puppet 6.24.0-x64-mingw32 → 7.0.0-x64-mingw32
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CODEOWNERS +16 -2
- data/CONTRIBUTING.md +5 -5
- data/Gemfile +1 -3
- data/Gemfile.lock +35 -47
- data/README.md +5 -5
- data/conf/fileserver.conf +5 -10
- data/ext/build_defaults.yaml +1 -1
- data/ext/osx/file_mapping.yaml +0 -5
- data/ext/osx/puppet.plist +0 -2
- data/ext/project_data.yaml +1 -15
- data/ext/redhat/puppet.spec.erb +0 -1
- data/ext/windows/service/daemon.rb +6 -5
- data/install.rb +21 -17
- data/lib/puppet.rb +14 -23
- data/lib/puppet/application.rb +178 -108
- data/lib/puppet/application/agent.rb +4 -12
- data/lib/puppet/application/apply.rb +2 -4
- data/lib/puppet/application/device.rb +100 -106
- data/lib/puppet/application/filebucket.rb +13 -10
- data/lib/puppet/application/resource.rb +3 -17
- data/lib/puppet/application/script.rb +0 -2
- data/lib/puppet/application/ssl.rb +1 -13
- data/lib/puppet/application_support.rb +0 -7
- data/lib/puppet/configurer.rb +30 -45
- data/lib/puppet/configurer/downloader.rb +1 -2
- data/lib/puppet/configurer/plugin_handler.rb +21 -19
- data/lib/puppet/defaults.rb +100 -192
- data/lib/puppet/environments.rb +60 -84
- data/lib/puppet/face/facts.rb +5 -103
- data/lib/puppet/face/help.rb +1 -1
- data/lib/puppet/face/help/action.erb +0 -1
- data/lib/puppet/face/help/face.erb +0 -1
- data/lib/puppet/face/node/clean.rb +0 -11
- data/lib/puppet/face/plugin.rb +5 -8
- data/lib/puppet/ffi/windows.rb +12 -0
- data/lib/puppet/ffi/windows/api_types.rb +311 -0
- data/lib/puppet/ffi/windows/constants.rb +404 -0
- data/lib/puppet/ffi/windows/functions.rb +628 -0
- data/lib/puppet/ffi/windows/structs.rb +338 -0
- data/lib/puppet/file_serving/configuration.rb +0 -5
- data/lib/puppet/file_serving/configuration/parser.rb +3 -32
- data/lib/puppet/file_serving/fileset.rb +2 -14
- data/lib/puppet/file_serving/http_metadata.rb +1 -1
- data/lib/puppet/file_serving/mount.rb +1 -2
- data/lib/puppet/file_system/file_impl.rb +1 -1
- data/lib/puppet/file_system/memory_file.rb +1 -8
- data/lib/puppet/file_system/windows.rb +2 -4
- data/lib/puppet/forge.rb +3 -3
- data/lib/puppet/forge/repository.rb +0 -1
- data/lib/puppet/functions/all.rb +1 -1
- data/lib/puppet/functions/camelcase.rb +1 -1
- data/lib/puppet/functions/capitalize.rb +2 -2
- data/lib/puppet/functions/downcase.rb +2 -2
- data/lib/puppet/functions/empty.rb +0 -8
- data/lib/puppet/functions/get.rb +5 -5
- data/lib/puppet/functions/group_by.rb +5 -13
- data/lib/puppet/functions/lest.rb +1 -1
- data/lib/puppet/functions/new.rb +100 -100
- data/lib/puppet/functions/partition.rb +4 -12
- data/lib/puppet/functions/require.rb +5 -5
- data/lib/puppet/functions/sort.rb +3 -3
- data/lib/puppet/functions/strftime.rb +0 -1
- data/lib/puppet/functions/tree_each.rb +9 -7
- data/lib/puppet/functions/type.rb +4 -4
- data/lib/puppet/functions/unwrap.rb +2 -17
- data/lib/puppet/functions/upcase.rb +2 -2
- data/lib/puppet/generate/models/type/type.rb +4 -1
- data/lib/puppet/http.rb +22 -13
- data/lib/puppet/http/client.rb +164 -114
- data/lib/puppet/{network/resolver.rb → http/dns.rb} +2 -2
- data/lib/puppet/http/errors.rb +16 -0
- data/lib/puppet/http/external_client.rb +5 -7
- data/lib/puppet/{network/http → http}/factory.rb +8 -15
- data/lib/puppet/{network/http → http}/pool.rb +61 -26
- data/lib/puppet/{network/http/session.rb → http/pool_entry.rb} +2 -3
- data/lib/puppet/http/proxy.rb +137 -0
- data/lib/puppet/http/redirector.rb +4 -12
- data/lib/puppet/http/resolver.rb +5 -15
- data/lib/puppet/http/resolver/server_list.rb +10 -25
- data/lib/puppet/http/resolver/settings.rb +4 -7
- data/lib/puppet/http/resolver/srv.rb +7 -11
- data/lib/puppet/http/response.rb +36 -54
- data/lib/puppet/http/response_converter.rb +24 -0
- data/lib/puppet/http/response_net_http.rb +42 -0
- data/lib/puppet/http/retry_after_handler.rb +4 -13
- data/lib/puppet/http/service.rb +12 -26
- data/lib/puppet/http/service/ca.rb +11 -22
- data/lib/puppet/http/service/compiler.rb +22 -138
- data/lib/puppet/http/service/file_server.rb +19 -29
- data/lib/puppet/http/service/puppetserver.rb +26 -12
- data/lib/puppet/http/service/report.rb +8 -10
- data/lib/puppet/http/session.rb +11 -20
- data/lib/puppet/{network/http → http}/site.rb +1 -2
- data/lib/puppet/indirector/catalog/compiler.rb +0 -1
- data/lib/puppet/indirector/catalog/rest.rb +2 -4
- data/lib/puppet/indirector/facts/rest.rb +3 -22
- data/lib/puppet/indirector/file_bucket_file/rest.rb +3 -9
- data/lib/puppet/indirector/file_content/rest.rb +2 -6
- data/lib/puppet/indirector/file_metadata/rest.rb +3 -10
- data/lib/puppet/indirector/file_server.rb +1 -8
- data/lib/puppet/indirector/generic_http.rb +0 -11
- data/lib/puppet/indirector/node/rest.rb +2 -4
- data/lib/puppet/indirector/report/rest.rb +3 -8
- data/lib/puppet/indirector/request.rb +0 -101
- data/lib/puppet/indirector/resource/ral.rb +1 -6
- data/lib/puppet/indirector/rest.rb +12 -263
- data/lib/puppet/interface/documentation.rb +0 -1
- data/lib/puppet/module_tool/applications.rb +0 -1
- data/lib/puppet/module_tool/applications/installer.rb +2 -52
- data/lib/puppet/module_tool/errors/shared.rb +2 -34
- data/lib/puppet/network/authconfig.rb +2 -96
- data/lib/puppet/network/authorization.rb +13 -35
- data/lib/puppet/network/formats.rb +0 -67
- data/lib/puppet/network/http.rb +3 -3
- data/lib/puppet/network/http/api/indirected_routes.rb +2 -20
- data/lib/puppet/network/http/api/master/v3.rb +11 -13
- data/lib/puppet/network/http/connection.rb +247 -316
- data/lib/puppet/network/http/handler.rb +0 -1
- data/lib/puppet/network/http_pool.rb +16 -34
- data/lib/puppet/node.rb +1 -30
- data/lib/puppet/pal/json_catalog_encoder.rb +4 -0
- data/lib/puppet/pal/pal_impl.rb +3 -1
- data/lib/puppet/parser/ast/leaf.rb +2 -3
- data/lib/puppet/parser/ast/pops_bridge.rb +0 -38
- data/lib/puppet/parser/compiler.rb +0 -198
- data/lib/puppet/parser/compiler/catalog_validator/relationship_validator.rb +14 -39
- data/lib/puppet/parser/functions/fqdn_rand.rb +6 -14
- data/lib/puppet/parser/resource.rb +0 -69
- data/lib/puppet/parser/templatewrapper.rb +1 -1
- data/lib/puppet/pops/evaluator/deferred_resolver.rb +3 -5
- data/lib/puppet/pops/evaluator/evaluator_impl.rb +0 -5
- data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +3 -3
- data/lib/puppet/pops/evaluator/runtime3_support.rb +1 -1
- data/lib/puppet/pops/issues.rb +0 -5
- data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +6 -8
- data/lib/puppet/pops/model/ast.pp +0 -42
