puppet 6.23.0 → 7.0.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CODEOWNERS +16 -2
- data/Gemfile +1 -3
- data/Gemfile.lock +34 -46
- data/README.md +1 -1
- data/conf/fileserver.conf +5 -10
- data/ext/build_defaults.yaml +1 -1
- data/ext/osx/file_mapping.yaml +0 -5
- data/ext/osx/puppet.plist +0 -2
- data/ext/project_data.yaml +1 -14
- data/ext/redhat/puppet.spec.erb +0 -1
- data/ext/windows/service/daemon.rb +6 -5
- data/install.rb +21 -17
- data/lib/puppet.rb +11 -20
- data/lib/puppet/application.rb +178 -108
- data/lib/puppet/application/agent.rb +4 -12
- data/lib/puppet/application/apply.rb +2 -4
- data/lib/puppet/application/device.rb +100 -106
- data/lib/puppet/application/filebucket.rb +13 -9
- data/lib/puppet/application/resource.rb +1 -2
- data/lib/puppet/application/script.rb +0 -2
- data/lib/puppet/application/ssl.rb +1 -12
- data/lib/puppet/application_support.rb +0 -7
- data/lib/puppet/configurer.rb +30 -45
- data/lib/puppet/configurer/downloader.rb +1 -2
- data/lib/puppet/configurer/plugin_handler.rb +21 -19
- data/lib/puppet/defaults.rb +100 -192
- data/lib/puppet/environments.rb +60 -74
- data/lib/puppet/face/facts.rb +5 -103
- data/lib/puppet/face/help.rb +1 -1
- data/lib/puppet/face/plugin.rb +5 -8
- data/lib/puppet/ffi/windows.rb +12 -0
- data/lib/puppet/ffi/windows/api_types.rb +311 -0
- data/lib/puppet/ffi/windows/constants.rb +404 -0
- data/lib/puppet/ffi/windows/functions.rb +628 -0
- data/lib/puppet/ffi/windows/structs.rb +338 -0
- data/lib/puppet/file_serving/configuration.rb +0 -5
- data/lib/puppet/file_serving/configuration/parser.rb +3 -32
- data/lib/puppet/file_serving/fileset.rb +2 -14
- data/lib/puppet/file_serving/http_metadata.rb +1 -1
- data/lib/puppet/file_serving/mount.rb +1 -2
- data/lib/puppet/file_system/memory_file.rb +1 -8
- data/lib/puppet/file_system/windows.rb +0 -2
- data/lib/puppet/forge/repository.rb +0 -1
- data/lib/puppet/functions/all.rb +1 -1
- data/lib/puppet/functions/camelcase.rb +1 -1
- data/lib/puppet/functions/capitalize.rb +2 -2
- data/lib/puppet/functions/downcase.rb +2 -2
- data/lib/puppet/functions/get.rb +5 -5
- data/lib/puppet/functions/group_by.rb +5 -13
- data/lib/puppet/functions/lest.rb +1 -1
- data/lib/puppet/functions/new.rb +100 -100
- data/lib/puppet/functions/partition.rb +4 -12
- data/lib/puppet/functions/require.rb +5 -5
- data/lib/puppet/functions/sort.rb +3 -3
- data/lib/puppet/functions/tree_each.rb +9 -7
- data/lib/puppet/functions/type.rb +4 -4
- data/lib/puppet/functions/upcase.rb +2 -2
- data/lib/puppet/generate/models/type/type.rb +4 -1
- data/lib/puppet/http.rb +22 -13
- data/lib/puppet/http/client.rb +164 -114
- data/lib/puppet/{network/resolver.rb → http/dns.rb} +2 -2
- data/lib/puppet/http/errors.rb +16 -0
- data/lib/puppet/http/external_client.rb +5 -7
- data/lib/puppet/{network/http → http}/factory.rb +8 -15
- data/lib/puppet/{network/http → http}/pool.rb +61 -26
- data/lib/puppet/{network/http/session.rb → http/pool_entry.rb} +2 -3
- data/lib/puppet/http/proxy.rb +137 -0
- data/lib/puppet/http/redirector.rb +4 -12
- data/lib/puppet/http/resolver.rb +5 -15
- data/lib/puppet/http/resolver/server_list.rb +10 -25
- data/lib/puppet/http/resolver/settings.rb +4 -7
- data/lib/puppet/http/resolver/srv.rb +7 -11
- data/lib/puppet/http/response.rb +36 -54
- data/lib/puppet/http/response_converter.rb +24 -0
- data/lib/puppet/http/response_net_http.rb +42 -0
- data/lib/puppet/http/retry_after_handler.rb +4 -13
- data/lib/puppet/http/service.rb +12 -26
- data/lib/puppet/http/service/ca.rb +11 -22
- data/lib/puppet/http/service/compiler.rb +22 -138
- data/lib/puppet/http/service/file_server.rb +19 -29
- data/lib/puppet/http/service/puppetserver.rb +26 -12
- data/lib/puppet/http/service/report.rb +8 -10
- data/lib/puppet/http/session.rb +11 -20
- data/lib/puppet/{network/http → http}/site.rb +1 -2
- data/lib/puppet/indirector/catalog/compiler.rb +0 -1
- data/lib/puppet/indirector/catalog/rest.rb +2 -4
- data/lib/puppet/indirector/facts/rest.rb +3 -22
- data/lib/puppet/indirector/file_bucket_file/rest.rb +3 -9
- data/lib/puppet/indirector/file_content/rest.rb +2 -6
- data/lib/puppet/indirector/file_metadata/rest.rb +3 -10
- data/lib/puppet/indirector/file_server.rb +1 -8
- data/lib/puppet/indirector/generic_http.rb +0 -11
- data/lib/puppet/indirector/node/rest.rb +2 -4
- data/lib/puppet/indirector/report/rest.rb +3 -8
- data/lib/puppet/indirector/request.rb +0 -101
- data/lib/puppet/indirector/rest.rb +12 -263
- data/lib/puppet/module_tool/applications.rb +0 -1
- data/lib/puppet/module_tool/applications/installer.rb +2 -48
- data/lib/puppet/module_tool/errors/shared.rb +2 -17
- data/lib/puppet/network/authconfig.rb +2 -96
- data/lib/puppet/network/authorization.rb +13 -35
- data/lib/puppet/network/formats.rb +0 -67
- data/lib/puppet/network/http.rb +3 -3
- data/lib/puppet/network/http/api/indirected_routes.rb +2 -20
- data/lib/puppet/network/http/api/master/v3.rb +11 -13
- data/lib/puppet/network/http/connection.rb +247 -316
- data/lib/puppet/network/http/handler.rb +0 -1
- data/lib/puppet/network/http_pool.rb +16 -34
- data/lib/puppet/node.rb +1 -30
- data/lib/puppet/pal/json_catalog_encoder.rb +4 -0
- data/lib/puppet/pal/pal_impl.rb +3 -1
- data/lib/puppet/parser/ast/leaf.rb +2 -3
- data/lib/puppet/parser/ast/pops_bridge.rb +0 -38
- data/lib/puppet/parser/compiler.rb +0 -198
- data/lib/puppet/parser/compiler/catalog_validator/relationship_validator.rb +14 -39
- data/lib/puppet/parser/functions/fqdn_rand.rb +6 -14
- data/lib/puppet/parser/resource.rb +0 -69
- data/lib/puppet/parser/templatewrapper.rb +1 -1
- data/lib/puppet/pops/evaluator/deferred_resolver.rb +3 -5
- data/lib/puppet/pops/evaluator/evaluator_impl.rb +0 -5
- data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +3 -3
- data/lib/puppet/pops/evaluator/runtime3_support.rb +1 -1
- data/lib/puppet/pops/issues.rb +0 -5
- data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +6 -8
- data/lib/puppet/pops/model/ast.pp +0 -42
- data/lib/puppet/pops/model/ast.rb +0 -290
- data/lib/puppet/pops/model/ast_transformer.rb +1 -1
- data/lib/puppet/pops/model/factory.rb +0 -45
- data/lib/puppet/pops/model/model_label_provider.rb +0 -5
- data/lib/puppet/pops/model/model_tree_dumper.rb +0 -22
- data/lib/puppet/pops/model/pn_transformer.rb +0 -16
- data/lib/puppet/pops/parser/egrammar.ra +0 -56
- data/lib/puppet/pops/parser/eparser.rb +1520 -1712
