puppet 6.27.0-universal-darwin → 6.29.0-universal-darwin

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of puppet might be problematic. Click here for more details.

Files changed (56) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +116 -44
  3. data/ext/project_data.yaml +1 -1
  4. data/lib/puppet/agent.rb +47 -11
  5. data/lib/puppet/application/agent.rb +2 -12
  6. data/lib/puppet/http/client.rb +22 -2
  7. data/lib/puppet/provider/package/puppetserver_gem.rb +7 -16
  8. data/lib/puppet/provider/package/windows/exe_package.rb +30 -1
  9. data/lib/puppet/provider/package/windows/package.rb +2 -1
  10. data/lib/puppet/provider/package/windows.rb +14 -1
  11. data/lib/puppet/provider/user/directoryservice.rb +5 -0
  12. data/lib/puppet/ssl/ssl_provider.rb +65 -12
  13. data/lib/puppet/ssl/state_machine.rb +13 -17
  14. data/lib/puppet/type/user.rb +3 -0
  15. data/lib/puppet/version.rb +1 -1
  16. data/lib/puppet.rb +1 -14
  17. data/man/man5/puppet.conf.5 +2 -2
  18. data/man/man8/puppet-agent.8 +1 -1
  19. data/man/man8/puppet-apply.8 +1 -1
  20. data/man/man8/puppet-catalog.8 +1 -1
  21. data/man/man8/puppet-config.8 +1 -1
  22. data/man/man8/puppet-describe.8 +1 -1
  23. data/man/man8/puppet-device.8 +1 -1
  24. data/man/man8/puppet-doc.8 +1 -1
  25. data/man/man8/puppet-epp.8 +1 -1
  26. data/man/man8/puppet-facts.8 +1 -1
  27. data/man/man8/puppet-filebucket.8 +1 -1
  28. data/man/man8/puppet-generate.8 +1 -1
  29. data/man/man8/puppet-help.8 +1 -1
  30. data/man/man8/puppet-key.8 +1 -1
  31. data/man/man8/puppet-lookup.8 +1 -1
  32. data/man/man8/puppet-man.8 +1 -1
  33. data/man/man8/puppet-module.8 +1 -1
  34. data/man/man8/puppet-node.8 +1 -1
  35. data/man/man8/puppet-parser.8 +1 -1
  36. data/man/man8/puppet-plugin.8 +1 -1
  37. data/man/man8/puppet-report.8 +1 -1
  38. data/man/man8/puppet-resource.8 +1 -1
  39. data/man/man8/puppet-script.8 +1 -1
  40. data/man/man8/puppet-ssl.8 +1 -1
  41. data/man/man8/puppet-status.8 +1 -1
  42. data/man/man8/puppet.8 +2 -2
  43. data/spec/integration/application/agent_spec.rb +108 -0
  44. data/spec/integration/http/client_spec.rb +27 -10
  45. data/spec/lib/puppet_spec/https.rb +1 -1
  46. data/spec/lib/puppet_spec/puppetserver.rb +39 -2
  47. data/spec/unit/agent_spec.rb +28 -2
  48. data/spec/unit/application/agent_spec.rb +26 -16
  49. data/spec/unit/daemon_spec.rb +2 -11
  50. data/spec/unit/http/client_spec.rb +18 -0
  51. data/spec/unit/provider/package/puppetserver_gem_spec.rb +2 -2
  52. data/spec/unit/provider/package/windows/exe_package_spec.rb +17 -0
  53. data/spec/unit/ssl/ssl_provider_spec.rb +75 -1
  54. data/spec/unit/ssl/state_machine_spec.rb +1 -0
  55. data/tasks/generate_cert_fixtures.rake +5 -4
  56. metadata +9 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 75ff4ca199a268dc90aa6fe8e32882bf92bf7c35ddd6d0520c9991f1e16e0223
4
- data.tar.gz: a41173a9cdee61c24c191c6a719ef33360b613d112a5e1da6e199c1bffe57bc9
3
+ metadata.gz: dbfac1c2445ed08df5233211ec6e3e2d7e45153880a100e00513b1a140fdcdae
4
+ data.tar.gz: 1c89a2c46ecb38527048eea5e8dd880860af712c9bc581d4ccaefa4c2e8deecc
5
5
  SHA512:
6
- metadata.gz: 7012be95fad830749e210d5ddec95e0cc92976ed92c2cf65301dbbcd2acf782773755e88bc83ee0bd5ed912582a88c66592a66a69d9c41de391927752b9fc6c6
7
- data.tar.gz: 967d852cbf0e1b8c8f2cc154ac7fa8316a8131044314a758295ca2f75a8cfa6537e4f69a3e99f88847b9df4cccc380e44b7b919c1e161954e484403d4b884504
6
+ metadata.gz: 80cd64541867117d0696f3af57514c3159ae377da1d2a61bdc166f9bb5eea9a4e902955786a526f96ee4f399c0b65e29d2144c6aee76c7672a5ed6e1ab170e97
7
+ data.tar.gz: '0555952fff4f1f83260f7ab4d00fe2f76cac77085175dffd0ab4cbcad0c0e27adb138b0bfeac49ba5d8b9cb801c81287408d97f9f38c885944aa390667df32fc'
data/Gemfile.lock CHANGED
@@ -1,21 +1,9 @@
1
- GIT
2
- remote: https://github.com/puppetlabs/packaging
3
- revision: 6f7b1ff00ab557f6a47f3f553cc87ec15d718470
4
- branch: 1.0.x
5
- specs:
6
- packaging (0.106.0.27.g6f7b1ff)
7
- apt_stage_artifacts
8
- artifactory (~> 3)
9
- csv (= 3.1.5)
10
- rake (>= 12.3)
11
- release-metrics
12
-
13
1
  PATH
14
2
  remote: .
15
3
  specs:
16
- puppet (6.27.0)
4
+ puppet (6.29.0)
17
5
  CFPropertyList (~> 2.2)
18
- concurrent-ruby (~> 1.0)
6
+ concurrent-ruby (~> 1.0, < 1.2.0)
19
7
  deep_merge (~> 1.0)
20
8
  facter (>= 2.4.0, < 5)
21
9
  fast_gettext (~> 1.1)
@@ -26,12 +14,12 @@ PATH
26
14
  semantic_puppet (~> 1.0)
27
15
 
