RubyGems - puppet - Versions diffs - 6.25.0-x64-mingw32 → 7.0.0-x64-mingw32 - Mend

puppet 6.25.0-x64-mingw32 → 7.0.0-x64-mingw32

Potentially problematic release.

This version of puppet might be problematic. Click here for more details.

Files changed (783) hide show

checksums.yaml +4 -4
data/CODEOWNERS +16 -2
data/CONTRIBUTING.md +5 -5
data/Gemfile +3 -5
data/Gemfile.lock +39 -51
data/README.md +5 -5
data/conf/fileserver.conf +5 -10
data/ext/README.environment +8 -0
data/ext/build_defaults.yaml +1 -1
data/ext/dbfix.sql +132 -0
data/ext/debian/README.Debian +8 -0
data/ext/debian/README.source +2 -0
data/ext/debian/TODO.Debian +1 -0
data/ext/debian/changelog.erb +1122 -0
data/ext/debian/compat +1 -0
data/ext/debian/control +144 -0
data/ext/debian/copyright +339 -0
data/ext/debian/docs +1 -0
data/ext/debian/fileserver.conf +41 -0
data/ext/debian/puppet-common.dirs +13 -0
data/ext/debian/puppet-common.install +3 -0
data/ext/debian/puppet-common.lintian-overrides +5 -0
data/ext/debian/puppet-common.manpages +28 -0
data/ext/debian/puppet-common.postinst +35 -0
data/ext/debian/puppet-common.postrm +33 -0
data/ext/debian/puppet-el.dirs +1 -0
data/ext/debian/puppet-el.emacsen-install +25 -0
data/ext/debian/puppet-el.emacsen-remove +11 -0
data/ext/debian/puppet-el.emacsen-startup +9 -0
data/ext/debian/puppet-el.install +1 -0
data/ext/debian/puppet-testsuite.install +2 -0
data/ext/debian/puppet-testsuite.lintian-overrides +4 -0
data/ext/debian/puppet.lintian-overrides +3 -0
data/ext/debian/puppet.logrotate +20 -0
data/ext/debian/puppet.postinst +20 -0
data/ext/debian/puppet.postrm +20 -0
data/ext/debian/puppet.preinst +20 -0
data/ext/debian/puppetmaster-common.install +2 -0
data/ext/debian/puppetmaster-common.manpages +2 -0
data/ext/debian/puppetmaster-common.postinst +6 -0
data/ext/debian/puppetmaster-passenger.dirs +4 -0
data/ext/debian/puppetmaster-passenger.postinst +162 -0
data/ext/debian/puppetmaster-passenger.postrm +61 -0
data/ext/debian/puppetmaster.README.debian +17 -0
data/ext/debian/puppetmaster.default +14 -0
data/ext/debian/puppetmaster.init +137 -0
data/ext/debian/puppetmaster.lintian-overrides +3 -0
data/ext/debian/puppetmaster.postinst +20 -0
data/ext/debian/puppetmaster.postrm +5 -0
data/ext/debian/puppetmaster.preinst +22 -0
data/ext/debian/rules +132 -0
data/ext/debian/source/format +1 -0
data/ext/debian/source/options +1 -0
data/ext/debian/vim-puppet.README.Debian +13 -0
data/ext/debian/vim-puppet.dirs +5 -0
data/ext/debian/vim-puppet.yaml +7 -0
data/ext/debian/watch +2 -0
data/ext/freebsd/puppetd +26 -0
data/ext/freebsd/puppetmasterd +26 -0
data/ext/gentoo/conf.d/puppet +5 -0
data/ext/gentoo/conf.d/puppetmaster +12 -0
data/ext/gentoo/init.d/puppet +38 -0
data/ext/gentoo/init.d/puppetmaster +51 -0
data/ext/gentoo/puppet/fileserver.conf +41 -0
data/ext/ips/puppet-agent +44 -0
data/ext/ips/puppet-master +44 -0
data/ext/ips/puppet.p5m.erb +12 -0
data/ext/ips/puppetagent.xml +42 -0
data/ext/ips/puppetmaster.xml +42 -0
data/ext/ips/rules +19 -0
data/ext/ips/transforms +34 -0
data/ext/ldap/puppet.schema +24 -0
data/ext/logcheck/puppet +23 -0
data/{examples → ext}/nagios/check_puppet.rb +2 -2
data/ext/osx/file_mapping.yaml +28 -0
data/ext/osx/postflight.erb +109 -0
data/ext/osx/preflight.erb +52 -0
data/ext/osx/prototype.plist.erb +38 -0
data/ext/osx/puppet.plist +0 -2
data/ext/project_data.yaml +1 -15
data/ext/redhat/fileserver.conf +41 -0
data/ext/redhat/logrotate +21 -0
data/ext/redhat/puppet.spec.erb +841 -0
data/ext/redhat/server.init +128 -0
data/ext/redhat/server.sysconfig +13 -0
data/{examples/enc → ext}/regexp_nodes/classes/databases +0 -0
data/{examples/enc → ext}/regexp_nodes/classes/webservers +0 -0
data/{examples/enc → ext}/regexp_nodes/environment/development +0 -0
data/{examples/enc → ext}/regexp_nodes/parameters/service/prod +0 -0
data/{examples/enc → ext}/regexp_nodes/parameters/service/qa +0 -0
data/{examples/enc → ext}/regexp_nodes/parameters/service/sandbox +0 -0
data/{examples/enc → ext}/regexp_nodes/regexp_nodes.rb +0 -0
data/ext/solaris/pkginfo +6 -0
data/ext/solaris/smf/puppetd.xml +77 -0
data/ext/solaris/smf/puppetmasterd.xml +77 -0
data/ext/solaris/smf/svc-puppetd +71 -0
data/ext/solaris/smf/svc-puppetmasterd +67 -0
data/ext/suse/puppet.spec +310 -0
data/ext/suse/server.init +173 -0
data/ext/windows/service/daemon.rb +6 -5
data/ext/yaml_nodes.rb +105 -0
data/install.rb +21 -17
data/lib/puppet/application/agent.rb +4 -16
data/lib/puppet/application/apply.rb +4 -24
data/lib/puppet/application/device.rb +100 -106
data/lib/puppet/application/filebucket.rb +13 -10
data/lib/puppet/application/resource.rb +16 -32
data/lib/puppet/application/script.rb +0 -2
data/lib/puppet/application/ssl.rb +1 -13
data/lib/puppet/application.rb +178 -108
data/lib/puppet/application_support.rb +0 -7
data/lib/puppet/concurrent/thread_local_singleton.rb +0 -1
data/lib/puppet/configurer/downloader.rb +1 -2
data/lib/puppet/configurer/plugin_handler.rb +21 -19
data/lib/puppet/configurer.rb +87 -130
data/lib/puppet/confine/variable.rb +1 -1
data/lib/puppet/defaults.rb +128 -226
data/lib/puppet/environments.rb +82 -146
data/lib/puppet/face/facts.rb +5 -103
data/lib/puppet/face/help/action.erb +0 -1
data/lib/puppet/face/help/face.erb +0 -1
data/lib/puppet/face/help.rb +1 -1
data/lib/puppet/face/node/clean.rb +0 -11
data/lib/puppet/face/plugin.rb +5 -8
data/lib/puppet/ffi/windows/api_types.rb +311 -0
data/lib/puppet/ffi/windows/constants.rb +404 -0
data/lib/puppet/ffi/windows/functions.rb +628 -0
data/lib/puppet/ffi/windows/structs.rb +338 -0
data/lib/puppet/ffi/windows.rb +12 -0
data/lib/puppet/file_serving/configuration/parser.rb +3 -34
data/lib/puppet/file_serving/configuration.rb +0 -8
data/lib/puppet/file_serving/fileset.rb +2 -14
data/lib/puppet/file_serving/http_metadata.rb +1 -1
data/lib/puppet/file_serving/mount/file.rb +4 -4
data/lib/puppet/file_serving/mount.rb +1 -2
data/lib/puppet/file_system/file_impl.rb +1 -3
data/lib/puppet/file_system/memory_file.rb +1 -8
data/lib/puppet/file_system/windows.rb +2 -4
data/lib/puppet/forge/repository.rb +0 -1
data/lib/puppet/forge.rb +4 -4
data/lib/puppet/functions/all.rb +1 -1
data/lib/puppet/functions/camelcase.rb +1 -1
data/lib/puppet/functions/capitalize.rb +2 -2
data/lib/puppet/functions/downcase.rb +2 -2
data/lib/puppet/functions/empty.rb +0 -8
data/lib/puppet/functions/find_template.rb +2 -2
data/lib/puppet/functions/get.rb +5 -5
data/lib/puppet/functions/group_by.rb +5 -13
data/lib/puppet/functions/lest.rb +1 -1
data/lib/puppet/functions/new.rb +100 -100
data/lib/puppet/functions/partition.rb +4 -12
data/lib/puppet/functions/require.rb +5 -5
data/lib/puppet/functions/sort.rb +3 -3
data/lib/puppet/functions/strftime.rb +0 -1
data/lib/puppet/functions/tree_each.rb +9 -7
data/lib/puppet/functions/type.rb +4 -4
data/lib/puppet/functions/unwrap.rb +2 -17
data/lib/puppet/functions/upcase.rb +2 -2
data/lib/puppet/generate/models/type/type.rb +4 -1
data/lib/puppet/http/client.rb +164 -114
data/lib/puppet/{network/resolver.rb → http/dns.rb} +2 -2
data/lib/puppet/http/errors.rb +16 -0
data/lib/puppet/http/external_client.rb +5 -7
data/lib/puppet/{network/http → http}/factory.rb +8 -15
data/lib/puppet/{network/http → http}/pool.rb +61 -26
data/lib/puppet/{network/http/session.rb → http/pool_entry.rb} +2 -3
data/lib/puppet/http/proxy.rb +137 -0
data/lib/puppet/http/redirector.rb +4 -12
data/lib/puppet/http/resolver/server_list.rb +10 -25
data/lib/puppet/http/resolver/settings.rb +4 -7
