puppet 6.26.0-x64-mingw32 → 7.0.0-x64-mingw32

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of puppet might be problematic. Click here for more details.

Files changed (802) hide show
  1. checksums.yaml +4 -4
  2. data/CODEOWNERS +16 -2
  3. data/CONTRIBUTING.md +5 -5
  4. data/Gemfile +5 -7
  5. data/Gemfile.lock +43 -62
  6. data/README.md +5 -5
  7. data/conf/fileserver.conf +5 -10
  8. data/ext/README.environment +8 -0
  9. data/ext/build_defaults.yaml +1 -1
  10. data/ext/dbfix.sql +132 -0
  11. data/ext/debian/README.Debian +8 -0
  12. data/ext/debian/README.source +2 -0
  13. data/ext/debian/TODO.Debian +1 -0
  14. data/ext/debian/changelog.erb +1122 -0
  15. data/ext/debian/compat +1 -0
  16. data/ext/debian/control +144 -0
  17. data/ext/debian/copyright +339 -0
  18. data/ext/debian/docs +1 -0
  19. data/ext/debian/fileserver.conf +41 -0
  20. data/ext/debian/puppet-common.dirs +13 -0
  21. data/ext/debian/puppet-common.install +3 -0
  22. data/ext/debian/puppet-common.lintian-overrides +5 -0
  23. data/ext/debian/puppet-common.manpages +28 -0
  24. data/ext/debian/puppet-common.postinst +35 -0
  25. data/ext/debian/puppet-common.postrm +33 -0
  26. data/ext/debian/puppet-el.dirs +1 -0
  27. data/ext/debian/puppet-el.emacsen-install +25 -0
  28. data/ext/debian/puppet-el.emacsen-remove +11 -0
  29. data/ext/debian/puppet-el.emacsen-startup +9 -0
  30. data/ext/debian/puppet-el.install +1 -0
  31. data/ext/debian/puppet-testsuite.install +2 -0
  32. data/ext/debian/puppet-testsuite.lintian-overrides +4 -0
  33. data/ext/debian/puppet.lintian-overrides +3 -0
  34. data/ext/debian/puppet.logrotate +20 -0
  35. data/ext/debian/puppet.postinst +20 -0
  36. data/ext/debian/puppet.postrm +20 -0
  37. data/ext/debian/puppet.preinst +20 -0
  38. data/ext/debian/puppetmaster-common.install +2 -0
  39. data/ext/debian/puppetmaster-common.manpages +2 -0
  40. data/ext/debian/puppetmaster-common.postinst +6 -0
  41. data/ext/debian/puppetmaster-passenger.dirs +4 -0
  42. data/ext/debian/puppetmaster-passenger.postinst +162 -0
  43. data/ext/debian/puppetmaster-passenger.postrm +61 -0
  44. data/ext/debian/puppetmaster.README.debian +17 -0
  45. data/ext/debian/puppetmaster.default +14 -0
  46. data/ext/debian/puppetmaster.init +137 -0
  47. data/ext/debian/puppetmaster.lintian-overrides +3 -0
  48. data/ext/debian/puppetmaster.postinst +20 -0
  49. data/ext/debian/puppetmaster.postrm +5 -0
  50. data/ext/debian/puppetmaster.preinst +22 -0
  51. data/ext/debian/rules +132 -0
  52. data/ext/debian/source/format +1 -0
  53. data/ext/debian/source/options +1 -0
  54. data/ext/debian/vim-puppet.README.Debian +13 -0
  55. data/ext/debian/vim-puppet.dirs +5 -0
  56. data/ext/debian/vim-puppet.yaml +7 -0
  57. data/ext/debian/watch +2 -0
  58. data/ext/freebsd/puppetd +26 -0
  59. data/ext/freebsd/puppetmasterd +26 -0
  60. data/ext/gentoo/conf.d/puppet +5 -0
  61. data/ext/gentoo/conf.d/puppetmaster +12 -0
  62. data/ext/gentoo/init.d/puppet +38 -0
  63. data/ext/gentoo/init.d/puppetmaster +51 -0
  64. data/ext/gentoo/puppet/fileserver.conf +41 -0
  65. data/ext/ips/puppet-agent +44 -0
  66. data/ext/ips/puppet-master +44 -0
  67. data/ext/ips/puppet.p5m.erb +12 -0
  68. data/ext/ips/puppetagent.xml +42 -0
  69. data/ext/ips/puppetmaster.xml +42 -0
  70. data/ext/ips/rules +19 -0
  71. data/ext/ips/transforms +34 -0
  72. data/ext/ldap/puppet.schema +24 -0
  73. data/ext/logcheck/puppet +23 -0
  74. data/{examples → ext}/nagios/check_puppet.rb +2 -2
  75. data/ext/osx/file_mapping.yaml +28 -0
  76. data/ext/osx/postflight.erb +109 -0
  77. data/ext/osx/preflight.erb +52 -0
  78. data/ext/osx/prototype.plist.erb +38 -0
  79. data/ext/osx/puppet.plist +0 -2
  80. data/ext/project_data.yaml +1 -15
  81. data/ext/redhat/fileserver.conf +41 -0
  82. data/ext/redhat/logrotate +21 -0
  83. data/ext/redhat/puppet.spec.erb +841 -0
  84. data/ext/redhat/server.init +128 -0
  85. data/ext/redhat/server.sysconfig +13 -0
  86. data/{examples/enc → ext}/regexp_nodes/classes/databases +0 -0
  87. data/{examples/enc → ext}/regexp_nodes/classes/webservers +0 -0
  88. data/{examples/enc → ext}/regexp_nodes/environment/development +0 -0
  89. data/{examples/enc → ext}/regexp_nodes/parameters/service/prod +0 -0
  90. data/{examples/enc → ext}/regexp_nodes/parameters/service/qa +0 -0
  91. data/{examples/enc → ext}/regexp_nodes/parameters/service/sandbox +0 -0
  92. data/{examples/enc → ext}/regexp_nodes/regexp_nodes.rb +0 -0
  93. data/ext/solaris/pkginfo +6 -0
  94. data/ext/solaris/smf/puppetd.xml +77 -0
  95. data/ext/solaris/smf/puppetmasterd.xml +77 -0
  96. data/ext/solaris/smf/svc-puppetd +71 -0
  97. data/ext/solaris/smf/svc-puppetmasterd +67 -0
  98. data/ext/suse/puppet.spec +310 -0
  99. data/ext/suse/server.init +173 -0
  100. data/ext/windows/service/daemon.rb +6 -5
  101. data/ext/yaml_nodes.rb +105 -0
  102. data/install.rb +21 -17
  103. data/lib/puppet/application/agent.rb +4 -16
  104. data/lib/puppet/application/apply.rb +4 -24
  105. data/lib/puppet/application/device.rb +100 -106
  106. data/lib/puppet/application/filebucket.rb +13 -10
  107. data/lib/puppet/application/lookup.rb +24 -78
  108. data/lib/puppet/application/resource.rb +16 -32
  109. data/lib/puppet/application/script.rb +0 -2
  110. data/lib/puppet/application/ssl.rb +1 -13
  111. data/lib/puppet/application.rb +178 -108
  112. data/lib/puppet/application_support.rb +0 -7
  113. data/lib/puppet/concurrent/thread_local_singleton.rb +3 -6
  114. data/lib/puppet/configurer/downloader.rb +1 -2
  115. data/lib/puppet/configurer/plugin_handler.rb +21 -19
  116. data/lib/puppet/configurer.rb +86 -179
  117. data/lib/puppet/confine/variable.rb +1 -1
  118. data/lib/puppet/defaults.rb +130 -245
  119. data/lib/puppet/environments.rb +82 -146
  120. data/lib/puppet/face/facts.rb +5 -103
  121. data/lib/puppet/face/generate.rb +0 -2
  122. data/lib/puppet/face/help/action.erb +0 -1
  123. data/lib/puppet/face/help/face.erb +0 -1
  124. data/lib/puppet/face/help.rb +1 -1
  125. data/lib/puppet/face/node/clean.rb +0 -11
  126. data/lib/puppet/face/plugin.rb +5 -8
  127. data/lib/puppet/ffi/windows/api_types.rb +311 -0
  128. data/lib/puppet/ffi/windows/constants.rb +404 -0
  129. data/lib/puppet/ffi/windows/functions.rb +628 -0
  130. data/lib/puppet/ffi/windows/structs.rb +338 -0
  131. data/lib/puppet/ffi/windows.rb +12 -0
  132. data/lib/puppet/file_serving/configuration/parser.rb +3 -34
  133. data/lib/puppet/file_serving/configuration.rb +0 -8
  134. data/lib/puppet/file_serving/fileset.rb +2 -14
  135. data/lib/puppet/file_serving/http_metadata.rb +1 -1
  136. data/lib/puppet/file_serving/metadata.rb +0 -3
  137. data/lib/puppet/file_serving/mount/file.rb +4 -4
  138. data/lib/puppet/file_serving/mount.rb +1 -2
  139. data/lib/puppet/file_system/file_impl.rb +8 -10
  140. data/lib/puppet/file_system/jruby.rb +1 -1
  141. data/lib/puppet/file_system/memory_file.rb +1 -8
  142. data/lib/puppet/file_system/windows.rb +6 -8
  143. data/lib/puppet/file_system.rb +1 -1
  144. data/lib/puppet/forge/repository.rb +0 -1
  145. data/lib/puppet/forge.rb +4 -4
  146. data/lib/puppet/functions/all.rb +1 -1
  147. data/lib/puppet/functions/camelcase.rb +1 -1
  148. data/lib/puppet/functions/capitalize.rb +2 -2
  149. data/lib/puppet/functions/downcase.rb +2 -2
  150. data/lib/puppet/functions/empty.rb +0 -8
  151. data/lib/puppet/functions/find_template.rb +2 -2
  152. data/lib/puppet/functions/get.rb +5 -5
  153. data/lib/puppet/functions/group_by.rb +5 -13
  154. data/lib/puppet/functions/lest.rb +1 -1
  155. data/lib/puppet/functions/new.rb +100 -100
  156. data/lib/puppet/functions/partition.rb +4 -12
