puppet 6.24.0-x64-mingw32 → 7.0.0-x64-mingw32

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of puppet might be problematic. Click here for more details.

Files changed (613) hide show
  1. checksums.yaml +4 -4
  2. data/CODEOWNERS +16 -2
  3. data/CONTRIBUTING.md +5 -5
  4. data/Gemfile +1 -3
  5. data/Gemfile.lock +35 -47
  6. data/README.md +5 -5
  7. data/conf/fileserver.conf +5 -10
  8. data/ext/build_defaults.yaml +1 -1
  9. data/ext/osx/file_mapping.yaml +0 -5
  10. data/ext/osx/puppet.plist +0 -2
  11. data/ext/project_data.yaml +1 -15
  12. data/ext/redhat/puppet.spec.erb +0 -1
  13. data/ext/windows/service/daemon.rb +6 -5
  14. data/install.rb +21 -17
  15. data/lib/puppet.rb +14 -23
  16. data/lib/puppet/application.rb +178 -108
  17. data/lib/puppet/application/agent.rb +4 -12
  18. data/lib/puppet/application/apply.rb +2 -4
  19. data/lib/puppet/application/device.rb +100 -106
  20. data/lib/puppet/application/filebucket.rb +13 -10
  21. data/lib/puppet/application/resource.rb +3 -17
  22. data/lib/puppet/application/script.rb +0 -2
  23. data/lib/puppet/application/ssl.rb +1 -13
  24. data/lib/puppet/application_support.rb +0 -7
  25. data/lib/puppet/configurer.rb +30 -45
  26. data/lib/puppet/configurer/downloader.rb +1 -2
  27. data/lib/puppet/configurer/plugin_handler.rb +21 -19
  28. data/lib/puppet/defaults.rb +100 -192
  29. data/lib/puppet/environments.rb +60 -84
  30. data/lib/puppet/face/facts.rb +5 -103
  31. data/lib/puppet/face/help.rb +1 -1
  32. data/lib/puppet/face/help/action.erb +0 -1
  33. data/lib/puppet/face/help/face.erb +0 -1
  34. data/lib/puppet/face/node/clean.rb +0 -11
  35. data/lib/puppet/face/plugin.rb +5 -8
  36. data/lib/puppet/ffi/windows.rb +12 -0
  37. data/lib/puppet/ffi/windows/api_types.rb +311 -0
  38. data/lib/puppet/ffi/windows/constants.rb +404 -0
  39. data/lib/puppet/ffi/windows/functions.rb +628 -0
  40. data/lib/puppet/ffi/windows/structs.rb +338 -0
  41. data/lib/puppet/file_serving/configuration.rb +0 -5
  42. data/lib/puppet/file_serving/configuration/parser.rb +3 -32
  43. data/lib/puppet/file_serving/fileset.rb +2 -14
  44. data/lib/puppet/file_serving/http_metadata.rb +1 -1
  45. data/lib/puppet/file_serving/mount.rb +1 -2
  46. data/lib/puppet/file_system/file_impl.rb +1 -1
  47. data/lib/puppet/file_system/memory_file.rb +1 -8
  48. data/lib/puppet/file_system/windows.rb +2 -4
  49. data/lib/puppet/forge.rb +3 -3
  50. data/lib/puppet/forge/repository.rb +0 -1
  51. data/lib/puppet/functions/all.rb +1 -1
  52. data/lib/puppet/functions/camelcase.rb +1 -1
  53. data/lib/puppet/functions/capitalize.rb +2 -2
  54. data/lib/puppet/functions/downcase.rb +2 -2
  55. data/lib/puppet/functions/empty.rb +0 -8
  56. data/lib/puppet/functions/get.rb +5 -5
  57. data/lib/puppet/functions/group_by.rb +5 -13
  58. data/lib/puppet/functions/lest.rb +1 -1
  59. data/lib/puppet/functions/new.rb +100 -100
  60. data/lib/puppet/functions/partition.rb +4 -12
  61. data/lib/puppet/functions/require.rb +5 -5
  62. data/lib/puppet/functions/sort.rb +3 -3
  63. data/lib/puppet/functions/strftime.rb +0 -1
  64. data/lib/puppet/functions/tree_each.rb +9 -7
  65. data/lib/puppet/functions/type.rb +4 -4
  66. data/lib/puppet/functions/unwrap.rb +2 -17
  67. data/lib/puppet/functions/upcase.rb +2 -2
  68. data/lib/puppet/generate/models/type/type.rb +4 -1
  69. data/lib/puppet/http.rb +22 -13
  70. data/lib/puppet/http/client.rb +164 -114
  71. data/lib/puppet/{network/resolver.rb → http/dns.rb} +2 -2
  72. data/lib/puppet/http/errors.rb +16 -0
  73. data/lib/puppet/http/external_client.rb +5 -7
  74. data/lib/puppet/{network/http → http}/factory.rb +8 -15
  75. data/lib/puppet/{network/http → http}/pool.rb +61 -26
  76. data/lib/puppet/{network/http/session.rb → http/pool_entry.rb} +2 -3
  77. data/lib/puppet/http/proxy.rb +137 -0
  78. data/lib/puppet/http/redirector.rb +4 -12
  79. data/lib/puppet/http/resolver.rb +5 -15
  80. data/lib/puppet/http/resolver/server_list.rb +10 -25
  81. data/lib/puppet/http/resolver/settings.rb +4 -7
  82. data/lib/puppet/http/resolver/srv.rb +7 -11
  83. data/lib/puppet/http/response.rb +36 -54
  84. data/lib/puppet/http/response_converter.rb +24 -0
  85. data/lib/puppet/http/response_net_http.rb +42 -0
  86. data/lib/puppet/http/retry_after_handler.rb +4 -13
  87. data/lib/puppet/http/service.rb +12 -26
  88. data/lib/puppet/http/service/ca.rb +11 -22
  89. data/lib/puppet/http/service/compiler.rb +22 -138
  90. data/lib/puppet/http/service/file_server.rb +19 -29
  91. data/lib/puppet/http/service/puppetserver.rb +26 -12
  92. data/lib/puppet/http/service/report.rb +8 -10
  93. data/lib/puppet/http/session.rb +11 -20
  94. data/lib/puppet/{network/http → http}/site.rb +1 -2
  95. data/lib/puppet/indirector/catalog/compiler.rb +0 -1
  96. data/lib/puppet/indirector/catalog/rest.rb +2 -4
  97. data/lib/puppet/indirector/facts/rest.rb +3 -22
  98. data/lib/puppet/indirector/file_bucket_file/rest.rb +3 -9
  99. data/lib/puppet/indirector/file_content/rest.rb +2 -6
  100. data/lib/puppet/indirector/file_metadata/rest.rb +3 -10
  101. data/lib/puppet/indirector/file_server.rb +1 -8
  102. data/lib/puppet/indirector/generic_http.rb +0 -11
  103. data/lib/puppet/indirector/node/rest.rb +2 -4
  104. data/lib/puppet/indirector/report/rest.rb +3 -8
  105. data/lib/puppet/indirector/request.rb +0 -101
  106. data/lib/puppet/indirector/resource/ral.rb +1 -6
  107. data/lib/puppet/indirector/rest.rb +12 -263
  108. data/lib/puppet/interface/documentation.rb +0 -1
  109. data/lib/puppet/module_tool/applications.rb +0 -1
  110. data/lib/puppet/module_tool/applications/installer.rb +2 -52
  111. data/lib/puppet/module_tool/errors/shared.rb +2 -34
  112. data/lib/puppet/network/authconfig.rb +2 -96
  113. data/lib/puppet/network/authorization.rb +13 -35
  114. data/lib/puppet/network/formats.rb +0 -67
  115. data/lib/puppet/network/http.rb +3 -3
  116. data/lib/puppet/network/http/api/indirected_routes.rb +2 -20
  117. data/lib/puppet/network/http/api/master/v3.rb +11 -13
  118. data/lib/puppet/network/http/connection.rb +247 -316
  119. data/lib/puppet/network/http/handler.rb +0 -1
  120. data/lib/puppet/network/http_pool.rb +16 -34
  121. data/lib/puppet/node.rb +1 -30