- data/lib/puppet/pops/model/ast.rb +0 -290
- data/lib/puppet/pops/model/ast_transformer.rb +1 -1
- data/lib/puppet/pops/model/factory.rb +0 -45
- data/lib/puppet/pops/model/model_label_provider.rb +0 -5
- data/lib/puppet/pops/model/model_tree_dumper.rb +0 -22
- data/lib/puppet/pops/model/pn_transformer.rb +0 -16
- data/lib/puppet/pops/parser/egrammar.ra +0 -56
- data/lib/puppet/pops/parser/eparser.rb +1520 -1712
- data/lib/puppet/pops/parser/lexer2.rb +4 -4
- data/lib/puppet/pops/parser/parser_support.rb +0 -5
- data/lib/puppet/pops/resource/resource_type_impl.rb +2 -24
- data/lib/puppet/pops/types/p_sem_ver_type.rb +2 -8
- data/lib/puppet/pops/types/p_sensitive_type.rb +0 -10
- data/lib/puppet/pops/types/type_calculator.rb +0 -7
- data/lib/puppet/pops/types/type_mismatch_describer.rb +1 -1
- data/lib/puppet/pops/types/type_parser.rb +0 -4
- data/lib/puppet/pops/types/types.rb +0 -1
- data/lib/puppet/pops/validation/checker4_0.rb +9 -37
- data/lib/puppet/pops/validation/tasks_checker.rb +0 -12
- data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -2
- data/lib/puppet/property/list.rb +1 -1
- data/lib/puppet/provider.rb +0 -13
- data/lib/puppet/provider/exec/posix.rb +4 -16
- data/lib/puppet/provider/group/groupadd.rb +8 -13
- data/lib/puppet/provider/nameservice.rb +0 -18
- data/lib/puppet/provider/package/apt.rb +2 -34
- data/lib/puppet/provider/package/aptitude.rb +0 -6
- data/lib/puppet/provider/package/dnfmodule.rb +1 -1
- data/lib/puppet/provider/package/dpkg.rb +0 -10
- data/lib/puppet/provider/package/gem.rb +23 -3
- data/lib/puppet/provider/package/nim.rb +6 -11
- data/lib/puppet/provider/package/pip.rb +3 -16
- data/lib/puppet/provider/package/pkg.rb +0 -4
- data/lib/puppet/provider/package/portage.rb +1 -1
- data/lib/puppet/provider/package/puppet_gem.rb +1 -4
- data/lib/puppet/provider/parsedfile.rb +0 -3
- data/lib/puppet/provider/service/debian.rb +0 -2
- data/lib/puppet/provider/service/smf.rb +191 -73
- data/lib/puppet/provider/service/systemd.rb +4 -14
- data/lib/puppet/provider/service/windows.rb +0 -38
- data/lib/puppet/provider/user/aix.rb +2 -2
- data/lib/puppet/provider/user/directoryservice.rb +10 -33
- data/lib/puppet/provider/user/useradd.rb +8 -62
- data/lib/puppet/reference/configuration.rb +8 -7
- data/lib/puppet/reference/indirection.rb +1 -1
- data/lib/puppet/resource.rb +1 -89
- data/lib/puppet/resource/catalog.rb +1 -14
- data/lib/puppet/resource/type.rb +3 -119
- data/lib/puppet/resource/type_collection.rb +3 -48
- data/lib/puppet/runtime.rb +1 -2
- data/lib/puppet/settings.rb +80 -96
- data/lib/puppet/settings/environment_conf.rb +0 -1
- data/lib/puppet/settings/integer_setting.rb +17 -0
- data/lib/puppet/settings/port_setting.rb +15 -0
- data/lib/puppet/settings/priority_setting.rb +5 -4
- data/lib/puppet/ssl.rb +10 -6
- data/lib/puppet/ssl/base.rb +3 -5
- data/lib/puppet/ssl/certificate.rb +0 -6
- data/lib/puppet/ssl/certificate_request.rb +1 -12
- data/lib/puppet/ssl/certificate_signer.rb +6 -0
- data/lib/puppet/ssl/oids.rb +3 -1
- data/lib/puppet/ssl/ssl_provider.rb +17 -0
- data/lib/puppet/ssl/state_machine.rb +3 -1
- data/lib/puppet/ssl/verifier.rb +2 -0
- data/lib/puppet/test/test_helper.rb +1 -3
- data/lib/puppet/transaction.rb +1 -7
- data/lib/puppet/transaction/additional_resource_generator.rb +1 -1
- data/lib/puppet/transaction/report.rb +2 -4
- data/lib/puppet/type.rb +0 -76
- data/lib/puppet/type/exec.rb +3 -16
- data/lib/puppet/type/file.rb +6 -26
- data/lib/puppet/type/file/checksum.rb +1 -1
- data/lib/puppet/type/file/mode.rb +0 -6
- data/lib/puppet/type/file/selcontext.rb +1 -1
- data/lib/puppet/type/file/source.rb +1 -1
- data/lib/puppet/type/filebucket.rb +3 -3
- data/lib/puppet/type/package.rb +8 -16
- data/lib/puppet/type/service.rb +38 -18
- data/lib/puppet/type/tidy.rb +3 -22
- data/lib/puppet/type/user.rb +20 -38
- data/lib/puppet/util/autoload.rb +8 -1
- data/lib/puppet/util/execution.rb +0 -11
- data/lib/puppet/util/http_proxy.rb +2 -215
- data/lib/puppet/util/monkey_patches.rb +0 -53
- data/lib/puppet/util/posix.rb +5 -54
- data/lib/puppet/util/rdoc.rb +0 -7
- data/lib/puppet/util/retry_action.rb +1 -1
- data/lib/puppet/util/run_mode.rb +9 -1
- data/lib/puppet/util/selinux.rb +4 -30
- data/lib/puppet/util/symbolic_file_mode.rb +17 -29
- data/lib/puppet/util/windows.rb +3 -8
- data/lib/puppet/util/windows/adsi.rb +0 -46
- data/lib/puppet/util/windows/daemon.rb +360 -0
- data/lib/puppet/util/windows/error.rb +1 -0
- data/lib/puppet/util/windows/eventlog.rb +4 -9
- data/lib/puppet/util/windows/file.rb +8 -242
- data/lib/puppet/util/windows/monkey_patches/process.rb +414 -0
- data/lib/puppet/util/windows/principal.rb +2 -9
- data/lib/puppet/util/windows/process.rb +4 -226
- data/lib/puppet/util/windows/service.rb +9 -460
- data/lib/puppet/util/windows/sid.rb +2 -6
- data/lib/puppet/util/windows/string.rb +12 -13
- data/lib/puppet/util/yaml.rb +0 -22
- data/lib/puppet/vendor/require_vendored.rb +0 -1
- data/lib/puppet/version.rb +1 -1
- data/lib/puppet/x509.rb +5 -1
- data/lib/puppet/x509/cert_provider.rb +29 -1
- data/locales/puppet.pot +722 -1527
- data/man/man5/puppet.conf.5 +266 -354
- data/man/man8/puppet-agent.8 +2 -2
- data/man/man8/puppet-apply.8 +2 -2
- data/man/man8/puppet-catalog.8 +9 -9
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +2 -2
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +8 -51
- data/man/man8/puppet-filebucket.8 +4 -4
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-module.8 +1 -58
- data/man/man8/puppet-node.8 +5 -5
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +5 -5
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +2 -2
- data/man/man8/puppet-ssl.8 +1 -5
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/ssl/127.0.0.1-key.pem +57 -107
- data/spec/fixtures/ssl/127.0.0.1.pem +31 -52
- data/spec/fixtures/ssl/bad-basic-constraints.pem +35 -57
- data/spec/fixtures/ssl/bad-int-basic-constraints.pem +35 -57
- data/spec/fixtures/ssl/ca.pem +35 -57
- data/spec/fixtures/ssl/crl.pem +18 -28
- data/spec/fixtures/ssl/ec-key.pem +11 -11
- data/spec/fixtures/ssl/ec.pem +24 -33
- data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
- data/spec/fixtures/ssl/encrypted-key.pem +58 -108
- data/spec/fixtures/ssl/intermediate-agent-crl.pem +19 -28
- data/spec/fixtures/ssl/intermediate-agent.pem +36 -57
- data/spec/fixtures/ssl/intermediate-crl.pem +21 -31
- data/spec/fixtures/ssl/intermediate.pem +36 -57
- data/spec/fixtures/ssl/pluto-key.pem +57 -107