- data/lib/puppet/pops/parser/lexer2.rb +4 -4
- data/lib/puppet/pops/parser/parser_support.rb +0 -5
- data/lib/puppet/pops/resource/resource_type_impl.rb +2 -24
- data/lib/puppet/pops/types/p_sem_ver_type.rb +2 -8
- data/lib/puppet/pops/types/p_sensitive_type.rb +0 -10
- data/lib/puppet/pops/types/type_calculator.rb +0 -7
- data/lib/puppet/pops/types/type_parser.rb +0 -4
- data/lib/puppet/pops/types/types.rb +0 -1
- data/lib/puppet/pops/validation/checker4_0.rb +9 -37
- data/lib/puppet/pops/validation/tasks_checker.rb +0 -12
- data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -2
- data/lib/puppet/property/list.rb +1 -1
- data/lib/puppet/provider.rb +0 -13
- data/lib/puppet/provider/group/groupadd.rb +8 -13
- data/lib/puppet/provider/nameservice.rb +0 -18
- data/lib/puppet/provider/package/apt.rb +2 -34
- data/lib/puppet/provider/package/aptitude.rb +0 -6
- data/lib/puppet/provider/package/dnfmodule.rb +1 -1
- data/lib/puppet/provider/package/dpkg.rb +0 -10
- data/lib/puppet/provider/package/gem.rb +23 -3
- data/lib/puppet/provider/package/nim.rb +6 -11
- data/lib/puppet/provider/package/pip.rb +0 -1
- data/lib/puppet/provider/package/pkg.rb +0 -4
- data/lib/puppet/provider/package/portage.rb +1 -1
- data/lib/puppet/provider/package/puppet_gem.rb +1 -4
- data/lib/puppet/provider/service/debian.rb +0 -2
- data/lib/puppet/provider/service/smf.rb +191 -73
- data/lib/puppet/provider/service/systemd.rb +4 -14
- data/lib/puppet/provider/service/windows.rb +0 -38
- data/lib/puppet/provider/user/aix.rb +2 -2
- data/lib/puppet/provider/user/directoryservice.rb +10 -33
- data/lib/puppet/provider/user/useradd.rb +8 -62
- data/lib/puppet/reference/configuration.rb +8 -7
- data/lib/puppet/reference/indirection.rb +1 -1
- data/lib/puppet/resource.rb +1 -89
- data/lib/puppet/resource/catalog.rb +1 -14
- data/lib/puppet/resource/type.rb +3 -119
- data/lib/puppet/resource/type_collection.rb +3 -48
- data/lib/puppet/runtime.rb +1 -2
- data/lib/puppet/settings.rb +73 -66
- data/lib/puppet/settings/environment_conf.rb +0 -1
- data/lib/puppet/settings/integer_setting.rb +17 -0
- data/lib/puppet/settings/port_setting.rb +15 -0
- data/lib/puppet/settings/priority_setting.rb +5 -4
- data/lib/puppet/ssl.rb +10 -6
- data/lib/puppet/ssl/base.rb +3 -5
- data/lib/puppet/ssl/certificate.rb +0 -6
- data/lib/puppet/ssl/certificate_request.rb +1 -12
- data/lib/puppet/ssl/certificate_signer.rb +6 -0
- data/lib/puppet/ssl/oids.rb +3 -1
- data/lib/puppet/ssl/ssl_provider.rb +17 -0
- data/lib/puppet/ssl/state_machine.rb +3 -1
- data/lib/puppet/ssl/verifier.rb +2 -0
- data/lib/puppet/test/test_helper.rb +1 -3
- data/lib/puppet/transaction.rb +1 -7
- data/lib/puppet/transaction/additional_resource_generator.rb +1 -1
- data/lib/puppet/transaction/report.rb +2 -4
- data/lib/puppet/type.rb +0 -76
- data/lib/puppet/type/file.rb +6 -26
- data/lib/puppet/type/file/checksum.rb +1 -1
- data/lib/puppet/type/file/selcontext.rb +1 -1
- data/lib/puppet/type/file/source.rb +1 -1
- data/lib/puppet/type/filebucket.rb +3 -3
- data/lib/puppet/type/package.rb +8 -16
- data/lib/puppet/type/service.rb +38 -18
- data/lib/puppet/type/tidy.rb +2 -21
- data/lib/puppet/type/user.rb +20 -38
- data/lib/puppet/util/autoload.rb +8 -1
- data/lib/puppet/util/execution.rb +0 -11
- data/lib/puppet/util/http_proxy.rb +2 -215
- data/lib/puppet/util/monkey_patches.rb +0 -53
- data/lib/puppet/util/posix.rb +5 -54
- data/lib/puppet/util/rdoc.rb +0 -7
- data/lib/puppet/util/retry_action.rb +1 -1
- data/lib/puppet/util/run_mode.rb +9 -1
- data/lib/puppet/util/selinux.rb +4 -30
- data/lib/puppet/util/windows.rb +3 -8
- data/lib/puppet/util/windows/adsi.rb +0 -46
- data/lib/puppet/util/windows/daemon.rb +360 -0
- data/lib/puppet/util/windows/error.rb +1 -0
- data/lib/puppet/util/windows/eventlog.rb +4 -9
- data/lib/puppet/util/windows/file.rb +8 -242
- data/lib/puppet/util/windows/monkey_patches/process.rb +414 -0
- data/lib/puppet/util/windows/principal.rb +2 -9
- data/lib/puppet/util/windows/process.rb +4 -226
- data/lib/puppet/util/windows/service.rb +9 -460
- data/lib/puppet/util/windows/sid.rb +2 -4
- data/lib/puppet/util/windows/string.rb +12 -13
- data/lib/puppet/util/yaml.rb +0 -22
- data/lib/puppet/vendor/require_vendored.rb +0 -1
- data/lib/puppet/version.rb +1 -1
- data/lib/puppet/x509.rb +5 -1
- data/lib/puppet/x509/cert_provider.rb +29 -1
- data/locales/puppet.pot +651 -1436
- data/man/man5/puppet.conf.5 +266 -354
- data/man/man8/puppet-agent.8 +2 -2
- data/man/man8/puppet-apply.8 +2 -2
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +2 -2
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +4 -47
- data/man/man8/puppet-filebucket.8 +4 -4
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-module.8 +1 -58
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +2 -2
- data/man/man8/puppet-ssl.8 +1 -5
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/ssl/127.0.0.1-key.pem +57 -107
- data/spec/fixtures/ssl/127.0.0.1.pem +31 -52
- data/spec/fixtures/ssl/bad-basic-constraints.pem +35 -57
- data/spec/fixtures/ssl/bad-int-basic-constraints.pem +35 -57
- data/spec/fixtures/ssl/ca.pem +35 -57
- data/spec/fixtures/ssl/crl.pem +18 -28
- data/spec/fixtures/ssl/ec-key.pem +11 -11
- data/spec/fixtures/ssl/ec.pem +24 -33
- data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
- data/spec/fixtures/ssl/encrypted-key.pem +58 -108
- data/spec/fixtures/ssl/intermediate-agent-crl.pem +19 -28
- data/spec/fixtures/ssl/intermediate-agent.pem +36 -57
- data/spec/fixtures/ssl/intermediate-crl.pem +21 -31
- data/spec/fixtures/ssl/intermediate.pem +36 -57
- data/spec/fixtures/ssl/pluto-key.pem +57 -107
- data/spec/fixtures/ssl/pluto.pem +30 -52
- data/spec/fixtures/ssl/request-key.pem +57 -107
- data/spec/fixtures/ssl/request.pem +26 -47
- data/spec/fixtures/ssl/revoked-key.pem +57 -107
- data/spec/fixtures/ssl/revoked.pem +30 -52
- data/spec/fixtures/ssl/signed-key.pem +57 -107
- data/spec/fixtures/ssl/signed.pem +30 -52
- data/spec/fixtures/ssl/tampered-cert.pem +30 -52
- data/spec/fixtures/ssl/tampered-csr.pem +26 -47
- data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +57 -107
- data/spec/fixtures/ssl/unknown-127.0.0.1.pem +29 -50
- data/spec/fixtures/ssl/unknown-ca-key.pem +57 -107
- data/spec/fixtures/ssl/unknown-ca.pem +33 -55
- data/spec/fixtures/unit/provider/service/smf/{svcs.out → svcs_instances.out} +0 -0
