puppet 6.23.0 → 7.0.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CODEOWNERS +16 -2
- data/Gemfile +1 -3
- data/Gemfile.lock +34 -46
- data/README.md +1 -1
- data/conf/fileserver.conf +5 -10
- data/ext/build_defaults.yaml +1 -1
- data/ext/osx/file_mapping.yaml +0 -5
- data/ext/osx/puppet.plist +0 -2
- data/ext/project_data.yaml +1 -14
- data/ext/redhat/puppet.spec.erb +0 -1
- data/ext/windows/service/daemon.rb +6 -5
- data/install.rb +21 -17
- data/lib/puppet.rb +11 -20
- data/lib/puppet/application.rb +178 -108
- data/lib/puppet/application/agent.rb +4 -12
- data/lib/puppet/application/apply.rb +2 -4
- data/lib/puppet/application/device.rb +100 -106
- data/lib/puppet/application/filebucket.rb +13 -9
- data/lib/puppet/application/resource.rb +1 -2
- data/lib/puppet/application/script.rb +0 -2
- data/lib/puppet/application/ssl.rb +1 -12
- data/lib/puppet/application_support.rb +0 -7
- data/lib/puppet/configurer.rb +30 -45
- data/lib/puppet/configurer/downloader.rb +1 -2
- data/lib/puppet/configurer/plugin_handler.rb +21 -19
- data/lib/puppet/defaults.rb +100 -192
- data/lib/puppet/environments.rb +60 -74
- data/lib/puppet/face/facts.rb +5 -103
- data/lib/puppet/face/help.rb +1 -1
- data/lib/puppet/face/plugin.rb +5 -8
- data/lib/puppet/ffi/windows.rb +12 -0
- data/lib/puppet/ffi/windows/api_types.rb +311 -0
- data/lib/puppet/ffi/windows/constants.rb +404 -0
- data/lib/puppet/ffi/windows/functions.rb +628 -0
- data/lib/puppet/ffi/windows/structs.rb +338 -0
- data/lib/puppet/file_serving/configuration.rb +0 -5
- data/lib/puppet/file_serving/configuration/parser.rb +3 -32
- data/lib/puppet/file_serving/fileset.rb +2 -14
- data/lib/puppet/file_serving/http_metadata.rb +1 -1
- data/lib/puppet/file_serving/mount.rb +1 -2
- data/lib/puppet/file_system/memory_file.rb +1 -8
- data/lib/puppet/file_system/windows.rb +0 -2
- data/lib/puppet/forge/repository.rb +0 -1
- data/lib/puppet/functions/all.rb +1 -1
- data/lib/puppet/functions/camelcase.rb +1 -1
- data/lib/puppet/functions/capitalize.rb +2 -2
- data/lib/puppet/functions/downcase.rb +2 -2
- data/lib/puppet/functions/get.rb +5 -5
- data/lib/puppet/functions/group_by.rb +5 -13
- data/lib/puppet/functions/lest.rb +1 -1
- data/lib/puppet/functions/new.rb +100 -100
- data/lib/puppet/functions/partition.rb +4 -12
- data/lib/puppet/functions/require.rb +5 -5
- data/lib/puppet/functions/sort.rb +3 -3
- data/lib/puppet/functions/tree_each.rb +9 -7
- data/lib/puppet/functions/type.rb +4 -4
- data/lib/puppet/functions/upcase.rb +2 -2
- data/lib/puppet/generate/models/type/type.rb +4 -1
- data/lib/puppet/http.rb +22 -13
- data/lib/puppet/http/client.rb +164 -114
- data/lib/puppet/{network/resolver.rb → http/dns.rb} +2 -2
- data/lib/puppet/http/errors.rb +16 -0
- data/lib/puppet/http/external_client.rb +5 -7
- data/lib/puppet/{network/http → http}/factory.rb +8 -15
- data/lib/puppet/{network/http → http}/pool.rb +61 -26
- data/lib/puppet/{network/http/session.rb → http/pool_entry.rb} +2 -3
- data/lib/puppet/http/proxy.rb +137 -0
- data/lib/puppet/http/redirector.rb +4 -12
- data/lib/puppet/http/resolver.rb +5 -15
- data/lib/puppet/http/resolver/server_list.rb +10 -25
- data/lib/puppet/http/resolver/settings.rb +4 -7
- data/lib/puppet/http/resolver/srv.rb +7 -11
- data/lib/puppet/http/response.rb +36 -54
- data/lib/puppet/http/response_converter.rb +24 -0
- data/lib/puppet/http/response_net_http.rb +42 -0
- data/lib/puppet/http/retry_after_handler.rb +4 -13
- data/lib/puppet/http/service.rb +12 -26
- data/lib/puppet/http/service/ca.rb +11 -22
- data/lib/puppet/http/service/compiler.rb +22 -138
- data/lib/puppet/http/service/file_server.rb +19 -29
- data/lib/puppet/http/service/puppetserver.rb +26 -12
- data/lib/puppet/http/service/report.rb +8 -10
- data/lib/puppet/http/session.rb +11 -20
- data/lib/puppet/{network/http → http}/site.rb +1 -2
- data/lib/puppet/indirector/catalog/compiler.rb +0 -1
- data/lib/puppet/indirector/catalog/rest.rb +2 -4
- data/lib/puppet/indirector/facts/rest.rb +3 -22
- data/lib/puppet/indirector/file_bucket_file/rest.rb +3 -9
- data/lib/puppet/indirector/file_content/rest.rb +2 -6
- data/lib/puppet/indirector/file_metadata/rest.rb +3 -10
- data/lib/puppet/indirector/file_server.rb +1 -8
- data/lib/puppet/indirector/generic_http.rb +0 -11
- data/lib/puppet/indirector/node/rest.rb +2 -4
- data/lib/puppet/indirector/report/rest.rb +3 -8
- data/lib/puppet/indirector/request.rb +0 -101
- data/lib/puppet/indirector/rest.rb +12 -263
- data/lib/puppet/module_tool/applications.rb +0 -1
- data/lib/puppet/module_tool/applications/installer.rb +2 -48
- data/lib/puppet/module_tool/errors/shared.rb +2 -17
- data/lib/puppet/network/authconfig.rb +2 -96
- data/lib/puppet/network/authorization.rb +13 -35
- data/lib/puppet/network/formats.rb +0 -67
- data/lib/puppet/network/http.rb +3 -3
- data/lib/puppet/network/http/api/indirected_routes.rb +2 -20
- data/lib/puppet/network/http/api/master/v3.rb +11 -13
- data/lib/puppet/network/http/connection.rb +247 -316
- data/lib/puppet/network/http/handler.rb +0 -1
- data/lib/puppet/network/http_pool.rb +16 -34
- data/lib/puppet/node.rb +1 -30
- data/lib/puppet/pal/json_catalog_encoder.rb +4 -0
- data/lib/puppet/pal/pal_impl.rb +3 -1
- data/lib/puppet/parser/ast/leaf.rb +2 -3
- data/lib/puppet/parser/ast/pops_bridge.rb +0 -38
- data/lib/puppet/parser/compiler.rb +0 -198
- data/lib/puppet/parser/compiler/catalog_validator/relationship_validator.rb +14 -39
- data/lib/puppet/parser/functions/fqdn_rand.rb +6 -14
- data/lib/puppet/parser/resource.rb +0 -69
- data/lib/puppet/parser/templatewrapper.rb +1 -1
- data/lib/puppet/pops/evaluator/deferred_resolver.rb +3 -5
- data/lib/puppet/pops/evaluator/evaluator_impl.rb +0 -5
- data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +3 -3
- data/lib/puppet/pops/evaluator/runtime3_support.rb +1 -1
- data/lib/puppet/pops/issues.rb +0 -5
- data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +6 -8
- data/lib/puppet/pops/model/ast.pp +0 -42
- data/lib/puppet/pops/model/ast.rb +0 -290
- data/lib/puppet/pops/model/ast_transformer.rb +1 -1
- data/lib/puppet/pops/model/factory.rb +0 -45
