puppet 6.24.0-x64-mingw32 → 7.0.0-x64-mingw32
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CODEOWNERS +16 -2
- data/CONTRIBUTING.md +5 -5
- data/Gemfile +1 -3
- data/Gemfile.lock +35 -47
- data/README.md +5 -5
- data/conf/fileserver.conf +5 -10
- data/ext/build_defaults.yaml +1 -1
- data/ext/osx/file_mapping.yaml +0 -5
- data/ext/osx/puppet.plist +0 -2
- data/ext/project_data.yaml +1 -15
- data/ext/redhat/puppet.spec.erb +0 -1
- data/ext/windows/service/daemon.rb +6 -5
- data/install.rb +21 -17
- data/lib/puppet.rb +14 -23
- data/lib/puppet/application.rb +178 -108
- data/lib/puppet/application/agent.rb +4 -12
- data/lib/puppet/application/apply.rb +2 -4
- data/lib/puppet/application/device.rb +100 -106
- data/lib/puppet/application/filebucket.rb +13 -10
- data/lib/puppet/application/resource.rb +3 -17
- data/lib/puppet/application/script.rb +0 -2
- data/lib/puppet/application/ssl.rb +1 -13
- data/lib/puppet/application_support.rb +0 -7
- data/lib/puppet/configurer.rb +30 -45
- data/lib/puppet/configurer/downloader.rb +1 -2
- data/lib/puppet/configurer/plugin_handler.rb +21 -19
- data/lib/puppet/defaults.rb +100 -192
- data/lib/puppet/environments.rb +60 -84
- data/lib/puppet/face/facts.rb +5 -103
- data/lib/puppet/face/help.rb +1 -1
- data/lib/puppet/face/help/action.erb +0 -1
- data/lib/puppet/face/help/face.erb +0 -1
- data/lib/puppet/face/node/clean.rb +0 -11
- data/lib/puppet/face/plugin.rb +5 -8
- data/lib/puppet/ffi/windows.rb +12 -0
- data/lib/puppet/ffi/windows/api_types.rb +311 -0
- data/lib/puppet/ffi/windows/constants.rb +404 -0
- data/lib/puppet/ffi/windows/functions.rb +628 -0
- data/lib/puppet/ffi/windows/structs.rb +338 -0
- data/lib/puppet/file_serving/configuration.rb +0 -5
- data/lib/puppet/file_serving/configuration/parser.rb +3 -32
- data/lib/puppet/file_serving/fileset.rb +2 -14
- data/lib/puppet/file_serving/http_metadata.rb +1 -1
- data/lib/puppet/file_serving/mount.rb +1 -2
- data/lib/puppet/file_system/file_impl.rb +1 -1
- data/lib/puppet/file_system/memory_file.rb +1 -8
- data/lib/puppet/file_system/windows.rb +2 -4
- data/lib/puppet/forge.rb +3 -3
- data/lib/puppet/forge/repository.rb +0 -1
- data/lib/puppet/functions/all.rb +1 -1
- data/lib/puppet/functions/camelcase.rb +1 -1
- data/lib/puppet/functions/capitalize.rb +2 -2
- data/lib/puppet/functions/downcase.rb +2 -2
- data/lib/puppet/functions/empty.rb +0 -8
- data/lib/puppet/functions/get.rb +5 -5
- data/lib/puppet/functions/group_by.rb +5 -13
- data/lib/puppet/functions/lest.rb +1 -1
- data/lib/puppet/functions/new.rb +100 -100
- data/lib/puppet/functions/partition.rb +4 -12
- data/lib/puppet/functions/require.rb +5 -5
- data/lib/puppet/functions/sort.rb +3 -3
- data/lib/puppet/functions/strftime.rb +0 -1
- data/lib/puppet/functions/tree_each.rb +9 -7
- data/lib/puppet/functions/type.rb +4 -4
- data/lib/puppet/functions/unwrap.rb +2 -17
- data/lib/puppet/functions/upcase.rb +2 -2
- data/lib/puppet/generate/models/type/type.rb +4 -1
- data/lib/puppet/http.rb +22 -13
- data/lib/puppet/http/client.rb +164 -114
- data/lib/puppet/{network/resolver.rb → http/dns.rb} +2 -2
- data/lib/puppet/http/errors.rb +16 -0
- data/lib/puppet/http/external_client.rb +5 -7
- data/lib/puppet/{network/http → http}/factory.rb +8 -15
- data/lib/puppet/{network/http → http}/pool.rb +61 -26
- data/lib/puppet/{network/http/session.rb → http/pool_entry.rb} +2 -3
- data/lib/puppet/http/proxy.rb +137 -0
- data/lib/puppet/http/redirector.rb +4 -12
- data/lib/puppet/http/resolver.rb +5 -15
- data/lib/puppet/http/resolver/server_list.rb +10 -25
- data/lib/puppet/http/resolver/settings.rb +4 -7
- data/lib/puppet/http/resolver/srv.rb +7 -11
- data/lib/puppet/http/response.rb +36 -54
- data/lib/puppet/http/response_converter.rb +24 -0
- data/lib/puppet/http/response_net_http.rb +42 -0
- data/lib/puppet/http/retry_after_handler.rb +4 -13
- data/lib/puppet/http/service.rb +12 -26
- data/lib/puppet/http/service/ca.rb +11 -22
- data/lib/puppet/http/service/compiler.rb +22 -138
- data/lib/puppet/http/service/file_server.rb +19 -29
- data/lib/puppet/http/service/puppetserver.rb +26 -12
- data/lib/puppet/http/service/report.rb +8 -10
- data/lib/puppet/http/session.rb +11 -20
- data/lib/puppet/{network/http → http}/site.rb +1 -2
- data/lib/puppet/indirector/catalog/compiler.rb +0 -1
- data/lib/puppet/indirector/catalog/rest.rb +2 -4
- data/lib/puppet/indirector/facts/rest.rb +3 -22
- data/lib/puppet/indirector/file_bucket_file/rest.rb +3 -9
- data/lib/puppet/indirector/file_content/rest.rb +2 -6
- data/lib/puppet/indirector/file_metadata/rest.rb +3 -10
- data/lib/puppet/indirector/file_server.rb +1 -8
- data/lib/puppet/indirector/generic_http.rb +0 -11
- data/lib/puppet/indirector/node/rest.rb +2 -4
- data/lib/puppet/indirector/report/rest.rb +3 -8
- data/lib/puppet/indirector/request.rb +0 -101
- data/lib/puppet/indirector/resource/ral.rb +1 -6
- data/lib/puppet/indirector/rest.rb +12 -263
- data/lib/puppet/interface/documentation.rb +0 -1
- data/lib/puppet/module_tool/applications.rb +0 -1
- data/lib/puppet/module_tool/applications/installer.rb +2 -52
- data/lib/puppet/module_tool/errors/shared.rb +2 -34
- data/lib/puppet/network/authconfig.rb +2 -96
- data/lib/puppet/network/authorization.rb +13 -35
- data/lib/puppet/network/formats.rb +0 -67
- data/lib/puppet/network/http.rb +3 -3
- data/lib/puppet/network/http/api/indirected_routes.rb +2 -20
- data/lib/puppet/network/http/api/master/v3.rb +11 -13
- data/lib/puppet/network/http/connection.rb +247 -316
- data/lib/puppet/network/http/handler.rb +0 -1
- data/lib/puppet/network/http_pool.rb +16 -34
- data/lib/puppet/node.rb +1 -30
- data/lib/puppet/pal/json_catalog_encoder.rb +4 -0
- data/lib/puppet/pal/pal_impl.rb +3 -1
- data/lib/puppet/parser/ast/leaf.rb +2 -3
- data/lib/puppet/parser/ast/pops_bridge.rb +0 -38
- data/lib/puppet/parser/compiler.rb +0 -198
- data/lib/puppet/parser/compiler/catalog_validator/relationship_validator.rb +14 -39
- data/lib/puppet/parser/functions/fqdn_rand.rb +6 -14
- data/lib/puppet/parser/resource.rb +0 -69
- data/lib/puppet/parser/templatewrapper.rb +1 -1
- data/lib/puppet/pops/evaluator/deferred_resolver.rb +3 -5
- data/lib/puppet/pops/evaluator/evaluator_impl.rb +0 -5
- data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +3 -3
- data/lib/puppet/pops/evaluator/runtime3_support.rb +1 -1