  122. data/lib/puppet/pal/json_catalog_encoder.rb +4 -0
  123. data/lib/puppet/pal/pal_impl.rb +3 -1
  124. data/lib/puppet/parser/ast/leaf.rb +2 -3
  125. data/lib/puppet/parser/ast/pops_bridge.rb +0 -38
  126. data/lib/puppet/parser/compiler.rb +0 -198
  127. data/lib/puppet/parser/compiler/catalog_validator/relationship_validator.rb +14 -39
  128. data/lib/puppet/parser/functions/fqdn_rand.rb +6 -14
  129. data/lib/puppet/parser/resource.rb +0 -69
  130. data/lib/puppet/parser/templatewrapper.rb +1 -1
  131. data/lib/puppet/pops/evaluator/deferred_resolver.rb +3 -5
  132. data/lib/puppet/pops/evaluator/evaluator_impl.rb +0 -5
  133. data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +3 -3
  134. data/lib/puppet/pops/evaluator/runtime3_support.rb +1 -1
  135. data/lib/puppet/pops/issues.rb +0 -5
  136. data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +6 -8
  137. data/lib/puppet/pops/model/ast.pp +0 -42
  138. data/lib/puppet/pops/model/ast.rb +0 -290
  139. data/lib/puppet/pops/model/ast_transformer.rb +1 -1
  140. data/lib/puppet/pops/model/factory.rb +0 -45
  141. data/lib/puppet/pops/model/model_label_provider.rb +0 -5
  142. data/lib/puppet/pops/model/model_tree_dumper.rb +0 -22
  143. data/lib/puppet/pops/model/pn_transformer.rb +0 -16
  144. data/lib/puppet/pops/parser/egrammar.ra +0 -56
  145. data/lib/puppet/pops/parser/eparser.rb +1520 -1712
  146. data/lib/puppet/pops/parser/lexer2.rb +4 -4
  147. data/lib/puppet/pops/parser/parser_support.rb +0 -5
  148. data/lib/puppet/pops/resource/resource_type_impl.rb +2 -24
  149. data/lib/puppet/pops/types/p_sem_ver_type.rb +2 -8
  150. data/lib/puppet/pops/types/p_sensitive_type.rb +0 -10
  151. data/lib/puppet/pops/types/type_calculator.rb +0 -7
  152. data/lib/puppet/pops/types/type_mismatch_describer.rb +1 -1
  153. data/lib/puppet/pops/types/type_parser.rb +0 -4
  154. data/lib/puppet/pops/types/types.rb +0 -1
  155. data/lib/puppet/pops/validation/checker4_0.rb +9 -37
  156. data/lib/puppet/pops/validation/tasks_checker.rb +0 -12
  157. data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -2
  158. data/lib/puppet/property/list.rb +1 -1
  159. data/lib/puppet/provider.rb +0 -13
  160. data/lib/puppet/provider/exec/posix.rb +4 -16
  161. data/lib/puppet/provider/group/groupadd.rb +8 -13
  162. data/lib/puppet/provider/nameservice.rb +0 -18
  163. data/lib/puppet/provider/package/apt.rb +2 -34
  164. data/lib/puppet/provider/package/aptitude.rb +0 -6
  165. data/lib/puppet/provider/package/dnfmodule.rb +1 -1
  166. data/lib/puppet/provider/package/dpkg.rb +0 -10
  167. data/lib/puppet/provider/package/gem.rb +23 -3
  168. data/lib/puppet/provider/package/nim.rb +6 -11
  169. data/lib/puppet/provider/package/pip.rb +3 -16
  170. data/lib/puppet/provider/package/pkg.rb +0 -4
  171. data/lib/puppet/provider/package/portage.rb +1 -1
  172. data/lib/puppet/provider/package/puppet_gem.rb +1 -4
  173. data/lib/puppet/provider/parsedfile.rb +0 -3
  174. data/lib/puppet/provider/service/debian.rb +0 -2
  175. data/lib/puppet/provider/service/smf.rb +191 -73
  176. data/lib/puppet/provider/service/systemd.rb +4 -14
  177. data/lib/puppet/provider/service/windows.rb +0 -38
  178. data/lib/puppet/provider/user/aix.rb +2 -2
  179. data/lib/puppet/provider/user/directoryservice.rb +10 -33
  180. data/lib/puppet/provider/user/useradd.rb +8 -62
  181. data/lib/puppet/reference/configuration.rb +8 -7
  182. data/lib/puppet/reference/indirection.rb +1 -1
  183. data/lib/puppet/resource.rb +1 -89
  184. data/lib/puppet/resource/catalog.rb +1 -14
  185. data/lib/puppet/resource/type.rb +3 -119
  186. data/lib/puppet/resource/type_collection.rb +3 -48
  187. data/lib/puppet/runtime.rb +1 -2
  188. data/lib/puppet/settings.rb +80 -96
  189. data/lib/puppet/settings/environment_conf.rb +0 -1
  190. data/lib/puppet/settings/integer_setting.rb +17 -0
  191. data/lib/puppet/settings/port_setting.rb +15 -0
  192. data/lib/puppet/settings/priority_setting.rb +5 -4
  193. data/lib/puppet/ssl.rb +10 -6
  194. data/lib/puppet/ssl/base.rb +3 -5
  195. data/lib/puppet/ssl/certificate.rb +0 -6
  196. data/lib/puppet/ssl/certificate_request.rb +1 -12
  197. data/lib/puppet/ssl/certificate_signer.rb +6 -0
  198. data/lib/puppet/ssl/oids.rb +3 -1
  199. data/lib/puppet/ssl/ssl_provider.rb +17 -0
  200. data/lib/puppet/ssl/state_machine.rb +3 -1
  201. data/lib/puppet/ssl/verifier.rb +2 -0
  202. data/lib/puppet/test/test_helper.rb +1 -3
  203. data/lib/puppet/transaction.rb +1 -7
  204. data/lib/puppet/transaction/additional_resource_generator.rb +1 -1
  205. data/lib/puppet/transaction/report.rb +2 -4
  206. data/lib/puppet/type.rb +0 -76
  207. data/lib/puppet/type/exec.rb +3 -16
  208. data/lib/puppet/type/file.rb +6 -26
  209. data/lib/puppet/type/file/checksum.rb +1 -1
  210. data/lib/puppet/type/file/mode.rb +0 -6
  211. data/lib/puppet/type/file/selcontext.rb +1 -1
  212. data/lib/puppet/type/file/source.rb +1 -1
  213. data/lib/puppet/type/filebucket.rb +3 -3
  214. data/lib/puppet/type/package.rb +8 -16
  215. data/lib/puppet/type/service.rb +38 -18
  216. data/lib/puppet/type/tidy.rb +3 -22
  217. data/lib/puppet/type/user.rb +20 -38
  218. data/lib/puppet/util/autoload.rb +8 -1
  219. data/lib/puppet/util/execution.rb +0 -11
  220. data/lib/puppet/util/http_proxy.rb +2 -215
  221. data/lib/puppet/util/monkey_patches.rb +0 -53
  222. data/lib/puppet/util/posix.rb +5 -54
  223. data/lib/puppet/util/rdoc.rb +0 -7
  224. data/lib/puppet/util/retry_action.rb +1 -1
  225. data/lib/puppet/util/run_mode.rb +9 -1
  226. data/lib/puppet/util/selinux.rb +4 -30
  227. data/lib/puppet/util/symbolic_file_mode.rb +17 -29
  228. data/lib/puppet/util/windows.rb +3 -8
  229. data/lib/puppet/util/windows/adsi.rb +0 -46
  230. data/lib/puppet/util/windows/daemon.rb +360 -0
  231. data/lib/puppet/util/windows/error.rb +1 -0
  232. data/lib/puppet/util/windows/eventlog.rb +4 -9
  233. data/lib/puppet/util/windows/file.rb +8 -242
  234. data/lib/puppet/util/windows/monkey_patches/process.rb +414 -0
  235. data/lib/puppet/util/windows/principal.rb +2 -9
  236. data/lib/puppet/util/windows/process.rb +4 -226
  237. data/lib/puppet/util/windows/service.rb +9 -460
  238. data/lib/puppet/util/windows/sid.rb +2 -6
  239. data/lib/puppet/util/windows/string.rb +12 -13