- data/spec/fixtures/ssl/pluto.pem +30 -52
- data/spec/fixtures/ssl/request-key.pem +57 -107
- data/spec/fixtures/ssl/request.pem +26 -47
- data/spec/fixtures/ssl/revoked-key.pem +57 -107
- data/spec/fixtures/ssl/revoked.pem +30 -52
- data/spec/fixtures/ssl/signed-key.pem +57 -107
- data/spec/fixtures/ssl/signed.pem +30 -52
- data/spec/fixtures/ssl/tampered-cert.pem +30 -52
- data/spec/fixtures/ssl/tampered-csr.pem +26 -47
- data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +57 -107
- data/spec/fixtures/ssl/unknown-127.0.0.1.pem +29 -50
- data/spec/fixtures/ssl/unknown-ca-key.pem +57 -107
- data/spec/fixtures/ssl/unknown-ca.pem +33 -55
- data/spec/fixtures/unit/provider/service/smf/{svcs.out → svcs_instances.out} +0 -0
- data/spec/fixtures/unit/provider/user/aix/aix_passwd_file.out +0 -4
- data/spec/integration/application/agent_spec.rb +27 -171
- data/spec/integration/application/apply_spec.rb +1 -20
- data/spec/integration/application/filebucket_spec.rb +16 -27
- data/spec/integration/application/help_spec.rb +2 -0
- data/spec/integration/application/module_spec.rb +0 -21
- data/spec/integration/application/plugin_spec.rb +24 -2
- data/spec/integration/defaults_spec.rb +14 -3
- data/spec/integration/environments/settings_interpolation_spec.rb +4 -0
- data/spec/integration/http/client_spec.rb +0 -12
- data/spec/integration/indirector/direct_file_server_spec.rb +3 -1
- data/spec/integration/indirector/facts/facter_spec.rb +36 -90
- data/spec/integration/network/http_pool_spec.rb +3 -21
- data/spec/integration/parser/catalog_spec.rb +0 -38
- data/spec/integration/parser/node_spec.rb +0 -9
- data/spec/integration/parser/pcore_resource_spec.rb +0 -37
- data/spec/integration/resource/type_collection_spec.rb +6 -2
- data/spec/integration/transaction_spec.rb +9 -4
- data/spec/integration/type/exec_spec.rb +45 -70
- data/spec/integration/type/file_spec.rb +5 -4
- data/spec/integration/util/windows/adsi_spec.rb +1 -21
- data/spec/integration/util/windows/monkey_patches/process_spec.rb +231 -0
- data/spec/integration/util/windows/principal_spec.rb +0 -21
- data/spec/integration/util/windows/registry_spec.rb +10 -6
- data/spec/integration/util/windows/security_spec.rb +1 -1
- data/spec/lib/matchers/include.rb +27 -0
- data/spec/lib/matchers/include_spec.rb +32 -0
- data/spec/lib/puppet/test_ca.rb +2 -7
- data/spec/lib/puppet_spec/puppetserver.rb +1 -1
- data/spec/lib/puppet_spec/settings.rb +1 -1
- data/spec/spec_helper.rb +7 -12
- data/spec/unit/agent_spec.rb +6 -10
- data/spec/unit/application/agent_spec.rb +3 -7
- data/spec/unit/application/facts_spec.rb +12 -456
- data/spec/unit/application/filebucket_spec.rb +43 -39
- data/spec/unit/application/ssl_spec.rb +2 -25
- data/spec/unit/application_spec.rb +9 -51
- data/spec/unit/certificate_factory_spec.rb +1 -1
- data/spec/unit/configurer/downloader_spec.rb +6 -8
- data/spec/unit/configurer/plugin_handler_spec.rb +56 -18
- data/spec/unit/configurer_spec.rb +12 -32
- data/spec/unit/confine/feature_spec.rb +1 -1
- data/spec/unit/confine_spec.rb +2 -8
- data/spec/unit/context/trusted_information_spec.rb +2 -6
- data/spec/unit/defaults_spec.rb +68 -54
- data/spec/unit/environments_spec.rb +68 -259
- data/spec/unit/face/node_spec.rb +11 -0
- data/spec/unit/face/plugin_spec.rb +73 -33
- data/spec/unit/file_bucket/file_spec.rb +1 -1
- data/spec/unit/file_serving/configuration/parser_spec.rb +15 -18
- data/spec/unit/file_serving/configuration_spec.rb +6 -12
- data/spec/unit/file_serving/fileset_spec.rb +0 -60
- data/spec/unit/file_serving/metadata_spec.rb +3 -3
- data/spec/unit/file_serving/terminus_helper_spec.rb +4 -11
- data/spec/unit/file_system_spec.rb +0 -15
- data/spec/unit/forge/module_release_spec.rb +7 -2
- data/spec/unit/functions/assert_type_spec.rb +1 -1
- data/spec/unit/functions/camelcase_spec.rb +1 -1
- data/spec/unit/functions/capitalize_spec.rb +1 -1
- data/spec/unit/functions/downcase_spec.rb +1 -1
- data/spec/unit/functions/empty_spec.rb +0 -10
- data/spec/unit/functions/unwrap_spec.rb +0 -8
- data/spec/unit/functions/upcase_spec.rb +1 -1
- data/spec/unit/functions4_spec.rb +2 -2
- data/spec/unit/gettext/config_spec.rb +0 -12
- data/spec/unit/http/client_spec.rb +7 -8
- data/spec/unit/{network/resolver_spec.rb → http/dns_spec.rb} +3 -3
- data/spec/unit/http/external_client_spec.rb +4 -4
- data/spec/unit/{network/http → http}/factory_spec.rb +5 -30
- data/spec/unit/{network/http/session_spec.rb → http/pool_entry_spec.rb} +3 -3
- data/spec/unit/{network/http → http}/pool_spec.rb +12 -17
- data/spec/unit/{util/http_proxy_spec.rb → http/proxy_spec.rb} +2 -69
- data/spec/unit/http/resolver_spec.rb +13 -13
- data/spec/unit/http/service/compiler_spec.rb +0 -185
- data/spec/unit/http/service/file_server_spec.rb +3 -3
- data/spec/unit/http/service/puppetserver_spec.rb +34 -4
- data/spec/unit/http/service_spec.rb +0 -1
- data/spec/unit/http/session_spec.rb +16 -14
- data/spec/unit/{network/http → http}/site_spec.rb +3 -3
- data/spec/unit/indirector/catalog/compiler_spec.rb +10 -14
- data/spec/unit/indirector/face_spec.rb +1 -0
- data/spec/unit/indirector/facts/facter_spec.rb +3 -0
- data/spec/unit/indirector/file_bucket_file/file_spec.rb +5 -3
- data/spec/unit/indirector/file_bucket_file/selector_spec.rb +8 -26
- data/spec/unit/indirector/file_content/rest_spec.rb +0 -4
- data/spec/unit/indirector/file_metadata/rest_spec.rb +0 -4
- data/spec/unit/indirector/file_server_spec.rb +1 -15
- data/spec/unit/indirector/indirection_spec.rb +12 -8
- data/spec/unit/indirector/report/rest_spec.rb +2 -17
- data/spec/unit/indirector/request_spec.rb +0 -264
- data/spec/unit/indirector/resource/ral_spec.rb +75 -40
- data/spec/unit/indirector/rest_spec.rb +98 -752
- data/spec/unit/indirector_spec.rb +2 -2
- data/spec/unit/module_tool/applications/installer_spec.rb +0 -78
- data/spec/unit/network/authconfig_spec.rb +2 -129
- data/spec/unit/network/authorization_spec.rb +2 -55
- data/spec/unit/network/formats_spec.rb +4 -45
- data/spec/unit/network/http/api/indirected_routes_spec.rb +5 -92
- data/spec/unit/network/http/api/master/v3_spec.rb +28 -7
- data/spec/unit/network/http/api_spec.rb +10 -0
- data/spec/unit/network/http/connection_spec.rb +19 -41
- data/spec/unit/network/http/handler_spec.rb +0 -1
- data/spec/unit/network/http_pool_spec.rb +0 -4
- data/spec/unit/node/environment_spec.rb +33 -21
- data/spec/unit/node_spec.rb +2 -54
- data/spec/unit/parser/compiler_spec.rb +19 -3
- data/spec/unit/parser/functions/create_resources_spec.rb +2 -20