- data/lib/puppet/pops/issues.rb +0 -5
- data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +6 -8
- data/lib/puppet/pops/model/ast.pp +0 -42
- data/lib/puppet/pops/model/ast.rb +0 -290
- data/lib/puppet/pops/model/ast_transformer.rb +1 -1
- data/lib/puppet/pops/model/factory.rb +0 -45
- data/lib/puppet/pops/model/model_label_provider.rb +0 -5
- data/lib/puppet/pops/model/model_tree_dumper.rb +0 -22
- data/lib/puppet/pops/model/pn_transformer.rb +0 -16
- data/lib/puppet/pops/parser/egrammar.ra +0 -56
- data/lib/puppet/pops/parser/eparser.rb +1520 -1712
- data/lib/puppet/pops/parser/lexer2.rb +4 -4
- data/lib/puppet/pops/parser/parser_support.rb +0 -5
- data/lib/puppet/pops/resource/resource_type_impl.rb +2 -24
- data/lib/puppet/pops/types/p_sem_ver_type.rb +2 -8
- data/lib/puppet/pops/types/p_sensitive_type.rb +0 -10
- data/lib/puppet/pops/types/type_calculator.rb +0 -7
- data/lib/puppet/pops/types/type_mismatch_describer.rb +1 -1
- data/lib/puppet/pops/types/type_parser.rb +0 -4
- data/lib/puppet/pops/types/types.rb +0 -1
- data/lib/puppet/pops/validation/checker4_0.rb +9 -37
- data/lib/puppet/pops/validation/tasks_checker.rb +0 -12
- data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -2
- data/lib/puppet/property/list.rb +1 -1
- data/lib/puppet/provider.rb +0 -13
- data/lib/puppet/provider/exec/posix.rb +4 -16
- data/lib/puppet/provider/group/groupadd.rb +8 -13
- data/lib/puppet/provider/nameservice.rb +0 -18
- data/lib/puppet/provider/package/apt.rb +2 -34
- data/lib/puppet/provider/package/aptitude.rb +0 -6
- data/lib/puppet/provider/package/dnfmodule.rb +1 -1
- data/lib/puppet/provider/package/dpkg.rb +0 -10
- data/lib/puppet/provider/package/gem.rb +23 -3
- data/lib/puppet/provider/package/nim.rb +6 -11
- data/lib/puppet/provider/package/pip.rb +3 -16
- data/lib/puppet/provider/package/pkg.rb +0 -4
- data/lib/puppet/provider/package/portage.rb +1 -1
- data/lib/puppet/provider/package/puppet_gem.rb +1 -4
- data/lib/puppet/provider/parsedfile.rb +0 -3
- data/lib/puppet/provider/service/debian.rb +0 -2
- data/lib/puppet/provider/service/smf.rb +191 -73
- data/lib/puppet/provider/service/systemd.rb +4 -14
- data/lib/puppet/provider/service/windows.rb +0 -38
- data/lib/puppet/provider/user/aix.rb +2 -2
- data/lib/puppet/provider/user/directoryservice.rb +10 -33
- data/lib/puppet/provider/user/useradd.rb +8 -62
- data/lib/puppet/reference/configuration.rb +8 -7
- data/lib/puppet/reference/indirection.rb +1 -1
- data/lib/puppet/resource.rb +1 -89
- data/lib/puppet/resource/catalog.rb +1 -14
- data/lib/puppet/resource/type.rb +3 -119
- data/lib/puppet/resource/type_collection.rb +3 -48
- data/lib/puppet/runtime.rb +1 -2
- data/lib/puppet/settings.rb +80 -96
- data/lib/puppet/settings/environment_conf.rb +0 -1
- data/lib/puppet/settings/integer_setting.rb +17 -0
- data/lib/puppet/settings/port_setting.rb +15 -0
- data/lib/puppet/settings/priority_setting.rb +5 -4
- data/lib/puppet/ssl.rb +10 -6
- data/lib/puppet/ssl/base.rb +3 -5
- data/lib/puppet/ssl/certificate.rb +0 -6
- data/lib/puppet/ssl/certificate_request.rb +1 -12
- data/lib/puppet/ssl/certificate_signer.rb +6 -0
- data/lib/puppet/ssl/oids.rb +3 -1
- data/lib/puppet/ssl/ssl_provider.rb +17 -0
- data/lib/puppet/ssl/state_machine.rb +3 -1
- data/lib/puppet/ssl/verifier.rb +2 -0
- data/lib/puppet/test/test_helper.rb +1 -3
- data/lib/puppet/transaction.rb +1 -7
- data/lib/puppet/transaction/additional_resource_generator.rb +1 -1
- data/lib/puppet/transaction/report.rb +2 -4
- data/lib/puppet/type.rb +0 -76
- data/lib/puppet/type/exec.rb +3 -16
- data/lib/puppet/type/file.rb +6 -26
- data/lib/puppet/type/file/checksum.rb +1 -1
- data/lib/puppet/type/file/mode.rb +0 -6
- data/lib/puppet/type/file/selcontext.rb +1 -1
- data/lib/puppet/type/file/source.rb +1 -1
- data/lib/puppet/type/filebucket.rb +3 -3
- data/lib/puppet/type/package.rb +8 -16
- data/lib/puppet/type/service.rb +38 -18
- data/lib/puppet/type/tidy.rb +3 -22
- data/lib/puppet/type/user.rb +20 -38
- data/lib/puppet/util/autoload.rb +8 -1
- data/lib/puppet/util/execution.rb +0 -11
- data/lib/puppet/util/http_proxy.rb +2 -215
- data/lib/puppet/util/monkey_patches.rb +0 -53
- data/lib/puppet/util/posix.rb +5 -54
- data/lib/puppet/util/rdoc.rb +0 -7
- data/lib/puppet/util/retry_action.rb +1 -1
- data/lib/puppet/util/run_mode.rb +9 -1
- data/lib/puppet/util/selinux.rb +4 -30
- data/lib/puppet/util/symbolic_file_mode.rb +17 -29
- data/lib/puppet/util/windows.rb +3 -8
- data/lib/puppet/util/windows/adsi.rb +0 -46
- data/lib/puppet/util/windows/daemon.rb +360 -0
- data/lib/puppet/util/windows/error.rb +1 -0
- data/lib/puppet/util/windows/eventlog.rb +4 -9
- data/lib/puppet/util/windows/file.rb +8 -242
- data/lib/puppet/util/windows/monkey_patches/process.rb +414 -0
- data/lib/puppet/util/windows/principal.rb +2 -9
- data/lib/puppet/util/windows/process.rb +4 -226
- data/lib/puppet/util/windows/service.rb +9 -460
- data/lib/puppet/util/windows/sid.rb +2 -6
- data/lib/puppet/util/windows/string.rb +12 -13
- data/lib/puppet/util/yaml.rb +0 -22
- data/lib/puppet/vendor/require_vendored.rb +0 -1
- data/lib/puppet/version.rb +1 -1
- data/lib/puppet/x509.rb +5 -1
- data/lib/puppet/x509/cert_provider.rb +29 -1
- data/locales/puppet.pot +722 -1527
- data/man/man5/puppet.conf.5 +266 -354
- data/man/man8/puppet-agent.8 +2 -2
- data/man/man8/puppet-apply.8 +2 -2
- data/man/man8/puppet-catalog.8 +9 -9
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +2 -2
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +8 -51
- data/man/man8/puppet-filebucket.8 +4 -4
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-module.8 +1 -58
- data/man/man8/puppet-node.8 +5 -5
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +5 -5
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +2 -2
- data/man/man8/puppet-ssl.8 +1 -5
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/ssl/127.0.0.1-key.pem +57 -107
- data/spec/fixtures/ssl/127.0.0.1.pem +31 -52
- data/spec/fixtures/ssl/bad-basic-constraints.pem +35 -57
- data/spec/fixtures/ssl/bad-int-basic-constraints.pem +35 -57
- data/spec/fixtures/ssl/ca.pem +35 -57
- data/spec/fixtures/ssl/crl.pem +18 -28
- data/spec/fixtures/ssl/ec-key.pem +11 -11
- data/spec/fixtures/ssl/ec.pem +24 -33
- data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
- data/spec/fixtures/ssl/encrypted-key.pem +58 -108
