puppet 6.24.0-x64-mingw32 → 7.0.0-x64-mingw32
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CODEOWNERS +16 -2
- data/CONTRIBUTING.md +5 -5
- data/Gemfile +1 -3
- data/Gemfile.lock +35 -47
- data/README.md +5 -5
- data/conf/fileserver.conf +5 -10
- data/ext/build_defaults.yaml +1 -1
- data/ext/osx/file_mapping.yaml +0 -5
- data/ext/osx/puppet.plist +0 -2
- data/ext/project_data.yaml +1 -15
- data/ext/redhat/puppet.spec.erb +0 -1
- data/ext/windows/service/daemon.rb +6 -5
- data/install.rb +21 -17
- data/lib/puppet.rb +14 -23
- data/lib/puppet/application.rb +178 -108
- data/lib/puppet/application/agent.rb +4 -12
- data/lib/puppet/application/apply.rb +2 -4
- data/lib/puppet/application/device.rb +100 -106
- data/lib/puppet/application/filebucket.rb +13 -10
- data/lib/puppet/application/resource.rb +3 -17
- data/lib/puppet/application/script.rb +0 -2
- data/lib/puppet/application/ssl.rb +1 -13
- data/lib/puppet/application_support.rb +0 -7
- data/lib/puppet/configurer.rb +30 -45
- data/lib/puppet/configurer/downloader.rb +1 -2
- data/lib/puppet/configurer/plugin_handler.rb +21 -19
- data/lib/puppet/defaults.rb +100 -192
- data/lib/puppet/environments.rb +60 -84
- data/lib/puppet/face/facts.rb +5 -103
- data/lib/puppet/face/help.rb +1 -1
- data/lib/puppet/face/help/action.erb +0 -1
- data/lib/puppet/face/help/face.erb +0 -1
- data/lib/puppet/face/node/clean.rb +0 -11
- data/lib/puppet/face/plugin.rb +5 -8
- data/lib/puppet/ffi/windows.rb +12 -0
- data/lib/puppet/ffi/windows/api_types.rb +311 -0
- data/lib/puppet/ffi/windows/constants.rb +404 -0
- data/lib/puppet/ffi/windows/functions.rb +628 -0
- data/lib/puppet/ffi/windows/structs.rb +338 -0
- data/lib/puppet/file_serving/configuration.rb +0 -5
- data/lib/puppet/file_serving/configuration/parser.rb +3 -32
- data/lib/puppet/file_serving/fileset.rb +2 -14
- data/lib/puppet/file_serving/http_metadata.rb +1 -1
- data/lib/puppet/file_serving/mount.rb +1 -2
- data/lib/puppet/file_system/file_impl.rb +1 -1
- data/lib/puppet/file_system/memory_file.rb +1 -8
- data/lib/puppet/file_system/windows.rb +2 -4
- data/lib/puppet/forge.rb +3 -3
- data/lib/puppet/forge/repository.rb +0 -1
- data/lib/puppet/functions/all.rb +1 -1
- data/lib/puppet/functions/camelcase.rb +1 -1
- data/lib/puppet/functions/capitalize.rb +2 -2
- data/lib/puppet/functions/downcase.rb +2 -2
- data/lib/puppet/functions/empty.rb +0 -8
- data/lib/puppet/functions/get.rb +5 -5
- data/lib/puppet/functions/group_by.rb +5 -13
- data/lib/puppet/functions/lest.rb +1 -1
- data/lib/puppet/functions/new.rb +100 -100
- data/lib/puppet/functions/partition.rb +4 -12
- data/lib/puppet/functions/require.rb +5 -5
- data/lib/puppet/functions/sort.rb +3 -3
- data/lib/puppet/functions/strftime.rb +0 -1
- data/lib/puppet/functions/tree_each.rb +9 -7
- data/lib/puppet/functions/type.rb +4 -4
- data/lib/puppet/functions/unwrap.rb +2 -17
- data/lib/puppet/functions/upcase.rb +2 -2
- data/lib/puppet/generate/models/type/type.rb +4 -1
- data/lib/puppet/http.rb +22 -13
- data/lib/puppet/http/client.rb +164 -114
- data/lib/puppet/{network/resolver.rb → http/dns.rb} +2 -2
- data/lib/puppet/http/errors.rb +16 -0
- data/lib/puppet/http/external_client.rb +5 -7
- data/lib/puppet/{network/http → http}/factory.rb +8 -15
- data/lib/puppet/{network/http → http}/pool.rb +61 -26
- data/lib/puppet/{network/http/session.rb → http/pool_entry.rb} +2 -3
- data/lib/puppet/http/proxy.rb +137 -0
- data/lib/puppet/http/redirector.rb +4 -12
- data/lib/puppet/http/resolver.rb +5 -15
- data/lib/puppet/http/resolver/server_list.rb +10 -25
- data/lib/puppet/http/resolver/settings.rb +4 -7
- data/lib/puppet/http/resolver/srv.rb +7 -11
- data/lib/puppet/http/response.rb +36 -54
- data/lib/puppet/http/response_converter.rb +24 -0
- data/lib/puppet/http/response_net_http.rb +42 -0
- data/lib/puppet/http/retry_after_handler.rb +4 -13
- data/lib/puppet/http/service.rb +12 -26
- data/lib/puppet/http/service/ca.rb +11 -22
- data/lib/puppet/http/service/compiler.rb +22 -138
- data/lib/puppet/http/service/file_server.rb +19 -29
- data/lib/puppet/http/service/puppetserver.rb +26 -12
- data/lib/puppet/http/service/report.rb +8 -10
- data/lib/puppet/http/session.rb +11 -20
- data/lib/puppet/{network/http → http}/site.rb +1 -2
- data/lib/puppet/indirector/catalog/compiler.rb +0 -1
- data/lib/puppet/indirector/catalog/rest.rb +2 -4
- data/lib/puppet/indirector/facts/rest.rb +3 -22
- data/lib/puppet/indirector/file_bucket_file/rest.rb +3 -9
- data/lib/puppet/indirector/file_content/rest.rb +2 -6
- data/lib/puppet/indirector/file_metadata/rest.rb +3 -10
- data/lib/puppet/indirector/file_server.rb +1 -8
- data/lib/puppet/indirector/generic_http.rb +0 -11
- data/lib/puppet/indirector/node/rest.rb +2 -4
- data/lib/puppet/indirector/report/rest.rb +3 -8
- data/lib/puppet/indirector/request.rb +0 -101
- data/lib/puppet/indirector/resource/ral.rb +1 -6
- data/lib/puppet/indirector/rest.rb +12 -263
- data/lib/puppet/interface/documentation.rb +0 -1
- data/lib/puppet/module_tool/applications.rb +0 -1
- data/lib/puppet/module_tool/applications/installer.rb +2 -52
- data/lib/puppet/module_tool/errors/shared.rb +2 -34
- data/lib/puppet/network/authconfig.rb +2 -96
- data/lib/puppet/network/authorization.rb +13 -35
- data/lib/puppet/network/formats.rb +0 -67
- data/lib/puppet/network/http.rb +3 -3
- data/lib/puppet/network/http/api/indirected_routes.rb +2 -20
- data/lib/puppet/network/http/api/master/v3.rb +11 -13
- data/lib/puppet/network/http/connection.rb +247 -316
- data/lib/puppet/network/http/handler.rb +0 -1
- data/lib/puppet/network/http_pool.rb +16 -34
- data/lib/puppet/node.rb +1 -30
- data/lib/puppet/pal/json_catalog_encoder.rb +4 -0
- data/lib/puppet/pal/pal_impl.rb +3 -1
- data/lib/puppet/parser/ast/leaf.rb +2 -3
- data/lib/puppet/parser/ast/pops_bridge.rb +0 -38
- data/lib/puppet/parser/compiler.rb +0 -198
- data/lib/puppet/parser/compiler/catalog_validator/relationship_validator.rb +14 -39
- data/lib/puppet/parser/functions/fqdn_rand.rb +6 -14
- data/lib/puppet/parser/resource.rb +0 -69
- data/lib/puppet/parser/templatewrapper.rb +1 -1
- data/lib/puppet/pops/evaluator/deferred_resolver.rb +3 -5
- data/lib/puppet/pops/evaluator/evaluator_impl.rb +0 -5
- data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +3 -3
- data/lib/puppet/pops/evaluator/runtime3_support.rb +1 -1
- data/lib/puppet/pops/issues.rb +0 -5
- data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +6 -8
