puppet 6.28.0-universal-darwin → 7.0.0-universal-darwin
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CODEOWNERS +16 -2
- data/CONTRIBUTING.md +5 -5
- data/Gemfile +5 -7
- data/Gemfile.lock +52 -131
- data/README.md +5 -5
- data/conf/fileserver.conf +5 -10
- data/ext/README.environment +8 -0
- data/ext/build_defaults.yaml +1 -1
- data/ext/dbfix.sql +132 -0
- data/ext/debian/README.Debian +8 -0
- data/ext/debian/README.source +2 -0
- data/ext/debian/TODO.Debian +1 -0
- data/ext/debian/changelog.erb +1122 -0
- data/ext/debian/compat +1 -0
- data/ext/debian/control +144 -0
- data/ext/debian/copyright +339 -0
- data/ext/debian/docs +1 -0
- data/ext/debian/fileserver.conf +41 -0
- data/ext/debian/puppet-common.dirs +13 -0
- data/ext/debian/puppet-common.install +3 -0
- data/ext/debian/puppet-common.lintian-overrides +5 -0
- data/ext/debian/puppet-common.manpages +28 -0
- data/ext/debian/puppet-common.postinst +35 -0
- data/ext/debian/puppet-common.postrm +33 -0
- data/ext/debian/puppet-el.dirs +1 -0
- data/ext/debian/puppet-el.emacsen-install +25 -0
- data/ext/debian/puppet-el.emacsen-remove +11 -0
- data/ext/debian/puppet-el.emacsen-startup +9 -0
- data/ext/debian/puppet-el.install +1 -0
- data/ext/debian/puppet-testsuite.install +2 -0
- data/ext/debian/puppet-testsuite.lintian-overrides +4 -0
- data/ext/debian/puppet.lintian-overrides +3 -0
- data/ext/debian/puppet.logrotate +20 -0
- data/ext/debian/puppet.postinst +20 -0
- data/ext/debian/puppet.postrm +20 -0
- data/ext/debian/puppet.preinst +20 -0
- data/ext/debian/puppetmaster-common.install +2 -0
- data/ext/debian/puppetmaster-common.manpages +2 -0
- data/ext/debian/puppetmaster-common.postinst +6 -0
- data/ext/debian/puppetmaster-passenger.dirs +4 -0
- data/ext/debian/puppetmaster-passenger.postinst +162 -0
- data/ext/debian/puppetmaster-passenger.postrm +61 -0
- data/ext/debian/puppetmaster.README.debian +17 -0
- data/ext/debian/puppetmaster.default +14 -0
- data/ext/debian/puppetmaster.init +137 -0
- data/ext/debian/puppetmaster.lintian-overrides +3 -0
- data/ext/debian/puppetmaster.postinst +20 -0
- data/ext/debian/puppetmaster.postrm +5 -0
- data/ext/debian/puppetmaster.preinst +22 -0
- data/ext/debian/rules +132 -0
- data/ext/debian/source/format +1 -0
- data/ext/debian/source/options +1 -0
- data/ext/debian/vim-puppet.README.Debian +13 -0
- data/ext/debian/vim-puppet.dirs +5 -0
- data/ext/debian/vim-puppet.yaml +7 -0
- data/ext/debian/watch +2 -0
- data/ext/freebsd/puppetd +26 -0
- data/ext/freebsd/puppetmasterd +26 -0
- data/ext/gentoo/conf.d/puppet +5 -0
- data/ext/gentoo/conf.d/puppetmaster +12 -0
- data/ext/gentoo/init.d/puppet +38 -0
- data/ext/gentoo/init.d/puppetmaster +51 -0
- data/ext/gentoo/puppet/fileserver.conf +41 -0
- data/ext/ips/puppet-agent +44 -0
- data/ext/ips/puppet-master +44 -0
- data/ext/ips/puppet.p5m.erb +12 -0
- data/ext/ips/puppetagent.xml +42 -0
- data/ext/ips/puppetmaster.xml +42 -0
- data/ext/ips/rules +19 -0
- data/ext/ips/transforms +34 -0
- data/ext/ldap/puppet.schema +24 -0
- data/ext/logcheck/puppet +23 -0
- data/{examples → ext}/nagios/check_puppet.rb +2 -2
- data/ext/osx/file_mapping.yaml +28 -0
- data/ext/osx/postflight.erb +109 -0
- data/ext/osx/preflight.erb +52 -0
- data/ext/osx/prototype.plist.erb +38 -0
- data/ext/osx/puppet.plist +0 -2
- data/ext/project_data.yaml +1 -15
- data/ext/redhat/fileserver.conf +41 -0
- data/ext/redhat/logrotate +21 -0
- data/ext/redhat/puppet.spec.erb +841 -0