- data/spec/fixtures/ssl/intermediate-agent-crl.pem +19 -28
- data/spec/fixtures/ssl/intermediate-agent.pem +36 -57
- data/spec/fixtures/ssl/intermediate-crl.pem +21 -31
- data/spec/fixtures/ssl/intermediate.pem +36 -57
- data/spec/fixtures/ssl/pluto-key.pem +57 -107
- data/spec/fixtures/ssl/pluto.pem +30 -52
- data/spec/fixtures/ssl/request-key.pem +57 -107
- data/spec/fixtures/ssl/request.pem +26 -47
- data/spec/fixtures/ssl/revoked-key.pem +57 -107
- data/spec/fixtures/ssl/revoked.pem +30 -52
- data/spec/fixtures/ssl/signed-key.pem +57 -107
- data/spec/fixtures/ssl/signed.pem +30 -52
- data/spec/fixtures/ssl/tampered-cert.pem +30 -52
- data/spec/fixtures/ssl/tampered-csr.pem +26 -47
- data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +57 -107
- data/spec/fixtures/ssl/unknown-127.0.0.1.pem +29 -50
- data/spec/fixtures/ssl/unknown-ca-key.pem +57 -107
- data/spec/fixtures/ssl/unknown-ca.pem +33 -55
- data/spec/fixtures/unit/provider/service/smf/{svcs.out → svcs_instances.out} +0 -0
- data/spec/fixtures/unit/provider/user/aix/aix_passwd_file.out +0 -4
- data/spec/integration/application/agent_spec.rb +27 -171
- data/spec/integration/application/apply_spec.rb +1 -20
- data/spec/integration/application/filebucket_spec.rb +16 -27
- data/spec/integration/application/help_spec.rb +2 -0
- data/spec/integration/application/module_spec.rb +0 -21
- data/spec/integration/application/plugin_spec.rb +24 -2
- data/spec/integration/defaults_spec.rb +14 -3
- data/spec/integration/environments/settings_interpolation_spec.rb +4 -0
- data/spec/integration/http/client_spec.rb +0 -12
- data/spec/integration/indirector/direct_file_server_spec.rb +3 -1
- data/spec/integration/indirector/facts/facter_spec.rb +36 -90
- data/spec/integration/network/http_pool_spec.rb +3 -21
- data/spec/integration/parser/catalog_spec.rb +0 -38
- data/spec/integration/parser/node_spec.rb +0 -9
- data/spec/integration/parser/pcore_resource_spec.rb +0 -37
- data/spec/integration/resource/type_collection_spec.rb +6 -2
- data/spec/integration/transaction_spec.rb +9 -4
- data/spec/integration/type/exec_spec.rb +45 -70
- data/spec/integration/type/file_spec.rb +5 -4
- data/spec/integration/util/windows/adsi_spec.rb +1 -21
- data/spec/integration/util/windows/monkey_patches/process_spec.rb +231 -0
- data/spec/integration/util/windows/principal_spec.rb +0 -21
- data/spec/integration/util/windows/registry_spec.rb +10 -6
- data/spec/integration/util/windows/security_spec.rb +1 -1
- data/spec/lib/matchers/include.rb +27 -0
- data/spec/lib/matchers/include_spec.rb +32 -0
- data/spec/lib/puppet/test_ca.rb +2 -7
- data/spec/lib/puppet_spec/puppetserver.rb +1 -1
- data/spec/lib/puppet_spec/settings.rb +1 -1
- data/spec/spec_helper.rb +7 -12
- data/spec/unit/agent_spec.rb +6 -10
- data/spec/unit/application/agent_spec.rb +3 -7
- data/spec/unit/application/facts_spec.rb +12 -456
- data/spec/unit/application/filebucket_spec.rb +43 -39
- data/spec/unit/application/ssl_spec.rb +2 -25
- data/spec/unit/application_spec.rb +9 -51
- data/spec/unit/certificate_factory_spec.rb +1 -1
- data/spec/unit/configurer/downloader_spec.rb +6 -8
- data/spec/unit/configurer/plugin_handler_spec.rb +56 -18
- data/spec/unit/configurer_spec.rb +12 -32
- data/spec/unit/confine/feature_spec.rb +1 -1
- data/spec/unit/confine_spec.rb +2 -8
- data/spec/unit/context/trusted_information_spec.rb +2 -6
- data/spec/unit/defaults_spec.rb +68 -54
- data/spec/unit/environments_spec.rb +68 -259
- data/spec/unit/face/node_spec.rb +11 -0
- data/spec/unit/face/plugin_spec.rb +73 -33
- data/spec/unit/file_bucket/file_spec.rb +1 -1
- data/spec/unit/file_serving/configuration/parser_spec.rb +15 -18
- data/spec/unit/file_serving/configuration_spec.rb +6 -12
- data/spec/unit/file_serving/fileset_spec.rb +0 -60
- data/spec/unit/file_serving/metadata_spec.rb +3 -3
- data/spec/unit/file_serving/terminus_helper_spec.rb +4 -11
- data/spec/unit/file_system_spec.rb +0 -15
- data/spec/unit/forge/module_release_spec.rb +7 -2
- data/spec/unit/functions/assert_type_spec.rb +1 -1
- data/spec/unit/functions/camelcase_spec.rb +1 -1
- data/spec/unit/functions/capitalize_spec.rb +1 -1
- data/spec/unit/functions/downcase_spec.rb +1 -1
- data/spec/unit/functions/empty_spec.rb +0 -10
- data/spec/unit/functions/unwrap_spec.rb +0 -8
- data/spec/unit/functions/upcase_spec.rb +1 -1
- data/spec/unit/functions4_spec.rb +2 -2
- data/spec/unit/gettext/config_spec.rb +0 -12
- data/spec/unit/http/client_spec.rb +7 -8
- data/spec/unit/{network/resolver_spec.rb → http/dns_spec.rb} +3 -3
- data/spec/unit/http/external_client_spec.rb +4 -4
- data/spec/unit/{network/http → http}/factory_spec.rb +5 -30
- data/spec/unit/{network/http/session_spec.rb → http/pool_entry_spec.rb} +3 -3
- data/spec/unit/{network/http → http}/pool_spec.rb +12 -17
- data/spec/unit/{util/http_proxy_spec.rb → http/proxy_spec.rb} +2 -69
- data/spec/unit/http/resolver_spec.rb +13 -13
- data/spec/unit/http/service/compiler_spec.rb +0 -185
- data/spec/unit/http/service/file_server_spec.rb +3 -3
- data/spec/unit/http/service/puppetserver_spec.rb +34 -4
- data/spec/unit/http/service_spec.rb +0 -1
- data/spec/unit/http/session_spec.rb +16 -14
- data/spec/unit/{network/http → http}/site_spec.rb +3 -3
- data/spec/unit/indirector/catalog/compiler_spec.rb +10 -14
- data/spec/unit/indirector/face_spec.rb +1 -0
- data/spec/unit/indirector/facts/facter_spec.rb +3 -0
- data/spec/unit/indirector/file_bucket_file/file_spec.rb +5 -3
- data/spec/unit/indirector/file_bucket_file/selector_spec.rb +8 -26
- data/spec/unit/indirector/file_content/rest_spec.rb +0 -4
- data/spec/unit/indirector/file_metadata/rest_spec.rb +0 -4
- data/spec/unit/indirector/file_server_spec.rb +1 -15
- data/spec/unit/indirector/indirection_spec.rb +12 -8
- data/spec/unit/indirector/report/rest_spec.rb +2 -17
- data/spec/unit/indirector/request_spec.rb +0 -264
- data/spec/unit/indirector/resource/ral_spec.rb +75 -40
- data/spec/unit/indirector/rest_spec.rb +98 -752
- data/spec/unit/indirector_spec.rb +2 -2
- data/spec/unit/module_tool/applications/installer_spec.rb +0 -78
- data/spec/unit/network/authconfig_spec.rb +2 -129
- data/spec/unit/network/authorization_spec.rb +2 -55
- data/spec/unit/network/formats_spec.rb +4 -45
- data/spec/unit/network/http/api/indirected_routes_spec.rb +5 -92
- data/spec/unit/network/http/api/master/v3_spec.rb +28 -7