28
16
  GEM
29
- remote: https://artifactory.delivery.puppetlabs.net/artifactory/api/gems/rubygems/
17
+ remote: https://rubygems.org/
30
18
  specs:
31
19
  CFPropertyList (2.3.6)
32
- addressable (2.8.0)
33
- public_suffix (>= 2.0.2, < 5.0)
34
- apt_stage_artifacts (0.10.1)
20
+ addressable (2.8.1)
21
+ public_suffix (>= 2.0.2, < 6.0)
22
+ apt_stage_artifacts (0.11.0)
35
23
  docopt
36
24
  artifactory (3.0.15)
37
25
  ast (2.4.2)
@@ -40,12 +28,38 @@ GEM
40
28
  crack (0.4.5)
41
29
  rexml
42
30
  csv (3.1.5)
31
+ declarative (0.0.20)
43
32
  deep_merge (1.2.2)
44
33
  diff-lcs (1.5.0)
34
+ digest-crc (0.6.4)
35
+ rake (>= 12.0.0, < 14.0.0)
45
36
  docopt (0.6.1)
46
- facter (4.2.9)
37
+ facter (4.2.14)
47
38
  hocon (~> 1.3)
48
39
  thor (>= 1.0.1, < 2.0)
40
+ faraday (1.10.3)
41
+ faraday-em_http (~> 1.0)
42
+ faraday-em_synchrony (~> 1.0)
43
+ faraday-excon (~> 1.1)
44
+ faraday-httpclient (~> 1.0)
45
+ faraday-multipart (~> 1.0)
46
+ faraday-net_http (~> 1.0)
47
+ faraday-net_http_persistent (~> 1.0)
48
+ faraday-patron (~> 1.0)
49
+ faraday-rack (~> 1.0)
50
+ faraday-retry (~> 1.0)
51
+ ruby2_keywords (>= 0.0.4)
52
+ faraday-em_http (1.0.0)
53
+ faraday-em_synchrony (1.0.0)
54
+ faraday-excon (1.1.0)
55
+ faraday-httpclient (1.0.1)
56
+ faraday-multipart (1.0.4)
57
+ multipart-post (~> 2)
58
+ faraday-net_http (1.0.1)
59
+ faraday-net_http_persistent (1.2.0)
60
+ faraday-patron (1.0.0)
61
+ faraday-rack (1.0.0)
62
+ faraday-retry (1.0.3)
49
63
  fast_gettext (1.1.2)
50
64
  ffi (1.15.5)
51
65
  gettext (3.2.9)
@@ -55,33 +69,80 @@ GEM
55
69
  fast_gettext (~> 1.1.0)
56
70
  gettext (>= 3.0.2, < 3.3.0)
57
71
  locale
72
+ google-apis-core (0.9.5)
73
+ addressable (~> 2.5, >= 2.5.1)
74
+ googleauth (>= 0.16.2, < 2.a)
75
+ httpclient (>= 2.8.1, < 3.a)
76
+ mini_mime (~> 1.0)
77
+ representable (~> 3.0)
78
+ retriable (>= 2.0, < 4.a)
79
+ rexml
80
+ webrick
81
+ google-apis-iamcredentials_v1 (0.16.0)
82
+ google-apis-core (>= 0.9.1, < 2.a)
83
+ google-apis-storage_v1 (0.19.0)
84
+ google-apis-core (>= 0.9.0, < 2.a)
85
+ google-cloud-core (1.6.0)
86
+ google-cloud-env (~> 1.0)
87
+ google-cloud-errors (~> 1.0)
88
+ google-cloud-env (1.6.0)
89
+ faraday (>= 0.17.3, < 3.0)
90
+ google-cloud-errors (1.3.0)
91
+ google-cloud-storage (1.44.0)
92
+ addressable (~> 2.8)
93
+ digest-crc (~> 0.4)
94
+ google-apis-iamcredentials_v1 (~> 0.1)
95
+ google-apis-storage_v1 (~> 0.19.0)
96
+ google-cloud-core (~> 1.6)
97
+ googleauth (>= 0.16.2, < 2.a)
98
+ mini_mime (~> 1.0)
99
+ googleauth (1.1.3)
100
+ faraday (>= 0.17.3, < 3.a)
101
+ jwt (>= 1.4, < 3.0)
102
+ memoist (~> 0.16)
103
+ multi_json (~> 1.11)
104
+ os (>= 0.9, < 2.0)
105
+ signet (>= 0.16, < 2.a)
58
106
  hashdiff (1.0.1)
59
- hiera (3.8.0)
60
- hiera-eyaml (3.2.2)
107
+ hiera (3.11.0)
108
+ hiera-eyaml (3.3.0)
61
109
  highline
62
110
  optimist
63
- highline (2.0.3)
111
+ highline (2.1.0)
64
112
  hocon (1.3.1)
65
113
  hpricot (0.8.6)
66
114
  httpclient (2.8.3)
67
115
  json-schema (2.8.1)
68
116
  addressable (>= 2.4)
117
+ jwt (2.6.0)
69
118