- data/spec/fixtures/unit/provider/user/aix/aix_passwd_file.out +0 -4
- data/spec/integration/application/agent_spec.rb +27 -171
- data/spec/integration/application/apply_spec.rb +1 -20
- data/spec/integration/application/filebucket_spec.rb +16 -16
- data/spec/integration/application/help_spec.rb +2 -0
- data/spec/integration/application/plugin_spec.rb +24 -2
- data/spec/integration/defaults_spec.rb +14 -3
- data/spec/integration/http/client_spec.rb +0 -12
- data/spec/integration/indirector/direct_file_server_spec.rb +3 -1
- data/spec/integration/network/http_pool_spec.rb +3 -21
- data/spec/integration/parser/catalog_spec.rb +0 -38
- data/spec/integration/parser/node_spec.rb +0 -9
- data/spec/integration/parser/pcore_resource_spec.rb +0 -37
- data/spec/integration/resource/type_collection_spec.rb +6 -2
- data/spec/integration/transaction_spec.rb +9 -4
- data/spec/integration/type/file_spec.rb +5 -4
- data/spec/integration/util/windows/adsi_spec.rb +1 -21
- data/spec/integration/util/windows/monkey_patches/process_spec.rb +231 -0
- data/spec/integration/util/windows/principal_spec.rb +0 -21
- data/spec/integration/util/windows/registry_spec.rb +10 -6
- data/spec/integration/util/windows/security_spec.rb +1 -1
- data/spec/lib/matchers/include.rb +27 -0
- data/spec/lib/matchers/include_spec.rb +32 -0
- data/spec/lib/puppet/test_ca.rb +2 -2
- data/spec/lib/puppet_spec/puppetserver.rb +1 -1
- data/spec/lib/puppet_spec/settings.rb +1 -0
- data/spec/spec_helper.rb +7 -12
- data/spec/unit/agent_spec.rb +6 -10
- data/spec/unit/application/agent_spec.rb +3 -7
- data/spec/unit/application/facts_spec.rb +12 -456
- data/spec/unit/application/filebucket_spec.rb +43 -39
- data/spec/unit/application/ssl_spec.rb +2 -25
- data/spec/unit/application_spec.rb +9 -51
- data/spec/unit/certificate_factory_spec.rb +1 -1
- data/spec/unit/configurer/downloader_spec.rb +6 -8
- data/spec/unit/configurer/plugin_handler_spec.rb +56 -18
- data/spec/unit/configurer_spec.rb +12 -32
- data/spec/unit/confine/feature_spec.rb +1 -1
- data/spec/unit/confine_spec.rb +2 -8
- data/spec/unit/context/trusted_information_spec.rb +2 -6
- data/spec/unit/defaults_spec.rb +68 -54
- data/spec/unit/environments_spec.rb +68 -224
- data/spec/unit/face/node_spec.rb +11 -0
- data/spec/unit/face/plugin_spec.rb +73 -33
- data/spec/unit/file_bucket/file_spec.rb +1 -1
- data/spec/unit/file_serving/configuration/parser_spec.rb +15 -18
- data/spec/unit/file_serving/configuration_spec.rb +6 -12
- data/spec/unit/file_serving/fileset_spec.rb +0 -60
- data/spec/unit/file_serving/metadata_spec.rb +3 -3
- data/spec/unit/file_serving/terminus_helper_spec.rb +4 -11
- data/spec/unit/file_system_spec.rb +0 -9
- data/spec/unit/forge/module_release_spec.rb +7 -2
- data/spec/unit/functions/camelcase_spec.rb +1 -1
- data/spec/unit/functions/capitalize_spec.rb +1 -1
- data/spec/unit/functions/downcase_spec.rb +1 -1
- data/spec/unit/functions/upcase_spec.rb +1 -1
- data/spec/unit/gettext/config_spec.rb +0 -12
- data/spec/unit/http/client_spec.rb +7 -8
- data/spec/unit/{network/resolver_spec.rb → http/dns_spec.rb} +3 -3
- data/spec/unit/http/external_client_spec.rb +4 -4
- data/spec/unit/{network/http → http}/factory_spec.rb +5 -30
- data/spec/unit/{network/http/session_spec.rb → http/pool_entry_spec.rb} +3 -3
- data/spec/unit/{network/http → http}/pool_spec.rb +12 -17
- data/spec/unit/{util/http_proxy_spec.rb → http/proxy_spec.rb} +2 -69
- data/spec/unit/http/resolver_spec.rb +13 -13
- data/spec/unit/http/service/compiler_spec.rb +0 -185
- data/spec/unit/http/service/file_server_spec.rb +3 -3
- data/spec/unit/http/service/puppetserver_spec.rb +34 -4
- data/spec/unit/http/service_spec.rb +0 -1
- data/spec/unit/http/session_spec.rb +16 -14
- data/spec/unit/{network/http → http}/site_spec.rb +3 -3
- data/spec/unit/indirector/catalog/compiler_spec.rb +10 -14
- data/spec/unit/indirector/face_spec.rb +1 -0
- data/spec/unit/indirector/facts/facter_spec.rb +3 -0
- data/spec/unit/indirector/file_bucket_file/file_spec.rb +5 -3
- data/spec/unit/indirector/file_bucket_file/selector_spec.rb +8 -26
- data/spec/unit/indirector/file_content/rest_spec.rb +0 -4
- data/spec/unit/indirector/file_metadata/rest_spec.rb +0 -4
- data/spec/unit/indirector/file_server_spec.rb +1 -15
- data/spec/unit/indirector/indirection_spec.rb +12 -8
- data/spec/unit/indirector/report/rest_spec.rb +2 -17
- data/spec/unit/indirector/request_spec.rb +0 -264
- data/spec/unit/indirector/rest_spec.rb +98 -752
- data/spec/unit/indirector_spec.rb +2 -2
- data/spec/unit/module_tool/applications/installer_spec.rb +0 -66
- data/spec/unit/network/authconfig_spec.rb +2 -129
- data/spec/unit/network/authorization_spec.rb +2 -55
- data/spec/unit/network/formats_spec.rb +4 -45
- data/spec/unit/network/http/api/indirected_routes_spec.rb +5 -92
- data/spec/unit/network/http/api/master/v3_spec.rb +28 -7
- data/spec/unit/network/http/api_spec.rb +10 -0
- data/spec/unit/network/http/connection_spec.rb +19 -41
- data/spec/unit/network/http/handler_spec.rb +0 -1
- data/spec/unit/network/http_pool_spec.rb +0 -4
- data/spec/unit/node/environment_spec.rb +33 -21
- data/spec/unit/node_spec.rb +2 -54
- data/spec/unit/parser/compiler_spec.rb +19 -3
- data/spec/unit/parser/functions/create_resources_spec.rb +2 -20
- data/spec/unit/parser/functions/fqdn_rand_spec.rb +1 -15
- data/spec/unit/parser/resource_spec.rb +8 -14
- data/spec/unit/parser/templatewrapper_spec.rb +3 -4
- data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +4 -7
- data/spec/unit/pops/loaders/loaders_spec.rb +6 -21
- data/spec/unit/pops/parser/parse_application_spec.rb +4 -22
- data/spec/unit/pops/parser/parse_basic_expressions_spec.rb +0 -1
- data/spec/unit/pops/parser/parse_capabilities_spec.rb +8 -21
- data/spec/unit/pops/parser/parse_site_spec.rb +20 -24
- data/spec/unit/pops/resource/resource_type_impl_spec.rb +0 -71
- data/spec/unit/pops/serialization/to_from_hr_spec.rb +1 -1
- data/spec/unit/pops/types/p_sem_ver_type_spec.rb +0 -18
- data/spec/unit/pops/types/p_sensitive_type_spec.rb +0 -18
- data/spec/unit/pops/types/type_calculator_spec.rb +6 -6
- data/spec/unit/pops/types/type_factory_spec.rb +1 -1
- data/spec/unit/pops/validator/validator_spec.rb +61 -46
- data/spec/unit/pops/visitor_spec.rb +1 -1
- data/spec/unit/property_spec.rb +0 -1
- data/spec/unit/provider/group/groupadd_spec.rb +2 -5
- data/spec/unit/provider/nameservice_spec.rb +64 -122