- data/spec/unit/network/http/api_spec.rb +10 -0
- data/spec/unit/network/http/connection_spec.rb +19 -41
- data/spec/unit/network/http/handler_spec.rb +0 -1
- data/spec/unit/network/http_pool_spec.rb +0 -4
- data/spec/unit/node/environment_spec.rb +33 -21
- data/spec/unit/node_spec.rb +2 -54
- data/spec/unit/parser/compiler_spec.rb +19 -3
- data/spec/unit/parser/functions/create_resources_spec.rb +2 -20
- data/spec/unit/parser/functions/fqdn_rand_spec.rb +1 -15
- data/spec/unit/parser/resource_spec.rb +8 -14
- data/spec/unit/parser/templatewrapper_spec.rb +5 -16
- data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +4 -7
- data/spec/unit/pops/loaders/loaders_spec.rb +6 -21
- data/spec/unit/pops/parser/parse_application_spec.rb +4 -22
- data/spec/unit/pops/parser/parse_basic_expressions_spec.rb +0 -1
- data/spec/unit/pops/parser/parse_capabilities_spec.rb +8 -21
- data/spec/unit/pops/parser/parse_site_spec.rb +20 -24
- data/spec/unit/pops/resource/resource_type_impl_spec.rb +0 -71
- data/spec/unit/pops/serialization/to_from_hr_spec.rb +1 -1
- data/spec/unit/pops/types/p_sem_ver_type_spec.rb +0 -18
- data/spec/unit/pops/types/p_sensitive_type_spec.rb +0 -18
- data/spec/unit/pops/types/type_calculator_spec.rb +6 -6
- data/spec/unit/pops/types/type_factory_spec.rb +1 -1
- data/spec/unit/pops/validator/validator_spec.rb +61 -46
- data/spec/unit/pops/visitor_spec.rb +1 -1
- data/spec/unit/property_spec.rb +0 -1
- data/spec/unit/provider/group/groupadd_spec.rb +2 -5
- data/spec/unit/provider/nameservice_spec.rb +64 -122
- data/spec/unit/provider/package/apt_spec.rb +23 -28
- data/spec/unit/provider/package/aptitude_spec.rb +1 -1
- data/spec/unit/provider/package/base_spec.rb +5 -6
- data/spec/unit/provider/package/dnfmodule_spec.rb +1 -10
- data/spec/unit/provider/package/dpkg_spec.rb +0 -48
- data/spec/unit/provider/package/gem_spec.rb +32 -0
- data/spec/unit/provider/package/nim_spec.rb +0 -42
- data/spec/unit/provider/package/pacman_spec.rb +12 -18
- data/spec/unit/provider/package/pip_spec.rb +11 -43
- data/spec/unit/provider/package/pkgdmg_spec.rb +4 -0
- data/spec/unit/provider/package/puppet_gem_spec.rb +3 -2
- data/spec/unit/provider/parsedfile_spec.rb +0 -10
- data/spec/unit/provider/service/init_spec.rb +0 -1
- data/spec/unit/provider/service/openwrt_spec.rb +1 -3
- data/spec/unit/provider/service/smf_spec.rb +401 -165
- data/spec/unit/provider/service/systemd_spec.rb +8 -53
- data/spec/unit/provider/service/windows_spec.rb +0 -203
- data/spec/unit/provider/user/aix_spec.rb +0 -5
- data/spec/unit/provider/user/directoryservice_spec.rb +35 -67
- data/spec/unit/provider/user/hpux_spec.rb +1 -1
- data/spec/unit/provider/user/pw_spec.rb +0 -2
- data/spec/unit/provider/user/useradd_spec.rb +3 -71
- data/spec/unit/provider_spec.rb +8 -18
- data/spec/unit/resource/catalog_spec.rb +1 -1
- data/spec/unit/resource/type_collection_spec.rb +2 -22
- data/spec/unit/resource/type_spec.rb +1 -1
- data/spec/unit/resource_spec.rb +10 -67
- data/spec/unit/settings/http_extra_headers_spec.rb +2 -4
- data/spec/unit/settings/integer_setting_spec.rb +42 -0
- data/spec/unit/settings/port_setting_spec.rb +31 -0
- data/spec/unit/settings/priority_setting_spec.rb +4 -4
- data/spec/unit/settings_spec.rb +79 -110
- data/spec/unit/ssl/base_spec.rb +37 -3
- data/spec/unit/ssl/certificate_request_spec.rb +15 -45
- data/spec/unit/ssl/certificate_spec.rb +2 -11
- data/spec/unit/ssl/ssl_provider_spec.rb +2 -5
- data/spec/unit/ssl/state_machine_spec.rb +5 -20
- data/spec/unit/ssl/verifier_spec.rb +0 -21
- data/spec/unit/transaction/additional_resource_generator_spec.rb +9 -3
- data/spec/unit/transaction/event_manager_spec.rb +11 -14
- data/spec/unit/transaction/report_spec.rb +0 -2
- data/spec/unit/transaction/resource_harness_spec.rb +2 -2
- data/spec/unit/transaction_spec.rb +55 -96
- data/spec/unit/type/exec_spec.rb +29 -76
- data/spec/unit/type/file/checksum_spec.rb +6 -6
- data/spec/unit/type/file/content_spec.rb +2 -1
- data/spec/unit/type/file/ensure_spec.rb +1 -1
- data/spec/unit/type/file/mode_spec.rb +1 -1
- data/spec/unit/type/file/selinux_spec.rb +5 -3
- data/spec/unit/type/file/source_spec.rb +4 -5
- data/spec/unit/type/file_spec.rb +18 -6
- data/spec/unit/type/group_spec.rb +6 -13
- data/spec/unit/type/package_spec.rb +1 -1
- data/spec/unit/type/resources_spec.rb +7 -7
- data/spec/unit/type/service_spec.rb +189 -60
- data/spec/unit/type/tidy_spec.rb +8 -24
- data/spec/unit/type/user_spec.rb +0 -45
- data/spec/unit/type_spec.rb +22 -2
- data/spec/unit/util/at_fork_spec.rb +2 -2
- data/spec/unit/util/autoload_spec.rb +1 -5
- data/spec/unit/util/backups_spec.rb +2 -3
- data/spec/unit/util/execution_spec.rb +11 -44
- data/spec/unit/util/inifile_spec.rb +14 -6
- data/spec/unit/util/log_spec.rb +7 -8
- data/spec/unit/util/logging_spec.rb +3 -3
- data/spec/unit/util/monkey_patches_spec.rb +0 -6
- data/spec/unit/util/posix_spec.rb +15 -363
- data/spec/unit/util/run_mode_spec.rb +21 -121
- data/spec/unit/util/selinux_spec.rb +68 -163
- data/spec/unit/util/storage_spec.rb +1 -3
- data/spec/unit/util/suidmanager_spec.rb +41 -44
- data/spec/unit/util/windows/sid_spec.rb +0 -41
- data/spec/unit/util/windows/string_spec.rb +1 -3
- data/spec/unit/util/yaml_spec.rb +0 -54
- data/spec/unit/util_spec.rb +6 -31
- data/tasks/generate_cert_fixtures.rake +3 -12
- metadata +45 -253
- data/conf/auth.conf +0 -150
- data/lib/puppet/application/cert.rb +0 -76
- data/lib/puppet/application/key.rb +0 -4
- data/lib/puppet/application/man.rb +0 -4
- data/lib/puppet/application/status.rb +0 -4
- data/lib/puppet/face/key.rb +0 -16
- data/lib/puppet/face/man.rb +0 -145
- data/lib/puppet/face/module/build.rb +0 -14
- data/lib/puppet/face/module/generate.rb +0 -14
- data/lib/puppet/face/module/search.rb +0 -103
- data/lib/puppet/face/status.rb +0 -51
- data/lib/puppet/ffi/posix.rb +0 -10
- data/lib/puppet/ffi/posix/constants.rb +0 -14
- data/lib/puppet/ffi/posix/functions.rb +0 -24
- data/lib/puppet/indirector/certificate/file.rb +0 -9
- data/lib/puppet/indirector/certificate/rest.rb +0 -18
- data/lib/puppet/indirector/certificate_request/file.rb +0 -9
- data/lib/puppet/indirector/certificate_request/memory.rb +0 -7
- data/lib/puppet/indirector/certificate_request/rest.rb +0 -11
- data/lib/puppet/indirector/file_content/http.rb +0 -22
- data/lib/puppet/indirector/key/file.rb +0 -46
