puppet 6.27.0-universal-darwin → 6.28.0-universal-darwin
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Gemfile.lock +71 -11
- data/lib/puppet/agent.rb +47 -11
- data/lib/puppet/application/agent.rb +2 -12
- data/lib/puppet/http/client.rb +22 -2
- data/lib/puppet/provider/package/puppetserver_gem.rb +7 -16
- data/lib/puppet/provider/package/windows/exe_package.rb +30 -1
- data/lib/puppet/provider/package/windows/package.rb +2 -1
- data/lib/puppet/provider/package/windows.rb +14 -1
- data/lib/puppet/provider/user/directoryservice.rb +5 -0
- data/lib/puppet/ssl/ssl_provider.rb +65 -12
- data/lib/puppet/ssl/state_machine.rb +13 -17
- data/lib/puppet/type/user.rb +3 -0
- data/lib/puppet/version.rb +1 -1
- data/lib/puppet.rb +1 -14
- data/man/man5/puppet.conf.5 +2 -2
- data/man/man8/puppet-agent.8 +1 -1
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +1 -1
- data/man/man8/puppet-filebucket.8 +1 -1
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-key.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-man.8 +1 -1
- data/man/man8/puppet-module.8 +1 -1
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +1 -1
- data/man/man8/puppet-status.8 +1 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/integration/application/agent_spec.rb +108 -0
- data/spec/integration/http/client_spec.rb +27 -10
- data/spec/lib/puppet_spec/https.rb +1 -1
- data/spec/lib/puppet_spec/puppetserver.rb +39 -2
- data/spec/unit/agent_spec.rb +28 -2
- data/spec/unit/application/agent_spec.rb +26 -16
- data/spec/unit/daemon_spec.rb +2 -11
- data/spec/unit/http/client_spec.rb +18 -0
- data/spec/unit/provider/package/puppetserver_gem_spec.rb +2 -2
- data/spec/unit/provider/package/windows/exe_package_spec.rb +17 -0
- data/spec/unit/ssl/ssl_provider_spec.rb +75 -1
- data/spec/unit/ssl/state_machine_spec.rb +1 -0
- data/tasks/generate_cert_fixtures.rake +5 -4
- metadata +2 -2
data/spec/unit/agent_spec.rb
CHANGED
@@ -38,6 +38,10 @@ describe Puppet::Agent do
|
|
38
38
|
end
|
39
39
|
end
|
40
40
|
end
|
41
|
+
|
42
|
+
ssl_context = Puppet::SSL::SSLContext.new
|
43
|
+
machine = instance_double("Puppet::SSL::StateMachine", ensure_client_certificate: ssl_context)
|
44
|
+
allow(Puppet::SSL::StateMachine).to receive(:new).and_return(machine)
|
41
45
|
end
|
42
46
|
|
43
47
|
after do
|
@@ -99,6 +103,8 @@ describe Puppet::Agent do
|
|
99
103
|
end
|
100
104
|
|
101
105
|
it "should splay" do
|
106
|
+
Puppet[:splay] = true
|
107
|
+
|
102
108
|
expect(@agent).to receive(:splay)
|
103
109
|
|
104
110
|
@agent.run
|
@@ -181,6 +187,26 @@ describe Puppet::Agent do
|
|
181
187
|
expect(@agent.run).to eq(:result)
|
182
188
|
end
|
183
189
|
|
190
|
+
it "should check if it's disabled after splaying and log a message" do
|
191
|
+
Puppet[:splay] = true
|
192
|
+
Puppet[:splaylimit] = '5s'
|
193
|
+
Puppet[:onetime] = true
|
194
|
+
|
195
|
+
expect(@agent).to receive(:disabled?).and_return(false, true)
|
196
|
+
|
197
|
+
allow(Puppet).to receive(:notice).and_call_original
|
198
|
+
expect(Puppet).to receive(:notice).with(/Skipping run of .*; administratively disabled.*/)
|
199
|
+
@agent.run
|
200
|
+
end
|
201
|
+
|
202
|
+
it "should check if it's disabled after acquiring the lock and log a message" do
|
203
|
+
expect(@agent).to receive(:disabled?).and_return(false, true)
|
204
|
+
|
205
|
+