- data/ext/redhat/server.init +128 -0
- data/ext/redhat/server.sysconfig +13 -0
- data/{examples/enc → ext}/regexp_nodes/classes/databases +0 -0
- data/{examples/enc → ext}/regexp_nodes/classes/webservers +0 -0
- data/{examples/enc → ext}/regexp_nodes/environment/development +0 -0
- data/{examples/enc → ext}/regexp_nodes/parameters/service/prod +0 -0
- data/{examples/enc → ext}/regexp_nodes/parameters/service/qa +0 -0
- data/{examples/enc → ext}/regexp_nodes/parameters/service/sandbox +0 -0
- data/{examples/enc → ext}/regexp_nodes/regexp_nodes.rb +0 -0
- data/ext/solaris/pkginfo +6 -0
- data/ext/solaris/smf/puppetd.xml +77 -0
- data/ext/solaris/smf/puppetmasterd.xml +77 -0
- data/ext/solaris/smf/svc-puppetd +71 -0
- data/ext/solaris/smf/svc-puppetmasterd +67 -0
- data/ext/suse/puppet.spec +310 -0
- data/ext/suse/server.init +173 -0
- data/ext/windows/service/daemon.rb +6 -5
- data/ext/yaml_nodes.rb +105 -0
- data/install.rb +21 -17
- data/lib/puppet/agent.rb +11 -47
- data/lib/puppet/application/agent.rb +16 -18
- data/lib/puppet/application/apply.rb +4 -24
- data/lib/puppet/application/device.rb +100 -106
- data/lib/puppet/application/filebucket.rb +13 -10
- data/lib/puppet/application/lookup.rb +24 -74
- data/lib/puppet/application/resource.rb +16 -32
- data/lib/puppet/application/script.rb +0 -2
- data/lib/puppet/application/ssl.rb +1 -13
- data/lib/puppet/application.rb +178 -108
- data/lib/puppet/application_support.rb +0 -7
- data/lib/puppet/concurrent/thread_local_singleton.rb +3 -6
- data/lib/puppet/configurer/downloader.rb +1 -2
- data/lib/puppet/configurer/plugin_handler.rb +21 -19
- data/lib/puppet/configurer.rb +86 -183
- data/lib/puppet/confine/variable.rb +1 -1
- data/lib/puppet/defaults.rb +130 -244
- data/lib/puppet/environments.rb +82 -146
- data/lib/puppet/face/facts.rb +5 -103
- data/lib/puppet/face/generate.rb +0 -2
- data/lib/puppet/face/help/action.erb +0 -1
- data/lib/puppet/face/help/face.erb +0 -1
- data/lib/puppet/face/help.rb +1 -1
- data/lib/puppet/face/node/clean.rb +0 -11
- data/lib/puppet/face/plugin.rb +5 -8
- data/lib/puppet/ffi/windows/api_types.rb +311 -0
- data/lib/puppet/ffi/windows/constants.rb +404 -0
- data/lib/puppet/ffi/windows/functions.rb +628 -0
- data/lib/puppet/ffi/windows/structs.rb +338 -0
- data/lib/puppet/ffi/windows.rb +12 -0
- data/lib/puppet/file_serving/configuration/parser.rb +3 -34
- data/lib/puppet/file_serving/configuration.rb +0 -8
- data/lib/puppet/file_serving/fileset.rb +2 -14
- data/lib/puppet/file_serving/http_metadata.rb +1 -1
- data/lib/puppet/file_serving/metadata.rb +0 -3
- data/lib/puppet/file_serving/mount/file.rb +4 -4
- data/lib/puppet/file_serving/mount.rb +1 -2
- data/lib/puppet/file_system/file_impl.rb +8 -10
- data/lib/puppet/file_system/jruby.rb +1 -1
- data/lib/puppet/file_system/memory_file.rb +1 -8
- data/lib/puppet/file_system/windows.rb +6 -8
- data/lib/puppet/file_system.rb +1 -1
- data/lib/puppet/forge/repository.rb +0 -1
- data/lib/puppet/forge.rb +4 -4
- data/lib/puppet/functions/all.rb +1 -1
- data/lib/puppet/functions/camelcase.rb +1 -1
- data/lib/puppet/functions/capitalize.rb +2 -2
- data/lib/puppet/functions/downcase.rb +2 -2
- data/lib/puppet/functions/empty.rb +0 -8
- data/lib/puppet/functions/find_template.rb +2 -2
- data/lib/puppet/functions/get.rb +5 -5
- data/lib/puppet/functions/group_by.rb +5 -13
- data/lib/puppet/functions/lest.rb +1 -1
- data/lib/puppet/functions/new.rb +100 -100
- data/lib/puppet/functions/next.rb +1 -18