- data/lib/puppet/indirector/key/memory.rb +0 -7
- data/lib/puppet/indirector/ssl_file.rb +0 -162
- data/lib/puppet/indirector/status.rb +0 -3
- data/lib/puppet/indirector/status/local.rb +0 -12
- data/lib/puppet/indirector/status/rest.rb +0 -27
- data/lib/puppet/module_tool/applications/searcher.rb +0 -29
- data/lib/puppet/network/auth_config_parser.rb +0 -90
- data/lib/puppet/network/authstore.rb +0 -283
- data/lib/puppet/network/http/api/master/v3/authorization.rb +0 -18
- data/lib/puppet/network/http/api/master/v3/environment.rb +0 -88
- data/lib/puppet/network/http/base_pool.rb +0 -36
- data/lib/puppet/network/http/compression.rb +0 -127
- data/lib/puppet/network/http/connection_adapter.rb +0 -184
- data/lib/puppet/network/http/nocache_pool.rb +0 -28
- data/lib/puppet/network/rest_controller.rb +0 -2
- data/lib/puppet/network/rights.rb +0 -210
- data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +0 -66
- data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +0 -22
- data/lib/puppet/parser/environment_compiler.rb +0 -202
- data/lib/puppet/pops/types/enumeration.rb +0 -16
- data/lib/puppet/resource/capability_finder.rb +0 -154
- data/lib/puppet/rest/errors.rb +0 -15
- data/lib/puppet/rest/response.rb +0 -35
- data/lib/puppet/rest/route.rb +0 -85
- data/lib/puppet/rest/routes.rb +0 -135
- data/lib/puppet/settings/alias_setting.rb +0 -37
- data/lib/puppet/ssl/host.rb +0 -505
- data/lib/puppet/ssl/key.rb +0 -61
- data/lib/puppet/ssl/validator.rb +0 -61
- data/lib/puppet/ssl/validator/default_validator.rb +0 -209
- data/lib/puppet/ssl/validator/no_validator.rb +0 -22
- data/lib/puppet/ssl/verifier_adapter.rb +0 -58
- data/lib/puppet/status.rb +0 -40
- data/lib/puppet/util/connection.rb +0 -88
- data/lib/puppet/util/fact_dif.rb +0 -81
- data/lib/puppet/util/ssl.rb +0 -83
- data/lib/puppet/util/windows/api_types.rb +0 -309
- data/lib/puppet/util/windows/monkey_patches/dir.rb +0 -40
- data/lib/puppet/vendor/load_pathspec.rb +0 -1
- data/lib/puppet/vendor/pathspec/CHANGELOG.md +0 -2
- data/lib/puppet/vendor/pathspec/LICENSE +0 -201
- data/lib/puppet/vendor/pathspec/PUPPET_README.md +0 -6
- data/lib/puppet/vendor/pathspec/README.md +0 -53
- data/lib/puppet/vendor/pathspec/lib/pathspec.rb +0 -122
- data/lib/puppet/vendor/pathspec/lib/pathspec/gitignorespec.rb +0 -275
- data/lib/puppet/vendor/pathspec/lib/pathspec/regexspec.rb +0 -17
- data/lib/puppet/vendor/pathspec/lib/pathspec/spec.rb +0 -14
- data/man/man8/puppet-key.8 +0 -126
- data/man/man8/puppet-man.8 +0 -76
- data/man/man8/puppet-status.8 +0 -108
- data/spec/fixtures/integration/application/agent/cached_deferred_catalog.json +0 -91
- data/spec/fixtures/ssl/oid-key.pem +0 -117
- data/spec/fixtures/ssl/oid.pem +0 -69
- data/spec/fixtures/ssl/trusted_oid_mapping.yaml +0 -5
- data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services_vendor_preset +0 -9
- data/spec/integration/application/resource_spec.rb +0 -64
- data/spec/integration/application/ssl_spec.rb +0 -20
- data/spec/integration/network/authconfig_spec.rb +0 -256
- data/spec/integration/util/windows/monkey_patches/dir_spec.rb +0 -11
- data/spec/unit/application/man_spec.rb +0 -52
- data/spec/unit/capability_spec.rb +0 -414
- data/spec/unit/face/key_spec.rb +0 -9
- data/spec/unit/face/module/search_spec.rb +0 -231
- data/spec/unit/face/status_spec.rb +0 -9
- data/spec/unit/indirector/certificate/file_spec.rb +0 -14
- data/spec/unit/indirector/certificate/rest_spec.rb +0 -61
- data/spec/unit/indirector/certificate_request/file_spec.rb +0 -14
- data/spec/unit/indirector/certificate_request/rest_spec.rb +0 -25
- data/spec/unit/indirector/key/file_spec.rb +0 -78
- data/spec/unit/indirector/ssl_file_spec.rb +0 -305
- data/spec/unit/indirector/status/local_spec.rb +0 -10
- data/spec/unit/indirector/status/rest_spec.rb +0 -50
- data/spec/unit/module_tool/applications/searcher_spec.rb +0 -38
- data/spec/unit/network/auth_config_parser_spec.rb +0 -115
- data/spec/unit/network/authstore_spec.rb +0 -422
- data/spec/unit/network/http/api/master/v3/authorization_spec.rb +0 -57
- data/spec/unit/network/http/api/master/v3/environment_spec.rb +0 -185
- data/spec/unit/network/http/compression_spec.rb +0 -240
- data/spec/unit/network/http/nocache_pool_spec.rb +0 -64
- data/spec/unit/network/http_spec.rb +0 -9
- data/spec/unit/network/rights_spec.rb +0 -439
- data/spec/unit/parser/environment_compiler_spec.rb +0 -730
- data/spec/unit/pops/evaluator/deferred_resolver_spec.rb +0 -20
- data/spec/unit/pops/types/enumeration_spec.rb +0 -51
- data/spec/unit/resource/capability_finder_spec.rb +0 -148
- data/spec/unit/rest/route_spec.rb +0 -132
- data/spec/unit/ssl/host_spec.rb +0 -645
- data/spec/unit/ssl/key_spec.rb +0 -173
- data/spec/unit/ssl/validator_spec.rb +0 -278
- data/spec/unit/status_spec.rb +0 -45
- data/spec/unit/util/ssl_spec.rb +0 -91
@@ -29,7 +29,6 @@ class Puppet::Settings::EnvironmentConf
|
|
29
29
|
section = config.sections[:main]
|
30
30
|
rescue Errno::ENOENT
|
31
31
|
# environment.conf is an optional file
|
32
|
-
Puppet.debug { "Path to #{path_to_env} does not exist, using default environment.conf" }
|
33
32
|
end
|
34
33
|
|
35
34
|
new(path_to_env, section, global_module_path)
|
@@ -0,0 +1,17 @@
|
|
1
|
+
class Puppet::Settings::IntegerSetting < Puppet::Settings::BaseSetting
|
2
|
+
def munge(value)
|
3
|
+
return value if Integer === value
|
4
|
+
|
5
|
+
begin
|
6
|
+
value = Integer(value)
|
7
|
+
rescue ArgumentError, TypeError
|
8
|
+
raise Puppet::Settings::ValidationError, _("Cannot convert '%{value}' to an integer for parameter: %{name}") % { value: value.inspect, name: @name }
|
9
|
+
end
|
10
|
+
|
11
|
+
value
|
12
|
+
end
|
13
|
+
|
14
|
+
def type
|
15
|
+
:integer
|
16
|
+
end
|
17
|
+
end
|
@@ -0,0 +1,15 @@
|
|
1
|
+
class Puppet::Settings::PortSetting < Puppet::Settings::IntegerSetting
|
2
|
+
def munge(value)
|
3
|
+
value = super
|
4
|
+
|
5
|
+
if value < 0 || value > 65535
|
6
|
+
raise Puppet::Settings::ValidationError, _("Value '%{value}' is not a valid port number for parameter: %{name}") % { value: value.inspect, name: @name }
|
7
|
+
end
|
8
|
+
|
9
|
+
value
|
10
|
+
end
|
11
|
+
|
12
|
+
def type
|
13
|
+
:port
|
14
|
+
end
|
15
|
+
end
|
@@ -6,11 +6,12 @@ class Puppet::Settings::PrioritySetting < Puppet::Settings::BaseSetting
|
|
6
6
|
PRIORITY_MAP =
|
7
7
|
if Puppet::Util::Platform.windows?