data/lib/puppet/http/resolver/srv.rb +7 -11
data/lib/puppet/http/resolver.rb +5 -15
data/lib/puppet/http/response.rb +36 -54
data/lib/puppet/http/response_converter.rb +24 -0
data/lib/puppet/http/response_net_http.rb +42 -0
data/lib/puppet/http/retry_after_handler.rb +4 -13
data/lib/puppet/http/service/ca.rb +11 -22
data/lib/puppet/http/service/compiler.rb +23 -144
data/lib/puppet/http/service/file_server.rb +19 -29
data/lib/puppet/http/service/puppetserver.rb +26 -12
data/lib/puppet/http/service/report.rb +8 -10
data/lib/puppet/http/service.rb +12 -26
data/lib/puppet/http/session.rb +11 -20
data/lib/puppet/{network/http → http}/site.rb +1 -2
data/lib/puppet/http.rb +22 -13
data/lib/puppet/indirector/catalog/compiler.rb +6 -25
data/lib/puppet/indirector/catalog/rest.rb +2 -5
data/lib/puppet/indirector/facts/facter.rb +6 -6
data/lib/puppet/indirector/facts/rest.rb +3 -22
data/lib/puppet/indirector/file_bucket_file/rest.rb +3 -9
data/lib/puppet/indirector/file_content/rest.rb +2 -6
data/lib/puppet/indirector/file_metadata/rest.rb +3 -10
data/lib/puppet/indirector/file_server.rb +1 -8
data/lib/puppet/indirector/generic_http.rb +0 -11
data/lib/puppet/indirector/indirection.rb +1 -1
data/lib/puppet/indirector/node/rest.rb +2 -4
data/lib/puppet/indirector/report/rest.rb +3 -8
data/lib/puppet/indirector/request.rb +0 -101
data/lib/puppet/indirector/resource/ral.rb +1 -6
data/lib/puppet/indirector/rest.rb +12 -263
data/lib/puppet/indirector/terminus.rb +0 -4
data/lib/puppet/interface/documentation.rb +0 -1
data/lib/puppet/module/plan.rb +1 -0
data/lib/puppet/module/task.rb +1 -1
data/lib/puppet/module.rb +0 -1
data/lib/puppet/module_tool/applications/installer.rb +2 -56
data/lib/puppet/module_tool/applications/uninstaller.rb +1 -1
data/lib/puppet/module_tool/applications/upgrader.rb +1 -1
data/lib/puppet/module_tool/applications.rb +0 -1
data/lib/puppet/module_tool/errors/shared.rb +2 -34
data/lib/puppet/network/authconfig.rb +2 -96
data/lib/puppet/network/authorization.rb +13 -35
data/lib/puppet/network/formats.rb +0 -67
data/lib/puppet/network/http/api/indirected_routes.rb +3 -21
data/lib/puppet/network/http/api/master/v3.rb +11 -13
data/lib/puppet/network/http/connection.rb +247 -316
data/lib/puppet/network/http/handler.rb +0 -1
data/lib/puppet/network/http.rb +3 -3
data/lib/puppet/network/http_pool.rb +16 -34
data/lib/puppet/node/environment.rb +11 -10
data/lib/puppet/node.rb +1 -30
data/lib/puppet/pal/json_catalog_encoder.rb +4 -0
data/lib/puppet/pal/pal_impl.rb +4 -2
data/lib/puppet/parser/ast/leaf.rb +2 -3
data/lib/puppet/parser/ast/pops_bridge.rb +0 -38
data/lib/puppet/parser/compiler/catalog_validator/relationship_validator.rb +14 -39
data/lib/puppet/parser/compiler.rb +0 -198
data/lib/puppet/parser/functions/fqdn_rand.rb +6 -14
data/lib/puppet/parser/resource.rb +0 -69
data/lib/puppet/parser/scope.rb +0 -1
data/lib/puppet/parser/templatewrapper.rb +1 -2
data/lib/puppet/pops/evaluator/deferred_resolver.rb +3 -5
data/lib/puppet/pops/evaluator/evaluator_impl.rb +0 -5
data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +3 -3
data/lib/puppet/pops/evaluator/runtime3_support.rb +1 -1
data/lib/puppet/pops/issues.rb +0 -5
data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +6 -8
data/lib/puppet/pops/lookup/lookup_adapter.rb +2 -3
data/lib/puppet/pops/model/ast.pp +0 -42
data/lib/puppet/pops/model/ast.rb +0 -291
data/lib/puppet/pops/model/ast_transformer.rb +1 -1
data/lib/puppet/pops/model/factory.rb +1 -47
data/lib/puppet/pops/model/model_label_provider.rb +0 -5
data/lib/puppet/pops/model/model_tree_dumper.rb +0 -22
data/lib/puppet/pops/model/pn_transformer.rb +0 -16
data/lib/puppet/pops/parser/egrammar.ra +0 -56
data/lib/puppet/pops/parser/eparser.rb +1691 -1883
data/lib/puppet/pops/parser/lexer2.rb +91 -92
data/lib/puppet/pops/parser/parser_support.rb +0 -5
data/lib/puppet/pops/parser/slurp_support.rb +0 -1
data/lib/puppet/pops/resource/resource_type_impl.rb +2 -24
data/lib/puppet/pops/serialization/to_data_converter.rb +6 -18
data/lib/puppet/pops/serialization/to_stringified_converter.rb +1 -1
data/lib/puppet/pops/types/p_sem_ver_type.rb +2 -8
data/lib/puppet/pops/types/p_sensitive_type.rb +0 -10
data/lib/puppet/pops/types/type_calculator.rb +0 -7
data/lib/puppet/pops/types/type_formatter.rb +3 -4
data/lib/puppet/pops/types/type_mismatch_describer.rb +1 -1
data/lib/puppet/pops/types/type_parser.rb +0 -4
data/lib/puppet/pops/types/types.rb +1 -2
data/lib/puppet/pops/validation/checker4_0.rb +9 -37
data/lib/puppet/pops/validation/tasks_checker.rb +0 -12
data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -2
data/lib/puppet/property/list.rb +1 -1
data/lib/puppet/provider/aix_object.rb +1 -1
data/lib/puppet/provider/exec/posix.rb +4 -16
data/lib/puppet/provider/group/groupadd.rb +10 -18
data/lib/puppet/provider/nameservice.rb +0 -18
data/lib/puppet/provider/package/apt.rb +2 -34
data/lib/puppet/provider/package/aptitude.rb +0 -6
data/lib/puppet/provider/package/dnfmodule.rb +1 -1
data/lib/puppet/provider/package/dpkg.rb +0 -10
data/lib/puppet/provider/package/gem.rb +23 -3
data/lib/puppet/provider/package/nim.rb +6 -11
data/lib/puppet/provider/package/pip.rb +3 -16
data/lib/puppet/provider/package/pkg.rb +2 -23
data/lib/puppet/provider/package/portage.rb +1 -1
data/lib/puppet/provider/package/puppet_gem.rb +1 -4
data/lib/puppet/provider/package/puppetserver_gem.rb +1 -1
data/lib/puppet/provider/package/yum.rb +1 -1
data/lib/puppet/provider/parsedfile.rb +0 -3
data/lib/puppet/provider/service/base.rb +1 -1
data/lib/puppet/provider/service/debian.rb +0 -2
data/lib/puppet/provider/service/init.rb +5 -5
data/lib/puppet/provider/service/launchd.rb +2 -2
data/lib/puppet/provider/service/redhat.rb +1 -1
data/lib/puppet/provider/service/smf.rb +194 -76
data/lib/puppet/provider/service/systemd.rb +6 -16
data/lib/puppet/provider/service/upstart.rb +5 -5
data/lib/puppet/provider/service/windows.rb +0 -38
data/lib/puppet/provider/user/aix.rb +3 -46
data/lib/puppet/provider/user/directoryservice.rb +11 -34
data/lib/puppet/provider/user/useradd.rb +24 -134
data/lib/puppet/provider.rb +1 -14
data/lib/puppet/reference/configuration.rb +8 -7
data/lib/puppet/reference/indirection.rb +1 -1
data/lib/puppet/reference/providers.rb +2 -2
data/lib/puppet/resource/catalog.rb +1 -14
data/lib/puppet/resource/type.rb +3 -119
data/lib/puppet/resource/type_collection.rb +3 -49
data/lib/puppet/resource.rb +1 -89
data/lib/puppet/runtime.rb +2 -13
data/lib/puppet/settings/environment_conf.rb +0 -1
data/lib/puppet/settings/integer_setting.rb +17 -0
data/lib/puppet/settings/port_setting.rb +15 -0
data/lib/puppet/settings/priority_setting.rb +5 -4
data/lib/puppet/settings.rb +82 -98
data/lib/puppet/ssl/base.rb +3 -5
data/lib/puppet/ssl/certificate.rb +0 -6
data/lib/puppet/ssl/certificate_request.rb +1 -12
data/lib/puppet/ssl/certificate_signer.rb +6 -0
data/lib/puppet/ssl/oids.rb +3 -1
data/lib/puppet/ssl/ssl_provider.rb +17 -0
data/lib/puppet/ssl/state_machine.rb +3 -1
data/lib/puppet/ssl/verifier.rb +2 -0
data/lib/puppet/ssl.rb +10 -6
data/lib/puppet/test/test_helper.rb +2 -7
data/lib/puppet/transaction/additional_resource_generator.rb +1 -1
data/lib/puppet/transaction/persistence.rb +1 -11
data/lib/puppet/transaction/report.rb +3 -19
data/lib/puppet/transaction.rb +1 -7
data/lib/puppet/type/exec.rb +5 -35
data/lib/puppet/type/file/checksum.rb +1 -1
data/lib/puppet/type/file/mode.rb +0 -6
data/lib/puppet/type/file/selcontext.rb +1 -1
data/lib/puppet/type/file/source.rb +1 -1
