puppet 6.21.1-x64-mingw32 → 7.4.1-x64-mingw32
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Gemfile +1 -4
- data/Gemfile.lock +5 -5
- data/README.md +1 -1
- data/conf/fileserver.conf +5 -10
- data/ext/build_defaults.yaml +1 -2
- data/ext/osx/file_mapping.yaml +0 -5
- data/ext/project_data.yaml +2 -14
- data/ext/redhat/puppet.spec.erb +0 -1
- data/ext/windows/service/daemon.rb +6 -5
- data/install.rb +21 -17
- data/lib/puppet.rb +11 -20
- data/lib/puppet/application.rb +172 -98
- data/lib/puppet/application/device.rb +100 -104
- data/lib/puppet/application/filebucket.rb +13 -9
- data/lib/puppet/application/ssl.rb +1 -1
- data/lib/puppet/configurer.rb +27 -29
- data/lib/puppet/configurer/plugin_handler.rb +21 -19
- data/lib/puppet/defaults.rb +57 -162
- data/lib/puppet/environments.rb +8 -23
- data/lib/puppet/face/facts.rb +73 -49
- data/lib/puppet/face/help.rb +1 -1
- data/lib/puppet/face/node/clean.rb +8 -0
- data/lib/puppet/face/plugin.rb +5 -8
- data/lib/puppet/ffi/windows.rb +12 -0
- data/lib/puppet/ffi/windows/api_types.rb +311 -0
- data/lib/puppet/ffi/windows/constants.rb +404 -0
- data/lib/puppet/ffi/windows/functions.rb +628 -0
- data/lib/puppet/ffi/windows/structs.rb +338 -0
- data/lib/puppet/file_serving/configuration.rb +0 -5
- data/lib/puppet/file_serving/configuration/parser.rb +6 -32
- data/lib/puppet/file_serving/http_metadata.rb +1 -1
- data/lib/puppet/file_serving/mount.rb +1 -2
- data/lib/puppet/forge/repository.rb +0 -1
- data/lib/puppet/generate/models/type/type.rb +4 -1
- data/lib/puppet/http.rb +22 -13
- data/lib/puppet/http/client.rb +164 -114
- data/lib/puppet/{network/resolver.rb → http/dns.rb} +2 -2
- data/lib/puppet/http/errors.rb +16 -0
- data/lib/puppet/http/external_client.rb +5 -7
- data/lib/puppet/{network/http → http}/factory.rb +8 -11
- data/lib/puppet/{network/http → http}/pool.rb +61 -26
- data/lib/puppet/{network/http/session.rb → http/pool_entry.rb} +2 -3
- data/lib/puppet/http/proxy.rb +137 -0
- data/lib/puppet/http/redirector.rb +4 -12
- data/lib/puppet/http/resolver.rb +5 -15
- data/lib/puppet/http/resolver/server_list.rb +6 -10
- data/lib/puppet/http/resolver/settings.rb +4 -7
- data/lib/puppet/http/resolver/srv.rb +7 -11
- data/lib/puppet/http/response.rb +36 -54
- data/lib/puppet/http/response_converter.rb +24 -0
- data/lib/puppet/http/response_net_http.rb +42 -0
- data/lib/puppet/http/retry_after_handler.rb +4 -13
- data/lib/puppet/http/service.rb +12 -26
- data/lib/puppet/http/service/ca.rb +11 -22
- data/lib/puppet/http/service/compiler.rb +22 -69
- data/lib/puppet/http/service/file_server.rb +18 -27
- data/lib/puppet/http/service/puppetserver.rb +26 -12
- data/lib/puppet/http/service/report.rb +8 -10
- data/lib/puppet/http/session.rb +11 -20
- data/lib/puppet/{network/http → http}/site.rb +1 -2
- data/lib/puppet/indirector/catalog/rest.rb +2 -4
- data/lib/puppet/indirector/facts/facter.rb +25 -3
- data/lib/puppet/indirector/facts/rest.rb +3 -22
- data/lib/puppet/indirector/file_bucket_file/rest.rb +3 -9
- data/lib/puppet/indirector/file_content/rest.rb +2 -6
- data/lib/puppet/indirector/file_metadata/rest.rb +3 -9
- data/lib/puppet/indirector/file_server.rb +1 -8
- data/lib/puppet/indirector/generic_http.rb +0 -11
- data/lib/puppet/indirector/node/rest.rb +2 -4
- data/lib/puppet/indirector/report/rest.rb +3 -8
- data/lib/puppet/indirector/request.rb +0 -101
- data/lib/puppet/indirector/rest.rb +12 -263
- data/lib/puppet/module_tool/applications.rb +0 -1
- data/lib/puppet/network/authconfig.rb +2 -96
- data/lib/puppet/network/authorization.rb +13 -35
- data/lib/puppet/network/formats.rb +67 -0
- data/lib/puppet/network/http.rb +3 -3
- data/lib/puppet/network/http/api/indirected_routes.rb +2 -20
- data/lib/puppet/network/http/api/master/v3.rb +11 -13
- data/lib/puppet/network/http/connection.rb +247 -316
- data/lib/puppet/network/http/handler.rb +0 -1
- data/lib/puppet/network/http_pool.rb +16 -34
- data/lib/puppet/node.rb +1 -30
- data/lib/puppet/pal/json_catalog_encoder.rb +4 -0
- data/lib/puppet/pal/pal_impl.rb +3 -1
- data/lib/puppet/parser/ast/pops_bridge.rb +0 -38
- data/lib/puppet/parser/compiler.rb +0 -198
- data/lib/puppet/parser/compiler/catalog_validator/relationship_validator.rb +14 -39
- data/lib/puppet/parser/resource.rb +0 -69
- data/lib/puppet/pops/evaluator/evaluator_impl.rb +0 -5
- data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +3 -3
- data/lib/puppet/pops/evaluator/runtime3_support.rb +1 -1
- data/lib/puppet/pops/issues.rb +0 -5
- data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +6 -8
- data/lib/puppet/pops/model/ast.pp +0 -42
- data/lib/puppet/pops/model/ast.rb +0 -290
- data/lib/puppet/pops/model/factory.rb +0 -45
- data/lib/puppet/pops/model/model_label_provider.rb +0 -5
- data/lib/puppet/pops/model/model_tree_dumper.rb +0 -22
- data/lib/puppet/pops/model/pn_transformer.rb +0 -16
- data/lib/puppet/pops/parser/egrammar.ra +0 -56
- data/lib/puppet/pops/parser/eparser.rb +1520 -1712
- data/lib/puppet/pops/parser/lexer2.rb +4 -4
- data/lib/puppet/pops/parser/parser_support.rb +0 -5
- data/lib/puppet/pops/resource/resource_type_impl.rb +2 -24
- data/lib/puppet/pops/types/type_calculator.rb +0 -7
- data/lib/puppet/pops/types/type_parser.rb +0 -4
- data/lib/puppet/pops/types/types.rb +0 -1
- data/lib/puppet/pops/validation/checker4_0.rb +9 -37
- data/lib/puppet/pops/validation/tasks_checker.rb +0 -12
- data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -2