- data/lib/puppet/functions/partition.rb +4 -12
- data/lib/puppet/functions/require.rb +5 -5
- data/lib/puppet/functions/sort.rb +3 -3
- data/lib/puppet/functions/strftime.rb +0 -1
- data/lib/puppet/functions/tree_each.rb +10 -7
- data/lib/puppet/functions/type.rb +4 -4
- data/lib/puppet/functions/unwrap.rb +2 -17
- data/lib/puppet/functions/upcase.rb +2 -2
- data/lib/puppet/functions/versioncmp.rb +2 -6
- data/lib/puppet/generate/models/type/type.rb +4 -1
- data/lib/puppet/generate/type.rb +0 -9
- data/lib/puppet/http/client.rb +167 -137
- data/lib/puppet/{network/resolver.rb → http/dns.rb} +2 -2
- data/lib/puppet/http/errors.rb +16 -0
- data/lib/puppet/http/external_client.rb +5 -7
- data/lib/puppet/{network/http → http}/factory.rb +8 -15
- data/lib/puppet/{network/http → http}/pool.rb +61 -26
- data/lib/puppet/{network/http/session.rb → http/pool_entry.rb} +2 -3
- data/lib/puppet/http/proxy.rb +137 -0
- data/lib/puppet/http/redirector.rb +4 -17
- data/lib/puppet/http/resolver/server_list.rb +10 -25
- data/lib/puppet/http/resolver/settings.rb +4 -7
- data/lib/puppet/http/resolver/srv.rb +7 -11
- data/lib/puppet/http/resolver.rb +5 -15
- data/lib/puppet/http/response.rb +36 -54
- data/lib/puppet/http/response_converter.rb +24 -0
- data/lib/puppet/http/response_net_http.rb +42 -0
- data/lib/puppet/http/retry_after_handler.rb +4 -13
- data/lib/puppet/http/service/ca.rb +11 -22
- data/lib/puppet/http/service/compiler.rb +23 -144
- data/lib/puppet/http/service/file_server.rb +19 -29
- data/lib/puppet/http/service/puppetserver.rb +26 -12
- data/lib/puppet/http/service/report.rb +8 -10
- data/lib/puppet/http/service.rb +12 -26
- data/lib/puppet/http/session.rb +11 -20
- data/lib/puppet/{network/http → http}/site.rb +1 -2
- data/lib/puppet/http.rb +22 -13
- data/lib/puppet/indirector/catalog/compiler.rb +6 -25
- data/lib/puppet/indirector/catalog/rest.rb +2 -5
- data/lib/puppet/indirector/facts/facter.rb +6 -6
- data/lib/puppet/indirector/facts/rest.rb +3 -22
- data/lib/puppet/indirector/file_bucket_file/rest.rb +3 -9
- data/lib/puppet/indirector/file_content/rest.rb +2 -6
- data/lib/puppet/indirector/file_metadata/rest.rb +3 -10
- data/lib/puppet/indirector/file_server.rb +1 -8
- data/lib/puppet/indirector/generic_http.rb +0 -11
- data/lib/puppet/indirector/indirection.rb +1 -1
- data/lib/puppet/indirector/node/rest.rb +2 -4
- data/lib/puppet/indirector/report/rest.rb +3 -8
- data/lib/puppet/indirector/request.rb +0 -101
- data/lib/puppet/indirector/resource/ral.rb +1 -6
- data/lib/puppet/indirector/rest.rb +12 -263
- data/lib/puppet/indirector/terminus.rb +0 -4
- data/lib/puppet/interface/documentation.rb +0 -1
- data/lib/puppet/module/plan.rb +1 -0
- data/lib/puppet/module/task.rb +1 -1
- data/lib/puppet/module.rb +0 -1
- data/lib/puppet/module_tool/applications/installer.rb +2 -56
- data/lib/puppet/module_tool/applications/uninstaller.rb +1 -1
- data/lib/puppet/module_tool/applications/upgrader.rb +1 -1
- data/lib/puppet/module_tool/applications.rb +0 -1
- data/lib/puppet/module_tool/errors/shared.rb +2 -34
- data/lib/puppet/network/authconfig.rb +2 -96
- data/lib/puppet/network/authorization.rb +13 -35
- data/lib/puppet/network/formats.rb +0 -67
- data/lib/puppet/network/http/api/indirected_routes.rb +3 -21
- data/lib/puppet/network/http/api/master/v3.rb +11 -13
- data/lib/puppet/network/http/connection.rb +247 -316
- data/lib/puppet/network/http/handler.rb +0 -1
- data/lib/puppet/network/http.rb +3 -3