data/lib/puppet/type/file.rb +12 -32
data/lib/puppet/type/filebucket.rb +4 -4
data/lib/puppet/type/group.rb +1 -0
data/lib/puppet/type/package.rb +8 -16
data/lib/puppet/type/resources.rb +1 -1
data/lib/puppet/type/service.rb +41 -26
data/lib/puppet/type/tidy.rb +3 -22
data/lib/puppet/type/user.rb +21 -38
data/lib/puppet/type.rb +1 -77
data/lib/puppet/util/autoload.rb +8 -1
data/lib/puppet/util/command_line.rb +1 -1
data/lib/puppet/util/execution.rb +0 -11
data/lib/puppet/util/filetype.rb +2 -2
data/lib/puppet/util/http_proxy.rb +2 -215
data/lib/puppet/util/json.rb +0 -3
data/lib/puppet/util/log.rb +2 -1
data/lib/puppet/util/logging.rb +25 -1
data/lib/puppet/util/monkey_patches.rb +0 -53
data/lib/puppet/util/pidlock.rb +1 -1
data/lib/puppet/util/posix.rb +5 -54
data/lib/puppet/util/rdoc/parser/puppet_parser_core.rb +1 -1
data/lib/puppet/util/rdoc.rb +0 -7
data/lib/puppet/util/retry_action.rb +1 -1
data/lib/puppet/util/run_mode.rb +9 -1
data/lib/puppet/util/selinux.rb +4 -30
data/lib/puppet/util/suidmanager.rb +2 -1
data/lib/puppet/util/symbolic_file_mode.rb +17 -29
data/lib/puppet/util/tagging.rb +0 -1
data/lib/puppet/util/windows/adsi.rb +0 -46
data/lib/puppet/util/windows/daemon.rb +360 -0
data/lib/puppet/util/windows/error.rb +1 -0
data/lib/puppet/util/windows/eventlog.rb +4 -9
data/lib/puppet/util/windows/file.rb +8 -242
data/lib/puppet/util/windows/monkey_patches/process.rb +414 -0
data/lib/puppet/util/windows/principal.rb +2 -9
data/lib/puppet/util/windows/process.rb +4 -226
data/lib/puppet/util/windows/service.rb +9 -460
data/lib/puppet/util/windows/sid.rb +2 -6
data/lib/puppet/util/windows/string.rb +12 -13
data/lib/puppet/util/windows/user.rb +2 -0
data/lib/puppet/util/windows.rb +3 -8
data/lib/puppet/util/yaml.rb +0 -22
data/lib/puppet/util.rb +3 -4
data/lib/puppet/vendor/require_vendored.rb +0 -1
data/lib/puppet/version.rb +1 -1
data/lib/puppet/x509/cert_provider.rb +29 -1
data/lib/puppet/x509.rb +5 -1
data/lib/puppet.rb +20 -25
data/locales/puppet.pot +816 -1637
data/man/man5/puppet.conf.5 +286 -382
data/man/man8/puppet-agent.8 +2 -5
data/man/man8/puppet-apply.8 +2 -2
data/man/man8/puppet-catalog.8 +9 -9
data/man/man8/puppet-config.8 +1 -1
data/man/man8/puppet-describe.8 +1 -1
data/man/man8/puppet-device.8 +2 -2
data/man/man8/puppet-doc.8 +1 -1
data/man/man8/puppet-epp.8 +1 -1
data/man/man8/puppet-facts.8 +8 -51
data/man/man8/puppet-filebucket.8 +4 -4
data/man/man8/puppet-generate.8 +1 -1
data/man/man8/puppet-help.8 +1 -1
data/man/man8/puppet-lookup.8 +1 -1
data/man/man8/puppet-module.8 +3 -60
data/man/man8/puppet-node.8 +5 -5
data/man/man8/puppet-parser.8 +1 -1
data/man/man8/puppet-plugin.8 +1 -1
data/man/man8/puppet-report.8 +5 -5
data/man/man8/puppet-resource.8 +1 -1
data/man/man8/puppet-script.8 +2 -2
data/man/man8/puppet-ssl.8 +1 -5
data/man/man8/puppet.8 +2 -2
data/spec/fixtures/ssl/127.0.0.1-key.pem +57 -107
data/spec/fixtures/ssl/127.0.0.1.pem +31 -52
data/spec/fixtures/ssl/bad-basic-constraints.pem +35 -57
data/spec/fixtures/ssl/bad-int-basic-constraints.pem +35 -57
data/spec/fixtures/ssl/ca.pem +35 -57
data/spec/fixtures/ssl/crl.pem +18 -28
data/spec/fixtures/ssl/ec-key.pem +11 -11
data/spec/fixtures/ssl/ec.pem +24 -33
data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
data/spec/fixtures/ssl/encrypted-key.pem +58 -108
data/spec/fixtures/ssl/intermediate-agent-crl.pem +19 -28
data/spec/fixtures/ssl/intermediate-agent.pem +36 -57
data/spec/fixtures/ssl/intermediate-crl.pem +21 -31
data/spec/fixtures/ssl/intermediate.pem +36 -57
data/spec/fixtures/ssl/pluto-key.pem +57 -107
data/spec/fixtures/ssl/pluto.pem +30 -52
data/spec/fixtures/ssl/request-key.pem +57 -107
data/spec/fixtures/ssl/request.pem +26 -47
data/spec/fixtures/ssl/revoked-key.pem +57 -107
data/spec/fixtures/ssl/revoked.pem +30 -52
data/spec/fixtures/ssl/signed-key.pem +57 -107
data/spec/fixtures/ssl/signed.pem +30 -52
data/spec/fixtures/ssl/tampered-cert.pem +30 -52
data/spec/fixtures/ssl/tampered-csr.pem +26 -47
data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +57 -107
data/spec/fixtures/ssl/unknown-127.0.0.1.pem +29 -50
data/spec/fixtures/ssl/unknown-ca-key.pem +57 -107
data/spec/fixtures/ssl/unknown-ca.pem +33 -55
data/spec/fixtures/unit/provider/service/smf/{svcs.out → svcs_instances.out} +0 -0
data/spec/fixtures/unit/provider/user/aix/aix_passwd_file.out +0 -4
data/spec/integration/application/agent_spec.rb +51 -271
data/spec/integration/application/apply_spec.rb +1 -20
data/spec/integration/application/filebucket_spec.rb +16 -32
data/spec/integration/application/help_spec.rb +2 -0
data/spec/integration/application/module_spec.rb +0 -21
data/spec/integration/application/plugin_spec.rb +24 -2
data/spec/integration/configurer_spec.rb +2 -18
data/spec/integration/defaults_spec.rb +14 -3
data/spec/integration/environments/settings_interpolation_spec.rb +4 -0
data/spec/integration/http/client_spec.rb +0 -12
data/spec/integration/indirector/direct_file_server_spec.rb +3 -1
data/spec/integration/indirector/facts/facter_spec.rb +39 -93
data/spec/integration/network/http_pool_spec.rb +3 -21
data/spec/integration/parser/catalog_spec.rb +0 -38
data/spec/integration/parser/node_spec.rb +0 -9
data/spec/integration/parser/pcore_resource_spec.rb +0 -37
data/spec/integration/resource/type_collection_spec.rb +6 -2
data/spec/integration/transaction/report_spec.rb +1 -1
data/spec/integration/transaction_spec.rb +9 -4
data/spec/integration/type/exec_spec.rb +45 -70
data/spec/integration/type/file_spec.rb +7 -6
data/spec/integration/type/package_spec.rb +6 -6
data/spec/integration/util/rdoc/parser_spec.rb +1 -1
data/spec/integration/util/windows/adsi_spec.rb +1 -21
data/spec/integration/util/windows/monkey_patches/process_spec.rb +231 -0
data/spec/integration/util/windows/principal_spec.rb +0 -21
data/spec/integration/util/windows/process_spec.rb +9 -1
data/spec/integration/util/windows/registry_spec.rb +10 -6
data/spec/integration/util/windows/security_spec.rb +1 -1
data/spec/lib/matchers/include.rb +27 -0
data/spec/lib/matchers/include_spec.rb +32 -0
data/spec/lib/puppet/test_ca.rb +2 -7
data/spec/lib/puppet_spec/modules.rb +2 -13
data/spec/lib/puppet_spec/puppetserver.rb +1 -16
data/spec/lib/puppet_spec/settings.rb +1 -1
data/spec/shared_behaviours/documentation_on_faces.rb +2 -0
data/spec/spec_helper.rb +17 -13
data/spec/unit/agent_spec.rb +6 -10
data/spec/unit/application/agent_spec.rb +3 -7
data/spec/unit/application/apply_spec.rb +56 -76
data/spec/unit/application/facts_spec.rb +12 -456
data/spec/unit/application/filebucket_spec.rb +43 -39
data/spec/unit/application/resource_spec.rb +0 -29
data/spec/unit/application/ssl_spec.rb +2 -25
data/spec/unit/application_spec.rb +9 -51
data/spec/unit/certificate_factory_spec.rb +1 -1
data/spec/unit/configurer/downloader_spec.rb +6 -8
data/spec/unit/configurer/plugin_handler_spec.rb +56 -18
data/spec/unit/configurer_spec.rb +67 -202
data/spec/unit/confine/feature_spec.rb +1 -1
data/spec/unit/confine_spec.rb +2 -8
data/spec/unit/context/trusted_information_spec.rb +2 -6
data/spec/unit/defaults_spec.rb +68 -55
data/spec/unit/environments_spec.rb +68 -408
data/spec/unit/face/node_spec.rb +11 -0
data/spec/unit/face/plugin_spec.rb +73 -33
data/spec/unit/file_bucket/dipper_spec.rb +2 -2
data/spec/unit/file_bucket/file_spec.rb +1 -1
data/spec/unit/file_serving/configuration/parser_spec.rb +15 -41
data/spec/unit/file_serving/configuration_spec.rb +10 -26
data/spec/unit/file_serving/fileset_spec.rb +0 -60