- data/spec/unit/parser/functions/fqdn_rand_spec.rb +1 -15
- data/spec/unit/parser/resource_spec.rb +8 -14
- data/spec/unit/parser/templatewrapper_spec.rb +5 -16
- data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +4 -7
- data/spec/unit/pops/loaders/loaders_spec.rb +6 -21
- data/spec/unit/pops/parser/parse_application_spec.rb +4 -22
- data/spec/unit/pops/parser/parse_basic_expressions_spec.rb +0 -1
- data/spec/unit/pops/parser/parse_capabilities_spec.rb +8 -21
- data/spec/unit/pops/parser/parse_site_spec.rb +20 -24
- data/spec/unit/pops/resource/resource_type_impl_spec.rb +0 -71
- data/spec/unit/pops/serialization/to_from_hr_spec.rb +1 -1
- data/spec/unit/pops/types/p_sem_ver_type_spec.rb +0 -18
- data/spec/unit/pops/types/p_sensitive_type_spec.rb +0 -18
- data/spec/unit/pops/types/type_calculator_spec.rb +6 -6
- data/spec/unit/pops/types/type_factory_spec.rb +1 -1
- data/spec/unit/pops/validator/validator_spec.rb +61 -46
- data/spec/unit/pops/visitor_spec.rb +1 -1
- data/spec/unit/property_spec.rb +0 -1
- data/spec/unit/provider/group/groupadd_spec.rb +2 -5
- data/spec/unit/provider/nameservice_spec.rb +64 -122
- data/spec/unit/provider/package/apt_spec.rb +23 -28
- data/spec/unit/provider/package/aptitude_spec.rb +1 -1
- data/spec/unit/provider/package/base_spec.rb +5 -6
- data/spec/unit/provider/package/dnfmodule_spec.rb +1 -10
- data/spec/unit/provider/package/dpkg_spec.rb +0 -48
- data/spec/unit/provider/package/gem_spec.rb +32 -0
- data/spec/unit/provider/package/nim_spec.rb +0 -42
- data/spec/unit/provider/package/pacman_spec.rb +12 -18
- data/spec/unit/provider/package/pip_spec.rb +11 -43
- data/spec/unit/provider/package/pkgdmg_spec.rb +4 -0
- data/spec/unit/provider/package/puppet_gem_spec.rb +3 -2
- data/spec/unit/provider/parsedfile_spec.rb +0 -10
- data/spec/unit/provider/service/init_spec.rb +0 -1
- data/spec/unit/provider/service/openwrt_spec.rb +1 -3
- data/spec/unit/provider/service/smf_spec.rb +401 -165
- data/spec/unit/provider/service/systemd_spec.rb +8 -53
- data/spec/unit/provider/service/windows_spec.rb +0 -203
- data/spec/unit/provider/user/aix_spec.rb +0 -5
- data/spec/unit/provider/user/directoryservice_spec.rb +35 -67
- data/spec/unit/provider/user/hpux_spec.rb +1 -1
- data/spec/unit/provider/user/pw_spec.rb +0 -2
- data/spec/unit/provider/user/useradd_spec.rb +3 -71
- data/spec/unit/provider_spec.rb +8 -18
- data/spec/unit/resource/catalog_spec.rb +1 -1
- data/spec/unit/resource/type_collection_spec.rb +2 -22
- data/spec/unit/resource/type_spec.rb +1 -1
- data/spec/unit/resource_spec.rb +10 -67
- data/spec/unit/settings/http_extra_headers_spec.rb +2 -4
- data/spec/unit/settings/integer_setting_spec.rb +42 -0
- data/spec/unit/settings/port_setting_spec.rb +31 -0
- data/spec/unit/settings/priority_setting_spec.rb +4 -4
- data/spec/unit/settings_spec.rb +79 -110
- data/spec/unit/ssl/base_spec.rb +37 -3
- data/spec/unit/ssl/certificate_request_spec.rb +15 -45
- data/spec/unit/ssl/certificate_spec.rb +2 -11
- data/spec/unit/ssl/ssl_provider_spec.rb +2 -5
- data/spec/unit/ssl/state_machine_spec.rb +5 -20
- data/spec/unit/ssl/verifier_spec.rb +0 -21
- data/spec/unit/transaction/additional_resource_generator_spec.rb +9 -3
- data/spec/unit/transaction/event_manager_spec.rb +11 -14
- data/spec/unit/transaction/report_spec.rb +0 -2
- data/spec/unit/transaction/resource_harness_spec.rb +2 -2
- data/spec/unit/transaction_spec.rb +55 -96
- data/spec/unit/type/exec_spec.rb +29 -76
- data/spec/unit/type/file/checksum_spec.rb +6 -6
- data/spec/unit/type/file/content_spec.rb +2 -1
- data/spec/unit/type/file/ensure_spec.rb +1 -1
- data/spec/unit/type/file/mode_spec.rb +1 -1
- data/spec/unit/type/file/selinux_spec.rb +5 -3
- data/spec/unit/type/file/source_spec.rb +4 -5
- data/spec/unit/type/file_spec.rb +18 -6
- data/spec/unit/type/group_spec.rb +6 -13
- data/spec/unit/type/package_spec.rb +1 -1
- data/spec/unit/type/resources_spec.rb +7 -7
- data/spec/unit/type/service_spec.rb +189 -60
- data/spec/unit/type/tidy_spec.rb +8 -24
- data/spec/unit/type/user_spec.rb +0 -45
- data/spec/unit/type_spec.rb +22 -2
- data/spec/unit/util/at_fork_spec.rb +2 -2
- data/spec/unit/util/autoload_spec.rb +1 -5
- data/spec/unit/util/backups_spec.rb +2 -3
- data/spec/unit/util/execution_spec.rb +11 -44
- data/spec/unit/util/inifile_spec.rb +14 -6
- data/spec/unit/util/log_spec.rb +7 -8
- data/spec/unit/util/logging_spec.rb +3 -3
- data/spec/unit/util/monkey_patches_spec.rb +0 -6
- data/spec/unit/util/posix_spec.rb +15 -363
- data/spec/unit/util/run_mode_spec.rb +21 -121
- data/spec/unit/util/selinux_spec.rb +68 -163
- data/spec/unit/util/storage_spec.rb +1 -3
- data/spec/unit/util/suidmanager_spec.rb +41 -44
- data/spec/unit/util/windows/sid_spec.rb +0 -41
- data/spec/unit/util/windows/string_spec.rb +1 -3
- data/spec/unit/util/yaml_spec.rb +0 -54
- data/spec/unit/util_spec.rb +6 -31
- data/tasks/generate_cert_fixtures.rake +3 -12
- metadata +45 -253
- data/conf/auth.conf +0 -150
- data/lib/puppet/application/cert.rb +0 -76
- data/lib/puppet/application/key.rb +0 -4
- data/lib/puppet/application/man.rb +0 -4
- data/lib/puppet/application/status.rb +0 -4
- data/lib/puppet/face/key.rb +0 -16
- data/lib/puppet/face/man.rb +0 -145
- data/lib/puppet/face/module/build.rb +0 -14
- data/lib/puppet/face/module/generate.rb +0 -14
- data/lib/puppet/face/module/search.rb +0 -103
- data/lib/puppet/face/status.rb +0 -51
- data/lib/puppet/ffi/posix.rb +0 -10
- data/lib/puppet/ffi/posix/constants.rb +0 -14
- data/lib/puppet/ffi/posix/functions.rb +0 -24
- data/lib/puppet/indirector/certificate/file.rb +0 -9
- data/lib/puppet/indirector/certificate/rest.rb +0 -18
- data/lib/puppet/indirector/certificate_request/file.rb +0 -9
- data/lib/puppet/indirector/certificate_request/memory.rb +0 -7
- data/lib/puppet/indirector/certificate_request/rest.rb +0 -11
- data/lib/puppet/indirector/file_content/http.rb +0 -22
- data/lib/puppet/indirector/key/file.rb +0 -46
- data/lib/puppet/indirector/key/memory.rb +0 -7
- data/lib/puppet/indirector/ssl_file.rb +0 -162
- data/lib/puppet/indirector/status.rb +0 -3
- data/lib/puppet/indirector/status/local.rb +0 -12
- data/lib/puppet/indirector/status/rest.rb +0 -27
- data/lib/puppet/module_tool/applications/searcher.rb +0 -29
- data/lib/puppet/network/auth_config_parser.rb +0 -90
- data/lib/puppet/network/authstore.rb +0 -283
- data/lib/puppet/network/http/api/master/v3/authorization.rb +0 -18
- data/lib/puppet/network/http/api/master/v3/environment.rb +0 -88