- data/lib/puppet/network/http_pool.rb +16 -34
- data/lib/puppet/node/environment.rb +11 -10
- data/lib/puppet/node.rb +2 -31
- data/lib/puppet/pal/json_catalog_encoder.rb +4 -0
- data/lib/puppet/pal/pal_impl.rb +4 -2
- data/lib/puppet/parser/ast/leaf.rb +2 -3
- data/lib/puppet/parser/ast/pops_bridge.rb +0 -38
- data/lib/puppet/parser/compiler/catalog_validator/relationship_validator.rb +14 -39
- data/lib/puppet/parser/compiler.rb +0 -198
- data/lib/puppet/parser/functions/fqdn_rand.rb +6 -14
- data/lib/puppet/parser/resource.rb +1 -70
- data/lib/puppet/parser/scope.rb +0 -1
- data/lib/puppet/parser/templatewrapper.rb +1 -2
- data/lib/puppet/pops/evaluator/closure.rb +5 -7
- data/lib/puppet/pops/evaluator/deferred_resolver.rb +3 -5
- data/lib/puppet/pops/evaluator/evaluator_impl.rb +0 -5
- data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +3 -4
- data/lib/puppet/pops/evaluator/runtime3_support.rb +1 -1
- data/lib/puppet/pops/issues.rb +0 -5
- data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +6 -8
- data/lib/puppet/pops/lookup/lookup_adapter.rb +2 -3
- data/lib/puppet/pops/model/ast.pp +0 -42
- data/lib/puppet/pops/model/ast.rb +0 -291
- data/lib/puppet/pops/model/ast_transformer.rb +1 -1
- data/lib/puppet/pops/model/factory.rb +1 -47
- data/lib/puppet/pops/model/model_label_provider.rb +0 -5
- data/lib/puppet/pops/model/model_tree_dumper.rb +0 -22
- data/lib/puppet/pops/model/pn_transformer.rb +0 -16
- data/lib/puppet/pops/parser/code_merger.rb +4 -4
- data/lib/puppet/pops/parser/egrammar.ra +0 -58
- data/lib/puppet/pops/parser/eparser.rb +1685 -1896
- data/lib/puppet/pops/parser/lexer2.rb +91 -92
- data/lib/puppet/pops/parser/parser_support.rb +0 -5
- data/lib/puppet/pops/parser/slurp_support.rb +0 -1
- data/lib/puppet/pops/resource/resource_type_impl.rb +2 -24
- data/lib/puppet/pops/serialization/to_stringified_converter.rb +1 -1
- data/lib/puppet/pops/types/p_sem_ver_type.rb +2 -8
- data/lib/puppet/pops/types/p_sensitive_type.rb +0 -10
- data/lib/puppet/pops/types/type_calculator.rb +0 -7
- data/lib/puppet/pops/types/type_formatter.rb +3 -4
- data/lib/puppet/pops/types/type_mismatch_describer.rb +1 -1
- data/lib/puppet/pops/types/type_parser.rb +0 -4
- data/lib/puppet/pops/types/types.rb +1 -2
- data/lib/puppet/pops/validation/checker4_0.rb +9 -37
- data/lib/puppet/pops/validation/tasks_checker.rb +0 -12
- data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -2
- data/lib/puppet/property/list.rb +1 -1
- data/lib/puppet/provider/aix_object.rb +1 -1
- data/lib/puppet/provider/exec/posix.rb +4 -16
- data/lib/puppet/provider/group/groupadd.rb +10 -18
- data/lib/puppet/provider/nameservice.rb +0 -18
- data/lib/puppet/provider/package/apt.rb +2 -34
- data/lib/puppet/provider/package/aptitude.rb +0 -6
- data/lib/puppet/provider/package/dnfmodule.rb +1 -1
- data/lib/puppet/provider/package/dpkg.rb +0 -10
- data/lib/puppet/provider/package/gem.rb +23 -3
- data/lib/puppet/provider/package/nim.rb +6 -11
- data/lib/puppet/provider/package/pip.rb +3 -16
- data/lib/puppet/provider/package/pkg.rb +2 -23
- data/lib/puppet/provider/package/portage.rb +1 -1
- data/lib/puppet/provider/package/puppet_gem.rb +1 -4
- data/lib/puppet/provider/package/puppetserver_gem.rb +17 -8
- data/lib/puppet/provider/package/windows/exe_package.rb +1 -30
- data/lib/puppet/provider/package/windows/package.rb +1 -2
- data/lib/puppet/provider/package/windows.rb +1 -14
- data/lib/puppet/provider/package/yum.rb +1 -1
