/status.rb DELETED
@@ -1,40 +0,0 @@
1
- require 'puppet/indirector'
2
-
3
- class Puppet::Status
4
- extend Puppet::Indirector
5
- indirects :status, :terminus_class => :local
6
-
7
- attr_accessor :status
8
-
9
- def initialize( status = nil )
10
- @status = status || {"is_alive" => true}
11
- end
12
-
13
- def to_data_hash
14
- @status
15
- end
16
-
17
- def self.from_data_hash(data)
18
- if data.include?('status')
19
- self.new(data['status'])
20
- else
21
- self.new(data)
22
- end
23
- end
24
-
25
- def name
26
- "status"
27
- end
28
-
29
- def name=(name)
30
- # NOOP
31
- end
32
-
33
- def version
34
- @status['version']
35
- end
36
-
37
- def version=(version)
38
- @status['version'] = version
39
- end
40
- end