- data/lib/puppet/pops/model/ast.pp +0 -42
- data/lib/puppet/pops/model/ast.rb +0 -290
- data/lib/puppet/pops/model/ast_transformer.rb +1 -1
- data/lib/puppet/pops/model/factory.rb +0 -45
- data/lib/puppet/pops/model/model_label_provider.rb +0 -5
- data/lib/puppet/pops/model/model_tree_dumper.rb +0 -22
- data/lib/puppet/pops/model/pn_transformer.rb +0 -16
- data/lib/puppet/pops/parser/egrammar.ra +0 -56
- data/lib/puppet/pops/parser/eparser.rb +1520 -1712
- data/lib/puppet/pops/parser/lexer2.rb +4 -4
- data/lib/puppet/pops/parser/parser_support.rb +0 -5
- data/lib/puppet/pops/resource/resource_type_impl.rb +2 -24
- data/lib/puppet/pops/types/p_sem_ver_type.rb +2 -8
- data/lib/puppet/pops/types/p_sensitive_type.rb +0 -10
- data/lib/puppet/pops/types/type_calculator.rb +0 -7
- data/lib/puppet/pops/types/type_mismatch_describer.rb +1 -1
- data/lib/puppet/pops/types/type_parser.rb +0 -4
- data/lib/puppet/pops/types/types.rb +0 -1
- data/lib/puppet/pops/validation/checker4_0.rb +9 -37
- data/lib/puppet/pops/validation/tasks_checker.rb +0 -12
- data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -2
- data/lib/puppet/property/list.rb +1 -1
- data/lib/puppet/provider.rb +0 -13
- data/lib/puppet/provider/exec/posix.rb +4 -16
- data/lib/puppet/provider/group/groupadd.rb +8 -13
- data/lib/puppet/provider/nameservice.rb +0 -18
- data/lib/puppet/provider/package/apt.rb +2 -34
- data/lib/puppet/provider/package/aptitude.rb +0 -6
- data/lib/puppet/provider/package/dnfmodule.rb +1 -1
- data/lib/puppet/provider/package/dpkg.rb +0 -10
- data/lib/puppet/provider/package/gem.rb +23 -3
- data/lib/puppet/provider/package/nim.rb +6 -11
- data/lib/puppet/provider/package/pip.rb +3 -16
- data/lib/puppet/provider/package/pkg.rb +0 -4
- data/lib/puppet/provider/package/portage.rb +1 -1
- data/lib/puppet/provider/package/puppet_gem.rb +1 -4
- data/lib/puppet/provider/parsedfile.rb +0 -3
- data/lib/puppet/provider/service/debian.rb +0 -2
- data/lib/puppet/provider/service/smf.rb +191 -73
- data/lib/puppet/provider/service/systemd.rb +4 -14
- data/lib/puppet/provider/service/windows.rb +0 -38
- data/lib/puppet/provider/user/aix.rb +2 -2
- data/lib/puppet/provider/user/directoryservice.rb +10 -33
- data/lib/puppet/provider/user/useradd.rb +8 -62
- data/lib/puppet/reference/configuration.rb +8 -7
- data/lib/puppet/reference/indirection.rb +1 -1
- data/lib/puppet/resource.rb +1 -89
- data/lib/puppet/resource/catalog.rb +1 -14
- data/lib/puppet/resource/type.rb +3 -119
- data/lib/puppet/resource/type_collection.rb +3 -48
- data/lib/puppet/runtime.rb +1 -2
- data/lib/puppet/settings.rb +80 -96
- data/lib/puppet/settings/environment_conf.rb +0 -1
- data/lib/puppet/settings/integer_setting.rb +17 -0
- data/lib/puppet/settings/port_setting.rb +15 -0
- data/lib/puppet/settings/priority_setting.rb +5 -4
- data/lib/puppet/ssl.rb +10 -6
- data/lib/puppet/ssl/base.rb +3 -5
- data/lib/puppet/ssl/certificate.rb +0 -6
- data/lib/puppet/ssl/certificate_request.rb +1 -12
- data/lib/puppet/ssl/certificate_signer.rb +6 -0
- data/lib/puppet/ssl/oids.rb +3 -1
- data/lib/puppet/ssl/ssl_provider.rb +17 -0
- data/lib/puppet/ssl/state_machine.rb +3 -1
- data/lib/puppet/ssl/verifier.rb +2 -0
- data/lib/puppet/test/test_helper.rb +1 -3
- data/lib/puppet/transaction.rb +1 -7
- data/lib/puppet/transaction/additional_resource_generator.rb +1 -1
- data/lib/puppet/transaction/report.rb +2 -4
- data/lib/puppet/type.rb +0 -76
- data/lib/puppet/type/exec.rb +3 -16
- data/lib/puppet/type/file.rb +6 -26
- data/lib/puppet/type/file/checksum.rb +1 -1
- data/lib/puppet/type/file/mode.rb +0 -6
- data/lib/puppet/type/file/selcontext.rb +1 -1
- data/lib/puppet/type/file/source.rb +1 -1
- data/lib/puppet/type/filebucket.rb +3 -3
- data/lib/puppet/type/package.rb +8 -16
- data/lib/puppet/type/service.rb +38 -18
- data/lib/puppet/type/tidy.rb +3 -22
- data/lib/puppet/type/user.rb +20 -38
- data/lib/puppet/util/autoload.rb +8 -1
- data/lib/puppet/util/execution.rb +0 -11
- data/lib/puppet/util/http_proxy.rb +2 -215
- data/lib/puppet/util/monkey_patches.rb +0 -53
- data/lib/puppet/util/posix.rb +5 -54
- data/lib/puppet/util/rdoc.rb +0 -7
- data/lib/puppet/util/retry_action.rb +1 -1
- data/lib/puppet/util/run_mode.rb +9 -1
- data/lib/puppet/util/selinux.rb +4 -30
- data/lib/puppet/util/symbolic_file_mode.rb +17 -29
- data/lib/puppet/util/windows.rb +3 -8
- data/lib/puppet/util/windows/adsi.rb +0 -46
- data/lib/puppet/util/windows/daemon.rb +360 -0
- data/lib/puppet/util/windows/error.rb +1 -0
- data/lib/puppet/util/windows/eventlog.rb +4 -9
- data/lib/puppet/util/windows/file.rb +8 -242
- data/lib/puppet/util/windows/monkey_patches/process.rb +414 -0
- data/lib/puppet/util/windows/principal.rb +2 -9
- data/lib/puppet/util/windows/process.rb +4 -226
- data/lib/puppet/util/windows/service.rb +9 -460
- data/lib/puppet/util/windows/sid.rb +2 -6
- data/lib/puppet/util/windows/string.rb +12 -13
- data/lib/puppet/util/yaml.rb +0 -22
- data/lib/puppet/vendor/require_vendored.rb +0 -1
- data/lib/puppet/version.rb +1 -1
- data/lib/puppet/x509.rb +5 -1
- data/lib/puppet/x509/cert_provider.rb +29 -1
- data/locales/puppet.pot +722 -1527
- data/man/man5/puppet.conf.5 +266 -354
- data/man/man8/puppet-agent.8 +2 -2
- data/man/man8/puppet-apply.8 +2 -2
- data/man/man8/puppet-catalog.8 +9 -9
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +2 -2
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +8 -51
- data/man/man8/puppet-filebucket.8 +4 -4
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-module.8 +1 -58
- data/man/man8/puppet-node.8 +5 -5
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +5 -5
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +2 -2
- data/man/man8/puppet-ssl.8 +1 -5
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/ssl/127.0.0.1-key.pem +57 -107
- data/spec/fixtures/ssl/127.0.0.1.pem +31 -52
- data/spec/fixtures/ssl/bad-basic-constraints.pem +35 -57
- data/spec/fixtures/ssl/bad-int-basic-constraints.pem +35 -57
- data/spec/fixtures/ssl/ca.pem +35 -57
- data/spec/fixtures/ssl/crl.pem +18 -28
- data/spec/fixtures/ssl/ec-key.pem +11 -11
- data/spec/fixtures/ssl/ec.pem +24 -33
- data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
- data/spec/fixtures/ssl/encrypted-key.pem +58 -108
- data/spec/fixtures/ssl/intermediate-agent-crl.pem +19 -28
- data/spec/fixtures/ssl/intermediate-agent.pem +36 -57
- data/spec/fixtures/ssl/intermediate-crl.pem +21 -31