allow(Puppet).to receive(:notice).and_call_original
|
206
|
+
expect(Puppet).to receive(:notice).with(/Skipping run of .*; administratively disabled.*/)
|
207
|
+
@agent.run
|
208
|
+
end
|
209
|
+
|
184
210
|
describe "and a puppet agent is already running" do
|
185
211
|
before(:each) do
|
186
212
|
allow_any_instance_of(Object).to receive(:sleep)
|
@@ -197,7 +223,7 @@ describe Puppet::Agent do
|
|
197
223
|
@agent.run
|
198
224
|
end
|
199
225
|
|
200
|
-
it "should inform that a run is already in
|
226
|
+
it "should inform that a run is already in progress and try to run every X seconds if waitforlock is used" do
|
201
227
|
# so the locked file exists
|
202
228
|
allow(File).to receive(:file?).and_return(true)
|
203
229
|
# so we don't have to wait again for the run to exit (default maxwaitforcert is 60)
|
@@ -226,7 +252,7 @@ describe Puppet::Agent do
|
|
226
252
|
@agent.run
|
227
253
|
end
|
228
254
|
end
|
229
|
-
|
255
|
+
|
230
256
|
describe "when should_fork is true", :if => Puppet.features.posix? && RUBY_PLATFORM != 'java' do
|
231
257
|
before do
|
232
258
|
@agent = Puppet::Agent.new(AgentTestClient, true)
|
@@ -4,6 +4,11 @@ require 'puppet/agent'
|
|
4
4
|
require 'puppet/application/agent'
|
5
5
|
require 'puppet/daemon'
|
6
6
|
|
7
|
+
class TestAgentClientClass
|
8
|
+
def initialize(transaction_uuid = nil, job_id = nil); end
|
9
|
+
def run(options = {}); end
|
10
|
+
end
|
11
|
+
|
7
12
|
describe Puppet::Application::Agent do
|
8
13
|
include PuppetSpec::Files
|
9
14
|
|
@@ -12,13 +17,20 @@ describe Puppet::Application::Agent do
|
|
12
17
|
before :each do
|
13
18
|
@puppetd = Puppet::Application[:agent]
|
14
19
|
|
15
|
-
@
|
20
|
+
@client = TestAgentClientClass.new
|
21
|
+
allow(TestAgentClientClass).to receive(:new).and_return(@client)
|
22
|
+
|
23
|
+
@agent = Puppet::Agent.new(TestAgentClientClass, false)
|
16
24
|
allow(Puppet::Agent).to receive(:new).and_return(@agent)
|
17
25
|
|
18
|
-
|
26
|
+
Puppet[:pidfile] = tmpfile('pidfile')
|
27
|
+
@daemon = Puppet::Daemon.new(@agent, Puppet::Util::Pidlock.new(Puppet[:pidfile]))
|
19
28
|
allow(@daemon).to receive(:daemonize)
|
20
|
-
allow(@daemon).to receive(:start)
|
21
29
|
allow(@daemon).to receive(:stop)
|
30
|
+
# simulate one run so we don't infinite looptwo runs of the agent, then return so we don't infinite loop
|
31
|
+
allow(@daemon).to receive(:run_event_loop) do
|
32
|
+
@agent.run(splay: false)
|
33
|
+
end
|
22
34
|
allow(Puppet::Daemon).to receive(:new).and_return(@daemon)
|
23
35
|
Puppet[:daemonize] = false
|
24
36
|
|
@@ -92,10 +104,6 @@ describe Puppet::Application::Agent do
|
|
92
104
|
end
|
93
105
|
|
94
106
|
describe "when handling options" do
|
95
|
-
before do
|
96
|
-
allow(@puppetd.command_line).to receive(:args).and_return([])
|
97
|
-
end
|
98
|
-
|
99
107
|
[:enable, :debug, :fqdn, :test, :verbose, :digest].each do |option|
|
100
108
|
it "should declare handle_#{option} method" do
|
101
109
|
expect(@puppetd).to respond_to("handle_#{option}".to_sym)
|
@@ -127,32 +135,34 @@ describe Puppet::Application::Agent do
|
|
127
135
|
end
|
128
136
|
|
129
137
|
it "should set waitforcert to 0 with --onetime and if --waitforcert wasn't given" do
|
130
|
-
allow(@
|
138
|
+
allow(@client).to receive(:run).and_return(2)
|
131
139
|
Puppet[:onetime] = true
|
132
140
|
|
133
|
-