  locale (2.1.3)
70
- memory_profiler (1.0.0)
119
+ memoist (0.16.2)
120
+ memory_profiler (1.0.1)
71
121
  method_source (1.0.0)
122
+ mini_mime (1.1.2)
72
123
  minitar (0.9)
73
- msgpack (1.5.0)
124
+ msgpack (1.6.0)
74
125
  multi_json (1.15.0)
126
+ multipart-post (2.2.3)
75
127
  mustache (1.1.1)
76
128
  optimist (3.0.1)
129
+ os (1.1.4)
130
+ packaging (0.108.1)
131
+ apt_stage_artifacts
132
+ artifactory (~> 3)
133
+ csv (= 3.1.5)
134
+ google-cloud-storage
135
+ googleauth
136
+ rake (>= 12.3)
137
+ release-metrics
77
138
  parallel (1.22.1)
78
139
  parser (2.7.2.0)
79
140
  ast (~> 2.4.1)
80
141
  powerpack (0.1.3)
81
- pry (0.14.1)
142
+ pry (0.14.2)
82
143
  coderay (~> 1.1)
83
144
  method_source (~> 1.0)
84
- public_suffix (4.0.6)
145
+ public_suffix (4.0.7)
85
146
  puppet-resource_api (1.8.14)
86
147
  hocon (>= 1.0)
87
148
  puppetserver-ca (1.11.7)
@@ -90,32 +151,37 @@ GEM
90
151
  rainbow (2.2.2)
91
152
  rake
92
153
  rake (12.3.3)
93
- rdiscount (2.2.0.2)
154
+ rdiscount (2.2.7)
94
155
  rdoc (6.3.3)
95
156
  release-metrics (1.1.0)
96
157
  csv
97
158
  docopt
159
+ representable (3.2.0)
160
+ declarative (< 0.1.0)
161
+ trailblazer-option (>= 0.1.1, < 0.2.0)
162
+ uber (< 0.2.0)
163
+ retriable (3.1.2)
98
164
  rexml (3.2.5)
99
165
  ronn (0.7.3)
100
166
  hpricot (>= 0.8.2)
101
167
  mustache (>= 0.7.0)
102
168
  rdiscount (>= 1.5.8)
103
- rspec (3.11.0)
104
- rspec-core (~> 3.11.0)
105
- rspec-expectations (~> 3.11.0)
106
- rspec-mocks (~> 3.11.0)
107
- rspec-core (3.11.0)
108
- rspec-support (~> 3.11.0)
109
- rspec-expectations (3.11.0)
169
+ rspec (3.12.0)
170
+ rspec-core (~> 3.12.0)
171
+ rspec-expectations (~> 3.12.0)
172
+ rspec-mocks (~> 3.12.0)
173
+ rspec-core (3.12.0)
174
+ rspec-support (~> 3.12.0)
175
+ rspec-expectations (3.12.2)
110
176
  diff-lcs (>= 1.2.0, < 2.0)
111
- rspec-support (~> 3.11.0)
177
+ rspec-support (~> 3.12.0)
112
178
  rspec-its (1.3.0)
113
179
  rspec-core (>= 3.0.0)
114
180
  rspec-expectations (>= 3.0.0)
115
- rspec-mocks (3.11.1)
181
+ rspec-mocks (3.12.3)
116
182
  diff-lcs (>= 1.2.0, < 2.0)
117
- rspec-support (~> 3.11.0)
118
- rspec-support (3.11.0)
183
+ rspec-support (~> 3.12.0)
184
+ rspec-support (3.12.0)
119
185
  rubocop (0.49.1)
120
186
  parallel (~> 1.10)
121
187
  parser (>= 2.3.3.1, < 3.0)
@@ -127,18 +193,25 @@ GEM
127
193
  rubocop (~> 0.49.0)
128
194
  ruby-prof (1.4.3)
129
195
  ruby-progressbar (1.11.0)
130
- scanf (1.0.0)
196
+ ruby2_keywords (0.0.5)
131
197
  semantic_puppet (1.0.4)
198
+ signet (0.16.1)
199
+ addressable (~> 2.8)
200
+ faraday (>= 0.17.5, < 3.0)
201
+ jwt (>= 1.5, < 3.0)
202
+ multi_json (~> 1.10)
132
203
  text (1.3.1)
133
204
  thor (1.2.1)
205
+ trailblazer-option (0.1.2)
206
+ uber (0.1.0)
134
207
  unicode-display_width (1.8.0)
135
208
  vcr (5.1.0)
136
- webmock (3.14.0)
209
+ webmock (3.18.1)
137
210
  addressable (>= 2.8.0)
138
211
  crack (>= 0.3.2)
139
212
  hashdiff (>= 0.4.0, < 2.0.0)
140
213
  webrick (1.7.0)
141
- yard (0.9.27)
214
+ yard (0.9.28)
142
215
  webrick (~> 1.7.0)
143
216
 