- data/spec/fixtures/ssl/intermediate.pem +36 -57
- data/spec/fixtures/ssl/pluto-key.pem +57 -107
- data/spec/fixtures/ssl/pluto.pem +30 -52
- data/spec/fixtures/ssl/request-key.pem +57 -107
- data/spec/fixtures/ssl/request.pem +26 -47
- data/spec/fixtures/ssl/revoked-key.pem +57 -107
- data/spec/fixtures/ssl/revoked.pem +30 -52
- data/spec/fixtures/ssl/signed-key.pem +57 -107
- data/spec/fixtures/ssl/signed.pem +30 -52
- data/spec/fixtures/ssl/tampered-cert.pem +30 -52
- data/spec/fixtures/ssl/tampered-csr.pem +26 -47
- data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +57 -107
- data/spec/fixtures/ssl/unknown-127.0.0.1.pem +29 -50
- data/spec/fixtures/ssl/unknown-ca-key.pem +57 -107
- data/spec/fixtures/ssl/unknown-ca.pem +33 -55
- data/spec/fixtures/unit/provider/service/smf/{svcs.out → svcs_instances.out} +0 -0
- data/spec/fixtures/unit/provider/user/aix/aix_passwd_file.out +0 -4
- data/spec/integration/application/agent_spec.rb +27 -171
- data/spec/integration/application/apply_spec.rb +1 -20
- data/spec/integration/application/filebucket_spec.rb +16 -27
- data/spec/integration/application/help_spec.rb +2 -0
- data/spec/integration/application/module_spec.rb +0 -21
- data/spec/integration/application/plugin_spec.rb +24 -2
- data/spec/integration/defaults_spec.rb +14 -3
- data/spec/integration/environments/settings_interpolation_spec.rb +4 -0
- data/spec/integration/http/client_spec.rb +0 -12
- data/spec/integration/indirector/direct_file_server_spec.rb +3 -1
- data/spec/integration/indirector/facts/facter_spec.rb +36 -90
- data/spec/integration/network/http_pool_spec.rb +3 -21
- data/spec/integration/parser/catalog_spec.rb +0 -38
- data/spec/integration/parser/node_spec.rb +0 -9
- data/spec/integration/parser/pcore_resource_spec.rb +0 -37
- data/spec/integration/resource/type_collection_spec.rb +6 -2
- data/spec/integration/transaction_spec.rb +9 -4
- data/spec/integration/type/exec_spec.rb +45 -70
- data/spec/integration/type/file_spec.rb +5 -4
- data/spec/integration/util/windows/adsi_spec.rb +1 -21
- data/spec/integration/util/windows/monkey_patches/process_spec.rb +231 -0
- data/spec/integration/util/windows/principal_spec.rb +0 -21
- data/spec/integration/util/windows/registry_spec.rb +10 -6
- data/spec/integration/util/windows/security_spec.rb +1 -1
- data/spec/lib/matchers/include.rb +27 -0
- data/spec/lib/matchers/include_spec.rb +32 -0
- data/spec/lib/puppet/test_ca.rb +2 -7
- data/spec/lib/puppet_spec/puppetserver.rb +1 -1
- data/spec/lib/puppet_spec/settings.rb +1 -1
- data/spec/spec_helper.rb +7 -12
- data/spec/unit/agent_spec.rb +6 -10
- data/spec/unit/application/agent_spec.rb +3 -7
- data/spec/unit/application/facts_spec.rb +12 -456
- data/spec/unit/application/filebucket_spec.rb +43 -39
- data/spec/unit/application/ssl_spec.rb +2 -25
- data/spec/unit/application_spec.rb +9 -51
- data/spec/unit/certificate_factory_spec.rb +1 -1
- data/spec/unit/configurer/downloader_spec.rb +6 -8
- data/spec/unit/configurer/plugin_handler_spec.rb +56 -18
- data/spec/unit/configurer_spec.rb +12 -32
- data/spec/unit/confine/feature_spec.rb +1 -1
- data/spec/unit/confine_spec.rb +2 -8
- data/spec/unit/context/trusted_information_spec.rb +2 -6
- data/spec/unit/defaults_spec.rb +68 -54
- data/spec/unit/environments_spec.rb +68 -259
- data/spec/unit/face/node_spec.rb +11 -0
- data/spec/unit/face/plugin_spec.rb +73 -33
- data/spec/unit/file_bucket/file_spec.rb +1 -1
- data/spec/unit/file_serving/configuration/parser_spec.rb +15 -18
- data/spec/unit/file_serving/configuration_spec.rb +6 -12
- data/spec/unit/file_serving/fileset_spec.rb +0 -60
- data/spec/unit/file_serving/metadata_spec.rb +3 -3
- data/spec/unit/file_serving/terminus_helper_spec.rb +4 -11
- data/spec/unit/file_system_spec.rb +0 -15
- data/spec/unit/forge/module_release_spec.rb +7 -2
- data/spec/unit/functions/assert_type_spec.rb +1 -1
- data/spec/unit/functions/camelcase_spec.rb +1 -1
- data/spec/unit/functions/capitalize_spec.rb +1 -1
- data/spec/unit/functions/downcase_spec.rb +1 -1
- data/spec/unit/functions/empty_spec.rb +0 -10
- data/spec/unit/functions/unwrap_spec.rb +0 -8
- data/spec/unit/functions/upcase_spec.rb +1 -1
- data/spec/unit/functions4_spec.rb +2 -2
- data/spec/unit/gettext/config_spec.rb +0 -12
- data/spec/unit/http/client_spec.rb +7 -8
- data/spec/unit/{network/resolver_spec.rb → http/dns_spec.rb} +3 -3
- data/spec/unit/http/external_client_spec.rb +4 -4
- data/spec/unit/{network/http → http}/factory_spec.rb +5 -30
- data/spec/unit/{network/http/session_spec.rb → http/pool_entry_spec.rb} +3 -3
- data/spec/unit/{network/http → http}/pool_spec.rb +12 -17
- data/spec/unit/{util/http_proxy_spec.rb → http/proxy_spec.rb} +2 -69
- data/spec/unit/http/resolver_spec.rb +13 -13
- data/spec/unit/http/service/compiler_spec.rb +0 -185
- data/spec/unit/http/service/file_server_spec.rb +3 -3
- data/spec/unit/http/service/puppetserver_spec.rb +34 -4
- data/spec/unit/http/service_spec.rb +0 -1
- data/spec/unit/http/session_spec.rb +16 -14
- data/spec/unit/{network/http → http}/site_spec.rb +3 -3
- data/spec/unit/indirector/catalog/compiler_spec.rb +10 -14
- data/spec/unit/indirector/face_spec.rb +1 -0
- data/spec/unit/indirector/facts/facter_spec.rb +3 -0
- data/spec/unit/indirector/file_bucket_file/file_spec.rb +5 -3
- data/spec/unit/indirector/file_bucket_file/selector_spec.rb +8 -26
- data/spec/unit/indirector/file_content/rest_spec.rb +0 -4
- data/spec/unit/indirector/file_metadata/rest_spec.rb +0 -4
- data/spec/unit/indirector/file_server_spec.rb +1 -15
- data/spec/unit/indirector/indirection_spec.rb +12 -8
- data/spec/unit/indirector/report/rest_spec.rb +2 -17
- data/spec/unit/indirector/request_spec.rb +0 -264
- data/spec/unit/indirector/resource/ral_spec.rb +75 -40
- data/spec/unit/indirector/rest_spec.rb +98 -752
- data/spec/unit/indirector_spec.rb +2 -2
- data/spec/unit/module_tool/applications/installer_spec.rb +0 -78
- data/spec/unit/network/authconfig_spec.rb +2 -129
- data/spec/unit/network/authorization_spec.rb +2 -55
- data/spec/unit/network/formats_spec.rb +4 -45
- data/spec/unit/network/http/api/indirected_routes_spec.rb +5 -92
- data/spec/unit/network/http/api/master/v3_spec.rb +28 -7
- data/spec/unit/network/http/api_spec.rb +10 -0
- data/spec/unit/network/http/connection_spec.rb +19 -41
- data/spec/unit/network/http/handler_spec.rb +0 -1
- data/spec/unit/network/http_pool_spec.rb +0 -4
- data/spec/unit/node/environment_spec.rb +33 -21