|
8
8
|
require 'puppet/util/windows/process'
|
9
|
+
require 'puppet/ffi/windows/constants'
|
9
10
|
{
|
10
|
-
:high => Puppet::
|
11
|
-
:normal => Puppet::
|
12
|
-
:low => Puppet::
|
13
|
-
:idle => Puppet::
|
11
|
+
:high => Puppet::FFI::Windows::Constants::HIGH_PRIORITY_CLASS,
|
12
|
+
:normal => Puppet::FFI::Windows::Constants::NORMAL_PRIORITY_CLASS,
|
13
|
+
:low => Puppet::FFI::Windows::Constants::BELOW_NORMAL_PRIORITY_CLASS,
|
14
|
+
:idle => Puppet::FFI::Windows::Constants::IDLE_PRIORITY_CLASS
|
14
15
|
}
|
15
16
|
else
|
16
17
|
{
|
data/lib/puppet/ssl.rb
CHANGED
@@ -2,18 +2,22 @@
|
|
2
2
|
require 'puppet'
|
3
3
|
require 'puppet/ssl/openssl_loader'
|
4
4
|
|
5
|
+
# Responsible for bootstrapping an agent's certificate and private key, generating
|
6
|
+
# SSLContexts for use in making HTTPS connections, and handling CSR attributes and
|
7
|
+
# certificate extensions.
|
8
|
+
#
|
9
|
+
# @see Puppet::SSL::SSLProvider
|
5
10
|
# @api private
|
6
|
-
module Puppet::SSL
|
11
|
+
module Puppet::SSL
|
7
12
|
CA_NAME = "ca".freeze
|
8
|
-
|
13
|
+
|
9
14
|
require 'puppet/ssl/oids'
|
10
|
-
require 'puppet/ssl/validator'
|
11
|
-
require 'puppet/ssl/validator/no_validator'
|
12
|
-
require 'puppet/ssl/validator/default_validator'
|
13
15
|
require 'puppet/ssl/error'
|
14
16
|
require 'puppet/ssl/ssl_context'
|
15
17
|
require 'puppet/ssl/verifier'
|
16
|
-
require 'puppet/ssl/verifier_adapter'
|
17
18
|
require 'puppet/ssl/ssl_provider'
|
18
19
|
require 'puppet/ssl/state_machine'
|
20
|
+
require 'puppet/ssl/certificate'
|
21
|
+
require 'puppet/ssl/certificate_request'
|
22
|
+
require 'puppet/ssl/certificate_request_attributes'
|
19
23
|
end
|
data/lib/puppet/ssl/base.rb
CHANGED
@@ -1,7 +1,6 @@
|
|
1
1
|
require 'puppet/ssl/openssl_loader'
|
2
2
|
require 'puppet/ssl'
|
3
3
|
require 'puppet/ssl/digest'
|
4
|
-
require 'puppet/util/ssl'
|
5
4
|
|
6
5
|
# The base class for wrapping SSL instances.
|
7
6
|
class Puppet::SSL::Base
|
@@ -54,7 +53,9 @@ class Puppet::SSL::Base
|
|
54
53
|
#
|
55
54
|
# @return [String] the name (CN) extracted from the subject.
|
56
55
|
def self.name_from_subject(subject)
|
57
|
-
|
56
|
+
if subject.respond_to? :to_a
|
57
|
+
(subject.to_a.assoc('CN') || [])[1]
|
58
|
+
end
|
58
59
|
end
|
59
60
|
|
60
61
|
# Create an instance of our Puppet::SSL::* class using a given instance of the wrapped class
|
@@ -82,15 +83,12 @@ class Puppet::SSL::Base
|
|
82
83
|
# Read content from disk appropriately.
|
83
84
|
def read(path)
|
84
85
|
# applies to Puppet::SSL::Certificate, Puppet::SSL::CertificateRequest
|
85
|
-
# Puppet::SSL::Key uses this, but also provides its own override
|
86
86
|
# nothing derives from Puppet::SSL::Certificate, but it is called by a number of other SSL Indirectors:
|
87
87
|
# Puppet::Indirector::CertificateStatus::File (.indirection.find)
|
88
88
|
# Puppet::Network::HTTP::WEBrick (.indirection.find)
|
89
89
|
# Puppet::Network::HTTP::RackREST (.from_instance)
|
90
90
|
# Puppet::Network::HTTP::WEBrickREST (.from_instance)
|
91
|
-
# Puppet::SSL::Host (.indirection.find)
|
92
91
|
# Puppet::SSL::Inventory (.indirection.search, implements its own add / rebuild / serials with encoding UTF8)
|
93
|
-
# Puppet::SSL::Validator::DefaultValidator (.from_instance) / Puppet::SSL::Validator::NoValidator does nothing
|
94
92
|
@content = wrapped_class.new(Puppet::FileSystem.read(path, :encoding => Encoding::ASCII))
|
95
93
|
end
|
96
94
|
|
@@ -11,12 +11,6 @@ class Puppet::SSL::Certificate < Puppet::SSL::Base
|
|
11
11
|
# This is defined from the base class
|
12
12
|
wraps OpenSSL::X509::Certificate
|
13
13
|
|
14
|
-
extend Puppet::Indirector
|
15
|
-
indirects :certificate, :terminus_class => :file, :doc => <<DOC
|
16
|
-
This indirection wraps an `OpenSSL::X509::Certificate` object, representing a certificate (signed public key).
|
17
|
-
The indirection key is the certificate CN (generally a hostname).
|
18
|
-
DOC
|
19
|
-
|
20
14
|
# Because of how the format handler class is included, this
|
21
15
|
# can't be in the base class.
|
22
16
|
def self.supported_formats
|
@@ -28,13 +28,6 @@ require 'puppet/ssl/certificate_signer'
|
|
28
28
|
class Puppet::SSL::CertificateRequest < Puppet::SSL::Base
|
29
29
|
wraps OpenSSL::X509::Request
|
30
30
|
|
31
|
-
extend Puppet::Indirector
|
32
|
-
|
33
|
-
indirects :certificate_request, :terminus_class => :file, :doc => <<DOC
|
34
|
-
This indirection wraps an `OpenSSL::X509::Request` object, representing a certificate signing request (CSR).
|
35
|
-
The indirection key is the certificate CN (generally a hostname).
|
36
|
-
DOC
|
37
|
-
|
38
31
|
# Because of how the format handler class is included, this
|
39
32
|
# can't be in the base class.
|
40
33
|
def self.supported_formats
|
@@ -47,8 +40,7 @@ DOC
|
|
47
40
|
|
48
41
|
# Create a certificate request with our system settings.
|
49
42
|
#
|
50
|
-
# @param key [OpenSSL::X509::Key
|
51
|
-
# with this CSR.
|
43
|
+
# @param key [OpenSSL::X509::Key] The private key associated with this CSR.
|
52
44
|
# @param options [Hash]
|
53
45
|
# @option options [String] :dns_alt_names A comma separated list of
|
54
46
|
# Subject Alternative Names to include in the CSR extension request.
|
@@ -64,9 +56,6 @@ DOC
|
|
64
56
|
def generate(key, options = {})
|
65
57
|
Puppet.info _("Creating a new SSL certificate request for %{name}") % { name: name }
|
66
58
|
|
67
|
-
# Support either an actual SSL key, or a Puppet key.
|
68
|
-
key = key.content if key.is_a?(Puppet::SSL::Key)
|
69
|
-
|
70
59
|
# If we're a CSR for the CA, then use the real ca_name, rather than the
|
71
60
|
# fake 'ca' name. This is mostly for backward compatibility with 0.24.x,
|
72
61
|
# but it's also just a good idea.
|
@@ -27,6 +27,12 @@ class Puppet::SSL::CertificateSigner
|
|
27
27
|
@digest
|
28
28
|
end
|
29
29
|
|
30
|
+
# Sign a certificate signing request (CSR) with a private key.
|
31
|
+
#
|
32
|
+
# @param [OpenSSL::X509::Request] content The CSR to sign
|
33
|
+
# @param [OpenSSL::X509::PKey] key The private key to sign with
|
34
|
+
#
|
35
|
+
# @api private
|
30
36
|
def sign(content, key)
|
31
37
|
content.sign(key, @digest.new)
|
32
38
|
end
|
data/lib/puppet/ssl/oids.rb
CHANGED
@@ -2,10 +2,11 @@ require 'puppet/ssl'