- data/lib/puppet/pops/model/model_label_provider.rb +0 -5
- data/lib/puppet/pops/model/model_tree_dumper.rb +0 -22
- data/lib/puppet/pops/model/pn_transformer.rb +0 -16
- data/lib/puppet/pops/parser/egrammar.ra +0 -56
- data/lib/puppet/pops/parser/eparser.rb +1520 -1712
- data/lib/puppet/pops/parser/lexer2.rb +4 -4
- data/lib/puppet/pops/parser/parser_support.rb +0 -5
- data/lib/puppet/pops/resource/resource_type_impl.rb +2 -24
- data/lib/puppet/pops/types/p_sem_ver_type.rb +2 -8
- data/lib/puppet/pops/types/p_sensitive_type.rb +0 -10
- data/lib/puppet/pops/types/type_calculator.rb +0 -7
- data/lib/puppet/pops/types/type_parser.rb +0 -4
- data/lib/puppet/pops/types/types.rb +0 -1
- data/lib/puppet/pops/validation/checker4_0.rb +9 -37
- data/lib/puppet/pops/validation/tasks_checker.rb +0 -12
- data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -2
- data/lib/puppet/property/list.rb +1 -1
- data/lib/puppet/provider.rb +0 -13
- data/lib/puppet/provider/group/groupadd.rb +8 -13
- data/lib/puppet/provider/nameservice.rb +0 -18
- data/lib/puppet/provider/package/apt.rb +2 -34
- data/lib/puppet/provider/package/aptitude.rb +0 -6
- data/lib/puppet/provider/package/dnfmodule.rb +1 -1
- data/lib/puppet/provider/package/dpkg.rb +0 -10
- data/lib/puppet/provider/package/gem.rb +23 -3
- data/lib/puppet/provider/package/nim.rb +6 -11
- data/lib/puppet/provider/package/pip.rb +0 -1
- data/lib/puppet/provider/package/pkg.rb +0 -4
- data/lib/puppet/provider/package/portage.rb +1 -1
- data/lib/puppet/provider/package/puppet_gem.rb +1 -4
- data/lib/puppet/provider/service/debian.rb +0 -2
- data/lib/puppet/provider/service/smf.rb +191 -73
- data/lib/puppet/provider/service/systemd.rb +4 -14
- data/lib/puppet/provider/service/windows.rb +0 -38
- data/lib/puppet/provider/user/aix.rb +2 -2
- data/lib/puppet/provider/user/directoryservice.rb +10 -33
- data/lib/puppet/provider/user/useradd.rb +8 -62
- data/lib/puppet/reference/configuration.rb +8 -7
- data/lib/puppet/reference/indirection.rb +1 -1
- data/lib/puppet/resource.rb +1 -89
- data/lib/puppet/resource/catalog.rb +1 -14
- data/lib/puppet/resource/type.rb +3 -119
- data/lib/puppet/resource/type_collection.rb +3 -48
- data/lib/puppet/runtime.rb +1 -2
- data/lib/puppet/settings.rb +73 -66
- data/lib/puppet/settings/environment_conf.rb +0 -1
- data/lib/puppet/settings/integer_setting.rb +17 -0
- data/lib/puppet/settings/port_setting.rb +15 -0
- data/lib/puppet/settings/priority_setting.rb +5 -4
- data/lib/puppet/ssl.rb +10 -6
- data/lib/puppet/ssl/base.rb +3 -5
- data/lib/puppet/ssl/certificate.rb +0 -6
- data/lib/puppet/ssl/certificate_request.rb +1 -12
- data/lib/puppet/ssl/certificate_signer.rb +6 -0
- data/lib/puppet/ssl/oids.rb +3 -1
- data/lib/puppet/ssl/ssl_provider.rb +17 -0
- data/lib/puppet/ssl/state_machine.rb +3 -1
- data/lib/puppet/ssl/verifier.rb +2 -0
- data/lib/puppet/test/test_helper.rb +1 -3
- data/lib/puppet/transaction.rb +1 -7
- data/lib/puppet/transaction/additional_resource_generator.rb +1 -1
- data/lib/puppet/transaction/report.rb +2 -4
- data/lib/puppet/type.rb +0 -76
- data/lib/puppet/type/file.rb +6 -26
- data/lib/puppet/type/file/checksum.rb +1 -1
- data/lib/puppet/type/file/selcontext.rb +1 -1
- data/lib/puppet/type/file/source.rb +1 -1
- data/lib/puppet/type/filebucket.rb +3 -3
- data/lib/puppet/type/package.rb +8 -16
- data/lib/puppet/type/service.rb +38 -18
- data/lib/puppet/type/tidy.rb +2 -21
- data/lib/puppet/type/user.rb +20 -38
- data/lib/puppet/util/autoload.rb +8 -1
- data/lib/puppet/util/execution.rb +0 -11
- data/lib/puppet/util/http_proxy.rb +2 -215
- data/lib/puppet/util/monkey_patches.rb +0 -53
- data/lib/puppet/util/posix.rb +5 -54
- data/lib/puppet/util/rdoc.rb +0 -7
- data/lib/puppet/util/retry_action.rb +1 -1
- data/lib/puppet/util/run_mode.rb +9 -1
- data/lib/puppet/util/selinux.rb +4 -30
- data/lib/puppet/util/windows.rb +3 -8
- data/lib/puppet/util/windows/adsi.rb +0 -46
- data/lib/puppet/util/windows/daemon.rb +360 -0
- data/lib/puppet/util/windows/error.rb +1 -0
- data/lib/puppet/util/windows/eventlog.rb +4 -9
- data/lib/puppet/util/windows/file.rb +8 -242
- data/lib/puppet/util/windows/monkey_patches/process.rb +414 -0
- data/lib/puppet/util/windows/principal.rb +2 -9
- data/lib/puppet/util/windows/process.rb +4 -226
- data/lib/puppet/util/windows/service.rb +9 -460
- data/lib/puppet/util/windows/sid.rb +2 -4
- data/lib/puppet/util/windows/string.rb +12 -13
- data/lib/puppet/util/yaml.rb +0 -22
- data/lib/puppet/vendor/require_vendored.rb +0 -1
- data/lib/puppet/version.rb +1 -1
- data/lib/puppet/x509.rb +5 -1
- data/lib/puppet/x509/cert_provider.rb +29 -1
- data/locales/puppet.pot +651 -1436
- data/man/man5/puppet.conf.5 +266 -354
- data/man/man8/puppet-agent.8 +2 -2
- data/man/man8/puppet-apply.8 +2 -2
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +2 -2
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +4 -47
- data/man/man8/puppet-filebucket.8 +4 -4
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-module.8 +1 -58
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +2 -2
- data/man/man8/puppet-ssl.8 +1 -5
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/ssl/127.0.0.1-key.pem +57 -107
- data/spec/fixtures/ssl/127.0.0.1.pem +31 -52
- data/spec/fixtures/ssl/bad-basic-constraints.pem +35 -57
- data/spec/fixtures/ssl/bad-int-basic-constraints.pem +35 -57
- data/spec/fixtures/ssl/ca.pem +35 -57
- data/spec/fixtures/ssl/crl.pem +18 -28
- data/spec/fixtures/ssl/ec-key.pem +11 -11
- data/spec/fixtures/ssl/ec.pem +24 -33
- data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
- data/spec/fixtures/ssl/encrypted-key.pem +58 -108
- data/spec/fixtures/ssl/intermediate-agent-crl.pem +19 -28
- data/spec/fixtures/ssl/intermediate-agent.pem +36 -57
- data/spec/fixtures/ssl/intermediate-crl.pem +21 -31
- data/spec/fixtures/ssl/intermediate.pem +36 -57
- data/spec/fixtures/ssl/pluto-key.pem +57 -107
- data/spec/fixtures/ssl/pluto.pem +30 -52
- data/spec/fixtures/ssl/request-key.pem +57 -107
- data/spec/fixtures/ssl/request.pem +26 -47
- data/spec/fixtures/ssl/revoked-key.pem +57 -107
- data/spec/fixtures/ssl/revoked.pem +30 -52
- data/spec/fixtures/ssl/signed-key.pem +57 -107