- data/lib/puppet/provider.rb +0 -13
- data/lib/puppet/provider/nameservice.rb +0 -18
- data/lib/puppet/provider/package/dpkg.rb +0 -10
- data/lib/puppet/provider/package/gem.rb +23 -3
- data/lib/puppet/provider/package/pip.rb +0 -1
- data/lib/puppet/provider/package/pkg.rb +0 -4
- data/lib/puppet/provider/package/portage.rb +1 -1
- data/lib/puppet/provider/package/puppet_gem.rb +1 -4
- data/lib/puppet/provider/service/smf.rb +191 -73
- data/lib/puppet/provider/user/directoryservice.rb +0 -10
- data/lib/puppet/reference/configuration.rb +7 -5
- data/lib/puppet/reference/indirection.rb +1 -1
- data/lib/puppet/resource.rb +1 -89
- data/lib/puppet/resource/catalog.rb +1 -14
- data/lib/puppet/resource/type.rb +3 -119
- data/lib/puppet/resource/type_collection.rb +3 -48
- data/lib/puppet/runtime.rb +1 -2
- data/lib/puppet/settings.rb +45 -33
- data/lib/puppet/settings/integer_setting.rb +17 -0
- data/lib/puppet/settings/port_setting.rb +15 -0
- data/lib/puppet/settings/priority_setting.rb +5 -4
- data/lib/puppet/ssl.rb +10 -6
- data/lib/puppet/ssl/base.rb +3 -5
- data/lib/puppet/ssl/certificate.rb +0 -6
- data/lib/puppet/ssl/certificate_request.rb +1 -12
- data/lib/puppet/ssl/certificate_signer.rb +6 -0
- data/lib/puppet/ssl/oids.rb +3 -1
- data/lib/puppet/ssl/ssl_provider.rb +17 -0
- data/lib/puppet/ssl/state_machine.rb +3 -1
- data/lib/puppet/ssl/verifier.rb +2 -0
- data/lib/puppet/test/test_helper.rb +1 -3
- data/lib/puppet/transaction.rb +1 -7
- data/lib/puppet/transaction/report.rb +2 -4
- data/lib/puppet/type.rb +0 -76
- data/lib/puppet/type/file.rb +5 -7
- data/lib/puppet/type/file/checksum.rb +1 -1
- data/lib/puppet/type/file/source.rb +1 -1
- data/lib/puppet/type/filebucket.rb +3 -3
- data/lib/puppet/type/package.rb +5 -13
- data/lib/puppet/type/user.rb +1 -1
- data/lib/puppet/util/execution.rb +0 -11
- data/lib/puppet/util/http_proxy.rb +2 -215
- data/lib/puppet/util/monkey_patches.rb +0 -46
- data/lib/puppet/util/rdoc.rb +0 -7
- data/lib/puppet/util/retry_action.rb +1 -1
- data/lib/puppet/util/run_mode.rb +9 -1
- data/lib/puppet/util/windows.rb +3 -8
- data/lib/puppet/util/windows/daemon.rb +360 -0
- data/lib/puppet/util/windows/error.rb +1 -0
- data/lib/puppet/util/windows/eventlog.rb +4 -9
- data/lib/puppet/util/windows/file.rb +8 -242
- data/lib/puppet/util/windows/monkey_patches/process.rb +414 -0
- data/lib/puppet/util/windows/process.rb +4 -226
- data/lib/puppet/util/windows/service.rb +9 -460
- data/lib/puppet/util/windows/string.rb +12 -13
- data/lib/puppet/util/yaml.rb +0 -22
- data/lib/puppet/vendor/require_vendored.rb +0 -1
- data/lib/puppet/version.rb +1 -1
- data/lib/puppet/x509.rb +5 -1
- data/lib/puppet/x509/cert_provider.rb +29 -1
- data/locales/puppet.pot +521 -1226
- data/man/man5/puppet.conf.5 +34 -94
- data/man/man8/puppet-facts.8 +56 -35
- data/man/man8/puppet-filebucket.8 +3 -3
- data/man/man8/puppet-module.8 +0 -57
- data/man/man8/puppet.8 +1 -1
- data/spec/fixtures/unit/provider/service/smf/{svcs.out → svcs_instances.out} +0 -0
- data/spec/integration/application/agent_spec.rb +24 -11
- data/spec/integration/application/apply_spec.rb +1 -1
- data/spec/integration/application/filebucket_spec.rb +16 -16
- data/spec/integration/application/help_spec.rb +2 -0
- data/spec/integration/application/plugin_spec.rb +23 -1
- data/spec/integration/defaults_spec.rb +7 -3
- data/spec/integration/indirector/file_content/file_server_spec.rb +0 -2
- data/spec/integration/indirector/file_metadata/file_server_spec.rb +0 -2
- data/spec/integration/network/http_pool_spec.rb +3 -21
- data/spec/integration/parser/catalog_spec.rb +0 -38
- data/spec/integration/parser/node_spec.rb +0 -9
- data/spec/integration/parser/pcore_resource_spec.rb +0 -37
- data/spec/integration/type/file_spec.rb +5 -4
- data/spec/integration/util/windows/monkey_patches/process_spec.rb +231 -0
- data/spec/integration/util/windows/security_spec.rb +1 -1
- data/spec/lib/puppet_spec/puppetserver.rb +1 -1
- data/spec/lib/puppet_spec/settings.rb +1 -0
- data/spec/spec_helper.rb +2 -0
- data/spec/unit/agent_spec.rb +0 -2
- data/spec/unit/application/facts_spec.rb +86 -0
- data/spec/unit/application/filebucket_spec.rb +41 -39
- data/spec/unit/application/ssl_spec.rb +2 -2
- data/spec/unit/certificate_factory_spec.rb +1 -1
- data/spec/unit/configurer/downloader_spec.rb +6 -2
- data/spec/unit/configurer/plugin_handler_spec.rb +56 -18
- data/spec/unit/configurer_spec.rb +12 -9
- data/spec/unit/context/trusted_information_spec.rb +2 -6
- data/spec/unit/defaults_spec.rb +22 -47
- data/spec/unit/environments_spec.rb +0 -3
- data/spec/unit/face/facts_spec.rb +4 -0
- data/spec/unit/face/node_spec.rb +14 -2
- data/spec/unit/face/plugin_spec.rb +73 -33
- data/spec/unit/file_bucket/file_spec.rb +1 -1
- data/spec/unit/file_serving/configuration/parser_spec.rb +22 -18
- data/spec/unit/file_serving/configuration_spec.rb +6 -12
- data/spec/unit/functions/camelcase_spec.rb +1 -1
- data/spec/unit/functions/capitalize_spec.rb +1 -1
- data/spec/unit/functions/downcase_spec.rb +1 -1
- data/spec/unit/functions/upcase_spec.rb +1 -1
- data/spec/unit/http/client_spec.rb +7 -8
- data/spec/unit/{network/resolver_spec.rb → http/dns_spec.rb} +3 -3
- data/spec/unit/http/external_client_spec.rb +4 -4
- data/spec/unit/{network/http → http}/factory_spec.rb +5 -11
- data/spec/unit/{network/http/session_spec.rb → http/pool_entry_spec.rb} +3 -3
- data/spec/unit/{network/http → http}/pool_spec.rb +12 -17
- data/spec/unit/{util/http_proxy_spec.rb → http/proxy_spec.rb} +2 -69