  157. data/lib/puppet/functions/require.rb +5 -5
  158. data/lib/puppet/functions/sort.rb +3 -3
  159. data/lib/puppet/functions/strftime.rb +0 -1
  160. data/lib/puppet/functions/tree_each.rb +9 -7
  161. data/lib/puppet/functions/type.rb +4 -4
  162. data/lib/puppet/functions/unwrap.rb +2 -17
  163. data/lib/puppet/functions/upcase.rb +2 -2
  164. data/lib/puppet/functions/versioncmp.rb +2 -6
  165. data/lib/puppet/generate/models/type/type.rb +4 -1
  166. data/lib/puppet/generate/type.rb +0 -9
  167. data/lib/puppet/http/client.rb +165 -115
  168. data/lib/puppet/{network/resolver.rb → http/dns.rb} +2 -2
  169. data/lib/puppet/http/errors.rb +16 -0
  170. data/lib/puppet/http/external_client.rb +5 -7
  171. data/lib/puppet/{network/http → http}/factory.rb +8 -15
  172. data/lib/puppet/{network/http → http}/pool.rb +61 -26
  173. data/lib/puppet/{network/http/session.rb → http/pool_entry.rb} +2 -3
  174. data/lib/puppet/http/proxy.rb +137 -0
  175. data/lib/puppet/http/redirector.rb +4 -17
  176. data/lib/puppet/http/resolver/server_list.rb +10 -25
  177. data/lib/puppet/http/resolver/settings.rb +4 -7
  178. data/lib/puppet/http/resolver/srv.rb +7 -11
  179. data/lib/puppet/http/resolver.rb +5 -15
  180. data/lib/puppet/http/response.rb +36 -54
  181. data/lib/puppet/http/response_converter.rb +24 -0
  182. data/lib/puppet/http/response_net_http.rb +42 -0
  183. data/lib/puppet/http/retry_after_handler.rb +4 -13
  184. data/lib/puppet/http/service/ca.rb +11 -22
  185. data/lib/puppet/http/service/compiler.rb +23 -144
  186. data/lib/puppet/http/service/file_server.rb +19 -29
  187. data/lib/puppet/http/service/puppetserver.rb +26 -12
  188. data/lib/puppet/http/service/report.rb +8 -10
  189. data/lib/puppet/http/service.rb +12 -26
  190. data/lib/puppet/http/session.rb +11 -20
  191. data/lib/puppet/{network/http → http}/site.rb +1 -2
  192. data/lib/puppet/http.rb +22 -13
  193. data/lib/puppet/indirector/catalog/compiler.rb +6 -25
  194. data/lib/puppet/indirector/catalog/rest.rb +2 -5
  195. data/lib/puppet/indirector/facts/facter.rb +6 -6
  196. data/lib/puppet/indirector/facts/rest.rb +3 -22
  197. data/lib/puppet/indirector/file_bucket_file/rest.rb +3 -9
  198. data/lib/puppet/indirector/file_content/rest.rb +2 -6
  199. data/lib/puppet/indirector/file_metadata/rest.rb +3 -10
  200. data/lib/puppet/indirector/file_server.rb +1 -8
  201. data/lib/puppet/indirector/generic_http.rb +0 -11
  202. data/lib/puppet/indirector/indirection.rb +1 -1
  203. data/lib/puppet/indirector/node/rest.rb +2 -4
  204. data/lib/puppet/indirector/report/rest.rb +3 -8
  205. data/lib/puppet/indirector/request.rb +0 -101
  206. data/lib/puppet/indirector/resource/ral.rb +1 -6
  207. data/lib/puppet/indirector/rest.rb +12 -263
  208. data/lib/puppet/indirector/terminus.rb +0 -4
  209. data/lib/puppet/interface/documentation.rb +0 -1
  210. data/lib/puppet/module/plan.rb +1 -0
  211. data/lib/puppet/module/task.rb +1 -1
  212. data/lib/puppet/module.rb +0 -1
  213. data/lib/puppet/module_tool/applications/installer.rb +2 -56
  214. data/lib/puppet/module_tool/applications/uninstaller.rb +1 -1
  215. data/lib/puppet/module_tool/applications/upgrader.rb +1 -1
  216. data/lib/puppet/module_tool/applications.rb +0 -1
  217. data/lib/puppet/module_tool/errors/shared.rb +2 -34
  218. data/lib/puppet/network/authconfig.rb +2 -96
  219. data/lib/puppet/network/authorization.rb +13 -35
  220. data/lib/puppet/network/formats.rb +0 -67
  221. data/lib/puppet/network/http/api/indirected_routes.rb +3 -21
  222. data/lib/puppet/network/http/api/master/v3.rb +11 -13
  223. data/lib/puppet/network/http/connection.rb +247 -316
  224. data/lib/puppet/network/http/handler.rb +0 -1
  225. data/lib/puppet/network/http.rb +3 -3
  226. data/lib/puppet/network/http_pool.rb +16 -34
  227. data/lib/puppet/node/environment.rb +11 -10
  228. data/lib/puppet/node.rb +2 -31
  229. data/lib/puppet/pal/json_catalog_encoder.rb +4 -0
  230. data/lib/puppet/pal/pal_impl.rb +4 -2
  231. data/lib/puppet/parser/ast/leaf.rb +2 -3
  232. data/lib/puppet/parser/ast/pops_bridge.rb +0 -38
  233. data/lib/puppet/parser/compiler/catalog_validator/relationship_validator.rb +14 -39
  234. data/lib/puppet/parser/compiler.rb +0 -198
  235. data/lib/puppet/parser/functions/fqdn_rand.rb +6 -14
  236. data/lib/puppet/parser/resource.rb +1 -70
  237. data/lib/puppet/parser/scope.rb +0 -1
  238. data/lib/puppet/parser/templatewrapper.rb +1 -2
  239. data/lib/puppet/pops/evaluator/closure.rb +5 -7
  240. data/lib/puppet/pops/evaluator/deferred_resolver.rb +3 -5
  241. data/lib/puppet/pops/evaluator/evaluator_impl.rb +0 -5
  242. data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +3 -4
  243. data/lib/puppet/pops/evaluator/runtime3_support.rb +1 -1
  244. data/lib/puppet/pops/issues.rb +0 -5
  245. data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +6 -8
  246. data/lib/puppet/pops/lookup/lookup_adapter.rb +2 -3
  247. data/lib/puppet/pops/model/ast.pp +0 -42
  248. data/lib/puppet/pops/model/ast.rb +0 -291
  249. data/lib/puppet/pops/model/ast_transformer.rb +1 -1
  250. data/lib/puppet/pops/model/factory.rb +1 -47
  251. data/lib/puppet/pops/model/model_label_provider.rb +0 -5
  252. data/lib/puppet/pops/model/model_tree_dumper.rb +0 -22
  253. data/lib/puppet/pops/model/pn_transformer.rb +0 -16
  254. data/lib/puppet/pops/parser/code_merger.rb +4 -4
  255. data/lib/puppet/pops/parser/egrammar.ra +0 -58
  256. data/lib/puppet/pops/parser/eparser.rb +1685 -1896
  257. data/lib/puppet/pops/parser/lexer2.rb +91 -92
  258. data/lib/puppet/pops/parser/parser_support.rb +0 -5
  259. data/lib/puppet/pops/parser/slurp_support.rb +0 -1
  260. data/lib/puppet/pops/resource/resource_type_impl.rb +2 -24
  261. data/lib/puppet/pops/serialization/to_stringified_converter.rb +1 -1
  262. data/lib/puppet/pops/types/p_sem_ver_type.rb +2 -8
  263. data/lib/puppet/pops/types/p_sensitive_type.rb +0 -10
  264. data/lib/puppet/pops/types/type_calculator.rb +0 -7
  265. data/lib/puppet/pops/types/type_formatter.rb +3 -4
  266. data/lib/puppet/pops/types/type_mismatch_describer.rb +1 -1
  267. data/lib/puppet/pops/types/type_parser.rb +0 -4
  268. data/lib/puppet/pops/types/types.rb +1 -2
  269. data/lib/puppet/pops/validation/checker4_0.rb +9 -37
  270. data/lib/puppet/pops/validation/tasks_checker.rb +0 -12
  271. data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -2
  272. data/lib/puppet/property/list.rb +1 -1
  273. data/lib/puppet/provider/aix_object.rb +1 -1
  274. data/lib/puppet/provider/exec/posix.rb +4 -16
  275. data/lib/puppet/provider/group/groupadd.rb +10 -18
  276. data/lib/puppet/provider/nameservice.rb +0 -18
  277. data/lib/puppet/provider/package/apt.rb +2 -34
  278. data/lib/puppet/provider/package/aptitude.rb +0 -6
  279. data/lib/puppet/provider/package/dnfmodule.rb +1 -1
  280. data/lib/puppet/provider/package/dpkg.rb +0 -10
  281. data/lib/puppet/provider/package/gem.rb +23 -3
  282. data/lib/puppet/provider/package/nim.rb +6 -11
  283. data/lib/puppet/provider/package/pip.rb +3 -16
  284. data/lib/puppet/provider/package/pkg.rb +2 -23
  285. data/lib/puppet/provider/package/portage.rb +1 -1
  286. data/lib/puppet/provider/package/puppet_gem.rb +1 -4
  287. data/lib/puppet/provider/package/puppetserver_gem.rb +1 -1
  288. data/lib/puppet/provider/package/yum.rb +1 -1
  289. data/lib/puppet/provider/parsedfile.rb +0 -3
  290. data/lib/puppet/provider/service/base.rb +1 -1
  291. data/lib/puppet/provider/service/debian.rb +0 -2
  292. data/lib/puppet/provider/service/init.rb +9 -10
  293. data/lib/puppet/provider/service/launchd.rb +2 -2
  294. data/lib/puppet/provider/service/redhat.rb +1 -1