data/spec/unit/file_serving/metadata_spec.rb +3 -3
data/spec/unit/file_serving/terminus_helper_spec.rb +4 -11
data/spec/unit/file_system_spec.rb +0 -22
data/spec/unit/forge/module_release_spec.rb +7 -2
data/spec/unit/functions/assert_type_spec.rb +1 -1
data/spec/unit/functions/camelcase_spec.rb +1 -1
data/spec/unit/functions/capitalize_spec.rb +1 -1
data/spec/unit/functions/downcase_spec.rb +1 -1
data/spec/unit/functions/empty_spec.rb +0 -10
data/spec/unit/functions/logging_spec.rb +0 -1
data/spec/unit/functions/lookup_spec.rb +0 -64
data/spec/unit/functions/unwrap_spec.rb +0 -8
data/spec/unit/functions/upcase_spec.rb +1 -1
data/spec/unit/functions4_spec.rb +2 -2
data/spec/unit/gettext/config_spec.rb +0 -12
data/spec/unit/http/client_spec.rb +7 -8
data/spec/unit/{network/resolver_spec.rb → http/dns_spec.rb} +3 -3
data/spec/unit/http/external_client_spec.rb +4 -4
data/spec/unit/{network/http → http}/factory_spec.rb +5 -30
data/spec/unit/{network/http/session_spec.rb → http/pool_entry_spec.rb} +3 -3
data/spec/unit/{network/http → http}/pool_spec.rb +12 -17
data/spec/unit/{util/http_proxy_spec.rb → http/proxy_spec.rb} +2 -69
data/spec/unit/http/resolver_spec.rb +13 -13
data/spec/unit/http/service/compiler_spec.rb +0 -193
data/spec/unit/http/service/file_server_spec.rb +3 -3
data/spec/unit/http/service/puppetserver_spec.rb +34 -4
data/spec/unit/http/service_spec.rb +0 -1
data/spec/unit/http/session_spec.rb +16 -14
data/spec/unit/{network/http → http}/site_spec.rb +3 -3
data/spec/unit/indirector/catalog/compiler_spec.rb +10 -101
data/spec/unit/indirector/catalog/rest_spec.rb +0 -8
data/spec/unit/indirector/face_spec.rb +1 -0
data/spec/unit/indirector/facts/facter_spec.rb +3 -0
data/spec/unit/indirector/file_bucket_file/file_spec.rb +5 -3
data/spec/unit/indirector/file_bucket_file/selector_spec.rb +8 -26
data/spec/unit/indirector/file_content/rest_spec.rb +0 -4
data/spec/unit/indirector/file_metadata/rest_spec.rb +0 -4
data/spec/unit/indirector/file_server_spec.rb +1 -15
data/spec/unit/indirector/indirection_spec.rb +15 -18
data/spec/unit/indirector/report/rest_spec.rb +2 -17
data/spec/unit/indirector/request_spec.rb +0 -264
data/spec/unit/indirector/resource/ral_spec.rb +75 -40
data/spec/unit/indirector/rest_spec.rb +98 -752
data/spec/unit/indirector/store_configs_spec.rb +7 -0
data/spec/unit/indirector_spec.rb +2 -2
data/spec/unit/interface/action_spec.rb +9 -0
data/spec/unit/module_spec.rb +1 -15
data/spec/unit/module_tool/applications/installer_spec.rb +0 -105
data/spec/unit/network/authconfig_spec.rb +2 -129
data/spec/unit/network/authorization_spec.rb +2 -55
data/spec/unit/network/formats_spec.rb +4 -51
data/spec/unit/network/http/api/indirected_routes_spec.rb +5 -92
data/spec/unit/network/http/api/master/v3_spec.rb +28 -7
data/spec/unit/network/http/api_spec.rb +10 -0
data/spec/unit/network/http/connection_spec.rb +19 -41
data/spec/unit/network/http/handler_spec.rb +0 -1
data/spec/unit/network/http_pool_spec.rb +0 -4
data/spec/unit/node/environment_spec.rb +33 -21
data/spec/unit/node_spec.rb +2 -54
data/spec/unit/parser/compiler_spec.rb +19 -3
data/spec/unit/parser/functions/create_resources_spec.rb +2 -20
data/spec/unit/parser/functions/fqdn_rand_spec.rb +1 -15
data/spec/unit/parser/resource_spec.rb +8 -14
data/spec/unit/parser/templatewrapper_spec.rb +5 -16
data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +4 -7
data/spec/unit/pops/loaders/loaders_spec.rb +6 -21
data/spec/unit/pops/parser/parse_application_spec.rb +4 -22
data/spec/unit/pops/parser/parse_basic_expressions_spec.rb +0 -1
data/spec/unit/pops/parser/parse_capabilities_spec.rb +8 -21
data/spec/unit/pops/parser/parse_containers_spec.rb +11 -0
data/spec/unit/pops/parser/parse_site_spec.rb +20 -24
data/spec/unit/pops/resource/resource_type_impl_spec.rb +0 -71
data/spec/unit/pops/serialization/to_from_hr_spec.rb +1 -59
data/spec/unit/pops/serialization/to_stringified_spec.rb +0 -5
data/spec/unit/pops/types/p_sem_ver_type_spec.rb +0 -18
data/spec/unit/pops/types/p_sensitive_type_spec.rb +0 -18
data/spec/unit/pops/types/type_calculator_spec.rb +6 -12
data/spec/unit/pops/types/type_factory_spec.rb +1 -1
data/spec/unit/pops/validator/validator_spec.rb +61 -46
data/spec/unit/pops/visitor_spec.rb +1 -1
data/spec/unit/property_spec.rb +0 -1
data/spec/unit/provider/group/groupadd_spec.rb +2 -5
data/spec/unit/provider/nameservice_spec.rb +64 -122
data/spec/unit/provider/package/apt_spec.rb +23 -28
data/spec/unit/provider/package/aptitude_spec.rb +1 -1
data/spec/unit/provider/package/base_spec.rb +5 -6
data/spec/unit/provider/package/dnfmodule_spec.rb +1 -10
data/spec/unit/provider/package/dpkg_spec.rb +0 -48
data/spec/unit/provider/package/gem_spec.rb +33 -1
data/spec/unit/provider/package/nim_spec.rb +0 -42
data/spec/unit/provider/package/pacman_spec.rb +12 -18
data/spec/unit/provider/package/pip2_spec.rb +1 -1
data/spec/unit/provider/package/pip3_spec.rb +1 -1
data/spec/unit/provider/package/pip_spec.rb +12 -44
data/spec/unit/provider/package/pkg_spec.rb +4 -29
data/spec/unit/provider/package/pkgdmg_spec.rb +4 -0
data/spec/unit/provider/package/puppet_gem_spec.rb +4 -3
data/spec/unit/provider/package/puppetserver_gem_spec.rb +1 -1
data/spec/unit/provider/parsedfile_spec.rb +0 -10
data/spec/unit/provider/service/init_spec.rb +0 -1
data/spec/unit/provider/service/launchd_spec.rb +0 -11
data/spec/unit/provider/service/openwrt_spec.rb +1 -3
data/spec/unit/provider/service/smf_spec.rb +401 -165
data/spec/unit/provider/service/systemd_spec.rb +9 -54
data/spec/unit/provider/service/windows_spec.rb +0 -203
data/spec/unit/provider/user/aix_spec.rb +0 -105
data/spec/unit/provider/user/directoryservice_spec.rb +36 -68
data/spec/unit/provider/user/hpux_spec.rb +1 -1
data/spec/unit/provider/user/pw_spec.rb +0 -2
data/spec/unit/provider/user/useradd_spec.rb +5 -114
data/spec/unit/provider_spec.rb +12 -22
data/spec/unit/puppet_spec.rb +4 -12
data/spec/unit/resource/catalog_spec.rb +1 -1
data/spec/unit/resource/type_collection_spec.rb +2 -22
data/spec/unit/resource/type_spec.rb +1 -1
data/spec/unit/resource_spec.rb +10 -67
data/spec/unit/settings/http_extra_headers_spec.rb +2 -4
data/spec/unit/settings/integer_setting_spec.rb +42 -0
data/spec/unit/settings/port_setting_spec.rb +31 -0
data/spec/unit/settings/priority_setting_spec.rb +4 -4
data/spec/unit/settings_spec.rb +79 -110
data/spec/unit/ssl/base_spec.rb +37 -3
data/spec/unit/ssl/certificate_request_spec.rb +21 -45
data/spec/unit/ssl/certificate_spec.rb +2 -11
data/spec/unit/ssl/ssl_provider_spec.rb +2 -5
data/spec/unit/ssl/state_machine_spec.rb +5 -20
data/spec/unit/ssl/verifier_spec.rb +0 -21
data/spec/unit/transaction/additional_resource_generator_spec.rb +9 -3
data/spec/unit/transaction/event_manager_spec.rb +11 -14
data/spec/unit/transaction/report_spec.rb +0 -2
data/spec/unit/transaction/resource_harness_spec.rb +2 -2
data/spec/unit/transaction_spec.rb +55 -96
data/spec/unit/type/exec_spec.rb +29 -76
data/spec/unit/type/file/checksum_spec.rb +6 -6
data/spec/unit/type/file/content_spec.rb +2 -1
data/spec/unit/type/file/ensure_spec.rb +1 -1
data/spec/unit/type/file/mode_spec.rb +1 -1
data/spec/unit/type/file/selinux_spec.rb +5 -3
data/spec/unit/type/file/source_spec.rb +4 -5
data/spec/unit/type/file_spec.rb +18 -6
data/spec/unit/type/group_spec.rb +6 -13
data/spec/unit/type/package_spec.rb +1 -1
data/spec/unit/type/resources_spec.rb +7 -7
data/spec/unit/type/service_spec.rb +189 -87
data/spec/unit/type/tidy_spec.rb +8 -24
