puppet 6.26.0-x64-mingw32 → 7.0.0-x64-mingw32
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CODEOWNERS +16 -2
- data/CONTRIBUTING.md +5 -5
- data/Gemfile +5 -7
- data/Gemfile.lock +43 -62
- data/README.md +5 -5
- data/conf/fileserver.conf +5 -10
- data/ext/README.environment +8 -0
- data/ext/build_defaults.yaml +1 -1
- data/ext/dbfix.sql +132 -0
- data/ext/debian/README.Debian +8 -0
- data/ext/debian/README.source +2 -0
- data/ext/debian/TODO.Debian +1 -0
- data/ext/debian/changelog.erb +1122 -0
- data/ext/debian/compat +1 -0
- data/ext/debian/control +144 -0
- data/ext/debian/copyright +339 -0
- data/ext/debian/docs +1 -0
- data/ext/debian/fileserver.conf +41 -0
- data/ext/debian/puppet-common.dirs +13 -0
- data/ext/debian/puppet-common.install +3 -0
- data/ext/debian/puppet-common.lintian-overrides +5 -0
- data/ext/debian/puppet-common.manpages +28 -0
- data/ext/debian/puppet-common.postinst +35 -0
- data/ext/debian/puppet-common.postrm +33 -0
- data/ext/debian/puppet-el.dirs +1 -0
- data/ext/debian/puppet-el.emacsen-install +25 -0
- data/ext/debian/puppet-el.emacsen-remove +11 -0
- data/ext/debian/puppet-el.emacsen-startup +9 -0
- data/ext/debian/puppet-el.install +1 -0
- data/ext/debian/puppet-testsuite.install +2 -0
- data/ext/debian/puppet-testsuite.lintian-overrides +4 -0
- data/ext/debian/puppet.lintian-overrides +3 -0
- data/ext/debian/puppet.logrotate +20 -0
- data/ext/debian/puppet.postinst +20 -0
- data/ext/debian/puppet.postrm +20 -0
- data/ext/debian/puppet.preinst +20 -0
- data/ext/debian/puppetmaster-common.install +2 -0
- data/ext/debian/puppetmaster-common.manpages +2 -0
- data/ext/debian/puppetmaster-common.postinst +6 -0
- data/ext/debian/puppetmaster-passenger.dirs +4 -0
- data/ext/debian/puppetmaster-passenger.postinst +162 -0
- data/ext/debian/puppetmaster-passenger.postrm +61 -0
- data/ext/debian/puppetmaster.README.debian +17 -0
- data/ext/debian/puppetmaster.default +14 -0
- data/ext/debian/puppetmaster.init +137 -0
- data/ext/debian/puppetmaster.lintian-overrides +3 -0
- data/ext/debian/puppetmaster.postinst +20 -0
- data/ext/debian/puppetmaster.postrm +5 -0
- data/ext/debian/puppetmaster.preinst +22 -0
- data/ext/debian/rules +132 -0
- data/ext/debian/source/format +1 -0
- data/ext/debian/source/options +1 -0
- data/ext/debian/vim-puppet.README.Debian +13 -0
- data/ext/debian/vim-puppet.dirs +5 -0
- data/ext/debian/vim-puppet.yaml +7 -0
- data/ext/debian/watch +2 -0
- data/ext/freebsd/puppetd +26 -0
- data/ext/freebsd/puppetmasterd +26 -0
- data/ext/gentoo/conf.d/puppet +5 -0
- data/ext/gentoo/conf.d/puppetmaster +12 -0
- data/ext/gentoo/init.d/puppet +38 -0
- data/ext/gentoo/init.d/puppetmaster +51 -0
- data/ext/gentoo/puppet/fileserver.conf +41 -0
- data/ext/ips/puppet-agent +44 -0
- data/ext/ips/puppet-master +44 -0
- data/ext/ips/puppet.p5m.erb +12 -0
- data/ext/ips/puppetagent.xml +42 -0
- data/ext/ips/puppetmaster.xml +42 -0
- data/ext/ips/rules +19 -0
- data/ext/ips/transforms +34 -0
- data/ext/ldap/puppet.schema +24 -0
- data/ext/logcheck/puppet +23 -0
- data/{examples → ext}/nagios/check_puppet.rb +2 -2
- data/ext/osx/file_mapping.yaml +28 -0
- data/ext/osx/postflight.erb +109 -0
- data/ext/osx/preflight.erb +52 -0
- data/ext/osx/prototype.plist.erb +38 -0
- data/ext/osx/puppet.plist +0 -2
- data/ext/project_data.yaml +1 -15
- data/ext/redhat/fileserver.conf +41 -0
- data/ext/redhat/logrotate +21 -0
- data/ext/redhat/puppet.spec.erb +841 -0
- data/ext/redhat/server.init +128 -0
- data/ext/redhat/server.sysconfig +13 -0
- data/{examples/enc → ext}/regexp_nodes/classes/databases +0 -0
- data/{examples/enc → ext}/regexp_nodes/classes/webservers +0 -0
- data/{examples/enc → ext}/regexp_nodes/environment/development +0 -0
- data/{examples/enc → ext}/regexp_nodes/parameters/service/prod +0 -0
- data/{examples/enc → ext}/regexp_nodes/parameters/service/qa +0 -0
- data/{examples/enc → ext}/regexp_nodes/parameters/service/sandbox +0 -0
- data/{examples/enc → ext}/regexp_nodes/regexp_nodes.rb +0 -0
- data/ext/solaris/pkginfo +6 -0
- data/ext/solaris/smf/puppetd.xml +77 -0
- data/ext/solaris/smf/puppetmasterd.xml +77 -0
- data/ext/solaris/smf/svc-puppetd +71 -0
- data/ext/solaris/smf/svc-puppetmasterd +67 -0
- data/ext/suse/puppet.spec +310 -0
- data/ext/suse/server.init +173 -0
- data/ext/windows/service/daemon.rb +6 -5
- data/ext/yaml_nodes.rb +105 -0
- data/install.rb +21 -17
- data/lib/puppet/application/agent.rb +4 -16
- data/lib/puppet/application/apply.rb +4 -24
- data/lib/puppet/application/device.rb +100 -106
- data/lib/puppet/application/filebucket.rb +13 -10
- data/lib/puppet/application/lookup.rb +24 -78
- data/lib/puppet/application/resource.rb +16 -32
- data/lib/puppet/application/script.rb +0 -2
- data/lib/puppet/application/ssl.rb +1 -13
- data/lib/puppet/application.rb +178 -108
- data/lib/puppet/application_support.rb +0 -7
- data/lib/puppet/concurrent/thread_local_singleton.rb +3 -6
- data/lib/puppet/configurer/downloader.rb +1 -2
- data/lib/puppet/configurer/plugin_handler.rb +21 -19
- data/lib/puppet/configurer.rb +86 -179
- data/lib/puppet/confine/variable.rb +1 -1
- data/lib/puppet/defaults.rb +130 -245
- data/lib/puppet/environments.rb +82 -146
- data/lib/puppet/face/facts.rb +5 -103
- data/lib/puppet/face/generate.rb +0 -2
- data/lib/puppet/face/help/action.erb +0 -1
- data/lib/puppet/face/help/face.erb +0 -1
- data/lib/puppet/face/help.rb +1 -1
- data/lib/puppet/face/node/clean.rb +0 -11
- data/lib/puppet/face/plugin.rb +5 -8
- data/lib/puppet/ffi/windows/api_types.rb +311 -0
- data/lib/puppet/ffi/windows/constants.rb +404 -0
- data/lib/puppet/ffi/windows/functions.rb +628 -0
- data/lib/puppet/ffi/windows/structs.rb +338 -0
- data/lib/puppet/ffi/windows.rb +12 -0
- data/lib/puppet/file_serving/configuration/parser.rb +3 -34
- data/lib/puppet/file_serving/configuration.rb +0 -8
- data/lib/puppet/file_serving/fileset.rb +2 -14
- data/lib/puppet/file_serving/http_metadata.rb +1 -1
- data/lib/puppet/file_serving/metadata.rb +0 -3
- data/lib/puppet/file_serving/mount/file.rb +4 -4
- data/lib/puppet/file_serving/mount.rb +1 -2
- data/lib/puppet/file_system/file_impl.rb +8 -10
- data/lib/puppet/file_system/jruby.rb +1 -1
- data/lib/puppet/file_system/memory_file.rb +1 -8
- data/lib/puppet/file_system/windows.rb +6 -8
- data/lib/puppet/file_system.rb +1 -1
- data/lib/puppet/forge/repository.rb +0 -1
- data/lib/puppet/forge.rb +4 -4
- data/lib/puppet/functions/all.rb +1 -1
- data/lib/puppet/functions/camelcase.rb +1 -1
- data/lib/puppet/functions/capitalize.rb +2 -2
- data/lib/puppet/functions/downcase.rb +2 -2
- data/lib/puppet/functions/empty.rb +0 -8
- data/lib/puppet/functions/find_template.rb +2 -2
- data/lib/puppet/functions/get.rb +5 -5
- data/lib/puppet/functions/group_by.rb +5 -13
- data/lib/puppet/functions/lest.rb +1 -1
- data/lib/puppet/functions/new.rb +100 -100
- data/lib/puppet/functions/partition.rb +4 -12
- data/lib/puppet/functions/require.rb +5 -5
- data/lib/puppet/functions/sort.rb +3 -3
- data/lib/puppet/functions/strftime.rb +0 -1
- data/lib/puppet/functions/tree_each.rb +9 -7
- data/lib/puppet/functions/type.rb +4 -4
- data/lib/puppet/functions/unwrap.rb +2 -17
- data/lib/puppet/functions/upcase.rb +2 -2
- data/lib/puppet/functions/versioncmp.rb +2 -6
- data/lib/puppet/generate/models/type/type.rb +4 -1
- data/lib/puppet/generate/type.rb +0 -9
- data/lib/puppet/http/client.rb +165 -115
- data/lib/puppet/{network/resolver.rb → http/dns.rb} +2 -2
- data/lib/puppet/http/errors.rb +16 -0
- data/lib/puppet/http/external_client.rb +5 -7
- data/lib/puppet/{network/http → http}/factory.rb +8 -15
- data/lib/puppet/{network/http → http}/pool.rb +61 -26
- data/lib/puppet/{network/http/session.rb → http/pool_entry.rb} +2 -3
- data/lib/puppet/http/proxy.rb +137 -0
- data/lib/puppet/http/redirector.rb +4 -17
- data/lib/puppet/http/resolver/server_list.rb +10 -25
- data/lib/puppet/http/resolver/settings.rb +4 -7
- data/lib/puppet/http/resolver/srv.rb +7 -11
- data/lib/puppet/http/resolver.rb +5 -15
- data/lib/puppet/http/response.rb +36 -54
- data/lib/puppet/http/response_converter.rb +24 -0
- data/lib/puppet/http/response_net_http.rb +42 -0
- data/lib/puppet/http/retry_after_handler.rb +4 -13
- data/lib/puppet/http/service/ca.rb +11 -22
- data/lib/puppet/http/service/compiler.rb +23 -144