|
|
2
2
|
|
3
3
|
# This module defines OIDs for use within Puppet.
|
4
4
|
#
|
5
|
-
#
|
5
|
+
# # ASN.1 Definition
|
6
6
|
#
|
7
7
|
# The following is the formal definition of OIDs specified in this file.
|
8
8
|
#
|
9
|
+
# ```
|
9
10
|
# puppetCertExtensions OBJECT IDENTIFIER ::= {iso(1) identified-organization(3)
|
10
11
|
# dod(6) internet(1) private(4) enterprise(1) 34380 1}
|
11
12
|
#
|
@@ -22,6 +23,7 @@ require 'puppet/ssl'
|
|
22
23
|
# pp_instance_id OBJECT IDENTIFIER ::= { registeredExtensions 2 }
|
23
24
|
# pp_image_name OBJECT IDENTIFIER ::= { registeredExtensions 3 }
|
24
25
|
# pp_preshared_key OBJECT IDENTIFIER ::= { registeredExtensions 4 }
|
26
|
+
# ```
|
25
27
|
#
|
26
28
|
# @api private
|
27
29
|
module Puppet::SSL::Oids
|
@@ -3,6 +3,23 @@ require 'puppet/ssl'
|
|
3
3
|
# SSL Provider creates `SSLContext` objects that can be used to create
|
4
4
|
# secure connections.
|
5
5
|
#
|
6
|
+
# @example To load an SSLContext from an existing private key and related certs/crls:
|
7
|
+
# ssl_context = provider.load_context
|
8
|
+
#
|
9
|
+
# @example To load an SSLContext from an existing password-protected private key and related certs/crls:
|
10
|
+
# ssl_context = provider.load_context(password: 'opensesame')
|
11
|
+
#
|
12
|
+
# @example To create an SSLContext from in-memory certs and keys:
|
13
|
+
# cacerts = [<OpenSSL::X509::Certificate>]
|
14
|
+
# crls = [<OpenSSL::X509::CRL>]
|
15
|
+
# key = <OpenSSL::X509::PKey>
|
16
|
+
# cert = <OpenSSL::X509::Certificate>
|
17
|
+
# ssl_context = provider.create_context(cacerts: cacerts, crls: crls, private_key: key, client_cert: cert)
|
18
|
+
#
|
19
|
+
# @example To create an SSLContext to connect to non-puppet HTTPS servers:
|
20
|
+
# cacerts = [<OpenSSL::X509::Certificate>]
|
21
|
+
# ssl_context = provider.create_root_context(cacerts: cacerts)
|
22
|
+
#
|
6
23
|
# @api private
|
7
24
|
class Puppet::SSL::SSLProvider
|
8
25
|
# Create an insecure `SSLContext`. Connections made from the returned context
|
@@ -10,7 +10,7 @@ require 'puppet/util/pidlock'
|
|
10
10
|
# certs. This way we're sure about which SSLContext is being used during any
|
11
11
|
# phase of the bootstrapping process.
|
12
12
|
#
|
13
|
-
# @private
|
13
|
+
# @api private
|
14
14
|
class Puppet::SSL::StateMachine
|
15
15
|
class SSLState
|
16
16
|
attr_reader :ssl_context
|
@@ -405,6 +405,7 @@ class Puppet::SSL::StateMachine
|
|
405
405
|
#
|
406
406
|
# @return [Puppet::SSL::SSLContext] initialized SSLContext
|
407
407
|
# @raise [Puppet::Error] If we fail to generate an SSLContext
|
408
|
+
# @api private
|
408
409
|
def ensure_ca_certificates
|
409
410
|
final_state = run_machine(NeedLock.new(self), NeedKey)
|
410
411
|
final_state.ssl_context
|
@@ -414,6 +415,7 @@ class Puppet::SSL::StateMachine
|
|
414
415
|
#
|
415
416
|
# @return [Puppet::SSL::SSLContext] initialized SSLContext
|
416
417
|
# @raise [Puppet::Error] If we fail to generate an SSLContext
|
418
|
+
# @api private
|
417
419
|
def ensure_client_certificate
|
418
420
|
final_state = run_machine(NeedLock.new(self), Done)
|
419
421
|
ssl_context = final_state.ssl_context
|
data/lib/puppet/ssl/verifier.rb
CHANGED
@@ -14,6 +14,7 @@ class Puppet::SSL::Verifier
|
|
14
14
|
# @param hostname [String] FQDN of the server we're attempting to connect to
|
15
15
|
# @param ssl_context [Puppet::SSL::SSLContext] ssl_context containing CA certs,
|
16
16
|
# CRLs, etc needed to verify the server's certificate chain
|
17
|
+
# @api private
|
17
18
|
def initialize(hostname, ssl_context)
|
18
19
|
@hostname = hostname
|
19
20
|
@ssl_context = ssl_context
|
@@ -25,6 +26,7 @@ class Puppet::SSL::Verifier
|
|
25
26
|
#
|
26
27
|
# @param verifier [Puppet::SSL::Verifier] the verifier to compare against
|
27
28
|
# @return [Boolean] return true if a cached connection can be used, false otherwise
|
29
|
+
# @api private
|
28
30
|
def reusable?(verifier)
|
29
31
|
verifier.instance_of?(self.class) &&
|
30
32
|
verifier.ssl_context.object_id == @ssl_context.object_id
|
@@ -147,9 +147,6 @@ module Puppet::Test
|
|
147
147
|
Puppet::Application.clear!
|
148
148
|
Puppet::Util::Profiler.clear
|
149
149
|
|
150
|
-
Puppet::SSL::Host.reset
|
151
|
-
Puppet::Rest::Routes.clear
|
152
|
-
|
153
150
|
Puppet::Node::Facts.indirection.terminus_class = :memory
|
154
151
|
facts = Puppet::Node::Facts.new(Puppet[:node_name_value])
|
155
152
|
Puppet::Node::Facts.indirection.save(facts)
|
@@ -223,6 +220,7 @@ module Puppet::Test
|
|
223
220
|
{
|
224
221
|
:logdir => "/dev/null",
|
225
222
|
:confdir => "/dev/null",
|
223
|
+
:publicdir => "/dev/null",
|
226
224
|
:codedir => "/dev/null",
|
227
225
|
:vardir => "/dev/null",
|
228
226
|
:rundir => "/dev/null",
|
data/lib/puppet/transaction.rb
CHANGED
@@ -376,16 +376,10 @@ class Puppet::Transaction
|
|
376
376
|
Puppet.debug { "Prefetching #{provider_class.name} resources for #{type_name}" }
|
377
377
|
begin
|
378
378
|
provider_class.prefetch(resources)
|
379
|
-
rescue LoadError,
|
379
|
+
rescue LoadError, StandardError => detail
|
380
380
|
#TRANSLATORS `prefetch` is a function name and should not be translated
|
381
381
|
message = _("Could not prefetch %{type_name} provider '%{name}': %{detail}") % { type_name: type_name, name: provider_class.name, detail: detail }
|
382
382
|
Puppet.log_exception(detail, message)
|
383
|
-
rescue StandardError => detail
|
384
|
-
message = _("Could not prefetch %{type_name} provider '%{name}': %{detail}") % { type_name: type_name, name: provider_class.name, detail: detail }
|
385
|
-
Puppet.log_exception(detail, message)
|
386
|
-
|
387
|
-
raise unless Puppet.settings[:future_features]
|
388
|
-
|
389
383
|
@prefetch_failed_providers[type_name][provider_class.name] = true
|
390
384
|
end
|
391
385
|
@prefetched_providers[type_name][provider_class.name] = true
|
@@ -137,7 +137,7 @@ class Puppet::Transaction::AdditionalResourceGenerator
|
|
137
137
|
else
|
138
138
|
@catalog.add_resource_after(parent_resource, res)
|
139
139
|
end
|
140
|
-
@catalog.add_edge(@catalog.container_of(parent_resource), res)
|
140
|
+
@catalog.add_edge(@catalog.container_of(parent_resource), res)
|
141
141
|
if @relationship_graph && priority
|
142
142
|
# If we have a relationship_graph we should add the resource
|
143
143
|
# to it (this is an eval_generate). If we don't, then the
|
@@ -66,8 +66,6 @@ class Puppet::Transaction::Report
|
|
66
66
|
# Contains the name and port of the server that was successfully contacted
|
67
67
|
# @return [String] a string of the format 'servername:port'
|
68
68
|
attr_accessor :server_used
|
69
|
-
alias :master_used :server_used
|
70
|
-
alias :master_used= :server_used=
|
71
69
|
|
72
70
|
# The host name for which the report is generated
|
73
71
|
# @return [String] the host name
|
@@ -226,7 +224,7 @@ class Puppet::Transaction::Report
|
|
226
224
|
@external_times ||= {}
|
227
225
|
@host = Puppet[:node_name_value]
|
228
226
|
@time = start_time
|
229
|
-
@report_format =
|
227
|
+
@report_format = 12
|
230
228
|
@puppet_version = Puppet.version
|
231
229
|
@configuration_version = configuration_version
|
232
230
|
@transaction_uuid = transaction_uuid
|
@@ -326,7 +324,7 @@ class Puppet::Transaction::Report
|
|
326
324
|
}
|
327
325
|
|
328
326
|
# The following is include only when set
|
329
|
-
hash['
|
327
|
+
hash['server_used'] = @server_used unless @server_used.nil?