data/spec/unit/type/user_spec.rb +0 -45
data/spec/unit/type_spec.rb +24 -4
data/spec/unit/util/at_fork_spec.rb +2 -2
data/spec/unit/util/autoload_spec.rb +1 -5
data/spec/unit/util/backups_spec.rb +2 -3
data/spec/unit/util/execution_spec.rb +11 -44
data/spec/unit/util/inifile_spec.rb +14 -6
data/spec/unit/util/log_spec.rb +7 -8
data/spec/unit/util/logging_spec.rb +3 -5
data/spec/unit/util/monkey_patches_spec.rb +0 -6
data/spec/unit/util/posix_spec.rb +15 -363
data/spec/unit/util/run_mode_spec.rb +21 -121
data/spec/unit/util/selinux_spec.rb +68 -163
data/spec/unit/util/storage_spec.rb +1 -3
data/spec/unit/util/suidmanager_spec.rb +41 -44
data/spec/unit/util/windows/sid_spec.rb +0 -41
data/spec/unit/util/windows/string_spec.rb +1 -3
data/spec/unit/util/yaml_spec.rb +0 -54
data/spec/unit/util_spec.rb +6 -31
data/tasks/generate_cert_fixtures.rake +3 -12
data/tasks/parallel.rake +3 -3
metadata +137 -288
data/conf/auth.conf +0 -150
data/ext/README.md +0 -13
data/lib/puppet/application/cert.rb +0 -76
data/lib/puppet/application/key.rb +0 -4
data/lib/puppet/application/man.rb +0 -4
data/lib/puppet/application/status.rb +0 -4
data/lib/puppet/face/key.rb +0 -16
data/lib/puppet/face/man.rb +0 -145
data/lib/puppet/face/module/build.rb +0 -14
data/lib/puppet/face/module/generate.rb +0 -14
data/lib/puppet/face/module/search.rb +0 -103
data/lib/puppet/face/status.rb +0 -51
data/lib/puppet/facter_impl.rb +0 -96
data/lib/puppet/ffi/posix/constants.rb +0 -14
data/lib/puppet/ffi/posix/functions.rb +0 -24
data/lib/puppet/ffi/posix.rb +0 -10
data/lib/puppet/file_serving/mount/scripts.rb +0 -24
data/lib/puppet/indirector/certificate/file.rb +0 -9
data/lib/puppet/indirector/certificate/rest.rb +0 -18
data/lib/puppet/indirector/certificate_request/file.rb +0 -9
data/lib/puppet/indirector/certificate_request/memory.rb +0 -7
data/lib/puppet/indirector/certificate_request/rest.rb +0 -11
data/lib/puppet/indirector/file_content/http.rb +0 -22
data/lib/puppet/indirector/key/file.rb +0 -46
data/lib/puppet/indirector/key/memory.rb +0 -7
data/lib/puppet/indirector/ssl_file.rb +0 -162
data/lib/puppet/indirector/status/local.rb +0 -12
data/lib/puppet/indirector/status/rest.rb +0 -27
data/lib/puppet/indirector/status.rb +0 -3
data/lib/puppet/module_tool/applications/searcher.rb +0 -29
data/lib/puppet/network/auth_config_parser.rb +0 -90
data/lib/puppet/network/authstore.rb +0 -283
data/lib/puppet/network/http/api/master/v3/authorization.rb +0 -18
data/lib/puppet/network/http/api/master/v3/environment.rb +0 -88
data/lib/puppet/network/http/base_pool.rb +0 -36
data/lib/puppet/network/http/compression.rb +0 -127
data/lib/puppet/network/http/connection_adapter.rb +0 -184
data/lib/puppet/network/http/nocache_pool.rb +0 -28
data/lib/puppet/network/rest_controller.rb +0 -2
data/lib/puppet/network/rights.rb +0 -210
data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +0 -66
data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +0 -22
data/lib/puppet/parser/environment_compiler.rb +0 -202
data/lib/puppet/pops/types/enumeration.rb +0 -16
data/lib/puppet/resource/capability_finder.rb +0 -154
data/lib/puppet/rest/errors.rb +0 -15
data/lib/puppet/rest/response.rb +0 -35
data/lib/puppet/rest/route.rb +0 -85
data/lib/puppet/rest/routes.rb +0 -135
data/lib/puppet/settings/alias_setting.rb +0 -37
data/lib/puppet/ssl/host.rb +0 -505
data/lib/puppet/ssl/key.rb +0 -61
data/lib/puppet/ssl/validator/default_validator.rb +0 -209
data/lib/puppet/ssl/validator/no_validator.rb +0 -22
data/lib/puppet/ssl/validator.rb +0 -61
data/lib/puppet/ssl/verifier_adapter.rb +0 -58
data/lib/puppet/status.rb +0 -40
data/lib/puppet/util/connection.rb +0 -88
data/lib/puppet/util/fact_dif.rb +0 -81
data/lib/puppet/util/ssl.rb +0 -83
data/lib/puppet/util/windows/api_types.rb +0 -309
data/lib/puppet/util/windows/monkey_patches/dir.rb +0 -40
data/lib/puppet/vendor/load_pathspec.rb +0 -1
data/lib/puppet/vendor/pathspec/CHANGELOG.md +0 -2
data/lib/puppet/vendor/pathspec/LICENSE +0 -201
data/lib/puppet/vendor/pathspec/PUPPET_README.md +0 -6
data/lib/puppet/vendor/pathspec/README.md +0 -53
data/lib/puppet/vendor/pathspec/lib/pathspec/gitignorespec.rb +0 -275
data/lib/puppet/vendor/pathspec/lib/pathspec/regexspec.rb +0 -17
data/lib/puppet/vendor/pathspec/lib/pathspec/spec.rb +0 -14
data/lib/puppet/vendor/pathspec/lib/pathspec.rb +0 -122
data/man/man8/puppet-key.8 +0 -126
data/man/man8/puppet-man.8 +0 -76
data/man/man8/puppet-status.8 +0 -108
data/spec/fixtures/integration/application/agent/cached_deferred_catalog.json +0 -91
data/spec/fixtures/integration/application/agent/lib/facter/agent_spec_role.rb +0 -3
data/spec/fixtures/integration/l10n/envs/prod/modules/demo/Gemfile +0 -4
data/spec/fixtures/integration/l10n/envs/prod/modules/demo/Rakefile +0 -3
data/spec/fixtures/integration/l10n/envs/prod/modules/demo/lib/puppet/functions/l10n.rb +0 -8
data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/config.yaml +0 -25
data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/ja/puppet-l10n.po +0 -19
data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/puppet-l10n.pot +0 -20
data/spec/fixtures/integration/l10n/envs/prod/modules/demo/metadata.json +0 -8
data/spec/fixtures/ssl/oid-key.pem +0 -117
data/spec/fixtures/ssl/oid.pem +0 -69
data/spec/fixtures/ssl/trusted_oid_mapping.yaml +0 -5
data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services_vendor_preset +0 -9
data/spec/integration/application/resource_spec.rb +0 -64
data/spec/integration/application/ssl_spec.rb +0 -20
data/spec/integration/l10n/compiler_spec.rb +0 -37
data/spec/integration/network/authconfig_spec.rb +0 -256
data/spec/integration/util/windows/monkey_patches/dir_spec.rb +0 -11
data/spec/shared_contexts/l10n.rb +0 -27
data/spec/unit/application/man_spec.rb +0 -52
data/spec/unit/capability_spec.rb +0 -414
data/spec/unit/face/key_spec.rb +0 -9
data/spec/unit/face/module/search_spec.rb +0 -231
data/spec/unit/face/status_spec.rb +0 -9
data/spec/unit/facter_impl_spec.rb +0 -31
data/spec/unit/file_serving/mount/scripts_spec.rb +0 -69
data/spec/unit/indirector/certificate/file_spec.rb +0 -14
data/spec/unit/indirector/certificate/rest_spec.rb +0 -61
data/spec/unit/indirector/certificate_request/file_spec.rb +0 -14
data/spec/unit/indirector/certificate_request/rest_spec.rb +0 -25
data/spec/unit/indirector/key/file_spec.rb +0 -78
data/spec/unit/indirector/ssl_file_spec.rb +0 -305
data/spec/unit/indirector/status/local_spec.rb +0 -10
data/spec/unit/indirector/status/rest_spec.rb +0 -50
data/spec/unit/module_tool/applications/searcher_spec.rb +0 -38
data/spec/unit/network/auth_config_parser_spec.rb +0 -115
data/spec/unit/network/authstore_spec.rb +0 -407
data/spec/unit/network/http/api/master/v3/authorization_spec.rb +0 -57
data/spec/unit/network/http/api/master/v3/environment_spec.rb +0 -185
data/spec/unit/network/http/compression_spec.rb +0 -240
data/spec/unit/network/http/nocache_pool_spec.rb +0 -64
data/spec/unit/network/http_spec.rb +0 -9
data/spec/unit/network/rights_spec.rb +0 -439
data/spec/unit/parser/environment_compiler_spec.rb +0 -730
data/spec/unit/pops/evaluator/deferred_resolver_spec.rb +0 -20
data/spec/unit/pops/types/enumeration_spec.rb +0 -51
data/spec/unit/resource/capability_finder_spec.rb +0 -148
data/spec/unit/rest/route_spec.rb +0 -132
data/spec/unit/ssl/host_spec.rb +0 -645
data/spec/unit/ssl/key_spec.rb +0 -173
data/spec/unit/ssl/validator_spec.rb +0 -278
data/spec/unit/status_spec.rb +0 -45
data/spec/unit/util/ssl_spec.rb +0 -91

