puppet 6.21.1-universal-darwin → 6.22.1-universal-darwin
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Gemfile +1 -1
- data/Gemfile.lock +24 -18
- data/ext/project_data.yaml +2 -2
- data/lib/puppet/application/ssl.rb +11 -0
- data/lib/puppet/defaults.rb +22 -2
- data/lib/puppet/environments.rb +16 -1
- data/lib/puppet/face/facts.rb +128 -30
- data/lib/puppet/file_system/memory_file.rb +8 -1
- data/lib/puppet/file_system/windows.rb +2 -0
- data/lib/puppet/functions/partition.rb +8 -0
- data/lib/puppet/indirector/facts/facter.rb +24 -3
- data/lib/puppet/network/formats.rb +67 -0
- data/lib/puppet/network/http/factory.rb +4 -0
- data/lib/puppet/provider/package/dnfmodule.rb +1 -1
- data/lib/puppet/provider/service/systemd.rb +1 -1
- data/lib/puppet/provider/user/useradd.rb +1 -1
- data/lib/puppet/settings/environment_conf.rb +1 -0
- data/lib/puppet/util/fact_dif.rb +36 -17
- data/lib/puppet/util/monkey_patches.rb +7 -0
- data/lib/puppet/util/windows/adsi.rb +46 -0
- data/lib/puppet/util/windows/api_types.rb +1 -1
- data/lib/puppet/util/windows/principal.rb +9 -2
- data/lib/puppet/util/windows/sid.rb +4 -2
- data/lib/puppet/version.rb +1 -1
- data/locales/puppet.pot +139 -87
- data/man/man5/puppet.conf.5 +11 -3
- data/man/man8/puppet-agent.8 +1 -1
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +60 -2
- data/man/man8/puppet-filebucket.8 +1 -1
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-key.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-man.8 +1 -1
- data/man/man8/puppet-module.8 +1 -1
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +5 -1
- data/man/man8/puppet-status.8 +1 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services_vendor_preset +9 -0
- data/spec/integration/application/plugin_spec.rb +1 -1
- data/spec/integration/http/client_spec.rb +12 -0
- data/spec/integration/indirector/direct_file_server_spec.rb +1 -3
- data/spec/integration/util/windows/adsi_spec.rb +18 -0
- data/spec/integration/util/windows/principal_spec.rb +21 -0
- data/spec/integration/util/windows/registry_spec.rb +6 -0
- data/spec/spec_helper.rb +11 -1
- data/spec/unit/application/facts_spec.rb +482 -3
- data/spec/unit/application/ssl_spec.rb +23 -0
- data/spec/unit/defaults_spec.rb +16 -0
- data/spec/unit/environments_spec.rb +164 -88
- data/spec/unit/face/facts_spec.rb +4 -0
- data/spec/unit/file_system_spec.rb +9 -0
- data/spec/unit/indirector/facts/facter_spec.rb +95 -0
- data/spec/unit/network/formats_spec.rb +41 -0
- data/spec/unit/network/http/factory_spec.rb +19 -0
- data/spec/unit/provider/package/dnfmodule_spec.rb +10 -1
- data/spec/unit/provider/service/systemd_spec.rb +11 -0
- data/spec/unit/provider/user/useradd_spec.rb +18 -3
- data/spec/unit/resource/catalog_spec.rb +1 -1
- data/spec/unit/util/windows/sid_spec.rb +6 -0
- metadata +4 -6
- data/spec/lib/matchers/include.rb +0 -27
- data/spec/lib/matchers/include_spec.rb +0 -32
data/lib/puppet/util/fact_dif.rb
CHANGED
@@ -1,15 +1,24 @@
|
|
1
1
|
require 'json'
|
2
2
|
|
3
3
|
class FactDif
|
4
|
-
def initialize(old_output, new_output, exclude_list
|
5
|
-
@c_facter = JSON.parse(old_output)
|
6
|
-
@next_facter = JSON.parse(new_output)
|
4
|
+
def initialize(old_output, new_output, exclude_list, save_structured)
|
5
|
+
@c_facter = JSON.parse(old_output)
|
6
|
+
@next_facter = JSON.parse(new_output)
|
7
7
|
@exclude_list = exclude_list
|
8
|
+
@save_structured = save_structured
|
9
|
+
@flat_diff = []
|
8
10
|
@diff = {}
|
9
11
|
end
|
10
12
|
|
11
13
|
def difs
|
12
|
-
search_hash(@c_facter
|
14
|
+
search_hash(((@c_facter.to_a - @next_facter.to_a) | (@next_facter.to_a - @c_facter.to_a)).to_h)
|
15
|
+
|
16
|
+
@flat_diff.sort_by { |a| a[0] }.each do |pair|
|
17
|
+
fact_path = pair[0]
|
18
|
+
value = pair[1]
|
19
|
+
compare(fact_path, value, @c_facter)
|
20
|
+
compare(fact_path, value, @next_facter)
|
21
|
+
end
|
13
22
|
|
14
23
|
@diff
|
15
24
|
end
|
@@ -28,29 +37,39 @@ class FactDif
|
|
28
37
|
path.pop
|
29
38
|
end
|
30
39
|
else
|
31
|
-
|
40
|
+
@flat_diff.push([path.dup, sh])
|
32
41
|
end
|
33
42
|
end
|
34
43
|
|
35
|
-
def compare(fact_path,
|
36
|
-
|
37
|
-
if different?(
|
38
|
-
|
44
|
+
def compare(fact_path, given_value, compared_hash)
|
45
|
+
compared_value = compared_hash.dig(*fact_path)
|
46
|
+
if different?(compared_value, given_value) && !excluded?(fact_path.join('.'))