- data/lib/puppet/provider/parsedfile.rb +0 -3
- data/lib/puppet/provider/service/base.rb +1 -1
- data/lib/puppet/provider/service/debian.rb +0 -2
- data/lib/puppet/provider/service/init.rb +9 -10
- data/lib/puppet/provider/service/launchd.rb +2 -2
- data/lib/puppet/provider/service/redhat.rb +1 -1
- data/lib/puppet/provider/service/smf.rb +194 -76
- data/lib/puppet/provider/service/systemd.rb +6 -16
- data/lib/puppet/provider/service/upstart.rb +5 -5
- data/lib/puppet/provider/service/windows.rb +0 -38
- data/lib/puppet/provider/user/aix.rb +3 -46
- data/lib/puppet/provider/user/directoryservice.rb +11 -39
- data/lib/puppet/provider/user/useradd.rb +24 -134
- data/lib/puppet/provider.rb +1 -14
- data/lib/puppet/reference/configuration.rb +8 -7
- data/lib/puppet/reference/indirection.rb +1 -1
- data/lib/puppet/reference/providers.rb +2 -2
- data/lib/puppet/resource/catalog.rb +2 -15
- data/lib/puppet/resource/type.rb +3 -119
- data/lib/puppet/resource/type_collection.rb +3 -49
- data/lib/puppet/resource.rb +6 -127
- data/lib/puppet/runtime.rb +2 -13
- data/lib/puppet/settings/environment_conf.rb +0 -1
- data/lib/puppet/settings/integer_setting.rb +17 -0
- data/lib/puppet/settings/port_setting.rb +15 -0
- data/lib/puppet/settings/priority_setting.rb +5 -4
- data/lib/puppet/settings.rb +82 -98
- data/lib/puppet/ssl/base.rb +3 -5
- data/lib/puppet/ssl/certificate.rb +0 -6
- data/lib/puppet/ssl/certificate_request.rb +1 -12
- data/lib/puppet/ssl/certificate_signer.rb +6 -0
- data/lib/puppet/ssl/oids.rb +3 -1
- data/lib/puppet/ssl/ssl_provider.rb +36 -75
- data/lib/puppet/ssl/state_machine.rb +20 -14
- data/lib/puppet/ssl/verifier.rb +2 -6
- data/lib/puppet/ssl.rb +10 -6
- data/lib/puppet/test/test_helper.rb +2 -7
- data/lib/puppet/transaction/additional_resource_generator.rb +1 -1
- data/lib/puppet/transaction/persistence.rb +1 -21
- data/lib/puppet/transaction/report.rb +3 -19
- data/lib/puppet/transaction.rb +1 -7
- data/lib/puppet/type/exec.rb +6 -36
- data/lib/puppet/type/file/checksum.rb +1 -1
- data/lib/puppet/type/file/data_sync.rb +1 -1
- data/lib/puppet/type/file/mode.rb +0 -6
- data/lib/puppet/type/file/selcontext.rb +1 -1
- data/lib/puppet/type/file/source.rb +1 -1
- data/lib/puppet/type/file.rb +12 -32
- data/lib/puppet/type/filebucket.rb +4 -4
- data/lib/puppet/type/group.rb +1 -0
- data/lib/puppet/type/package.rb +8 -16
- data/lib/puppet/type/resources.rb +1 -1
- data/lib/puppet/type/service.rb +41 -26
- data/lib/puppet/type/tidy.rb +3 -22
- data/lib/puppet/type/user.rb +13 -35
- data/lib/puppet/type.rb +1 -77
- data/lib/puppet/util/autoload.rb +8 -1
- data/lib/puppet/util/command_line.rb +1 -1
- data/lib/puppet/util/execution.rb +0 -11
- data/lib/puppet/util/filetype.rb +2 -2
- data/lib/puppet/util/http_proxy.rb +2 -215
- data/lib/puppet/util/json.rb +0 -20
- data/lib/puppet/util/log.rb +4 -8
- data/lib/puppet/util/logging.rb +25 -1
- data/lib/puppet/util/monkey_patches.rb +2 -59
- data/lib/puppet/util/package.rb +16 -25
- data/lib/puppet/util/pidlock.rb +1 -1
- data/lib/puppet/util/posix.rb +5 -54
- data/lib/puppet/util/rdoc/parser/puppet_parser_core.rb +1 -1
- data/lib/puppet/util/rdoc.rb +0 -7
- data/lib/puppet/util/retry_action.rb +1 -1
- data/lib/puppet/util/run_mode.rb +9 -1
- data/lib/puppet/util/selinux.rb +4 -30
- data/lib/puppet/util/suidmanager.rb +2 -1
- data/lib/puppet/util/symbolic_file_mode.rb +17 -29
- data/lib/puppet/util/tagging.rb +0 -1
- data/lib/puppet/util/windows/adsi.rb +0 -46