- data/spec/unit/provider/package/apt_spec.rb +23 -28
- data/spec/unit/provider/package/aptitude_spec.rb +1 -1
- data/spec/unit/provider/package/base_spec.rb +5 -6
- data/spec/unit/provider/package/dnfmodule_spec.rb +1 -10
- data/spec/unit/provider/package/dpkg_spec.rb +0 -48
- data/spec/unit/provider/package/gem_spec.rb +32 -0
- data/spec/unit/provider/package/nim_spec.rb +0 -42
- data/spec/unit/provider/package/pacman_spec.rb +12 -18
- data/spec/unit/provider/package/pip_spec.rb +11 -6
- data/spec/unit/provider/package/pkgdmg_spec.rb +4 -0
- data/spec/unit/provider/package/puppet_gem_spec.rb +3 -2
- data/spec/unit/provider/service/init_spec.rb +0 -1
- data/spec/unit/provider/service/openwrt_spec.rb +1 -3
- data/spec/unit/provider/service/smf_spec.rb +401 -165
- data/spec/unit/provider/service/systemd_spec.rb +8 -53
- data/spec/unit/provider/service/windows_spec.rb +0 -203
- data/spec/unit/provider/user/aix_spec.rb +0 -5
- data/spec/unit/provider/user/directoryservice_spec.rb +35 -67
- data/spec/unit/provider/user/hpux_spec.rb +1 -1
- data/spec/unit/provider/user/pw_spec.rb +0 -2
- data/spec/unit/provider/user/useradd_spec.rb +3 -71
- data/spec/unit/provider_spec.rb +8 -18
- data/spec/unit/resource/catalog_spec.rb +1 -1
- data/spec/unit/resource/type_collection_spec.rb +2 -22
- data/spec/unit/resource/type_spec.rb +1 -1
- data/spec/unit/resource_spec.rb +10 -67
- data/spec/unit/settings/http_extra_headers_spec.rb +2 -4
- data/spec/unit/settings/integer_setting_spec.rb +42 -0
- data/spec/unit/settings/port_setting_spec.rb +31 -0
- data/spec/unit/settings/priority_setting_spec.rb +4 -4
- data/spec/unit/settings_spec.rb +23 -13
- data/spec/unit/ssl/base_spec.rb +37 -3
- data/spec/unit/ssl/certificate_request_spec.rb +15 -45
- data/spec/unit/ssl/certificate_spec.rb +2 -11
- data/spec/unit/ssl/ssl_provider_spec.rb +2 -5
- data/spec/unit/ssl/state_machine_spec.rb +5 -20
- data/spec/unit/ssl/verifier_spec.rb +0 -21
- data/spec/unit/transaction/additional_resource_generator_spec.rb +9 -3
- data/spec/unit/transaction/event_manager_spec.rb +11 -14
- data/spec/unit/transaction/report_spec.rb +0 -2
- data/spec/unit/transaction/resource_harness_spec.rb +2 -2
- data/spec/unit/transaction_spec.rb +55 -96
- data/spec/unit/type/file/checksum_spec.rb +6 -6
- data/spec/unit/type/file/content_spec.rb +2 -1
- data/spec/unit/type/file/ensure_spec.rb +1 -1
- data/spec/unit/type/file/mode_spec.rb +1 -1
- data/spec/unit/type/file/selinux_spec.rb +5 -3
- data/spec/unit/type/file/source_spec.rb +0 -1
- data/spec/unit/type/file_spec.rb +18 -6
- data/spec/unit/type/group_spec.rb +6 -13
- data/spec/unit/type/package_spec.rb +1 -1
- data/spec/unit/type/resources_spec.rb +7 -7
- data/spec/unit/type/service_spec.rb +189 -60
- data/spec/unit/type/tidy_spec.rb +8 -17
- data/spec/unit/type/user_spec.rb +0 -45
- data/spec/unit/type_spec.rb +22 -2
- data/spec/unit/util/at_fork_spec.rb +2 -2
- data/spec/unit/util/autoload_spec.rb +1 -5
- data/spec/unit/util/backups_spec.rb +2 -3
- data/spec/unit/util/execution_spec.rb +11 -44
- data/spec/unit/util/inifile_spec.rb +14 -6
- data/spec/unit/util/log_spec.rb +7 -8
- data/spec/unit/util/logging_spec.rb +3 -3
- data/spec/unit/util/monkey_patches_spec.rb +0 -6
- data/spec/unit/util/posix_spec.rb +15 -363
- data/spec/unit/util/run_mode_spec.rb +21 -121
- data/spec/unit/util/selinux_spec.rb +68 -163
- data/spec/unit/util/storage_spec.rb +1 -3
- data/spec/unit/util/suidmanager_spec.rb +41 -44
- data/spec/unit/util/windows/sid_spec.rb +0 -6
- data/spec/unit/util/windows/string_spec.rb +1 -3
- data/spec/unit/util/yaml_spec.rb +0 -54
- data/spec/unit/util_spec.rb +6 -31
- data/tasks/generate_cert_fixtures.rake +2 -2
- metadata +44 -181
- data/conf/auth.conf +0 -150
- data/lib/puppet/application/cert.rb +0 -76
- data/lib/puppet/application/key.rb +0 -4
- data/lib/puppet/application/man.rb +0 -4
- data/lib/puppet/application/status.rb +0 -4
- data/lib/puppet/face/key.rb +0 -16
- data/lib/puppet/face/man.rb +0 -145
- data/lib/puppet/face/module/build.rb +0 -14
- data/lib/puppet/face/module/generate.rb +0 -14
- data/lib/puppet/face/module/search.rb +0 -103
- data/lib/puppet/face/status.rb +0 -51
- data/lib/puppet/ffi/posix.rb +0 -10
- data/lib/puppet/ffi/posix/constants.rb +0 -14
- data/lib/puppet/ffi/posix/functions.rb +0 -24
- data/lib/puppet/indirector/certificate/file.rb +0 -9
- data/lib/puppet/indirector/certificate/rest.rb +0 -18
- data/lib/puppet/indirector/certificate_request/file.rb +0 -9
- data/lib/puppet/indirector/certificate_request/memory.rb +0 -7
- data/lib/puppet/indirector/certificate_request/rest.rb +0 -11
- data/lib/puppet/indirector/file_content/http.rb +0 -22
- data/lib/puppet/indirector/key/file.rb +0 -46
- data/lib/puppet/indirector/key/memory.rb +0 -7
- data/lib/puppet/indirector/ssl_file.rb +0 -162
- data/lib/puppet/indirector/status.rb +0 -3
- data/lib/puppet/indirector/status/local.rb +0 -12
- data/lib/puppet/indirector/status/rest.rb +0 -27
- data/lib/puppet/module_tool/applications/searcher.rb +0 -29
- data/lib/puppet/network/auth_config_parser.rb +0 -90
- data/lib/puppet/network/authstore.rb +0 -283
- data/lib/puppet/network/http/api/master/v3/authorization.rb +0 -18
- data/lib/puppet/network/http/api/master/v3/environment.rb +0 -88
- data/lib/puppet/network/http/base_pool.rb +0 -36
- data/lib/puppet/network/http/compression.rb +0 -127
- data/lib/puppet/network/http/connection_adapter.rb +0 -184
- data/lib/puppet/network/http/nocache_pool.rb +0 -28
- data/lib/puppet/network/rest_controller.rb +0 -2
- data/lib/puppet/network/rights.rb +0 -210
- data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +0 -66
- data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +0 -22
- data/lib/puppet/parser/environment_compiler.rb +0 -202
- data/lib/puppet/pops/types/enumeration.rb +0 -16
- data/lib/puppet/resource/capability_finder.rb +0 -154
- data/lib/puppet/rest/errors.rb +0 -15
- data/lib/puppet/rest/response.rb +0 -35
- data/lib/puppet/rest/route.rb +0 -85
- data/lib/puppet/rest/routes.rb +0 -135
- data/lib/puppet/settings/alias_setting.rb +0 -37
- data/lib/puppet/ssl/host.rb +0 -505
- data/lib/puppet/ssl/key.rb +0 -61
- data/lib/puppet/ssl/validator.rb +0 -61
- data/lib/puppet/ssl/validator/default_validator.rb +0 -209
- data/lib/puppet/ssl/validator/no_validator.rb +0 -22
- data/lib/puppet/ssl/verifier_adapter.rb +0 -58
- data/lib/puppet/status.rb +0 -40