  240. data/lib/puppet/util/yaml.rb +0 -22
  241. data/lib/puppet/vendor/require_vendored.rb +0 -1
  242. data/lib/puppet/version.rb +1 -1
  243. data/lib/puppet/x509.rb +5 -1
  244. data/lib/puppet/x509/cert_provider.rb +29 -1
  245. data/locales/puppet.pot +722 -1527
  246. data/man/man5/puppet.conf.5 +266 -354
  247. data/man/man8/puppet-agent.8 +2 -2
  248. data/man/man8/puppet-apply.8 +2 -2
  249. data/man/man8/puppet-catalog.8 +9 -9
  250. data/man/man8/puppet-config.8 +1 -1
  251. data/man/man8/puppet-describe.8 +1 -1
  252. data/man/man8/puppet-device.8 +2 -2
  253. data/man/man8/puppet-doc.8 +1 -1
  254. data/man/man8/puppet-epp.8 +1 -1
  255. data/man/man8/puppet-facts.8 +8 -51
  256. data/man/man8/puppet-filebucket.8 +4 -4
  257. data/man/man8/puppet-generate.8 +1 -1
  258. data/man/man8/puppet-help.8 +1 -1
  259. data/man/man8/puppet-lookup.8 +1 -1
  260. data/man/man8/puppet-module.8 +1 -58
  261. data/man/man8/puppet-node.8 +5 -5
  262. data/man/man8/puppet-parser.8 +1 -1
  263. data/man/man8/puppet-plugin.8 +1 -1
  264. data/man/man8/puppet-report.8 +5 -5
  265. data/man/man8/puppet-resource.8 +1 -1
  266. data/man/man8/puppet-script.8 +2 -2
  267. data/man/man8/puppet-ssl.8 +1 -5
  268. data/man/man8/puppet.8 +2 -2
  269. data/spec/fixtures/ssl/127.0.0.1-key.pem +57 -107
  270. data/spec/fixtures/ssl/127.0.0.1.pem +31 -52
  271. data/spec/fixtures/ssl/bad-basic-constraints.pem +35 -57
  272. data/spec/fixtures/ssl/bad-int-basic-constraints.pem +35 -57
  273. data/spec/fixtures/ssl/ca.pem +35 -57
  274. data/spec/fixtures/ssl/crl.pem +18 -28
  275. data/spec/fixtures/ssl/ec-key.pem +11 -11
  276. data/spec/fixtures/ssl/ec.pem +24 -33
  277. data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
  278. data/spec/fixtures/ssl/encrypted-key.pem +58 -108
  279. data/spec/fixtures/ssl/intermediate-agent-crl.pem +19 -28
  280. data/spec/fixtures/ssl/intermediate-agent.pem +36 -57
  281. data/spec/fixtures/ssl/intermediate-crl.pem +21 -31
  282. data/spec/fixtures/ssl/intermediate.pem +36 -57
  283. data/spec/fixtures/ssl/pluto-key.pem +57 -107
  284. data/spec/fixtures/ssl/pluto.pem +30 -52
  285. data/spec/fixtures/ssl/request-key.pem +57 -107
  286. data/spec/fixtures/ssl/request.pem +26 -47
  287. data/spec/fixtures/ssl/revoked-key.pem +57 -107
  288. data/spec/fixtures/ssl/revoked.pem +30 -52
  289. data/spec/fixtures/ssl/signed-key.pem +57 -107
  290. data/spec/fixtures/ssl/signed.pem +30 -52
  291. data/spec/fixtures/ssl/tampered-cert.pem +30 -52
  292. data/spec/fixtures/ssl/tampered-csr.pem +26 -47
  293. data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +57 -107
  294. data/spec/fixtures/ssl/unknown-127.0.0.1.pem +29 -50
  295. data/spec/fixtures/ssl/unknown-ca-key.pem +57 -107
  296. data/spec/fixtures/ssl/unknown-ca.pem +33 -55
  297. data/spec/fixtures/unit/provider/service/smf/{svcs.out → svcs_instances.out} +0 -0
  298. data/spec/fixtures/unit/provider/user/aix/aix_passwd_file.out +0 -4
  299. data/spec/integration/application/agent_spec.rb +27 -171
  300. data/spec/integration/application/apply_spec.rb +1 -20
  301. data/spec/integration/application/filebucket_spec.rb +16 -27
  302. data/spec/integration/application/help_spec.rb +2 -0
  303. data/spec/integration/application/module_spec.rb +0 -21
  304. data/spec/integration/application/plugin_spec.rb +24 -2
  305. data/spec/integration/defaults_spec.rb +14 -3
  306. data/spec/integration/environments/settings_interpolation_spec.rb +4 -0
  307. data/spec/integration/http/client_spec.rb +0 -12
  308. data/spec/integration/indirector/direct_file_server_spec.rb +3 -1
  309. data/spec/integration/indirector/facts/facter_spec.rb +36 -90
  310. data/spec/integration/network/http_pool_spec.rb +3 -21
  311. data/spec/integration/parser/catalog_spec.rb +0 -38
  312. data/spec/integration/parser/node_spec.rb +0 -9
  313. data/spec/integration/parser/pcore_resource_spec.rb +0 -37
  314. data/spec/integration/resource/type_collection_spec.rb +6 -2
  315. data/spec/integration/transaction_spec.rb +9 -4
  316. data/spec/integration/type/exec_spec.rb +45 -70
  317. data/spec/integration/type/file_spec.rb +5 -4
  318. data/spec/integration/util/windows/adsi_spec.rb +1 -21
  319. data/spec/integration/util/windows/monkey_patches/process_spec.rb +231 -0
  320. data/spec/integration/util/windows/principal_spec.rb +0 -21
  321. data/spec/integration/util/windows/registry_spec.rb +10 -6
  322. data/spec/integration/util/windows/security_spec.rb +1 -1
  323. data/spec/lib/matchers/include.rb +27 -0
  324. data/spec/lib/matchers/include_spec.rb +32 -0
  325. data/spec/lib/puppet/test_ca.rb +2 -7
  326. data/spec/lib/puppet_spec/puppetserver.rb +1 -1
  327. data/spec/lib/puppet_spec/settings.rb +1 -1
  328. data/spec/spec_helper.rb +7 -12
  329. data/spec/unit/agent_spec.rb +6 -10
  330. data/spec/unit/application/agent_spec.rb +3 -7
  331. data/spec/unit/application/facts_spec.rb +12 -456
  332. data/spec/unit/application/filebucket_spec.rb +43 -39
  333. data/spec/unit/application/ssl_spec.rb +2 -25
  334. data/spec/unit/application_spec.rb +9 -51
  335. data/spec/unit/certificate_factory_spec.rb +1 -1
  336. data/spec/unit/configurer/downloader_spec.rb +6 -8
  337. data/spec/unit/configurer/plugin_handler_spec.rb +56 -18
  338. data/spec/unit/configurer_spec.rb +12 -32
  339. data/spec/unit/confine/feature_spec.rb +1 -1
  340. data/spec/unit/confine_spec.rb +2 -8
  341. data/spec/unit/context/trusted_information_spec.rb +2 -6
  342. data/spec/unit/defaults_spec.rb +68 -54
  343. data/spec/unit/environments_spec.rb +68 -259
  344. data/spec/unit/face/node_spec.rb +11 -0
  345. data/spec/unit/face/plugin_spec.rb +73 -33
  346. data/spec/unit/file_bucket/file_spec.rb +1 -1
  347. data/spec/unit/file_serving/configuration/parser_spec.rb +15 -18
  348. data/spec/unit/file_serving/configuration_spec.rb +6 -12
  349. data/spec/unit/file_serving/fileset_spec.rb +0 -60
  350. data/spec/unit/file_serving/metadata_spec.rb +3 -3
  351. data/spec/unit/file_serving/terminus_helper_spec.rb +4 -11
  352. data/spec/unit/file_system_spec.rb +0 -15
  353. data/spec/unit/forge/module_release_spec.rb +7 -2
  354. data/spec/unit/functions/assert_type_spec.rb +1 -1
  355. data/spec/unit/functions/camelcase_spec.rb +1 -1