- data/spec/unit/node_spec.rb +2 -54
- data/spec/unit/parser/compiler_spec.rb +19 -3
- data/spec/unit/parser/functions/create_resources_spec.rb +2 -20
- data/spec/unit/parser/functions/fqdn_rand_spec.rb +1 -15
- data/spec/unit/parser/resource_spec.rb +8 -14
- data/spec/unit/parser/templatewrapper_spec.rb +5 -16
- data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +4 -7
- data/spec/unit/pops/loaders/loaders_spec.rb +6 -21
- data/spec/unit/pops/parser/parse_application_spec.rb +4 -22
- data/spec/unit/pops/parser/parse_basic_expressions_spec.rb +0 -1
- data/spec/unit/pops/parser/parse_capabilities_spec.rb +8 -21
- data/spec/unit/pops/parser/parse_site_spec.rb +20 -24
- data/spec/unit/pops/resource/resource_type_impl_spec.rb +0 -71
- data/spec/unit/pops/serialization/to_from_hr_spec.rb +1 -1
- data/spec/unit/pops/types/p_sem_ver_type_spec.rb +0 -18
- data/spec/unit/pops/types/p_sensitive_type_spec.rb +0 -18
- data/spec/unit/pops/types/type_calculator_spec.rb +6 -6
- data/spec/unit/pops/types/type_factory_spec.rb +1 -1
- data/spec/unit/pops/validator/validator_spec.rb +61 -46
- data/spec/unit/pops/visitor_spec.rb +1 -1
- data/spec/unit/property_spec.rb +0 -1
- data/spec/unit/provider/group/groupadd_spec.rb +2 -5
- data/spec/unit/provider/nameservice_spec.rb +64 -122
- data/spec/unit/provider/package/apt_spec.rb +23 -28
- data/spec/unit/provider/package/aptitude_spec.rb +1 -1
- data/spec/unit/provider/package/base_spec.rb +5 -6
- data/spec/unit/provider/package/dnfmodule_spec.rb +1 -10
- data/spec/unit/provider/package/dpkg_spec.rb +0 -48
- data/spec/unit/provider/package/gem_spec.rb +32 -0
- data/spec/unit/provider/package/nim_spec.rb +0 -42
- data/spec/unit/provider/package/pacman_spec.rb +12 -18
- data/spec/unit/provider/package/pip_spec.rb +11 -43
- data/spec/unit/provider/package/pkgdmg_spec.rb +4 -0
- data/spec/unit/provider/package/puppet_gem_spec.rb +3 -2
- data/spec/unit/provider/parsedfile_spec.rb +0 -10
- data/spec/unit/provider/service/init_spec.rb +0 -1
- data/spec/unit/provider/service/openwrt_spec.rb +1 -3
- data/spec/unit/provider/service/smf_spec.rb +401 -165
- data/spec/unit/provider/service/systemd_spec.rb +8 -53
- data/spec/unit/provider/service/windows_spec.rb +0 -203
- data/spec/unit/provider/user/aix_spec.rb +0 -5
- data/spec/unit/provider/user/directoryservice_spec.rb +35 -67
- data/spec/unit/provider/user/hpux_spec.rb +1 -1
- data/spec/unit/provider/user/pw_spec.rb +0 -2
- data/spec/unit/provider/user/useradd_spec.rb +3 -71
- data/spec/unit/provider_spec.rb +8 -18
- data/spec/unit/resource/catalog_spec.rb +1 -1
- data/spec/unit/resource/type_collection_spec.rb +2 -22
- data/spec/unit/resource/type_spec.rb +1 -1
- data/spec/unit/resource_spec.rb +10 -67
- data/spec/unit/settings/http_extra_headers_spec.rb +2 -4
- data/spec/unit/settings/integer_setting_spec.rb +42 -0
- data/spec/unit/settings/port_setting_spec.rb +31 -0
- data/spec/unit/settings/priority_setting_spec.rb +4 -4
- data/spec/unit/settings_spec.rb +79 -110
- data/spec/unit/ssl/base_spec.rb +37 -3
- data/spec/unit/ssl/certificate_request_spec.rb +15 -45
- data/spec/unit/ssl/certificate_spec.rb +2 -11
- data/spec/unit/ssl/ssl_provider_spec.rb +2 -5
- data/spec/unit/ssl/state_machine_spec.rb +5 -20
- data/spec/unit/ssl/verifier_spec.rb +0 -21
- data/spec/unit/transaction/additional_resource_generator_spec.rb +9 -3
- data/spec/unit/transaction/event_manager_spec.rb +11 -14
- data/spec/unit/transaction/report_spec.rb +0 -2
- data/spec/unit/transaction/resource_harness_spec.rb +2 -2
- data/spec/unit/transaction_spec.rb +55 -96
- data/spec/unit/type/exec_spec.rb +29 -76
- data/spec/unit/type/file/checksum_spec.rb +6 -6
- data/spec/unit/type/file/content_spec.rb +2 -1
- data/spec/unit/type/file/ensure_spec.rb +1 -1
- data/spec/unit/type/file/mode_spec.rb +1 -1
- data/spec/unit/type/file/selinux_spec.rb +5 -3
- data/spec/unit/type/file/source_spec.rb +4 -5
- data/spec/unit/type/file_spec.rb +18 -6
- data/spec/unit/type/group_spec.rb +6 -13
- data/spec/unit/type/package_spec.rb +1 -1
- data/spec/unit/type/resources_spec.rb +7 -7
- data/spec/unit/type/service_spec.rb +189 -60
- data/spec/unit/type/tidy_spec.rb +8 -24
- data/spec/unit/type/user_spec.rb +0 -45
- data/spec/unit/type_spec.rb +22 -2
- data/spec/unit/util/at_fork_spec.rb +2 -2
- data/spec/unit/util/autoload_spec.rb +1 -5
- data/spec/unit/util/backups_spec.rb +2 -3
- data/spec/unit/util/execution_spec.rb +11 -44
- data/spec/unit/util/inifile_spec.rb +14 -6
- data/spec/unit/util/log_spec.rb +7 -8
- data/spec/unit/util/logging_spec.rb +3 -3
- data/spec/unit/util/monkey_patches_spec.rb +0 -6
- data/spec/unit/util/posix_spec.rb +15 -363
- data/spec/unit/util/run_mode_spec.rb +21 -121
- data/spec/unit/util/selinux_spec.rb +68 -163
- data/spec/unit/util/storage_spec.rb +1 -3
- data/spec/unit/util/suidmanager_spec.rb +41 -44
- data/spec/unit/util/windows/sid_spec.rb +0 -41
- data/spec/unit/util/windows/string_spec.rb +1 -3
- data/spec/unit/util/yaml_spec.rb +0 -54
- data/spec/unit/util_spec.rb +6 -31
- data/tasks/generate_cert_fixtures.rake +3 -12
- metadata +45 -253
- data/conf/auth.conf +0 -150
- data/lib/puppet/application/cert.rb +0 -76
- data/lib/puppet/application/key.rb +0 -4
- data/lib/puppet/application/man.rb +0 -4
- data/lib/puppet/application/status.rb +0 -4
- data/lib/puppet/face/key.rb +0 -16
- data/lib/puppet/face/man.rb +0 -145
- data/lib/puppet/face/module/build.rb +0 -14
- data/lib/puppet/face/module/generate.rb +0 -14
- data/lib/puppet/face/module/search.rb +0 -103
- data/lib/puppet/face/status.rb +0 -51
- data/lib/puppet/ffi/posix.rb +0 -10
- data/lib/puppet/ffi/posix/constants.rb +0 -14
- data/lib/puppet/ffi/posix/functions.rb +0 -24
- data/lib/puppet/indirector/certificate/file.rb +0 -9
- data/lib/puppet/indirector/certificate/rest.rb +0 -18
- data/lib/puppet/indirector/certificate_request/file.rb +0 -9
- data/lib/puppet/indirector/certificate_request/memory.rb +0 -7
- data/lib/puppet/indirector/certificate_request/rest.rb +0 -11
- data/lib/puppet/indirector/file_content/http.rb +0 -22
- data/lib/puppet/indirector/key/file.rb +0 -46
- data/lib/puppet/indirector/key/memory.rb +0 -7
- data/lib/puppet/indirector/ssl_file.rb +0 -162
- data/lib/puppet/indirector/status.rb +0 -3
- data/lib/puppet/indirector/status/local.rb +0 -12
- data/lib/puppet/indirector/status/rest.rb +0 -27
- data/lib/puppet/module_tool/applications/searcher.rb +0 -29
- data/lib/puppet/network/auth_config_parser.rb +0 -90