- data/lib/puppet/util/connection.rb +0 -88
- data/lib/puppet/util/fact_dif.rb +0 -81
- data/lib/puppet/util/ssl.rb +0 -83
- data/lib/puppet/util/windows/api_types.rb +0 -309
- data/lib/puppet/util/windows/monkey_patches/dir.rb +0 -40
- data/lib/puppet/vendor/load_pathspec.rb +0 -1
- data/lib/puppet/vendor/pathspec/CHANGELOG.md +0 -2
- data/lib/puppet/vendor/pathspec/LICENSE +0 -201
- data/lib/puppet/vendor/pathspec/PUPPET_README.md +0 -6
- data/lib/puppet/vendor/pathspec/README.md +0 -53
- data/lib/puppet/vendor/pathspec/lib/pathspec.rb +0 -122
- data/lib/puppet/vendor/pathspec/lib/pathspec/gitignorespec.rb +0 -275
- data/lib/puppet/vendor/pathspec/lib/pathspec/regexspec.rb +0 -17
- data/lib/puppet/vendor/pathspec/lib/pathspec/spec.rb +0 -14
- data/man/man8/puppet-key.8 +0 -126
- data/man/man8/puppet-man.8 +0 -76
- data/man/man8/puppet-status.8 +0 -108
- data/spec/fixtures/integration/application/agent/cached_deferred_catalog.json +0 -91
- data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services_vendor_preset +0 -9
- data/spec/integration/application/resource_spec.rb +0 -30
- data/spec/integration/network/authconfig_spec.rb +0 -256
- data/spec/integration/util/windows/monkey_patches/dir_spec.rb +0 -11
- data/spec/unit/application/man_spec.rb +0 -52
- data/spec/unit/capability_spec.rb +0 -414
- data/spec/unit/face/key_spec.rb +0 -9
- data/spec/unit/face/module/search_spec.rb +0 -231
- data/spec/unit/face/status_spec.rb +0 -9
- data/spec/unit/indirector/certificate/file_spec.rb +0 -14
- data/spec/unit/indirector/certificate/rest_spec.rb +0 -61
- data/spec/unit/indirector/certificate_request/file_spec.rb +0 -14
- data/spec/unit/indirector/certificate_request/rest_spec.rb +0 -25
- data/spec/unit/indirector/key/file_spec.rb +0 -78
- data/spec/unit/indirector/ssl_file_spec.rb +0 -305
- data/spec/unit/indirector/status/local_spec.rb +0 -10
- data/spec/unit/indirector/status/rest_spec.rb +0 -50
- data/spec/unit/module_tool/applications/searcher_spec.rb +0 -38
- data/spec/unit/network/auth_config_parser_spec.rb +0 -115
- data/spec/unit/network/authstore_spec.rb +0 -422
- data/spec/unit/network/http/api/master/v3/authorization_spec.rb +0 -57
- data/spec/unit/network/http/api/master/v3/environment_spec.rb +0 -185
- data/spec/unit/network/http/compression_spec.rb +0 -240
- data/spec/unit/network/http/nocache_pool_spec.rb +0 -64
- data/spec/unit/network/http_spec.rb +0 -9
- data/spec/unit/network/rights_spec.rb +0 -439
- data/spec/unit/parser/environment_compiler_spec.rb +0 -730
- data/spec/unit/pops/evaluator/deferred_resolver_spec.rb +0 -20
- data/spec/unit/pops/types/enumeration_spec.rb +0 -51
- data/spec/unit/resource/capability_finder_spec.rb +0 -148
- data/spec/unit/rest/route_spec.rb +0 -132
- data/spec/unit/ssl/host_spec.rb +0 -645
- data/spec/unit/ssl/key_spec.rb +0 -173
- data/spec/unit/ssl/validator_spec.rb +0 -278
- data/spec/unit/status_spec.rb +0 -45
- data/spec/unit/util/ssl_spec.rb +0 -91
@@ -52,10 +52,10 @@ describe Puppet::Settings::PrioritySetting do
|
|
52
52
|
describe "on a Windows-like platform it", :if => Puppet::Util::Platform.windows? do
|
53
53
|
it "parses high, normal, low, and idle priorities" do
|
54
54
|
{
|
55
|
-
'high' => Puppet::
|
56
|
-
'normal' => Puppet::
|
57
|
-
'low' => Puppet::
|
58
|
-
'idle' => Puppet::
|
55
|
+
'high' => Puppet::FFI::Windows::Constants::HIGH_PRIORITY_CLASS,
|
56
|
+
'normal' => Puppet::FFI::Windows::Constants::NORMAL_PRIORITY_CLASS,
|
57
|
+
'low' => Puppet::FFI::Windows::Constants::BELOW_NORMAL_PRIORITY_CLASS,
|
58
|
+
'idle' => Puppet::FFI::Windows::Constants::IDLE_PRIORITY_CLASS
|
59
59
|
}.each do |value, converted_value|
|
60
60
|
expect(setting.munge(value)).to eq(converted_value)
|
61
61
|
end
|
data/spec/unit/settings_spec.rb
CHANGED
@@ -1088,7 +1088,7 @@ describe Puppet::Settings do
|
|
1088
1088
|
before(:each) do
|
1089
1089
|
@settings.define_settings :main, PuppetSpec::Settings::TEST_APP_DEFAULT_DEFINITIONS
|
1090
1090
|
@settings.define_settings :server, :masterport => { :desc => "a", :default => 1000 }
|
1091
|
-
@settings.define_settings :server, :serverport => { :
|
1091
|
+
@settings.define_settings :server, :serverport => { :desc => "a", :default => 1000 }
|
1092
1092
|
@settings.define_settings :server, :ca_port => { :desc => "a", :default => "$serverport" }
|
1093
1093
|
@settings.define_settings :server, :report_port => { :desc => "a", :default => "$serverport" }
|
1094
1094
|
|
@@ -1110,10 +1110,9 @@ describe Puppet::Settings do
|
|
1110
1110
|
"
|
1111
1111
|
end
|
1112
1112
|
|
1113
|
-
it { expect(@settings[:serverport]).to eq(
|
1114
|
-
it { expect(@settings[:ca_port]).to eq("
|
1115
|
-
it { expect(@settings[:report_port]).to eq("
|
1116
|
-
it { expect(@settings[:masterport]).to eq(445) }
|
1113
|
+
it { expect(@settings[:serverport]).to eq(445) }
|
1114
|
+
it { expect(@settings[:ca_port]).to eq("445") }
|
1115
|
+
it { expect(@settings[:report_port]).to eq("445") }
|
1117
1116
|
end
|
1118
1117
|
|
1119
1118
|
context 'with serverport and masterport in main' do
|
@@ -1127,7 +1126,6 @@ describe Puppet::Settings do
|
|
1127
1126
|
it { expect(@settings[:serverport]).to eq(445) }
|
1128
1127
|
it { expect(@settings[:ca_port]).to eq("445") }
|
1129
1128
|
it { expect(@settings[:report_port]).to eq("445") }
|
1130
|
-
it { expect(@settings[:masterport]).to eq(444) }
|
1131
1129
|
end
|
1132
1130
|
|
1133
1131
|
context 'with serverport and masterport in agent' do
|
@@ -1141,7 +1139,6 @@ describe Puppet::Settings do
|
|
1141
1139
|
it { expect(@settings[:serverport]).to eq(445) }
|
1142
1140
|
it { expect(@settings[:ca_port]).to eq("445") }
|
1143
1141
|
it { expect(@settings[:report_port]).to eq("445") }
|
1144
|
-
it { expect(@settings[:masterport]).to eq(444) }
|
1145
1142
|
end
|
1146
1143
|
|
1147
1144
|
context 'with both serverport and masterport in main and agent' do
|
@@ -1158,7 +1155,6 @@ describe Puppet::Settings do
|
|
1158
1155
|
it { expect(@settings[:serverport]).to eq(445) }
|
1159
1156
|
it { expect(@settings[:ca_port]).to eq("445") }
|
1160
1157
|
it { expect(@settings[:report_port]).to eq("445") }
|
1161
|
-
it { expect(@settings[:masterport]).to eq(444) }
|
1162
1158
|
end
|
1163
1159
|
|
1164
1160
|
context 'with serverport in agent and masterport in main' do
|
@@ -1173,7 +1169,6 @@ describe Puppet::Settings do
|
|
1173
1169
|
it { expect(@settings[:serverport]).to eq(444) }