  356. data/spec/unit/functions/capitalize_spec.rb +1 -1
  357. data/spec/unit/functions/downcase_spec.rb +1 -1
  358. data/spec/unit/functions/empty_spec.rb +0 -10
  359. data/spec/unit/functions/unwrap_spec.rb +0 -8
  360. data/spec/unit/functions/upcase_spec.rb +1 -1
  361. data/spec/unit/functions4_spec.rb +2 -2
  362. data/spec/unit/gettext/config_spec.rb +0 -12
  363. data/spec/unit/http/client_spec.rb +7 -8
  364. data/spec/unit/{network/resolver_spec.rb → http/dns_spec.rb} +3 -3
  365. data/spec/unit/http/external_client_spec.rb +4 -4
  366. data/spec/unit/{network/http → http}/factory_spec.rb +5 -30
  367. data/spec/unit/{network/http/session_spec.rb → http/pool_entry_spec.rb} +3 -3
  368. data/spec/unit/{network/http → http}/pool_spec.rb +12 -17
  369. data/spec/unit/{util/http_proxy_spec.rb → http/proxy_spec.rb} +2 -69
  370. data/spec/unit/http/resolver_spec.rb +13 -13
  371. data/spec/unit/http/service/compiler_spec.rb +0 -185
  372. data/spec/unit/http/service/file_server_spec.rb +3 -3
  373. data/spec/unit/http/service/puppetserver_spec.rb +34 -4
  374. data/spec/unit/http/service_spec.rb +0 -1
  375. data/spec/unit/http/session_spec.rb +16 -14
  376. data/spec/unit/{network/http → http}/site_spec.rb +3 -3
  377. data/spec/unit/indirector/catalog/compiler_spec.rb +10 -14
  378. data/spec/unit/indirector/face_spec.rb +1 -0
  379. data/spec/unit/indirector/facts/facter_spec.rb +3 -0
  380. data/spec/unit/indirector/file_bucket_file/file_spec.rb +5 -3
  381. data/spec/unit/indirector/file_bucket_file/selector_spec.rb +8 -26
  382. data/spec/unit/indirector/file_content/rest_spec.rb +0 -4
  383. data/spec/unit/indirector/file_metadata/rest_spec.rb +0 -4
  384. data/spec/unit/indirector/file_server_spec.rb +1 -15
  385. data/spec/unit/indirector/indirection_spec.rb +12 -8
  386. data/spec/unit/indirector/report/rest_spec.rb +2 -17
  387. data/spec/unit/indirector/request_spec.rb +0 -264
  388. data/spec/unit/indirector/resource/ral_spec.rb +75 -40
  389. data/spec/unit/indirector/rest_spec.rb +98 -752
  390. data/spec/unit/indirector_spec.rb +2 -2
  391. data/spec/unit/module_tool/applications/installer_spec.rb +0 -78
  392. data/spec/unit/network/authconfig_spec.rb +2 -129
  393. data/spec/unit/network/authorization_spec.rb +2 -55
  394. data/spec/unit/network/formats_spec.rb +4 -45
  395. data/spec/unit/network/http/api/indirected_routes_spec.rb +5 -92
  396. data/spec/unit/network/http/api/master/v3_spec.rb +28 -7
  397. data/spec/unit/network/http/api_spec.rb +10 -0
  398. data/spec/unit/network/http/connection_spec.rb +19 -41
  399. data/spec/unit/network/http/handler_spec.rb +0 -1
  400. data/spec/unit/network/http_pool_spec.rb +0 -4
  401. data/spec/unit/node/environment_spec.rb +33 -21
  402. data/spec/unit/node_spec.rb +2 -54
  403. data/spec/unit/parser/compiler_spec.rb +19 -3
  404. data/spec/unit/parser/functions/create_resources_spec.rb +2 -20
  405. data/spec/unit/parser/functions/fqdn_rand_spec.rb +1 -15
  406. data/spec/unit/parser/resource_spec.rb +8 -14
  407. data/spec/unit/parser/templatewrapper_spec.rb +5 -16
  408. data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +4 -7
  409. data/spec/unit/pops/loaders/loaders_spec.rb +6 -21
  410. data/spec/unit/pops/parser/parse_application_spec.rb +4 -22
  411. data/spec/unit/pops/parser/parse_basic_expressions_spec.rb +0 -1
  412. data/spec/unit/pops/parser/parse_capabilities_spec.rb +8 -21
  413. data/spec/unit/pops/parser/parse_site_spec.rb +20 -24
  414. data/spec/unit/pops/resource/resource_type_impl_spec.rb +0 -71
  415. data/spec/unit/pops/serialization/to_from_hr_spec.rb +1 -1
  416. data/spec/unit/pops/types/p_sem_ver_type_spec.rb +0 -18
  417. data/spec/unit/pops/types/p_sensitive_type_spec.rb +0 -18
  418. data/spec/unit/pops/types/type_calculator_spec.rb +6 -6
  419. data/spec/unit/pops/types/type_factory_spec.rb +1 -1
  420. data/spec/unit/pops/validator/validator_spec.rb +61 -46
  421. data/spec/unit/pops/visitor_spec.rb +1 -1
  422. data/spec/unit/property_spec.rb +0 -1
  423. data/spec/unit/provider/group/groupadd_spec.rb +2 -5
  424. data/spec/unit/provider/nameservice_spec.rb +64 -122
  425. data/spec/unit/provider/package/apt_spec.rb +23 -28
  426. data/spec/unit/provider/package/aptitude_spec.rb +1 -1
  427. data/spec/unit/provider/package/base_spec.rb +5 -6
  428. data/spec/unit/provider/package/dnfmodule_spec.rb +1 -10
  429. data/spec/unit/provider/package/dpkg_spec.rb +0 -48
  430. data/spec/unit/provider/package/gem_spec.rb +32 -0
  431. data/spec/unit/provider/package/nim_spec.rb +0 -42
  432. data/spec/unit/provider/package/pacman_spec.rb +12 -18
  433. data/spec/unit/provider/package/pip_spec.rb +11 -43
  434. data/spec/unit/provider/package/pkgdmg_spec.rb +4 -0
  435. data/spec/unit/provider/package/puppet_gem_spec.rb +3 -2
  436. data/spec/unit/provider/parsedfile_spec.rb +0 -10
  437. data/spec/unit/provider/service/init_spec.rb +0 -1
  438. data/spec/unit/provider/service/openwrt_spec.rb +1 -3
  439. data/spec/unit/provider/service/smf_spec.rb +401 -165
  440. data/spec/unit/provider/service/systemd_spec.rb +8 -53
  441. data/spec/unit/provider/service/windows_spec.rb +0 -203
  442. data/spec/unit/provider/user/aix_spec.rb +0 -5
  443. data/spec/unit/provider/user/directoryservice_spec.rb +35 -67
  444. data/spec/unit/provider/user/hpux_spec.rb +1 -1
  445. data/spec/unit/provider/user/pw_spec.rb +0 -2
  446. data/spec/unit/provider/user/useradd_spec.rb +3 -71
  447. data/spec/unit/provider_spec.rb +8 -18
  448. data/spec/unit/resource/catalog_spec.rb +1 -1
  449. data/spec/unit/resource/type_collection_spec.rb +2 -22
  450. data/spec/unit/resource/type_spec.rb +1 -1
  451. data/spec/unit/resource_spec.rb +10 -67
  452. data/spec/unit/settings/http_extra_headers_spec.rb +2 -4
  453. data/spec/unit/settings/integer_setting_spec.rb +42 -0
  454. data/spec/unit/settings/port_setting_spec.rb +31 -0
  455. data/spec/unit/settings/priority_setting_spec.rb +4 -4
  456. data/spec/unit/settings_spec.rb +79 -110
  457. data/spec/unit/ssl/base_spec.rb +37 -3
  458. data/spec/unit/ssl/certificate_request_spec.rb +15 -45
  459. data/spec/unit/ssl/certificate_spec.rb +2 -11
  460. data/spec/unit/ssl/ssl_provider_spec.rb +2 -5