  295. data/lib/puppet/provider/service/smf.rb +194 -76
  296. data/lib/puppet/provider/service/systemd.rb +6 -16
  297. data/lib/puppet/provider/service/upstart.rb +5 -5
  298. data/lib/puppet/provider/service/windows.rb +0 -38
  299. data/lib/puppet/provider/user/aix.rb +3 -46
  300. data/lib/puppet/provider/user/directoryservice.rb +11 -34
  301. data/lib/puppet/provider/user/useradd.rb +24 -134
  302. data/lib/puppet/provider.rb +1 -14
  303. data/lib/puppet/reference/configuration.rb +8 -7
  304. data/lib/puppet/reference/indirection.rb +1 -1
  305. data/lib/puppet/reference/providers.rb +2 -2
  306. data/lib/puppet/resource/catalog.rb +2 -15
  307. data/lib/puppet/resource/type.rb +3 -119
  308. data/lib/puppet/resource/type_collection.rb +3 -49
  309. data/lib/puppet/resource.rb +6 -127
  310. data/lib/puppet/runtime.rb +2 -13
  311. data/lib/puppet/settings/environment_conf.rb +0 -1
  312. data/lib/puppet/settings/integer_setting.rb +17 -0
  313. data/lib/puppet/settings/port_setting.rb +15 -0
  314. data/lib/puppet/settings/priority_setting.rb +5 -4
  315. data/lib/puppet/settings.rb +82 -98
  316. data/lib/puppet/ssl/base.rb +3 -5
  317. data/lib/puppet/ssl/certificate.rb +0 -6
  318. data/lib/puppet/ssl/certificate_request.rb +1 -12
  319. data/lib/puppet/ssl/certificate_signer.rb +6 -0
  320. data/lib/puppet/ssl/oids.rb +3 -1
  321. data/lib/puppet/ssl/ssl_provider.rb +17 -0
  322. data/lib/puppet/ssl/state_machine.rb +3 -1
  323. data/lib/puppet/ssl/verifier.rb +2 -6
  324. data/lib/puppet/ssl.rb +10 -6
  325. data/lib/puppet/test/test_helper.rb +2 -7
  326. data/lib/puppet/transaction/additional_resource_generator.rb +1 -1
  327. data/lib/puppet/transaction/persistence.rb +1 -21
  328. data/lib/puppet/transaction/report.rb +3 -19
  329. data/lib/puppet/transaction.rb +1 -7
  330. data/lib/puppet/type/exec.rb +5 -35
  331. data/lib/puppet/type/file/checksum.rb +1 -1
  332. data/lib/puppet/type/file/data_sync.rb +1 -1
  333. data/lib/puppet/type/file/mode.rb +0 -6
  334. data/lib/puppet/type/file/selcontext.rb +1 -1
  335. data/lib/puppet/type/file/source.rb +1 -1
  336. data/lib/puppet/type/file.rb +12 -32
  337. data/lib/puppet/type/filebucket.rb +4 -4
  338. data/lib/puppet/type/group.rb +1 -0
  339. data/lib/puppet/type/package.rb +8 -16
  340. data/lib/puppet/type/resources.rb +1 -1
  341. data/lib/puppet/type/service.rb +41 -26
  342. data/lib/puppet/type/tidy.rb +3 -22
  343. data/lib/puppet/type/user.rb +13 -32
  344. data/lib/puppet/type.rb +1 -77
  345. data/lib/puppet/util/autoload.rb +8 -1
  346. data/lib/puppet/util/command_line.rb +1 -1
  347. data/lib/puppet/util/execution.rb +0 -11
  348. data/lib/puppet/util/filetype.rb +2 -2
  349. data/lib/puppet/util/http_proxy.rb +2 -215
  350. data/lib/puppet/util/json.rb +0 -20
  351. data/lib/puppet/util/log.rb +4 -8
  352. data/lib/puppet/util/logging.rb +25 -1
  353. data/lib/puppet/util/monkey_patches.rb +0 -59
  354. data/lib/puppet/util/package.rb +16 -25
  355. data/lib/puppet/util/pidlock.rb +1 -1
  356. data/lib/puppet/util/posix.rb +5 -54
  357. data/lib/puppet/util/rdoc/parser/puppet_parser_core.rb +1 -1
  358. data/lib/puppet/util/rdoc.rb +0 -7
  359. data/lib/puppet/util/retry_action.rb +1 -1
  360. data/lib/puppet/util/run_mode.rb +9 -1
  361. data/lib/puppet/util/selinux.rb +4 -30
  362. data/lib/puppet/util/suidmanager.rb +2 -1
  363. data/lib/puppet/util/symbolic_file_mode.rb +17 -29
  364. data/lib/puppet/util/tagging.rb +0 -1
  365. data/lib/puppet/util/windows/adsi.rb +0 -46
  366. data/lib/puppet/util/windows/daemon.rb +360 -0
  367. data/lib/puppet/util/windows/error.rb +1 -0
  368. data/lib/puppet/util/windows/eventlog.rb +4 -9
  369. data/lib/puppet/util/windows/file.rb +8 -242
  370. data/lib/puppet/util/windows/monkey_patches/process.rb +414 -0
  371. data/lib/puppet/util/windows/principal.rb +2 -9
  372. data/lib/puppet/util/windows/process.rb +4 -226
  373. data/lib/puppet/util/windows/service.rb +11 -457
  374. data/lib/puppet/util/windows/sid.rb +2 -6
  375. data/lib/puppet/util/windows/string.rb +12 -13
  376. data/lib/puppet/util/windows/user.rb +2 -0
  377. data/lib/puppet/util/windows.rb +3 -11
  378. data/lib/puppet/util/yaml.rb +1 -42
  379. data/lib/puppet/util.rb +3 -4
  380. data/lib/puppet/vendor/require_vendored.rb +0 -1
  381. data/lib/puppet/version.rb +1 -1
  382. data/lib/puppet/x509/cert_provider.rb +29 -1
  383. data/lib/puppet/x509.rb +5 -1
  384. data/lib/puppet.rb +20 -26
  385. data/locales/puppet.pot +9633 -5
  386. data/man/man5/puppet.conf.5 +286 -401
  387. data/man/man8/puppet-agent.8 +2 -5
  388. data/man/man8/puppet-apply.8 +2 -2
  389. data/man/man8/puppet-catalog.8 +9 -9
  390. data/man/man8/puppet-config.8 +1 -1
  391. data/man/man8/puppet-describe.8 +1 -1
  392. data/man/man8/puppet-device.8 +2 -2
  393. data/man/man8/puppet-doc.8 +1 -1
  394. data/man/man8/puppet-epp.8 +1 -1
  395. data/man/man8/puppet-facts.8 +8 -51
  396. data/man/man8/puppet-filebucket.8 +4 -4
  397. data/man/man8/puppet-generate.8 +1 -1
  398. data/man/man8/puppet-help.8 +1 -1
  399. data/man/man8/puppet-lookup.8 +6 -9
  400. data/man/man8/puppet-module.8 +3 -60
  401. data/man/man8/puppet-node.8 +5 -5
  402. data/man/man8/puppet-parser.8 +1 -1
  403. data/man/man8/puppet-plugin.8 +1 -1
  404. data/man/man8/puppet-report.8 +5 -5
  405. data/man/man8/puppet-resource.8 +1 -1
  406. data/man/man8/puppet-script.8 +2 -2
  407. data/man/man8/puppet-ssl.8 +1 -5
  408. data/man/man8/puppet.8 +2 -2
  409. data/spec/fixtures/ssl/127.0.0.1-key.pem +57 -107
  410. data/spec/fixtures/ssl/127.0.0.1.pem +31 -52
  411. data/spec/fixtures/ssl/bad-basic-constraints.pem +35 -57
  412. data/spec/fixtures/ssl/bad-int-basic-constraints.pem +35 -57
  413. data/spec/fixtures/ssl/ca.pem +35 -57
  414. data/spec/fixtures/ssl/crl.pem +18 -28
  415. data/spec/fixtures/ssl/ec-key.pem +11 -11
  416. data/spec/fixtures/ssl/ec.pem +24 -33
  417. data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
  418. data/spec/fixtures/ssl/encrypted-key.pem +58 -108
  419. data/spec/fixtures/ssl/intermediate-agent-crl.pem +19 -28
  420. data/spec/fixtures/ssl/intermediate-agent.pem +36 -57
  421. data/spec/fixtures/ssl/intermediate-crl.pem +21 -31
  422. data/spec/fixtures/ssl/intermediate.pem +36 -57
  423. data/spec/fixtures/ssl/pluto-key.pem +57 -107
  424. data/spec/fixtures/ssl/pluto.pem +30 -52
  425. data/spec/fixtures/ssl/request-key.pem +57 -107
  426. data/spec/fixtures/ssl/request.pem +26 -47
  427. data/spec/fixtures/ssl/revoked-key.pem +57 -107
  428. data/spec/fixtures/ssl/revoked.pem +30 -52
  429. data/spec/fixtures/ssl/signed-key.pem +57 -107
  430. data/spec/fixtures/ssl/signed.pem +30 -52
  431. data/spec/fixtures/ssl/tampered-cert.pem +30 -52
  432. data/spec/fixtures/ssl/tampered-csr.pem +26 -47
  433. data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +57 -107
  434. data/spec/fixtures/ssl/unknown-127.0.0.1.pem +29 -50
  435. data/spec/fixtures/ssl/unknown-ca-key.pem +57 -107
  436. data/spec/fixtures/ssl/unknown-ca.pem +33 -55
  437. data/spec/fixtures/unit/forge/bacula.json +1 -1
  438. data/spec/fixtures/unit/provider/service/smf/{svcs.out → svcs_instances.out} +0 -0
  439. data/spec/fixtures/unit/provider/user/aix/aix_passwd_file.out +0 -4
  440. data/spec/integration/application/agent_spec.rb +51 -299
  441. data/spec/integration/application/apply_spec.rb +1 -20
  442. data/spec/integration/application/filebucket_spec.rb +16 -32
  443. data/spec/integration/application/help_spec.rb +2 -0
  444. data/spec/integration/application/lookup_spec.rb +6 -32
  445. data/spec/integration/application/module_spec.rb +0 -21
  446. data/spec/integration/application/plugin_spec.rb +24 -2