- data/lib/puppet/http/service/file_server.rb +19 -29
- data/lib/puppet/http/service/puppetserver.rb +26 -12
- data/lib/puppet/http/service/report.rb +8 -10
- data/lib/puppet/http/service.rb +12 -26
- data/lib/puppet/http/session.rb +11 -20
- data/lib/puppet/{network/http → http}/site.rb +1 -2
- data/lib/puppet/http.rb +22 -13
- data/lib/puppet/indirector/catalog/compiler.rb +6 -25
- data/lib/puppet/indirector/catalog/rest.rb +2 -5
- data/lib/puppet/indirector/facts/facter.rb +6 -6
- data/lib/puppet/indirector/facts/rest.rb +3 -22
- data/lib/puppet/indirector/file_bucket_file/rest.rb +3 -9
- data/lib/puppet/indirector/file_content/rest.rb +2 -6
- data/lib/puppet/indirector/file_metadata/rest.rb +3 -10
- data/lib/puppet/indirector/file_server.rb +1 -8
- data/lib/puppet/indirector/generic_http.rb +0 -11
- data/lib/puppet/indirector/indirection.rb +1 -1
- data/lib/puppet/indirector/node/rest.rb +2 -4
- data/lib/puppet/indirector/report/rest.rb +3 -8
- data/lib/puppet/indirector/request.rb +0 -101
- data/lib/puppet/indirector/resource/ral.rb +1 -6
- data/lib/puppet/indirector/rest.rb +12 -263
- data/lib/puppet/indirector/terminus.rb +0 -4
- data/lib/puppet/interface/documentation.rb +0 -1
- data/lib/puppet/module/plan.rb +1 -0
- data/lib/puppet/module/task.rb +1 -1
- data/lib/puppet/module.rb +0 -1
- data/lib/puppet/module_tool/applications/installer.rb +2 -56
- data/lib/puppet/module_tool/applications/uninstaller.rb +1 -1
- data/lib/puppet/module_tool/applications/upgrader.rb +1 -1
- data/lib/puppet/module_tool/applications.rb +0 -1
- data/lib/puppet/module_tool/errors/shared.rb +2 -34
- data/lib/puppet/network/authconfig.rb +2 -96
- data/lib/puppet/network/authorization.rb +13 -35
- data/lib/puppet/network/formats.rb +0 -67
- data/lib/puppet/network/http/api/indirected_routes.rb +3 -21
- data/lib/puppet/network/http/api/master/v3.rb +11 -13
- data/lib/puppet/network/http/connection.rb +247 -316
- data/lib/puppet/network/http/handler.rb +0 -1
- data/lib/puppet/network/http.rb +3 -3
- data/lib/puppet/network/http_pool.rb +16 -34
- data/lib/puppet/node/environment.rb +11 -10
- data/lib/puppet/node.rb +2 -31
- data/lib/puppet/pal/json_catalog_encoder.rb +4 -0
- data/lib/puppet/pal/pal_impl.rb +4 -2
- data/lib/puppet/parser/ast/leaf.rb +2 -3
- data/lib/puppet/parser/ast/pops_bridge.rb +0 -38
- data/lib/puppet/parser/compiler/catalog_validator/relationship_validator.rb +14 -39
- data/lib/puppet/parser/compiler.rb +0 -198
- data/lib/puppet/parser/functions/fqdn_rand.rb +6 -14
- data/lib/puppet/parser/resource.rb +1 -70
- data/lib/puppet/parser/scope.rb +0 -1
- data/lib/puppet/parser/templatewrapper.rb +1 -2
- data/lib/puppet/pops/evaluator/closure.rb +5 -7
- data/lib/puppet/pops/evaluator/deferred_resolver.rb +3 -5
- data/lib/puppet/pops/evaluator/evaluator_impl.rb +0 -5
- data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +3 -4
- data/lib/puppet/pops/evaluator/runtime3_support.rb +1 -1
- data/lib/puppet/pops/issues.rb +0 -5
- data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +6 -8
- data/lib/puppet/pops/lookup/lookup_adapter.rb +2 -3
- data/lib/puppet/pops/model/ast.pp +0 -42
- data/lib/puppet/pops/model/ast.rb +0 -291
- data/lib/puppet/pops/model/ast_transformer.rb +1 -1
- data/lib/puppet/pops/model/factory.rb +1 -47
- data/lib/puppet/pops/model/model_label_provider.rb +0 -5
- data/lib/puppet/pops/model/model_tree_dumper.rb +0 -22
- data/lib/puppet/pops/model/pn_transformer.rb +0 -16
- data/lib/puppet/pops/parser/code_merger.rb +4 -4
- data/lib/puppet/pops/parser/egrammar.ra +0 -58
- data/lib/puppet/pops/parser/eparser.rb +1685 -1896
- data/lib/puppet/pops/parser/lexer2.rb +91 -92
- data/lib/puppet/pops/parser/parser_support.rb +0 -5
- data/lib/puppet/pops/parser/slurp_support.rb +0 -1
- data/lib/puppet/pops/resource/resource_type_impl.rb +2 -24
- data/lib/puppet/pops/serialization/to_stringified_converter.rb +1 -1
- data/lib/puppet/pops/types/p_sem_ver_type.rb +2 -8
- data/lib/puppet/pops/types/p_sensitive_type.rb +0 -10
- data/lib/puppet/pops/types/type_calculator.rb +0 -7
- data/lib/puppet/pops/types/type_formatter.rb +3 -4
- data/lib/puppet/pops/types/type_mismatch_describer.rb +1 -1
- data/lib/puppet/pops/types/type_parser.rb +0 -4
- data/lib/puppet/pops/types/types.rb +1 -2
- data/lib/puppet/pops/validation/checker4_0.rb +9 -37
- data/lib/puppet/pops/validation/tasks_checker.rb +0 -12
- data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -2
- data/lib/puppet/property/list.rb +1 -1
- data/lib/puppet/provider/aix_object.rb +1 -1
- data/lib/puppet/provider/exec/posix.rb +4 -16
- data/lib/puppet/provider/group/groupadd.rb +10 -18
- data/lib/puppet/provider/nameservice.rb +0 -18
- data/lib/puppet/provider/package/apt.rb +2 -34
- data/lib/puppet/provider/package/aptitude.rb +0 -6
- data/lib/puppet/provider/package/dnfmodule.rb +1 -1
- data/lib/puppet/provider/package/dpkg.rb +0 -10
- data/lib/puppet/provider/package/gem.rb +23 -3
- data/lib/puppet/provider/package/nim.rb +6 -11
- data/lib/puppet/provider/package/pip.rb +3 -16
- data/lib/puppet/provider/package/pkg.rb +2 -23
- data/lib/puppet/provider/package/portage.rb +1 -1
- data/lib/puppet/provider/package/puppet_gem.rb +1 -4
- data/lib/puppet/provider/package/puppetserver_gem.rb +1 -1
- data/lib/puppet/provider/package/yum.rb +1 -1
- data/lib/puppet/provider/parsedfile.rb +0 -3
- data/lib/puppet/provider/service/base.rb +1 -1
- data/lib/puppet/provider/service/debian.rb +0 -2
- data/lib/puppet/provider/service/init.rb +9 -10
- data/lib/puppet/provider/service/launchd.rb +2 -2
- data/lib/puppet/provider/service/redhat.rb +1 -1
- data/lib/puppet/provider/service/smf.rb +194 -76
- data/lib/puppet/provider/service/systemd.rb +6 -16
- data/lib/puppet/provider/service/upstart.rb +5 -5
- data/lib/puppet/provider/service/windows.rb +0 -38
- data/lib/puppet/provider/user/aix.rb +3 -46
- data/lib/puppet/provider/user/directoryservice.rb +11 -34
- data/lib/puppet/provider/user/useradd.rb +24 -134
- data/lib/puppet/provider.rb +1 -14
- data/lib/puppet/reference/configuration.rb +8 -7
- data/lib/puppet/reference/indirection.rb +1 -1
- data/lib/puppet/reference/providers.rb +2 -2
- data/lib/puppet/resource/catalog.rb +2 -15
- data/lib/puppet/resource/type.rb +3 -119
- data/lib/puppet/resource/type_collection.rb +3 -49
- data/lib/puppet/resource.rb +6 -127
- data/lib/puppet/runtime.rb +2 -13
- data/lib/puppet/settings/environment_conf.rb +0 -1
- data/lib/puppet/settings/integer_setting.rb +17 -0
- data/lib/puppet/settings/port_setting.rb +15 -0
- data/lib/puppet/settings/priority_setting.rb +5 -4
- data/lib/puppet/settings.rb +82 -98
- data/lib/puppet/ssl/base.rb +3 -5
- data/lib/puppet/ssl/certificate.rb +0 -6
- data/lib/puppet/ssl/certificate_request.rb +1 -12
- data/lib/puppet/ssl/certificate_signer.rb +6 -0
- data/lib/puppet/ssl/oids.rb +3 -1
- data/lib/puppet/ssl/ssl_provider.rb +17 -0
- data/lib/puppet/ssl/state_machine.rb +3 -1
- data/lib/puppet/ssl/verifier.rb +2 -6
- data/lib/puppet/ssl.rb +10 -6
- data/lib/puppet/test/test_helper.rb +2 -7
- data/lib/puppet/transaction/additional_resource_generator.rb +1 -1
- data/lib/puppet/transaction/persistence.rb +1 -21
- data/lib/puppet/transaction/report.rb +3 -19
- data/lib/puppet/transaction.rb +1 -7
- data/lib/puppet/type/exec.rb +5 -35
- data/lib/puppet/type/file/checksum.rb +1 -1
- data/lib/puppet/type/file/data_sync.rb +1 -1
- data/lib/puppet/type/file/mode.rb +0 -6
- data/lib/puppet/type/file/selcontext.rb +1 -1
- data/lib/puppet/type/file/source.rb +1 -1
- data/lib/puppet/type/file.rb +12 -32
- data/lib/puppet/type/filebucket.rb +4 -4
- data/lib/puppet/type/group.rb +1 -0
- data/lib/puppet/type/package.rb +8 -16
- data/lib/puppet/type/resources.rb +1 -1
- data/lib/puppet/type/service.rb +41 -26
- data/lib/puppet/type/tidy.rb +3 -22
- data/lib/puppet/type/user.rb +13 -32
- data/lib/puppet/type.rb +1 -77
- data/lib/puppet/util/autoload.rb +8 -1
- data/lib/puppet/util/command_line.rb +1 -1
- data/lib/puppet/util/execution.rb +0 -11
- data/lib/puppet/util/filetype.rb +2 -2
- data/lib/puppet/util/http_proxy.rb +2 -215
- data/lib/puppet/util/json.rb +0 -20
- data/lib/puppet/util/log.rb +4 -8
- data/lib/puppet/util/logging.rb +25 -1
- data/lib/puppet/util/monkey_patches.rb +0 -59
- data/lib/puppet/util/package.rb +16 -25
- data/lib/puppet/util/pidlock.rb +1 -1