- data/lib/puppet/util/windows/daemon.rb +360 -0
- data/lib/puppet/util/windows/error.rb +1 -0
- data/lib/puppet/util/windows/eventlog.rb +4 -9
- data/lib/puppet/util/windows/file.rb +8 -242
- data/lib/puppet/util/windows/monkey_patches/process.rb +414 -0
- data/lib/puppet/util/windows/principal.rb +2 -9
- data/lib/puppet/util/windows/process.rb +4 -226
- data/lib/puppet/util/windows/service.rb +11 -457
- data/lib/puppet/util/windows/sid.rb +2 -6
- data/lib/puppet/util/windows/string.rb +12 -13
- data/lib/puppet/util/windows/user.rb +2 -0
- data/lib/puppet/util/windows.rb +3 -11
- data/lib/puppet/util/yaml.rb +1 -42
- data/lib/puppet/util.rb +5 -5
- data/lib/puppet/vendor/require_vendored.rb +0 -1
- data/lib/puppet/version.rb +1 -1
- data/lib/puppet/x509/cert_provider.rb +29 -1
- data/lib/puppet/x509.rb +5 -1
- data/lib/puppet.rb +34 -27
- data/locales/puppet.pot +9633 -5
- data/man/man5/puppet.conf.5 +286 -401
- data/man/man8/puppet-agent.8 +2 -5
- data/man/man8/puppet-apply.8 +2 -2
- data/man/man8/puppet-catalog.8 +9 -9
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +2 -2
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +8 -51
- data/man/man8/puppet-filebucket.8 +4 -4
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-lookup.8 +6 -9
- data/man/man8/puppet-module.8 +3 -60
- data/man/man8/puppet-node.8 +5 -5
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +5 -5
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +2 -2
- data/man/man8/puppet-ssl.8 +1 -5
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/ssl/127.0.0.1-key.pem +57 -107
- data/spec/fixtures/ssl/127.0.0.1.pem +31 -52
- data/spec/fixtures/ssl/bad-basic-constraints.pem +35 -57
- data/spec/fixtures/ssl/bad-int-basic-constraints.pem +35 -57
- data/spec/fixtures/ssl/ca.pem +35 -57
- data/spec/fixtures/ssl/crl.pem +18 -28
- data/spec/fixtures/ssl/ec-key.pem +11 -11
- data/spec/fixtures/ssl/ec.pem +24 -33
- data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
- data/spec/fixtures/ssl/encrypted-key.pem +58 -108
- data/spec/fixtures/ssl/intermediate-agent-crl.pem +19 -28
- data/spec/fixtures/ssl/intermediate-agent.pem +36 -57
- data/spec/fixtures/ssl/intermediate-crl.pem +21 -31
- data/spec/fixtures/ssl/intermediate.pem +36 -57
- data/spec/fixtures/ssl/pluto-key.pem +57 -107
- data/spec/fixtures/ssl/pluto.pem +30 -52
- data/spec/fixtures/ssl/request-key.pem +57 -107
- data/spec/fixtures/ssl/request.pem +26 -47
- data/spec/fixtures/ssl/revoked-key.pem +57 -107
- data/spec/fixtures/ssl/revoked.pem +30 -52
- data/spec/fixtures/ssl/signed-key.pem +57 -107
- data/spec/fixtures/ssl/signed.pem +30 -52
- data/spec/fixtures/ssl/tampered-cert.pem +30 -52
- data/spec/fixtures/ssl/tampered-csr.pem +26 -47
- data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +57 -107
- data/spec/fixtures/ssl/unknown-127.0.0.1.pem +29 -50
- data/spec/fixtures/ssl/unknown-ca-key.pem +57 -107
- data/spec/fixtures/ssl/unknown-ca.pem +33 -55
- data/spec/fixtures/unit/forge/bacula.json +1 -1
- data/spec/fixtures/unit/provider/service/smf/{svcs.out → svcs_instances.out} +0 -0
- data/spec/fixtures/unit/provider/user/aix/aix_passwd_file.out +0 -4
- data/spec/integration/application/agent_spec.rb +50 -406
- data/spec/integration/application/apply_spec.rb +1 -20
- data/spec/integration/application/filebucket_spec.rb +16 -32
- data/spec/integration/application/help_spec.rb +2 -0
- data/spec/integration/application/lookup_spec.rb +50 -81
- data/spec/integration/application/module_spec.rb +0 -21