  447. data/spec/integration/configurer_spec.rb +2 -18
  448. data/spec/integration/defaults_spec.rb +14 -3
  449. data/spec/integration/environments/settings_interpolation_spec.rb +4 -0
  450. data/spec/integration/http/client_spec.rb +0 -12
  451. data/spec/integration/indirector/direct_file_server_spec.rb +3 -1
  452. data/spec/integration/indirector/facts/facter_spec.rb +39 -93
  453. data/spec/integration/network/http_pool_spec.rb +3 -21
  454. data/spec/integration/parser/catalog_spec.rb +0 -38
  455. data/spec/integration/parser/node_spec.rb +0 -9
  456. data/spec/integration/parser/pcore_resource_spec.rb +0 -47
  457. data/spec/integration/resource/type_collection_spec.rb +6 -2
  458. data/spec/integration/transaction/report_spec.rb +1 -1
  459. data/spec/integration/transaction_spec.rb +9 -4
  460. data/spec/integration/type/exec_spec.rb +45 -70
  461. data/spec/integration/type/file_spec.rb +7 -6
  462. data/spec/integration/type/package_spec.rb +6 -6
  463. data/spec/integration/util/rdoc/parser_spec.rb +1 -1
  464. data/spec/integration/util/windows/adsi_spec.rb +1 -21
  465. data/spec/integration/util/windows/monkey_patches/process_spec.rb +231 -0
  466. data/spec/integration/util/windows/principal_spec.rb +0 -21
  467. data/spec/integration/util/windows/process_spec.rb +9 -1
  468. data/spec/integration/util/windows/registry_spec.rb +10 -6
  469. data/spec/integration/util/windows/security_spec.rb +1 -1
  470. data/spec/lib/matchers/include.rb +27 -0
  471. data/spec/lib/matchers/include_spec.rb +32 -0
  472. data/spec/lib/puppet/test_ca.rb +2 -7
  473. data/spec/lib/puppet_spec/modules.rb +2 -13
  474. data/spec/lib/puppet_spec/puppetserver.rb +1 -16
  475. data/spec/lib/puppet_spec/settings.rb +1 -1
  476. data/spec/shared_behaviours/documentation_on_faces.rb +2 -0
  477. data/spec/spec_helper.rb +17 -13
  478. data/spec/unit/agent_spec.rb +6 -10
  479. data/spec/unit/application/agent_spec.rb +3 -7
  480. data/spec/unit/application/apply_spec.rb +56 -76
  481. data/spec/unit/application/facts_spec.rb +12 -456
  482. data/spec/unit/application/filebucket_spec.rb +43 -39
  483. data/spec/unit/application/lookup_spec.rb +10 -131
  484. data/spec/unit/application/resource_spec.rb +0 -29
  485. data/spec/unit/application/ssl_spec.rb +2 -25
  486. data/spec/unit/application_spec.rb +9 -51
  487. data/spec/unit/certificate_factory_spec.rb +1 -1
  488. data/spec/unit/configurer/downloader_spec.rb +6 -8
  489. data/spec/unit/configurer/plugin_handler_spec.rb +56 -18
  490. data/spec/unit/configurer_spec.rb +68 -296
  491. data/spec/unit/confine/feature_spec.rb +1 -1
  492. data/spec/unit/confine_spec.rb +2 -8
  493. data/spec/unit/context/trusted_information_spec.rb +2 -6
  494. data/spec/unit/defaults_spec.rb +68 -55
  495. data/spec/unit/environments_spec.rb +68 -408
  496. data/spec/unit/face/generate_spec.rb +0 -64
  497. data/spec/unit/face/node_spec.rb +11 -0
  498. data/spec/unit/face/plugin_spec.rb +73 -33
  499. data/spec/unit/file_bucket/dipper_spec.rb +2 -2
  500. data/spec/unit/file_bucket/file_spec.rb +1 -1
  501. data/spec/unit/file_serving/configuration/parser_spec.rb +15 -41
  502. data/spec/unit/file_serving/configuration_spec.rb +10 -26
  503. data/spec/unit/file_serving/fileset_spec.rb +0 -60
  504. data/spec/unit/file_serving/metadata_spec.rb +3 -3
  505. data/spec/unit/file_serving/terminus_helper_spec.rb +4 -11
  506. data/spec/unit/file_system_spec.rb +4 -56
  507. data/spec/unit/forge/module_release_spec.rb +10 -5
  508. data/spec/unit/functions/assert_type_spec.rb +1 -1
  509. data/spec/unit/functions/camelcase_spec.rb +1 -1
  510. data/spec/unit/functions/capitalize_spec.rb +1 -1
  511. data/spec/unit/functions/downcase_spec.rb +1 -1
  512. data/spec/unit/functions/empty_spec.rb +0 -10
  513. data/spec/unit/functions/logging_spec.rb +0 -1
  514. data/spec/unit/functions/lookup_spec.rb +0 -64
  515. data/spec/unit/functions/unwrap_spec.rb +0 -8
  516. data/spec/unit/functions/upcase_spec.rb +1 -1
  517. data/spec/unit/functions/versioncmp_spec.rb +4 -40
  518. data/spec/unit/functions4_spec.rb +2 -2
  519. data/spec/unit/gettext/config_spec.rb +0 -12
  520. data/spec/unit/http/client_spec.rb +8 -66
  521. data/spec/unit/{network/resolver_spec.rb → http/dns_spec.rb} +3 -3
  522. data/spec/unit/http/external_client_spec.rb +4 -4
  523. data/spec/unit/{network/http → http}/factory_spec.rb +5 -30
  524. data/spec/unit/{network/http/session_spec.rb → http/pool_entry_spec.rb} +3 -3
  525. data/spec/unit/{network/http → http}/pool_spec.rb +12 -17
  526. data/spec/unit/{util/http_proxy_spec.rb → http/proxy_spec.rb} +2 -69
  527. data/spec/unit/http/resolver_spec.rb +13 -13
  528. data/spec/unit/http/service/compiler_spec.rb +0 -193
  529. data/spec/unit/http/service/file_server_spec.rb +3 -3
  530. data/spec/unit/http/service/puppetserver_spec.rb +34 -4
  531. data/spec/unit/http/service_spec.rb +0 -1
  532. data/spec/unit/http/session_spec.rb +16 -14
  533. data/spec/unit/{network/http → http}/site_spec.rb +3 -3
  534. data/spec/unit/indirector/catalog/compiler_spec.rb +10 -101
  535. data/spec/unit/indirector/catalog/rest_spec.rb +0 -8
  536. data/spec/unit/indirector/face_spec.rb +1 -0
  537. data/spec/unit/indirector/facts/facter_spec.rb +3 -0
  538. data/spec/unit/indirector/file_bucket_file/file_spec.rb +5 -3
  539. data/spec/unit/indirector/file_bucket_file/selector_spec.rb +8 -26
  540. data/spec/unit/indirector/file_content/rest_spec.rb +0 -4
  541. data/spec/unit/indirector/file_metadata/rest_spec.rb +0 -4
  542. data/spec/unit/indirector/file_server_spec.rb +1 -15
  543. data/spec/unit/indirector/indirection_spec.rb +15 -18
  544. data/spec/unit/indirector/report/rest_spec.rb +2 -17
  545. data/spec/unit/indirector/request_spec.rb +0 -264
  546. data/spec/unit/indirector/resource/ral_spec.rb +75 -40
  547. data/spec/unit/indirector/rest_spec.rb +98 -752
  548. data/spec/unit/indirector/store_configs_spec.rb +7 -0
  549. data/spec/unit/indirector_spec.rb +2 -2
  550. data/spec/unit/interface/action_spec.rb +9 -0
  551. data/spec/unit/module_spec.rb +1 -15
  552. data/spec/unit/module_tool/applications/installer_spec.rb +0 -105
  553. data/spec/unit/network/authconfig_spec.rb +2 -129
  554. data/spec/unit/network/authorization_spec.rb +2 -55
  555. data/spec/unit/network/formats_spec.rb +4 -51
  556. data/spec/unit/network/http/api/indirected_routes_spec.rb +5 -92
  557. data/spec/unit/network/http/api/master/v3_spec.rb +28 -7
  558. data/spec/unit/network/http/api_spec.rb +10 -0
  559. data/spec/unit/network/http/connection_spec.rb +19 -41
  560. data/spec/unit/network/http/handler_spec.rb +0 -1
  561. data/spec/unit/network/http_pool_spec.rb +0 -4
  562. data/spec/unit/node/environment_spec.rb +33 -21
  563. data/spec/unit/node_spec.rb +2 -60
  564. data/spec/unit/parser/compiler_spec.rb +19 -3
  565. data/spec/unit/parser/functions/create_resources_spec.rb +2 -20
  566. data/spec/unit/parser/functions/fqdn_rand_spec.rb +1 -15
  567. data/spec/unit/parser/resource_spec.rb +8 -14
  568. data/spec/unit/parser/templatewrapper_spec.rb +5 -16
  569. data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +4 -7
  570. data/spec/unit/pops/loaders/loaders_spec.rb +6 -21
  571. data/spec/unit/pops/parser/parse_application_spec.rb +4 -22
  572. data/spec/unit/pops/parser/parse_basic_expressions_spec.rb +0 -1
  573. data/spec/unit/pops/parser/parse_capabilities_spec.rb +8 -21
  574. data/spec/unit/pops/parser/parse_containers_spec.rb +13 -2
  575. data/spec/unit/pops/parser/parse_site_spec.rb +20 -24
  576. data/spec/unit/pops/resource/resource_type_impl_spec.rb +0 -71
  577. data/spec/unit/pops/serialization/to_from_hr_spec.rb +1 -1