- data/spec/fixtures/ssl/signed.pem +30 -52
- data/spec/fixtures/ssl/tampered-cert.pem +30 -52
- data/spec/fixtures/ssl/tampered-csr.pem +26 -47
- data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +57 -107
- data/spec/fixtures/ssl/unknown-127.0.0.1.pem +29 -50
- data/spec/fixtures/ssl/unknown-ca-key.pem +57 -107
- data/spec/fixtures/ssl/unknown-ca.pem +33 -55
- data/spec/fixtures/unit/provider/service/smf/{svcs.out → svcs_instances.out} +0 -0
- data/spec/fixtures/unit/provider/user/aix/aix_passwd_file.out +0 -4
- data/spec/integration/application/agent_spec.rb +27 -171
- data/spec/integration/application/apply_spec.rb +1 -20
- data/spec/integration/application/filebucket_spec.rb +16 -16
- data/spec/integration/application/help_spec.rb +2 -0
- data/spec/integration/application/plugin_spec.rb +24 -2
- data/spec/integration/defaults_spec.rb +14 -3
- data/spec/integration/http/client_spec.rb +0 -12
- data/spec/integration/indirector/direct_file_server_spec.rb +3 -1
- data/spec/integration/network/http_pool_spec.rb +3 -21
- data/spec/integration/parser/catalog_spec.rb +0 -38
- data/spec/integration/parser/node_spec.rb +0 -9
- data/spec/integration/parser/pcore_resource_spec.rb +0 -37
- data/spec/integration/resource/type_collection_spec.rb +6 -2
- data/spec/integration/transaction_spec.rb +9 -4
- data/spec/integration/type/file_spec.rb +5 -4
- data/spec/integration/util/windows/adsi_spec.rb +1 -21
- data/spec/integration/util/windows/monkey_patches/process_spec.rb +231 -0
- data/spec/integration/util/windows/principal_spec.rb +0 -21
- data/spec/integration/util/windows/registry_spec.rb +10 -6
- data/spec/integration/util/windows/security_spec.rb +1 -1
- data/spec/lib/matchers/include.rb +27 -0
- data/spec/lib/matchers/include_spec.rb +32 -0
- data/spec/lib/puppet/test_ca.rb +2 -2
- data/spec/lib/puppet_spec/puppetserver.rb +1 -1
- data/spec/lib/puppet_spec/settings.rb +1 -0
- data/spec/spec_helper.rb +7 -12
- data/spec/unit/agent_spec.rb +6 -10
- data/spec/unit/application/agent_spec.rb +3 -7
- data/spec/unit/application/facts_spec.rb +12 -456
- data/spec/unit/application/filebucket_spec.rb +43 -39
- data/spec/unit/application/ssl_spec.rb +2 -25
- data/spec/unit/application_spec.rb +9 -51
- data/spec/unit/certificate_factory_spec.rb +1 -1
- data/spec/unit/configurer/downloader_spec.rb +6 -8
- data/spec/unit/configurer/plugin_handler_spec.rb +56 -18
- data/spec/unit/configurer_spec.rb +12 -32
- data/spec/unit/confine/feature_spec.rb +1 -1
- data/spec/unit/confine_spec.rb +2 -8
- data/spec/unit/context/trusted_information_spec.rb +2 -6
- data/spec/unit/defaults_spec.rb +68 -54
- data/spec/unit/environments_spec.rb +68 -224
- data/spec/unit/face/node_spec.rb +11 -0
- data/spec/unit/face/plugin_spec.rb +73 -33
- data/spec/unit/file_bucket/file_spec.rb +1 -1
- data/spec/unit/file_serving/configuration/parser_spec.rb +15 -18
- data/spec/unit/file_serving/configuration_spec.rb +6 -12
- data/spec/unit/file_serving/fileset_spec.rb +0 -60
- data/spec/unit/file_serving/metadata_spec.rb +3 -3
- data/spec/unit/file_serving/terminus_helper_spec.rb +4 -11
- data/spec/unit/file_system_spec.rb +0 -9
- data/spec/unit/forge/module_release_spec.rb +7 -2
- data/spec/unit/functions/camelcase_spec.rb +1 -1
- data/spec/unit/functions/capitalize_spec.rb +1 -1
- data/spec/unit/functions/downcase_spec.rb +1 -1
- data/spec/unit/functions/upcase_spec.rb +1 -1
- data/spec/unit/gettext/config_spec.rb +0 -12
- data/spec/unit/http/client_spec.rb +7 -8
- data/spec/unit/{network/resolver_spec.rb → http/dns_spec.rb} +3 -3
- data/spec/unit/http/external_client_spec.rb +4 -4
- data/spec/unit/{network/http → http}/factory_spec.rb +5 -30
- data/spec/unit/{network/http/session_spec.rb → http/pool_entry_spec.rb} +3 -3
- data/spec/unit/{network/http → http}/pool_spec.rb +12 -17
- data/spec/unit/{util/http_proxy_spec.rb → http/proxy_spec.rb} +2 -69
- data/spec/unit/http/resolver_spec.rb +13 -13
- data/spec/unit/http/service/compiler_spec.rb +0 -185
- data/spec/unit/http/service/file_server_spec.rb +3 -3
- data/spec/unit/http/service/puppetserver_spec.rb +34 -4
- data/spec/unit/http/service_spec.rb +0 -1
- data/spec/unit/http/session_spec.rb +16 -14
- data/spec/unit/{network/http → http}/site_spec.rb +3 -3
- data/spec/unit/indirector/catalog/compiler_spec.rb +10 -14
- data/spec/unit/indirector/face_spec.rb +1 -0
- data/spec/unit/indirector/facts/facter_spec.rb +3 -0
- data/spec/unit/indirector/file_bucket_file/file_spec.rb +5 -3
- data/spec/unit/indirector/file_bucket_file/selector_spec.rb +8 -26
- data/spec/unit/indirector/file_content/rest_spec.rb +0 -4
- data/spec/unit/indirector/file_metadata/rest_spec.rb +0 -4
- data/spec/unit/indirector/file_server_spec.rb +1 -15
- data/spec/unit/indirector/indirection_spec.rb +12 -8
- data/spec/unit/indirector/report/rest_spec.rb +2 -17
- data/spec/unit/indirector/request_spec.rb +0 -264
- data/spec/unit/indirector/rest_spec.rb +98 -752
- data/spec/unit/indirector_spec.rb +2 -2
- data/spec/unit/module_tool/applications/installer_spec.rb +0 -66
- data/spec/unit/network/authconfig_spec.rb +2 -129
- data/spec/unit/network/authorization_spec.rb +2 -55
- data/spec/unit/network/formats_spec.rb +4 -45
- data/spec/unit/network/http/api/indirected_routes_spec.rb +5 -92
- data/spec/unit/network/http/api/master/v3_spec.rb +28 -7
- data/spec/unit/network/http/api_spec.rb +10 -0
- data/spec/unit/network/http/connection_spec.rb +19 -41
- data/spec/unit/network/http/handler_spec.rb +0 -1
- data/spec/unit/network/http_pool_spec.rb +0 -4
- data/spec/unit/node/environment_spec.rb +33 -21
- data/spec/unit/node_spec.rb +2 -54
- data/spec/unit/parser/compiler_spec.rb +19 -3
- data/spec/unit/parser/functions/create_resources_spec.rb +2 -20
- data/spec/unit/parser/functions/fqdn_rand_spec.rb +1 -15
- data/spec/unit/parser/resource_spec.rb +8 -14
- data/spec/unit/parser/templatewrapper_spec.rb +3 -4
- data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +4 -7
- data/spec/unit/pops/loaders/loaders_spec.rb +6 -21
- data/spec/unit/pops/parser/parse_application_spec.rb +4 -22
- data/spec/unit/pops/parser/parse_basic_expressions_spec.rb +0 -1