144
217
  PLATFORMS
@@ -154,7 +227,7 @@ DEPENDENCIES
154
227
  memory_profiler
155
228
  minitar (~> 0.9)
156
229
  msgpack (~> 1.2)
157
- packaging!
230
+ packaging (~> 0.99)
158
231
  pry
159
232
  puppet!
160
233
  puppet-resource_api (~> 1.5)
@@ -169,11 +242,10 @@ DEPENDENCIES
169
242
  rubocop (~> 0.49)
170
243
  rubocop-i18n (~> 1.2.0)
171
244
  ruby-prof (>= 0.16.0)
172
- scanf
173
245
  semantic_puppet (~> 1.0)
174
246
  vcr (~> 5.0)
175
247
  webmock (~> 3.0)
176
248
  yard
177
249
 
178
250
  BUNDLED WITH
179
- 2.3.9
251
+ 2.3.22
@@ -26,7 +26,7 @@ gem_runtime_dependencies:
26
26
  multi_json: '~> 1.10'
27
27
  httpclient: '~> 2.8'
28
28
  puppet-resource_api: '~>1.5'
29
- concurrent-ruby: '~> 1.0'
29
+ concurrent-ruby: ["~> 1.0", "< 1.2.0"]
30
30
  deep_merge: '~> 1.0'
31
31
  gem_rdoc_options:
32
32
  - --title
data/lib/puppet/agent.rb CHANGED
@@ -38,26 +38,51 @@ class Puppet::Agent
38
38
  # Perform a run with our client.
39
39
  def run(client_options = {})
40
40
  if disabled?
41
- Puppet.notice _("Skipping run of %{client_class}; administratively disabled (Reason: '%{disable_message}');\nUse 'puppet agent --enable' to re-enable.") % { client_class: client_class, disable_message: disable_message }
41
+ log_disabled_message
42
42
  return
43
43
  end
44
44
 