- data/spec/unit/http/resolver_spec.rb +13 -13
- data/spec/unit/http/service/compiler_spec.rb +0 -62
- data/spec/unit/http/service/file_server_spec.rb +3 -3
- data/spec/unit/http/service/puppetserver_spec.rb +34 -4
- data/spec/unit/http/service_spec.rb +0 -1
- data/spec/unit/http/session_spec.rb +16 -14
- data/spec/unit/{network/http → http}/site_spec.rb +3 -3
- data/spec/unit/indirector/facts/facter_spec.rb +113 -0
- data/spec/unit/indirector/file_bucket_file/file_spec.rb +5 -3
- data/spec/unit/indirector/file_content/rest_spec.rb +0 -4
- data/spec/unit/indirector/file_metadata/rest_spec.rb +0 -4
- data/spec/unit/indirector/file_server_spec.rb +1 -15
- data/spec/unit/indirector/report/rest_spec.rb +2 -17
- data/spec/unit/indirector/request_spec.rb +0 -264
- data/spec/unit/indirector/rest_spec.rb +98 -752
- data/spec/unit/network/authconfig_spec.rb +2 -129
- data/spec/unit/network/authorization_spec.rb +2 -55
- data/spec/unit/network/formats_spec.rb +45 -4
- data/spec/unit/network/http/api/indirected_routes_spec.rb +1 -92
- data/spec/unit/network/http/api/master/v3_spec.rb +28 -7
- data/spec/unit/network/http/api_spec.rb +10 -0
- data/spec/unit/network/http/connection_spec.rb +19 -41
- data/spec/unit/network/http/handler_spec.rb +0 -1
- data/spec/unit/network/http_pool_spec.rb +0 -4
- data/spec/unit/node/environment_spec.rb +33 -21
- data/spec/unit/node_spec.rb +2 -54
- data/spec/unit/parser/functions/create_resources_spec.rb +2 -20
- data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +4 -7
- data/spec/unit/pops/loaders/loaders_spec.rb +6 -21
- data/spec/unit/pops/parser/parse_application_spec.rb +4 -22
- data/spec/unit/pops/parser/parse_basic_expressions_spec.rb +0 -1
- data/spec/unit/pops/parser/parse_capabilities_spec.rb +8 -21
- data/spec/unit/pops/parser/parse_site_spec.rb +20 -24
- data/spec/unit/pops/resource/resource_type_impl_spec.rb +0 -71
- data/spec/unit/pops/serialization/to_from_hr_spec.rb +1 -1
- data/spec/unit/pops/types/type_calculator_spec.rb +6 -6
- data/spec/unit/pops/types/type_factory_spec.rb +1 -1
- data/spec/unit/pops/validator/validator_spec.rb +61 -46
- data/spec/unit/pops/visitor_spec.rb +1 -1
- data/spec/unit/provider/nameservice_spec.rb +0 -57
- data/spec/unit/provider/package/dpkg_spec.rb +0 -48
- data/spec/unit/provider/package/gem_spec.rb +32 -0
- data/spec/unit/provider/package/puppet_gem_spec.rb +3 -2
- data/spec/unit/provider/service/smf_spec.rb +401 -165
- data/spec/unit/provider/service/windows_spec.rb +0 -1
- data/spec/unit/provider_spec.rb +0 -12
- data/spec/unit/resource/type_collection_spec.rb +2 -22
- data/spec/unit/resource_spec.rb +0 -56
- data/spec/unit/settings/http_extra_headers_spec.rb +2 -4
- data/spec/unit/settings/integer_setting_spec.rb +42 -0
- data/spec/unit/settings/port_setting_spec.rb +31 -0
- data/spec/unit/settings/priority_setting_spec.rb +4 -4
- data/spec/unit/settings_spec.rb +17 -0
- data/spec/unit/ssl/base_spec.rb +36 -3
- data/spec/unit/ssl/certificate_request_spec.rb +19 -55
- data/spec/unit/ssl/certificate_spec.rb +2 -11
- data/spec/unit/ssl/state_machine_spec.rb +0 -1
- data/spec/unit/ssl/verifier_spec.rb +0 -21
- data/spec/unit/transaction/report_spec.rb +0 -2
- data/spec/unit/transaction/resource_harness_spec.rb +2 -2
- data/spec/unit/transaction_spec.rb +45 -79
- data/spec/unit/type/file/checksum_spec.rb +6 -6
- data/spec/unit/type/file/content_spec.rb +1 -1
- data/spec/unit/type/file/ensure_spec.rb +1 -1
- data/spec/unit/type/file/mode_spec.rb +1 -1
- data/spec/unit/type/file/source_spec.rb +0 -1
- data/spec/unit/type/file_spec.rb +12 -6
- data/spec/unit/type/package_spec.rb +1 -1
- data/spec/unit/type_spec.rb +20 -0
- data/spec/unit/util/backups_spec.rb +0 -2
- data/spec/unit/util/execution_spec.rb +0 -29
- data/spec/unit/util/monkey_patches_spec.rb +0 -6
- data/spec/unit/util/run_mode_spec.rb +21 -121
- data/spec/unit/util/windows/string_spec.rb +1 -3
- data/spec/unit/util/yaml_spec.rb +0 -54
- data/spec/unit/util_spec.rb +0 -18
- metadata +47 -218
- data/conf/auth.conf +0 -150
- data/lib/puppet/application/cert.rb +0 -76
- data/lib/puppet/application/key.rb +0 -4
- data/lib/puppet/application/man.rb +0 -4
- data/lib/puppet/application/status.rb +0 -4
- data/lib/puppet/face/key.rb +0 -16
- data/lib/puppet/face/man.rb +0 -145
- data/lib/puppet/face/module/build.rb +0 -14
- data/lib/puppet/face/module/generate.rb +0 -14
- data/lib/puppet/face/module/search.rb +0 -103
- data/lib/puppet/face/status.rb +0 -51
- data/lib/puppet/indirector/certificate/file.rb +0 -9
- data/lib/puppet/indirector/certificate/rest.rb +0 -18
- data/lib/puppet/indirector/certificate_request/file.rb +0 -9
- data/lib/puppet/indirector/certificate_request/memory.rb +0 -7
- data/lib/puppet/indirector/certificate_request/rest.rb +0 -11
- data/lib/puppet/indirector/file_content/http.rb +0 -22
- data/lib/puppet/indirector/key/file.rb +0 -46
- data/lib/puppet/indirector/key/memory.rb +0 -7
- data/lib/puppet/indirector/ssl_file.rb +0 -162
- data/lib/puppet/indirector/status.rb +0 -3
- data/lib/puppet/indirector/status/local.rb +0 -12
- data/lib/puppet/indirector/status/rest.rb +0 -27
- data/lib/puppet/module_tool/applications/searcher.rb +0 -29
- data/lib/puppet/network/auth_config_parser.rb +0 -90
- data/lib/puppet/network/authstore.rb +0 -283
- data/lib/puppet/network/http/api/master/v3/authorization.rb +0 -18
- data/lib/puppet/network/http/api/master/v3/environment.rb +0 -88