- data/lib/puppet/util/posix.rb +5 -54
- data/lib/puppet/util/rdoc/parser/puppet_parser_core.rb +1 -1
- data/lib/puppet/util/rdoc.rb +0 -7
- data/lib/puppet/util/retry_action.rb +1 -1
- data/lib/puppet/util/run_mode.rb +9 -1
- data/lib/puppet/util/selinux.rb +4 -30
- data/lib/puppet/util/suidmanager.rb +2 -1
- data/lib/puppet/util/symbolic_file_mode.rb +17 -29
- data/lib/puppet/util/tagging.rb +0 -1
- data/lib/puppet/util/windows/adsi.rb +0 -46
- data/lib/puppet/util/windows/daemon.rb +360 -0
- data/lib/puppet/util/windows/error.rb +1 -0
- data/lib/puppet/util/windows/eventlog.rb +4 -9
- data/lib/puppet/util/windows/file.rb +8 -242
- data/lib/puppet/util/windows/monkey_patches/process.rb +414 -0
- data/lib/puppet/util/windows/principal.rb +2 -9
- data/lib/puppet/util/windows/process.rb +4 -226
- data/lib/puppet/util/windows/service.rb +11 -457
- data/lib/puppet/util/windows/sid.rb +2 -6
- data/lib/puppet/util/windows/string.rb +12 -13
- data/lib/puppet/util/windows/user.rb +2 -0
- data/lib/puppet/util/windows.rb +3 -11
- data/lib/puppet/util/yaml.rb +1 -42
- data/lib/puppet/util.rb +3 -4
- data/lib/puppet/vendor/require_vendored.rb +0 -1
- data/lib/puppet/version.rb +1 -1
- data/lib/puppet/x509/cert_provider.rb +29 -1
- data/lib/puppet/x509.rb +5 -1
- data/lib/puppet.rb +20 -26
- data/locales/puppet.pot +9633 -5
- data/man/man5/puppet.conf.5 +286 -401
- data/man/man8/puppet-agent.8 +2 -5
- data/man/man8/puppet-apply.8 +2 -2
- data/man/man8/puppet-catalog.8 +9 -9
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +2 -2
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +8 -51
- data/man/man8/puppet-filebucket.8 +4 -4
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-lookup.8 +6 -9
- data/man/man8/puppet-module.8 +3 -60
- data/man/man8/puppet-node.8 +5 -5
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +5 -5
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +2 -2
- data/man/man8/puppet-ssl.8 +1 -5
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/ssl/127.0.0.1-key.pem +57 -107
- data/spec/fixtures/ssl/127.0.0.1.pem +31 -52
- data/spec/fixtures/ssl/bad-basic-constraints.pem +35 -57
- data/spec/fixtures/ssl/bad-int-basic-constraints.pem +35 -57
- data/spec/fixtures/ssl/ca.pem +35 -57
- data/spec/fixtures/ssl/crl.pem +18 -28
- data/spec/fixtures/ssl/ec-key.pem +11 -11
- data/spec/fixtures/ssl/ec.pem +24 -33
- data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
- data/spec/fixtures/ssl/encrypted-key.pem +58 -108
- data/spec/fixtures/ssl/intermediate-agent-crl.pem +19 -28
- data/spec/fixtures/ssl/intermediate-agent.pem +36 -57
- data/spec/fixtures/ssl/intermediate-crl.pem +21 -31
- data/spec/fixtures/ssl/intermediate.pem +36 -57
- data/spec/fixtures/ssl/pluto-key.pem +57 -107
- data/spec/fixtures/ssl/pluto.pem +30 -52
- data/spec/fixtures/ssl/request-key.pem +57 -107
- data/spec/fixtures/ssl/request.pem +26 -47
- data/spec/fixtures/ssl/revoked-key.pem +57 -107
- data/spec/fixtures/ssl/revoked.pem +30 -52
- data/spec/fixtures/ssl/signed-key.pem +57 -107
- data/spec/fixtures/ssl/signed.pem +30 -52
- data/spec/fixtures/ssl/tampered-cert.pem +30 -52
- data/spec/fixtures/ssl/tampered-csr.pem +26 -47
- data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +57 -107
- data/spec/fixtures/ssl/unknown-127.0.0.1.pem +29 -50
- data/spec/fixtures/ssl/unknown-ca-key.pem +57 -107
- data/spec/fixtures/ssl/unknown-ca.pem +33 -55
- data/spec/fixtures/unit/forge/bacula.json +1 -1
- data/spec/fixtures/unit/provider/service/smf/{svcs.out → svcs_instances.out} +0 -0
- data/spec/fixtures/unit/provider/user/aix/aix_passwd_file.out +0 -4
- data/spec/integration/application/agent_spec.rb +51 -299
- data/spec/integration/application/apply_spec.rb +1 -20
- data/spec/integration/application/filebucket_spec.rb +16 -32
- data/spec/integration/application/help_spec.rb +2 -0
- data/spec/integration/application/lookup_spec.rb +6 -32
- data/spec/integration/application/module_spec.rb +0 -21
- data/spec/integration/application/plugin_spec.rb +24 -2
- data/spec/integration/configurer_spec.rb +2 -18
- data/spec/integration/defaults_spec.rb +14 -3
- data/spec/integration/environments/settings_interpolation_spec.rb +4 -0
- data/spec/integration/http/client_spec.rb +0 -12
- data/spec/integration/indirector/direct_file_server_spec.rb +3 -1
- data/spec/integration/indirector/facts/facter_spec.rb +39 -93
- data/spec/integration/network/http_pool_spec.rb +3 -21
- data/spec/integration/parser/catalog_spec.rb +0 -38
- data/spec/integration/parser/node_spec.rb +0 -9
- data/spec/integration/parser/pcore_resource_spec.rb +0 -47
- data/spec/integration/resource/type_collection_spec.rb +6 -2
- data/spec/integration/transaction/report_spec.rb +1 -1
- data/spec/integration/transaction_spec.rb +9 -4
- data/spec/integration/type/exec_spec.rb +45 -70
- data/spec/integration/type/file_spec.rb +7 -6
- data/spec/integration/type/package_spec.rb +6 -6
- data/spec/integration/util/rdoc/parser_spec.rb +1 -1
- data/spec/integration/util/windows/adsi_spec.rb +1 -21
- data/spec/integration/util/windows/monkey_patches/process_spec.rb +231 -0
- data/spec/integration/util/windows/principal_spec.rb +0 -21
- data/spec/integration/util/windows/process_spec.rb +9 -1
- data/spec/integration/util/windows/registry_spec.rb +10 -6
- data/spec/integration/util/windows/security_spec.rb +1 -1
- data/spec/lib/matchers/include.rb +27 -0
- data/spec/lib/matchers/include_spec.rb +32 -0
- data/spec/lib/puppet/test_ca.rb +2 -7
- data/spec/lib/puppet_spec/modules.rb +2 -13
- data/spec/lib/puppet_spec/puppetserver.rb +1 -16
- data/spec/lib/puppet_spec/settings.rb +1 -1
- data/spec/shared_behaviours/documentation_on_faces.rb +2 -0
- data/spec/spec_helper.rb +17 -13
- data/spec/unit/agent_spec.rb +6 -10
- data/spec/unit/application/agent_spec.rb +3 -7
- data/spec/unit/application/apply_spec.rb +56 -76
- data/spec/unit/application/facts_spec.rb +12 -456
- data/spec/unit/application/filebucket_spec.rb +43 -39
- data/spec/unit/application/lookup_spec.rb +10 -131
- data/spec/unit/application/resource_spec.rb +0 -29
- data/spec/unit/application/ssl_spec.rb +2 -25
- data/spec/unit/application_spec.rb +9 -51
- data/spec/unit/certificate_factory_spec.rb +1 -1
- data/spec/unit/configurer/downloader_spec.rb +6 -8
- data/spec/unit/configurer/plugin_handler_spec.rb +56 -18
- data/spec/unit/configurer_spec.rb +68 -296
- data/spec/unit/confine/feature_spec.rb +1 -1
- data/spec/unit/confine_spec.rb +2 -8
- data/spec/unit/context/trusted_information_spec.rb +2 -6
- data/spec/unit/defaults_spec.rb +68 -55
- data/spec/unit/environments_spec.rb +68 -408
- data/spec/unit/face/generate_spec.rb +0 -64
- data/spec/unit/face/node_spec.rb +11 -0
- data/spec/unit/face/plugin_spec.rb +73 -33
- data/spec/unit/file_bucket/dipper_spec.rb +2 -2
- data/spec/unit/file_bucket/file_spec.rb +1 -1
- data/spec/unit/file_serving/configuration/parser_spec.rb +15 -41
- data/spec/unit/file_serving/configuration_spec.rb +10 -26
- data/spec/unit/file_serving/fileset_spec.rb +0 -60
- data/spec/unit/file_serving/metadata_spec.rb +3 -3
- data/spec/unit/file_serving/terminus_helper_spec.rb +4 -11
- data/spec/unit/file_system_spec.rb +4 -56
- data/spec/unit/forge/module_release_spec.rb +10 -5
- data/spec/unit/functions/assert_type_spec.rb +1 -1
- data/spec/unit/functions/camelcase_spec.rb +1 -1
- data/spec/unit/functions/capitalize_spec.rb +1 -1
- data/spec/unit/functions/downcase_spec.rb +1 -1
- data/spec/unit/functions/empty_spec.rb +0 -10
- data/spec/unit/functions/logging_spec.rb +0 -1
- data/spec/unit/functions/lookup_spec.rb +0 -64
- data/spec/unit/functions/unwrap_spec.rb +0 -8
- data/spec/unit/functions/upcase_spec.rb +1 -1
- data/spec/unit/functions/versioncmp_spec.rb +4 -40
- data/spec/unit/functions4_spec.rb +2 -2
- data/spec/unit/gettext/config_spec.rb +0 -12
- data/spec/unit/http/client_spec.rb +8 -66
- data/spec/unit/{network/resolver_spec.rb → http/dns_spec.rb} +3 -3
- data/spec/unit/http/external_client_spec.rb +4 -4
- data/spec/unit/{network/http → http}/factory_spec.rb +5 -30
- data/spec/unit/{network/http/session_spec.rb → http/pool_entry_spec.rb} +3 -3
- data/spec/unit/{network/http → http}/pool_spec.rb +12 -17
- data/spec/unit/{util/http_proxy_spec.rb → http/proxy_spec.rb} +2 -69
- data/spec/unit/http/resolver_spec.rb +13 -13