- data/spec/integration/application/plugin_spec.rb +24 -2
- data/spec/integration/configurer_spec.rb +2 -18
- data/spec/integration/defaults_spec.rb +14 -3
- data/spec/integration/environments/settings_interpolation_spec.rb +4 -0
- data/spec/integration/http/client_spec.rb +4 -63
- data/spec/integration/indirector/direct_file_server_spec.rb +3 -1
- data/spec/integration/indirector/facts/facter_spec.rb +39 -93
- data/spec/integration/network/http_pool_spec.rb +3 -21
- data/spec/integration/parser/catalog_spec.rb +0 -38
- data/spec/integration/parser/node_spec.rb +0 -9
- data/spec/integration/parser/pcore_resource_spec.rb +0 -47
- data/spec/integration/resource/type_collection_spec.rb +6 -2
- data/spec/integration/transaction/report_spec.rb +1 -1
- data/spec/integration/transaction_spec.rb +9 -4
- data/spec/integration/type/exec_spec.rb +45 -70
- data/spec/integration/type/file_spec.rb +7 -6
- data/spec/integration/type/package_spec.rb +6 -6
- data/spec/integration/util/rdoc/parser_spec.rb +1 -1
- data/spec/integration/util/windows/adsi_spec.rb +1 -21
- data/spec/integration/util/windows/monkey_patches/process_spec.rb +231 -0
- data/spec/integration/util/windows/principal_spec.rb +0 -21
- data/spec/integration/util/windows/process_spec.rb +9 -1
- data/spec/integration/util/windows/registry_spec.rb +10 -6
- data/spec/integration/util/windows/security_spec.rb +1 -1
- data/spec/lib/matchers/include.rb +27 -0
- data/spec/lib/matchers/include_spec.rb +32 -0
- data/spec/lib/puppet/test_ca.rb +2 -7
- data/spec/lib/puppet_spec/https.rb +1 -1
- data/spec/lib/puppet_spec/modules.rb +2 -13
- data/spec/lib/puppet_spec/puppetserver.rb +3 -55
- data/spec/lib/puppet_spec/settings.rb +1 -1
- data/spec/shared_behaviours/documentation_on_faces.rb +2 -0
- data/spec/spec_helper.rb +17 -13
- data/spec/unit/agent_spec.rb +8 -38
- data/spec/unit/application/agent_spec.rb +19 -33
- data/spec/unit/application/apply_spec.rb +56 -76
- data/spec/unit/application/facts_spec.rb +12 -456
- data/spec/unit/application/filebucket_spec.rb +43 -39
- data/spec/unit/application/lookup_spec.rb +10 -131
- data/spec/unit/application/resource_spec.rb +0 -29
- data/spec/unit/application/ssl_spec.rb +2 -25
- data/spec/unit/application_spec.rb +9 -51
- data/spec/unit/certificate_factory_spec.rb +1 -1
- data/spec/unit/configurer/downloader_spec.rb +6 -8
- data/spec/unit/configurer/plugin_handler_spec.rb +56 -18
- data/spec/unit/configurer_spec.rb +68 -327
- data/spec/unit/confine/feature_spec.rb +1 -1
- data/spec/unit/confine_spec.rb +2 -8
- data/spec/unit/context/trusted_information_spec.rb +2 -6
- data/spec/unit/daemon_spec.rb +11 -2
- data/spec/unit/defaults_spec.rb +68 -55
- data/spec/unit/environments_spec.rb +68 -408
- data/spec/unit/face/generate_spec.rb +0 -64
- data/spec/unit/face/node_spec.rb +11 -0
- data/spec/unit/face/plugin_spec.rb +73 -33
- data/spec/unit/file_bucket/dipper_spec.rb +2 -2
- data/spec/unit/file_bucket/file_spec.rb +1 -1
- data/spec/unit/file_serving/configuration/parser_spec.rb +15 -41
- data/spec/unit/file_serving/configuration_spec.rb +10 -26
- data/spec/unit/file_serving/fileset_spec.rb +0 -60
- data/spec/unit/file_serving/metadata_spec.rb +3 -3
- data/spec/unit/file_serving/terminus_helper_spec.rb +4 -11
- data/spec/unit/file_system_spec.rb +4 -56
- data/spec/unit/forge/module_release_spec.rb +10 -5
- data/spec/unit/functions/assert_type_spec.rb +1 -1
- data/spec/unit/functions/camelcase_spec.rb +1 -1