- data/lib/puppet/network/http/base_pool.rb +0 -36
- data/lib/puppet/network/http/compression.rb +0 -127
- data/lib/puppet/network/http/connection_adapter.rb +0 -184
- data/lib/puppet/network/http/nocache_pool.rb +0 -28
- data/lib/puppet/network/rest_controller.rb +0 -2
- data/lib/puppet/network/rights.rb +0 -210
- data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +0 -66
- data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +0 -22
- data/lib/puppet/parser/environment_compiler.rb +0 -202
- data/lib/puppet/pops/types/enumeration.rb +0 -16
- data/lib/puppet/resource/capability_finder.rb +0 -154
- data/lib/puppet/rest/errors.rb +0 -15
- data/lib/puppet/rest/response.rb +0 -35
- data/lib/puppet/rest/route.rb +0 -85
- data/lib/puppet/rest/routes.rb +0 -135
- data/lib/puppet/ssl/host.rb +0 -505
- data/lib/puppet/ssl/key.rb +0 -61
- data/lib/puppet/ssl/validator.rb +0 -61
- data/lib/puppet/ssl/validator/default_validator.rb +0 -209
- data/lib/puppet/ssl/validator/no_validator.rb +0 -22
- data/lib/puppet/ssl/verifier_adapter.rb +0 -58
- data/lib/puppet/status.rb +0 -40
- data/lib/puppet/util/connection.rb +0 -88
- data/lib/puppet/util/fact_dif.rb +0 -62
- data/lib/puppet/util/ssl.rb +0 -83
- data/lib/puppet/util/windows/api_types.rb +0 -309
- data/lib/puppet/util/windows/monkey_patches/dir.rb +0 -40
- data/lib/puppet/vendor/load_pathspec.rb +0 -1
- data/lib/puppet/vendor/pathspec/CHANGELOG.md +0 -2
- data/lib/puppet/vendor/pathspec/LICENSE +0 -201
- data/lib/puppet/vendor/pathspec/PUPPET_README.md +0 -6
- data/lib/puppet/vendor/pathspec/README.md +0 -53
- data/lib/puppet/vendor/pathspec/lib/pathspec.rb +0 -122
- data/lib/puppet/vendor/pathspec/lib/pathspec/gitignorespec.rb +0 -275
- data/lib/puppet/vendor/pathspec/lib/pathspec/regexspec.rb +0 -17
- data/lib/puppet/vendor/pathspec/lib/pathspec/spec.rb +0 -14
- data/man/man8/puppet-key.8 +0 -126
- data/man/man8/puppet-man.8 +0 -76
- data/man/man8/puppet-status.8 +0 -108
- data/spec/integration/network/authconfig_spec.rb +0 -256
- data/spec/integration/util/windows/monkey_patches/dir_spec.rb +0 -11
- data/spec/unit/application/man_spec.rb +0 -52
- data/spec/unit/capability_spec.rb +0 -414
- data/spec/unit/face/key_spec.rb +0 -9
- data/spec/unit/face/module/search_spec.rb +0 -231
- data/spec/unit/face/status_spec.rb +0 -9
- data/spec/unit/indirector/certificate/file_spec.rb +0 -14
- data/spec/unit/indirector/certificate/rest_spec.rb +0 -61
- data/spec/unit/indirector/certificate_request/file_spec.rb +0 -14
- data/spec/unit/indirector/certificate_request/rest_spec.rb +0 -25
- data/spec/unit/indirector/key/file_spec.rb +0 -78
- data/spec/unit/indirector/ssl_file_spec.rb +0 -305
- data/spec/unit/indirector/status/local_spec.rb +0 -10
- data/spec/unit/indirector/status/rest_spec.rb +0 -50
- data/spec/unit/module_tool/applications/searcher_spec.rb +0 -38
- data/spec/unit/network/auth_config_parser_spec.rb +0 -115
- data/spec/unit/network/authstore_spec.rb +0 -422
- data/spec/unit/network/http/api/master/v3/authorization_spec.rb +0 -57
- data/spec/unit/network/http/api/master/v3/environment_spec.rb +0 -185
- data/spec/unit/network/http/compression_spec.rb +0 -240
- data/spec/unit/network/http/nocache_pool_spec.rb +0 -64
- data/spec/unit/network/http_spec.rb +0 -9
- data/spec/unit/network/rights_spec.rb +0 -439
- data/spec/unit/parser/environment_compiler_spec.rb +0 -730
- data/spec/unit/pops/types/enumeration_spec.rb +0 -51
- data/spec/unit/resource/capability_finder_spec.rb +0 -148
- data/spec/unit/rest/route_spec.rb +0 -132
- data/spec/unit/ssl/host_spec.rb +0 -645
- data/spec/unit/ssl/key_spec.rb +0 -173
- data/spec/unit/ssl/validator_spec.rb +0 -278
- data/spec/unit/status_spec.rb +0 -45
- data/spec/unit/util/ssl_spec.rb +0 -91
data/man/man8/puppet-key.8
DELETED
@@ -1,126 +0,0 @@
|
|
1
|
-
.\" generated with Ronn/v0.7.3
|
2
|
-
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
3
|
-
.
|
4
|
-
.TH "PUPPET\-KEY" "8" "February 2021" "Puppet, Inc." "Puppet manual"
|
5
|
-
.
|
6
|
-
.SH "NAME"
|
7
|
-
\fBpuppet\-key\fR \- Create, save, and remove certificate keys\.
|
8
|
-
.
|
9
|
-
.SH "SYNOPSIS"
|
10
|
-
puppet key \fIaction\fR [\-\-terminus _TERMINUS] [\-\-extra HASH]
|
11
|
-
.
|
12
|
-
.SH "DESCRIPTION"
|
13
|
-
This subcommand manages certificate private keys\. Keys are created automatically by puppet agent and when certificate requests are generated with \'puppet ssl submit_request\'; it should not be necessary to use this subcommand directly\.
|
14
|
-
.
|
15
|
-
.SH "OPTIONS"
|
16
|
-
Note that any setting that\'s valid in the configuration file is also a valid long argument, although it may or may not be relevant to the present action\. For example, \fBserver\fR and \fBrun_mode\fR are valid settings, so you can specify \fB\-\-server <servername>\fR, or \fB\-\-run_mode <runmode>\fR as an argument\.
|
17
|
-
.
|
18
|
-
.P
|
19
|
-
See the configuration file documentation at \fIhttps://puppet\.com/docs/puppet/latest/configuration\.html\fR for the full list of acceptable parameters\. A commented list of all configuration options can also be generated by running puppet with \fB\-\-genconfig\fR\.
|
20
|
-
.
|
21
|
-
.TP
|
22
|
-
\-\-render\-as FORMAT
|
23
|
-
The format in which to render output\. The most common formats are \fBjson\fR, \fBs\fR (string), \fByaml\fR, and \fBconsole\fR, but other options such as \fBdot\fR are sometimes available\.
|
24
|
-
.
|
25
|
-
.TP
|
26
|
-
\-\-verbose
|
27
|
-
Whether to log verbosely\.