data/lib/puppet/ssl/certificate.rb CHANGED Viewed

@@ -11,12 +11,6 @@ class Puppet::SSL::Certificate < Puppet::SSL::Base
   # This is defined from the base class
   wraps OpenSSL::X509::Certificate
-  extend Puppet::Indirector
-  indirects :certificate, :terminus_class => :file, :doc => <<DOC
-    This indirection wraps an `OpenSSL::X509::Certificate` object, representing a certificate (signed public key).
-    The indirection key is the certificate CN (generally a hostname).
-DOC
   # Because of how the format handler class is included, this
   # can't be in the base class.
   def self.supported_formats

data/lib/puppet/ssl/certificate_request.rb CHANGED Viewed

@@ -28,13 +28,6 @@ require 'puppet/ssl/certificate_signer'
 class Puppet::SSL::CertificateRequest < Puppet::SSL::Base
   wraps OpenSSL::X509::Request
-  extend Puppet::Indirector
-  indirects :certificate_request, :terminus_class => :file, :doc => <<DOC
-    This indirection wraps an `OpenSSL::X509::Request` object, representing a certificate signing request (CSR).
-    The indirection key is the certificate CN (generally a hostname).
-DOC
   # Because of how the format handler class is included, this
   # can't be in the base class.
   def self.supported_formats
@@ -47,8 +40,7 @@ DOC
   # Create a certificate request with our system settings.
   #
-  # @param key [OpenSSL::X509::Key, Puppet::SSL::Key] The key pair associated
-  #   with this CSR.
+  # @param key [OpenSSL::X509::Key] The private key associated with this CSR.
   # @param options [Hash]
   # @option options [String] :dns_alt_names A comma separated list of
   #   Subject Alternative Names to include in the CSR extension request.
@@ -64,9 +56,6 @@ DOC
   def generate(key, options = {})
     Puppet.info _("Creating a new SSL certificate request for %{name}") % { name: name }
-    # Support either an actual SSL key, or a Puppet key.
-    key = key.content if key.is_a?(Puppet::SSL::Key)
     # If we're a CSR for the CA, then use the real ca_name, rather than the
     # fake 'ca' name.  This is mostly for backward compatibility with 0.24.x,
     # but it's also just a good idea.

data/lib/puppet/ssl/certificate_signer.rb CHANGED Viewed

@@ -27,6 +27,12 @@ class Puppet::SSL::CertificateSigner
     @digest
   end
+  # Sign a certificate signing request (CSR) with a private key.
+  #
+  # @param [OpenSSL::X509::Request] content The CSR to sign
+  # @param [OpenSSL::X509::PKey] key The private key to sign with
+  #
+  # @api private
   def sign(content, key)
     content.sign(key, @digest.new)
   end

data/lib/puppet/ssl/oids.rb CHANGED Viewed

@@ -2,10 +2,11 @@ require 'puppet/ssl'
 # This module defines OIDs for use within Puppet.
 #
-# == ASN.1 Definition
+# # ASN.1 Definition
 #
 # The following is the formal definition of OIDs specified in this file.
 #
+# ```
 # puppetCertExtensions OBJECT IDENTIFIER ::= {iso(1) identified-organization(3)
 #    dod(6) internet(1) private(4) enterprise(1) 34380 1}
 #
@@ -22,6 +23,7 @@ require 'puppet/ssl'
 # pp_instance_id OBJECT IDENTIFIER ::= { registeredExtensions 2 }
 # pp_image_name OBJECT IDENTIFIER ::= { registeredExtensions 3 }
 # pp_preshared_key OBJECT IDENTIFIER ::= { registeredExtensions 4 }
+# ```
 #
 # @api private
 module Puppet::SSL::Oids

data/lib/puppet/ssl/ssl_provider.rb CHANGED Viewed

@@ -3,6 +3,23 @@ require 'puppet/ssl'
 # SSL Provider creates `SSLContext` objects that can be used to create
 # secure connections.
 #
+# @example To load an SSLContext from an existing private key and related certs/crls:
+#   ssl_context = provider.load_context
+#
+# @example To load an SSLContext from an existing password-protected private key and related certs/crls:
+#   ssl_context = provider.load_context(password: 'opensesame')
+#
+# @example To create an SSLContext from in-memory certs and keys:
+#   cacerts = [<OpenSSL::X509::Certificate>]
+#   crls = [<OpenSSL::X509::CRL>]
+#   key = <OpenSSL::X509::PKey>
+#   cert = <OpenSSL::X509::Certificate>
+#   ssl_context = provider.create_context(cacerts: cacerts, crls: crls, private_key: key, client_cert: cert)
+#
+# @example To create an SSLContext to connect to non-puppet HTTPS servers:
+#   cacerts = [<OpenSSL::X509::Certificate>]
+#   ssl_context = provider.create_root_context(cacerts: cacerts)
+#
 # @api private
 class Puppet::SSL::SSLProvider
   # Create an insecure `SSLContext`. Connections made from the returned context

data/lib/puppet/ssl/state_machine.rb CHANGED Viewed

@@ -10,7 +10,7 @@ require 'puppet/util/pidlock'
 # certs. This way we're sure about which SSLContext is being used during any
 # phase of the bootstrapping process.
 #
-# @private
+# @api private
 class Puppet::SSL::StateMachine
   class SSLState
     attr_reader :ssl_context
@@ -405,6 +405,7 @@ class Puppet::SSL::StateMachine
   #
   # @return [Puppet::SSL::SSLContext] initialized SSLContext
   # @raise [Puppet::Error] If we fail to generate an SSLContext
+  # @api private
   def ensure_ca_certificates
     final_state = run_machine(NeedLock.new(self), NeedKey)
     final_state.ssl_context
@@ -414,6 +415,7 @@ class Puppet::SSL::StateMachine
   #
   # @return [Puppet::SSL::SSLContext] initialized SSLContext
   # @raise [Puppet::Error] If we fail to generate an SSLContext
+  # @api private
   def ensure_client_certificate
     final_state = run_machine(NeedLock.new(self), Done)
     ssl_context = final_state.ssl_context

data/lib/puppet/ssl/verifier.rb CHANGED Viewed

@@ -14,6 +14,7 @@ class Puppet::SSL::Verifier
   # @param hostname [String] FQDN of the server we're attempting to connect to
   # @param ssl_context [Puppet::SSL::SSLContext] ssl_context containing CA certs,
   #   CRLs, etc needed to verify the server's certificate chain
+  # @api private
   def initialize(hostname, ssl_context)
     @hostname = hostname
     @ssl_context = ssl_context
@@ -25,6 +26,7 @@ class Puppet::SSL::Verifier
   #
   # @param verifier [Puppet::SSL::Verifier] the verifier to compare against
   # @return [Boolean] return true if a cached connection can be used, false otherwise
+  # @api private
   def reusable?(verifier)
     verifier.instance_of?(self.class) &&
       verifier.ssl_context.object_id == @ssl_context.object_id

data/lib/puppet/ssl.rb CHANGED Viewed

@@ -2,18 +2,22 @@
 require 'puppet'
 require 'puppet/ssl/openssl_loader'
+# Responsible for bootstrapping an agent's certificate and private key, generating
+# SSLContexts for use in making HTTPS connections, and handling CSR attributes and
+# certificate extensions.
+#
+# @see Puppet::SSL::SSLProvider
 # @api private
-module Puppet::SSL # :nodoc:
+module Puppet::SSL
   CA_NAME = "ca".freeze
-  require 'puppet/ssl/host'
   require 'puppet/ssl/oids'
-  require 'puppet/ssl/validator'
-  require 'puppet/ssl/validator/no_validator'
-  require 'puppet/ssl/validator/default_validator'
   require 'puppet/ssl/error'
   require 'puppet/ssl/ssl_context'
   require 'puppet/ssl/verifier'
-  require 'puppet/ssl/verifier_adapter'
   require 'puppet/ssl/ssl_provider'
   require 'puppet/ssl/state_machine'
+  require 'puppet/ssl/certificate'
+  require 'puppet/ssl/certificate_request'
+  require 'puppet/ssl/certificate_request_attributes'
 end