  578. data/spec/unit/pops/serialization/to_stringified_spec.rb +0 -5
  579. data/spec/unit/pops/types/p_sem_ver_type_spec.rb +0 -18
  580. data/spec/unit/pops/types/p_sensitive_type_spec.rb +0 -18
  581. data/spec/unit/pops/types/type_calculator_spec.rb +6 -12
  582. data/spec/unit/pops/types/type_factory_spec.rb +1 -1
  583. data/spec/unit/pops/validator/validator_spec.rb +61 -51
  584. data/spec/unit/pops/visitor_spec.rb +1 -1
  585. data/spec/unit/property_spec.rb +0 -1
  586. data/spec/unit/provider/group/groupadd_spec.rb +2 -5
  587. data/spec/unit/provider/nameservice_spec.rb +64 -122
  588. data/spec/unit/provider/package/apt_spec.rb +23 -28
  589. data/spec/unit/provider/package/aptitude_spec.rb +1 -1
  590. data/spec/unit/provider/package/base_spec.rb +5 -6
  591. data/spec/unit/provider/package/dnfmodule_spec.rb +1 -10
  592. data/spec/unit/provider/package/dpkg_spec.rb +0 -48
  593. data/spec/unit/provider/package/gem_spec.rb +33 -1
  594. data/spec/unit/provider/package/nim_spec.rb +0 -42
  595. data/spec/unit/provider/package/pacman_spec.rb +12 -18
  596. data/spec/unit/provider/package/pip2_spec.rb +1 -1
  597. data/spec/unit/provider/package/pip3_spec.rb +1 -1
  598. data/spec/unit/provider/package/pip_spec.rb +12 -44
  599. data/spec/unit/provider/package/pkg_spec.rb +4 -29
  600. data/spec/unit/provider/package/pkgdmg_spec.rb +4 -0
  601. data/spec/unit/provider/package/puppet_gem_spec.rb +4 -3
  602. data/spec/unit/provider/package/puppetserver_gem_spec.rb +1 -1
  603. data/spec/unit/provider/parsedfile_spec.rb +0 -10
  604. data/spec/unit/provider/service/gentoo_spec.rb +5 -6
  605. data/spec/unit/provider/service/init_spec.rb +9 -16
  606. data/spec/unit/provider/service/launchd_spec.rb +0 -11
  607. data/spec/unit/provider/service/openwrt_spec.rb +29 -23
  608. data/spec/unit/provider/service/redhat_spec.rb +2 -3
  609. data/spec/unit/provider/service/smf_spec.rb +401 -165
  610. data/spec/unit/provider/service/systemd_spec.rb +9 -54
  611. data/spec/unit/provider/service/windows_spec.rb +0 -203
  612. data/spec/unit/provider/user/aix_spec.rb +0 -105
  613. data/spec/unit/provider/user/directoryservice_spec.rb +36 -68
  614. data/spec/unit/provider/user/hpux_spec.rb +1 -1
  615. data/spec/unit/provider/user/pw_spec.rb +0 -2
  616. data/spec/unit/provider/user/useradd_spec.rb +5 -114
  617. data/spec/unit/provider_spec.rb +12 -22
  618. data/spec/unit/puppet_spec.rb +4 -12
  619. data/spec/unit/resource/catalog_spec.rb +2 -15
  620. data/spec/unit/resource/type_collection_spec.rb +2 -22
  621. data/spec/unit/resource/type_spec.rb +1 -1
  622. data/spec/unit/resource_spec.rb +12 -125
  623. data/spec/unit/settings/http_extra_headers_spec.rb +2 -4
  624. data/spec/unit/settings/integer_setting_spec.rb +42 -0
  625. data/spec/unit/settings/port_setting_spec.rb +31 -0
  626. data/spec/unit/settings/priority_setting_spec.rb +4 -4
  627. data/spec/unit/settings_spec.rb +79 -110
  628. data/spec/unit/ssl/base_spec.rb +37 -3
  629. data/spec/unit/ssl/certificate_request_spec.rb +21 -45
  630. data/spec/unit/ssl/certificate_spec.rb +2 -11
  631. data/spec/unit/ssl/ssl_provider_spec.rb +2 -5
  632. data/spec/unit/ssl/state_machine_spec.rb +5 -20
  633. data/spec/unit/ssl/verifier_spec.rb +0 -21
  634. data/spec/unit/transaction/additional_resource_generator_spec.rb +9 -3
  635. data/spec/unit/transaction/event_manager_spec.rb +11 -14
  636. data/spec/unit/transaction/persistence_spec.rb +0 -51
  637. data/spec/unit/transaction/report_spec.rb +0 -2
  638. data/spec/unit/transaction/resource_harness_spec.rb +2 -2
  639. data/spec/unit/transaction_spec.rb +55 -96
  640. data/spec/unit/type/exec_spec.rb +29 -76
  641. data/spec/unit/type/file/checksum_spec.rb +6 -6
  642. data/spec/unit/type/file/content_spec.rb +2 -1
  643. data/spec/unit/type/file/ensure_spec.rb +1 -1
  644. data/spec/unit/type/file/mode_spec.rb +1 -1
  645. data/spec/unit/type/file/selinux_spec.rb +5 -3
  646. data/spec/unit/type/file/source_spec.rb +4 -5
  647. data/spec/unit/type/file_spec.rb +18 -6
  648. data/spec/unit/type/group_spec.rb +6 -13
  649. data/spec/unit/type/package_spec.rb +1 -1
  650. data/spec/unit/type/resources_spec.rb +7 -7
  651. data/spec/unit/type/service_spec.rb +189 -87
  652. data/spec/unit/type/tidy_spec.rb +8 -24
  653. data/spec/unit/type_spec.rb +24 -4
  654. data/spec/unit/util/at_fork_spec.rb +2 -2
  655. data/spec/unit/util/autoload_spec.rb +1 -5
  656. data/spec/unit/util/backups_spec.rb +2 -3
  657. data/spec/unit/util/execution_spec.rb +11 -44
  658. data/spec/unit/util/inifile_spec.rb +14 -6
  659. data/spec/unit/util/log_spec.rb +7 -8
  660. data/spec/unit/util/logging_spec.rb +3 -5
  661. data/spec/unit/util/monkey_patches_spec.rb +0 -6
  662. data/spec/unit/util/posix_spec.rb +15 -363
  663. data/spec/unit/util/run_mode_spec.rb +21 -121
  664. data/spec/unit/util/selinux_spec.rb +68 -163
  665. data/spec/unit/util/storage_spec.rb +1 -3
  666. data/spec/unit/util/suidmanager_spec.rb +41 -44
  667. data/spec/unit/util/windows/sid_spec.rb +0 -41
  668. data/spec/unit/util/windows/string_spec.rb +1 -3
  669. data/spec/unit/util/yaml_spec.rb +13 -92
  670. data/spec/unit/util_spec.rb +6 -31
  671. data/tasks/generate_cert_fixtures.rake +3 -12
  672. data/tasks/parallel.rake +3 -3
  673. metadata +138 -293
  674. data/conf/auth.conf +0 -150
  675. data/ext/README.md +0 -13
  676. data/lib/puppet/application/cert.rb +0 -76
  677. data/lib/puppet/application/key.rb +0 -4
  678. data/lib/puppet/application/man.rb +0 -4
  679. data/lib/puppet/application/status.rb +0 -4
  680. data/lib/puppet/face/key.rb +0 -16
  681. data/lib/puppet/face/man.rb +0 -145
  682. data/lib/puppet/face/module/build.rb +0 -14
  683. data/lib/puppet/face/module/generate.rb +0 -14
  684. data/lib/puppet/face/module/search.rb +0 -103
  685. data/lib/puppet/face/status.rb +0 -51
  686. data/lib/puppet/facter_impl.rb +0 -96
  687. data/lib/puppet/ffi/posix/constants.rb +0 -14
  688. data/lib/puppet/ffi/posix/functions.rb +0 -24
  689. data/lib/puppet/ffi/posix.rb +0 -10
  690. data/lib/puppet/file_serving/mount/scripts.rb +0 -24
  691. data/lib/puppet/indirector/certificate/file.rb +0 -9
  692. data/lib/puppet/indirector/certificate/rest.rb +0 -18
  693. data/lib/puppet/indirector/certificate_request/file.rb +0 -9
  694. data/lib/puppet/indirector/certificate_request/memory.rb +0 -7
  695. data/lib/puppet/indirector/certificate_request/rest.rb +0 -11
  696. data/lib/puppet/indirector/file_content/http.rb +0 -22
  697. data/lib/puppet/indirector/key/file.rb +0 -46
  698. data/lib/puppet/indirector/key/memory.rb +0 -7
  699. data/lib/puppet/indirector/ssl_file.rb +0 -162
  700. data/lib/puppet/indirector/status/local.rb +0 -12
  701. data/lib/puppet/indirector/status/rest.rb +0 -27
  702. data/lib/puppet/indirector/status.rb +0 -3
  703. data/lib/puppet/module_tool/applications/searcher.rb +0 -29
  704. data/lib/puppet/network/auth_config_parser.rb +0 -90
  705. data/lib/puppet/network/authstore.rb +0 -283
  706. data/lib/puppet/network/http/api/master/v3/authorization.rb +0 -18
  707. data/lib/puppet/network/http/api/master/v3/environment.rb +0 -88
  708. data/lib/puppet/network/http/base_pool.rb +0 -36
  709. data/lib/puppet/network/http/compression.rb +0 -127
  710. data/lib/puppet/network/http/connection_adapter.rb +0 -184
  711. data/lib/puppet/network/http/nocache_pool.rb +0 -28
  712. data/lib/puppet/network/rest_controller.rb +0 -2
  713. data/lib/puppet/network/rights.rb +0 -210
  714. data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +0 -66
  715. data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +0 -22