expect(Puppet::SSL::StateMachine).to receive(:new).with(waitforcert: 0).and_return(machine)
|
141
|
+
expect(Puppet::SSL::StateMachine).to receive(:new).with(hash_including(waitforcert: 0)).and_return(machine)
|
134
142
|
|
135
143
|
expect { execute_agent }.to exit_with 0
|
136
144
|
end
|
137
145
|
|
138
146
|
it "should use supplied waitforcert when --onetime is specified" do
|
139
|
-
allow(@
|
147
|
+
allow(@client).to receive(:run).and_return(2)
|
140
148
|
Puppet[:onetime] = true
|
141
149
|
@puppetd.handle_waitforcert(60)
|
142
150
|
|
143
|
-
expect(Puppet::SSL::StateMachine).to receive(:new).with(waitforcert: 60).and_return(machine)
|
151
|
+
expect(Puppet::SSL::StateMachine).to receive(:new).with(hash_including(waitforcert: 60)).and_return(machine)
|
144
152
|
|
145
153
|
expect { execute_agent }.to exit_with 0
|
146
154
|
end
|
147
155
|
|
148
156
|
it "should use a default value for waitforcert when --onetime and --waitforcert are not specified" do
|
149
|
-
|
157
|
+
allow(@client).to receive(:run).and_return(2)
|
158
|
+
|
159
|
+
expect(Puppet::SSL::StateMachine).to receive(:new).with(hash_including(waitforcert: 120)).and_return(machine)
|
150
160
|
|
151
161
|
execute_agent
|
152
162
|
end
|
153
163
|
|
154
164
|
it "should register ssl OIDs" do
|
155
|
-
expect(Puppet::SSL::StateMachine).to receive(:new).with(waitforcert: 120).and_return(
|
165
|
+
expect(Puppet::SSL::StateMachine).to receive(:new).with(hash_including(waitforcert: 120)).and_return(machine)
|
156
166
|
expect(Puppet::SSL::Oids).to receive(:register_puppet_oids)
|
157
167
|
|
158
168
|
execute_agent
|
@@ -161,7 +171,7 @@ describe Puppet::Application::Agent do
|
|
161
171
|
it "should use the waitforcert setting when checking for a signed certificate" do
|
162
172
|
Puppet[:waitforcert] = 10
|
163
173
|
|
164
|
-
expect(Puppet::SSL::StateMachine).to receive(:new).with(waitforcert: 10).and_return(machine)
|
174
|
+
expect(Puppet::SSL::StateMachine).to receive(:new).with(hash_including(waitforcert: 10)).and_return(machine)
|
165
175
|
|
166
176
|
execute_agent
|
167
177
|
end
|
@@ -413,9 +423,9 @@ describe Puppet::Application::Agent do
|
|
413
423
|
end
|
414
424
|
|
415
425
|
it "should wait for a certificate" do
|
416
|
-
|
426
|
+
Puppet[:waitforcert] = 123
|
417
427
|
|
418
|
-
expect(Puppet::SSL::StateMachine).to receive(:new).with(waitforcert: 123).and_return(machine)
|
428
|
+
expect(Puppet::SSL::StateMachine).to receive(:new).with(hash_including(waitforcert: 123)).and_return(machine)
|
419
429
|
|
420
430
|
execute_agent
|
421
431
|
end
|
data/spec/unit/daemon_spec.rb
CHANGED
@@ -1,6 +1,7 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
require 'puppet/daemon'
|
3
3
|
require 'puppet/agent'
|
4
|
+
require 'puppet/configurer'
|
4
5
|
|
5
6
|
def without_warnings
|
6
7
|
flag = $VERBOSE
|
@@ -9,12 +10,6 @@ def without_warnings
|
|
9
10
|
$VERBOSE = flag
|
10
11
|
end
|
11
12
|
|
12
|
-
class TestClient
|
13
|
-
def lockfile_path
|
14
|
-
"/dev/null"
|
15
|
-
end
|
16
|
-
end
|
17
|
-
|
18
13
|
describe Puppet::Daemon, :unless => Puppet::Util::Platform.windows? do
|
19
14
|
include PuppetSpec::Files
|
20
15
|
|
@@ -26,7 +21,7 @@ describe Puppet::Daemon, :unless => Puppet::Util::Platform.windows? do
|
|
26
21
|
end
|
27
22
|
end
|
28
23
|
|
29
|
-
let(:agent) { Puppet::Agent.new(
|
24
|
+
let(:agent) { Puppet::Agent.new(Puppet::Configurer, false) }