|
330
328
|
hash['catalog_uuid'] = @catalog_uuid unless @catalog_uuid.nil?
|
331
329
|
hash['code_id'] = @code_id unless @code_id.nil?
|
332
330
|
hash['job_id'] = @job_id unless @job_id.nil?
|
data/lib/puppet/type.rb
CHANGED
@@ -114,29 +114,6 @@ class Type
|
|
114
114
|
attr_reader :properties
|
115
115
|
end
|
116
116
|
|
117
|
-
# Allow declaring that a type is actually a capability
|
118
|
-
class << self
|
119
|
-
# @deprecated application orchestration will be removed in puppet 7
|
120
|
-
attr_accessor :is_capability
|
121
|
-
|
122
|
-
# @deprecated application orchestration will be removed in puppet 7
|
123
|
-
def is_capability?
|
124
|
-
c = is_capability
|
125
|
-
c.nil? ? false : c
|
126
|
-
end
|
127
|
-
end
|
128
|
-
|
129
|
-
# Returns whether this type represents an application instance; since
|
130
|
-
# only defined types, i.e., instances of Puppet::Resource::Type can
|
131
|
-
# represent application instances, this implementation always returns
|
132
|
-
# +false+. Having this method though makes code checking whether a
|
133
|
-
# resource is an application instance simpler
|
134
|
-
#
|
135
|
-
# @deprecated application orchestration will be removed in puppet 7
|
136
|
-
def self.application?
|
137
|
-
false
|
138
|
-
end
|
139
|
-
|
140
117
|
# Returns all the attribute names of the type in the appropriate order.
|
141
118
|
# The {key_attributes} come first, then the {provider}, then the {properties}, and finally
|
142
119
|
# the {parameters} and {metaparams},
|
@@ -1720,59 +1697,6 @@ class Type
|
|
1720
1697
|
}
|
1721
1698
|
end
|
1722
1699
|
|
1723
|
-
# @deprecated application orchestration will be removed in puppet 7
|
1724
|
-
newmetaparam(:export, :parent => RelationshipMetaparam, :attributes => {:direction => :out, :events => :NONE}) do
|
1725
|
-
desc <<EOS
|
1726
|
-
Export a capability resource.
|
1727
|
-
|
1728
|
-
The value of this parameter must be a reference to a capability resource,
|
1729
|
-
or an array of such references. Each capability resource referenced here
|
1730
|
-
will be instantiated in the node catalog and exported to consumers of this
|
1731
|
-
resource. The title of the capability resource will be the title given in
|
1732
|
-
the reference, and all other attributes of the resource will be filled
|
1733
|
-
according to the corresponding produces statement.
|
1734
|
-
|
1735
|
-
It is an error if this metaparameter references resources whose type is not
|
1736
|
-
a capability type, or of there is no produces clause for the type of the
|
1737
|
-
current resource and the capability resource mentioned in this parameter.
|
1738
|
-
|
1739
|
-
For example:
|
1740
|
-
|
1741
|
-
define web(..) { .. }
|
1742
|
-
Web produces Http { .. }
|
1743
|
-
web { server:
|
1744
|
-
export => Http[main_server]
|
1745
|
-
}
|
1746
|
-
EOS
|
1747
|
-
end
|
1748
|
-
|
1749
|
-
# @deprecated application orchestration will be removed in puppet 7
|
1750
|
-
newmetaparam(:consume, :parent => RelationshipMetaparam, :attributes => {:direction => :in, :events => :NONE}) do
|
1751
|
-
desc <<EOS
|
1752
|
-
Consume a capability resource.
|
1753
|
-
|
1754
|
-
The value of this parameter must be a reference to a capability resource,
|
1755
|
-
or an array of such references. Each capability resource referenced here
|
1756
|
-
must have been exported by another resource in the same environment.
|
1757
|
-
|
1758
|
-
The referenced capability resources will be looked up, added to the
|
1759
|
-
current node catalog, and processed following the underlying consumes
|
1760
|
-
clause.
|
1761
|
-
|
1762
|
-
It is an error if this metaparameter references resources whose type is not
|
1763
|
-
a capability type, or of there is no consumes clause for the type of the
|
1764
|
-
current resource and the capability resource mentioned in this parameter.
|
1765
|
-
|
1766
|
-
For example:
|
1767
|
-
|
1768
|
-
define web(..) { .. }
|
1769
|
-
Web consumes Sql { .. }
|
1770
|
-
web { server:
|
1771
|
-
consume => Sql[my_db]
|
1772
|
-
}
|
1773
|
-
EOS
|
1774
|
-
end
|
1775
|
-
|
1776
1700
|
###############################
|
1777
1701
|
# All of the provider plumbing for the resource types.
|
1778
1702
|
require 'puppet/provider'
|
data/lib/puppet/type/exec.rb
CHANGED
@@ -201,9 +201,7 @@ module Puppet
|
|
201
201
|
only uses the resource title to ensure `exec`s are unique."
|
202
202
|
|
203
203
|
validate do |command|
|
204
|
-
|
205
|
-
raise ArgumentError, _("Command must be a String or Array<String>, got value of class %{klass}") % { klass: command.class }
|
206
|
-
end
|
204
|
+
raise ArgumentError, _("Command must be a String, got value of class %{klass}") % { klass: command.class } unless command.is_a? String
|
207
205
|
end
|
208
206
|
end
|
209
207
|
|
@@ -460,10 +458,6 @@ module Puppet
|
|
460
458
|
|
461
459
|
unless => ['test -f /tmp/file1', 'test -f /tmp/file2'],
|
462
460
|
|
463
|
-
or an array of arrays. For example:
|
464
|
-
|
465
|
-
unless => [['test', '-f', '/tmp/file1'], 'test -f /tmp/file2']
|
466
|
-
|
467
461
|
This `exec` would only run if every command in the array has a
|
468
462
|
non-zero exit code.
|
469
463
|
EOT
|
@@ -520,10 +514,6 @@ module Puppet
|
|
520
514
|
|
521
515
|
onlyif => ['test -f /tmp/file1', 'test -f /tmp/file2'],
|
522
516
|
|
523
|
-
or an array of arrays. For example:
|
524
|
-
|
525
|
-
onlyif => [['test', '-f', '/tmp/file1'], 'test -f /tmp/file2']
|
526
|
-
|
527
517
|
This `exec` would only run if every command in the array has an
|
528
518
|
exit code of 0 (success).
|
529
519
|
EOT
|
@@ -572,14 +562,12 @@ module Puppet
|
|
572
562
|
reqs << self[:cwd] if self[:cwd]
|
573
563
|
|
574
564
|
file_regex = Puppet::Util::Platform.windows? ? %r{^([a-zA-Z]:[\\/]\S+)} : %r{^(/\S+)}
|
575
|
-
cmd = self[:command]
|
576
|
-
cmd = cmd[0] if cmd.is_a? Array
|
577
565
|
|
578
|
-
|
566
|
+
self[:command].scan(file_regex) { |str|
|
579
567
|
reqs << str
|
580
568
|
}
|
581
569
|
|
582
|
-
|
570
|
+
self[:command].scan(/^"([^"]+)"/) { |str|
|
583
571
|
reqs << str
|
584
572
|
}
|
585
573
|
|
@@ -595,7 +583,6 @@ module Puppet
|
|
595
583
|
# fully qualified. It might not be a bad idea to add
|
596
584
|
# unqualified files, but, well, that's a bit more annoying
|
597
585
|
# to do.
|
598
|
-
line = line[0] if line.is_a? Array
|
599
586
|
reqs += line.scan(file_regex)
|
600
587
|
end
|
601
588
|
}
|