  461. data/spec/unit/ssl/state_machine_spec.rb +5 -20
  462. data/spec/unit/ssl/verifier_spec.rb +0 -21
  463. data/spec/unit/transaction/additional_resource_generator_spec.rb +9 -3
  464. data/spec/unit/transaction/event_manager_spec.rb +11 -14
  465. data/spec/unit/transaction/report_spec.rb +0 -2
  466. data/spec/unit/transaction/resource_harness_spec.rb +2 -2
  467. data/spec/unit/transaction_spec.rb +55 -96
  468. data/spec/unit/type/exec_spec.rb +29 -76
  469. data/spec/unit/type/file/checksum_spec.rb +6 -6
  470. data/spec/unit/type/file/content_spec.rb +2 -1
  471. data/spec/unit/type/file/ensure_spec.rb +1 -1
  472. data/spec/unit/type/file/mode_spec.rb +1 -1
  473. data/spec/unit/type/file/selinux_spec.rb +5 -3
  474. data/spec/unit/type/file/source_spec.rb +4 -5
  475. data/spec/unit/type/file_spec.rb +18 -6
  476. data/spec/unit/type/group_spec.rb +6 -13
  477. data/spec/unit/type/package_spec.rb +1 -1
  478. data/spec/unit/type/resources_spec.rb +7 -7
  479. data/spec/unit/type/service_spec.rb +189 -60
  480. data/spec/unit/type/tidy_spec.rb +8 -24
  481. data/spec/unit/type/user_spec.rb +0 -45
  482. data/spec/unit/type_spec.rb +22 -2
  483. data/spec/unit/util/at_fork_spec.rb +2 -2
  484. data/spec/unit/util/autoload_spec.rb +1 -5
  485. data/spec/unit/util/backups_spec.rb +2 -3
  486. data/spec/unit/util/execution_spec.rb +11 -44
  487. data/spec/unit/util/inifile_spec.rb +14 -6
  488. data/spec/unit/util/log_spec.rb +7 -8
  489. data/spec/unit/util/logging_spec.rb +3 -3
  490. data/spec/unit/util/monkey_patches_spec.rb +0 -6
  491. data/spec/unit/util/posix_spec.rb +15 -363
  492. data/spec/unit/util/run_mode_spec.rb +21 -121
  493. data/spec/unit/util/selinux_spec.rb +68 -163
  494. data/spec/unit/util/storage_spec.rb +1 -3
  495. data/spec/unit/util/suidmanager_spec.rb +41 -44
  496. data/spec/unit/util/windows/sid_spec.rb +0 -41
  497. data/spec/unit/util/windows/string_spec.rb +1 -3
  498. data/spec/unit/util/yaml_spec.rb +0 -54
  499. data/spec/unit/util_spec.rb +6 -31
  500. data/tasks/generate_cert_fixtures.rake +3 -12
  501. metadata +45 -253
  502. data/conf/auth.conf +0 -150
  503. data/lib/puppet/application/cert.rb +0 -76
  504. data/lib/puppet/application/key.rb +0 -4
  505. data/lib/puppet/application/man.rb +0 -4
  506. data/lib/puppet/application/status.rb +0 -4
  507. data/lib/puppet/face/key.rb +0 -16
  508. data/lib/puppet/face/man.rb +0 -145
  509. data/lib/puppet/face/module/build.rb +0 -14
  510. data/lib/puppet/face/module/generate.rb +0 -14
  511. data/lib/puppet/face/module/search.rb +0 -103
  512. data/lib/puppet/face/status.rb +0 -51
  513. data/lib/puppet/ffi/posix.rb +0 -10
  514. data/lib/puppet/ffi/posix/constants.rb +0 -14
  515. data/lib/puppet/ffi/posix/functions.rb +0 -24
  516. data/lib/puppet/indirector/certificate/file.rb +0 -9
  517. data/lib/puppet/indirector/certificate/rest.rb +0 -18
  518. data/lib/puppet/indirector/certificate_request/file.rb +0 -9
  519. data/lib/puppet/indirector/certificate_request/memory.rb +0 -7
  520. data/lib/puppet/indirector/certificate_request/rest.rb +0 -11
  521. data/lib/puppet/indirector/file_content/http.rb +0 -22
  522. data/lib/puppet/indirector/key/file.rb +0 -46
  523. data/lib/puppet/indirector/key/memory.rb +0 -7
  524. data/lib/puppet/indirector/ssl_file.rb +0 -162
  525. data/lib/puppet/indirector/status.rb +0 -3
  526. data/lib/puppet/indirector/status/local.rb +0 -12
  527. data/lib/puppet/indirector/status/rest.rb +0 -27
  528. data/lib/puppet/module_tool/applications/searcher.rb +0 -29
  529. data/lib/puppet/network/auth_config_parser.rb +0 -90
  530. data/lib/puppet/network/authstore.rb +0 -283
  531. data/lib/puppet/network/http/api/master/v3/authorization.rb +0 -18
  532. data/lib/puppet/network/http/api/master/v3/environment.rb +0 -88
  533. data/lib/puppet/network/http/base_pool.rb +0 -36
  534. data/lib/puppet/network/http/compression.rb +0 -127
  535. data/lib/puppet/network/http/connection_adapter.rb +0 -184
  536. data/lib/puppet/network/http/nocache_pool.rb +0 -28
  537. data/lib/puppet/network/rest_controller.rb +0 -2
  538. data/lib/puppet/network/rights.rb +0 -210
  539. data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +0 -66
  540. data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +0 -22
  541. data/lib/puppet/parser/environment_compiler.rb +0 -202
  542. data/lib/puppet/pops/types/enumeration.rb +0 -16
  543. data/lib/puppet/resource/capability_finder.rb +0 -154
  544. data/lib/puppet/rest/errors.rb +0 -15
  545. data/lib/puppet/rest/response.rb +0 -35
  546. data/lib/puppet/rest/route.rb +0 -85
  547. data/lib/puppet/rest/routes.rb +0 -135
  548. data/lib/puppet/settings/alias_setting.rb +0 -37
  549. data/lib/puppet/ssl/host.rb +0 -505
  550. data/lib/puppet/ssl/key.rb +0 -61
  551. data/lib/puppet/ssl/validator.rb +0 -61
  552. data/lib/puppet/ssl/validator/default_validator.rb +0 -209
  553. data/lib/puppet/ssl/validator/no_validator.rb +0 -22
  554. data/lib/puppet/ssl/verifier_adapter.rb +0 -58
  555. data/lib/puppet/status.rb +0 -40
  556. data/lib/puppet/util/connection.rb +0 -88
  557. data/lib/puppet/util/fact_dif.rb +0 -81
  558. data/lib/puppet/util/ssl.rb +0 -83
  559. data/lib/puppet/util/windows/api_types.rb +0 -309
  560. data/lib/puppet/util/windows/monkey_patches/dir.rb +0 -40
  561. data/lib/puppet/vendor/load_pathspec.rb +0 -1
  562. data/lib/puppet/vendor/pathspec/CHANGELOG.md +0 -2
  563. data/lib/puppet/vendor/pathspec/LICENSE +0 -201
  564. data/lib/puppet/vendor/pathspec/PUPPET_README.md +0 -6
  565. data/lib/puppet/vendor/pathspec/README.md +0 -53
  566. data/lib/puppet/vendor/pathspec/lib/pathspec.rb +0 -122
  567. data/lib/puppet/vendor/pathspec/lib/pathspec/gitignorespec.rb +0 -275
  568. data/lib/puppet/vendor/pathspec/lib/pathspec/regexspec.rb +0 -17
  569. data/lib/puppet/vendor/pathspec/lib/pathspec/spec.rb +0 -14
  570. data/man/man8/puppet-key.8 +0 -126
  571. data/man/man8/puppet-man.8 +0 -76
  572. data/man/man8/puppet-status.8 +0 -108
  573. data/spec/fixtures/integration/application/agent/cached_deferred_catalog.json +0 -91
  574. data/spec/fixtures/ssl/oid-key.pem +0 -117
  575. data/spec/fixtures/ssl/oid.pem +0 -69
  576. data/spec/fixtures/ssl/trusted_oid_mapping.yaml +0 -5