|
28
|
-
.
|
29
|
-
.TP
|
30
|
-
\-\-debug
|
31
|
-
Whether to log debug information\.
|
32
|
-
.
|
33
|
-
.TP
|
34
|
-
\-\-extra HASH
|
35
|
-
A terminus can take additional arguments to refine the operation, which are passed as an arbitrary hash to the back\-end\. Anything passed as the extra value is just send direct to the back\-end\.
|
36
|
-
.
|
37
|
-
.TP
|
38
|
-
\-\-terminus _TERMINUS
|
39
|
-
Indirector faces expose indirected subsystems of Puppet\. These subsystems are each able to retrieve and alter a specific type of data (with the familiar actions of \fBfind\fR, \fBsearch\fR, \fBsave\fR, and \fBdestroy\fR) from an arbitrary number of pluggable backends\. In Puppet parlance, these backends are called terminuses\.
|
40
|
-
.
|
41
|
-
.IP
|
42
|
-
Almost all indirected subsystems have a \fBrest\fR terminus that interacts with the puppet master\'s data\. Most of them have additional terminuses for various local data models, which are in turn used by the indirected subsystem on the puppet master whenever it receives a remote request\.
|
43
|
-
.
|
44
|
-
.IP
|
45
|
-
The terminus for an action is often determined by context, but occasionally needs to be set explicitly\. See the "Notes" section of this face\'s manpage for more details\.
|
46
|
-
.
|
47
|
-
.SH "ACTIONS"
|
48
|
-
.
|
49
|
-
.TP
|
50
|
-
\fBdestroy\fR \- Delete an object\.
|
51
|
-
\fBSYNOPSIS\fR
|
52
|
-
.
|
53
|
-
.IP
|
54
|
-
puppet key destroy [\-\-terminus _TERMINUS] [\-\-extra HASH] \fIkey\fR
|
55
|
-
.
|
56
|
-
.IP
|
57
|
-
\fBDESCRIPTION\fR
|
58
|
-
.
|
59
|
-
.IP
|
60
|
-
Delete an object\.
|
61
|
-
.
|
62
|
-
.TP
|
63
|
-
\fBfind\fR \- Retrieve an object by name\.
|
64
|
-
\fBSYNOPSIS\fR
|
65
|
-
.
|
66
|
-
.IP
|
67
|
-
puppet key find [\-\-terminus _TERMINUS] [\-\-extra HASH] [\fIkey\fR]
|
68
|
-
.
|
69
|
-
.IP
|
70
|
-
\fBDESCRIPTION\fR
|
71
|
-
.
|
72
|
-
.IP
|
73
|
-
Retrieve an object by name\.
|
74
|
-
.
|
75
|
-
.TP
|
76
|
-
\fBinfo\fR \- Print the default terminus class for this face\.
|
77
|
-
\fBSYNOPSIS\fR
|
78
|
-
.
|
79
|
-
.IP
|
80
|
-
puppet key info [\-\-terminus _TERMINUS] [\-\-extra HASH]
|
81
|
-
.
|
82
|
-
.IP
|
83
|
-
\fBDESCRIPTION\fR
|
84
|
-
.
|
85
|
-
.IP
|
86
|
-
Prints the default terminus class for this subcommand\. Note that different run modes may have different default termini; when in doubt, specify the run mode with the \'\-\-run_mode\' option\.
|
87
|
-
.
|
88
|
-
.TP
|
89
|
-
\fBsave\fR \- API only: create or overwrite an object\.
|
90
|
-
\fBSYNOPSIS\fR
|
91
|
-
.
|
92
|
-
.IP
|
93
|
-
puppet key save [\-\-terminus _TERMINUS] [\-\-extra HASH] \fIkey\fR
|
94
|
-
.
|
95
|
-
.IP
|
96
|
-
\fBDESCRIPTION\fR
|
97
|
-
.
|
98
|
-
.IP
|
99
|
-
API only: create or overwrite an object\. As the Faces framework does not currently accept data from STDIN, save actions cannot currently be invoked from the command line\.
|
100
|
-
.
|
101
|
-
.TP
|
102
|
-
\fBsearch\fR \- Search for an object or retrieve multiple objects\.
|
103
|
-
\fBSYNOPSIS\fR
|
104
|
-
.
|
105
|
-
.IP
|
106
|
-
puppet key search [\-\-terminus _TERMINUS] [\-\-extra HASH] \fIquery\fR
|
107
|
-
.
|
108
|
-
.IP
|
109
|
-
\fBDESCRIPTION\fR
|
110
|
-
.
|
111
|
-
.IP
|
112
|
-
Search for an object or retrieve multiple objects\.
|
113
|
-
.
|
114
|
-
.SH "NOTES"
|
115
|
-
This subcommand is an indirector face, which exposes \fBfind\fR, \fBsearch\fR, \fBsave\fR, and \fBdestroy\fR actions for an indirected subsystem of Puppet\. Valid termini for this face include:
|
116
|
-
.
|
117
|
-
.IP "\(bu" 4
|
118
|
-
\fBfile\fR
|
119
|
-
.
|
120
|
-
.IP "\(bu" 4
|
121
|
-
\fBmemory\fR
|
122
|
-
.
|
123
|
-
.IP "" 0
|
124
|
-
.
|
125
|
-
.SH "COPYRIGHT AND LICENSE"
|
126
|
-
Copyright 2011 by Puppet Inc\. Apache 2 license; see COPYING
|
data/man/man8/puppet-man.8
DELETED
@@ -1,76 +0,0 @@
|
|
1
|
-
.\" generated with Ronn/v0.7.3
|
2
|
-
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
3
|
-
.
|
4
|
-
.TH "PUPPET\-MAN" "8" "February 2021" "Puppet, Inc." "Puppet manual"
|
5
|
-
.
|
6
|
-
.SH "NAME"
|
7
|
-
\fBpuppet\-man\fR \- Display Puppet manual pages\.
|
8
|
-
.
|
9
|
-
.SH "SYNOPSIS"
|
10
|
-
puppet man \fIaction\fR
|
11
|
-
.
|
12
|
-
.SH "DESCRIPTION"
|
13
|
-
Please use the command \'puppet help \fIsubcommand\fR\' or the system manpage system \'man puppet\-\fIsubcommand\fR\' to display information about Puppet subcommands\. The deprecated man subcommand displays manual pages for all Puppet subcommands\. If the \fBronn\fR gem (\fIhttps://github\.com/rtomayko/ronn/\fR) is installed on your system, puppet man will display fully\-formatted man pages\. If \fBronn\fR is not available, puppet man will display the raw (but human\-readable) source text in a pager\.
|
14
|
-
.
|
15
|
-
.SH "OPTIONS"
|
16
|
-
Note that any setting that\'s valid in the configuration file is also a valid long argument, although it may or may not be relevant to the present action\. For example, \fBserver\fR and \fBrun_mode\fR are valid settings, so you can specify \fB\-\-server <servername>\fR, or \fB\-\-run_mode <runmode>\fR as an argument\.
|
17
|
-
.