- data/spec/unit/pops/parser/parse_capabilities_spec.rb +8 -21
- data/spec/unit/pops/parser/parse_site_spec.rb +20 -24
- data/spec/unit/pops/resource/resource_type_impl_spec.rb +0 -71
- data/spec/unit/pops/serialization/to_from_hr_spec.rb +1 -1
- data/spec/unit/pops/types/p_sem_ver_type_spec.rb +0 -18
- data/spec/unit/pops/types/p_sensitive_type_spec.rb +0 -18
- data/spec/unit/pops/types/type_calculator_spec.rb +6 -6
- data/spec/unit/pops/types/type_factory_spec.rb +1 -1
- data/spec/unit/pops/validator/validator_spec.rb +61 -46
- data/spec/unit/pops/visitor_spec.rb +1 -1
- data/spec/unit/property_spec.rb +0 -1
- data/spec/unit/provider/group/groupadd_spec.rb +2 -5
- data/spec/unit/provider/nameservice_spec.rb +64 -122
- data/spec/unit/provider/package/apt_spec.rb +23 -28
- data/spec/unit/provider/package/aptitude_spec.rb +1 -1
- data/spec/unit/provider/package/base_spec.rb +5 -6
- data/spec/unit/provider/package/dnfmodule_spec.rb +1 -10
- data/spec/unit/provider/package/dpkg_spec.rb +0 -48
- data/spec/unit/provider/package/gem_spec.rb +32 -0
- data/spec/unit/provider/package/nim_spec.rb +0 -42
- data/spec/unit/provider/package/pacman_spec.rb +12 -18
- data/spec/unit/provider/package/pip_spec.rb +11 -6
- data/spec/unit/provider/package/pkgdmg_spec.rb +4 -0
- data/spec/unit/provider/package/puppet_gem_spec.rb +3 -2
- data/spec/unit/provider/service/init_spec.rb +0 -1
- data/spec/unit/provider/service/openwrt_spec.rb +1 -3
- data/spec/unit/provider/service/smf_spec.rb +401 -165
- data/spec/unit/provider/service/systemd_spec.rb +8 -53
- data/spec/unit/provider/service/windows_spec.rb +0 -203
- data/spec/unit/provider/user/aix_spec.rb +0 -5
- data/spec/unit/provider/user/directoryservice_spec.rb +35 -67
- data/spec/unit/provider/user/hpux_spec.rb +1 -1
- data/spec/unit/provider/user/pw_spec.rb +0 -2
- data/spec/unit/provider/user/useradd_spec.rb +3 -71
- data/spec/unit/provider_spec.rb +8 -18
- data/spec/unit/resource/catalog_spec.rb +1 -1
- data/spec/unit/resource/type_collection_spec.rb +2 -22
- data/spec/unit/resource/type_spec.rb +1 -1
- data/spec/unit/resource_spec.rb +10 -67
- data/spec/unit/settings/http_extra_headers_spec.rb +2 -4
- data/spec/unit/settings/integer_setting_spec.rb +42 -0
- data/spec/unit/settings/port_setting_spec.rb +31 -0
- data/spec/unit/settings/priority_setting_spec.rb +4 -4
- data/spec/unit/settings_spec.rb +23 -13
- data/spec/unit/ssl/base_spec.rb +37 -3
- data/spec/unit/ssl/certificate_request_spec.rb +15 -45
- data/spec/unit/ssl/certificate_spec.rb +2 -11
- data/spec/unit/ssl/ssl_provider_spec.rb +2 -5
- data/spec/unit/ssl/state_machine_spec.rb +5 -20
- data/spec/unit/ssl/verifier_spec.rb +0 -21
- data/spec/unit/transaction/additional_resource_generator_spec.rb +9 -3
- data/spec/unit/transaction/event_manager_spec.rb +11 -14
- data/spec/unit/transaction/report_spec.rb +0 -2
- data/spec/unit/transaction/resource_harness_spec.rb +2 -2
- data/spec/unit/transaction_spec.rb +55 -96
- data/spec/unit/type/file/checksum_spec.rb +6 -6
- data/spec/unit/type/file/content_spec.rb +2 -1
- data/spec/unit/type/file/ensure_spec.rb +1 -1
- data/spec/unit/type/file/mode_spec.rb +1 -1
- data/spec/unit/type/file/selinux_spec.rb +5 -3
- data/spec/unit/type/file/source_spec.rb +0 -1
- data/spec/unit/type/file_spec.rb +18 -6
- data/spec/unit/type/group_spec.rb +6 -13
- data/spec/unit/type/package_spec.rb +1 -1
- data/spec/unit/type/resources_spec.rb +7 -7
- data/spec/unit/type/service_spec.rb +189 -60
- data/spec/unit/type/tidy_spec.rb +8 -17
- data/spec/unit/type/user_spec.rb +0 -45
- data/spec/unit/type_spec.rb +22 -2
- data/spec/unit/util/at_fork_spec.rb +2 -2
- data/spec/unit/util/autoload_spec.rb +1 -5
- data/spec/unit/util/backups_spec.rb +2 -3
- data/spec/unit/util/execution_spec.rb +11 -44
- data/spec/unit/util/inifile_spec.rb +14 -6
- data/spec/unit/util/log_spec.rb +7 -8
- data/spec/unit/util/logging_spec.rb +3 -3
- data/spec/unit/util/monkey_patches_spec.rb +0 -6
- data/spec/unit/util/posix_spec.rb +15 -363
- data/spec/unit/util/run_mode_spec.rb +21 -121
- data/spec/unit/util/selinux_spec.rb +68 -163
- data/spec/unit/util/storage_spec.rb +1 -3
- data/spec/unit/util/suidmanager_spec.rb +41 -44
- data/spec/unit/util/windows/sid_spec.rb +0 -6
- data/spec/unit/util/windows/string_spec.rb +1 -3
- data/spec/unit/util/yaml_spec.rb +0 -54
- data/spec/unit/util_spec.rb +6 -31
- data/tasks/generate_cert_fixtures.rake +2 -2
- metadata +44 -181
- data/conf/auth.conf +0 -150
- data/lib/puppet/application/cert.rb +0 -76
- data/lib/puppet/application/key.rb +0 -4
- data/lib/puppet/application/man.rb +0 -4
- data/lib/puppet/application/status.rb +0 -4
- data/lib/puppet/face/key.rb +0 -16
- data/lib/puppet/face/man.rb +0 -145
- data/lib/puppet/face/module/build.rb +0 -14
- data/lib/puppet/face/module/generate.rb +0 -14
- data/lib/puppet/face/module/search.rb +0 -103
- data/lib/puppet/face/status.rb +0 -51
- data/lib/puppet/ffi/posix.rb +0 -10
- data/lib/puppet/ffi/posix/constants.rb +0 -14
- data/lib/puppet/ffi/posix/functions.rb +0 -24
- data/lib/puppet/indirector/certificate/file.rb +0 -9
- data/lib/puppet/indirector/certificate/rest.rb +0 -18
- data/lib/puppet/indirector/certificate_request/file.rb +0 -9
- data/lib/puppet/indirector/certificate_request/memory.rb +0 -7
- data/lib/puppet/indirector/certificate_request/rest.rb +0 -11
- data/lib/puppet/indirector/file_content/http.rb +0 -22
- data/lib/puppet/indirector/key/file.rb +0 -46
- data/lib/puppet/indirector/key/memory.rb +0 -7
- data/lib/puppet/indirector/ssl_file.rb +0 -162
- data/lib/puppet/indirector/status.rb +0 -3
- data/lib/puppet/indirector/status/local.rb +0 -12
- data/lib/puppet/indirector/status/rest.rb +0 -27
- data/lib/puppet/module_tool/applications/searcher.rb +0 -29
- data/lib/puppet/network/auth_config_parser.rb +0 -90
- data/lib/puppet/network/authstore.rb +0 -283
- data/lib/puppet/network/http/api/master/v3/authorization.rb +0 -18
- data/lib/puppet/network/http/api/master/v3/environment.rb +0 -88
- data/lib/puppet/network/http/base_pool.rb +0 -36
- data/lib/puppet/network/http/compression.rb +0 -127
- data/lib/puppet/network/http/connection_adapter.rb +0 -184