|
30
25
|
let(:server) { double("Server", :start => nil, :wait_for_shutdown => nil) }
|
31
26
|
|
32
27
|
let(:pidfile) { double("PidFile", :lock => true, :unlock => true, :file_path => 'fake.pid') }
|
@@ -131,10 +126,6 @@ describe Puppet::Daemon, :unless => Puppet::Util::Platform.windows? do
|
|
131
126
|
end
|
132
127
|
|
133
128
|
describe "when reloading" do
|
134
|
-
it "should do nothing if no agent is configured" do
|
135
|
-
daemon.reload
|
136
|
-
end
|
137
|
-
|
138
129
|
it "should do nothing if the agent is running" do
|
139
130
|
expect(agent).to receive(:run).with({:splay => false}).and_raise(Puppet::LockError, 'Failed to aquire lock')
|
140
131
|
expect(Puppet).to receive(:notice).with('Not triggering already-running agent')
|
@@ -120,6 +120,24 @@ describe Puppet::HTTP::Client do
|
|
120
120
|
|
121
121
|
client.close
|
122
122
|
end
|
123
|
+
|
124
|
+
it 'reloads the default ssl context' do
|
125
|
+
expect(client.pool).to receive(:with_connection) do |_, verifier|
|
126
|
+
expect(verifier.ssl_context).to_not equal(puppet_context)
|
127
|
+
end
|
128
|
+
|
129
|
+
client.close
|
130
|
+
client.connect(uri)
|
131
|
+
end
|
132
|
+
|
133
|
+
it 'reloads the default system ssl context' do
|
134
|
+
expect(client.pool).to receive(:with_connection) do |_, verifier|
|
135
|
+
expect(verifier.ssl_context).to_not equal(system_context)
|
136
|
+
end
|
137
|
+
|
138
|
+
client.close
|
139
|
+
client.connect(uri, options: {include_system_store: true})
|
140
|
+
end
|
123
141
|
end
|
124
142
|
|
125
143
|
context "for GET requests" do
|
@@ -105,9 +105,9 @@ describe Puppet::Type.type(:package).provider(:puppetserver_gem) do
|
|
105
105
|
|
106
106
|
describe ".gemlist" do
|
107
107
|
context "listing installed packages" do
|
108
|
-
it "uses the
|
108
|
+
it "uses the puppet_gem provider_command to list local gems" do
|
109
109
|
expected = { name: 'world_airports', provider: :puppetserver_gem, ensure: ['1.1.3'] }
|
110
|
-
expect(described_class).to receive(:execute_rubygems_list_command).with(
|
110
|
+
expect(described_class).to receive(:execute_rubygems_list_command).with(['gem', 'list', '--local']).and_return(File.read(my_fixture('gem-list-local-packages')))
|
111
111
|
expect(described_class.gemlist({ local: true })).to include(expected)
|
112
112
|
end
|
113
113
|
end
|
@@ -1,5 +1,6 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
require 'puppet/provider/package/windows/exe_package'
|
3
|
+
require 'puppet/provider/package/windows'
|
3
4
|
|
4
5
|
describe Puppet::Provider::Package::Windows::ExePackage do
|
5
6
|
let (:name) { 'Git version 1.7.11' }
|
@@ -71,10 +72,26 @@ describe Puppet::Provider::Package::Windows::ExePackage do
|
|
71
72
|
|
72
73
|
context '#install_command' do
|
73
74
|
it 'should install using the source' do
|
75
|
+
allow(Puppet::FileSystem).to receive(:exist?).with(source).and_return(true)
|
74
76
|
cmd = described_class.install_command({:source => source})
|
75
77
|
|
76
78
|
expect(cmd).to eq(source)
|
77
79
|
end
|
80
|
+
|
81
|
+
it 'should raise error when URI is invalid' do
|
82
|
+
web_source = 'https://www.t e s t.test/test.exe'
|
83
|
+
|
84
|
+
expect do
|
85
|
+
described_class.install_command({:source => web_source, :name => name})
|
86
|
+
end.to raise_error(Puppet::Error, /Error when installing #{name}:/)
|