- data/spec/unit/http/service/compiler_spec.rb +0 -193
- data/spec/unit/http/service/file_server_spec.rb +3 -3
- data/spec/unit/http/service/puppetserver_spec.rb +34 -4
- data/spec/unit/http/service_spec.rb +0 -1
- data/spec/unit/http/session_spec.rb +16 -14
- data/spec/unit/{network/http → http}/site_spec.rb +3 -3
- data/spec/unit/indirector/catalog/compiler_spec.rb +10 -101
- data/spec/unit/indirector/catalog/rest_spec.rb +0 -8
- data/spec/unit/indirector/face_spec.rb +1 -0
- data/spec/unit/indirector/facts/facter_spec.rb +3 -0
- data/spec/unit/indirector/file_bucket_file/file_spec.rb +5 -3
- data/spec/unit/indirector/file_bucket_file/selector_spec.rb +8 -26
- data/spec/unit/indirector/file_content/rest_spec.rb +0 -4
- data/spec/unit/indirector/file_metadata/rest_spec.rb +0 -4
- data/spec/unit/indirector/file_server_spec.rb +1 -15
- data/spec/unit/indirector/indirection_spec.rb +15 -18
- data/spec/unit/indirector/report/rest_spec.rb +2 -17
- data/spec/unit/indirector/request_spec.rb +0 -264
- data/spec/unit/indirector/resource/ral_spec.rb +75 -40
- data/spec/unit/indirector/rest_spec.rb +98 -752
- data/spec/unit/indirector/store_configs_spec.rb +7 -0
- data/spec/unit/indirector_spec.rb +2 -2
- data/spec/unit/interface/action_spec.rb +9 -0
- data/spec/unit/module_spec.rb +1 -15
- data/spec/unit/module_tool/applications/installer_spec.rb +0 -105
- data/spec/unit/network/authconfig_spec.rb +2 -129
- data/spec/unit/network/authorization_spec.rb +2 -55
- data/spec/unit/network/formats_spec.rb +4 -51
- data/spec/unit/network/http/api/indirected_routes_spec.rb +5 -92
- data/spec/unit/network/http/api/master/v3_spec.rb +28 -7
- data/spec/unit/network/http/api_spec.rb +10 -0
- data/spec/unit/network/http/connection_spec.rb +19 -41
- data/spec/unit/network/http/handler_spec.rb +0 -1
- data/spec/unit/network/http_pool_spec.rb +0 -4
- data/spec/unit/node/environment_spec.rb +33 -21
- data/spec/unit/node_spec.rb +2 -60
- data/spec/unit/parser/compiler_spec.rb +19 -3
- data/spec/unit/parser/functions/create_resources_spec.rb +2 -20
- data/spec/unit/parser/functions/fqdn_rand_spec.rb +1 -15
- data/spec/unit/parser/resource_spec.rb +8 -14
- data/spec/unit/parser/templatewrapper_spec.rb +5 -16
- data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +4 -7
- data/spec/unit/pops/loaders/loaders_spec.rb +6 -21
- data/spec/unit/pops/parser/parse_application_spec.rb +4 -22
- data/spec/unit/pops/parser/parse_basic_expressions_spec.rb +0 -1
- data/spec/unit/pops/parser/parse_capabilities_spec.rb +8 -21
- data/spec/unit/pops/parser/parse_containers_spec.rb +13 -2
- data/spec/unit/pops/parser/parse_site_spec.rb +20 -24
- data/spec/unit/pops/resource/resource_type_impl_spec.rb +0 -71
- data/spec/unit/pops/serialization/to_from_hr_spec.rb +1 -1
- data/spec/unit/pops/serialization/to_stringified_spec.rb +0 -5
- data/spec/unit/pops/types/p_sem_ver_type_spec.rb +0 -18
- data/spec/unit/pops/types/p_sensitive_type_spec.rb +0 -18
- data/spec/unit/pops/types/type_calculator_spec.rb +6 -12
- data/spec/unit/pops/types/type_factory_spec.rb +1 -1
- data/spec/unit/pops/validator/validator_spec.rb +61 -51
- data/spec/unit/pops/visitor_spec.rb +1 -1
- data/spec/unit/property_spec.rb +0 -1
- data/spec/unit/provider/group/groupadd_spec.rb +2 -5
- data/spec/unit/provider/nameservice_spec.rb +64 -122
- data/spec/unit/provider/package/apt_spec.rb +23 -28
- data/spec/unit/provider/package/aptitude_spec.rb +1 -1
- data/spec/unit/provider/package/base_spec.rb +5 -6
- data/spec/unit/provider/package/dnfmodule_spec.rb +1 -10
- data/spec/unit/provider/package/dpkg_spec.rb +0 -48
- data/spec/unit/provider/package/gem_spec.rb +33 -1
- data/spec/unit/provider/package/nim_spec.rb +0 -42
- data/spec/unit/provider/package/pacman_spec.rb +12 -18
- data/spec/unit/provider/package/pip2_spec.rb +1 -1
- data/spec/unit/provider/package/pip3_spec.rb +1 -1
- data/spec/unit/provider/package/pip_spec.rb +12 -44
- data/spec/unit/provider/package/pkg_spec.rb +4 -29
- data/spec/unit/provider/package/pkgdmg_spec.rb +4 -0
- data/spec/unit/provider/package/puppet_gem_spec.rb +4 -3
- data/spec/unit/provider/package/puppetserver_gem_spec.rb +1 -1
- data/spec/unit/provider/parsedfile_spec.rb +0 -10
- data/spec/unit/provider/service/gentoo_spec.rb +5 -6
- data/spec/unit/provider/service/init_spec.rb +9 -16
- data/spec/unit/provider/service/launchd_spec.rb +0 -11
- data/spec/unit/provider/service/openwrt_spec.rb +29 -23
- data/spec/unit/provider/service/redhat_spec.rb +2 -3
- data/spec/unit/provider/service/smf_spec.rb +401 -165
- data/spec/unit/provider/service/systemd_spec.rb +9 -54
- data/spec/unit/provider/service/windows_spec.rb +0 -203
- data/spec/unit/provider/user/aix_spec.rb +0 -105
- data/spec/unit/provider/user/directoryservice_spec.rb +36 -68
- data/spec/unit/provider/user/hpux_spec.rb +1 -1
- data/spec/unit/provider/user/pw_spec.rb +0 -2
- data/spec/unit/provider/user/useradd_spec.rb +5 -114
- data/spec/unit/provider_spec.rb +12 -22
- data/spec/unit/puppet_spec.rb +4 -12
- data/spec/unit/resource/catalog_spec.rb +2 -15
- data/spec/unit/resource/type_collection_spec.rb +2 -22
- data/spec/unit/resource/type_spec.rb +1 -1
- data/spec/unit/resource_spec.rb +12 -125
- data/spec/unit/settings/http_extra_headers_spec.rb +2 -4
- data/spec/unit/settings/integer_setting_spec.rb +42 -0
- data/spec/unit/settings/port_setting_spec.rb +31 -0
- data/spec/unit/settings/priority_setting_spec.rb +4 -4
- data/spec/unit/settings_spec.rb +79 -110
- data/spec/unit/ssl/base_spec.rb +37 -3
- data/spec/unit/ssl/certificate_request_spec.rb +21 -45
- data/spec/unit/ssl/certificate_spec.rb +2 -11
- data/spec/unit/ssl/ssl_provider_spec.rb +2 -5
- data/spec/unit/ssl/state_machine_spec.rb +5 -20
- data/spec/unit/ssl/verifier_spec.rb +0 -21
- data/spec/unit/transaction/additional_resource_generator_spec.rb +9 -3
- data/spec/unit/transaction/event_manager_spec.rb +11 -14
- data/spec/unit/transaction/persistence_spec.rb +0 -51
- data/spec/unit/transaction/report_spec.rb +0 -2
- data/spec/unit/transaction/resource_harness_spec.rb +2 -2
- data/spec/unit/transaction_spec.rb +55 -96
- data/spec/unit/type/exec_spec.rb +29 -76
- data/spec/unit/type/file/checksum_spec.rb +6 -6
- data/spec/unit/type/file/content_spec.rb +2 -1
- data/spec/unit/type/file/ensure_spec.rb +1 -1
- data/spec/unit/type/file/mode_spec.rb +1 -1
- data/spec/unit/type/file/selinux_spec.rb +5 -3
- data/spec/unit/type/file/source_spec.rb +4 -5
- data/spec/unit/type/file_spec.rb +18 -6
- data/spec/unit/type/group_spec.rb +6 -13
- data/spec/unit/type/package_spec.rb +1 -1
- data/spec/unit/type/resources_spec.rb +7 -7
- data/spec/unit/type/service_spec.rb +189 -87
- data/spec/unit/type/tidy_spec.rb +8 -24
- data/spec/unit/type_spec.rb +24 -4
- data/spec/unit/util/at_fork_spec.rb +2 -2
- data/spec/unit/util/autoload_spec.rb +1 -5
- data/spec/unit/util/backups_spec.rb +2 -3
- data/spec/unit/util/execution_spec.rb +11 -44
- data/spec/unit/util/inifile_spec.rb +14 -6
- data/spec/unit/util/log_spec.rb +7 -8
- data/spec/unit/util/logging_spec.rb +3 -5
- data/spec/unit/util/monkey_patches_spec.rb +0 -6
- data/spec/unit/util/posix_spec.rb +15 -363
- data/spec/unit/util/run_mode_spec.rb +21 -121
- data/spec/unit/util/selinux_spec.rb +68 -163
- data/spec/unit/util/storage_spec.rb +1 -3
- data/spec/unit/util/suidmanager_spec.rb +41 -44
- data/spec/unit/util/windows/sid_spec.rb +0 -41
- data/spec/unit/util/windows/string_spec.rb +1 -3
- data/spec/unit/util/yaml_spec.rb +13 -92
- data/spec/unit/util_spec.rb +6 -31
- data/tasks/generate_cert_fixtures.rake +3 -12
- data/tasks/parallel.rake +3 -3
- metadata +138 -293
- data/conf/auth.conf +0 -150
- data/ext/README.md +0 -13
- data/lib/puppet/application/cert.rb +0 -76
- data/lib/puppet/application/key.rb +0 -4
- data/lib/puppet/application/man.rb +0 -4
- data/lib/puppet/application/status.rb +0 -4
- data/lib/puppet/face/key.rb +0 -16
- data/lib/puppet/face/man.rb +0 -145
- data/lib/puppet/face/module/build.rb +0 -14
- data/lib/puppet/face/module/generate.rb +0 -14
- data/lib/puppet/face/module/search.rb +0 -103
- data/lib/puppet/face/status.rb +0 -51
- data/lib/puppet/facter_impl.rb +0 -96
- data/lib/puppet/ffi/posix/constants.rb +0 -14
- data/lib/puppet/ffi/posix/functions.rb +0 -24
- data/lib/puppet/ffi/posix.rb +0 -10
- data/lib/puppet/file_serving/mount/scripts.rb +0 -24