  577. data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services_vendor_preset +0 -9
  578. data/spec/integration/application/resource_spec.rb +0 -64
  579. data/spec/integration/application/ssl_spec.rb +0 -20
  580. data/spec/integration/network/authconfig_spec.rb +0 -256
  581. data/spec/integration/util/windows/monkey_patches/dir_spec.rb +0 -11
  582. data/spec/unit/application/man_spec.rb +0 -52
  583. data/spec/unit/capability_spec.rb +0 -414
  584. data/spec/unit/face/key_spec.rb +0 -9
  585. data/spec/unit/face/module/search_spec.rb +0 -231
  586. data/spec/unit/face/status_spec.rb +0 -9
  587. data/spec/unit/indirector/certificate/file_spec.rb +0 -14
  588. data/spec/unit/indirector/certificate/rest_spec.rb +0 -61
  589. data/spec/unit/indirector/certificate_request/file_spec.rb +0 -14
  590. data/spec/unit/indirector/certificate_request/rest_spec.rb +0 -25
  591. data/spec/unit/indirector/key/file_spec.rb +0 -78
  592. data/spec/unit/indirector/ssl_file_spec.rb +0 -305
  593. data/spec/unit/indirector/status/local_spec.rb +0 -10
  594. data/spec/unit/indirector/status/rest_spec.rb +0 -50
  595. data/spec/unit/module_tool/applications/searcher_spec.rb +0 -38
  596. data/spec/unit/network/auth_config_parser_spec.rb +0 -115
  597. data/spec/unit/network/authstore_spec.rb +0 -422
  598. data/spec/unit/network/http/api/master/v3/authorization_spec.rb +0 -57
  599. data/spec/unit/network/http/api/master/v3/environment_spec.rb +0 -185
  600. data/spec/unit/network/http/compression_spec.rb +0 -240
  601. data/spec/unit/network/http/nocache_pool_spec.rb +0 -64
  602. data/spec/unit/network/http_spec.rb +0 -9
  603. data/spec/unit/network/rights_spec.rb +0 -439
  604. data/spec/unit/parser/environment_compiler_spec.rb +0 -730
  605. data/spec/unit/pops/evaluator/deferred_resolver_spec.rb +0 -20
  606. data/spec/unit/pops/types/enumeration_spec.rb +0 -51
  607. data/spec/unit/resource/capability_finder_spec.rb +0 -148
  608. data/spec/unit/rest/route_spec.rb +0 -132
  609. data/spec/unit/ssl/host_spec.rb +0 -645
  610. data/spec/unit/ssl/key_spec.rb +0 -173
  611. data/spec/unit/ssl/validator_spec.rb +0 -278
  612. data/spec/unit/status_spec.rb +0 -45
  613. data/spec/unit/util/ssl_spec.rb +0 -91
@@ -1,36 +0,0 @@
1
- # Base pool for HTTP connections.
2
- #
3
- # @api private
4
- class Puppet::Network::HTTP::BasePool
5
- def start(site, verifier, http)
6
- Puppet.debug("Starting connection for #{site}")
7
- if site.use_ssl?
8
- verifier.setup_connection(http)
9
- begin
10
- http.start
11
- print_ssl_info(http) if Puppet::Util::Log.sendlevel?(:debug)
12
- rescue OpenSSL::SSL::SSLError => error
13
- verifier.handle_connection_error(http, error)
14
- end
15
- else
16
- http.start
17
- end
18
- end
19
-
20
- private
21
-
22
- def print_ssl_info(http)
23
- buffered_io = http.instance_variable_get(:@socket)
24
- return unless buffered_io
25
-
26
- socket = buffered_io.io
27
- return unless socket
28
-
29
- cipher = if Puppet::Util::Platform.jruby?
30
- socket.cipher
31
- else
32
- socket.cipher.first
33
- end
34
- Puppet.debug("Using #{socket.ssl_version} with cipher #{cipher}")
35
- end
36
- end
@@ -1,127 +0,0 @@
1
- require 'puppet/network/http'
2
-
3
- module Puppet::Network::HTTP::Compression
4
- # from https://github.com/ruby/ruby/blob/v2_1_3/lib/net/http/generic_request.rb#L40
5
- ACCEPT_ENCODING = "gzip;q=1.0,deflate;q=0.6,identity;q=0.3"
6
-
7
- # this module function allows to use the right underlying
8
- # methods depending on zlib presence
9
- def module
10
- return(Puppet.features.zlib? ? Active : None)
11
- end
12
- module_function :module
13
-
14
- module Active
15
- require 'zlib'
16
- require 'stringio'
17
-
18
- # return an uncompressed body if the response has been
19
- # compressed
20
- def uncompress_body(response)
21
- case response['content-encoding']
22
- when 'gzip'
23
- Puppet.deprecation_warning(_('Puppet::Network::HTTP::Compression::Active#uncompress_body is deprecated.'))
24
- # ZLib::GzipReader has an associated encoding, by default Encoding.default_external
25
- return Zlib::GzipReader.new(StringIO.new(response.body), :encoding => Encoding::BINARY).read
26
- when 'deflate'
27
- Puppet.deprecation_warning(_('Puppet::Network::HTTP::Compression::Active#uncompress_body is deprecated.'))
28
- return Zlib::Inflate.new.inflate(response.body)
29
- when nil, 'identity'
30
- return response.body
31
- else
32
- raise Net::HTTPError.new(_("Unknown content encoding - %{encoding}") % { encoding: response['content-encoding'] }, response)
33
- end
34
- end
35
-
36
- def uncompress(response)
37
- Puppet.deprecation_warning(_('Puppet::Network::HTTP::Compression::Active#uncompress is deprecated.'))
38
- raise Net::HTTPError.new("No block passed", response) unless block_given?
39
-
40
- case response['content-encoding']
41
- when 'gzip','deflate'
42
- uncompressor = ZlibAdapter.new
43
- when nil, 'identity'
44
- uncompressor = IdentityAdapter.new
45
- else
46
- raise Net::HTTPError.new(_("Unknown content encoding - %{encoding}") % { encoding: response['content-encoding'] }, response)
47
- end
48
-
49
- begin
50
- yield uncompressor
51
- ensure
52
- uncompressor.close
53
- end
54
- end
55
-
56
- def add_accept_encoding(headers={})
57
- headers['accept-encoding'] = Puppet::Network::HTTP::Compression::ACCEPT_ENCODING
58
- headers
59
- end
60
-
61
- # This adapters knows how to uncompress both 'zlib' stream (the deflate algorithm from Content-Encoding)
62
- # and GZip streams.
63
- class ZlibAdapter
64
- def initialize(uncompressor = Zlib::Inflate.new(15 + 32))
65
- # Create an inflater that knows to parse GZip streams and zlib streams.
66
- # This uses a property of the C Zlib library, documented as follow:
67
- # windowBits can also be greater than 15 for optional gzip decoding. Add
68
- # 32 to windowBits to enable zlib and gzip decoding with automatic header
69
- # detection, or add 16 to decode only the gzip format (the zlib format will
70
- # return a Z_DATA_ERROR). If a gzip stream is being decoded, strm->adler is
71
- # a crc32 instead of an adler32.
72
- @uncompressor = uncompressor
73
- @first = true
74
- end
75
-
76
- def uncompress(chunk)
77
- Puppet.deprecation_warning(_('Puppet::Network::HTTP::Compression::ZlibAdapter#uncompress is deprecated.'))