45
45
  result = nil
46
46
  wait_for_lock_deadline = nil
47
47
  block_run = Puppet::Application.controlled_run do
48
- splay client_options.fetch :splay, Puppet[:splay]
48
+ # splay may sleep for awhile when running onetime! If not onetime, then
49
+ # the job scheduler splays (only once) so that agents assign themselves a
50
+ # slot within the splay interval.
51
+ do_splay = client_options.fetch(:splay, Puppet[:splay])
52
+ if do_splay
53
+ splay(do_splay)
54
+
55
+ if disabled?
56
+ log_disabled_message
57
+ break
58
+ end
59
+ end
60
+
61
+ # waiting for certs may sleep for awhile depending on onetime, waitforcert and maxwaitforcert!
62
+ # this needs to happen before forking so that if we fail to obtain certs and try to exit, then
63
+ # we exit the main process and not the forked child.
64
+ ssl_context = wait_for_certificates(client_options)
65
+
49
66
  result = run_in_fork(should_fork) do
50
67
  with_client(client_options[:transaction_uuid], client_options[:job_id]) do |client|
51
68
  client_args = client_options.merge(:pluginsync => Puppet::Configurer.should_pluginsync?)
52
69
  begin
70
+ # lock may sleep for awhile depending on waitforlock and maxwaitforlock!
53
71
  lock do
54
- # NOTE: Timeout is pretty heinous as the location in which it
55
- # throws an error is entirely unpredictable, which means that
56
- # it can interrupt code blocks that perform cleanup or enforce
57
- # sanity. The only thing a Puppet agent should do after this
58
- # error is thrown is die with as much dignity as possible.
59
- Timeout.timeout(Puppet[:runtimeout], RunTimeoutError) do
60
- client.run(client_args)
72
+ if disabled?
73
+ log_disabled_message
74
+ nil
75
+ else
76
+ # NOTE: Timeout is pretty heinous as the location in which it
77
+ # throws an error is entirely unpredictable, which means that
78
+ # it can interrupt code blocks that perform cleanup or enforce
79
+ # sanity. The only thing a Puppet agent should do after this
80
+ # error is thrown is die with as much dignity as possible.
81
+ Timeout.timeout(Puppet[:runtimeout], RunTimeoutError) do
82
+ Puppet.override(ssl_context: ssl_context) do
83
+ client.run(client_args)
84
+ end
85
+ end
61
86
  end
62
87
  end
63
88
  rescue Puppet::LockError
@@ -78,12 +103,13 @@ class Puppet::Agent
78
103
  end
79
104
  rescue RunTimeoutError => detail
80
105
  Puppet.log_exception(detail, _("Execution of %{client_class} did not complete within %{runtimeout} seconds and was terminated.") %
81
- {client_class: client_class,
82
- runtimeout: Puppet[:runtimeout]})
106
+ {client_class: client_class, runtimeout: Puppet[:runtimeout]})
83
107
  nil
84
108
  rescue StandardError => detail
85
109
  Puppet.log_exception(detail, _("Could not run %{client_class}: %{detail}") % { client_class: client_class, detail: detail })
86
110
  nil
111
+ ensure
112
+ Puppet.runtime[:http].close
87
113
  end
88
114
  end
89
115
  end
@@ -137,4 +163,14 @@ class Puppet::Agent
137
163
  ensure
138
164
  @client = nil
139
165
  end
166
+
167
+ def wait_for_certificates(options)
168
+ waitforcert = options[:waitforcert] || (Puppet[:onetime] ? 0 : Puppet[:waitforcert])
169
+ sm = Puppet::SSL::StateMachine.new(waitforcert: waitforcert, onetime: Puppet[:onetime])
170
+ sm.ensure_client_certificate
171
+ end
172
+
173
+ def log_disabled_message
174
+ Puppet.notice _("Skipping run of %{client_class}; administratively disabled (Reason: '%{disable_message}');\nUse 'puppet agent --enable' to re-enable.") % { client_class: client_class, disable_message: disable_message }
175
+ end
140
176
  end
@@ -383,15 +383,11 @@ Copyright (c) 2011 Puppet Inc., LLC Licensed under the Apache 2.0 License
383
383
 