|
1174
1170
|
it { expect(@settings[:ca_port]).to eq("444") }
|
1175
1171
|
it { expect(@settings[:report_port]).to eq("444") }
|
1176
|
-
it { expect(@settings[:masterport]).to eq(445) }
|
1177
1172
|
end
|
1178
1173
|
|
1179
1174
|
context 'with masterport in main' do
|
@@ -1186,7 +1181,6 @@ describe Puppet::Settings do
|
|
1186
1181
|
it { expect(@settings[:serverport]).to eq(445) }
|
1187
1182
|
it { expect(@settings[:ca_port]).to eq("445") }
|
1188
1183
|
it { expect(@settings[:report_port]).to eq("445") }
|
1189
|
-
it { expect(@settings[:masterport]).to eq(445) }
|
1190
1184
|
end
|
1191
1185
|
|
1192
1186
|
context 'with masterport in agent' do
|
@@ -1199,7 +1193,6 @@ describe Puppet::Settings do
|
|
1199
1193
|
it { expect(@settings[:serverport]).to eq(445) }
|
1200
1194
|
it { expect(@settings[:ca_port]).to eq("445") }
|
1201
1195
|
it { expect(@settings[:report_port]).to eq("445") }
|
1202
|
-
it { expect(@settings[:masterport]).to eq(445) }
|
1203
1196
|
end
|
1204
1197
|
|
1205
1198
|
context 'with serverport in agent' do
|
@@ -1210,7 +1203,7 @@ describe Puppet::Settings do
|
|
1210
1203
|
end
|
1211
1204
|
|
1212
1205
|
it { expect(@settings[:serverport]).to eq(445) }
|
1213
|
-
it { expect(@settings[:masterport]).to eq(
|
1206
|
+
it { expect(@settings[:masterport]).to eq(445) }
|
1214
1207
|
it { expect(@settings[:ca_port]).to eq("445") }
|
1215
1208
|
it { expect(@settings[:report_port]).to eq("445") }
|
1216
1209
|
end
|
@@ -1223,7 +1216,7 @@ describe Puppet::Settings do
|
|
1223
1216
|
end
|
1224
1217
|
|
1225
1218
|
it { expect(@settings[:serverport]).to eq(445) }
|
1226
|
-
it { expect(@settings[:masterport]).to eq(
|
1219
|
+
it { expect(@settings[:masterport]).to eq(445) }
|
1227
1220
|
it { expect(@settings[:ca_port]).to eq("445") }
|
1228
1221
|
it { expect(@settings[:report_port]).to eq("445") }
|
1229
1222
|
end
|
@@ -1991,6 +1984,23 @@ describe Puppet::Settings do
|
|
1991
1984
|
end
|
1992
1985
|
end
|
1993
1986
|
|
1987
|
+
describe 'when settings_catalog is disabled' do
|
1988
|
+
let(:settings) { Puppet::Settings.new }
|
1989
|
+
before do
|
1990
|
+
allow(Puppet).to receive(:[]).with(:settings_catalog).and_return(false)
|
1991
|
+
end
|
1992
|
+
|
1993
|
+
it 'does not compile and apply settings catalog' do
|
1994
|
+
expect(settings).not_to receive(:to_catalog)
|
1995
|
+
settings.use(:main)
|
1996
|
+
end
|
1997
|
+
|
1998
|
+
it 'logs a message that settings catalog is skipped' do
|
1999
|
+
expect(Puppet).to receive(:debug).with('Skipping settings catalog for sections main')
|
2000
|
+
settings.use(:main)
|
2001
|
+
end
|
2002
|
+
end
|
2003
|
+
|
1994
2004
|
describe "when dealing with printing configs" do
|
1995
2005
|
before do
|
1996
2006
|
@settings = Puppet::Settings.new
|
data/spec/unit/ssl/base_spec.rb
CHANGED
@@ -38,15 +38,15 @@ describe Puppet::SSL::Certificate do
|
|
38
38
|
|
39
39
|
describe "when determining a name from a certificate subject" do
|
40
40
|
it "should extract only the CN and not any other components" do
|
41
|
-
|
42
|
-
expect(
|
43
|
-
expect(@class.name_from_subject(subject)).to eq('host.domain.com')
|
41
|
+
name = OpenSSL::X509::Name.parse('/CN=host.domain.com/L=Portland/ST=Oregon')
|
42
|
+
expect(@class.name_from_subject(name)).to eq('host.domain.com')
|
44
43
|
end
|
45
44
|
end
|
46
45
|
|
47
46
|
describe "when initializing wrapped class from a file with #read" do
|
48
47
|
it "should open the file with ASCII encoding" do
|
49
48
|
path = '/foo/bar/cert'
|
49
|
+
allow(Puppet::SSL::Base).to receive(:valid_certname).and_return(true)
|
50
50
|
expect(Puppet::FileSystem).to receive(:read).with(path, :encoding => Encoding::ASCII).and_return("bar")
|
51
51
|
@base.read(path)
|
52
52
|
end
|
@@ -89,4 +89,38 @@ describe Puppet::SSL::Certificate do
|
|
89
89
|
}.to raise_error(Puppet::Error, "Unknown signature algorithm 'nonsense'")
|
90
90
|
end
|
91
91
|
end
|
92
|
+
|
93
|
+
describe "when getting a CN from a subject" do
|
94
|
+
def parse(dn)
|
95
|
+
OpenSSL::X509::Name.parse(dn)
|
96
|
+
end
|
97
|
+
|
98
|
+
def cn_from(subject)
|
99
|
+
@class.name_from_subject(subject)
|
100
|
+
end
|
101
|
+
|
102
|
+
it "should correctly parse a subject containing only a CN" do
|
103
|
+
subj = parse('/CN=foo')
|
104
|
+
expect(cn_from(subj)).to eq('foo')
|
105
|
+
end
|
106
|
+
|
107
|
+
it "should correctly parse a subject containing other components" do
|
108
|
+
subj = parse('/CN=Root CA/OU=Server Operations/O=Example Org')
|
109
|
+
expect(cn_from(subj)).to eq('Root CA')
|
110
|
+
end
|
111
|
+
|
112
|
+
it "should correctly parse a subject containing other components with CN not first" do
|
113
|
+
subj = parse('/emailAddress=foo@bar.com/CN=foo.bar.com/O=Example Org')
|
114
|
+
expect(cn_from(subj)).to eq('foo.bar.com')
|
115
|
+
end
|
116
|
+
|
117
|
+
it "should return nil for a subject with no CN" do
|
118
|
+
subj = parse('/OU=Server Operations/O=Example Org')
|
119
|
+
expect(cn_from(subj)).to eq(nil)
|
120
|
+
end
|
121
|
+
|
122
|
+
it "should return nil for a bare string" do
|
123
|
+
expect(cn_from("/CN=foo")).to eq(nil)
|
124
|
+
end
|
125
|
+
end
|
92
126
|
end
|
@@ -1,23 +1,10 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
3
|
require 'puppet/ssl/certificate_request'
|
4
|
-
require 'puppet/ssl/key'
|
5
4
|
|
6
5
|
describe Puppet::SSL::CertificateRequest do
|
7
6
|
let(:request) { described_class.new("myname") }
|
8
|
-
let(:key) {
|
9
|
-
k = Puppet::SSL::Key.new("myname")
|
10
|
-
k.generate
|
11
|
-
k
|
12
|
-
}
|
13
|
-
|
14
|
-
it "should be extended with the Indirector module" do
|
15
|
-
expect(described_class.singleton_class).to be_include(Puppet::Indirector)
|
16
|
-
end
|
17
|
-
|
18
|
-
it "should indirect certificate_request" do
|
19
|
-
expect(described_class.indirection.name).to eq(:certificate_request)
|
20
|
-
end
|
7
|
+
let(:key) { OpenSSL::PKey::RSA.new(Puppet[:keylength]) }
|
21
8
|
|
22
9
|
it "should use any provided name as its name" do
|
23
10
|
expect(described_class.new("myname").name).to eq("myname")
|
@@ -83,14 +70,9 @@ describe Puppet::SSL::CertificateRequest do
|
|
83
70
|
end
|
84
71
|
|
85
72
|
describe "when generating", :unless => RUBY_PLATFORM == 'java' do
|
86
|
-
it "should
|
73
|
+
it "should verify the CSR using the public key associated with the private key" do
|
87
74
|
request.generate(key)
|
88
|
-
expect(request.content.verify(key.