87
|
+
end
|
88
|
+
|
89
|
+
it 'should download package from source file before installing', if: Puppet::Util::Platform.windows? do
|
90
|
+
web_source = 'https://www.test.test/test.exe'
|
91
|
+
stub_request(:get, web_source).to_return(status: 200, body: 'package binaries')
|
92
|
+
cmd = described_class.install_command({:source => web_source})
|
93
|
+
expect(File.read(cmd)).to eq('package binaries')
|
94
|
+
end
|
78
95
|
end
|
79
96
|
|
80
97
|
context '#uninstall_command' do
|
@@ -113,12 +113,21 @@ describe Puppet::SSL::SSLProvider do
|
|
113
113
|
}.to raise_error(/can't modify frozen/)
|
114
114
|
end
|
115
115
|
|
116
|
-
it 'trusts system ca store' do
|
116
|
+
it 'trusts system ca store by default' do
|
117
117
|
expect_any_instance_of(OpenSSL::X509::Store).to receive(:set_default_paths)
|
118
118
|
|
119
119
|
subject.create_system_context(cacerts: [])
|
120
120
|
end
|
121
121
|
|
122
|
+
it 'trusts an external ca store' do
|
123
|
+
path = tmpfile('system_cacerts')
|
124
|
+
File.write(path, cert_fixture('ca.pem').to_pem)
|
125
|
+
|
126
|
+
expect_any_instance_of(OpenSSL::X509::Store).to receive(:add_file).with(path)
|
127
|
+
|
128
|
+
subject.create_system_context(cacerts: [], path: path)
|
129
|
+
end
|
130
|
+
|
122
131
|
it 'verifies peer' do
|
123
132
|
sslctx = subject.create_system_context(cacerts: [])
|
124
133
|
expect(sslctx.verify_peer).to eq(true)
|
@@ -135,6 +144,47 @@ describe Puppet::SSL::SSLProvider do
|
|
135
144
|
expect(sslctx.private_key).to be_nil
|
136
145
|
end
|
137
146
|
|
147
|
+
it 'includes the client cert and private key when requested' do
|
148
|
+
Puppet[:hostcert] = fixtures('ssl/signed.pem')
|
149
|
+
Puppet[:hostprivkey] = fixtures('ssl/signed-key.pem')
|
150
|
+
sslctx = subject.create_system_context(cacerts: [], include_client_cert: true)
|
151
|
+
expect(sslctx.client_cert).to be_an(OpenSSL::X509::Certificate)
|
152
|
+
expect(sslctx.private_key).to be_an(OpenSSL::PKey::RSA)
|
153
|
+
end
|
154
|
+
|
155
|
+
it 'ignores non-existent client cert and private key when requested' do
|
156
|
+
Puppet[:certname] = 'doesnotexist'
|
157
|
+
sslctx = subject.create_system_context(cacerts: [], include_client_cert: true)
|
158
|
+
expect(sslctx.client_cert).to be_nil
|
159
|
+
expect(sslctx.private_key).to be_nil
|
160
|
+
end
|
161
|
+
|
162
|
+
it 'warns if the client cert does not exist' do
|
163
|
+
Puppet[:certname] = 'missingcert'
|
164
|
+
Puppet[:hostprivkey] = fixtures('ssl/signed-key.pem')
|
165
|
+
|
166
|
+
expect(Puppet).to receive(:warning).with("Client certificate for 'missingcert' does not exist")
|
167
|
+
subject.create_system_context(cacerts: [], include_client_cert: true)
|
168
|
+
end
|
169
|
+
|
170
|
+
it 'warns if the private key does not exist' do
|
171
|
+
Puppet[:certname] = 'missingkey'
|
172
|
+
Puppet[:hostcert] = fixtures('ssl/signed.pem')
|
173
|
+
|
174
|
+
expect(Puppet).to receive(:warning).with("Private key for 'missingkey' does not exist")
|
175
|
+
subject.create_system_context(cacerts: [], include_client_cert: true)
|
176
|
+
end
|
177
|
+
|
178
|
+
it 'raises if client cert and private key are mismatched' do
|
179
|
+
Puppet[:hostcert] = fixtures('ssl/signed.pem')
|
180
|
+
Puppet[:hostprivkey] = fixtures('ssl/127.0.0.1-key.pem')
|
181
|
+
|
182
|
+
expect {
|
183
|
+
subject.create_system_context(cacerts: [], include_client_cert: true)