384
384
  log_config if Puppet[:daemonize]
385
385
 
386
- # run ssl state machine, waiting if needed
387
- ssl_context = wait_for_certificates
388
-
389
386
  # Each application is responsible for pushing loaders onto the context.
390
387
  # Use the current environment that has already been established, though
391
388
  # it may change later during the configurer run.
392
389
  env = Puppet.lookup(:current_environment)
393
- Puppet.override(ssl_context: ssl_context,
394
- current_environment: env,
390
+ Puppet.override(current_environment: env,
395
391
  loaders: Puppet::Pops::Loaders.new(env, true)) do
396
392
  if Puppet[:onetime]
397
393
  onetime(daemon)
@@ -434,7 +430,7 @@ Copyright (c) 2011 Puppet Inc., LLC Licensed under the Apache 2.0 License
434
430
 
435
431
  def onetime(daemon)
436
432
  begin
437
- exitstatus = daemon.agent.run({:job_id => options[:job_id], :start_time => options[:start_time]})
433
+ exitstatus = daemon.agent.run({:job_id => options[:job_id], :start_time => options[:start_time], :waitforcert => options[:waitforcert]})
438
434
  rescue => detail
439
435
  Puppet.log_exception(detail)
440
436
  end
@@ -524,10 +520,4 @@ Copyright (c) 2011 Puppet Inc., LLC Licensed under the Apache 2.0 License
524
520
 
525
521
  daemon
526
522
  end
527
-
528
- def wait_for_certificates
529
- waitforcert = options[:waitforcert] || (Puppet[:onetime] ? 0 : Puppet[:waitforcert])
530
- sm = Puppet::SSL::StateMachine.new(waitforcert: waitforcert)
531
- sm.ensure_client_certificate
532
- end
533
523
  end
@@ -25,7 +25,7 @@ class Puppet::HTTP::Client
25
25
  # used if :include_system_store is set to true
26
26
  # @param [Integer] redirect_limit default number of HTTP redirections to allow
27
27
  # in a given request. Can also be specified per-request.
28
- # @param [Integer] retry_limit number of HTTP reties allowed in a given
28
+ # @param [Integer] retry_limit number of HTTP retries allowed in a given
29
29
  # request
30
30
  #
31
31
  def initialize(pool: Puppet::Network::HTTP::Pool.new(Puppet[:http_keepalive_timeout]), ssl_context: nil, system_ssl_context: nil, redirect_limit: 10, retry_limit: 100)
@@ -272,6 +272,24 @@ class Puppet::HTTP::Client
272
272
  #
273
273
  def close
274
274
  @pool.close
275
+ @default_ssl_context = nil
276
+ @default_system_ssl_context = nil
277
+ end
278
+
279
+ def default_ssl_context
280
+ cert = Puppet::X509::CertProvider.new
281
+ password = cert.load_private_key_password
282
+
283
+ ssl = Puppet::SSL::SSLProvider.new
284
+ ctx = ssl.load_context(certname: Puppet[:certname], password: password)
285
+ ssl.print(ctx)
286
+ ctx
287
+ rescue => e
288
+ # TRANSLATORS: `message` is an already translated string of why SSL failed to initialize
289
+ Puppet.log_exception(e, _("Failed to initialize SSL: %{message}") % { message: e.message })
290
+ # TRANSLATORS: `puppet agent -t` is a command and should not be translated
291
+ Puppet.err(_("Run `puppet agent -t`"))
292
+ raise e
275
293
  end
276
294
 