|
89
|
-
end
|
90
|
-
|
91
|
-
it "should set the subject to [CN, name]" do
|
92
|
-
request.generate(key)
|
93
|
-
expect(request.content.subject).to eq OpenSSL::X509::Name.new([['CN', key.name]])
|
75
|
+
expect(request.content.verify(key.public_key)).to be_truthy
|
94
76
|
end
|
95
77
|
|
96
78
|
it "should set the version to 0" do
|
@@ -101,7 +83,7 @@ describe Puppet::SSL::CertificateRequest do
|
|
101
83
|
it "should set the public key to the provided key's public key" do
|
102
84
|
request.generate(key)
|
103
85
|
# The openssl bindings do not define equality on keys so we use to_s
|
104
|
-
expect(request.content.public_key.to_s).to eq(key.
|
86
|
+
expect(request.content.public_key.to_s).to eq(key.public_key.to_s)
|
105
87
|
end
|
106
88
|
|
107
89
|
context "without subjectAltName / dns_alt_names" do
|
@@ -295,20 +277,20 @@ describe Puppet::SSL::CertificateRequest do
|
|
295
277
|
|
296
278
|
it "should sign the csr with the provided key" do
|
297
279
|
request.generate(key)
|
298
|
-
expect(request.content.verify(key.
|
280
|
+
expect(request.content.verify(key.public_key)).to be_truthy
|
299
281
|
end
|
300
282
|
|
301
283
|
it "should verify the generated request using the public key" do
|
302
284
|
# Stupid keys don't have a competent == method.
|
303
285
|
expect_any_instance_of(OpenSSL::X509::Request).to receive(:verify) do |public_key|
|
304
|
-
public_key.to_s == key.
|
286
|
+
public_key.to_s == key.public_key.to_s
|
305
287
|
end.and_return(true)
|
306
288
|
request.generate(key)
|
307
289
|
end
|
308
290
|
|
309
291
|
it "should fail if verification fails" do
|
310
292
|
expect_any_instance_of(OpenSSL::X509::Request).to receive(:verify) do |public_key|
|
311
|
-
public_key.to_s == key.
|
293
|
+
public_key.to_s == key.public_key.to_s
|
312
294
|
end.and_return(false)
|
313
295
|
|
314
296
|
expect do
|
@@ -334,8 +316,8 @@ describe Puppet::SSL::CertificateRequest do
|
|
334
316
|
expect(OpenSSL::Digest).to receive(:const_defined?).with("SHA256").and_return(false)
|
335
317
|
expect(OpenSSL::Digest).to receive(:const_defined?).with("SHA1").and_return(true)
|
336
318
|
signer = Puppet::SSL::CertificateSigner.new
|
337
|
-
signer.sign(csr, key
|
338
|
-
expect(csr.verify(key
|
319
|
+
signer.sign(csr, key)
|
320
|
+
expect(csr.verify(key)).to be_truthy
|
339
321
|
end
|
340
322
|
|
341
323
|
# Attempts to use SHA512 and SHA384 for signing certificates don't seem to work
|
@@ -348,8 +330,8 @@ describe Puppet::SSL::CertificateRequest do
|
|
348
330
|
expect(OpenSSL::Digest).to receive(:const_defined?).with("SHA1").and_return(false)
|
349
331
|
expect(OpenSSL::Digest).to receive(:const_defined?).with("SHA512").and_return(true)
|
350
332
|
signer = Puppet::SSL::CertificateSigner.new
|
351
|
-
signer.sign(csr, key
|
352
|
-
expect(csr.verify(key
|
333
|
+
signer.sign(csr, key)
|
334
|
+
expect(csr.verify(key)).to be_truthy
|
353
335
|
end
|
354
336
|
|
355
337
|
# Attempts to use SHA512 and SHA384 for signing certificates don't seem to work
|
@@ -363,8 +345,8 @@ describe Puppet::SSL::CertificateRequest do
|
|
363
345
|
expect(OpenSSL::Digest).to receive(:const_defined?).with("SHA512").and_return(false)
|
364
346
|
expect(OpenSSL::Digest).to receive(:const_defined?).with("SHA384").and_return(true)
|
365
347
|
signer = Puppet::SSL::CertificateSigner.new
|
366
|
-
signer.sign(csr, key
|
367
|
-
expect(csr.verify(key
|
348
|
+
signer.sign(csr, key)
|
349
|
+
expect(csr.verify(key)).to be_truthy
|
368
350
|
end
|
369
351
|
|
370
352
|
it "should use SHA224 to sign the csr when SHA256/SHA1/SHA512/SHA384 aren't available" do
|
@@ -375,8 +357,8 @@ describe Puppet::SSL::CertificateRequest do
|
|
375
357
|
expect(OpenSSL::Digest).to receive(:const_defined?).with("SHA384").and_return(false)
|
376
358
|
expect(OpenSSL::Digest).to receive(:const_defined?).with("SHA224").and_return(true)
|
377
359
|
signer = Puppet::SSL::CertificateSigner.new
|
378
|
-
signer.sign(csr, key
|
379
|
-
expect(csr.verify(key
|
360
|
+
signer.sign(csr, key)
|
361
|
+
expect(csr.verify(key)).to be_truthy
|
380
362
|
end
|
381
363
|
|
382
364
|
it "should raise an error if neither SHA256/SHA1/SHA512/SHA384/SHA224 are available" do
|
@@ -390,16 +372,4 @@ describe Puppet::SSL::CertificateRequest do
|
|
390
372
|
}.to raise_error(Puppet::Error)
|
391
373
|
end
|
392
374
|
end
|
393
|
-
|
394
|
-
it "should save the CSR" do
|
395
|
-
csr = Puppet::SSL::CertificateRequest.new("me")
|
396
|
-
terminus = double('terminus')
|
397
|
-
allow(terminus).to receive(:validate)
|
398
|
-
expect(Puppet::SSL::CertificateRequest.indirection).to receive(:prepare).and_return(terminus)
|
399
|
-
expect(terminus).to receive(:save) do |request|
|
400
|
-
expect(request.instance).to eq(csr)
|
401
|
-
expect(request.key).to eq("me")
|
402
|
-
end
|
403
|
-
Puppet::SSL::CertificateRequest.indirection.save(csr)
|
404
|
-
end
|
405
375
|
end
|
@@ -4,7 +4,7 @@ require 'puppet/certificate_factory'
|
|
4
4
|
require 'puppet/ssl/certificate'
|
5
5
|
|
6
6
|
describe Puppet::SSL::Certificate do
|
7
|
-
let :key do
|
7
|
+
let :key do OpenSSL::PKey::RSA.new(Puppet[:keylength]) end
|
8
8
|
|
9
9
|
# Sign the provided cert so that it can be DER-decoded later
|
10
10
|
def sign_wrapped_cert(cert)
|
@@ -16,14 +16,6 @@ describe Puppet::SSL::Certificate do
|
|
16
16
|
@class = Puppet::SSL::Certificate
|
17
17
|
end
|
18
18
|
|
19
|
-
it "should be extended with the Indirector module" do
|
20
|
-
expect(@class.singleton_class).to be_include(Puppet::Indirector)
|
21
|
-
end
|
22
|
-
|
23
|
-
it "should indirect certificate" do
|
24
|
-
expect(@class.indirection.name).to eq(:certificate)
|
25
|
-
end
|
26
|
-
|
27
19
|
it "should only support the text format" do
|
28
20
|
expect(@class.supported_formats).to eq([:s])
|
29
21
|
end
|
@@ -82,8 +74,7 @@ describe Puppet::SSL::Certificate do
|
|
82
74
|
|
83
75
|
describe "when managing instances" do
|
84
76
|
def build_cert(opts)
|
85
|
-
key =
|
86
|
-
key.generate
|
77
|
+
key = OpenSSL::PKey::RSA.new(Puppet[:keylength])
|
87
78
|
csr = Puppet::SSL::CertificateRequest.new('quux')
|
88
79
|
csr.generate(key, opts)