- data/lib/puppet/indirector/certificate/file.rb +0 -9
- data/lib/puppet/indirector/certificate/rest.rb +0 -18
- data/lib/puppet/indirector/certificate_request/file.rb +0 -9
- data/lib/puppet/indirector/certificate_request/memory.rb +0 -7
- data/lib/puppet/indirector/certificate_request/rest.rb +0 -11
- data/lib/puppet/indirector/file_content/http.rb +0 -22
- data/lib/puppet/indirector/key/file.rb +0 -46
- data/lib/puppet/indirector/key/memory.rb +0 -7
- data/lib/puppet/indirector/ssl_file.rb +0 -162
- data/lib/puppet/indirector/status/local.rb +0 -12
- data/lib/puppet/indirector/status/rest.rb +0 -27
- data/lib/puppet/indirector/status.rb +0 -3
- data/lib/puppet/module_tool/applications/searcher.rb +0 -29
- data/lib/puppet/network/auth_config_parser.rb +0 -90
- data/lib/puppet/network/authstore.rb +0 -283
- data/lib/puppet/network/http/api/master/v3/authorization.rb +0 -18
- data/lib/puppet/network/http/api/master/v3/environment.rb +0 -88
- data/lib/puppet/network/http/base_pool.rb +0 -36
- data/lib/puppet/network/http/compression.rb +0 -127
- data/lib/puppet/network/http/connection_adapter.rb +0 -184
- data/lib/puppet/network/http/nocache_pool.rb +0 -28
- data/lib/puppet/network/rest_controller.rb +0 -2
- data/lib/puppet/network/rights.rb +0 -210
- data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +0 -66
- data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +0 -22
- data/lib/puppet/parser/environment_compiler.rb +0 -202
- data/lib/puppet/pops/types/enumeration.rb +0 -16
- data/lib/puppet/resource/capability_finder.rb +0 -154
- data/lib/puppet/rest/errors.rb +0 -15
- data/lib/puppet/rest/response.rb +0 -35
- data/lib/puppet/rest/route.rb +0 -85
- data/lib/puppet/rest/routes.rb +0 -135
- data/lib/puppet/settings/alias_setting.rb +0 -37
- data/lib/puppet/ssl/host.rb +0 -505
- data/lib/puppet/ssl/key.rb +0 -61
- data/lib/puppet/ssl/validator/default_validator.rb +0 -209
- data/lib/puppet/ssl/validator/no_validator.rb +0 -22
- data/lib/puppet/ssl/validator.rb +0 -61
- data/lib/puppet/ssl/verifier_adapter.rb +0 -58
- data/lib/puppet/status.rb +0 -40
- data/lib/puppet/util/connection.rb +0 -88
- data/lib/puppet/util/fact_dif.rb +0 -81
- data/lib/puppet/util/ssl.rb +0 -83
- data/lib/puppet/util/windows/api_types.rb +0 -309
- data/lib/puppet/util/windows/monkey_patches/dir.rb +0 -40
- data/lib/puppet/vendor/load_pathspec.rb +0 -1
- data/lib/puppet/vendor/pathspec/CHANGELOG.md +0 -2
- data/lib/puppet/vendor/pathspec/LICENSE +0 -201
- data/lib/puppet/vendor/pathspec/PUPPET_README.md +0 -6
- data/lib/puppet/vendor/pathspec/README.md +0 -53
- data/lib/puppet/vendor/pathspec/lib/pathspec/gitignorespec.rb +0 -275
- data/lib/puppet/vendor/pathspec/lib/pathspec/regexspec.rb +0 -17
- data/lib/puppet/vendor/pathspec/lib/pathspec/spec.rb +0 -14
- data/lib/puppet/vendor/pathspec/lib/pathspec.rb +0 -122
- data/man/man8/puppet-key.8 +0 -126
- data/man/man8/puppet-man.8 +0 -76
- data/man/man8/puppet-status.8 +0 -108
- data/spec/fixtures/integration/application/agent/cached_deferred_catalog.json +0 -92
- data/spec/fixtures/integration/application/agent/lib/facter/agent_spec_role.rb +0 -3
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/Gemfile +0 -4
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/Rakefile +0 -3
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/lib/puppet/functions/l10n.rb +0 -8
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/config.yaml +0 -25
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/ja/puppet-l10n.po +0 -19
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/puppet-l10n.pot +0 -20
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/metadata.json +0 -8
- data/spec/fixtures/ssl/oid-key.pem +0 -117
- data/spec/fixtures/ssl/oid.pem +0 -69
- data/spec/fixtures/ssl/trusted_oid_mapping.yaml +0 -5
- data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services_vendor_preset +0 -9
- data/spec/integration/application/resource_spec.rb +0 -64
- data/spec/integration/application/ssl_spec.rb +0 -20
- data/spec/integration/l10n/compiler_spec.rb +0 -37
- data/spec/integration/network/authconfig_spec.rb +0 -256
- data/spec/integration/util/windows/monkey_patches/dir_spec.rb +0 -11
- data/spec/shared_contexts/l10n.rb +0 -32
- data/spec/unit/application/man_spec.rb +0 -52
- data/spec/unit/capability_spec.rb +0 -414
- data/spec/unit/concurrent/thread_local_singleton_spec.rb +0 -39
- data/spec/unit/face/key_spec.rb +0 -9
- data/spec/unit/face/module/search_spec.rb +0 -231
- data/spec/unit/face/status_spec.rb +0 -9
- data/spec/unit/facter_impl_spec.rb +0 -31
- data/spec/unit/file_serving/mount/scripts_spec.rb +0 -69
- data/spec/unit/indirector/certificate/file_spec.rb +0 -14
- data/spec/unit/indirector/certificate/rest_spec.rb +0 -61
- data/spec/unit/indirector/certificate_request/file_spec.rb +0 -14
- data/spec/unit/indirector/certificate_request/rest_spec.rb +0 -25
- data/spec/unit/indirector/key/file_spec.rb +0 -78
- data/spec/unit/indirector/ssl_file_spec.rb +0 -305
- data/spec/unit/indirector/status/local_spec.rb +0 -10
- data/spec/unit/indirector/status/rest_spec.rb +0 -50
- data/spec/unit/module_tool/applications/searcher_spec.rb +0 -38
- data/spec/unit/network/auth_config_parser_spec.rb +0 -115
- data/spec/unit/network/authstore_spec.rb +0 -407
- data/spec/unit/network/http/api/master/v3/authorization_spec.rb +0 -57
- data/spec/unit/network/http/api/master/v3/environment_spec.rb +0 -185
- data/spec/unit/network/http/compression_spec.rb +0 -240
- data/spec/unit/network/http/nocache_pool_spec.rb +0 -64
- data/spec/unit/network/http_spec.rb +0 -9
- data/spec/unit/network/rights_spec.rb +0 -439
- data/spec/unit/parser/environment_compiler_spec.rb +0 -730
- data/spec/unit/pops/evaluator/deferred_resolver_spec.rb +0 -20
- data/spec/unit/pops/types/enumeration_spec.rb +0 -51
- data/spec/unit/resource/capability_finder_spec.rb +0 -148
- data/spec/unit/rest/route_spec.rb +0 -132
- data/spec/unit/ssl/host_spec.rb +0 -645
- data/spec/unit/ssl/key_spec.rb +0 -173
- data/spec/unit/ssl/validator_spec.rb +0 -278
- data/spec/unit/status_spec.rb +0 -45
- data/spec/unit/util/json_spec.rb +0 -126
- data/spec/unit/util/ssl_spec.rb +0 -91
data/lib/puppet/settings.rb
CHANGED
@@ -21,6 +21,8 @@ class Puppet::Settings
|
|
21
21
|
require 'puppet/settings/file_or_directory_setting'
|
22
22
|
require 'puppet/settings/path_setting'
|
23
23
|
require 'puppet/settings/boolean_setting'
|
24
|
+
require 'puppet/settings/integer_setting'
|
25
|
+
require 'puppet/settings/port_setting'
|
24
26
|
require 'puppet/settings/terminus_setting'
|
25
27
|
require 'puppet/settings/duration_setting'
|
26
28
|
require 'puppet/settings/ttl_setting'
|
@@ -32,7 +34,6 @@ class Puppet::Settings
|
|
32
34
|
require 'puppet/settings/server_list_setting'
|
33
35
|
require 'puppet/settings/http_extra_headers_setting'
|
34
36
|
require 'puppet/settings/certificate_revocation_setting'
|
35
|
-
require 'puppet/settings/alias_setting'
|
36
37
|
|
37
38
|
# local reference for convenience
|
38
39
|
PuppetOptionParser = Puppet::Util::CommandLine::PuppetOptionParser
|
@@ -53,13 +54,14 @@ class Puppet::Settings
|
|
53
54
|
# returns reasonable application default settings values for a given run_mode.
|
54
55
|
def self.app_defaults_for_run_mode(run_mode)
|
55
56
|
{
|
56
|
-
:name
|
57
|
-
:run_mode
|
58
|
-
:confdir
|
59
|
-
:codedir
|
60
|
-
:vardir
|
61
|
-
:
|
62
|
-
:
|
57
|
+
:name => run_mode.to_s,
|
58
|
+
:run_mode => run_mode.name,
|
59
|
+
:confdir => run_mode.conf_dir,
|
60
|
+
:codedir => run_mode.code_dir,
|
61
|
+
:vardir => run_mode.var_dir,
|
62
|
+
:publicdir => run_mode.public_dir,
|
63
|
+
:rundir => run_mode.run_dir,
|
64
|
+
:logdir => run_mode.log_dir,
|
63
65
|
}
|
64
66
|
end
|
65
67
|
|
@@ -75,11 +77,11 @@ class Puppet::Settings
|
|
75
77
|
end
|
76
78
|
|
77
79
|
def self.hostname_fact()
|
78
|
-
|
80
|
+
Facter.value :hostname
|
79
81
|
end
|
80
82
|
|
81
83
|
def self.domain_fact()
|
82
|
-
|
84
|
+
Facter.value :domain
|
83
85
|
end
|
84
86
|
|
85
87
|
def self.default_config_file_name
|
@@ -386,6 +388,19 @@ class Puppet::Settings
|
|
386
388
|
call_hooks_deferred_to_application_initialization
|
387
389
|
issue_deprecations
|
388
390
|
|
391
|
+
run_mode = Puppet::Util::RunMode[self.preferred_run_mode]
|
392
|
+
if run_mode.agent? || run_mode.server?