78
- out = @uncompressor.inflate(chunk)
79
- @first = false
80
- return out
81
- rescue Zlib::DataError
82
- # it can happen that we receive a raw deflate stream
83
- # which might make our inflate throw a data error.
84
- # in this case, we try with a verbatim (no header)
85
- # deflater.
86
- @uncompressor = Zlib::Inflate.new
87
- if @first then
88
- @first = false
89
- retry
90
- end
91
- raise
92
- end
93
-
94
- def close
95
- @uncompressor.finish
96
- ensure
97
- @uncompressor.close
98
- end
99
- end
100
- end
101
-
102
- module None
103
- def uncompress_body(response)
104
- Puppet.deprecation_warning(_('Puppet::Network::HTTP::Compression::None#uncompress_body is deprecated.'))
105
- response.body
106
- end
107
-
108
- def add_accept_encoding(headers)
109
- headers
110
- end
111
-
112
- def uncompress(response)
113
- Puppet.deprecation_warning(_('Puppet::Network::HTTP::Compression::None#uncompress is deprecated.'))
114
- yield IdentityAdapter.new
115
- end
116
- end
117
-
118
- class IdentityAdapter
119
- def uncompress(chunk)
120
- Puppet.deprecation_warning(_('Puppet::Network::HTTP::Compression::IdentityAdapter#uncompress is deprecated.'))
121
- chunk
122
- end
123
-
124
- def close
125
- end
126
- end
127
- end
@@ -1,184 +0,0 @@
1
- class Puppet::Network::HTTP::ConnectionAdapter < Puppet::Network::HTTP::Connection
2
- def initialize(host, port, options = {})
3
- super(host, port, options)
4
-
5
- @client = Puppet.runtime[:http]
6
- end
7
-
8
- def get(path, headers = {}, options = {})
9
- headers ||= {}
10
- options[:ssl_context] ||= resolve_ssl_context
11
- options[:redirect_limit] ||= @redirect_limit
12
-
13
- with_error_handling do
14
- resp = @client.get(to_url(path), headers: headers, options: options)
15
- resp.nethttp
16
- end
17
- end
18
-
19
- def post(path, data, headers = nil, options = {})
20
- headers ||= {}
21
- headers['Content-Type'] ||= "application/x-www-form-urlencoded"
22
- data ||= ''
23
- options[:ssl_context] ||= resolve_ssl_context
24
- options[:redirect_limit] ||= @redirect_limit
25
-
26
- with_error_handling do
27
- resp = @client.post(to_url(path), data, headers: headers, options: options)
28
- resp.nethttp
29
- end
30
- end
31
-
32
- def head(path, headers = {}, options = {})
33
- headers ||= {}
34
- options[:ssl_context] ||= resolve_ssl_context
35
- options[:redirect_limit] ||= @redirect_limit
36
-
37
- with_error_handling do
38
- resp = @client.head(to_url(path), headers: headers, options: options)
39
- resp.nethttp
40
- end
41
- end
42
-
43
- def delete(path, headers = {'Depth' => 'Infinity'}, options = {})
44
- headers ||= {}
45
- options[:ssl_context] ||= resolve_ssl_context
46
- options[:redirect_limit] ||= @redirect_limit
47
-
48
- with_error_handling do
49
- resp = @client.delete(to_url(path), headers: headers, options: options)
50
- resp.nethttp
51
- end
52
- end
53
-
54
- def put(path, data, headers = nil, options = {})
55
- headers ||= {}
56
- headers['Content-Type'] ||= "application/x-www-form-urlencoded"
57
- data ||= ''
58
- options[:ssl_context] ||= resolve_ssl_context
59
- options[:redirect_limit] ||= @redirect_limit
60
-
61
- with_error_handling do
62
- resp = @client.put(to_url(path), data, headers: headers, options: options)
63
- resp.nethttp
64
- end
65
- end
66
-
67
- def request_get(*args, &block)
68
- path, headers = *args
69
- headers ||= {}
70
- options = {
71
- ssl_context: resolve_ssl_context,
72
- redirect_limit: @redirect_limit
73
- }
74
-
75
- resp = @client.get(to_url(path), headers: headers, options: options) do |response|
76
- yield response.nethttp if block_given?
77
- end
78
- resp.nethttp
79
- end
80
-
81
- def request_head(*args, &block)
82
- path, headers = *args
83
- headers ||= {}
84
- options = {
85
- ssl_context: resolve_ssl_context,
86
- redirect_limit: @redirect_limit
87
- }
88
-
89
- response = @client.head(to_url(path), headers: headers, options: options)
90
- yield response.nethttp if block_given?
91
- response.nethttp
92
- end
93
-
94
- def request_post(*args, &block)
95
- path, data, headers = *args
96
- headers ||= {}
97
- headers['Content-Type'] ||= "application/x-www-form-urlencoded"
98
- options = {
99
- ssl_context: resolve_ssl_context,
100
- redirect_limit: @redirect_limit
101
- }
102
-
103
- resp = @client.post(to_url(path), data, headers: headers, options: options) do |response|
104
- yield response.nethttp if block_given?
105
- end
106
- resp.nethttp
107
- end
108
-
109
- private
110
-
111
- # The old Connection class ignores the ssl_context on the Puppet stack,
112
- # and always loads certs/keys based on what is currently in the filesystem.
113
- # If the files are missing, it would attempt to bootstrap the certs/keys
114
- # while in the process of making a network request, due to the call to
115
- # Puppet.lookup(:ssl_host) in Puppet::SSL::Validator::DefaultValidator#setup_connection.
116
- # This class doesn't preserve the boostrap behavior because that is handled
117
- # outside of this class, and can only be triggered by running `puppet ssl` or
118
- # `puppet agent`.
119
- def resolve_ssl_context
120
- # don't need an ssl context for http connections
121
- return nil unless @site.use_ssl?
122
-
123
- # if our verifier has an ssl_context, use that
124
- ctx = @verifier.ssl_context
125
- return ctx if ctx
126
-
127
- # load available certs
128
- cert = Puppet::X509::CertProvider.new
129
- ssl = Puppet::SSL::SSLProvider.new
130
- begin
131
- password = cert.load_private_key_password
132
- ssl.load_context(certname: Puppet[:certname], password: password)
133
- rescue Puppet::SSL::SSLError => e
134
- Puppet.log_exception(e)
135
-
136
- # if we don't have cacerts, then create a root context that doesn't
137
- # trust anything. The old code used to fallback to VERIFY_NONE,
138
- # which we don't want to emulate.
139
- ssl.create_root_context(cacerts: [])
140
- end
141
- end
142
-
143
- def to_url(path)
144
- if path =~ /^https?:\/\//
145
- # The old Connection class accepts a URL as the request path, and sends
146
- # it in "absolute-form" in the request line, e.g. GET https://puppet:8140/.
147
- # See https://httpwg.org/specs/rfc7230.html#absolute-form. It just so happens
148
- # to work because HTTP 1.1 servers are required to accept absolute-form even
149
- # though clients are only supposed to send them to proxies, so the proxy knows
150
- # what upstream server to CONNECT to. This method creates a URL using the
151
- # scheme/host/port that the connection was created with, and appends the path
152
- # and query portions of the absolute-form. The resulting request will use "origin-form"
153
- # as it should have done all along.
154
- abs_form = URI(path)
155
- url = URI("#{@site.addr}/#{normalize_path(abs_form.path)}")
156
- url.query = abs_form.query if abs_form.query
157
- url
158
- else
159
- URI("#{@site.addr}/#{normalize_path(path)}")
160
- end
161
- end
162
-
163
- def normalize_path(path)
164
- if path[0] == '/'
165
- path[1..-1]
166
- else
167
- path
168
- end
169
- end
170
-
171
- def with_error_handling(&block)
172
- yield
173
- rescue Puppet::HTTP::TooManyRedirects => e
174
- raise Puppet::Network::HTTP::RedirectionLimitExceededException.new(_("Too many HTTP redirections for %{host}:%{port}") % { host: @host, port: @port }, e)
175
- rescue Puppet::HTTP::HTTPError => e
176
- Puppet.log_exception(e, e.message)
177
- case e.cause
178
- when Net::OpenTimeout, Net::ReadTimeout, Net::HTTPError, EOFError
179
- raise e.cause
180
- else
181
- raise e
182
- end
183
- end
184
- end
@@ -1,28 +0,0 @@
1
- # A pool that does not cache HTTP connections.