|
184
|
+
}.to raise_error(Puppet::SSL::SSLError,
|
185
|
+
"The certificate for 'CN=signed' does not match its private key")
|
186
|
+
end
|
187
|
+
|
138
188
|
it 'trusts additional system certs' do
|
139
189
|
path = tmpfile('system_cacerts')
|
140
190
|
File.write(path, cert_fixture('ca.pem').to_pem)
|
@@ -448,6 +498,18 @@ describe Puppet::SSL::SSLProvider do
|
|
448
498
|
sslctx = subject.create_context(**config)
|
449
499
|
expect(sslctx.verify_peer).to eq(true)
|
450
500
|
end
|
501
|
+
|
502
|
+
it 'does not trust the system ca store by default' do
|
503
|
+
expect_any_instance_of(OpenSSL::X509::Store).to receive(:set_default_paths).never
|
504
|
+
|
505
|
+
subject.create_context(**config)
|
506
|
+
end
|
507
|
+
|
508
|
+
it 'trusts the system ca store' do
|
509
|
+
expect_any_instance_of(OpenSSL::X509::Store).to receive(:set_default_paths)
|
510
|
+
|
511
|
+
subject.create_context(**config.merge(include_system_store: true))
|
512
|
+
end
|
451
513
|
end
|
452
514
|
|
453
515
|
context 'when loading an ssl context' do
|
@@ -528,6 +590,18 @@ describe Puppet::SSL::SSLProvider do
|
|
528
590
|
subject.load_context(password: 'wrongpassword')
|
529
591
|
}.to raise_error(Puppet::SSL::SSLError, /Failed to load private key for host 'signed': Could not parse PKey/)
|
530
592
|
end
|
593
|
+
|
594
|
+
it 'does not trust the system ca store by default' do
|
595
|
+
expect_any_instance_of(OpenSSL::X509::Store).to receive(:set_default_paths).never
|
596
|
+
|
597
|
+
subject.load_context
|
598
|
+
end
|
599
|
+
|
600
|
+
it 'trusts the system ca store' do
|
601
|
+
expect_any_instance_of(OpenSSL::X509::Store).to receive(:set_default_paths)
|
602
|
+
|
603
|
+
subject.load_context(include_system_store: true)
|
604
|
+
end
|
531
605
|
end
|
532
606
|
|
533
607
|
context 'when verifying requests' do
|
@@ -27,6 +27,7 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do
|
|
27
27
|
let(:refused_message) { %r{Connection refused|No connection could be made because the target machine actively refused it} }
|
28
28
|
|
29
29
|
before(:each) do
|
30
|
+
Puppet[:daemonize] = false
|
30
31
|
Puppet[:ssl_lockfile] = tmpfile('ssllock')
|
31
32
|
allow(Kernel).to receive(:sleep)
|
32
33
|
end
|
@@ -37,14 +37,15 @@ task(:gen_cert_fixtures) do
|
|
37
37
|
# | |
|
38
38
|
# signed.pem | +- /CN=signed
|
39
39
|
# revoked.pem | +- /CN=revoked
|
40
|
-
# 127.0.0.1.pem | +- /CN=127.0.0.1 (with dns alt names)
|
41
40
|
# tampered-cert.pem | +- /CN=signed (with different public key)
|
42
41
|
# ec.pem | +- /CN=ec (with EC private key)
|
43
42
|
# oid.pem | +- /CN=oid (with custom oid)
|
44
43
|
# |
|
45
|
-
#
|
46
|
-
# |
|
47
|
-
#
|
44
|
+
# 127.0.0.1.pem +- /CN=127.0.0.1 (with dns alt names)
|
45
|
+
# |
|
46
|
+
# intermediate-agent.pem +- /CN=Test CA Agent Subauthority
|
47
|
+
# | |
|
48
|
+
# pluto.pem | +- /CN=pluto
|
48
49
|
# |
|
49
50
|
# bad-int-basic-constraints.pem +- /CN=Test CA Subauthority (bad isCA constraint)
|
50
51
|
#
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: puppet
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 6.
|
4
|
+
version: 6.28.0
|
5
5
|
platform: universal-darwin
|
6
6
|
authors:
|
7
7
|
- Puppet Labs
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-07-18 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: facter
|