|
18
|
-
.P
|
19
|
-
See the configuration file documentation at \fIhttps://puppet\.com/docs/puppet/latest/configuration\.html\fR for the full list of acceptable parameters\. A commented list of all configuration options can also be generated by running puppet with \fB\-\-genconfig\fR\.
|
20
|
-
.
|
21
|
-
.TP
|
22
|
-
\-\-render\-as FORMAT
|
23
|
-
The format in which to render output\. The most common formats are \fBjson\fR, \fBs\fR (string), \fByaml\fR, and \fBconsole\fR, but other options such as \fBdot\fR are sometimes available\.
|
24
|
-
.
|
25
|
-
.TP
|
26
|
-
\-\-verbose
|
27
|
-
Whether to log verbosely\.
|
28
|
-
.
|
29
|
-
.TP
|
30
|
-
\-\-debug
|
31
|
-
Whether to log debug information\.
|
32
|
-
.
|
33
|
-
.SH "ACTIONS"
|
34
|
-
.
|
35
|
-
.TP
|
36
|
-
\fBman\fR \- Display the manual page for a Puppet subcommand\.
|
37
|
-
\fBSYNOPSIS\fR
|
38
|
-
.
|
39
|
-
.IP
|
40
|
-
puppet man \fIsubcommand\fR
|
41
|
-
.
|
42
|
-
.IP
|
43
|
-
\fBDESCRIPTION\fR
|
44
|
-
.
|
45
|
-
.IP
|
46
|
-
Display the manual page for a Puppet subcommand\.
|
47
|
-
.
|
48
|
-
.IP
|
49
|
-
\fBRETURNS\fR
|
50
|
-
.
|
51
|
-
.IP
|
52
|
-
The man data, in Markdown format, suitable for consumption by Ronn\.
|
53
|
-
.
|
54
|
-
.IP
|
55
|
-
RENDERING ISSUES: To skip fancy formatting and output the raw Markdown text (e\.g\. for use in a pipeline), call this action with \'\-\-render\-as s\'\.
|
56
|
-
.
|
57
|
-
.SH "EXAMPLES"
|
58
|
-
\fBman\fR
|
59
|
-
.
|
60
|
-
.P
|
61
|
-
View the installed manual page for the subcommand \'config\':
|
62
|
-
.
|
63
|
-
.P
|
64
|
-
$ man puppet\-config
|
65
|
-
.
|
66
|
-
.P
|
67
|
-
(Deprecated) View the manual page for the subcommand \'config\':
|
68
|
-
.
|
69
|
-
.P
|
70
|
-
$ puppet man config
|
71
|
-
.
|
72
|
-
.SH "NOTES"
|
73
|
-
The pager used for display will be the first found of \fB$MANPAGER\fR, \fB$PAGER\fR, \fBless\fR, \fBmost\fR, or \fBmore\fR\.
|
74
|
-
.
|
75
|
-
.SH "COPYRIGHT AND LICENSE"
|
76
|
-
Copyright 2011 by Puppet Inc\. Apache 2 license; see COPYING
|
data/man/man8/puppet-status.8
DELETED
@@ -1,108 +0,0 @@
|
|
1
|
-
.\" generated with Ronn/v0.7.3
|
2
|
-
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
3
|
-
.
|
4
|
-
.TH "PUPPET\-STATUS" "8" "February 2021" "Puppet, Inc." "Puppet manual"
|
5
|
-
.
|
6
|
-
.SH "NAME"
|
7
|
-
\fBpuppet\-status\fR \- View puppet server status\.
|
8
|
-
.
|
9
|
-
.SH "SYNOPSIS"
|
10
|
-
puppet status \fIaction\fR [\-\-terminus _TERMINUS] [\-\-extra HASH]
|
11
|
-
.
|
12
|
-
.SH "OPTIONS"
|
13
|
-
Note that any setting that\'s valid in the configuration file is also a valid long argument, although it may or may not be relevant to the present action\. For example, \fBserver\fR and \fBrun_mode\fR are valid settings, so you can specify \fB\-\-server <servername>\fR, or \fB\-\-run_mode <runmode>\fR as an argument\.
|
14
|
-
.
|
15
|
-
.P
|
16
|
-
See the configuration file documentation at \fIhttps://puppet\.com/docs/puppet/latest/configuration\.html\fR for the full list of acceptable parameters\. A commented list of all configuration options can also be generated by running puppet with \fB\-\-genconfig\fR\.
|
17
|
-
.
|
18
|
-
.TP
|
19
|
-
\-\-render\-as FORMAT
|
20
|
-
The format in which to render output\. The most common formats are \fBjson\fR, \fBs\fR (string), \fByaml\fR, and \fBconsole\fR, but other options such as \fBdot\fR are sometimes available\.
|
21
|
-
.
|
22
|
-
.TP
|
23
|
-
\-\-verbose
|
24
|
-
Whether to log verbosely\.
|
25
|
-
.
|
26
|
-
.TP
|
27
|
-
\-\-debug
|
28
|
-
Whether to log debug information\.
|
29
|
-
.
|
30
|
-
.TP
|
31
|
-
\-\-extra HASH
|
32
|
-
A terminus can take additional arguments to refine the operation, which are passed as an arbitrary hash to the back\-end\. Anything passed as the extra value is just send direct to the back\-end\.
|
33
|
-
.
|
34
|
-
.TP
|
35
|
-
\-\-terminus _TERMINUS
|
36
|
-
Indirector faces expose indirected subsystems of Puppet\. These subsystems are each able to retrieve and alter a specific type of data (with the familiar actions of \fBfind\fR, \fBsearch\fR, \fBsave\fR, and \fBdestroy\fR) from an arbitrary number of pluggable backends\. In Puppet parlance, these backends are called terminuses\.
|
37
|
-
.
|
38
|
-
.IP
|
39
|
-
Almost all indirected subsystems have a \fBrest\fR terminus that interacts with the puppet master\'s data\. Most of them have additional terminuses for various local data models, which are in turn used by the indirected subsystem on the puppet master whenever it receives a remote request\.
|
40
|
-
.
|
41
|
-
.IP
|
42
|
-
The terminus for an action is often determined by context, but occasionally needs to be set explicitly\. See the "Notes" section of this face\'s manpage for more details\.
|
43
|
-
.
|
44
|
-
.SH "ACTIONS"
|
45
|
-
.
|
46
|
-
.TP
|
47
|
-
\fBfind\fR \- Check status of puppet master server\.
|
48
|
-
\fBSYNOPSIS\fR
|
49
|
-
.
|
50
|
-
.IP
|
51
|
-
puppet status [\-\-terminus _TERMINUS] [\-\-extra HASH] [\fIkey\fR]
|
52
|
-
.
|
53
|
-
.IP
|
54
|
-
\fBDESCRIPTION\fR
|
55
|
-
.
|
56
|
-
.IP
|
57
|
-
Checks whether a Puppet server is properly receiving and processing HTTP requests\. This action is only useful when used with \'\-\-terminus rest\'; when invoked with the \fBlocal\fR terminus, \fBfind\fR will always return true\.
|
58
|
-
.
|
59
|
-
.IP
|
60
|
-
Over REST, this action will query the configured puppet master by default\. To query other servers, including puppet agent nodes started with the \fI\-\-listen\fR option, you can set the global \fI\-\-server\fR and \fI\-\-serverport\fR options on the command line; note that agent nodes listen on port 8139\.