2
- #
3
- # @api private
4
- class Puppet::Network::HTTP::NoCachePool < Puppet::Network::HTTP::BasePool
5
- def initialize(factory = Puppet::Network::HTTP::Factory.new)
6
- Puppet.deprecation_warning(_('Puppet::Network::HTTP::NoCachePool is deprecated.'))
7
- @factory = factory
8
- end
9
-
10
- # Yields a <tt>Net::HTTP</tt> connection.
11
- #
12
- # @yieldparam http [Net::HTTP] An HTTP connection
13
- def with_connection(site, verifier, &block)
14
- http = @factory.create_connection(site)
15
- start(site, verifier, http)
16
- begin
17
- yield http
18
- ensure
19
- return unless http.started?
20
- Puppet.debug("Closing connection for #{site}")
21
- http.finish
22
- end
23
- end
24
-
25
- def close
26
- # do nothing
27
- end
28
- end
@@ -1,2 +0,0 @@
1
- class Puppet::Network::RESTController # :nodoc:
2
- end
@@ -1,210 +0,0 @@
1
- require 'puppet/network/authstore'
2
- require 'puppet/error'
3
-
4
- module Puppet::Network
5
-
6
- # this exception is thrown when a request is not authenticated
7
- class AuthorizationError < Puppet::Error; end
8
-
9
- # Rights class manages a list of ACLs for paths.
10
- class Rights
11
- # Check that name is allowed or not
12
- def allowed?(name, *args)
13
- !is_forbidden_and_why?(name, :node => args[0], :ip => args[1])
14
- end
15
-
16
- def is_request_forbidden_and_why?(method, path, params)
17
- methods_to_check = if method == :head
18
- # :head is ok if either :find or :save is ok.
19
- [:find, :save]
20
- else
21
- [method]
22
- end
23
- authorization_failure_exceptions = methods_to_check.map do |m|
24
- is_forbidden_and_why?(path, params.merge({:method => m}))
25
- end
26
- if authorization_failure_exceptions.include? nil
27
- # One of the methods we checked is ok, therefore this request is ok.
28
- nil
29
- else
30
- # Just need to return any of the failure exceptions.
31
- authorization_failure_exceptions.first
32
- end
33
- end
34
-
35
- def is_forbidden_and_why?(name, args = {})
36
- res = :nomatch
37
- @rights.find do |acl|
38
- found = false
39
- # an acl can return :dunno, which means "I'm not qualified to answer your question,
40
- # please ask someone else". This is used when for instance an acl matches, but not for the
41
- # current rest method, where we might think some other acl might be more specific.
42
- match = acl.match?(name)
43
- if match
44
- args[:match] = match
45
- if (res = acl.allowed?(args[:node], args[:ip], args)) != :dunno
46
- # return early if we're allowed
47
- return nil if res
48
- # we matched, select this acl
49
- found = true
50
- end
51
- end
52
- found
53
- end
54
-
55
- # if we end up here, then that means we either didn't match or failed, in any
56
- # case will return an error to the outside world
57
- msg = "#{name} [#{args[:method]}]"
58
-
59
- AuthorizationError.new(_("Forbidden request: %{msg}") % { msg: msg })
60
- end
61
-
62
- def initialize
63
- @rights = []
64
- end
65
-
66
- def [](name)
67
- @rights.find { |acl| acl == name }
68
- end
69
-
70
- def empty?
71
- @rights.empty?
72
- end
73
-
74
- def include?(name)
75
- @rights.include?(name)
76
- end
77
-
78
- def each
79
- @rights.each { |r| yield r.name,r }
80
- end
81
-
82
- # Define a new right to which access can be provided.
83
- def newright(name, line=nil, file=nil)
84
- add_right( Right.new(name, line, file) )
85
- end
86
-
87
- private
88
-
89
- def add_right(right)
90
- @rights << right
91
- right
92
- end
93
-
94
- # Retrieve a right by name.
95
- def right(name)
96
- self[name]
97
- end
98
-
99
- # A right.
100
- class Right < Puppet::Network::AuthStore
101
- attr_accessor :name, :key
102
- # Overriding Object#methods sucks for debugging. If we're in here in the
103
- # future, it would be nice to rename Right#methods
104
- attr_accessor :methods, :environment, :authentication
105
- attr_accessor :line, :file
106
-
107
- ALL = [:save, :destroy, :find, :search]
108
-
109
- Puppet::Util.logmethods(self, true)
110
-
111
- def initialize(name, line, file)
112
- @methods = []
113
- @environment = []
114
- @authentication = true # defaults to authenticated
115
- @name = name
116
- @line = line || 0
117
- @file = file
118
- @methods = ALL
119
-
120
- case name
121
- when /^\//
122
- @key = Regexp.new("^" + Regexp.escape(name))
123
- when /^~/ # this is a regex
124
- @name = name.gsub(/^~\s+/,'')
125
- @key = Regexp.new(@name)
126
- else
127
- raise ArgumentError, _("Unknown right type '%{name}'") % { name: name }
128
- end
129
-
130
- super()
131
- end
132
-
133
- def to_s
134
- "access[#{@name}]"
135
- end
136
-
137
- # There's no real check to do at this point
138
- def valid?
139
- true
140
- end
141
-
142
- # does this right is allowed for this triplet?
143
- # if this right is too restrictive (ie we don't match this access method)
144
- # then return :dunno so that upper layers have a chance to try another right
145
- # tailored to the given method
146
- def allowed?(name, ip, args = {})
147
- if not @methods.include?(args[:method])
148
- return :dunno
149
- elsif @environment.size > 0 and not @environment.include?(args[:environment])
150
- return :dunno
151
- elsif (@authentication and not args[:authenticated])
152
- return :dunno
153
- end
154
-
155
- begin
156
- # make sure any capture are replaced if needed
157
- interpolate(args[:match]) if args[:match]
158
- res = super(name,ip)
159
- ensure
160
- reset_interpolation
161
- end
162
- res
163
- end
164
-
165
- # restrict this right to some method only
166
- def restrict_method(m)
167
- m = m.intern if m.is_a?(String)
168
-
169
- raise ArgumentError, _("'%{m}' is not an allowed value for method directive") % { m: m } unless ALL.include?(m)
170
-
171
- # if we were allowing all methods, then starts from scratch
172
- if @methods === ALL
173
- @methods = []
174
- end
175
-
176
- raise ArgumentError, _("'%{m}' is already in the '%{name}' ACL") % { m: m, name: name } if @methods.include?(m)
177
-
178
- @methods << m
179
- end
180
-
181
- def restrict_environment(environment)
182
- env = Puppet.lookup(:environments).get(environment)
183
- raise ArgumentError, _("'%{env}' is already in the '%{name}' ACL") % { env: env, name: name } if @environment.include?(env)
184
-
185
- @environment << env
186
- end
187
-
188
- def restrict_authenticated(authentication)
189
- case authentication
190
- when "yes", "on", "true", true
191
- authentication = true
192
- when "no", "off", "false", false, "all" ,"any", :all, :any
193
- authentication = false
194
- else
195
- raise ArgumentError, _("'%{name}' incorrect authenticated value: %{authentication}") % { name: name, authentication: authentication }
196
- end
197
- @authentication = authentication
198
- end
199
-
200
- def match?(key)
201
- # otherwise match with the regex
202
- self.key.match(key)
203
- end
204
-
205
- def ==(name)
206
- self.name == name.gsub(/^~\s+/,'')
207
- end
208
- end
209
- end
210
- end