- data/lib/puppet/network/http/base_pool.rb +0 -36
- data/lib/puppet/network/http/compression.rb +0 -127
- data/lib/puppet/network/http/connection_adapter.rb +0 -184
- data/lib/puppet/network/http/nocache_pool.rb +0 -28
- data/lib/puppet/network/rest_controller.rb +0 -2
- data/lib/puppet/network/rights.rb +0 -210
- data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +0 -66
- data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +0 -22
- data/lib/puppet/parser/environment_compiler.rb +0 -202
- data/lib/puppet/pops/types/enumeration.rb +0 -16
- data/lib/puppet/resource/capability_finder.rb +0 -154
- data/lib/puppet/rest/errors.rb +0 -15
- data/lib/puppet/rest/response.rb +0 -35
- data/lib/puppet/rest/route.rb +0 -85
- data/lib/puppet/rest/routes.rb +0 -135
- data/lib/puppet/settings/alias_setting.rb +0 -37
- data/lib/puppet/ssl/host.rb +0 -505
- data/lib/puppet/ssl/key.rb +0 -61
- data/lib/puppet/ssl/validator.rb +0 -61
- data/lib/puppet/ssl/validator/default_validator.rb +0 -209
- data/lib/puppet/ssl/validator/no_validator.rb +0 -22
- data/lib/puppet/ssl/verifier_adapter.rb +0 -58
- data/lib/puppet/status.rb +0 -40
- data/lib/puppet/util/connection.rb +0 -88
- data/lib/puppet/util/fact_dif.rb +0 -81
- data/lib/puppet/util/ssl.rb +0 -83
- data/lib/puppet/util/windows/api_types.rb +0 -309
- data/lib/puppet/util/windows/monkey_patches/dir.rb +0 -40
- data/lib/puppet/vendor/load_pathspec.rb +0 -1
- data/lib/puppet/vendor/pathspec/CHANGELOG.md +0 -2
- data/lib/puppet/vendor/pathspec/LICENSE +0 -201
- data/lib/puppet/vendor/pathspec/PUPPET_README.md +0 -6
- data/lib/puppet/vendor/pathspec/README.md +0 -53
- data/lib/puppet/vendor/pathspec/lib/pathspec.rb +0 -122
- data/lib/puppet/vendor/pathspec/lib/pathspec/gitignorespec.rb +0 -275
- data/lib/puppet/vendor/pathspec/lib/pathspec/regexspec.rb +0 -17
- data/lib/puppet/vendor/pathspec/lib/pathspec/spec.rb +0 -14
- data/man/man8/puppet-key.8 +0 -126
- data/man/man8/puppet-man.8 +0 -76
- data/man/man8/puppet-status.8 +0 -108
- data/spec/fixtures/integration/application/agent/cached_deferred_catalog.json +0 -91
- data/spec/fixtures/ssl/oid-key.pem +0 -117
- data/spec/fixtures/ssl/oid.pem +0 -69
- data/spec/fixtures/ssl/trusted_oid_mapping.yaml +0 -5
- data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services_vendor_preset +0 -9
- data/spec/integration/application/resource_spec.rb +0 -64
- data/spec/integration/application/ssl_spec.rb +0 -20
- data/spec/integration/network/authconfig_spec.rb +0 -256
- data/spec/integration/util/windows/monkey_patches/dir_spec.rb +0 -11
- data/spec/unit/application/man_spec.rb +0 -52
- data/spec/unit/capability_spec.rb +0 -414
- data/spec/unit/face/key_spec.rb +0 -9
- data/spec/unit/face/module/search_spec.rb +0 -231
- data/spec/unit/face/status_spec.rb +0 -9
- data/spec/unit/indirector/certificate/file_spec.rb +0 -14
- data/spec/unit/indirector/certificate/rest_spec.rb +0 -61
- data/spec/unit/indirector/certificate_request/file_spec.rb +0 -14
- data/spec/unit/indirector/certificate_request/rest_spec.rb +0 -25
- data/spec/unit/indirector/key/file_spec.rb +0 -78
- data/spec/unit/indirector/ssl_file_spec.rb +0 -305
- data/spec/unit/indirector/status/local_spec.rb +0 -10
- data/spec/unit/indirector/status/rest_spec.rb +0 -50
- data/spec/unit/module_tool/applications/searcher_spec.rb +0 -38
- data/spec/unit/network/auth_config_parser_spec.rb +0 -115
- data/spec/unit/network/authstore_spec.rb +0 -422
- data/spec/unit/network/http/api/master/v3/authorization_spec.rb +0 -57
- data/spec/unit/network/http/api/master/v3/environment_spec.rb +0 -185
- data/spec/unit/network/http/compression_spec.rb +0 -240
- data/spec/unit/network/http/nocache_pool_spec.rb +0 -64
- data/spec/unit/network/http_spec.rb +0 -9
- data/spec/unit/network/rights_spec.rb +0 -439
- data/spec/unit/parser/environment_compiler_spec.rb +0 -730
- data/spec/unit/pops/evaluator/deferred_resolver_spec.rb +0 -20
- data/spec/unit/pops/types/enumeration_spec.rb +0 -51
- data/spec/unit/resource/capability_finder_spec.rb +0 -148
- data/spec/unit/rest/route_spec.rb +0 -132
- data/spec/unit/ssl/host_spec.rb +0 -645
- data/spec/unit/ssl/key_spec.rb +0 -173
- data/spec/unit/ssl/validator_spec.rb +0 -278
- data/spec/unit/status_spec.rb +0 -45
- data/spec/unit/util/ssl_spec.rb +0 -91
@@ -1,88 +0,0 @@
|
|
1
|
-
require 'puppet'
|
2
|
-
require 'puppet/util/warnings'
|
3
|
-
|
4
|
-
module Puppet::Util
|
5
|
-
module Connection
|
6
|
-
extend Puppet::Util::Warnings
|
7
|
-
|
8
|
-
# The logic for server and port is kind of gross. In summary:
|
9
|
-
# IF an endpoint-specific setting is requested AND that setting has been set by the user
|
10
|
-
# Use that setting.
|
11
|
-
# The defaults for these settings are the "normal" server/serverport settings, so
|
12
|
-
# when they are unset we instead want to "fall back" to the failover-selected
|
13
|
-
# host/port pair.
|
14
|
-
# ELSE IF we have a failover-selected host/port
|
15
|
-
# Use what the failover logic came up with
|
16
|
-
# ELSE IF the server_list setting is in use
|
17
|
-
# Use the first entry - failover hasn't happened yet, but that
|
18
|
-
# setting is still authoritative
|
19
|
-
# ELSE
|
20
|
-
# Go for the legacy server/serverport settings, and hope for the best
|
21
|
-
|
22
|
-
# Determines which server to use based on the specified setting, taking into
|
23
|
-
# account HA fallback from server_list.
|
24
|
-
# @param [Symbol] setting The preferred server setting to use
|
25
|
-
# @return [String] the name of the server for use in the request
|
26
|
-
def self.determine_server(setting)
|
27
|
-
if setting && setting != :server && Puppet.settings.set_by_config?(setting)
|
28
|
-
debug_once _("Selected server from the %{setting} setting: %{server}") % {setting: setting, server: Puppet.settings[setting]}
|
29
|
-
Puppet[setting]
|
30
|
-
else
|
31
|
-
server = Puppet.lookup(:server) do
|
32
|
-
primary_server = Puppet.settings[:server_list][0]
|
33
|
-
if primary_server
|
34
|
-
#TRANSLATORS 'server_list' is the name of a setting and should not be translated
|
35
|
-
debug_once _("Dynamically-bound server lookup failed; using first entry from the `server_list` setting: %{server}") % {server: primary_server[0]}
|
36
|
-
primary_server[0]
|
37
|
-
else
|
38
|
-
setting ||= :server
|
39
|
-
debug_once _("Dynamically-bound server lookup failed, falling back to %{setting} setting: %{server}") % {setting: setting, server: Puppet.settings[setting]}
|
40
|
-
Puppet.settings[setting]