- data/lib/puppet/network/authstore.rb +0 -283
- data/lib/puppet/network/http/api/master/v3/authorization.rb +0 -18
- data/lib/puppet/network/http/api/master/v3/environment.rb +0 -88
- data/lib/puppet/network/http/base_pool.rb +0 -36
- data/lib/puppet/network/http/compression.rb +0 -127
- data/lib/puppet/network/http/connection_adapter.rb +0 -184
- data/lib/puppet/network/http/nocache_pool.rb +0 -28
- data/lib/puppet/network/rest_controller.rb +0 -2
- data/lib/puppet/network/rights.rb +0 -210
- data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +0 -66
- data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +0 -22
- data/lib/puppet/parser/environment_compiler.rb +0 -202
- data/lib/puppet/pops/types/enumeration.rb +0 -16
- data/lib/puppet/resource/capability_finder.rb +0 -154
- data/lib/puppet/rest/errors.rb +0 -15
- data/lib/puppet/rest/response.rb +0 -35
- data/lib/puppet/rest/route.rb +0 -85
- data/lib/puppet/rest/routes.rb +0 -135
- data/lib/puppet/settings/alias_setting.rb +0 -37
- data/lib/puppet/ssl/host.rb +0 -505
- data/lib/puppet/ssl/key.rb +0 -61
- data/lib/puppet/ssl/validator.rb +0 -61
- data/lib/puppet/ssl/validator/default_validator.rb +0 -209
- data/lib/puppet/ssl/validator/no_validator.rb +0 -22
- data/lib/puppet/ssl/verifier_adapter.rb +0 -58
- data/lib/puppet/status.rb +0 -40
- data/lib/puppet/util/connection.rb +0 -88
- data/lib/puppet/util/fact_dif.rb +0 -81
- data/lib/puppet/util/ssl.rb +0 -83
- data/lib/puppet/util/windows/api_types.rb +0 -309
- data/lib/puppet/util/windows/monkey_patches/dir.rb +0 -40
- data/lib/puppet/vendor/load_pathspec.rb +0 -1
- data/lib/puppet/vendor/pathspec/CHANGELOG.md +0 -2
- data/lib/puppet/vendor/pathspec/LICENSE +0 -201
- data/lib/puppet/vendor/pathspec/PUPPET_README.md +0 -6
- data/lib/puppet/vendor/pathspec/README.md +0 -53
- data/lib/puppet/vendor/pathspec/lib/pathspec.rb +0 -122
- data/lib/puppet/vendor/pathspec/lib/pathspec/gitignorespec.rb +0 -275
- data/lib/puppet/vendor/pathspec/lib/pathspec/regexspec.rb +0 -17
- data/lib/puppet/vendor/pathspec/lib/pathspec/spec.rb +0 -14
- data/man/man8/puppet-key.8 +0 -126
- data/man/man8/puppet-man.8 +0 -76
- data/man/man8/puppet-status.8 +0 -108
- data/spec/fixtures/integration/application/agent/cached_deferred_catalog.json +0 -91
- data/spec/fixtures/ssl/oid-key.pem +0 -117
- data/spec/fixtures/ssl/oid.pem +0 -69
- data/spec/fixtures/ssl/trusted_oid_mapping.yaml +0 -5
- data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services_vendor_preset +0 -9
- data/spec/integration/application/resource_spec.rb +0 -64
- data/spec/integration/application/ssl_spec.rb +0 -20
- data/spec/integration/network/authconfig_spec.rb +0 -256
- data/spec/integration/util/windows/monkey_patches/dir_spec.rb +0 -11
- data/spec/unit/application/man_spec.rb +0 -52
- data/spec/unit/capability_spec.rb +0 -414
- data/spec/unit/face/key_spec.rb +0 -9
- data/spec/unit/face/module/search_spec.rb +0 -231
- data/spec/unit/face/status_spec.rb +0 -9
- data/spec/unit/indirector/certificate/file_spec.rb +0 -14
- data/spec/unit/indirector/certificate/rest_spec.rb +0 -61
- data/spec/unit/indirector/certificate_request/file_spec.rb +0 -14
- data/spec/unit/indirector/certificate_request/rest_spec.rb +0 -25
- data/spec/unit/indirector/key/file_spec.rb +0 -78
- data/spec/unit/indirector/ssl_file_spec.rb +0 -305
- data/spec/unit/indirector/status/local_spec.rb +0 -10
- data/spec/unit/indirector/status/rest_spec.rb +0 -50
- data/spec/unit/module_tool/applications/searcher_spec.rb +0 -38
- data/spec/unit/network/auth_config_parser_spec.rb +0 -115
- data/spec/unit/network/authstore_spec.rb +0 -422
- data/spec/unit/network/http/api/master/v3/authorization_spec.rb +0 -57
- data/spec/unit/network/http/api/master/v3/environment_spec.rb +0 -185
- data/spec/unit/network/http/compression_spec.rb +0 -240
- data/spec/unit/network/http/nocache_pool_spec.rb +0 -64
- data/spec/unit/network/http_spec.rb +0 -9
- data/spec/unit/network/rights_spec.rb +0 -439
- data/spec/unit/parser/environment_compiler_spec.rb +0 -730
- data/spec/unit/pops/evaluator/deferred_resolver_spec.rb +0 -20
- data/spec/unit/pops/types/enumeration_spec.rb +0 -51
- data/spec/unit/resource/capability_finder_spec.rb +0 -148
- data/spec/unit/rest/route_spec.rb +0 -132
- data/spec/unit/ssl/host_spec.rb +0 -645
- data/spec/unit/ssl/key_spec.rb +0 -173
- data/spec/unit/ssl/validator_spec.rb +0 -278
- data/spec/unit/status_spec.rb +0 -45
- data/spec/unit/util/ssl_spec.rb +0 -91
@@ -1,36 +0,0 @@
|
|
1
|
-
# Base pool for HTTP connections.
|
2
|
-
#
|
3
|
-
# @api private
|
4
|
-
class Puppet::Network::HTTP::BasePool
|
5
|
-
def start(site, verifier, http)
|
6
|
-
Puppet.debug("Starting connection for #{site}")
|
7
|
-
if site.use_ssl?
|
8
|
-
verifier.setup_connection(http)
|
9
|
-
begin
|
10
|
-
http.start
|
11
|
-
print_ssl_info(http) if Puppet::Util::Log.sendlevel?(:debug)
|
12
|
-
rescue OpenSSL::SSL::SSLError => error
|
13
|
-
verifier.handle_connection_error(http, error)
|
14
|
-
end
|
15
|
-
else
|
16
|
-
http.start
|
17
|
-
end
|
18
|
-
end
|
19
|
-
|
20
|
-
private
|
21
|
-
|
22
|
-
def print_ssl_info(http)
|
23
|
-
buffered_io = http.instance_variable_get(:@socket)
|
24
|
-
return unless buffered_io
|
25
|
-
|
26
|
-
socket = buffered_io.io
|
27
|
-
return unless socket
|
28
|
-
|
29
|
-
cipher = if Puppet::Util::Platform.jruby?
|
30
|
-
socket.cipher
|
31
|
-
else
|
32
|
-
socket.cipher.first
|
33
|
-
end
|
34
|
-
Puppet.debug("Using #{socket.ssl_version} with cipher #{cipher}")
|
35
|
-
end
|
36
|
-
end
|
@@ -1,127 +0,0 @@
|
|
1
|
-
require 'puppet/network/http'
|
2
|
-
|
3
|
-
module Puppet::Network::HTTP::Compression
|
4
|
-
# from https://github.com/ruby/ruby/blob/v2_1_3/lib/net/http/generic_request.rb#L40
|
5
|
-
ACCEPT_ENCODING = "gzip;q=1.0,deflate;q=0.6,identity;q=0.3"
|
6
|
-
|
7
|
-
# this module function allows to use the right underlying
|
8
|
-
# methods depending on zlib presence
|
9
|
-
def module
|
10
|
-
return(Puppet.features.zlib? ? Active : None)
|
11
|
-
end
|
12
|
-
module_function :module
|
13
|
-
|
14
|
-
module Active
|
15
|
-
require 'zlib'
|
16
|
-
require 'stringio'
|
17
|
-
|
18
|
-
# return an uncompressed body if the response has been
|
19
|
-
# compressed
|
20
|
-
def uncompress_body(response)
|
21
|
-
case response['content-encoding']
|
22
|
-
when 'gzip'
|
23
|
-
Puppet.deprecation_warning(_('Puppet::Network::HTTP::Compression::Active#uncompress_body is deprecated.'))