|
393
|
+
if self.set_in_section?(:masterport, run_mode.name) && !self.set_in_section?(:serverport, run_mode.name)
|
394
|
+
self[:serverport] = self[:masterport]
|
395
|
+
elsif self.set_by_config?(:masterport) && !self.set_by_config?(:serverport)
|
396
|
+
self[:serverport] = self[:masterport]
|
397
|
+
elsif self.set_in_section?(:serverport, run_mode.name) && !self.set_in_section?(:masterport, run_mode.name)
|
398
|
+
self[:masterport] = self[:serverport]
|
399
|
+
elsif self.set_by_config?(:serverport) && !self.set_by_config?(:masterport)
|
400
|
+
self[:masterport] = self[:serverport]
|
401
|
+
end
|
402
|
+
end
|
403
|
+
|
389
404
|
REQUIRED_APP_SETTINGS.each do |key|
|
390
405
|
create_ancestors(Puppet[key])
|
391
406
|
end
|
@@ -720,6 +735,8 @@ class Puppet::Settings
|
|
720
735
|
:file_or_directory => FileOrDirectorySetting,
|
721
736
|
:path => PathSetting,
|
722
737
|
:boolean => BooleanSetting,
|
738
|
+
:integer => IntegerSetting,
|
739
|
+
:port => PortSetting,
|
723
740
|
:terminus => TerminusSetting,
|
724
741
|
:duration => DurationSetting,
|
725
742
|
:ttl => TTLSetting,
|
@@ -730,8 +747,7 @@ class Puppet::Settings
|
|
730
747
|
:autosign => AutosignSetting,
|
731
748
|
:server_list => ServerListSetting,
|
732
749
|
:http_extra_headers => HttpExtraHeadersSetting,
|
733
|
-
:certificate_revocation => CertificateRevocationSetting
|
734
|
-
:alias => AliasSetting
|
750
|
+
:certificate_revocation => CertificateRevocationSetting
|
735
751
|
}
|
736
752
|
|
737
753
|
# Create a new setting. The value is passed in because it's used to determine
|
@@ -862,11 +878,7 @@ class Puppet::Settings
|
|
862
878
|
if self[:user]
|
863
879
|
user = Puppet::Type.type(:user).new :name => self[:user], :audit => :ensure
|
864
880
|
|
865
|
-
|
866
|
-
@service_user_available = user.exists?
|
867
|
-
else
|
868
|
-
raise Puppet::Error, (_("Cannot manage owner permissions, because the provider for '%{name}' is not functional") % { name: user })
|
869
|
-
end
|
881
|
+
@service_user_available = user.exists?
|
870
882
|
else
|
871
883
|
@service_user_available = false
|
872
884
|
end
|
@@ -878,11 +890,7 @@ class Puppet::Settings
|
|
878
890
|
if self[:group]
|
879
891
|
group = Puppet::Type.type(:group).new :name => self[:group], :audit => :ensure
|
880
892
|
|
881
|
-
|
882
|
-
@service_group_available = group.exists?
|
883
|
-
else
|
884
|
-
raise Puppet::Error, (_("Cannot manage group permissions, because the provider for '%{name}' is not functional") % { name: group })
|
885
|
-
end
|
893
|
+
@service_group_available = group.exists?
|
886
894
|
else
|
887
895
|
@service_group_available = false
|
888
896
|
end
|
@@ -891,16 +899,9 @@ class Puppet::Settings
|
|
891
899
|
# Allow later inspection to determine if the setting was set on the
|
892
900
|
# command line, or through some other code path. Used for the
|
893
901
|
# `dns_alt_names` option during cert generate. --daniel 2011-10-18
|
894
|
-
#
|
895
|
-
# @param param [String, Symbol] the setting to look up
|
896
|
-
# @return [Object, nil] the value of the setting or nil if unset
|
897
|
-
def set_by_cli(param)
|
898
|
-
param = param.to_sym
|
899
|
-
@value_sets[:cli].lookup(param)
|
900
|
-
end
|
901
|
-
|
902
902
|
def set_by_cli?(param)
|
903
|
-
|
903
|
+
param = param.to_sym
|
904
|
+
!@value_sets[:cli].lookup(param).nil?
|
904
905
|
end
|
905
906
|
|
906
907
|
# Get values from a search path entry.
|
@@ -933,13 +934,9 @@ class Puppet::Settings
|
|
933
934
|
end
|
934
935
|
end
|
935
936
|
|
936
|
-
# Allow later inspection to determine if the setting was set
|
937
|
-
#
|
938
|
-
|
939
|
-
# @param param [String, Symbol] the setting to look up
|
940
|
-
# @param section [Symbol] the section in which to look up the setting
|
941
|
-
# @return [Object, nil] the value of the setting or nil if unset
|
942
|
-
def set_in_section(param, section)
|
937
|
+
# Allow later inspection to determine if the setting was set by user
|
938
|
+
# config, rather than a default setting.
|
939
|
+
def set_in_section?(param, section)
|
943
940
|
param = param.to_sym
|
944
941
|
vals = searchpath_values(SearchPathElement.new(section, :section))
|
945
942
|
if vals
|
@@ -947,10 +944,6 @@ class Puppet::Settings
|
|
947
944
|
end
|
948
945
|
end
|
949
946
|
|
950
|
-
def set_in_section?(param, section)
|
951
|
-
!!set_in_section(param, section)
|
952
|
-
end
|
953
|
-
|
954
947
|
# Patches the value for a param in a section.
|
955
948
|
# This method is required to support the use case of unifying --dns-alt-names and
|
956
949
|
# --dns_alt_names in the certificate face. Ideally this should be cleaned up.
|
@@ -1097,41 +1090,48 @@ Generated on #{Time.now}.
|
|
1097
1090
|
# Create the necessary objects to use a section. This is idempotent;
|
1098
1091
|
# you can 'use' a section as many times as you want.
|
1099
1092
|
def use(*sections)
|
1100
|
-
|
1093
|
+
if Puppet[:settings_catalog]
|
1094
|
+
sections = sections.collect { |s| s.to_sym }
|
1095
|
+
sections = sections.reject { |s| @used.include?(s) }
|
1101
1096
|
|
1102
|
-
|
1103
|
-
sections |= [:master, :server] if (sections & [:master, :server]).any?
|
1097
|
+
Puppet.warning(":master section deprecated in favor of :server section") if sections.include?(:master)
|
1104
1098
|
|
1105
|
-
|
1106
|
-
|
1099
|
+
# add :server if sections include :master or :master if sections include :server
|
1100
|
+
sections |= [:master, :server] if (sections & [:master, :server]).any?
|
1107
1101
|
|
1108
|
-
|
1102
|
+
sections = sections.collect { |s| s.to_sym }
|
1103
|
+
sections = sections.reject { |s| @used.include?(s) }
|
1109
1104
|
|
1110
|
-
|
1105
|
+
return if sections.empty?
|
1111
1106
|
|
1112
|
-
|
1113
|
-
catalog = to_catalog(*sections).to_ral
|
1114
|
-
rescue => detail
|
1115
|
-
Puppet.log_and_raise(detail, "Could not create resources for managing Puppet's files and directories in sections #{sections.inspect}: #{detail}")
|
1116
|
-
end
|
1107
|
+
Puppet.debug { "Applying settings catalog for sections #{sections.join(', ')}" }
|
1117
1108
|
|
1118
|
-
|
1119
|
-
|
1120
|
-
|
1121
|
-
|
1122
|
-
|
1123
|
-
status_fail_msg = status_failures.
|
1124
|
-
collect(&:events).
|
1125
|
-
flatten.
|
1126
|
-
select { |event| event.status == 'failure' }.
|
1127
|
-
collect { |event| "#{event.resource}: #{event.message}" }.join("; ")
|
1109
|
+
begin
|
1110
|
+
catalog = to_catalog(*sections).to_ral
|
1111
|
+
rescue => detail
|
1112
|
+
Puppet.log_and_raise(detail, "Could not create resources for managing Puppet's files and directories in sections #{sections.inspect}: #{detail}")
|
1113
|
+
end
|
1128
1114
|
|
1129
|
-
|
1115
|
+
catalog.host_config = false
|
1116
|
+
catalog.apply do |transaction|
|
1117
|
+
if transaction.any_failed?
|
1118
|
+
report = transaction.report
|
1119
|
+
status_failures = report.resource_statuses.values.select { |r| r.failed? }
|
1120
|
+
status_fail_msg = status_failures.
|
1121
|
+
collect(&:events).
|
1122
|
+
flatten.
|
1123
|
+
select { |event| event.status == 'failure' }.
|
1124
|
+
collect { |event| "#{event.resource}: #{event.message}" }.join("; ")
|
1125
|
+
|
1126
|
+
raise "Got #{status_failures.length} failure(s) while initializing: #{status_fail_msg}"
|
1127
|
+
end
|
1130
1128
|
end
|
1131
|
-
end
|
1132
1129
|
|
1133
|
-
|
1134
|
-
|
1130
|
+
sections.each { |s| @used << s }
|
1131
|
+
@used.uniq!
|
1132
|
+
else
|
1133
|
+
Puppet.debug("Skipping settings catalog for sections #{sections.join(', ')}")
|
1134
|
+
end
|
1135
1135
|
end
|
1136
1136
|
|
1137
1137
|
def valid?(param)
|
@@ -1285,37 +1285,27 @@ Generated on #{Time.now}.
|
|
1285
1285
|
end
|
1286
1286
|
|
1287
1287
|
def add_environment_resources(catalog, sections)
|
1288
|
+
path = self[:environmentpath]
|
1289
|
+
envdir = path.split(File::PATH_SEPARATOR).first if path
|
1288
1290
|
configured_environment = self[:environment]
|
1289
|
-
|
1290
|
-
|
1291
|
-
|
1292
|
-
|
1293
|
-
|
1294
|
-
if Puppet::FileSystem.exist?(first_environment_path)
|
1295
|
-
production_environment_path = File.join(first_environment_path, configured_environment)
|
1291
|
+
if configured_environment == "production" && envdir && Puppet::FileSystem.exist?(envdir)
|
1292
|
+
configured_environment_path = File.join(envdir, configured_environment)
|
1293
|
+
# If configured_environment_path is a symlink, assume the source path is being managed
|
1294
|
+
# elsewhere, so don't do any of this configuration
|
1295
|
+
if !Puppet::FileSystem.symlink?(configured_environment_path)
|
1296
1296
|
parameters = { :ensure => 'directory' }
|
1297
|
-
|
1298
|
-
|
1299
|
-
|
1300
|
-
|
1297
|
+
unless Puppet::FileSystem.exist?(configured_environment_path)
|
1298
|
+
parameters[:mode] = '0750'
|
1299
|
+
if Puppet.features.root?
|
1300
|
+
parameters[:owner] = Puppet[:user] if service_user_available?
|
1301
|
+
parameters[:group] = Puppet[:group] if service_group_available?
|
1302
|
+
end
|
1301
1303
|
end
|
1302
|
-
catalog.add_resource(Puppet::Resource.new(:file,
|
1304
|
+
catalog.add_resource(Puppet::Resource.new(:file, configured_environment_path, :parameters => parameters))
|
1303
1305
|
end
|
1304
1306
|
end
|
1305
1307
|
end
|
1306
1308
|
|
1307
|
-
def production_environment_exists?