|
89
80
|
|
@@ -271,11 +271,8 @@ describe Puppet::SSL::SSLProvider do
|
|
271
271
|
end
|
272
272
|
|
273
273
|
# This option is only available in openssl 1.1
|
274
|
-
#
|
275
|
-
|
276
|
-
# the affected version.
|
277
|
-
# See: https://github.com/openssl/openssl/pull/13585
|
278
|
-
if Puppet::Util::Package.versioncmp(OpenSSL::OPENSSL_LIBRARY_VERSION.split[1], '1.1.1h') != 0
|
274
|
+
# TODO PUP-10689 behavior changed in openssl 1.1.1h
|
275
|
+
if Puppet::Util::Package.versioncmp(OpenSSL::OPENSSL_LIBRARY_VERSION.split[1], '1.1.1h') < 0
|
279
276
|
it 'raises if root cert signature is invalid', if: defined?(OpenSSL::X509::V_FLAG_CHECK_SS_SIGNATURE) do
|
280
277
|
ca = global_cacerts.first
|
281
278
|
ca.sign(wrong_key, OpenSSL::Digest::SHA256.new)
|
@@ -31,14 +31,6 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
|
|
31
31
|
allow(Kernel).to receive(:sleep)
|
32
32
|
end
|
33
33
|
|
34
|
-
def expected_digest(name, content)
|
35
|
-
OpenSSL::Digest.new(name).hexdigest(content)
|
36
|
-
end
|
37
|
-
|
38
|
-
def to_fingerprint(digest)
|
39
|
-
digest.scan(/../).join(':').upcase
|
40
|
-
end
|
41
|
-
|
42
34
|
context 'when passing keyword arguments' do
|
43
35
|
it "accepts digest" do
|
44
36
|
expect(described_class.new(digest: 'SHA512').digest).to eq('SHA512')
|
@@ -403,35 +395,29 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
|
|
403
395
|
|
404
396
|
it 'verifies CA cert bundle if a ca_fingerprint is given case-insensitively' do
|
405
397
|
Puppet[:log_level] = :info
|
406
|
-
|
407
|
-
digest = expected_digest('SHA256', cacert_pem)
|
408
|
-
fingerprint = to_fingerprint(digest)
|
409
|
-
machine = described_class.new(digest: 'SHA256', ca_fingerprint: digest.downcase)
|
398
|
+
machine = described_class.new(digest: 'SHA256', ca_fingerprint: 'caacf69bbbcdad9dbcda92dd2da3608b639d1aea4c314d6cc6823cdb32d8e0f8')
|
410
399
|
state = Puppet::SSL::StateMachine::NeedCACerts.new(machine)
|
411
400
|
state.next_state
|
412
401
|
|
413
|
-
expect(@logs).to include(an_object_having_attributes(message: "Verified CA bundle with digest (SHA256)
|
402
|
+
expect(@logs).to include(an_object_having_attributes(message: "Verified CA bundle with digest (SHA256) CA:AC:F6:9B:BB:CD:AD:9D:BC:DA:92:DD:2D:A3:60:8B:63:9D:1A:EA:4C:31:4D:6C:C6:82:3C:DB:32:D8:E0:F8"))
|
414
403
|
end
|
415
404
|
|
416
405
|
it 'verifies CA cert bundle using non-default fingerprint' do
|
417
406
|
Puppet[:log_level] = :info
|
418
|
-
|
419
|
-
digest = expected_digest('SHA512', cacert_pem)
|
420
|
-
machine = described_class.new(digest: 'SHA512', ca_fingerprint: digest)
|
407
|
+
machine = described_class.new(digest: 'SHA512', ca_fingerprint: '3c9d1482b878913ad95c9631feac5090cb05c6eab9496178d6fd5c14a023da3b1a8650a3cbaac516d9a48caf0b0742e1ed7eebf55105c024c74834a45056a9d9')
|
421
408
|
state = Puppet::SSL::StateMachine::NeedCACerts.new(machine)
|
422
409
|
state.next_state
|
423
410
|
|
424
|
-
expect(@logs).to include(an_object_having_attributes(message: "Verified CA bundle with digest (SHA512)
|
411
|
+
expect(@logs).to include(an_object_having_attributes(message: "Verified CA bundle with digest (SHA512) 3C:9D:14:82:B8:78:91:3A:D9:5C:96:31:FE:AC:50:90:CB:05:C6:EA:B9:49:61:78:D6:FD:5C:14:A0:23:DA:3B:1A:86:50:A3:CB:AA:C5:16:D9:A4:8C:AF:0B:07:42:E1:ED:7E:EB:F5:51:05:C0:24:C7:48:34:A4:50:56:A9:D9"))
|
425
412
|
end
|
426
413
|
|
427
414
|
it 'returns an error if verification fails' do
|
428
415
|
machine = described_class.new(digest: 'SHA256', ca_fingerprint: 'wrong!')
|
429
416
|
state = Puppet::SSL::StateMachine::NeedCACerts.new(machine)
|
430
417
|
|
431
|
-
fingerprint = to_fingerprint(expected_digest('SHA256', cacert_pem))
|
432
418
|
st = state.next_state
|
433
419
|
expect(st).to be_an_instance_of(Puppet::SSL::StateMachine::Error)
|
434
|
-
expect(st.message).to eq("CA bundle with digest (SHA256)
|
420
|
+
expect(st.message).to eq("CA bundle with digest (SHA256) CA:AC:F6:9B:BB:CD:AD:9D:BC:DA:92:DD:2D:A3:60:8B:63:9D:1A:EA:4C:31:4D:6C:C6:82:3C:DB:32:D8:E0:F8 did not match expected digest WR:ON:G!")
|
435
421
|
end
|
436
422
|
end
|
437
423
|
end
|
@@ -519,7 +505,6 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
|
|
519
505
|
Puppet[:certificate_revocation] = false
|
520
506
|
|
521
507
|
expect(cert_provider).not_to receive(:load_crls)
|
522
|
-
expect(Puppet::Rest::Routes).not_to receive(:get_crls)
|
523
508
|
|
524
509
|
state.next_state
|
525
510
|
|
@@ -6,7 +6,6 @@ describe Puppet::SSL::Verifier do
|
|
6
6
|
let(:host) { 'example.com' }
|
7
7
|
let(:http) { Net::HTTP.new(host) }
|
8
8
|
let(:verifier) { described_class.new(host, ssl_context) }
|
9
|
-
let(:adapter) { Puppet::SSL::VerifierAdapter.new(Puppet::SSL::Validator::DefaultValidator.new) }
|
10
9
|
|
11
10
|
context '#reusable?' do
|
12
11
|
it 'Verifiers with the same ssl_context are reusable' do
|
@@ -16,26 +15,6 @@ describe Puppet::SSL::Verifier do
|
|
16
15
|
it 'Verifiers with different ssl_contexts are not reusable' do
|
17
16
|
expect(verifier).to_not be_reusable(described_class.new(host, Puppet::SSL::SSLContext.new))
|
18
17
|
end
|
19
|
-
|
20
|
-
it 'Verifier is not reusable with VerifierAdapter' do
|
21
|
-
expect(verifier).to_not be_reusable(adapter)
|
22
|
-
end
|
23
|
-
|
24
|
-
it 'VerifierAdapter is not reusable with Verifier' do
|
25
|
-
expect(adapter).to_not be_reusable(verifier)
|
26
|
-
end
|
27
|
-
|
28
|
-
it 'VerifierAdapters with the same class of Validator are reusable' do
|
29
|
-
expect(
|
30
|
-
adapter
|
31
|
-
).to be_reusable(Puppet::SSL::VerifierAdapter.new(Puppet::SSL::Validator::DefaultValidator.new))
|
32
|
-
end
|
33
|
-
|
34
|
-
it 'VerifierAdapters with different classes of Validators are not reusable' do
|
35
|
-
expect(
|
36
|
-
adapter
|
37
|
-
).to_not be_reusable(Puppet::SSL::VerifierAdapter.new(Puppet::SSL::Validator::NoValidator.new))
|
38
|
-
end
|
39
18
|
end
|
40
19
|
|
41
20
|
context '#setup_connection' do
|