- data/lib/puppet/network/http/nocache_pool.rb +0 -28
- data/lib/puppet/network/rest_controller.rb +0 -2
- data/lib/puppet/network/rights.rb +0 -210
- data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +0 -66
- data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +0 -22
- data/lib/puppet/parser/environment_compiler.rb +0 -202
- data/lib/puppet/pops/types/enumeration.rb +0 -16
- data/lib/puppet/resource/capability_finder.rb +0 -154
- data/lib/puppet/rest/errors.rb +0 -15
- data/lib/puppet/rest/response.rb +0 -35
- data/lib/puppet/rest/route.rb +0 -85
- data/lib/puppet/rest/routes.rb +0 -135
- data/lib/puppet/settings/alias_setting.rb +0 -37
- data/lib/puppet/ssl/host.rb +0 -505
- data/lib/puppet/ssl/key.rb +0 -61
- data/lib/puppet/ssl/validator.rb +0 -61
- data/lib/puppet/ssl/validator/default_validator.rb +0 -209
- data/lib/puppet/ssl/validator/no_validator.rb +0 -22
- data/lib/puppet/ssl/verifier_adapter.rb +0 -58
- data/lib/puppet/status.rb +0 -40
- data/lib/puppet/util/connection.rb +0 -88
- data/lib/puppet/util/fact_dif.rb +0 -81
- data/lib/puppet/util/ssl.rb +0 -83
- data/lib/puppet/util/windows/api_types.rb +0 -309
- data/lib/puppet/util/windows/monkey_patches/dir.rb +0 -40
- data/lib/puppet/vendor/load_pathspec.rb +0 -1
- data/lib/puppet/vendor/pathspec/CHANGELOG.md +0 -2
- data/lib/puppet/vendor/pathspec/LICENSE +0 -201
- data/lib/puppet/vendor/pathspec/PUPPET_README.md +0 -6
- data/lib/puppet/vendor/pathspec/README.md +0 -53
- data/lib/puppet/vendor/pathspec/lib/pathspec.rb +0 -122
- data/lib/puppet/vendor/pathspec/lib/pathspec/gitignorespec.rb +0 -275
- data/lib/puppet/vendor/pathspec/lib/pathspec/regexspec.rb +0 -17
- data/lib/puppet/vendor/pathspec/lib/pathspec/spec.rb +0 -14
- data/man/man8/puppet-key.8 +0 -126
- data/man/man8/puppet-man.8 +0 -76
- data/man/man8/puppet-status.8 +0 -108
- data/spec/fixtures/integration/application/agent/cached_deferred_catalog.json +0 -91
- data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services_vendor_preset +0 -9
- data/spec/integration/application/resource_spec.rb +0 -30
- data/spec/integration/network/authconfig_spec.rb +0 -256
- data/spec/integration/util/windows/monkey_patches/dir_spec.rb +0 -11
- data/spec/unit/application/man_spec.rb +0 -52
- data/spec/unit/capability_spec.rb +0 -414
- data/spec/unit/face/key_spec.rb +0 -9
- data/spec/unit/face/module/search_spec.rb +0 -231
- data/spec/unit/face/status_spec.rb +0 -9
- data/spec/unit/indirector/certificate/file_spec.rb +0 -14
- data/spec/unit/indirector/certificate/rest_spec.rb +0 -61
- data/spec/unit/indirector/certificate_request/file_spec.rb +0 -14
- data/spec/unit/indirector/certificate_request/rest_spec.rb +0 -25
- data/spec/unit/indirector/key/file_spec.rb +0 -78
- data/spec/unit/indirector/ssl_file_spec.rb +0 -305
- data/spec/unit/indirector/status/local_spec.rb +0 -10
- data/spec/unit/indirector/status/rest_spec.rb +0 -50
- data/spec/unit/module_tool/applications/searcher_spec.rb +0 -38
- data/spec/unit/network/auth_config_parser_spec.rb +0 -115
- data/spec/unit/network/authstore_spec.rb +0 -422
- data/spec/unit/network/http/api/master/v3/authorization_spec.rb +0 -57
- data/spec/unit/network/http/api/master/v3/environment_spec.rb +0 -185
- data/spec/unit/network/http/compression_spec.rb +0 -240
- data/spec/unit/network/http/nocache_pool_spec.rb +0 -64
- data/spec/unit/network/http_spec.rb +0 -9
- data/spec/unit/network/rights_spec.rb +0 -439
- data/spec/unit/parser/environment_compiler_spec.rb +0 -730
- data/spec/unit/pops/evaluator/deferred_resolver_spec.rb +0 -20
- data/spec/unit/pops/types/enumeration_spec.rb +0 -51
- data/spec/unit/resource/capability_finder_spec.rb +0 -148
- data/spec/unit/rest/route_spec.rb +0 -132
- data/spec/unit/ssl/host_spec.rb +0 -645
- data/spec/unit/ssl/key_spec.rb +0 -173
- data/spec/unit/ssl/validator_spec.rb +0 -278
- data/spec/unit/status_spec.rb +0 -45
- data/spec/unit/util/ssl_spec.rb +0 -91
@@ -29,7 +29,6 @@ class Puppet::Settings::EnvironmentConf
|
|
29
29
|
section = config.sections[:main]
|
30
30
|
rescue Errno::ENOENT
|
31
31
|
# environment.conf is an optional file
|
32
|
-
Puppet.debug { "Path to #{path_to_env} does not exist, using default environment.conf" }
|
33
32
|
end
|
34
33
|
|
35
34
|
new(path_to_env, section, global_module_path)
|
@@ -0,0 +1,17 @@
|
|
1
|
+
class Puppet::Settings::IntegerSetting < Puppet::Settings::BaseSetting
|
2
|
+
def munge(value)
|
3
|
+
return value if Integer === value
|
4
|
+
|
5
|
+
begin
|
6
|
+
value = Integer(value)
|
7
|
+
rescue ArgumentError, TypeError
|
8
|
+
raise Puppet::Settings::ValidationError, _("Cannot convert '%{value}' to an integer for parameter: %{name}") % { value: value.inspect, name: @name }
|
9
|
+
end
|
10
|
+
|
11
|
+
value
|
12
|
+
end
|
13
|
+
|
14
|
+
def type
|
15
|
+
:integer
|
16
|
+
end
|
17
|
+
end
|
@@ -0,0 +1,15 @@
|
|
1
|
+
class Puppet::Settings::PortSetting < Puppet::Settings::IntegerSetting
|
2
|
+
def munge(value)
|
3
|
+
value = super
|
4
|
+
|
5
|
+
if value < 0 || value > 65535
|
6
|
+
raise Puppet::Settings::ValidationError, _("Value '%{value}' is not a valid port number for parameter: %{name}") % { value: value.inspect, name: @name }
|
7
|
+
end
|
8
|
+
|
9
|
+
value
|
10
|
+
end
|
11
|
+
|
12
|
+
def type
|
13
|
+
:port
|
14
|
+
end
|
15
|
+
end
|
@@ -6,11 +6,12 @@ class Puppet::Settings::PrioritySetting < Puppet::Settings::BaseSetting
|
|
6
6
|
PRIORITY_MAP =
|
7
7
|
if Puppet::Util::Platform.windows?
|
8
8
|
require 'puppet/util/windows/process'
|
9
|
+
require 'puppet/ffi/windows/constants'
|
9
10
|
{
|
10
|
-
:high => Puppet::
|
11
|
-
:normal => Puppet::
|
12
|
-
:low => Puppet::
|
13
|
-
:idle => Puppet::
|
11
|
+
:high => Puppet::FFI::Windows::Constants::HIGH_PRIORITY_CLASS,
|
12
|
+
:normal => Puppet::FFI::Windows::Constants::NORMAL_PRIORITY_CLASS,
|
13
|
+
:low => Puppet::FFI::Windows::Constants::BELOW_NORMAL_PRIORITY_CLASS,
|
14
|
+
:idle => Puppet::FFI::Windows::Constants::IDLE_PRIORITY_CLASS
|
14
15
|
}
|
15
16
|
else
|
16
17
|
{
|
data/lib/puppet/ssl.rb
CHANGED
@@ -2,18 +2,22 @@
|
|
2
2
|
require 'puppet'
|
3
3
|
require 'puppet/ssl/openssl_loader'