|
41
|
-
end
|
42
|
-
end
|
43
|
-
server
|
44
|
-
end
|
45
|
-
end
|
46
|
-
|
47
|
-
# Determines which port to use based on the specified setting, taking into
|
48
|
-
# account HA fallback from server_list.
|
49
|
-
# For port there's a little bit of an extra snag: setting a specific
|
50
|
-
# server setting and relying on the default port for that server is
|
51
|
-
# common, so we also want to check if the assocaited SERVER setting
|
52
|
-
# has been set by the user. If either of those are set we ignore the
|
53
|
-
# failover-selected port.
|
54
|
-
# @param [Symbol] port_setting The preferred port setting to use
|
55
|
-
# @param [Symbol] server_setting The server setting assoicated with this route.
|
56
|
-
# @return [Integer] the port to use for use in the request
|
57
|
-
def self.determine_port(port_setting, server_setting)
|
58
|
-
if (port_setting && port_setting != :serverport && Puppet.settings.set_by_config?(port_setting)) ||
|
59
|
-
(server_setting && server_setting != :server && Puppet.settings.set_by_config?(server_setting))
|
60
|
-
debug_once _("Selected port from the %{setting} setting: %{port}") % {setting: port_setting, port: Puppet.settings[port_setting].to_i}
|
61
|
-
Puppet.settings[port_setting].to_i
|
62
|
-
else
|
63
|
-
port = Puppet.lookup(:serverport) do
|
64
|
-
primary_server = Puppet.settings[:server_list][0]
|
65
|
-
if primary_server
|
66
|
-
# Port might not be set, so we want to fallback in that
|
67
|
-
# case. We know we don't need to use `setting` here, since
|
68
|
-
# the default value of every port setting is `serverport`
|
69
|
-
if primary_server[1]
|
70
|
-
#TRANSLATORS 'server_list' is the name of a setting and should not be translated
|
71
|
-
debug_once _("Dynamically-bound port lookup failed; using first entry from the `server_list` setting: %{port}") % {port: primary_server[1]}
|
72
|
-
primary_server[1]
|
73
|
-
else
|
74
|
-
#TRANSLATORS 'serverport' is the name of a setting and should not be translated
|
75
|
-
debug_once _("Dynamically-bound port lookup failed; falling back to `serverport` setting: %{port}") % {port: Puppet.settings[:serverport]}
|
76
|
-
Puppet.settings[:serverport]
|
77
|
-
end
|
78
|
-
else
|
79
|
-
port_setting ||= :serverport
|
80
|
-
debug_once _("Dynamically-bound port lookup failed; falling back to %{setting} setting: %{port}") % {setting: port_setting, port: Puppet.settings[port_setting]}
|
81
|
-
Puppet.settings[port_setting]
|
82
|
-
end
|
83
|
-
end
|
84
|
-
port.to_i
|
85
|
-
end
|
86
|
-
end
|
87
|
-
end
|
88
|
-
end
|
data/lib/puppet/util/fact_dif.rb
DELETED
@@ -1,81 +0,0 @@
|
|
1
|
-
require 'json'
|
2
|
-
|
3
|
-
class FactDif
|
4
|
-
def initialize(old_output, new_output, exclude_list, save_structured)
|
5
|
-
@c_facter = JSON.parse(old_output)
|
6
|
-
@next_facter = JSON.parse(new_output)
|
7
|
-
@exclude_list = exclude_list
|
8
|
-
@save_structured = save_structured
|
9
|
-
@flat_diff = []
|
10
|
-
@diff = {}
|
11
|
-
end
|
12
|
-
|
13
|
-
def difs
|
14
|
-
search_hash(((@c_facter.to_a - @next_facter.to_a) | (@next_facter.to_a - @c_facter.to_a)).to_h)
|
15
|
-
|
16
|
-
@flat_diff.sort_by { |a| a[0] }.each do |pair|
|
17
|
-
fact_path = pair[0]
|
18
|
-
value = pair[1]
|
19
|
-
compare(fact_path, value, @c_facter)
|
20
|
-
compare(fact_path, value, @next_facter)
|
21
|
-
end
|
22
|
-
|
23
|
-
@diff
|
24
|
-
end
|
25
|
-
|
26
|
-
private
|
27
|
-
|
28
|
-
def search_hash(sh, path = [])
|
29
|
-
if sh.is_a?(Hash)
|
30
|
-
sh.each do |k, v|
|
31
|
-
search_hash(v, path.push(k))
|
32
|
-
path.pop
|
33
|
-
end
|
34
|
-
elsif sh.is_a?(Array)
|
35
|
-
sh.each_with_index do |v, index|
|
36
|
-
search_hash(v, path.push(index))
|
37
|
-
path.pop
|
38
|
-
end
|
39
|
-
else
|
40
|
-
@flat_diff.push([path.dup, sh])
|
41
|
-
end
|
42
|
-
end
|
43
|
-
|
44
|
-
def compare(fact_path, given_value, compared_hash)
|
45
|
-
compared_value = compared_hash.dig(*fact_path)
|
46
|
-
if different?(compared_value, given_value) && !excluded?(fact_path.join('.'))
|
47
|
-
fact_path = fact_path.map{|f| f.to_s.include?('.') ? "\"#{f}\"" : f}.join('.') unless @save_structured
|
48
|
-
if compared_hash == @c_facter
|
49
|
-
bury(*fact_path, { :new_value => given_value, :old_value => compared_value }, @diff)
|
50
|
-
else
|
51
|
-
bury(*fact_path, { :new_value => compared_value, :old_value => given_value }, @diff)
|
52
|
-
end
|
53
|
-
end
|
54
|
-
end
|
55
|
-
|
56
|
-
def bury(*paths, value, hash)
|
57
|
-
if paths.count > 1
|
58
|
-
path = paths.shift
|
59
|
-
hash[path] = Hash.new unless hash.key?(path)
|
60
|
-
bury(*paths, value, hash[path])
|
61
|
-
else
|
62
|
-
hash[*paths] = value
|
63
|
-
end
|
64
|
-
end
|
65
|
-
|
66
|
-
def different?(new, old)
|
67
|
-
if old.is_a?(String) && new.is_a?(String) && (old.include?(',') || new.include?(','))
|
68
|
-
old_values = old.split(',')
|
69
|
-
new_values = new.split(',')
|
70
|
-
|
71
|
-
diff = (old_values - new_values) | (new_values - old_values)
|
72
|
-
return diff.size.positive?
|
73
|
-
end
|
74
|
-
|
75
|
-
old != new
|
76
|
-
end
|
77
|
-
|
78
|
-
def excluded?(fact_name)
|
79
|
-
@exclude_list.any? {|excluded_fact| fact_name =~ /#{excluded_fact}/}
|
80
|
-
end
|
81
|
-
end
|
data/lib/puppet/util/ssl.rb
DELETED
@@ -1,83 +0,0 @@
|
|
1
|
-
require 'puppet/ssl/openssl_loader'
|
2
|
-
|
3
|
-
##
|
4
|
-
# SSL is a private module with class methods that help work with x.509
|
5
|
-
# subjects and errors.
|
6
|
-
#
|
7
|
-
# @api private
|
8
|
-
module Puppet::Util::SSL
|
9
|
-
|
10
|
-
@@dn_parsers = nil
|
11
|
-
@@no_name = nil
|
12
|
-
|
13
|
-
# Given a DN string, parse it into an OpenSSL certificate subject. This
|
14
|
-
# method will flexibly handle both OpenSSL and RFC2253 formats, as given by
|
15
|
-
# nginx and Apache, respectively.
|
16
|
-
#
|
17
|
-
# @param [String] dn the x.509 Distinguished Name (DN) string.
|
18
|
-
#
|
19
|
-
# @return [OpenSSL::X509::Name] the certificate subject
|
20
|
-
def self.subject_from_dn(dn)
|
21
|
-
if is_possibly_valid_dn?(dn)
|
22
|
-
parsers = @@dn_parsers ||= [
|
23
|
-
OpenSSL::X509::Name.method(:parse_rfc2253),
|
24
|
-
OpenSSL::X509::Name.method(:parse_openssl)
|
25
|
-
]
|
26
|
-
parsers.each do |parser|
|
27
|
-
begin
|
28
|
-
return parser.call(dn)
|
29
|
-
rescue OpenSSL::X509::NameError
|
30
|
-
end
|
31
|
-
end
|
32
|
-
end
|
33
|
-
|
34
|
-
@@no_name ||= OpenSSL::X509::Name.new
|
35
|
-
end
|
36
|
-
|
37
|
-
##
|
38
|
-
# cn_from_subject extracts the CN from the given OpenSSL certificate
|
39
|
-
# subject.
|
40
|
-
#
|
41
|
-
# @api private
|
42
|
-
#
|
43
|
-
# @param [OpenSSL::X509::Name] subject the subject to extract the CN field from
|
44
|
-
#
|
45
|
-
# @return [String, nil] the CN, or nil if not found
|
46
|
-
def self.cn_from_subject(subject)
|
47
|
-
if subject.respond_to? :to_a
|
48
|
-
(subject.to_a.assoc('CN') || [])[1]
|
49
|
-
end
|
50
|
-
end
|
51
|
-
|
52
|
-
def self.is_possibly_valid_dn?(dn)