|
24
|
-
# ZLib::GzipReader has an associated encoding, by default Encoding.default_external
|
25
|
-
return Zlib::GzipReader.new(StringIO.new(response.body), :encoding => Encoding::BINARY).read
|
26
|
-
when 'deflate'
|
27
|
-
Puppet.deprecation_warning(_('Puppet::Network::HTTP::Compression::Active#uncompress_body is deprecated.'))
|
28
|
-
return Zlib::Inflate.new.inflate(response.body)
|
29
|
-
when nil, 'identity'
|
30
|
-
return response.body
|
31
|
-
else
|
32
|
-
raise Net::HTTPError.new(_("Unknown content encoding - %{encoding}") % { encoding: response['content-encoding'] }, response)
|
33
|
-
end
|
34
|
-
end
|
35
|
-
|
36
|
-
def uncompress(response)
|
37
|
-
Puppet.deprecation_warning(_('Puppet::Network::HTTP::Compression::Active#uncompress is deprecated.'))
|
38
|
-
raise Net::HTTPError.new("No block passed", response) unless block_given?
|
39
|
-
|
40
|
-
case response['content-encoding']
|
41
|
-
when 'gzip','deflate'
|
42
|
-
uncompressor = ZlibAdapter.new
|
43
|
-
when nil, 'identity'
|
44
|
-
uncompressor = IdentityAdapter.new
|
45
|
-
else
|
46
|
-
raise Net::HTTPError.new(_("Unknown content encoding - %{encoding}") % { encoding: response['content-encoding'] }, response)
|
47
|
-
end
|
48
|
-
|
49
|
-
begin
|
50
|
-
yield uncompressor
|
51
|
-
ensure
|
52
|
-
uncompressor.close
|
53
|
-
end
|
54
|
-
end
|
55
|
-
|
56
|
-
def add_accept_encoding(headers={})
|
57
|
-
headers['accept-encoding'] = Puppet::Network::HTTP::Compression::ACCEPT_ENCODING
|
58
|
-
headers
|
59
|
-
end
|
60
|
-
|
61
|
-
# This adapters knows how to uncompress both 'zlib' stream (the deflate algorithm from Content-Encoding)
|
62
|
-
# and GZip streams.
|
63
|
-
class ZlibAdapter
|
64
|
-
def initialize(uncompressor = Zlib::Inflate.new(15 + 32))
|
65
|
-
# Create an inflater that knows to parse GZip streams and zlib streams.
|
66
|
-
# This uses a property of the C Zlib library, documented as follow:
|
67
|
-
# windowBits can also be greater than 15 for optional gzip decoding. Add
|
68
|
-
# 32 to windowBits to enable zlib and gzip decoding with automatic header
|
69
|
-
# detection, or add 16 to decode only the gzip format (the zlib format will
|
70
|
-
# return a Z_DATA_ERROR). If a gzip stream is being decoded, strm->adler is
|
71
|
-
# a crc32 instead of an adler32.
|
72
|
-
@uncompressor = uncompressor
|
73
|
-
@first = true
|
74
|
-
end
|
75
|
-
|
76
|
-
def uncompress(chunk)
|
77
|
-
Puppet.deprecation_warning(_('Puppet::Network::HTTP::Compression::ZlibAdapter#uncompress is deprecated.'))
|
78
|
-
out = @uncompressor.inflate(chunk)
|
79
|
-
@first = false
|
80
|
-
return out
|
81
|
-
rescue Zlib::DataError
|
82
|
-
# it can happen that we receive a raw deflate stream
|
83
|
-
# which might make our inflate throw a data error.
|
84
|
-
# in this case, we try with a verbatim (no header)
|
85
|
-
# deflater.
|
86
|
-
@uncompressor = Zlib::Inflate.new
|
87
|
-
if @first then
|
88
|
-
@first = false
|
89
|
-
retry
|
90
|
-
end
|
91
|
-
raise
|
92
|
-
end
|
93
|
-
|
94
|
-
def close
|
95
|
-
@uncompressor.finish
|
96
|
-
ensure
|
97
|
-
@uncompressor.close
|
98
|
-
end
|
99
|
-
end
|
100
|
-
end
|
101
|
-
|
102
|
-
module None
|
103
|
-
def uncompress_body(response)
|
104
|
-
Puppet.deprecation_warning(_('Puppet::Network::HTTP::Compression::None#uncompress_body is deprecated.'))
|
105
|
-
response.body
|
106
|
-
end
|
107
|
-
|
108
|
-
def add_accept_encoding(headers)
|
109
|
-
headers
|
110
|
-
end
|
111
|
-
|
112
|
-
def uncompress(response)
|
113
|
-
Puppet.deprecation_warning(_('Puppet::Network::HTTP::Compression::None#uncompress is deprecated.'))
|
114
|
-
yield IdentityAdapter.new
|
115
|
-
end
|
116
|
-
end
|
117
|
-
|
118
|
-
class IdentityAdapter
|
119
|
-
def uncompress(chunk)
|
120
|
-
Puppet.deprecation_warning(_('Puppet::Network::HTTP::Compression::IdentityAdapter#uncompress is deprecated.'))
|
121
|
-
chunk
|
122
|
-
end
|
123
|
-
|
124
|
-
def close
|
125
|
-
end
|
126
|
-
end
|
127
|
-
end
|
@@ -1,184 +0,0 @@
|
|
1
|
-
class Puppet::Network::HTTP::ConnectionAdapter < Puppet::Network::HTTP::Connection
|
2
|
-
def initialize(host, port, options = {})
|
3
|
-
super(host, port, options)
|
4
|
-
|
5
|
-
@client = Puppet.runtime[:http]
|
6
|
-
end
|
7
|
-
|
8
|
-
def get(path, headers = {}, options = {})
|
9
|
-
headers ||= {}
|
10
|
-
options[:ssl_context] ||= resolve_ssl_context
|
11
|
-
options[:redirect_limit] ||= @redirect_limit
|
12
|
-
|
13
|
-
with_error_handling do
|
14
|
-
resp = @client.get(to_url(path), headers: headers, options: options)
|
15
|
-
resp.nethttp
|
16
|
-
end
|
17
|
-
end
|
18
|
-
|
19
|
-
def post(path, data, headers = nil, options = {})
|
20
|
-
headers ||= {}
|
21
|
-
headers['Content-Type'] ||= "application/x-www-form-urlencoded"
|
22
|
-
data ||= ''
|
23
|
-
options[:ssl_context] ||= resolve_ssl_context
|
24
|
-
options[:redirect_limit] ||= @redirect_limit
|
25
|
-
|
26
|
-
with_error_handling do
|
27
|
-
resp = @client.post(to_url(path), data, headers: headers, options: options)
|
28
|
-
resp.nethttp
|
29
|
-
end
|
30
|
-
end
|
31
|
-
|
32
|
-
def head(path, headers = {}, options = {})
|
33
|
-
headers ||= {}
|
34
|
-
options[:ssl_context] ||= resolve_ssl_context
|
35
|
-
options[:redirect_limit] ||= @redirect_limit
|
36
|
-
|
37
|
-
with_error_handling do
|
38
|
-
resp = @client.head(to_url(path), headers: headers, options: options)
|
39
|
-
resp.nethttp
|
40
|
-
end
|
41
|
-
end
|
42
|
-
|
43
|
-
def delete(path, headers = {'Depth' => 'Infinity'}, options = {})
|
44
|
-
headers ||= {}
|
45
|
-
options[:ssl_context] ||= resolve_ssl_context
|
46
|
-
options[:redirect_limit] ||= @redirect_limit
|
47
|
-
|
48
|
-
with_error_handling do
|
49
|
-
resp = @client.delete(to_url(path), headers: headers, options: options)
|
50
|
-
resp.nethttp
|
51
|
-
end
|
52
|
-
end
|
53
|
-
|
54
|
-
def put(path, data, headers = nil, options = {})
|
55
|
-
headers ||= {}
|
56
|
-
headers['Content-Type'] ||= "application/x-www-form-urlencoded"
|
57
|
-
data ||= ''
|
58
|
-
options[:ssl_context] ||= resolve_ssl_context
|
59
|
-
options[:redirect_limit] ||= @redirect_limit
|
60
|
-
|
61
|
-
with_error_handling do
|
62
|
-
resp = @client.put(to_url(path), data, headers: headers, options: options)
|
63
|
-
resp.nethttp
|
64
|
-
end
|
65
|
-
end
|
66
|
-
|
67
|
-
def request_get(*args, &block)
|
68
|
-
path, headers = *args
|
69
|
-
headers ||= {}
|
70
|
-
options = {
|
71
|
-
ssl_context: resolve_ssl_context,
|
72
|
-
redirect_limit: @redirect_limit
|
73
|
-
}
|
74
|
-
|
75
|
-
resp = @client.get(to_url(path), headers: headers, options: options) do |response|
|
76
|
-
yield response.nethttp if block_given?