|
4
4
|
|
5
|
+
# Responsible for bootstrapping an agent's certificate and private key, generating
|
6
|
+
# SSLContexts for use in making HTTPS connections, and handling CSR attributes and
|
7
|
+
# certificate extensions.
|
8
|
+
#
|
9
|
+
# @see Puppet::SSL::SSLProvider
|
5
10
|
# @api private
|
6
|
-
module Puppet::SSL
|
11
|
+
module Puppet::SSL
|
7
12
|
CA_NAME = "ca".freeze
|
8
|
-
|
13
|
+
|
9
14
|
require 'puppet/ssl/oids'
|
10
|
-
require 'puppet/ssl/validator'
|
11
|
-
require 'puppet/ssl/validator/no_validator'
|
12
|
-
require 'puppet/ssl/validator/default_validator'
|
13
15
|
require 'puppet/ssl/error'
|
14
16
|
require 'puppet/ssl/ssl_context'
|
15
17
|
require 'puppet/ssl/verifier'
|
16
|
-
require 'puppet/ssl/verifier_adapter'
|
17
18
|
require 'puppet/ssl/ssl_provider'
|
18
19
|
require 'puppet/ssl/state_machine'
|
20
|
+
require 'puppet/ssl/certificate'
|
21
|
+
require 'puppet/ssl/certificate_request'
|
22
|
+
require 'puppet/ssl/certificate_request_attributes'
|
19
23
|
end
|
data/lib/puppet/ssl/base.rb
CHANGED
@@ -1,7 +1,6 @@
|
|
1
1
|
require 'puppet/ssl/openssl_loader'
|
2
2
|
require 'puppet/ssl'
|
3
3
|
require 'puppet/ssl/digest'
|
4
|
-
require 'puppet/util/ssl'
|
5
4
|
|
6
5
|
# The base class for wrapping SSL instances.
|
7
6
|
class Puppet::SSL::Base
|
@@ -54,7 +53,9 @@ class Puppet::SSL::Base
|
|
54
53
|
#
|
55
54
|
# @return [String] the name (CN) extracted from the subject.
|
56
55
|
def self.name_from_subject(subject)
|
57
|
-
|
56
|
+
if subject.respond_to? :to_a
|
57
|
+
(subject.to_a.assoc('CN') || [])[1]
|
58
|
+
end
|
58
59
|
end
|
59
60
|
|
60
61
|
# Create an instance of our Puppet::SSL::* class using a given instance of the wrapped class
|
@@ -82,15 +83,12 @@ class Puppet::SSL::Base
|
|
82
83
|
# Read content from disk appropriately.
|
83
84
|
def read(path)
|
84
85
|
# applies to Puppet::SSL::Certificate, Puppet::SSL::CertificateRequest
|
85
|
-
# Puppet::SSL::Key uses this, but also provides its own override
|
86
86
|
# nothing derives from Puppet::SSL::Certificate, but it is called by a number of other SSL Indirectors:
|
87
87
|
# Puppet::Indirector::CertificateStatus::File (.indirection.find)
|
88
88
|
# Puppet::Network::HTTP::WEBrick (.indirection.find)
|
89
89
|
# Puppet::Network::HTTP::RackREST (.from_instance)
|
90
90
|
# Puppet::Network::HTTP::WEBrickREST (.from_instance)
|
91
|
-
# Puppet::SSL::Host (.indirection.find)
|
92
91
|
# Puppet::SSL::Inventory (.indirection.search, implements its own add / rebuild / serials with encoding UTF8)
|
93
|
-
# Puppet::SSL::Validator::DefaultValidator (.from_instance) / Puppet::SSL::Validator::NoValidator does nothing
|
94
92
|
@content = wrapped_class.new(Puppet::FileSystem.read(path, :encoding => Encoding::ASCII))
|
95
93
|
end
|
96
94
|
|
@@ -11,12 +11,6 @@ class Puppet::SSL::Certificate < Puppet::SSL::Base
|
|
11
11
|
# This is defined from the base class
|
12
12
|
wraps OpenSSL::X509::Certificate
|
13
13
|
|
14
|
-
extend Puppet::Indirector
|
15
|
-
indirects :certificate, :terminus_class => :file, :doc => <<DOC
|
16
|
-
This indirection wraps an `OpenSSL::X509::Certificate` object, representing a certificate (signed public key).
|
17
|
-
The indirection key is the certificate CN (generally a hostname).
|
18
|
-
DOC
|
19
|
-
|
20
14
|
# Because of how the format handler class is included, this
|
21
15
|
# can't be in the base class.
|
22
16
|
def self.supported_formats
|
@@ -28,13 +28,6 @@ require 'puppet/ssl/certificate_signer'
|
|
28
28
|
class Puppet::SSL::CertificateRequest < Puppet::SSL::Base
|
29
29
|
wraps OpenSSL::X509::Request
|
30
30
|
|
31
|
-
extend Puppet::Indirector
|
32
|
-
|
33
|
-
indirects :certificate_request, :terminus_class => :file, :doc => <<DOC
|
34
|
-
This indirection wraps an `OpenSSL::X509::Request` object, representing a certificate signing request (CSR).
|
35
|
-
The indirection key is the certificate CN (generally a hostname).
|
36
|
-
DOC
|
37
|
-
|
38
31
|
# Because of how the format handler class is included, this
|
39
32
|
# can't be in the base class.
|
40
33
|
def self.supported_formats
|
@@ -47,8 +40,7 @@ DOC
|
|
47
40
|
|
48
41
|
# Create a certificate request with our system settings.
|
49
42
|
#
|
50
|
-
# @param key [OpenSSL::X509::Key
|
51
|
-
# with this CSR.
|
43
|
+
# @param key [OpenSSL::X509::Key] The private key associated with this CSR.
|
52
44
|
# @param options [Hash]
|
53
45
|
# @option options [String] :dns_alt_names A comma separated list of
|
54
46
|
# Subject Alternative Names to include in the CSR extension request.
|
@@ -64,9 +56,6 @@ DOC
|
|
64
56
|
def generate(key, options = {})
|
65
57
|
Puppet.info _("Creating a new SSL certificate request for %{name}") % { name: name }
|
66
58
|
|
67
|
-
# Support either an actual SSL key, or a Puppet key.
|
68
|
-
key = key.content if key.is_a?(Puppet::SSL::Key)
|
69
|
-
|
70
59
|
# If we're a CSR for the CA, then use the real ca_name, rather than the
|
71
60
|
# fake 'ca' name. This is mostly for backward compatibility with 0.24.x,
|
72
61
|
# but it's also just a good idea.
|
@@ -27,6 +27,12 @@ class Puppet::SSL::CertificateSigner
|
|
27
27
|
@digest
|
28
28
|
end
|
29
29
|
|
30
|
+
# Sign a certificate signing request (CSR) with a private key.
|
31
|
+
#
|
32
|
+
# @param [OpenSSL::X509::Request] content The CSR to sign
|
33
|
+
# @param [OpenSSL::X509::PKey] key The private key to sign with
|
34
|
+
#
|
35
|
+
# @api private
|
30
36
|
def sign(content, key)
|
31
37
|
content.sign(key, @digest.new)
|
32
38
|
end
|
data/lib/puppet/ssl/oids.rb
CHANGED
@@ -2,10 +2,11 @@ require 'puppet/ssl'
|
|
2
2
|
|
3
3
|
# This module defines OIDs for use within Puppet.
|
4
4
|
#
|
5
|
-
#
|
5
|
+
# # ASN.1 Definition
|
6
6
|
#
|
7
7
|
# The following is the formal definition of OIDs specified in this file.
|
8
8
|
#
|
9
|
+
# ```
|
9
10
|
# puppetCertExtensions OBJECT IDENTIFIER ::= {iso(1) identified-organization(3)
|
10
11
|
# dod(6) internet(1) private(4) enterprise(1) 34380 1}
|
11
12
|
#
|
@@ -22,6 +23,7 @@ require 'puppet/ssl'
|
|
22
23
|
# pp_instance_id OBJECT IDENTIFIER ::= { registeredExtensions 2 }
|
23
24
|
# pp_image_name OBJECT IDENTIFIER ::= { registeredExtensions 3 }
|
24
25
|
# pp_preshared_key OBJECT IDENTIFIER ::= { registeredExtensions 4 }
|
26
|
+
# ```
|
25
27
|
#
|
26
28
|
# @api private
|
27
29
|
module Puppet::SSL::Oids
|
@@ -3,6 +3,23 @@ require 'puppet/ssl'