  716. data/lib/puppet/parser/environment_compiler.rb +0 -202
  717. data/lib/puppet/pops/types/enumeration.rb +0 -16
  718. data/lib/puppet/resource/capability_finder.rb +0 -154
  719. data/lib/puppet/rest/errors.rb +0 -15
  720. data/lib/puppet/rest/response.rb +0 -35
  721. data/lib/puppet/rest/route.rb +0 -85
  722. data/lib/puppet/rest/routes.rb +0 -135
  723. data/lib/puppet/settings/alias_setting.rb +0 -37
  724. data/lib/puppet/ssl/host.rb +0 -505
  725. data/lib/puppet/ssl/key.rb +0 -61
  726. data/lib/puppet/ssl/validator/default_validator.rb +0 -209
  727. data/lib/puppet/ssl/validator/no_validator.rb +0 -22
  728. data/lib/puppet/ssl/validator.rb +0 -61
  729. data/lib/puppet/ssl/verifier_adapter.rb +0 -58
  730. data/lib/puppet/status.rb +0 -40
  731. data/lib/puppet/util/connection.rb +0 -88
  732. data/lib/puppet/util/fact_dif.rb +0 -81
  733. data/lib/puppet/util/ssl.rb +0 -83
  734. data/lib/puppet/util/windows/api_types.rb +0 -309
  735. data/lib/puppet/util/windows/monkey_patches/dir.rb +0 -40
  736. data/lib/puppet/vendor/load_pathspec.rb +0 -1
  737. data/lib/puppet/vendor/pathspec/CHANGELOG.md +0 -2
  738. data/lib/puppet/vendor/pathspec/LICENSE +0 -201
  739. data/lib/puppet/vendor/pathspec/PUPPET_README.md +0 -6
  740. data/lib/puppet/vendor/pathspec/README.md +0 -53
  741. data/lib/puppet/vendor/pathspec/lib/pathspec/gitignorespec.rb +0 -275
  742. data/lib/puppet/vendor/pathspec/lib/pathspec/regexspec.rb +0 -17
  743. data/lib/puppet/vendor/pathspec/lib/pathspec/spec.rb +0 -14
  744. data/lib/puppet/vendor/pathspec/lib/pathspec.rb +0 -122
  745. data/man/man8/puppet-key.8 +0 -126
  746. data/man/man8/puppet-man.8 +0 -76
  747. data/man/man8/puppet-status.8 +0 -108
  748. data/spec/fixtures/integration/application/agent/cached_deferred_catalog.json +0 -92
  749. data/spec/fixtures/integration/application/agent/lib/facter/agent_spec_role.rb +0 -3
  750. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/Gemfile +0 -4
  751. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/Rakefile +0 -3
  752. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/lib/puppet/functions/l10n.rb +0 -8
  753. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/config.yaml +0 -25
  754. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/ja/puppet-l10n.po +0 -19
  755. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/puppet-l10n.pot +0 -20
  756. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/metadata.json +0 -8
  757. data/spec/fixtures/ssl/oid-key.pem +0 -117
  758. data/spec/fixtures/ssl/oid.pem +0 -69
  759. data/spec/fixtures/ssl/trusted_oid_mapping.yaml +0 -5
  760. data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services_vendor_preset +0 -9
  761. data/spec/integration/application/resource_spec.rb +0 -64
  762. data/spec/integration/application/ssl_spec.rb +0 -20
  763. data/spec/integration/l10n/compiler_spec.rb +0 -37
  764. data/spec/integration/network/authconfig_spec.rb +0 -256
  765. data/spec/integration/util/windows/monkey_patches/dir_spec.rb +0 -11
  766. data/spec/shared_contexts/l10n.rb +0 -32
  767. data/spec/unit/application/man_spec.rb +0 -52
  768. data/spec/unit/capability_spec.rb +0 -414
  769. data/spec/unit/concurrent/thread_local_singleton_spec.rb +0 -39
  770. data/spec/unit/face/key_spec.rb +0 -9
  771. data/spec/unit/face/module/search_spec.rb +0 -231
  772. data/spec/unit/face/status_spec.rb +0 -9
  773. data/spec/unit/facter_impl_spec.rb +0 -31
  774. data/spec/unit/file_serving/mount/scripts_spec.rb +0 -69
  775. data/spec/unit/indirector/certificate/file_spec.rb +0 -14
  776. data/spec/unit/indirector/certificate/rest_spec.rb +0 -61
  777. data/spec/unit/indirector/certificate_request/file_spec.rb +0 -14
  778. data/spec/unit/indirector/certificate_request/rest_spec.rb +0 -25
  779. data/spec/unit/indirector/key/file_spec.rb +0 -78
  780. data/spec/unit/indirector/ssl_file_spec.rb +0 -305
  781. data/spec/unit/indirector/status/local_spec.rb +0 -10
  782. data/spec/unit/indirector/status/rest_spec.rb +0 -50
  783. data/spec/unit/module_tool/applications/searcher_spec.rb +0 -38
  784. data/spec/unit/network/auth_config_parser_spec.rb +0 -115
  785. data/spec/unit/network/authstore_spec.rb +0 -407
  786. data/spec/unit/network/http/api/master/v3/authorization_spec.rb +0 -57
  787. data/spec/unit/network/http/api/master/v3/environment_spec.rb +0 -185
  788. data/spec/unit/network/http/compression_spec.rb +0 -240
  789. data/spec/unit/network/http/nocache_pool_spec.rb +0 -64
  790. data/spec/unit/network/http_spec.rb +0 -9
  791. data/spec/unit/network/rights_spec.rb +0 -439
  792. data/spec/unit/parser/environment_compiler_spec.rb +0 -730
  793. data/spec/unit/pops/evaluator/deferred_resolver_spec.rb +0 -20
  794. data/spec/unit/pops/types/enumeration_spec.rb +0 -51
  795. data/spec/unit/resource/capability_finder_spec.rb +0 -148
  796. data/spec/unit/rest/route_spec.rb +0 -132
  797. data/spec/unit/ssl/host_spec.rb +0 -645
  798. data/spec/unit/ssl/key_spec.rb +0 -173
  799. data/spec/unit/ssl/validator_spec.rb +0 -278
  800. data/spec/unit/status_spec.rb +0 -45
  801. data/spec/unit/util/json_spec.rb +0 -126
  802. data/spec/unit/util/ssl_spec.rb +0 -91
@@ -1,505 +0,0 @@
1
- require 'puppet/ssl'
2
- require 'puppet/ssl/key'
3
- require 'puppet/ssl/certificate'
4
- require 'puppet/ssl/certificate_request'
5
- require 'puppet/ssl/certificate_request_attributes'
6
- require 'puppet/ssl/state_machine'
7
- require 'puppet/rest/errors'
8
- require 'puppet/rest/routes'
9
-
10
- # The class that manages all aspects of our SSL certificates --
11
- # private keys, public keys, requests, etc.
12
- #
13
- # @deprecated Use {Puppet::SSL::SSLProvider} instead.
14
- class Puppet::SSL::Host
15
- # Yay, ruby's strange constant lookups.
16
- Key = Puppet::SSL::Key
17
- CA_NAME = Puppet::SSL::CA_NAME
18
- Certificate = Puppet::SSL::Certificate
19
- CertificateRequest = Puppet::SSL::CertificateRequest
20
-
21
- attr_reader :name, :device, :crl_path
22
-
23
- attr_writer :key, :certificate, :certificate_request, :crl_usage
24
-
25
- def self.localhost(suppress_warning = false)
26
- return @localhost if @localhost
27
- @localhost = new(nil, false, suppress_warning)
28
- @localhost.generate unless @localhost.certificate
29
- @localhost.key
30
- @localhost
31
- end
32
-
33
- def self.reset
34
- @localhost = nil
35
- end
36
-
37
- # Configure how our various classes interact with their various terminuses.
38
- def self.configure_indirection(terminus, cache = nil)
39
- Certificate.indirection.terminus_class = terminus
40
- CertificateRequest.indirection.terminus_class = terminus
41
-
42
- if cache
43
- # This is weird; we don't actually cache our keys, we
44
- # use what would otherwise be the cache as our normal
45
- # terminus.
46
- Key.indirection.terminus_class = cache
47
- else
48
- Key.indirection.terminus_class = terminus
49
- end
50
-
51
- if cache
52
- Certificate.indirection.cache_class = cache
53
- CertificateRequest.indirection.cache_class = cache
54
- else
55
- # Make sure we have no cache configured. puppet master
56
- # switches the configurations around a bit, so it's important
57
- # that we specify the configs for absolutely everything, every
58
- # time.
59
- Certificate.indirection.cache_class = nil
60
- CertificateRequest.indirection.cache_class = nil
61
- end
62
- end
63
-
64
- def self.from_data_hash(data)
65
- instance = new(data["name"])
66
- if data["desired_state"]
67
- instance.desired_state = data["desired_state"]
68
- end
69
- instance
70
- end
71
-
72
- def key
73
- @key ||= Key.indirection.find(name)
74
- end
75
-
76
- # This is the private key; we can create it from scratch
77
- # with no inputs.