|
47
|
+
fact_path = fact_path.map{|f| f.to_s.include?('.') ? "\"#{f}\"" : f}.join('.') unless @save_structured
|
48
|
+
if compared_hash == @c_facter
|
49
|
+
bury(*fact_path, { :new_value => given_value, :old_value => compared_value }, @diff)
|
50
|
+
else
|
51
|
+
bury(*fact_path, { :new_value => compared_value, :old_value => given_value }, @diff)
|
52
|
+
end
|
53
|
+
end
|
54
|
+
end
|
55
|
+
|
56
|
+
def bury(*paths, value, hash)
|
57
|
+
if paths.count > 1
|
58
|
+
path = paths.shift
|
59
|
+
hash[path] = Hash.new unless hash.key?(path)
|
60
|
+
bury(*paths, value, hash[path])
|
61
|
+
else
|
62
|
+
hash[*paths] = value
|
39
63
|
end
|
40
64
|
end
|
41
65
|
|
42
66
|
def different?(new, old)
|
43
|
-
if old.is_a?(String) && new.is_a?(String)
|
67
|
+
if old.is_a?(String) && new.is_a?(String) && (old.include?(',') || new.include?(','))
|
44
68
|
old_values = old.split(',')
|
45
69
|
new_values = new.split(',')
|
46
70
|
|
47
|
-
diff = old_values - new_values
|
48
|
-
|
49
|
-
diff.concat(new_values - old_values)
|
50
|
-
|
51
|
-
return true if diff.any?
|
52
|
-
|
53
|
-
return false
|
71
|
+
diff = (old_values - new_values) | (new_values - old_values)
|
72
|
+
return diff.size.positive?
|
54
73
|
end
|
55
74
|
|
56
75
|
old != new
|
@@ -32,6 +32,13 @@ end
|
|
32
32
|
# (#19151) Reject all SSLv2 ciphers and handshakes
|
33
33
|
require 'puppet/ssl/openssl_loader'
|
34
34
|
unless Puppet::Util::Platform.jruby_fips?
|
35
|
+
unless defined?(OpenSSL::SSL::TLS1_VERSION)
|
36
|
+
module OpenSSL::SSL
|
37
|
+
# see https://github.com/ruby/ruby/commit/609103dbb5fb182eec12f052226c43e39b907682#diff-09f822c26289f5347111795ca22ed7ed1cfadd6ebd28f987991d1d414eef565aR2755-R2759
|
38
|
+
OpenSSL::SSL::TLS1_VERSION = 0x301
|
39
|
+
end
|
40
|
+
end
|
41
|
+
|
35
42
|
class OpenSSL::SSL::SSLContext
|
36
43
|
if DEFAULT_PARAMS[:options]
|
37
44
|
DEFAULT_PARAMS[:options] |= OpenSSL::SSL::OP_NO_SSLv2 | OpenSSL::SSL::OP_NO_SSLv3
|
@@ -504,6 +504,43 @@ module Puppet::Util::Windows::ADSI
|
|
504
504
|
user_name
|
505
505
|
end
|
506
506
|
|
507
|
+
# https://docs.microsoft.com/en-us/windows/win32/api/secext/ne-secext-extended_name_format
|
508
|
+
NameUnknown = 0
|
509
|
+
NameFullyQualifiedDN = 1
|
510
|
+
NameSamCompatible = 2
|
511
|
+
NameDisplay = 3
|
512
|
+
NameUniqueId = 6
|
513
|
+
NameCanonical = 7
|
514
|
+
NameUserPrincipal = 8
|
515
|
+
NameCanonicalEx = 9
|
516
|
+
NameServicePrincipal = 10
|
517
|
+
NameDnsDomain = 12
|
518
|
+
NameGivenName = 13
|
519
|
+
NameSurname = 14
|
520
|
+
|
521
|
+
def self.current_user_name_with_format(format)
|
522
|
+
user_name = ''
|
523
|
+
max_length = 1024
|
524
|
+
|
525
|
+
FFI::MemoryPointer.new(:lpwstr, max_length * 2 + 1) do |buffer|
|
526
|
+
FFI::MemoryPointer.new(:dword, 1) do |buffer_size|
|
527
|
+
buffer_size.write_dword(max_length + 1)
|
528
|
+
|
529
|
+
if GetUserNameExW(format.to_i, buffer, buffer_size) == FFI::WIN32_FALSE
|
530
|
+
raise Puppet::Util::Windows::Error.new(_("Failed to get user name"), FFI.errno)
|
531
|
+
end
|
532
|
+
|
533
|
+
user_name = buffer.read_wide_string(buffer_size.read_dword).chomp
|
534
|
+
end
|
535
|
+
end
|
536
|
+
|
537
|
+
user_name
|
538
|
+
end
|
539
|
+
|
540
|
+