|
61
|
-
.
|
62
|
-
.IP
|
63
|
-
\fBRETURNS\fR
|
64
|
-
.
|
65
|
-
.IP
|
66
|
-
A "true" response or a low\-level connection error\. When used from the Ruby API: returns a Puppet::Status object\.
|
67
|
-
.
|
68
|
-
.IP
|
69
|
-
\fBNOTES\fR
|
70
|
-
.
|
71
|
-
.IP
|
72
|
-
This action requires that the server\'s \fBauth\.conf\fR file allow find access to the \fBstatus\fR REST terminus\. Puppet agent does not use this facility, and it is turned off by default\. See \fIhttps://puppet\.com/docs/puppet/latest/config_file_auth\.html\fR for more details\.
|
73
|
-
.
|
74
|
-
.TP
|
75
|
-
\fBinfo\fR \- Print the default terminus class for this face\.
|
76
|
-
\fBSYNOPSIS\fR
|
77
|
-
.
|
78
|
-
.IP
|
79
|
-
puppet status info [\-\-terminus _TERMINUS] [\-\-extra HASH]
|
80
|
-
.
|
81
|
-
.IP
|
82
|
-
\fBDESCRIPTION\fR
|
83
|
-
.
|
84
|
-
.IP
|
85
|
-
Prints the default terminus class for this subcommand\. Note that different run modes may have different default termini; when in doubt, specify the run mode with the \'\-\-run_mode\' option\.
|
86
|
-
.
|
87
|
-
.SH "EXAMPLES"
|
88
|
-
\fBfind\fR
|
89
|
-
.
|
90
|
-
.P
|
91
|
-
Check the status of the configured puppet master:
|
92
|
-
.
|
93
|
-
.P
|
94
|
-
$ puppet status find \-\-terminus rest
|
95
|
-
.
|
96
|
-
.SH "NOTES"
|
97
|
-
This subcommand is an indirector face, which exposes \fBfind\fR, \fBsearch\fR, \fBsave\fR, and \fBdestroy\fR actions for an indirected subsystem of Puppet\. Valid termini for this face include:
|
98
|
-
.
|
99
|
-
.IP "\(bu" 4
|
100
|
-
\fBlocal\fR
|
101
|
-
.
|
102
|
-
.IP "\(bu" 4
|
103
|
-
\fBrest\fR
|
104
|
-
.
|
105
|
-
.IP "" 0
|
106
|
-
.
|
107
|
-
.SH "COPYRIGHT AND LICENSE"
|
108
|
-
Copyright 2011 by Puppet Inc\. Apache 2 license; see COPYING
|
@@ -1,256 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
|
3
|
-
require 'puppet/network/authconfig'
|
4
|
-
require 'puppet/network/auth_config_parser'
|
5
|
-
|
6
|
-
RSpec::Matchers.define :auth_allow do |params|
|
7
|
-
match do |auth|
|
8
|
-
begin
|
9
|
-
auth.check_authorization(*params)
|
10
|
-
true
|
11
|
-
rescue Puppet::Network::AuthorizationError
|
12
|
-
false
|
13
|
-
end
|
14
|
-
end
|
15
|
-
|
16
|
-
failure_message do |instance|
|
17
|
-
"expected #{params[2][:node]}/#{params[2][:ip]} to be allowed"
|
18
|
-
end
|
19
|
-
|
20
|
-
failure_message_when_negated do |instance|
|
21
|
-
"expected #{params[2][:node]}/#{params[2][:ip]} to be forbidden"
|
22
|
-
end
|
23
|
-
end
|
24
|
-
|
25
|
-
describe Puppet::Network::AuthConfig do
|
26
|
-
include PuppetSpec::Files
|
27
|
-
|
28
|
-
def add_rule(rule)
|
29
|
-
parser = Puppet::Network::AuthConfigParser.new(
|
30
|
-
"path /test\n#{rule}\n"
|
31
|
-
)
|
32
|
-
@auth = parser.parse
|
33
|
-
end
|
34
|
-
|
35
|
-
def add_regex_rule(regex, rule)
|
36
|
-
parser = Puppet::Network::AuthConfigParser.new(
|
37
|
-
"path ~ #{regex}\n#{rule}\n"
|
38
|
-
)
|
39
|
-
@auth = parser.parse
|
40
|
-
end
|
41
|
-
|
42
|
-
def add_raw_stanza(stanza)
|
43
|
-
parser = Puppet::Network::AuthConfigParser.new(
|
44
|
-
stanza
|
45
|
-
)
|
46
|
-
@auth = parser.parse
|
47
|
-
end
|
48
|
-
|
49
|
-
def request(args = {})
|
50
|
-
args = {
|
51
|
-
:key => 'key',
|
52
|
-
:node => 'host.domain.com',
|
53
|
-
:ip => '10.1.1.1',
|
54
|
-
:authenticated => true
|
55
|
-
}.merge(args)
|
56
|
-
[:find, "/test/#{args[:key]}", args]
|
57
|
-
end
|
58
|
-
|
59
|
-
describe "allow" do
|
60
|
-
it "should not match IP addresses" do
|
61
|
-
add_rule("allow 10.1.1.1")
|
62
|
-
|
63
|
-
expect(@auth).not_to auth_allow(request)
|
64
|
-
end
|
65
|
-
|
66
|
-
it "should not accept CIDR IPv4 address" do
|
67
|
-
expect {
|
68
|
-
add_rule("allow 10.0.0.0/8")
|
69
|
-
}.to raise_error Puppet::ConfigurationError, /Invalid pattern 10\.0\.0\.0\/8/
|
70
|
-
end
|
71
|
-
|
72
|
-
it "should not match wildcard IPv4 address" do
|
73
|
-
expect {
|
74
|
-
add_rule("allow 10.1.1.*")
|
75
|
-
}.to raise_error Puppet::ConfigurationError, /Invalid pattern 10\.1\.1\.*/
|
76
|
-
end
|
77
|
-
|
78
|
-
it "should not match IPv6 address" do
|
79
|
-
expect {
|
80
|
-
add_rule("allow 2001:DB8::8:800:200C:417A")
|
81
|
-
}.to raise_error Puppet::ConfigurationError, /Invalid pattern 2001/
|
82
|
-
end
|
83
|
-
|
84
|
-
it "should support hostname" do
|
85
|
-
add_rule("allow host.domain.com")
|
86
|
-
|
87
|
-
expect(@auth).to auth_allow(request)
|
88
|
-
end
|
89
|
-
|
90
|
-
it "should support wildcard host" do
|
91
|
-
add_rule("allow *.domain.com")
|
92
|
-
|
93
|
-
expect(@auth).to auth_allow(request)
|
94
|
-
end
|
95
|
-
|
96
|
-
it 'should warn about missing path before allow_ip in stanza' do
|
97
|
-
expect {
|
98
|
-
add_raw_stanza("allow_ip 10.0.0.1\n")
|
99
|
-
}.to raise_error Puppet::ConfigurationError, /Missing or invalid 'path' before right directive at \(line: .*\)/
|
100
|
-
end
|
101
|
-
|
102
|
-
it 'should warn about missing path before allow in stanza' do
|
103
|
-
expect {
|
104
|
-
add_raw_stanza("allow host.domain.com\n")
|
105
|
-
}.to raise_error Puppet::ConfigurationError, /Missing or invalid 'path' before right directive at \(line: .*\)/
|
106
|
-
end
|
107
|
-
|
108
|
-
it "should support hostname backreferences" do
|
109
|
-
add_regex_rule('^/test/([^/]+)$', "allow $1.domain.com")
|
110
|
-
|
111
|
-
expect(@auth).to auth_allow(request(:key => 'host'))
|
112
|
-
end
|
113
|
-
|
114
|
-
it "should support opaque strings" do
|
115
|
-
add_rule("allow this-is-opaque@or-not")
|
116
|
-
|
117
|
-
expect(@auth).to auth_allow(request(:node => 'this-is-opaque@or-not'))
|
118
|
-
end
|
119
|
-
|
120
|
-
it "should support opaque strings and backreferences" do
|
121
|
-
add_regex_rule('^/test/([^/]+)$', "allow $1")
|
122
|
-
|
123
|
-
expect(@auth).to auth_allow(request(:key => 'this-is-opaque@or-not', :node => 'this-is-opaque@or-not'))
|
124
|
-
end
|
125
|
-
|
126
|
-
it "should support hostname ending with '.'" do
|
127
|
-
pending('bug #7589')
|
128
|
-
add_rule("allow host.domain.com.")