|
77
|
-
end
|
78
|
-
resp.nethttp
|
79
|
-
end
|
80
|
-
|
81
|
-
def request_head(*args, &block)
|
82
|
-
path, headers = *args
|
83
|
-
headers ||= {}
|
84
|
-
options = {
|
85
|
-
ssl_context: resolve_ssl_context,
|
86
|
-
redirect_limit: @redirect_limit
|
87
|
-
}
|
88
|
-
|
89
|
-
response = @client.head(to_url(path), headers: headers, options: options)
|
90
|
-
yield response.nethttp if block_given?
|
91
|
-
response.nethttp
|
92
|
-
end
|
93
|
-
|
94
|
-
def request_post(*args, &block)
|
95
|
-
path, data, headers = *args
|
96
|
-
headers ||= {}
|
97
|
-
headers['Content-Type'] ||= "application/x-www-form-urlencoded"
|
98
|
-
options = {
|
99
|
-
ssl_context: resolve_ssl_context,
|
100
|
-
redirect_limit: @redirect_limit
|
101
|
-
}
|
102
|
-
|
103
|
-
resp = @client.post(to_url(path), data, headers: headers, options: options) do |response|
|
104
|
-
yield response.nethttp if block_given?
|
105
|
-
end
|
106
|
-
resp.nethttp
|
107
|
-
end
|
108
|
-
|
109
|
-
private
|
110
|
-
|
111
|
-
# The old Connection class ignores the ssl_context on the Puppet stack,
|
112
|
-
# and always loads certs/keys based on what is currently in the filesystem.
|
113
|
-
# If the files are missing, it would attempt to bootstrap the certs/keys
|
114
|
-
# while in the process of making a network request, due to the call to
|
115
|
-
# Puppet.lookup(:ssl_host) in Puppet::SSL::Validator::DefaultValidator#setup_connection.
|
116
|
-
# This class doesn't preserve the boostrap behavior because that is handled
|
117
|
-
# outside of this class, and can only be triggered by running `puppet ssl` or
|
118
|
-
# `puppet agent`.
|
119
|
-
def resolve_ssl_context
|
120
|
-
# don't need an ssl context for http connections
|
121
|
-
return nil unless @site.use_ssl?
|
122
|
-
|
123
|
-
# if our verifier has an ssl_context, use that
|
124
|
-
ctx = @verifier.ssl_context
|
125
|
-
return ctx if ctx
|
126
|
-
|
127
|
-
# load available certs
|
128
|
-
cert = Puppet::X509::CertProvider.new
|
129
|
-
ssl = Puppet::SSL::SSLProvider.new
|
130
|
-
begin
|
131
|
-
password = cert.load_private_key_password
|
132
|
-
ssl.load_context(certname: Puppet[:certname], password: password)
|
133
|
-
rescue Puppet::SSL::SSLError => e
|
134
|
-
Puppet.log_exception(e)
|
135
|
-
|
136
|
-
# if we don't have cacerts, then create a root context that doesn't
|
137
|
-
# trust anything. The old code used to fallback to VERIFY_NONE,
|
138
|
-
# which we don't want to emulate.
|
139
|
-
ssl.create_root_context(cacerts: [])
|
140
|
-
end
|
141
|
-
end
|
142
|
-
|
143
|
-
def to_url(path)
|
144
|
-
if path =~ /^https?:\/\//
|
145
|
-
# The old Connection class accepts a URL as the request path, and sends
|
146
|
-
# it in "absolute-form" in the request line, e.g. GET https://puppet:8140/.
|
147
|
-
# See https://httpwg.org/specs/rfc7230.html#absolute-form. It just so happens
|
148
|
-
# to work because HTTP 1.1 servers are required to accept absolute-form even
|
149
|
-
# though clients are only supposed to send them to proxies, so the proxy knows
|
150
|
-
# what upstream server to CONNECT to. This method creates a URL using the
|
151
|
-
# scheme/host/port that the connection was created with, and appends the path
|
152
|
-
# and query portions of the absolute-form. The resulting request will use "origin-form"
|
153
|
-
# as it should have done all along.
|
154
|
-
abs_form = URI(path)
|
155
|
-
url = URI("#{@site.addr}/#{normalize_path(abs_form.path)}")
|
156
|
-
url.query = abs_form.query if abs_form.query
|
157
|
-
url
|
158
|
-
else
|
159
|
-
URI("#{@site.addr}/#{normalize_path(path)}")
|
160
|
-
end
|
161
|
-
end
|
162
|
-
|
163
|
-
def normalize_path(path)
|
164
|
-
if path[0] == '/'
|
165
|
-
path[1..-1]
|
166
|
-
else
|
167
|
-
path
|
168
|
-
end
|
169
|
-
end
|
170
|
-
|
171
|
-
def with_error_handling(&block)
|
172
|
-
yield
|
173
|
-
rescue Puppet::HTTP::TooManyRedirects => e
|
174
|
-
raise Puppet::Network::HTTP::RedirectionLimitExceededException.new(_("Too many HTTP redirections for %{host}:%{port}") % { host: @host, port: @port }, e)
|
175
|
-
rescue Puppet::HTTP::HTTPError => e
|
176
|
-
Puppet.log_exception(e, e.message)
|
177
|
-
case e.cause
|
178
|
-
when Net::OpenTimeout, Net::ReadTimeout, Net::HTTPError, EOFError
|
179
|
-
raise e.cause
|
180
|
-
else
|
181
|
-
raise e
|
182
|
-
end
|
183
|
-
end
|
184
|
-
end
|
@@ -1,28 +0,0 @@
|
|
1
|
-
# A pool that does not cache HTTP connections.
|
2
|
-
#
|
3
|
-
# @api private
|
4
|
-
class Puppet::Network::HTTP::NoCachePool < Puppet::Network::HTTP::BasePool
|
5
|
-
def initialize(factory = Puppet::Network::HTTP::Factory.new)
|
6
|
-
Puppet.deprecation_warning(_('Puppet::Network::HTTP::NoCachePool is deprecated.'))
|
7
|
-
@factory = factory
|
8
|
-
end
|
9
|
-
|
10
|
-
# Yields a <tt>Net::HTTP</tt> connection.
|
11
|
-
#
|
12
|
-
# @yieldparam http [Net::HTTP] An HTTP connection
|
13
|
-
def with_connection(site, verifier, &block)
|
14
|
-
http = @factory.create_connection(site)
|
15
|
-
start(site, verifier, http)
|
16
|
-
begin
|
17
|
-
yield http
|
18
|
-
ensure
|
19
|
-
return unless http.started?