|
53
|
-
dn =~ /=/
|
54
|
-
end
|
55
|
-
|
56
|
-
##
|
57
|
-
# Extract and format meaningful error messages from OpenSSL::OpenSSLErrors
|
58
|
-
# and a Validator. Re-raises the error if unknown.
|
59
|
-
#
|
60
|
-
# @api private
|
61
|
-
#
|
62
|
-
# @param [OpenSSL::OpenSSLError] error An error thrown during creating a
|
63
|
-
# connection
|
64
|
-
# @param [Puppet::SSL::DefaultValidator] verifier A Validator who may have
|
65
|
-
# invalidated the connection
|
66
|
-
# @param [String] host The DNS name of the other end of the SSL connection
|
67
|
-
#
|
68
|
-
# @raises [Puppet::Error, OpenSSL::OpenSSLError]
|
69
|
-
def self.handle_connection_error(error, verifier, host)
|
70
|
-
# can be nil
|
71
|
-
peer_cert = verifier.peer_certs.last
|
72
|
-
|
73
|
-
if error.message.include? "certificate verify failed"
|
74
|
-
msg = error.message
|
75
|
-
msg << ": [" + verifier.verify_errors.join('; ') + "]"
|
76
|
-
raise Puppet::Error, msg, error.backtrace
|
77
|
-
elsif peer_cert && !OpenSSL::SSL.verify_certificate_identity(peer_cert, host)
|
78
|
-
raise Puppet::SSL::CertMismatchError.new(peer_cert, host)
|
79
|
-
else
|
80
|
-
raise error
|
81
|
-
end
|
82
|
-
end
|
83
|
-
end
|
@@ -1,309 +0,0 @@
|
|
1
|
-
require 'ffi'
|
2
|
-
require 'puppet/util/windows/string'
|
3
|
-
|
4
|
-
module Puppet::Util::Windows::APITypes
|
5
|
-
module ::FFI
|
6
|
-
WIN32_FALSE = 0
|
7
|
-
|
8
|
-
# standard Win32 error codes
|
9
|
-
ERROR_SUCCESS = 0
|
10
|
-
end
|
11
|
-
|
12
|
-
module ::FFI::Library
|
13
|
-
# Wrapper method for attach_function + private
|
14
|
-
def attach_function_private(*args)
|
15
|
-
attach_function(*args)
|
16
|
-
private args[0]
|
17
|
-
end
|
18
|
-
end
|
19
|
-
|
20
|
-
class ::FFI::Pointer
|
21
|
-
NULL_HANDLE = 0
|
22
|
-
WCHAR_NULL = "\0\0".force_encoding('UTF-16LE').freeze
|
23
|
-
|
24
|
-
def self.from_string_to_wide_string(str, &block)
|
25
|
-
str = Puppet::Util::Windows::String.wide_string(str)
|
26
|
-
FFI::MemoryPointer.from_wide_string(str, &block)
|
27
|
-
|
28
|
-
# ptr has already had free called, so nothing to return
|
29
|
-
nil
|
30
|
-
end
|
31
|
-
|
32
|
-
def read_win32_bool
|
33
|
-
# BOOL is always a 32-bit integer in Win32
|
34
|
-
# some Win32 APIs return 1 for true, while others are non-0
|
35
|
-
read_int32 != FFI::WIN32_FALSE
|
36
|
-
end
|
37
|
-
|
38
|
-
alias_method :read_dword, :read_uint32
|
39
|
-
alias_method :read_win32_ulong, :read_uint32
|
40
|
-
alias_method :read_qword, :read_uint64
|
41
|
-
|
42
|
-
alias_method :read_hresult, :read_int32
|
43
|
-
|
44
|
-
def read_handle
|
45
|
-
type_size == 4 ? read_uint32 : read_uint64
|
46
|
-
end
|
47
|
-
|
48
|
-
alias_method :read_wchar, :read_uint16
|
49
|
-
alias_method :read_word, :read_uint16
|
50
|
-
alias_method :read_array_of_wchar, :read_array_of_uint16
|
51
|
-
|
52
|
-
def read_wide_string(char_length, dst_encoding = Encoding::UTF_8, strip = false, encode_options = {})
|
53
|
-
# char_length is number of wide chars (typically excluding NULLs), *not* bytes
|
54
|
-
str = get_bytes(0, char_length * 2).force_encoding('UTF-16LE')
|
55
|
-
|
56
|
-
if strip
|
57
|
-
i = str.index(WCHAR_NULL)
|
58
|
-
str = str[0, i] if i
|
59
|
-
end
|
60
|
-
|
61
|
-
str.encode(dst_encoding, str.encoding, encode_options)
|
62
|
-
rescue EncodingError => e
|
63
|
-
Puppet.debug { "Unable to convert value #{str.nil? ? 'nil' : str.dump} to encoding #{dst_encoding} due to #{e.inspect}" }
|
64
|
-
raise
|
65
|
-
end
|
66
|
-
|
67
|
-
# @param max_char_length [Integer] Maximum number of wide chars to return (typically excluding NULLs), *not* bytes
|
68
|
-
# @param null_terminator [Symbol] Number of number of null wchar characters, *not* bytes, that determine the end of the string
|
69
|
-
# null_terminator = :single_null, then the terminating sequence is two bytes of zero. This is UNIT16 = 0
|
70
|
-
# null_terminator = :double_null, then the terminating sequence is four bytes of zero. This is UNIT32 = 0
|
71
|
-
# @param encode_options [Hash] Accepts the same option hash that may be passed to String#encode in Ruby
|
72
|
-
def read_arbitrary_wide_string_up_to(max_char_length = 512, null_terminator = :single_null, encode_options = {})
|
73
|
-
idx = case null_terminator
|
74
|
-
when :single_null
|
75
|
-
# find index of wide null between 0 and max (exclusive)
|
76
|
-
(0...max_char_length).find do |i|
|
77
|
-
get_uint16(i * 2) == 0
|
78
|
-
end
|
79
|
-
when :double_null
|
80
|
-
# find index of double-wide null between 0 and max - 1 (exclusive)
|
81
|
-
(0...max_char_length - 1).find do |i|
|
82
|
-
get_uint32(i * 2) == 0
|
83
|
-
end
|
84
|
-
else
|
85
|
-
raise _("Unable to read wide strings with %{null_terminator} terminal nulls") % { null_terminator: null_terminator }
|
86
|
-
end
|
87
|
-
|
88
|
-
read_wide_string(idx || max_char_length, Encoding::UTF_8, false, encode_options)
|
89
|
-
end
|
90
|
-
|
91
|
-
def read_win32_local_pointer(&block)
|
92
|
-
ptr = read_pointer
|
93
|
-
begin
|
94
|
-
yield ptr
|
95
|
-
ensure
|
96
|
-
if !ptr.null? && FFI::WIN32::LocalFree(ptr.address) != FFI::Pointer::NULL_HANDLE
|
97
|
-
Puppet.debug "LocalFree memory leak"
|
98
|
-
end
|
99
|
-
end
|
100
|
-
|
101
|
-
# ptr has already had LocalFree called, so nothing to return
|
102
|
-
nil
|
103
|
-
end
|
104
|
-
|
105
|
-
def read_com_memory_pointer(&block)
|
106
|
-
ptr = read_pointer
|
107
|
-
begin
|
108
|
-
yield ptr
|
109
|
-
ensure
|
110
|
-
FFI::WIN32::CoTaskMemFree(ptr) unless ptr.null?
|
111
|
-
end
|
112
|
-
|
113
|
-
# ptr has already had CoTaskMemFree called, so nothing to return
|
114
|
-
nil
|
115
|
-
end
|
116
|
-
|
117
|
-
alias_method :write_dword, :write_uint32
|
118
|
-
alias_method :write_word, :write_uint16
|
119
|
-
end
|
120
|
-
|
121
|
-
class FFI::MemoryPointer
|
122
|
-
# Return a MemoryPointer that points to wide string. This is analogous to the
|
123
|
-
# FFI::MemoryPointer.from_string method.
|
124
|
-
def self.from_wide_string(wstr)
|
125
|
-
ptr = FFI::MemoryPointer.new(:uchar, wstr.bytesize + 2)
|
126
|
-
ptr.put_array_of_uchar(0, wstr.bytes.to_a)
|
127
|
-
ptr.put_uint16(wstr.bytesize, 0)
|
128
|
-
|
129
|
-
yield ptr if block_given?