|
1308
|
-
environment_path = self[:environmentpath]
|
1309
|
-
paths = environment_path.split(File::PATH_SEPARATOR)
|
1310
|
-
|
1311
|
-
paths.any? do |path|
|
1312
|
-
# If expected_path is a symlink, assume the source path is being managed
|
1313
|
-
# elsewhere, so accept it also as a valid production environment path
|
1314
|
-
expected_path = File.join(path, 'production')
|
1315
|
-
Puppet::FileSystem.directory?(expected_path) || Puppet::FileSystem.symlink?(expected_path)
|
1316
|
-
end
|
1317
|
-
end
|
1318
|
-
|
1319
1309
|
def add_user_resources(catalog, sections)
|
1320
1310
|
return unless Puppet.features.root?
|
1321
1311
|
return if Puppet::Util::Platform.windows?
|
@@ -1416,12 +1406,6 @@ Generated on #{Time.now}.
|
|
1416
1406
|
end
|
1417
1407
|
end
|
1418
1408
|
|
1419
|
-
setting = @defaults[name]
|
1420
|
-
if setting.respond_to?(:alias_name)
|
1421
|
-
val = lookup(setting.alias_name)
|
1422
|
-
return val if val
|
1423
|
-
end
|
1424
|
-
|
1425
1409
|
@defaults[name].default
|
1426
1410
|
end
|
1427
1411
|
|
data/lib/puppet/ssl/base.rb
CHANGED
@@ -1,7 +1,6 @@
|
|
1
1
|
require 'puppet/ssl/openssl_loader'
|
2
2
|
require 'puppet/ssl'
|
3
3
|
require 'puppet/ssl/digest'
|
4
|
-
require 'puppet/util/ssl'
|
5
4
|
|
6
5
|
# The base class for wrapping SSL instances.
|
7
6
|
class Puppet::SSL::Base
|
@@ -54,7 +53,9 @@ class Puppet::SSL::Base
|
|
54
53
|
#
|
55
54
|
# @return [String] the name (CN) extracted from the subject.
|
56
55
|
def self.name_from_subject(subject)
|
57
|
-
|
56
|
+
if subject.respond_to? :to_a
|
57
|
+
(subject.to_a.assoc('CN') || [])[1]
|
58
|
+
end
|
58
59
|
end
|
59
60
|
|
60
61
|
# Create an instance of our Puppet::SSL::* class using a given instance of the wrapped class
|
@@ -82,15 +83,12 @@ class Puppet::SSL::Base
|
|
82
83
|
# Read content from disk appropriately.
|
83
84
|
def read(path)
|
84
85
|
# applies to Puppet::SSL::Certificate, Puppet::SSL::CertificateRequest
|
85
|
-
# Puppet::SSL::Key uses this, but also provides its own override
|
86
86
|
# nothing derives from Puppet::SSL::Certificate, but it is called by a number of other SSL Indirectors:
|
87
87
|
# Puppet::Indirector::CertificateStatus::File (.indirection.find)
|
88
88
|
# Puppet::Network::HTTP::WEBrick (.indirection.find)
|
89
89
|
# Puppet::Network::HTTP::RackREST (.from_instance)
|
90
90
|
# Puppet::Network::HTTP::WEBrickREST (.from_instance)
|
91
|
-
# Puppet::SSL::Host (.indirection.find)
|
92
91
|
# Puppet::SSL::Inventory (.indirection.search, implements its own add / rebuild / serials with encoding UTF8)
|
93
|
-
# Puppet::SSL::Validator::DefaultValidator (.from_instance) / Puppet::SSL::Validator::NoValidator does nothing
|
94
92
|
@content = wrapped_class.new(Puppet::FileSystem.read(path, :encoding => Encoding::ASCII))
|
95
93
|
end
|
96
94
|
|
@@ -11,12 +11,6 @@ class Puppet::SSL::Certificate < Puppet::SSL::Base
|
|
11
11
|
# This is defined from the base class
|
12
12
|
wraps OpenSSL::X509::Certificate
|
13
13
|
|
14
|
-
extend Puppet::Indirector
|
15
|
-
indirects :certificate, :terminus_class => :file, :doc => <<DOC
|
16
|
-
This indirection wraps an `OpenSSL::X509::Certificate` object, representing a certificate (signed public key).
|
17
|
-
The indirection key is the certificate CN (generally a hostname).
|
18
|
-
DOC
|
19
|
-
|
20
14
|
# Because of how the format handler class is included, this
|
21
15
|
# can't be in the base class.
|
22
16
|
def self.supported_formats
|
@@ -28,13 +28,6 @@ require 'puppet/ssl/certificate_signer'
|
|
28
28
|
class Puppet::SSL::CertificateRequest < Puppet::SSL::Base
|
29
29
|
wraps OpenSSL::X509::Request
|
30
30
|
|
31
|
-
extend Puppet::Indirector
|
32
|
-
|
33
|
-
indirects :certificate_request, :terminus_class => :file, :doc => <<DOC
|
34
|
-
This indirection wraps an `OpenSSL::X509::Request` object, representing a certificate signing request (CSR).
|
35
|
-
The indirection key is the certificate CN (generally a hostname).
|
36
|
-
DOC
|
37
|
-
|
38
31
|
# Because of how the format handler class is included, this
|
39
32
|
# can't be in the base class.
|
40
33
|
def self.supported_formats
|
@@ -47,8 +40,7 @@ DOC
|
|
47
40
|
|
48
41
|
# Create a certificate request with our system settings.
|
49
42
|
#
|
50
|
-
# @param key [OpenSSL::X509::Key
|
51
|
-
# with this CSR.
|
43
|
+
# @param key [OpenSSL::X509::Key] The private key associated with this CSR.
|
52
44
|
# @param options [Hash]
|
53
45
|
# @option options [String] :dns_alt_names A comma separated list of
|
54
46
|
# Subject Alternative Names to include in the CSR extension request.
|
@@ -64,9 +56,6 @@ DOC
|
|
64
56
|
def generate(key, options = {})
|
65
57
|
Puppet.info _("Creating a new SSL certificate request for %{name}") % { name: name }
|
66
58
|
|
67
|
-
# Support either an actual SSL key, or a Puppet key.
|
68
|
-
key = key.content if key.is_a?(Puppet::SSL::Key)
|
69
|
-
|
70
59
|
# If we're a CSR for the CA, then use the real ca_name, rather than the
|
71
60
|
# fake 'ca' name. This is mostly for backward compatibility with 0.24.x,
|
72
61
|
# but it's also just a good idea.
|
@@ -27,6 +27,12 @@ class Puppet::SSL::CertificateSigner
|
|
27
27
|
@digest
|
28
28
|
end
|
29
29
|
|
30
|
+
# Sign a certificate signing request (CSR) with a private key.
|
31
|
+
#
|
32
|
+
# @param [OpenSSL::X509::Request] content The CSR to sign
|
33
|
+
# @param [OpenSSL::X509::PKey] key The private key to sign with
|
34
|
+
#
|
35
|
+
# @api private
|
30
36
|
def sign(content, key)
|
31
37
|
content.sign(key, @digest.new)
|
32
38
|
end
|
data/lib/puppet/ssl/oids.rb
CHANGED
@@ -2,10 +2,11 @@ require 'puppet/ssl'
|
|
2
2
|
|
3
3
|
# This module defines OIDs for use within Puppet.
|
4
4
|
#
|
5
|
-
#
|
5
|
+
# # ASN.1 Definition
|
6
6
|
#
|
7
7
|
# The following is the formal definition of OIDs specified in this file.
|
8
8
|
#
|
9
|
+
# ```
|
9
10
|
# puppetCertExtensions OBJECT IDENTIFIER ::= {iso(1) identified-organization(3)
|
10
11
|
# dod(6) internet(1) private(4) enterprise(1) 34380 1}
|
11
12
|
#
|
@@ -22,6 +23,7 @@ require 'puppet/ssl'
|
|
22
23
|
# pp_instance_id OBJECT IDENTIFIER ::= { registeredExtensions 2 }
|
23
24
|
# pp_image_name OBJECT IDENTIFIER ::= { registeredExtensions 3 }
|
24
25
|
# pp_preshared_key OBJECT IDENTIFIER ::= { registeredExtensions 4 }
|
26
|
+
# ```
|
25
27
|
#
|
26
28
|
# @api private
|
27
29
|
module Puppet::SSL::Oids
|
@@ -3,6 +3,23 @@ require 'puppet/ssl'
|
|
3
3
|
# SSL Provider creates `SSLContext` objects that can be used to create
|
4
4
|
# secure connections.
|
5
5
|
#
|
6
|
+
# @example To load an SSLContext from an existing private key and related certs/crls:
|
7
|
+
# ssl_context = provider.load_context
|
8
|
+
#
|
9
|
+
# @example To load an SSLContext from an existing password-protected private key and related certs/crls:
|
10
|
+
# ssl_context = provider.load_context(password: 'opensesame')
|
11
|
+
#
|
12
|
+
# @example To create an SSLContext from in-memory certs and keys:
|
13
|
+
# cacerts = [<OpenSSL::X509::Certificate>]
|
14
|
+
# crls = [<OpenSSL::X509::CRL>]
|
15
|
+
# key = <OpenSSL::X509::PKey>
|
16
|
+
# cert = <OpenSSL::X509::Certificate>
|
17
|
+
# ssl_context = provider.create_context(cacerts: cacerts, crls: crls, private_key: key, client_cert: cert)
|
18
|
+
#
|
19
|
+
# @example To create an SSLContext to connect to non-puppet HTTPS servers:
|
20
|
+
# cacerts = [<OpenSSL::X509::Certificate>]
|
21
|
+
# ssl_context = provider.create_root_context(cacerts: cacerts)
|
22
|
+
#
|
6
23
|
# @api private
|
7
24
|
class Puppet::SSL::SSLProvider
|
8
25
|
# Create an insecure `SSLContext`. Connections made from the returned context
|
@@ -10,7 +10,7 @@ require 'puppet/util/pidlock'