|
20
|
-
Puppet.debug("Closing connection for #{site}")
|
21
|
-
http.finish
|
22
|
-
end
|
23
|
-
end
|
24
|
-
|
25
|
-
def close
|
26
|
-
# do nothing
|
27
|
-
end
|
28
|
-
end
|
@@ -1,210 +0,0 @@
|
|
1
|
-
require 'puppet/network/authstore'
|
2
|
-
require 'puppet/error'
|
3
|
-
|
4
|
-
module Puppet::Network
|
5
|
-
|
6
|
-
# this exception is thrown when a request is not authenticated
|
7
|
-
class AuthorizationError < Puppet::Error; end
|
8
|
-
|
9
|
-
# Rights class manages a list of ACLs for paths.
|
10
|
-
class Rights
|
11
|
-
# Check that name is allowed or not
|
12
|
-
def allowed?(name, *args)
|
13
|
-
!is_forbidden_and_why?(name, :node => args[0], :ip => args[1])
|
14
|
-
end
|
15
|
-
|
16
|
-
def is_request_forbidden_and_why?(method, path, params)
|
17
|
-
methods_to_check = if method == :head
|
18
|
-
# :head is ok if either :find or :save is ok.
|
19
|
-
[:find, :save]
|
20
|
-
else
|
21
|
-
[method]
|
22
|
-
end
|
23
|
-
authorization_failure_exceptions = methods_to_check.map do |m|
|
24
|
-
is_forbidden_and_why?(path, params.merge({:method => m}))
|
25
|
-
end
|
26
|
-
if authorization_failure_exceptions.include? nil
|
27
|
-
# One of the methods we checked is ok, therefore this request is ok.
|
28
|
-
nil
|
29
|
-
else
|
30
|
-
# Just need to return any of the failure exceptions.
|
31
|
-
authorization_failure_exceptions.first
|
32
|
-
end
|
33
|
-
end
|
34
|
-
|
35
|
-
def is_forbidden_and_why?(name, args = {})
|
36
|
-
res = :nomatch
|
37
|
-
@rights.find do |acl|
|
38
|
-
found = false
|
39
|
-
# an acl can return :dunno, which means "I'm not qualified to answer your question,
|
40
|
-
# please ask someone else". This is used when for instance an acl matches, but not for the
|
41
|
-
# current rest method, where we might think some other acl might be more specific.
|
42
|
-
match = acl.match?(name)
|
43
|
-
if match
|
44
|
-
args[:match] = match
|
45
|
-
if (res = acl.allowed?(args[:node], args[:ip], args)) != :dunno
|
46
|
-
# return early if we're allowed
|
47
|
-
return nil if res
|
48
|
-
# we matched, select this acl
|
49
|
-
found = true
|
50
|
-
end
|
51
|
-
end
|
52
|
-
found
|
53
|
-
end
|
54
|
-
|
55
|
-
# if we end up here, then that means we either didn't match or failed, in any
|
56
|
-
# case will return an error to the outside world
|
57
|
-
msg = "#{name} [#{args[:method]}]"
|
58
|
-
|
59
|
-
AuthorizationError.new(_("Forbidden request: %{msg}") % { msg: msg })
|
60
|
-
end
|
61
|
-
|
62
|
-
def initialize
|
63
|
-
@rights = []
|
64
|
-
end
|
65
|
-
|
66
|
-
def [](name)
|
67
|
-
@rights.find { |acl| acl == name }
|
68
|
-
end
|
69
|
-
|
70
|
-
def empty?
|
71
|
-
@rights.empty?
|
72
|
-
end
|
73
|
-
|
74
|
-
def include?(name)
|
75
|
-
@rights.include?(name)
|
76
|
-
end
|
77
|
-
|
78
|
-
def each
|
79
|
-
@rights.each { |r| yield r.name,r }
|
80
|
-
end
|
81
|
-
|
82
|
-
# Define a new right to which access can be provided.
|
83
|
-
def newright(name, line=nil, file=nil)
|
84
|
-
add_right( Right.new(name, line, file) )
|
85
|
-
end
|
86
|
-
|
87
|
-
private
|
88
|
-
|
89
|
-
def add_right(right)
|
90
|
-
@rights << right
|
91
|
-
right
|
92
|
-
end
|
93
|
-
|
94
|
-
# Retrieve a right by name.
|
95
|
-
def right(name)
|
96
|
-
self[name]
|
97
|
-
end
|
98
|
-
|
99
|
-
# A right.
|
100
|
-
class Right < Puppet::Network::AuthStore
|
101
|
-
attr_accessor :name, :key
|
102
|
-
# Overriding Object#methods sucks for debugging. If we're in here in the
|
103
|
-
# future, it would be nice to rename Right#methods
|
104
|
-
attr_accessor :methods, :environment, :authentication
|
105
|
-
attr_accessor :line, :file
|
106
|
-
|
107
|
-
ALL = [:save, :destroy, :find, :search]
|
108
|
-
|
109
|
-
Puppet::Util.logmethods(self, true)
|
110
|
-
|
111
|
-
def initialize(name, line, file)
|
112
|
-
@methods = []
|
113
|
-
@environment = []
|
114
|
-
@authentication = true # defaults to authenticated
|
115
|
-
@name = name
|
116
|
-
@line = line || 0
|
117
|
-
@file = file
|
118
|
-
@methods = ALL
|
119
|
-
|
120
|
-
case name
|
121
|
-
when /^\//
|
122
|
-
@key = Regexp.new("^" + Regexp.escape(name))
|
123
|
-
when /^~/ # this is a regex
|
124
|
-
@name = name.gsub(/^~\s+/,'')
|
125
|
-
@key = Regexp.new(@name)
|
126
|
-
else
|
127
|
-
raise ArgumentError, _("Unknown right type '%{name}'") % { name: name }
|
128
|
-
end
|
129
|
-
|
130
|
-
super()
|
131
|
-
end
|
132
|
-
|
133
|
-
def to_s
|
134
|
-
"access[#{@name}]"
|
135
|
-
end
|
136
|
-
|
137
|
-
# There's no real check to do at this point
|
138
|
-
def valid?
|
139
|
-
true
|
140
|
-
end
|
141
|
-
|
142
|
-
# does this right is allowed for this triplet?
|
143
|
-
# if this right is too restrictive (ie we don't match this access method)
|
144
|
-
# then return :dunno so that upper layers have a chance to try another right
|
145
|
-
# tailored to the given method
|
146
|
-
def allowed?(name, ip, args = {})
|
147
|
-
if not @methods.include?(args[:method])
|
148
|
-
return :dunno
|
149
|
-
elsif @environment.size > 0 and not @environment.include?(args[:environment])
|
150
|
-
return :dunno
|
151
|
-
elsif (@authentication and not args[:authenticated])
|
152
|
-
return :dunno
|
153
|
-
end
|
154
|
-
|
155
|
-
begin
|
156
|
-
# make sure any capture are replaced if needed
|
157
|
-
interpolate(args[:match]) if args[:match]
|
158
|
-
res = super(name,ip)
|
159
|
-
ensure
|
160
|
-
reset_interpolation
|
161
|
-
end
|
162
|
-
res
|
163
|
-
end
|
164
|
-
|
165
|
-
# restrict this right to some method only
|
166
|
-
def restrict_method(m)
|
167
|
-
m = m.intern if m.is_a?(String)
|
168
|
-
|
169
|
-
raise ArgumentError, _("'%{m}' is not an allowed value for method directive") % { m: m } unless ALL.include?(m)
|
170
|
-
|
171
|
-
# if we were allowing all methods, then starts from scratch
|
172
|
-
if @methods === ALL
|
173
|
-
@methods = []
|
174
|
-
end
|
175
|
-
|
176
|
-
raise ArgumentError, _("'%{m}' is already in the '%{name}' ACL") % { m: m, name: name } if @methods.include?(m)
|
177
|
-
|
178
|
-
@methods << m
|
179
|
-
end
|
180
|
-
|
181
|
-
def restrict_environment(environment)
|
182
|
-
env = Puppet.lookup(:environments).get(environment)
|
183
|
-
raise ArgumentError, _("'%{env}' is already in the '%{name}' ACL") % { env: env, name: name } if @environment.include?(env)
|
184
|
-
|
185
|
-
@environment << env
|
186
|
-
end
|
187
|
-
|
188
|
-
def restrict_authenticated(authentication)
|
189
|
-
case authentication
|
190
|
-
when "yes", "on", "true", true
|
191
|
-
authentication = true
|
192
|
-
when "no", "off", "false", false, "all" ,"any", :all, :any
|
193
|
-
authentication = false
|
194
|
-
else
|
195
|
-
raise ArgumentError, _("'%{name}' incorrect authenticated value: %{authentication}") % { name: name, authentication: authentication }
|
196
|
-
end
|
197
|
-
@authentication = authentication
|
198
|
-
end
|
199
|
-
|
200
|
-
def match?(key)
|
201
|
-
# otherwise match with the regex
|
202
|
-
self.key.match(key)
|
203
|
-
end
|
204
|
-
|
205
|
-
def ==(name)
|
206
|
-
self.name == name.gsub(/^~\s+/,'')
|
207
|
-
end
|
208
|
-
end
|
209
|
-
end
|
210
|
-
end
|