277
295
  protected
@@ -408,7 +426,9 @@ class Puppet::HTTP::Client
408
426
  cacerts = cert_provider.load_cacerts || []
409
427
 
410
428
  ssl = Puppet::SSL::SSLProvider.new
411
- @default_system_ssl_context = ssl.create_system_context(cacerts: cacerts)
429
+ @default_system_ssl_context = ssl.create_system_context(cacerts: cacerts, include_client_cert: true)
430
+ ssl.print(@default_system_ssl_context)
431
+ @default_system_ssl_context
412
432
  end
413
433
 
414
434
  def apply_auth(request, basic_auth)
@@ -53,7 +53,7 @@ Puppet::Type.type(:package).provide :puppetserver_gem, :parent => :gem do
53
53
  end
54
54
 
55
55
  if options[:local]
56
- list = execute_rubygems_list_command(gem_regex)
56
+ list = execute_rubygems_list_command(command_options)
57
57
  else
58
58
  begin
59
59
  list = puppetservercmd(command_options)
@@ -137,7 +137,7 @@ Puppet::Type.type(:package).provide :puppetserver_gem, :parent => :gem do
137
137
  # for example: json (1.8.3 java)
138
138
  # but java platform gems should not be managed by this (or any) provider.
139
139
 
140
- def self.execute_rubygems_list_command(gem_regex)
140
+ def self.execute_rubygems_list_command(command_options)
141
141
  puppetserver_default_gem_home = '/opt/puppetlabs/server/data/puppetserver/jruby-gems'
142
142
  puppetserver_default_vendored_jruby_gems = '/opt/puppetlabs/server/data/puppetserver/vendored-jruby-gems'
143
143
  puppet_default_vendor_gems = '/opt/puppetlabs/puppet/lib/ruby/vendor_gems'
@@ -157,24 +157,15 @@ Puppet::Type.type(:package).provide :puppetserver_gem, :parent => :gem do
157
157
  gem_env['GEM_PATH'] = puppetserver_conf['jruby-puppet'].key?('gem-path') ? puppetserver_conf['jruby-puppet']['gem-path'].join(':') : puppetserver_default_gem_path
158
158
  end
159
159
  gem_env['GEM_SPEC_CACHE'] = "/tmp/#{$$}"
160
- Gem.paths = gem_env
161
-
162
- sio_inn = StringIO.new
163
- sio_out = StringIO.new
164
- sio_err = StringIO.new
165
- stream_ui = Gem::StreamUI.new(sio_inn, sio_out, sio_err, false)
166
- gem_list_cmd = Gem::Commands::ListCommand.new
167
- gem_list_cmd.options[:domain] = :local
168
- gem_list_cmd.options[:args] = [gem_regex] if gem_regex
169
- gem_list_cmd.ui = stream_ui
170
- gem_list_cmd.execute
160
+
161
+ # Remove the 'gem' from the command_options
162
+ command_options.shift
163
+ gem_out = execute_gem_command(Puppet::Type::Package::ProviderPuppet_gem.provider_command, command_options, gem_env)
171
164
 
172
165
  # There is no method exclude default gems from the local gem list,
173
166
  # for example: psych (default: 2.2.2)
174
167
  # but default gems should not be managed by this (or any) provider.
175
- gem_list = sio_out.string.lines.reject { |gem| gem =~ / \(default\: / }
168
+ gem_list = gem_out.lines.reject { |gem| gem =~ / \(default\: / }
176
169
  gem_list.join("\n")
177
- ensure
178
- Gem.clear_paths
179
170
  end
180
171
  end
@@ -17,6 +17,11 @@ class Puppet::Provider::Package::Windows
17
17
  'WindowsInstaller',
18
18
  ]
19
19
 