|
129
|
-
|
130
|
-
expect(@auth).to auth_allow(request(:node => 'host.domain.com.'))
|
131
|
-
end
|
132
|
-
|
133
|
-
it "should support hostname ending with '.' and backreferences" do
|
134
|
-
pending('bug #7589')
|
135
|
-
add_regex_rule('^/test/([^/]+)$',"allow $1")
|
136
|
-
|
137
|
-
expect(@auth).to auth_allow(request(:node => 'host.domain.com.'))
|
138
|
-
end
|
139
|
-
|
140
|
-
it "should support trailing whitespace" do
|
141
|
-
add_rule('allow host.domain.com ')
|
142
|
-
|
143
|
-
expect(@auth).to auth_allow(request)
|
144
|
-
end
|
145
|
-
|
146
|
-
it "should support inlined comments" do
|
147
|
-
add_rule('allow host.domain.com # will it work?')
|
148
|
-
|
149
|
-
expect(@auth).to auth_allow(request)
|
150
|
-
end
|
151
|
-
|
152
|
-
it "should deny non-matching host" do
|
153
|
-
add_rule("allow inexistent")
|
154
|
-
|
155
|
-
expect(@auth).not_to auth_allow(request)
|
156
|
-
end
|
157
|
-
end
|
158
|
-
|
159
|
-
describe "allow_ip" do
|
160
|
-
it "should not warn when matches against IP addresses fail" do
|
161
|
-
add_rule("allow_ip 10.1.1.2")
|
162
|
-
|
163
|
-
expect(@auth).not_to auth_allow(request)
|
164
|
-
|
165
|
-
expect(@logs).not_to be_any {|log| log.level == :warning and log.message =~ /Authentication based on IP address is deprecated/}
|
166
|
-
end
|
167
|
-
|
168
|
-
it "should support IPv4 address" do
|
169
|
-
add_rule("allow_ip 10.1.1.1")
|
170
|
-
|
171
|
-
expect(@auth).to auth_allow(request)
|
172
|
-
end
|
173
|
-
|
174
|
-
it "should support CIDR IPv4 address" do
|
175
|
-
add_rule("allow_ip 10.0.0.0/8")
|
176
|
-
|
177
|
-
expect(@auth).to auth_allow(request)
|
178
|
-
end
|
179
|
-
|
180
|
-
it "should support wildcard IPv4 address" do
|
181
|
-
add_rule("allow_ip 10.1.1.*")
|
182
|
-
|
183
|
-
expect(@auth).to auth_allow(request)
|
184
|
-
end
|
185
|
-
|
186
|
-
it "should support IPv6 address" do
|
187
|
-
add_rule("allow_ip 2001:DB8::8:800:200C:417A")
|
188
|
-
|
189
|
-
expect(@auth).to auth_allow(request(:ip => '2001:DB8::8:800:200C:417A'))
|
190
|
-
end
|
191
|
-
|
192
|
-
it "should support hostname" do
|
193
|
-
expect {
|
194
|
-
add_rule("allow_ip host.domain.com")
|
195
|
-
}.to raise_error Puppet::ConfigurationError, /Invalid IP pattern host.domain.com/
|
196
|
-
end
|
197
|
-
end
|
198
|
-
|
199
|
-
describe "deny" do
|
200
|
-
it "should deny denied hosts" do
|
201
|
-
add_rule <<-EOALLOWRULE
|
202
|
-
deny host.domain.com
|
203
|
-
allow *.domain.com
|
204
|
-
EOALLOWRULE
|
205
|
-
|
206
|
-
expect(@auth).not_to auth_allow(request)
|
207
|
-
end
|
208
|
-
|
209
|
-
it "denies denied hosts after allowing them" do
|
210
|
-
add_rule <<-EOALLOWRULE
|
211
|
-
allow *.domain.com
|
212
|
-
deny host.domain.com
|
213
|
-
EOALLOWRULE
|
214
|
-
|
215
|
-
expect(@auth).not_to auth_allow(request)
|
216
|
-
end
|
217
|
-
|
218
|
-
it "should not deny based on IP" do
|
219
|
-
add_rule <<-EOALLOWRULE
|
220
|
-
deny 10.1.1.1
|
221
|
-
allow host.domain.com
|
222
|
-
EOALLOWRULE
|
223
|
-
|
224
|
-
expect(@auth).to auth_allow(request)
|
225
|
-
end
|
226
|
-
|
227
|
-
it "should not deny based on IP (ordering #2)" do
|
228
|
-
add_rule <<-EOALLOWRULE
|
229
|
-
allow host.domain.com
|
230
|
-
deny 10.1.1.1
|
231
|
-
EOALLOWRULE
|
232
|
-
|
233
|
-
expect(@auth).to auth_allow(request)
|
234
|
-
end
|
235
|
-
end
|
236
|
-
|
237
|
-
describe "deny_ip" do
|
238
|
-
it "should deny based on IP" do
|
239
|
-
add_rule <<-EOALLOWRULE
|
240
|
-
deny_ip 10.1.1.1
|
241
|
-
allow host.domain.com
|
242
|
-
EOALLOWRULE
|
243
|
-
|
244
|
-
expect(@auth).not_to auth_allow(request)
|
245
|
-
end
|
246
|
-
|
247
|
-
it "should deny based on IP (ordering #2)" do
|
248
|
-
add_rule <<-EOALLOWRULE
|
249
|
-
allow host.domain.com
|
250
|
-
deny_ip 10.1.1.1
|
251
|
-
EOALLOWRULE
|
252
|
-
|
253
|
-
expect(@auth).not_to auth_allow(request)
|
254
|
-
end
|
255
|
-
end
|
256
|
-
end
|