data/lib/puppet/test/test_helper.rb CHANGED Viewed

@@ -142,16 +142,11 @@ module Puppet::Test
         },
         "Context for specs")
-      # trigger `require 'facter'`
-      Puppet.runtime[:facter]
+      Puppet.runtime.clear
       Puppet::Parser::Functions.reset
       Puppet::Application.clear!
       Puppet::Util::Profiler.clear
-      Puppet::SSL::Host.reset
-      Puppet::Rest::Routes.clear
       Puppet::Node::Facts.indirection.terminus_class = :memory
       facts = Puppet::Node::Facts.new(Puppet[:node_name_value])
       Puppet::Node::Facts.indirection.save(facts)
@@ -171,7 +166,6 @@ module Puppet::Test
       Puppet::Util::Storage.clear
       Puppet::Util::ExecutionStub.reset
-      Puppet.runtime.clear
       Puppet.clear_deprecation_warnings
@@ -226,6 +220,7 @@ module Puppet::Test
       {
           :logdir     => "/dev/null",
           :confdir    => "/dev/null",
+          :publicdir  => "/dev/null",
           :codedir    => "/dev/null",
           :vardir     => "/dev/null",
           :rundir     => "/dev/null",

data/lib/puppet/transaction/additional_resource_generator.rb CHANGED Viewed

@@ -137,7 +137,7 @@ class Puppet::Transaction::AdditionalResourceGenerator
       else
         @catalog.add_resource_after(parent_resource, res)
       end
-      @catalog.add_edge(@catalog.container_of(parent_resource), res) if @catalog.container_of(parent_resource)
+      @catalog.add_edge(@catalog.container_of(parent_resource), res)
       if @relationship_graph && priority
         # If we have a relationship_graph we should add the resource
         # to it (this is an eval_generate). If we don't, then the

data/lib/puppet/transaction/persistence.rb CHANGED Viewed

@@ -87,17 +87,7 @@ class Puppet::Transaction::Persistence
   # Save data from internal class to persistence store on disk.
   def save
-    converted_data = Puppet::Pops::Serialization::ToDataConverter.convert(
-      @new_data, {
-        symbol_as_string: false,
-        local_reference: false,
-        type_by_reference: true,
-        force_symbol: true,
-        silence_warnings: true,
-        message_prefix: to_s
-      }
-    )
-    Puppet::Util::Yaml.dump(converted_data, Puppet[:transactionstorefile])
+    Puppet::Util::Yaml.dump(@new_data, Puppet[:transactionstorefile])
   end
   # Use the catalog and run_mode to determine if persistence should be enabled or not

data/lib/puppet/transaction/report.rb CHANGED Viewed

@@ -66,8 +66,6 @@ class Puppet::Transaction::Report
   # Contains the name and port of the server that was successfully contacted
   # @return [String] a string of the format 'servername:port'
   attr_accessor :server_used
-  alias :master_used :server_used
-  alias :master_used= :server_used=
   # The host name for which the report is generated
   # @return [String] the host name
@@ -77,10 +75,6 @@ class Puppet::Transaction::Report
   # @return [String] the environment name
   attr_accessor :environment
-  # The name of the environment the agent initially started in
-  # @return [String] the environment name
-  attr_accessor :initial_environment
   # Whether there are changes that we decided not to apply because of noop
   # @return [Boolean]
   #
@@ -230,7 +224,7 @@ class Puppet::Transaction::Report
     @external_times ||= {}
     @host = Puppet[:node_name_value]
     @time = start_time
-    @report_format = 11
+    @report_format = 12
     @puppet_version = Puppet.version
     @configuration_version = configuration_version
     @transaction_uuid = transaction_uuid
@@ -330,7 +324,7 @@ class Puppet::Transaction::Report
     }
     # The following is include only when set
-    hash['master_used'] = hash['server_used'] = @server_used unless @server_used.nil?
+    hash['server_used'] = @server_used unless @server_used.nil?
     hash['catalog_uuid'] = @catalog_uuid unless @catalog_uuid.nil?
     hash['code_id'] = @code_id unless @code_id.nil?
     hash['job_id'] = @job_id unless @job_id.nil?
@@ -381,17 +375,7 @@ class Puppet::Transaction::Report
   # @api public
   #
   def raw_summary
-    report = {
-      "version" => {
-        "config" => configuration_version,
-        "puppet" => Puppet.version
-      },
-      "application" => {
-        "run_mode" => Puppet.run_mode.name.to_s,
-        "initial_environment" => initial_environment,
-        "converged_environment" => environment
-      }
-    }
+    report = { "version" => { "config" => configuration_version, "puppet" => Puppet.version  } }
     @metrics.each do |name, metric|
       key = metric.name.to_s

data/lib/puppet/transaction.rb CHANGED Viewed

@@ -376,16 +376,10 @@ class Puppet::Transaction
     Puppet.debug { "Prefetching #{provider_class.name} resources for #{type_name}" }
     begin
       provider_class.prefetch(resources)
-    rescue LoadError, Puppet::MissingCommand => detail
+    rescue LoadError, StandardError => detail
       #TRANSLATORS `prefetch` is a function name and should not be translated
       message = _("Could not prefetch %{type_name} provider '%{name}': %{detail}") % { type_name: type_name, name: provider_class.name, detail: detail }
       Puppet.log_exception(detail, message)
-    rescue StandardError => detail
-      message = _("Could not prefetch %{type_name} provider '%{name}': %{detail}") % { type_name: type_name, name: provider_class.name, detail: detail }
-      Puppet.log_exception(detail, message)
-      raise unless Puppet.settings[:future_features]
       @prefetch_failed_providers[type_name][provider_class.name] = true
     end
     @prefetched_providers[type_name][provider_class.name] = true

data/lib/puppet/type/exec.rb CHANGED Viewed

@@ -11,10 +11,7 @@ module Puppet
       * The command itself is already idempotent. (For example, `apt-get update`.)
       * The exec has an `onlyif`, `unless`, or `creates` attribute, which prevents
-        Puppet from running the command unless some condition is met. The
-        `onlyif` and `unless` commands of an `exec` are used in the process of
-        determining whether the `exec` is already in sync, therefore they must be run
-        during a noop Puppet run.
+        Puppet from running the command unless some condition is met.
       * The exec has `refreshonly => true`, which allows Puppet to run the
         command only when some other resource is changed. (See the notes on refreshing
         below.)
@@ -201,20 +198,10 @@ module Puppet
         any output is logged at the `err` log level.
         Multiple `exec` resources can use the same `command` value; Puppet
-        only uses the resource title to ensure `exec`s are unique.
-        On *nix platforms, the command can be specified as an array of
-        strings and Puppet will invoke it using the more secure method of
-        parameterized system calls. For example, rather than executing the
-        malicious injected code, this command will echo it out:
-            command => ['/bin/echo', 'hello world; rm -rf /']
-      "
+        only uses the resource title to ensure `exec`s are unique."
       validate do |command|
-        unless command.is_a?(String) || command.is_a?(Array)
-          raise ArgumentError, _("Command must be a String or Array<String>, got value of class %{klass}") % { klass: command.class }
-        end
+        raise ArgumentError, _("Command must be a String, got value of class %{klass}") % { klass: command.class } unless command.is_a? String
       end
     end
@@ -467,17 +454,10 @@ module Puppet
         `user`, `cwd`, and `group` as the main command. If the `path` isn't set, you
         must fully qualify the command's name.
-        Since this command is used in the process of determining whether the
-        `exec` is already in sync, it must be run during a noop Puppet run.
         This parameter can also take an array of commands. For example:
             unless => ['test -f /tmp/file1', 'test -f /tmp/file2'],
-        or an array of arrays. For example:
-            unless => [['test', '-f', '/tmp/file1'], 'test -f /tmp/file2']
         This `exec` would only run if every command in the array has a
         non-zero exit code.
       EOT
@@ -530,17 +510,10 @@ module Puppet
         `user`, `cwd`, and `group` as the main command. If the `path` isn't set, you
         must fully qualify the command's name.
-        Since this command is used in the process of determining whether the
-        `exec` is already in sync, it must be run during a noop Puppet run.
         This parameter can also take an array of commands. For example:
             onlyif => ['test -f /tmp/file1', 'test -f /tmp/file2'],
-        or an array of arrays. For example:
-            onlyif => [['test', '-f', '/tmp/file1'], 'test -f /tmp/file2']
         This `exec` would only run if every command in the array has an
         exit code of 0 (success).
       EOT
@@ -589,14 +562,12 @@ module Puppet
       reqs << self[:cwd] if self[:cwd]
       file_regex = Puppet::Util::Platform.windows? ? %r{^([a-zA-Z]:[\\/]\S+)} : %r{^(/\S+)}
-      cmd = self[:command]
-      cmd = cmd[0] if cmd.is_a? Array
-      cmd.scan(file_regex) { |str|
+      self[:command].scan(file_regex) { |str|
         reqs << str
       }
-      cmd.scan(/^"([^"]+)"/) { |str|
+      self[:command].scan(/^"([^"]+)"/) { |str|
         reqs << str
       }
@@ -612,7 +583,6 @@ module Puppet
           # fully qualified.  It might not be a bad idea to add
           # unqualified files, but, well, that's a bit more annoying
           # to do.
-          line = line[0] if line.is_a? Array
           reqs += line.scan(file_regex)
         end
       }

data/lib/puppet/type/file/checksum.rb CHANGED Viewed

@@ -7,7 +7,7 @@ Puppet::Type.type(:file).newparam(:checksum) do
   desc "The checksum type to use when determining whether to replace a file's contents.
-    The default checksum type is md5."
+    The default checksum type is #{Puppet.default_digest_algorithm}."
   newvalues(*Puppet::Util::Checksums.known_checksum_types)

data/lib/puppet/type/file/mode.rb CHANGED Viewed

@@ -90,15 +90,9 @@ module Puppet
         raise Puppet::Error, "The file mode specification is invalid: #{value.inspect}"
       end
-      # normalizes to symbolic form, e.g. u+a, an octal string without leading 0
       normalize_symbolic_mode(value)
     end
-    unmunge do |value|
-      # return symbolic form or octal string *with* leading 0's
-      display_mode(value) if value
-    end
     def desired_mode_from_current(desired, current)
       current = current.to_i(8) if current.is_a? String
       is_a_directory = @resource.stat && @resource.stat.directory?