|
130
|
-
|
131
|
-
ptr
|
132
|
-
end
|
133
|
-
end
|
134
|
-
|
135
|
-
# FFI Types
|
136
|
-
# https://github.com/ffi/ffi/wiki/Types
|
137
|
-
|
138
|
-
# Windows - Common Data Types
|
139
|
-
# https://msdn.microsoft.com/en-us/library/cc230309.aspx
|
140
|
-
|
141
|
-
# Windows Data Types
|
142
|
-
# https://msdn.microsoft.com/en-us/library/windows/desktop/aa383751(v=vs.85).aspx
|
143
|
-
|
144
|
-
FFI.typedef :uint16, :word
|
145
|
-
FFI.typedef :uint32, :dword
|
146
|
-
# uintptr_t is defined in an FFI conf as platform specific, either
|
147
|
-
# ulong_long on x64 or just ulong on x86
|
148
|
-
FFI.typedef :uintptr_t, :handle
|
149
|
-
FFI.typedef :uintptr_t, :hwnd
|
150
|
-
|
151
|
-
# buffer_inout is similar to pointer (platform specific), but optimized for buffers
|
152
|
-
FFI.typedef :buffer_inout, :lpwstr
|
153
|
-
# buffer_in is similar to pointer (platform specific), but optimized for CONST read only buffers
|
154
|
-
FFI.typedef :buffer_in, :lpcwstr
|
155
|
-
FFI.typedef :buffer_in, :lpcolestr
|
156
|
-
|
157
|
-
# string is also similar to pointer, but should be used for const char *
|
158
|
-
# NOTE that this is not wide, useful only for A suffixed functions
|
159
|
-
FFI.typedef :string, :lpcstr
|
160
|
-
|
161
|
-
# pointer in FFI is platform specific
|
162
|
-
# NOTE: for API calls with reserved lpvoid parameters, pass a FFI::Pointer::NULL
|
163
|
-
FFI.typedef :pointer, :lpcvoid
|
164
|
-
FFI.typedef :pointer, :lpvoid
|
165
|
-
FFI.typedef :pointer, :lpword
|
166
|
-
FFI.typedef :pointer, :lpbyte
|
167
|
-
FFI.typedef :pointer, :lpdword
|
168
|
-
FFI.typedef :pointer, :pdword
|
169
|
-
FFI.typedef :pointer, :phandle
|
170
|
-
FFI.typedef :pointer, :ulong_ptr
|
171
|
-
FFI.typedef :pointer, :pbool
|
172
|
-
FFI.typedef :pointer, :lpunknown
|
173
|
-
|
174
|
-
# any time LONG / ULONG is in a win32 API definition DO NOT USE platform specific width
|
175
|
-
# which is what FFI uses by default
|
176
|
-
# instead create new aliases for these very special cases
|
177
|
-
# NOTE: not a good idea to redefine FFI :ulong since other typedefs may rely on it
|
178
|
-
FFI.typedef :uint32, :win32_ulong
|
179
|
-
FFI.typedef :int32, :win32_long
|
180
|
-
# FFI bool can be only 1 byte at times,
|
181
|
-
# Win32 BOOL is a signed int, and is always 4 bytes, even on x64
|
182
|
-
# https://blogs.msdn.com/b/oldnewthing/archive/2011/03/28/10146459.aspx
|
183
|
-
FFI.typedef :int32, :win32_bool
|
184
|
-
|
185
|
-
# BOOLEAN (unlike BOOL) is a BYTE - typedef unsigned char BYTE;
|
186
|
-
FFI.typedef :uchar, :boolean
|
187
|
-
|
188
|
-
# Same as a LONG, a 32-bit signed integer
|
189
|
-
FFI.typedef :int32, :hresult
|
190
|
-
|
191
|
-
# NOTE: FFI already defines (u)short as a 16-bit (un)signed like this:
|
192
|
-
# FFI.typedef :uint16, :ushort
|
193
|
-
# FFI.typedef :int16, :short
|
194
|
-
|
195
|
-
# 8 bits per byte
|
196
|
-
FFI.typedef :uchar, :byte
|
197
|
-
FFI.typedef :uint16, :wchar
|
198
|
-
|
199
|
-
# Definitions for data types used in LSA structures and functions
|
200
|
-
# https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/
|
201
|
-
# https://docs.microsoft.com/sr-latn-rs/windows/win32/secmgmt/management-data-types
|
202
|
-
FFI.typedef :pointer, :pwstr
|
203
|
-
FFI.typedef :pointer, :pulong
|
204
|
-
FFI.typedef :pointer, :lsa_handle
|
205
|
-
FFI.typedef :pointer, :plsa_handle
|
206
|
-
FFI.typedef :pointer, :psid
|
207
|
-
FFI.typedef :pointer, :pvoid
|
208
|
-
FFI.typedef :pointer, :plsa_unicode_string
|
209
|
-
FFI.typedef :pointer, :plsa_object_attributes
|
210
|
-
FFI.typedef :uint32, :ntstatus
|
211
|
-
FFI.typedef :dword, :access_mask
|
212
|
-
|
213
|
-
module ::FFI::WIN32
|
214
|
-
extend ::FFI::Library
|
215
|
-
|
216
|
-
# https://msdn.microsoft.com/en-us/library/windows/desktop/aa373931(v=vs.85).aspx
|
217
|
-
# typedef struct _GUID {
|
218
|
-
# DWORD Data1;
|
219
|
-
# WORD Data2;
|
220
|
-
# WORD Data3;
|
221
|
-
# BYTE Data4[8];
|
222
|
-
# } GUID;
|
223
|
-
class GUID < FFI::Struct
|
224
|
-
layout :Data1, :dword,
|
225
|
-
:Data2, :word,
|
226
|
-
:Data3, :word,
|
227
|
-
:Data4, [:byte, 8]
|
228
|
-
|
229
|
-
def self.[](s)
|
230
|
-
raise _('Bad GUID format.') unless s =~ /^[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}$/i
|
231
|
-
|
232
|
-
new.tap do |guid|
|
233
|
-
guid[:Data1] = s[0, 8].to_i(16)
|
234
|
-
guid[:Data2] = s[9, 4].to_i(16)
|
235
|
-
guid[:Data3] = s[14, 4].to_i(16)
|
236
|
-
guid[:Data4][0] = s[19, 2].to_i(16)
|
237
|
-
guid[:Data4][1] = s[21, 2].to_i(16)
|
238
|
-
s[24, 12].split('').each_slice(2).with_index do |a, i|
|
239
|
-
guid[:Data4][i + 2] = a.join('').to_i(16)
|
240
|
-
end
|
241
|
-
end
|
242
|
-
end
|
243
|
-
|
244
|
-
def ==(other) Windows.memcmp(other, self, size) == 0 end
|
245
|
-
end
|
246
|
-
|
247
|
-
# https://msdn.microsoft.com/en-us/library/windows/desktop/ms724950(v=vs.85).aspx
|
248
|
-
# typedef struct _SYSTEMTIME {
|
249
|
-
# WORD wYear;
|
250
|
-
# WORD wMonth;
|
251
|
-
# WORD wDayOfWeek;
|
252
|
-
# WORD wDay;
|
253
|
-
# WORD wHour;
|
254
|
-
# WORD wMinute;
|
255
|
-
# WORD wSecond;
|
256
|
-
# WORD wMilliseconds;
|
257
|
-
# } SYSTEMTIME, *PSYSTEMTIME;
|
258
|
-
class SYSTEMTIME < FFI::Struct
|
259
|
-
layout :wYear, :word,
|
260
|
-
:wMonth, :word,
|
261
|
-
:wDayOfWeek, :word,
|
262
|
-
:wDay, :word,
|
263
|
-
:wHour, :word,
|
264
|
-
:wMinute, :word,
|
265
|
-
:wSecond, :word,
|
266
|
-
:wMilliseconds, :word
|
267
|
-
|
268
|
-
def to_local_time
|
269
|
-
Time.local(self[:wYear], self[:wMonth], self[:wDay],
|
270
|
-
self[:wHour], self[:wMinute], self[:wSecond], self[:wMilliseconds] * 1000)
|
271
|
-
end
|
272
|
-
end
|
273
|
-
|
274
|
-
# https://msdn.microsoft.com/en-us/library/windows/desktop/ms724284(v=vs.85).aspx
|
275
|
-
# Contains a 64-bit value representing the number of 100-nanosecond
|
276
|
-
# intervals since January 1, 1601 (UTC).
|
277
|
-
# typedef struct _FILETIME {
|
278
|
-
# DWORD dwLowDateTime;
|
279
|
-
# DWORD dwHighDateTime;
|
280
|
-
# } FILETIME, *PFILETIME;
|
281
|
-
class FILETIME < FFI::Struct
|
282
|
-
layout :dwLowDateTime, :dword,
|
283
|
-
:dwHighDateTime, :dword
|
284
|
-
end
|
285
|
-
|
286
|
-
ffi_convention :stdcall
|
287
|
-
|
288
|
-
# https://msdn.microsoft.com/en-us/library/windows/desktop/aa366730(v=vs.85).aspx
|
289
|
-
# HLOCAL WINAPI LocalFree(
|
290
|
-
# _In_ HLOCAL hMem
|
291
|
-
# );
|
292
|
-
ffi_lib :kernel32
|
293
|
-
attach_function :LocalFree, [:handle], :handle
|
294
|
-
|
295
|
-
# https://msdn.microsoft.com/en-us/library/windows/desktop/ms724211(v=vs.85).aspx
|
296
|
-
# BOOL WINAPI CloseHandle(
|
297
|
-
# _In_ HANDLE hObject
|
298
|
-
# );
|
299
|
-
ffi_lib :kernel32
|
300
|
-
attach_function_private :CloseHandle, [:handle], :win32_bool
|
301
|
-
|
302
|
-
# https://msdn.microsoft.com/en-us/library/windows/desktop/ms680722(v=vs.85).aspx
|
303
|
-
# void CoTaskMemFree(
|
304
|
-
# _In_opt_ LPVOID pv
|
305
|
-
# );
|
306
|
-
ffi_lib :ole32
|
307
|
-
attach_function :CoTaskMemFree, [:lpvoid], :void
|
308
|
-
end
|
309
|
-
end
|