def self.current_sam_compatible_user_name
|
541
|
+
current_user_name_with_format(NameSamCompatible)
|
542
|
+
end
|
543
|
+
|
507
544
|
def self.current_user_sid
|
508
545
|
Puppet::Util::Windows::SID.name_to_principal(current_user_name)
|
509
546
|
end
|
@@ -518,6 +555,15 @@ module Puppet::Util::Windows::ADSI
|
|
518
555
|
ffi_lib :advapi32
|
519
556
|
attach_function_private :GetUserNameW,
|
520
557
|
[:lpwstr, :lpdword], :win32_bool
|
558
|
+
|
559
|
+
# https://docs.microsoft.com/en-us/windows/win32/api/secext/nf-secext-getusernameexa
|
560
|
+
# BOOLEAN SEC_ENTRY GetUserNameExA(
|
561
|
+
# EXTENDED_NAME_FORMAT NameFormat,
|
562
|
+
# LPSTR lpNameBuffer,
|
563
|
+
# PULONG nSize
|
564
|
+
# );type
|
565
|
+
ffi_lib :secur32
|
566
|
+
attach_function_private :GetUserNameExW, [:uint16, :lpwstr, :pointer], :win32_bool
|
521
567
|
end
|
522
568
|
|
523
569
|
class UserProfile
|
@@ -19,7 +19,7 @@ module Puppet::Util::Windows::APITypes
|
|
19
19
|
|
20
20
|
class ::FFI::Pointer
|
21
21
|
NULL_HANDLE = 0
|
22
|
-
WCHAR_NULL = "\0\0".
|
22
|
+
WCHAR_NULL = "\0\0".force_encoding('UTF-16LE').freeze
|
23
23
|
|
24
24
|
def self.from_string_to_wide_string(str, &block)
|
25
25
|
str = Puppet::Util::Windows::String.wide_string(str)
|
@@ -44,7 +44,8 @@ module Puppet::Util::Windows::SID
|
|
44
44
|
ERROR_INVALID_PARAMETER = 87
|
45
45
|
ERROR_INSUFFICIENT_BUFFER = 122
|
46
46
|
|
47
|
-
def self.lookup_account_name(system_name = nil, account_name)
|
47
|
+
def self.lookup_account_name(system_name = nil, sanitize = true, account_name)
|
48
|
+
account_name = sanitize_account_name(account_name) if sanitize
|
48
49
|
system_name_ptr = FFI::Pointer::NULL
|
49
50
|
begin
|
50
51
|
if system_name
|
@@ -146,6 +147,13 @@ module Puppet::Util::Windows::SID
|
|
146
147
|
end
|
147
148
|
end
|
148
149
|
|
150
|
+
# Sanitize the given account name for lookup to avoid known issues
|
151
|
+
def self.sanitize_account_name(account_name)
|
152
|
+
return account_name unless account_name.start_with?('APPLICATION PACKAGE AUTHORITY\\')
|
153
|
+
account_name.split('\\').last
|
154
|
+
end
|
155
|
+
private_class_method :sanitize_account_name
|
156
|
+
|
149
157
|
ffi_convention :stdcall
|
150
158
|
|
151
159
|
# https://msdn.microsoft.com/en-us/library/windows/desktop/aa379601(v=vs.85).aspx
|
@@ -191,4 +199,3 @@ module Puppet::Util::Windows::SID
|
|
191
199
|
[:lpcwstr, :pointer, :lpwstr, :lpdword, :lpwstr, :lpdword, :pointer], :win32_bool
|
192
200
|
end
|
193
201
|
end
|
194
|
-
|
@@ -74,11 +74,13 @@ module Puppet::Util::Windows
|
|
74
74
|
string_to_sid_ptr(name) do |sid_ptr|
|
75
75
|
raw_sid_bytes = sid_ptr.read_array_of_uchar(get_length_sid(sid_ptr))
|
76
76
|
end
|
77
|
-
rescue
|
77
|
+
rescue => e
|
78
|
+
Puppet.debug("Could not retrieve raw SID bytes from '#{name}': #{e.message}")
|
78
79
|
end
|
79
80
|
|
80
81
|
raw_sid_bytes ? Principal.lookup_account_sid(raw_sid_bytes) : Principal.lookup_account_name(name)
|
81
|
-
rescue
|
82
|
+
rescue => e
|
83
|
+
Puppet.debug("#{e.message}")
|
82
84
|
(allow_unresolved && raw_sid_bytes) ? unresolved_principal(name, raw_sid_bytes) : nil
|
83
85
|
end
|
84
86
|
module_function :name_to_principal
|
data/lib/puppet/version.rb
CHANGED