|
|
3
3
|
# SSL Provider creates `SSLContext` objects that can be used to create
|
4
4
|
# secure connections.
|
5
5
|
#
|
6
|
+
# @example To load an SSLContext from an existing private key and related certs/crls:
|
7
|
+
# ssl_context = provider.load_context
|
8
|
+
#
|
9
|
+
# @example To load an SSLContext from an existing password-protected private key and related certs/crls:
|
10
|
+
# ssl_context = provider.load_context(password: 'opensesame')
|
11
|
+
#
|
12
|
+
# @example To create an SSLContext from in-memory certs and keys:
|
13
|
+
# cacerts = [<OpenSSL::X509::Certificate>]
|
14
|
+
# crls = [<OpenSSL::X509::CRL>]
|
15
|
+
# key = <OpenSSL::X509::PKey>
|
16
|
+
# cert = <OpenSSL::X509::Certificate>
|
17
|
+
# ssl_context = provider.create_context(cacerts: cacerts, crls: crls, private_key: key, client_cert: cert)
|
18
|
+
#
|
19
|
+
# @example To create an SSLContext to connect to non-puppet HTTPS servers:
|
20
|
+
# cacerts = [<OpenSSL::X509::Certificate>]
|
21
|
+
# ssl_context = provider.create_root_context(cacerts: cacerts)
|
22
|
+
#
|
6
23
|
# @api private
|
7
24
|
class Puppet::SSL::SSLProvider
|
8
25
|
# Create an insecure `SSLContext`. Connections made from the returned context
|
@@ -10,7 +10,7 @@ require 'puppet/util/pidlock'
|
|
10
10
|
# certs. This way we're sure about which SSLContext is being used during any
|
11
11
|
# phase of the bootstrapping process.
|
12
12
|
#
|
13
|
-
# @private
|
13
|
+
# @api private
|
14
14
|
class Puppet::SSL::StateMachine
|
15
15
|
class SSLState
|
16
16
|
attr_reader :ssl_context
|
@@ -405,6 +405,7 @@ class Puppet::SSL::StateMachine
|
|
405
405
|
#
|
406
406
|
# @return [Puppet::SSL::SSLContext] initialized SSLContext
|
407
407
|
# @raise [Puppet::Error] If we fail to generate an SSLContext
|
408
|
+
# @api private
|
408
409
|
def ensure_ca_certificates
|
409
410
|
final_state = run_machine(NeedLock.new(self), NeedKey)
|
410
411
|
final_state.ssl_context
|
@@ -414,6 +415,7 @@ class Puppet::SSL::StateMachine
|
|
414
415
|
#
|
415
416
|
# @return [Puppet::SSL::SSLContext] initialized SSLContext
|
416
417
|
# @raise [Puppet::Error] If we fail to generate an SSLContext
|
418
|
+
# @api private
|
417
419
|
def ensure_client_certificate
|
418
420
|
final_state = run_machine(NeedLock.new(self), Done)
|
419
421
|
ssl_context = final_state.ssl_context
|
data/lib/puppet/ssl/verifier.rb
CHANGED
@@ -14,6 +14,7 @@ class Puppet::SSL::Verifier
|
|
14
14
|
# @param hostname [String] FQDN of the server we're attempting to connect to
|
15
15
|
# @param ssl_context [Puppet::SSL::SSLContext] ssl_context containing CA certs,
|
16
16
|
# CRLs, etc needed to verify the server's certificate chain
|
17
|
+
# @api private
|
17
18
|
def initialize(hostname, ssl_context)
|
18
19
|
@hostname = hostname
|
19
20
|
@ssl_context = ssl_context
|
@@ -25,6 +26,7 @@ class Puppet::SSL::Verifier
|
|
25
26
|
#
|
26
27
|
# @param verifier [Puppet::SSL::Verifier] the verifier to compare against
|
27
28
|
# @return [Boolean] return true if a cached connection can be used, false otherwise
|
29
|
+
# @api private
|
28
30
|
def reusable?(verifier)
|
29
31
|
verifier.instance_of?(self.class) &&
|
30
32
|
verifier.ssl_context.object_id == @ssl_context.object_id
|
@@ -147,9 +147,6 @@ module Puppet::Test
|
|
147
147
|
Puppet::Application.clear!
|
148
148
|
Puppet::Util::Profiler.clear
|
149
149
|
|
150
|
-
Puppet::SSL::Host.reset
|
151
|
-
Puppet::Rest::Routes.clear
|
152
|
-
|
153
150
|
Puppet::Node::Facts.indirection.terminus_class = :memory
|
154
151
|
facts = Puppet::Node::Facts.new(Puppet[:node_name_value])
|
155
152
|
Puppet::Node::Facts.indirection.save(facts)
|
@@ -223,6 +220,7 @@ module Puppet::Test
|
|
223
220
|
{
|
224
221
|
:logdir => "/dev/null",
|
225
222
|
:confdir => "/dev/null",
|
223
|
+
:publicdir => "/dev/null",
|
226
224
|
:codedir => "/dev/null",
|
227
225
|
:vardir => "/dev/null",
|
228
226
|
:rundir => "/dev/null",
|
data/lib/puppet/transaction.rb
CHANGED
@@ -376,16 +376,10 @@ class Puppet::Transaction
|
|
376
376
|
Puppet.debug { "Prefetching #{provider_class.name} resources for #{type_name}" }
|
377
377
|
begin
|
378
378
|
provider_class.prefetch(resources)
|
379
|
-
rescue LoadError,
|
379
|
+
rescue LoadError, StandardError => detail
|
380
380
|
#TRANSLATORS `prefetch` is a function name and should not be translated
|
381
381
|
message = _("Could not prefetch %{type_name} provider '%{name}': %{detail}") % { type_name: type_name, name: provider_class.name, detail: detail }
|
382
382
|
Puppet.log_exception(detail, message)
|
383
|
-
rescue StandardError => detail
|
384
|
-
message = _("Could not prefetch %{type_name} provider '%{name}': %{detail}") % { type_name: type_name, name: provider_class.name, detail: detail }
|
385
|
-
Puppet.log_exception(detail, message)
|
386
|
-
|
387
|
-
raise unless Puppet.settings[:future_features]
|
388
|
-
|
389
383
|
@prefetch_failed_providers[type_name][provider_class.name] = true
|
390
384
|
end
|
391
385
|
@prefetched_providers[type_name][provider_class.name] = true
|
@@ -137,7 +137,7 @@ class Puppet::Transaction::AdditionalResourceGenerator
|
|
137
137
|
else
|
138
138
|
@catalog.add_resource_after(parent_resource, res)
|
139
139
|
end
|
140
|
-
@catalog.add_edge(@catalog.container_of(parent_resource), res)
|
140
|
+
@catalog.add_edge(@catalog.container_of(parent_resource), res)
|
141
141
|
if @relationship_graph && priority
|
142
142
|
# If we have a relationship_graph we should add the resource
|
143
143
|
# to it (this is an eval_generate). If we don't, then the
|
@@ -66,8 +66,6 @@ class Puppet::Transaction::Report
|
|
66
66
|
# Contains the name and port of the server that was successfully contacted
|
67
67
|
# @return [String] a string of the format 'servername:port'
|
68
68
|
attr_accessor :server_used
|
69
|
-
alias :master_used :server_used
|
70
|
-
alias :master_used= :server_used=
|
71
69
|
|
72
70
|
# The host name for which the report is generated
|
73
71
|
# @return [String] the host name
|
@@ -226,7 +224,7 @@ class Puppet::Transaction::Report
|
|
226
224
|
@external_times ||= {}
|
227
225
|
@host = Puppet[:node_name_value]
|
228
226
|
@time = start_time
|
229
|
-
@report_format =
|
227
|
+
@report_format = 12
|
230
228
|
@puppet_version = Puppet.version
|
231
229
|
@configuration_version = configuration_version
|
232
230
|
@transaction_uuid = transaction_uuid
|
@@ -326,7 +324,7 @@ class Puppet::Transaction::Report
|
|
326
324
|
}
|
327
325
|
|
328
326
|
# The following is include only when set
|
329
|
-
hash['
|
327
|
+
hash['server_used'] = @server_used unless @server_used.nil?
|
330
328
|
hash['catalog_uuid'] = @catalog_uuid unless @catalog_uuid.nil?
|
331
329
|
hash['code_id'] = @code_id unless @code_id.nil?
|
332
330
|
hash['job_id'] = @job_id unless @job_id.nil?