78
- def generate_key
79
- @key = Key.new(name)
80
- @key.generate
81
- begin
82
- Key.indirection.save(@key)
83
- rescue
84
- @key = nil
85
- raise
86
- end
87
- true
88
- end
89
-
90
- # Our certificate request requires the key but that's all.
91
- def generate_certificate_request(options = {})
92
- generate_key unless key
93
-
94
- # If this CSR is for the current machine...
95
- if name == Puppet[:certname].downcase
96
- # ...add our configured dns_alt_names
97
- if Puppet[:dns_alt_names] and Puppet[:dns_alt_names] != ''
98
- options[:dns_alt_names] ||= Puppet[:dns_alt_names]
99
- end
100
- end
101
-
102
- csr_attributes = Puppet::SSL::CertificateRequestAttributes.new(Puppet[:csr_attributes])
103
- if csr_attributes.load
104
- options[:csr_attributes] = csr_attributes.custom_attributes
105
- options[:extension_requests] = csr_attributes.extension_requests
106
- end
107
-
108
- @certificate_request = CertificateRequest.new(name)
109
- @certificate_request.generate(key.content, options)
110
- begin
111
- submit_certificate_request(@certificate_request)
112
- save_certificate_request(@certificate_request)
113
- rescue
114
- @certificate_request = nil
115
- raise
116
- end
117
-
118
- true
119
- end
120
-
121
- def certificate
122
- unless @certificate
123
- generate_key unless key
124
-
125
- # get CA and optional CRL
126
- sm = Puppet::SSL::StateMachine.new(onetime: true)
127
- sm.ensure_ca_certificates
128
-
129
- cert = get_host_certificate
130
- return nil unless cert
131
-
132
- validate_certificate_with_key(cert)
133
- @certificate = cert
134
- end
135
- @certificate
136
- end
137
-
138
- # The puppet parameters for commands output by the validate_ methods depend
139
- # upon whether this is an agent or a device.
140
-
141
- def clean_params
142
- @device ? "--target #{Puppet[:certname]}" : ''
143
- end
144
-
145
- def puppet_params
146
- @device ? "device -v --target #{Puppet[:certname]}" : 'agent -t'
147
- end
148
-
149
- # Validate that our private key matches the specified certificate.
150
- #
151
- # @param [Puppet::SSL::Certificate] cert the certificate to check
152
- # @raises [Puppet::Error] if the private key does not match
153
- def validate_certificate_with_key(cert)
154
- raise Puppet::Error, _("No certificate to validate.") unless cert
155
- raise Puppet::Error, _("No private key with which to validate certificate with fingerprint: %{fingerprint}") % { fingerprint: cert.fingerprint } unless key
156
- unless cert.content.check_private_key(key.content)
157
- raise Puppet::Error, _(<<ERROR_STRING) % { fingerprint: cert.fingerprint, cert_name: Puppet[:certname], clean_params: clean_params, puppet_params: puppet_params }
158
- The certificate retrieved from the master does not match the agent's private key. Did you forget to run as root?
159
- Certificate fingerprint: %{fingerprint}
160
- To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certificate.
161
- On the master:
162
- puppetserver ca clean --certname %{cert_name}
163
- On the agent:
164
- 1. puppet ssl clean %{clean_params}
165
- 2. puppet %{puppet_params}
166
- ERROR_STRING
167
- end
168
- end
169
-
170
- def download_host_certificate
171
- cert = download_certificate_from_ca(name)
172
- return nil unless cert
173
-
174
- validate_certificate_with_key(cert)
175
- save_host_certificate(cert)
176
- cert
177
- end
178
-
179
- # Search for an existing CSR for this host either cached on
180
- # disk or stored by the CA. Returns nil if no request exists.
181
- # @return [Puppet::SSL::CertificateRequest, nil]
182
- def certificate_request
183
- unless @certificate_request
184
- csr = load_certificate_request_from_file
185
- if csr
186
- @certificate_request = csr
187
- else
188
- csr = download_csr_from_ca
189
- if csr
190
- @certificate_request = csr
191
- end
192
- end
193
- end
194
- @certificate_request
195
- end
196
-
197
- # Generate all necessary parts of our ssl host.
198
- def generate
199
- generate_key unless key
200
-
201
- existing_request = certificate_request
202
-
203
- # if CSR downloaded from master, but the local keypair was just generated and
204
- # does not match the public key in the CSR, fail hard
205
- validate_csr_with_key(existing_request, key) if existing_request
206
-
207
- generate_certificate_request unless existing_request
208
- end
209
-
210
- def validate_csr_with_key(csr, key)
211
- if key.content.public_key.to_s != csr.content.public_key.to_s
212
- raise Puppet::Error, _(<<ERROR_STRING) % { fingerprint: csr.fingerprint, csr_public_key: csr.content.public_key.to_text, agent_public_key: key.content.public_key.to_text, cert_name: Puppet[:certname], clean_params: clean_params, puppet_params: puppet_params }
213
- The CSR retrieved from the master does not match the agent's public key.
214
- CSR fingerprint: %{fingerprint}
215
- CSR public key: %{csr_public_key}
216
- Agent public key: %{agent_public_key}
217
- To fix this, remove the CSR from both the master and the agent and then start a puppet run, which will automatically regenerate a CSR.
218
- On the master:
219
- puppetserver ca clean --certname %{cert_name}
220
- On the agent:
221
- 1. puppet ssl clean %{clean_params}
222
- 2. puppet %{puppet_params}
223
- ERROR_STRING
224
- end
225
- end
226
- private :validate_csr_with_key
227
-
228
- def initialize(name = nil, device = false, suppress_warning = false)
229
- @name = (name || Puppet[:certname]).downcase
230
- @device = device
231
- Puppet::SSL::Base.validate_certname(@name)
232
- @key = @certificate = @certificate_request = nil
233
- @crl_usage = Puppet.settings[:certificate_revocation]
234
- @crl_path = Puppet.settings[:hostcrl]
235
- Puppet.deprecation_warning(_("Puppet::SSL::Host is deprecated and will be removed in a future release of Puppet.")) unless suppress_warning
236
- end
237
-
238
- # Extract the public key from the private key.
239
- def public_key
240
- key.content.public_key
241
- end
242
-
243
- def use_crl?
244
- !!@crl_usage
245
- end
246
-
247
- def use_crl_chain?
248
- @crl_usage == true || @crl_usage == :chain
249
- end
250
-
251
- # Create/return a store that uses our SSL info to validate
252
- # connections.
253
- def ssl_store(purpose = OpenSSL::X509::PURPOSE_ANY)
254
- if @ssl_store.nil?
255
- @ssl_store = build_ssl_store(purpose)
256
- end
257
- @ssl_store
258
- end
259
-
260
- # Attempt to retrieve a cert, if we don't already have one.
261
- def wait_for_cert(time)
262
- begin
263
- return if certificate
264
- generate
265
- return if certificate
266
- rescue StandardError => detail
267
- Puppet.log_exception(detail, _("Could not request certificate: %{message}") % { message: detail.message })
268
- if time < 1
269
- puts _("Exiting; failed to retrieve certificate and waitforcert is disabled")
270
- exit(1)
271
- else
272
- sleep(time)
273
- end
274
- retry
275
- end
276
-
277
- if time < 1
278
- puts _("Exiting; no certificate found and waitforcert is disabled")
279
- exit(1)
280
- end
281
-
282
- loop do
283
- sleep time
284
- begin
285
- break if certificate
286
- Puppet.notice _("Did not receive certificate")
287
- rescue StandardError => detail
288
- Puppet.log_exception(detail, _("Could not request certificate: %{message}") % { message: detail.message })
289
- end
290
- end
291
- end
292
-
293
- # Saves the given certificate to disc, at a location determined by this
294
- # host's configuration.
295
- # @param [Puppet::SSL::Certificate] cert the cert to save
296
- def save_host_certificate(cert)
297
- file_path = certificate_location(name)
298
- Puppet::Util.replace_file(file_path, 0644) do |f|
299
- f.write(cert.to_s)
300
- end
301
- end
302
-
303
- private
304
-
305
- # Load a previously generated CSR from disk
306
- # @return [Puppet::SSL::CertificateRequest, nil]
307
- def load_certificate_request_from_file
308
- request_path = certificate_request_location(name)
309
- if Puppet::FileSystem.exist?(request_path)
310
- Puppet::SSL::CertificateRequest.from_s(Puppet::FileSystem.read(request_path))
311
- end
312
- end
313
-
314
- # Download the CSR for this host from the CA. Returns nil if the CA
315
- # has no saved CSR for this host.
316
- # @raises [Puppet::Error] if the response from the server is not a valid
317
- # CSR or an error occurs while fetching.
318
- # @return [Puppet::SSL::CertificateRequest, nil]
319
- def download_csr_from_ca
320
- begin
321
- body = Puppet::Rest::Routes.get_certificate_request(
322
- name, Puppet::SSL::SSLContext.new(store: ssl_store))
323
- begin
324
- Puppet::SSL::CertificateRequest.from_s(body)
325
- rescue OpenSSL::X509::RequestError => e
326
- raise Puppet::Error, _("Response from the CA did not contain a valid certificate request: %{message}") % { message: e.message }
327
- end
328
- rescue Puppet::Rest::ResponseError => e
329
- if e.response.code.to_i == 404
330
- nil
331
- else
332
- raise Puppet::Error, _('Could not download certificate request: %{message}') % { message: e.message }
333
- end
334
- end
335
- end
336
- # Submit the CSR to the CA via an HTTP PUT request.