20
+ def self.register(path)
21
+ Puppet::Type::Package::ProviderWindows.paths ||= []
22
+ Puppet::Type::Package::ProviderWindows.paths << path
23
+ end
24
+
20
25
  # Return an instance of the package from the registry, or nil
21
26
  def self.from_registry(name, values)
22
27
  if valid?(name, values)
@@ -55,7 +60,31 @@ class Puppet::Provider::Package::Windows
55
60
  end
56
61
 
57
62
  def self.install_command(resource)
58
- munge(resource[:source])
63
+ file_location = resource[:source]
64
+ if file_location.start_with?('http://', 'https://')
65
+ tempfile = Tempfile.new(['','.exe'])
66
+ begin
67
+ uri = URI(Puppet::Util.uri_encode(file_location))
68
+ client = Puppet.runtime[:http]
69
+ client.get(uri, options: { include_system_store: true }) do |response|
70
+ raise Puppet::HTTP::ResponseError.new(response) unless response.success?
71
+
72
+ File.open(tempfile.path, 'wb') do |file|
73
+ response.read_body do |data|
74
+ file.write(data)
75
+ end
76
+ end
77
+ end
78
+ rescue => detail
79
+ raise Puppet::Error.new(_("Error when installing %{package}: %{detail}") % { package: resource[:name] ,detail: detail.message}, detail)
80
+ ensure
81
+ self.register(tempfile.path)
82
+ tempfile.close()
83
+ file_location = tempfile.path
84
+ end
85
+ end
86
+
87
+ munge(file_location)
59
88
  end
60
89
 
61
90
  def uninstall_command
@@ -67,7 +67,8 @@ class Puppet::Provider::Package::Windows
67
67
  # REMIND: what about msp, etc
68
68
  MsiPackage
69
69
  when /\.exe"?\Z/i
70
- fail(_("The source does not exist: '%{source}'") % { source: resource[:source] }) unless Puppet::FileSystem.exist?(resource[:source])
70
+ fail(_("The source does not exist: '%{source}'") % { source: resource[:source] }) unless
71
+ Puppet::FileSystem.exist?(resource[:source]) || resource[:source].start_with?('http://', 'https://')
71
72
  ExePackage
72
73
  else
73
74
  fail(_("Don't know how to install '%{source}'") % { source: resource[:source] })
@@ -30,6 +30,19 @@ Puppet::Type.type(:package).provide(:windows, :parent => Puppet::Provider::Packa
30
30
  has_feature :versionable
31
31
 
32
32
  attr_accessor :package
33
+ class << self
34
+ attr_accessor :paths
35
+ end
36
+
37
+ def self.post_resource_eval
38
+ @paths.each do |path|
39
+ begin
40
+ Puppet::FileSystem.unlink(path)
41
+ rescue => detail
42
+ raise Puppet::Error.new(_("Error when unlinking %{path}: %{detail}") % { path: path ,detail: detail.message}, detail)
43
+ end
44
+ end if @paths
45
+ end
33
46
 
34
47
  # Return an array of provider instances
35
48
  def self.instances
@@ -64,7 +77,7 @@ Puppet::Type.type(:package).provide(:windows, :parent => Puppet::Provider::Packa
64
77
 
65
78
  command = [installer.install_command(resource), install_options].flatten.compact.join(' ')
66
79
  working_dir = File.dirname(resource[:source])
67
- if !Puppet::FileSystem.exist?(working_dir) && resource[:source] =~ /\.msi"?\Z/i
80
+ unless Puppet::FileSystem.exist?(working_dir)
68
81
  working_dir = nil
69
82
  end
70
83
  output = execute(command, :failonfail => false, :combine => true, :cwd => working_dir, :suppress_window => true)
@@ -401,6 +401,11 @@ Puppet::Type.type(:user).provide :directoryservice do
401
401
  # we have to treat the ds cache just like you would in the password=
402
402
  # method.
403
403
  def salt=(value)
404
+ if (Puppet::Util::Package.versioncmp(self.class.get_os_version, '10.15') >= 0)
405
+ if value.length != 64
406
+ self.fail "macOS versions 10.15 and higher require the salt to be 32-bytes. Since Puppet's user resource requires the value to be hex encoded, the length of the salt's string must be 64. Please check your salt and try again."
407
+ end
408
+ end
404
409
  if (Puppet::Util::Package.versioncmp(self.class.get_os_version, '10.7') > 0)
405
410
  assert_full_pbkdf2_password
406
411