|
data/lib/puppet/type.rb
CHANGED
@@ -114,29 +114,6 @@ class Type
|
|
114
114
|
attr_reader :properties
|
115
115
|
end
|
116
116
|
|
117
|
-
# Allow declaring that a type is actually a capability
|
118
|
-
class << self
|
119
|
-
# @deprecated application orchestration will be removed in puppet 7
|
120
|
-
attr_accessor :is_capability
|
121
|
-
|
122
|
-
# @deprecated application orchestration will be removed in puppet 7
|
123
|
-
def is_capability?
|
124
|
-
c = is_capability
|
125
|
-
c.nil? ? false : c
|
126
|
-
end
|
127
|
-
end
|
128
|
-
|
129
|
-
# Returns whether this type represents an application instance; since
|
130
|
-
# only defined types, i.e., instances of Puppet::Resource::Type can
|
131
|
-
# represent application instances, this implementation always returns
|
132
|
-
# +false+. Having this method though makes code checking whether a
|
133
|
-
# resource is an application instance simpler
|
134
|
-
#
|
135
|
-
# @deprecated application orchestration will be removed in puppet 7
|
136
|
-
def self.application?
|
137
|
-
false
|
138
|
-
end
|
139
|
-
|
140
117
|
# Returns all the attribute names of the type in the appropriate order.
|
141
118
|
# The {key_attributes} come first, then the {provider}, then the {properties}, and finally
|
142
119
|
# the {parameters} and {metaparams},
|
@@ -1720,59 +1697,6 @@ class Type
|
|
1720
1697
|
}
|
1721
1698
|
end
|
1722
1699
|
|
1723
|
-
# @deprecated application orchestration will be removed in puppet 7
|
1724
|
-
newmetaparam(:export, :parent => RelationshipMetaparam, :attributes => {:direction => :out, :events => :NONE}) do
|
1725
|
-
desc <<EOS
|
1726
|
-
Export a capability resource.
|
1727
|
-
|
1728
|
-
The value of this parameter must be a reference to a capability resource,
|
1729
|
-
or an array of such references. Each capability resource referenced here
|
1730
|
-
will be instantiated in the node catalog and exported to consumers of this
|
1731
|
-
resource. The title of the capability resource will be the title given in
|
1732
|
-
the reference, and all other attributes of the resource will be filled
|
1733
|
-
according to the corresponding produces statement.
|
1734
|
-
|
1735
|
-
It is an error if this metaparameter references resources whose type is not
|
1736
|
-
a capability type, or of there is no produces clause for the type of the
|
1737
|
-
current resource and the capability resource mentioned in this parameter.
|
1738
|
-
|
1739
|
-
For example:
|
1740
|
-
|
1741
|
-
define web(..) { .. }
|
1742
|
-
Web produces Http { .. }
|
1743
|
-
web { server:
|
1744
|
-
export => Http[main_server]
|
1745
|
-
}
|
1746
|
-
EOS
|
1747
|
-
end
|
1748
|
-
|
1749
|
-
# @deprecated application orchestration will be removed in puppet 7
|
1750
|
-
newmetaparam(:consume, :parent => RelationshipMetaparam, :attributes => {:direction => :in, :events => :NONE}) do
|
1751
|
-
desc <<EOS
|
1752
|
-
Consume a capability resource.
|
1753
|
-
|
1754
|
-
The value of this parameter must be a reference to a capability resource,
|
1755
|
-
or an array of such references. Each capability resource referenced here
|
1756
|
-
must have been exported by another resource in the same environment.
|
1757
|
-
|
1758
|
-
The referenced capability resources will be looked up, added to the
|
1759
|
-
current node catalog, and processed following the underlying consumes
|
1760
|
-
clause.
|
1761
|
-
|
1762
|
-
It is an error if this metaparameter references resources whose type is not
|
1763
|
-
a capability type, or of there is no consumes clause for the type of the
|
1764
|
-
current resource and the capability resource mentioned in this parameter.
|
1765
|
-
|
1766
|
-
For example:
|
1767
|
-
|
1768
|
-
define web(..) { .. }
|
1769
|
-
Web consumes Sql { .. }
|
1770
|
-
web { server:
|
1771
|
-
consume => Sql[my_db]
|
1772
|
-
}
|
1773
|
-
EOS
|
1774
|
-
end
|
1775
|
-
|
1776
1700
|
###############################
|
1777
1701
|
# All of the provider plumbing for the resource types.
|
1778
1702
|
require 'puppet/provider'
|
data/lib/puppet/type/file.rb
CHANGED
@@ -83,13 +83,11 @@ Puppet::Type.newtype(:file) do
|
|
83
83
|
use copy the file in the same directory with that value as the extension
|
84
84
|
of the backup. (A value of `true` is a synonym for `.puppet-bak`.)
|
85
85
|
* If set to any other string, Puppet will try to back up to a filebucket
|
86
|
-
with that title.
|
87
|
-
|
88
|
-
|
86
|
+
with that title. Puppet automatically creates a **local** filebucket
|
87
|
+
named `puppet` if one doesn't already exist. See the `filebucket` resource
|
88
|
+
type for more details.
|
89
89
|
|
90
|
-
Default value: `
|
91
|
-
(Puppet automatically creates a **local** filebucket named `puppet` if one
|
92
|
-
doesn't already exist.)
|
90
|
+
Default value: `false`
|
93
91
|
|
94
92
|
Backing up to a local filebucket isn't particularly useful. If you want
|
95
93
|
to make organized use of backups, you will generally want to use the
|
@@ -125,7 +123,7 @@ Puppet::Type.newtype(:file) do
|
|
125
123
|
- Restrict the directory to a maximum size after which the oldest items are removed.
|
126
124
|
EOT
|
127
125
|
|
128
|
-
defaultto
|
126
|
+
defaultto false
|
129
127
|
|
130
128
|
munge do |value|
|
131
129
|
# I don't really know how this is happening.
|
@@ -220,23 +218,6 @@ Puppet::Type.newtype(:file) do
|
|
220
218
|
end
|
221
219
|
end
|
222
220
|
|
223
|
-
newparam(:max_files) do
|
224
|
-
desc "In case the resource is a directory and the recursion is enabled, puppet will
|
225
|
-
generate a new resource for each file file found, possible leading to
|
226
|
-
an excessive number of resources generated without any control.
|
227
|
-
|
228
|
-
Setting `max_files` will check the number of file resources that
|
229
|
-
will eventually be created and will raise a resource argument error if the
|
230
|
-
limit will be exceeded.
|
231
|
-
|
232
|
-
Use value `0` to log a warning instead of raising an error.
|
233
|
-
|
234
|
-
Use value `-1` to disable errors and warnings due to max files."
|
235
|
-
|
236
|
-
defaultto 0
|
237
|
-
newvalues(/^[0-9]+$/, /^-1$/)
|
238
|
-
end
|
239
|
-
|
240
221
|
newparam(:replace, :boolean => true, :parent => Puppet::Parameter::Boolean) do
|
241
222
|
desc "Whether to replace a file or symlink that already exists on the local system but
|
242
223
|
whose content doesn't match what the `source` or `content` attribute
|
@@ -593,7 +574,7 @@ Puppet::Type.newtype(:file) do
|
|
593
574
|
options = @original_parameters.merge(:path => full_path).reject { |param, value| value.nil? }
|
594
575
|
|
595
576
|
# These should never be passed to our children.
|
596
|
-
[:parent, :ensure, :recurse, :recurselimit, :
|
577
|
+
[:parent, :ensure, :recurse, :recurselimit, :target, :alias, :source].each do |param|
|
597
578
|
options.delete(param) if options.include?(param)
|
598
579
|
end
|
599
580
|
|
@@ -770,7 +751,6 @@ Puppet::Type.newtype(:file) do
|
|
770
751
|
:links => self[:links],
|
771
752
|
:recurse => (self[:recurse] == :remote ? true : self[:recurse]),
|
772
753
|
:recurselimit => self[:recurselimit],
|
773
|
-
:max_files => self[:max_files],
|
774
754
|
:source_permissions => self[:source_permissions],
|
775
755
|
:ignore => self[:ignore],
|
776
756
|
:checksum_type => (self[:source] || self[:content]) ? self[:checksum] : :none,
|