337
- # @param [Puppet::SSL::CertificateRequest] csr the request to submit
338
- def submit_certificate_request(csr)
339
- Puppet::Rest::Routes.put_certificate_request(
340
- csr.render, name, Puppet::SSL::SSLContext.new(store: ssl_store))
341
- end
342
-
343
- def save_certificate_request(csr)
344
- Puppet::Util.replace_file(certificate_request_location(name), 0644) do |file|
345
- file.write(csr.render)
346
- end
347
- end
348
-
349
- # @param crl_string [String] CRLs read from disk or obtained from server
350
- # @return [Array<OpenSSL::X509::CRL>] CRLs from chain
351
- # @raise [Puppet::Error<OpenSSL::X509::CRLError>] if the CRL chain is malformed
352
- def process_crl_string(crl_string)
353
- delimiters = /-----BEGIN X509 CRL-----.*?-----END X509 CRL-----/m
354
- crl_string.scan(delimiters).map do |crl|
355
- begin
356
- OpenSSL::X509::CRL.new(crl)
357
- rescue OpenSSL::X509::CRLError => e
358
- raise Puppet::Error.new(
359
- _("Failed attempting to load CRL from %{crl_path}! The CRL below caused the error '%{error}':\n%{crl}" % {crl_path: crl_path, error: e.message, crl: crl}),
360
- e)
361
- end
362
- end
363
- end
364
-
365
- # @param path [String] Path to CRL Chain
366
- # @return [Array<OpenSSL::X509::CRL>] CRLs from chain
367
- # @raise [Puppet::Error<OpenSSL::X509::CRLError>] if the CRL chain is malformed
368
- def load_crls(path)
369
- crls_pems = Puppet::FileSystem.read(path, encoding: Encoding::UTF_8)
370
- process_crl_string(crls_pems)
371
- end
372
-
373
- # Fetches and saves the crl bundle from the CA server without validating
374
- # its contents. Takes an optional store to use with the http_client,
375
- # necessary for initial download of the CRL because `build_ssl_store`
376
- # calls this `download_and_save_crl_bundle`. If there is an error during
377
- # this downloading process, the file should not be replaced at all. This
378
- # streams the file directly to disk to avoid loading the entire CRL in memory.
379
- # @param [OpenSSL::X509::Store] store optional ssl_store to use with http_client
380
- # @raise [Puppet::Error<Puppet::Rest::ResponseError>] if bad response from server
381
- # @return nil
382
- def download_and_save_crl_bundle(store=nil)
383
- begin
384
- # If no SSL store was supplied, use this host's SSL store
385
- store ||= ssl_store
386
- Puppet::Util.replace_file(crl_path, 0644) do |file|
387
- result = Puppet::Rest::Routes.get_crls(CA_NAME, Puppet::SSL::SSLContext.new(store: store))
388
- file.write(result)
389
- end
390
- rescue Puppet::Rest::ResponseError => e
391
- raise Puppet::Error, _('Could not download CRLs: %{message}') % { message: e.message }
392
- end
393
- end
394
-
395
- # Attempts to load or fetch this host's certificate. Returns nil if
396
- # no certificate could be found.
397
- # @return [Puppet::SSL::Certificate, nil]
398
- def get_host_certificate
399
- cert = check_for_certificate_on_disk(name)
400
- if cert
401
- return cert
402
- else
403
- cert = download_certificate_from_ca(name)
404
- if cert
405
- save_host_certificate(cert)
406
- return cert
407
- else
408
- return nil
409
- end
410
- end
411
- end
412
-
413
- # Checks for the requested certificate on disc, at a location
414
- # determined by this host's configuration.
415
- # @name [String] name the name of the cert to look for
416
- # @raise [Puppet::Error] if contents of certificate file is invalid
417
- # and could not be loaded
418
- # @return [Puppet::SSL::Certificate, nil]
419
- def check_for_certificate_on_disk(cert_name)
420
- file_path = certificate_location(cert_name)
421
- if Puppet::FileSystem.exist?(file_path)
422
- begin
423
- Puppet::SSL::Certificate.from_s(Puppet::FileSystem.read(file_path))
424
- rescue OpenSSL::X509::CertificateError
425
- raise Puppet::Error, _("The certificate at %{file_path} is invalid. Could not load.") % { file_path: file_path }
426
- end
427
- end
428
- end
429
- public :check_for_certificate_on_disk
430
-
431
- # Attempts to download this host's certificate from the CA server.
432
- # Returns nil if the CA does not yet have a signed cert for this host.
433
- # @param [String] name then name of the cert to fetch
434
- # @raise [Puppet::Error] if response from the CA does not contain a valid
435
- # certificate
436
- # @return [Puppet::SSL::Certificate, nil]
437
- def download_certificate_from_ca(cert_name)
438
- begin
439
- cert = Puppet::Rest::Routes.get_certificate(
440
- cert_name,
441
- Puppet::SSL::SSLContext.new(store: ssl_store)
442
- )
443
- begin
444
- Puppet::SSL::Certificate.from_s(cert)
445
- rescue OpenSSL::X509::CertificateError
446
- raise Puppet::Error, _("Response from the CA did not contain a valid certificate for %{cert_name}.") % { cert_name: cert_name }
447
- end
448
- rescue Puppet::Rest::ResponseError => e
449
- if e.response.code.to_i == 404
450
- Puppet.debug _("No certificate for %{cert_name} on CA") % { cert_name: cert_name }
451
- nil
452
- else
453
- raise Puppet::Rest::ResponseError, _("Could not download host certificate: %{message}") % { message: e.message }
454
- end
455
- end
456
- end
457
- public :download_certificate_from_ca
458
-
459
- # Returns the file path for the named certificate, based on this host's
460
- # configuration.
461
- # @param [String] name the name of the cert to find
462
- # @return [String] file path to the cert's location
463
- def certificate_location(cert_name)
464
- cert_name == CA_NAME ? Puppet[:localcacert] : File.join(Puppet[:certdir], "#{cert_name}.pem")
465
- end
466
-
467
- # Returns the file path for the named CSR, based on this host's configuration.
468
- # @param [String] name the name of the CSR to find
469
- # @return [String] file path to the CSR's location
470
- def certificate_request_location(cert_name)
471
- File.join(Puppet[:requestdir], "#{cert_name}.pem")
472
- end
473
-
474
- # @param [OpenSSL::X509::PURPOSE_*] constant defining the kinds of certs
475
- # this store can verify
476
- # @return [OpenSSL::X509::Store]
477
- # @raise [OpenSSL::X509::StoreError] if localcacert is malformed or non-existant
478
- # @raise [Puppet::Error] if the CRL chain is malformed
479
- # @raise [Errno::ENOENT] if the CRL does not exist on disk but use_crl? is true
480
- def build_ssl_store(purpose=OpenSSL::X509::PURPOSE_ANY)
481
- store = OpenSSL::X509::Store.new
482
- store.purpose = purpose
483
-
484
- # Use the file path here, because we don't want to cause
485
- # a lookup in the middle of setting our ssl connection.
486
- store.add_file(Puppet.settings[:localcacert])
487
-
488
- if use_crl?
489
- if !Puppet::FileSystem.exist?(crl_path)
490
- download_and_save_crl_bundle(store)
491
- end
492
-
493
- crls = load_crls(crl_path)
494
-
495
- flags = OpenSSL::X509::V_FLAG_CRL_CHECK
496
- if use_crl_chain?
497
- flags |= OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
498
- end
499
-
500
- store.flags = flags
501
- crls.each {|crl| store.add_crl(crl) }
502
- end
503
- store
504
- end
505
- end
@@ -1,61 +0,0 @@
1
- require 'puppet/ssl/base'
2
- require 'puppet/indirector'
3
-
4
- # Manage private and public keys as a pair.
5
- #
6
- # @deprecated Use {Puppet::SSL::SSLProvider} instead.
7
- class Puppet::SSL::Key < Puppet::SSL::Base
8
- wraps OpenSSL::PKey::RSA
9
-
10
- extend Puppet::Indirector
11
- indirects :key, :terminus_class => :file, :doc => <<DOC
12
- This indirection wraps an `OpenSSL::PKey::RSA object, representing a private key.
13
- The indirection key is the certificate CN (generally a hostname).
14
- DOC
15
-
16
- # Because of how the format handler class is included, this
17
- # can't be in the base class.
18
- def self.supported_formats
19
- [:s]
20
- end
21
-
22
- attr_accessor :password_file
23
-
24
- # Knows how to create keys with our system defaults.
25
- def generate
26
- Puppet.info _("Creating a new SSL key for %{name}") % { name: name }
27
- @content = OpenSSL::PKey::RSA.new(Puppet[:keylength].to_i)
28
- end
29
-
30
- def initialize(name)
31
- super
32
-
33
- @password_file = Puppet[:passfile]
34
- end
35
-
36
- def password
37
- return nil unless password_file and Puppet::FileSystem.exist?(password_file)
38
-
39
- # Puppet generates files at the default Puppet[:capass] using ASCII
40
- # User configured :passfile could be in any encoding
41
- # Use BINARY given the string is passed to an OpenSSL API accepting bytes
42
- # note this is only called internally
43
- Puppet::FileSystem.read(password_file, :encoding => Encoding::BINARY)
44
- end
45
-
46
- # Optionally support specifying a password file.
47
- def read(path)
48
- return super unless password_file
49
-
50
- # RFC 1421 states PEM is 7-bit ASCII https://tools.ietf.org/html/rfc1421
51
- @content = wrapped_class.new(Puppet::FileSystem.read(path, :encoding => Encoding::ASCII), password)
52
- end
53
-
54
- def to_s
55
- if password
56
- @content.export(OpenSSL::Cipher::DES.new(:EDE3, :CBC), password)
57
- else
58
- return super
59
- end
60
- end
61
- end