data/lib/puppet/type/file/selcontext.rb CHANGED Viewed

@@ -42,7 +42,7 @@ module Puppet
         return nil
       end
-      context = self.get_selinux_default_context(@resource[:path], @resource[:ensure])
+      context = self.get_selinux_default_context(@resource[:path])
       unless context
         return nil
       end

data/lib/puppet/type/file/source.rb CHANGED Viewed

@@ -340,7 +340,7 @@ module Puppet
     def handle_response_error(response)
       message = "Error #{response.code} on SERVER: #{response.body.empty? ? response.reason : response.body}"
-      raise Net::HTTPError.new(message, response.nethttp)
+      raise Net::HTTPError.new(message, Puppet::HTTP::ResponseConverter.to_ruby_response(response))
     end
   end

data/lib/puppet/type/file.rb CHANGED Viewed

@@ -83,33 +83,31 @@ Puppet::Type.newtype(:file) do
         use copy the file in the same directory with that value as the extension
         of the backup. (A value of `true` is a synonym for `.puppet-bak`.)
       * If set to any other string, Puppet will try to back up to a filebucket
-        with that title. See the `filebucket` resource type for more details.
-        (This is the preferred method for backup, since it can be centralized
-        and queried.)
+        with that title. Puppet automatically creates a **local** filebucket
+        named `puppet` if one doesn't already exist. See the `filebucket` resource
+        type for more details.
-      Default value: `puppet`, which backs up to a filebucket of the same name.
-      (Puppet automatically creates a **local** filebucket named `puppet` if one
-      doesn't already exist.)
+      Default value: `false`
       Backing up to a local filebucket isn't particularly useful. If you want
       to make organized use of backups, you will generally want to use the
-      primary Puppet server's filebucket service. This requires declaring a
+      puppet master server's filebucket service. This requires declaring a
       filebucket resource and a resource default for the `backup` attribute
       in site.pp:
           # /etc/puppetlabs/puppet/manifests/site.pp
           filebucket { 'main':
             path   => false,                # This is required for remote filebuckets.
-            server => 'puppet.example.com', # Optional; defaults to the configured primary Puppet server.
+            server => 'puppet.example.com', # Optional; defaults to the configured puppet master.
           }
           File { backup => main, }
-      If you are using multiple primary servers, you will want to
+      If you are using multiple puppet master servers, you will want to
       centralize the contents of the filebucket. Either configure your load
-      balancer to direct all filebucket traffic to a single primary server, or use
+      balancer to direct all filebucket traffic to a single master, or use
       something like an out-of-band rsync task to synchronize the content on all
-      primary servers.
+      masters.
       > **Note**: Enabling and using the backup option, and by extension the
         filebucket resource, requires appropriate planning and management to ensure
@@ -125,7 +123,7 @@ Puppet::Type.newtype(:file) do
         - Restrict the directory to a maximum size after which the oldest items are removed.
     EOT
-    defaultto "puppet"
+    defaultto false
     munge do |value|
       # I don't really know how this is happening.
@@ -220,23 +218,6 @@ Puppet::Type.newtype(:file) do
     end
   end
-  newparam(:max_files) do
-    desc "In case the resource is a directory and the recursion is enabled, puppet will
-      generate a new resource for each file file found, possible leading to
-      an excessive number of resources generated without any control.
-      Setting `max_files` will check the number of file resources that
-      will eventually be created and will raise a resource argument error if the
-      limit will be exceeded.
-      Use value `0` to log a warning instead of raising an error.
-      Use value `-1` to disable errors and warnings due to max files."
-    defaultto 0
-    newvalues(/^[0-9]+$/, /^-1$/)
-  end
   newparam(:replace, :boolean => true, :parent => Puppet::Parameter::Boolean) do
     desc "Whether to replace a file or symlink that already exists on the local system but
       whose content doesn't match what the `source` or `content` attribute
@@ -361,7 +342,7 @@ Puppet::Type.newtype(:file) do
       This command must have a fully qualified path, and should contain a
       percent (`%`) token where it would expect an input file. It must exit `0`
       if the syntax is correct, and non-zero otherwise. The command will be
-      run on the target system while applying the catalog, not on the primary Puppet server.
+      run on the target system while applying the catalog, not on the puppet master.
       Example:
@@ -593,7 +574,7 @@ Puppet::Type.newtype(:file) do
     options = @original_parameters.merge(:path => full_path).reject { |param, value| value.nil? }
     # These should never be passed to our children.
-    [:parent, :ensure, :recurse, :recurselimit, :max_files, :target, :alias, :source].each do |param|
+    [:parent, :ensure, :recurse, :recurselimit, :target, :alias, :source].each do |param|
       options.delete(param) if options.include?(param)
     end
@@ -770,7 +751,6 @@ Puppet::Type.newtype(:file) do
       :links => self[:links],
       :recurse => (self[:recurse] == :remote ? true : self[:recurse]),
       :recurselimit => self[:recurselimit],
-      :max_files => self[:max_files],
       :source_permissions => self[:source_permissions],
       :ignore => self[:ignore],
       :checksum_type => (self[:source] || self[:content]) ? self[:checksum] : :none,

data/lib/puppet/type/filebucket.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module Puppet
   Type.newtype(:filebucket) do
     @doc = <<-EOT
       A repository for storing and retrieving file content by MD5 checksum. Can
-      be local to each agent node, or centralized on a primary Puppet server. All
+      be local to each agent node, or centralized on a puppet master server. All
       puppet servers provide a filebucket service that agent nodes can access
       via HTTP, but you must declare a filebucket resource before any agents
       will do so.
@@ -25,14 +25,14 @@ module Puppet
           # /etc/puppetlabs/puppet/manifests/site.pp
           filebucket { 'main':
             path   => false,                # This is required for remote filebuckets.
-            server => 'puppet.example.com', # Optional; defaults to the configured primary server.
+            server => 'puppet.example.com', # Optional; defaults to the configured puppet master.
           }
           File { backup => main, }
-      Puppet master servers automatically provide the filebucket service, so
+      Puppet Servers automatically provide the filebucket service, so
       this will work in a default configuration. If you have a heavily
-      restricted `auth.conf` file, you may need to allow access to the
+      restricted Puppet Server `auth.conf` file, you may need to allow access to the
       `file_bucket_file` endpoint.
     EOT

data/lib/puppet/type/group.rb CHANGED Viewed

@@ -1,4 +1,5 @@
 require 'etc'
+require 'facter'
 require 'puppet/property/keyvalue'
 require 'puppet/parameter/boolean'

data/lib/puppet/type/package.rb CHANGED Viewed

@@ -106,10 +106,6 @@ module Puppet
         provider.purge
       end
-      newvalue(:held, :event => :package_held, :required_features => :holdable) do
-        provider.deprecated_hold
-      end
       newvalue(:disabled, :required_features => :disableable) do
         provider.disable
       end
@@ -161,7 +157,7 @@ module Puppet
         @should.each { |should|
           case should
           when :present
-            return true unless [:absent, :purged, :held, :disabled].include?(is)
+            return true unless [:absent, :purged, :disabled].include?(is)
           when :latest
             # Short-circuit packages that are not present
             return false if is == :absent || is == :purged
@@ -426,10 +422,10 @@ module Puppet
     end
     newparam(:source) do
-      desc "Where to find the package file. This is mostly used by providers that don't
+      desc "Where to find the package file. This is only used by providers that don't
         automatically download packages from a central repository. (For example:
-        the `yum` provider ignores this attribute, `apt` provider uses it if present
-        and the `rpm` and `dpkg` providers require it.)
+        the `yum` and `apt` providers ignore this attribute, but the `rpm` and
+        `dpkg` providers require it.)
         Different providers accept different values for `source`. Most providers
         accept paths to local files stored on the target system. Some providers
@@ -657,8 +653,7 @@ module Puppet
       if provider.reinstallable? &&
         @parameters[:reinstall_on_refresh].value == :true &&
         @parameters[:ensure].value != :purged &&
-        @parameters[:ensure].value != :absent &&
-        @parameters[:ensure].value != :held
+        @parameters[:ensure].value != :absent
         provider.reinstall
       end
@@ -673,7 +668,7 @@ module Puppet
         Default is "none". Mark can be specified with or without `ensure`,
         if `ensure` is missing will default to "present".
-        Mark cannot be specified together with "purged", "absent" or "held"
+        Mark cannot be specified together with "purged", or "absent"
         values for `ensure`.
       EOT
       newvalues(:hold, :none)
@@ -710,11 +705,8 @@ module Puppet
     end
     validate do
-      if :held == @parameters[:ensure].should
-        warning '"ensure=>held" has been deprecated and will be removed in a future version, use "mark=hold" instead'
-      end
-      if @parameters[:mark] && [:absent, :purged, :held].include?(@parameters[:ensure].should)
-        raise ArgumentError, _('You cannot use "mark" property while "ensure" is one of ["absent", "purged", "held"]')
+      if @parameters[:mark] && [:absent, :purged].include?(@parameters[:ensure].should)
+        raise ArgumentError, _('You cannot use "mark" property while "ensure" is one of ["absent", "purged"]')
       end
     end
   end