|
|
10
10
|
# certs. This way we're sure about which SSLContext is being used during any
|
11
11
|
# phase of the bootstrapping process.
|
12
12
|
#
|
13
|
-
# @private
|
13
|
+
# @api private
|
14
14
|
class Puppet::SSL::StateMachine
|
15
15
|
class SSLState
|
16
16
|
attr_reader :ssl_context
|
@@ -405,6 +405,7 @@ class Puppet::SSL::StateMachine
|
|
405
405
|
#
|
406
406
|
# @return [Puppet::SSL::SSLContext] initialized SSLContext
|
407
407
|
# @raise [Puppet::Error] If we fail to generate an SSLContext
|
408
|
+
# @api private
|
408
409
|
def ensure_ca_certificates
|
409
410
|
final_state = run_machine(NeedLock.new(self), NeedKey)
|
410
411
|
final_state.ssl_context
|
@@ -414,6 +415,7 @@ class Puppet::SSL::StateMachine
|
|
414
415
|
#
|
415
416
|
# @return [Puppet::SSL::SSLContext] initialized SSLContext
|
416
417
|
# @raise [Puppet::Error] If we fail to generate an SSLContext
|
418
|
+
# @api private
|
417
419
|
def ensure_client_certificate
|
418
420
|
final_state = run_machine(NeedLock.new(self), Done)
|
419
421
|
ssl_context = final_state.ssl_context
|
data/lib/puppet/ssl/verifier.rb
CHANGED
@@ -14,6 +14,7 @@ class Puppet::SSL::Verifier
|
|
14
14
|
# @param hostname [String] FQDN of the server we're attempting to connect to
|
15
15
|
# @param ssl_context [Puppet::SSL::SSLContext] ssl_context containing CA certs,
|
16
16
|
# CRLs, etc needed to verify the server's certificate chain
|
17
|
+
# @api private
|
17
18
|
def initialize(hostname, ssl_context)
|
18
19
|
@hostname = hostname
|
19
20
|
@ssl_context = ssl_context
|
@@ -25,6 +26,7 @@ class Puppet::SSL::Verifier
|
|
25
26
|
#
|
26
27
|
# @param verifier [Puppet::SSL::Verifier] the verifier to compare against
|
27
28
|
# @return [Boolean] return true if a cached connection can be used, false otherwise
|
29
|
+
# @api private
|
28
30
|
def reusable?(verifier)
|
29
31
|
verifier.instance_of?(self.class) &&
|
30
32
|
verifier.ssl_context.object_id == @ssl_context.object_id
|
@@ -115,12 +117,6 @@ class Puppet::SSL::Verifier
|
|
115
117
|
return false
|
116
118
|
end
|
117
119
|
|
118
|
-
# ruby-openssl#74ef8c0cc56b840b772240f2ee2b0fc0aafa2743 now sets the
|
119
|
-
# store_context error when the cert is mismatched
|
120
|
-
when OpenSSL::X509::V_ERR_HOSTNAME_MISMATCH
|
121
|
-
@last_error = Puppet::SSL::CertMismatchError.new(peer_cert, @hostname)
|
122
|
-
return false
|
123
|
-
|
124
120
|
when OpenSSL::X509::V_ERR_CRL_NOT_YET_VALID
|
125
121
|
crl = store_context.current_crl
|
126
122
|
if crl && crl.last_update && crl.last_update < Time.now + FIVE_MINUTES_AS_SECONDS
|
data/lib/puppet/ssl.rb
CHANGED
@@ -2,18 +2,22 @@
|
|
2
2
|
require 'puppet'
|
3
3
|
require 'puppet/ssl/openssl_loader'
|
4
4
|
|
5
|
+
# Responsible for bootstrapping an agent's certificate and private key, generating
|
6
|
+
# SSLContexts for use in making HTTPS connections, and handling CSR attributes and
|
7
|
+
# certificate extensions.
|
8
|
+
#
|
9
|
+
# @see Puppet::SSL::SSLProvider
|
5
10
|
# @api private
|
6
|
-
module Puppet::SSL
|
11
|
+
module Puppet::SSL
|
7
12
|
CA_NAME = "ca".freeze
|
8
|
-
|
13
|
+
|
9
14
|
require 'puppet/ssl/oids'
|
10
|
-
require 'puppet/ssl/validator'
|
11
|
-
require 'puppet/ssl/validator/no_validator'
|
12
|
-
require 'puppet/ssl/validator/default_validator'
|
13
15
|
require 'puppet/ssl/error'
|
14
16
|
require 'puppet/ssl/ssl_context'
|
15
17
|
require 'puppet/ssl/verifier'
|
16
|
-
require 'puppet/ssl/verifier_adapter'
|
17
18
|
require 'puppet/ssl/ssl_provider'
|
18
19
|
require 'puppet/ssl/state_machine'
|
20
|
+
require 'puppet/ssl/certificate'
|
21
|
+
require 'puppet/ssl/certificate_request'
|
22
|
+
require 'puppet/ssl/certificate_request_attributes'
|
19
23
|
end
|
@@ -142,16 +142,11 @@ module Puppet::Test
|
|
142
142
|
},
|
143
143
|
"Context for specs")
|
144
144
|
|
145
|
-
|
146
|
-
Puppet.runtime[:facter]
|
147
|
-
|
145
|
+
Puppet.runtime.clear
|
148
146
|
Puppet::Parser::Functions.reset
|
149
147
|
Puppet::Application.clear!
|
150
148
|
Puppet::Util::Profiler.clear
|
151
149
|
|
152
|
-
Puppet::SSL::Host.reset
|
153
|
-
Puppet::Rest::Routes.clear
|
154
|
-
|
155
150
|
Puppet::Node::Facts.indirection.terminus_class = :memory
|
156
151
|
facts = Puppet::Node::Facts.new(Puppet[:node_name_value])
|
157
152
|
Puppet::Node::Facts.indirection.save(facts)
|
@@ -171,7 +166,6 @@ module Puppet::Test
|
|
171
166
|
|
172
167
|
Puppet::Util::Storage.clear
|
173
168
|
Puppet::Util::ExecutionStub.reset
|
174
|
-
Puppet.runtime.clear
|
175
169
|
|
176
170
|
Puppet.clear_deprecation_warnings
|
177
171
|
|
@@ -226,6 +220,7 @@ module Puppet::Test
|
|
226
220
|
{
|
227
221
|
:logdir => "/dev/null",
|
228
222
|
:confdir => "/dev/null",
|
223
|
+
:publicdir => "/dev/null",
|
229
224
|
:codedir => "/dev/null",
|
230
225
|
:vardir => "/dev/null",
|
231
226
|
:rundir => "/dev/null",
|
@@ -137,7 +137,7 @@ class Puppet::Transaction::AdditionalResourceGenerator
|
|
137
137
|
else
|
138
138
|
@catalog.add_resource_after(parent_resource, res)
|
139
139
|
end
|
140
|
-
@catalog.add_edge(@catalog.container_of(parent_resource), res)
|
140
|
+
@catalog.add_edge(@catalog.container_of(parent_resource), res)
|
141
141
|
if @relationship_graph && priority
|
142
142
|
# If we have a relationship_graph we should add the resource
|
143
143
|
# to it (this is an eval_generate). If we don't, then the
|
@@ -6,26 +6,6 @@ require 'puppet/util/yaml'
|
|
6
6
|
# as calculating corrective_change).
|
7
7
|
# @api private
|
8
8
|
class Puppet::Transaction::Persistence
|
9
|
-
|
10
|
-
def self.allowed_classes
|
11
|
-
@allowed_classes ||= [
|
12
|
-
Symbol,
|
13
|
-
Time,
|
14
|
-
Regexp,
|
15
|
-
# URI is excluded, because it serializes all instance variables including the
|
16
|
-
# URI parser. Better to serialize the URL encoded representation.
|
17
|
-
SemanticPuppet::Version,
|
18
|
-
# SemanticPuppet::VersionRange has many nested classes and is unlikely to be
|
19
|
-
# used directly, so ignore it
|
20
|
-
Puppet::Pops::Time::Timestamp,
|
21
|
-
Puppet::Pops::Time::TimeData,
|
22
|
-
Puppet::Pops::Time::Timespan,
|
23
|
-
Puppet::Pops::Types::PBinaryType::Binary,
|
24
|
-
# Puppet::Pops::Types::PSensitiveType::Sensitive values are excluded from
|
25
|
-
# the persistence store, ignore it.
|
26
|
-
].freeze
|
27
|
-
end
|
28
|
-
|
29
9
|
def initialize
|
30
10
|
@old_data = {}
|
31
11
|
@new_data = {"resources" => {}}
|
@@ -82,7 +62,7 @@ class Puppet::Transaction::Persistence
|
|
82
62
|
result = nil
|
83
63
|
Puppet::Util.benchmark(:debug, _("Loaded transaction store file in %{seconds} seconds")) do
|
84
64
|
begin
|
85
|
-
result = Puppet::Util::Yaml.safe_load_file(filename,
|
65
|
+
result = Puppet::Util::Yaml.safe_load_file(filename, [Symbol, Time])
|
86
66
|
rescue Puppet::Util::Yaml::YamlLoadError => detail
|
87
67
|
Puppet.log_exception(detail, _("Transaction store file %{filename} is corrupt (%{detail}); replacing") % { filename: filename, detail: detail })
|
88
68
|
|
@@ -66,8 +66,6 @@ class Puppet::Transaction::Report
|
|
66
66
|
# Contains the name and port of the server that was successfully contacted
|
67
67
|
# @return [String] a string of the format 'servername:port'
|
68
68
|
attr_accessor :server_used
|
69
|
-
alias :master_used :server_used
|
70
|
-
alias :master_used= :server_used=
|
71
69
|
|
72
70
|
# The host name for which the report is generated
|
73
71
|
# @return [String] the host name
|
@@ -77,10 +75,6 @@ class Puppet::Transaction::Report
|
|
77
75
|
# @return [String] the environment name
|
78
76
|
attr_accessor :environment
|
79
77
|
|
80
|
-
# The name of the environment the agent initially started in
|
81
|
-
# @return [String] the environment name
|
82
|
-
attr_accessor :initial_environment
|
83
|
-
|
84
78
|
# Whether there are changes that we decided not to apply because of noop
|
85
79
|
# @return [Boolean]
|
86
80
|
#
|
@@ -230,7 +224,7 @@ class Puppet::Transaction::Report
|
|
230
224
|
@external_times ||= {}
|
231
225
|
@host = Puppet[:node_name_value]
|
232
226
|
@time = start_time
|
233
|
-
@report_format =
|
227
|
+
@report_format = 12
|
234
228
|
@puppet_version = Puppet.version
|
235
229
|
@configuration_version = configuration_version
|
236
230
|
@transaction_uuid = transaction_uuid
|
@@ -330,7 +324,7 @@ class Puppet::Transaction::Report
|
|
330
324
|
}
|
331
325
|
|
332
326
|
# The following is include only when set
|
333
|
-
hash['
|
327
|
+
hash['server_used'] = @server_used unless @server_used.nil?
|
334
328
|
hash['catalog_uuid'] = @catalog_uuid unless @catalog_uuid.nil?
|
335
329
|
hash['code_id'] = @code_id unless @code_id.nil?
|
336
330
|
hash['job_id'] = @job_id unless @job_id.nil?
|
@@ -381,17 +375,7 @@ class Puppet::Transaction::Report
|
|
381
375
|
# @api public
|
382
376
|
#
|
383
377
|
def raw_summary
|
384
|
-
report = {
|
385
|
-
"version" => {
|
386
|
-
"config" => configuration_version,
|
387
|
-
"puppet" => Puppet.version
|
388
|
-
},
|
389
|
-
"application" => {
|
390
|
-
"run_mode" => Puppet.run_mode.name.to_s,
|
391
|
-
"initial_environment" => initial_environment,
|
392
|
-
"converged_environment" => environment
|
393
|
-
}
|
394
|
-
}
|
378
|
+
report = { "version" => { "config" => configuration_version, "puppet" => Puppet.version } }
|
395
379
|
|
396
380
|
@metrics.each do |name, metric|
|
397
381
|
key = metric.name.to_s
|