- data/spec/unit/functions/capitalize_spec.rb +1 -1
- data/spec/unit/functions/downcase_spec.rb +1 -1
- data/spec/unit/functions/empty_spec.rb +0 -10
- data/spec/unit/functions/logging_spec.rb +0 -1
- data/spec/unit/functions/lookup_spec.rb +0 -64
- data/spec/unit/functions/unwrap_spec.rb +0 -8
- data/spec/unit/functions/upcase_spec.rb +1 -1
- data/spec/unit/functions/versioncmp_spec.rb +4 -40
- data/spec/unit/functions4_spec.rb +2 -2
- data/spec/unit/gettext/config_spec.rb +0 -12
- data/spec/unit/http/client_spec.rb +8 -84
- data/spec/unit/{network/resolver_spec.rb → http/dns_spec.rb} +3 -3
- data/spec/unit/http/external_client_spec.rb +4 -4
- data/spec/unit/{network/http → http}/factory_spec.rb +5 -30
- data/spec/unit/{network/http/session_spec.rb → http/pool_entry_spec.rb} +3 -3
- data/spec/unit/{network/http → http}/pool_spec.rb +12 -17
- data/spec/unit/{util/http_proxy_spec.rb → http/proxy_spec.rb} +2 -69
- data/spec/unit/http/resolver_spec.rb +13 -13
- data/spec/unit/http/service/compiler_spec.rb +0 -193
- data/spec/unit/http/service/file_server_spec.rb +3 -3
- data/spec/unit/http/service/puppetserver_spec.rb +34 -4
- data/spec/unit/http/service_spec.rb +0 -1
- data/spec/unit/http/session_spec.rb +16 -14
- data/spec/unit/{network/http → http}/site_spec.rb +3 -3
- data/spec/unit/indirector/catalog/compiler_spec.rb +10 -101
- data/spec/unit/indirector/catalog/rest_spec.rb +0 -8
- data/spec/unit/indirector/face_spec.rb +1 -0
- data/spec/unit/indirector/facts/facter_spec.rb +3 -0
- data/spec/unit/indirector/file_bucket_file/file_spec.rb +5 -3
- data/spec/unit/indirector/file_bucket_file/selector_spec.rb +8 -26
- data/spec/unit/indirector/file_content/rest_spec.rb +0 -4
- data/spec/unit/indirector/file_metadata/rest_spec.rb +0 -4
- data/spec/unit/indirector/file_server_spec.rb +1 -15
- data/spec/unit/indirector/indirection_spec.rb +15 -18
- data/spec/unit/indirector/report/rest_spec.rb +2 -17
- data/spec/unit/indirector/request_spec.rb +0 -264
- data/spec/unit/indirector/resource/ral_spec.rb +75 -40
- data/spec/unit/indirector/rest_spec.rb +98 -752
- data/spec/unit/indirector/store_configs_spec.rb +7 -0
- data/spec/unit/indirector_spec.rb +2 -2
- data/spec/unit/interface/action_spec.rb +9 -0
- data/spec/unit/module_spec.rb +1 -15
- data/spec/unit/module_tool/applications/installer_spec.rb +0 -105
- data/spec/unit/network/authconfig_spec.rb +2 -129
- data/spec/unit/network/authorization_spec.rb +2 -55
- data/spec/unit/network/formats_spec.rb +4 -51
- data/spec/unit/network/http/api/indirected_routes_spec.rb +5 -92
- data/spec/unit/network/http/api/master/v3_spec.rb +28 -7
- data/spec/unit/network/http/api_spec.rb +10 -0
- data/spec/unit/network/http/connection_spec.rb +19 -41
- data/spec/unit/network/http/handler_spec.rb +0 -1
- data/spec/unit/network/http_pool_spec.rb +0 -4
- data/spec/unit/node/environment_spec.rb +33 -21
- data/spec/unit/node_spec.rb +2 -60
- data/spec/unit/parser/compiler_spec.rb +19 -3
- data/spec/unit/parser/functions/create_resources_spec.rb +2 -20
- data/spec/unit/parser/functions/fqdn_rand_spec.rb +1 -15
- data/spec/unit/parser/resource_spec.rb +8 -14
- data/spec/unit/parser/templatewrapper_spec.rb +5 -16
- data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +4 -7
- data/spec/unit/pops/loaders/loaders_spec.rb +6 -21
- data/spec/unit/pops/parser/parse_application_spec.rb +4 -22
- data/spec/unit/pops/parser/parse_basic_expressions_spec.rb +0 -1
- data/spec/unit/pops/parser/parse_capabilities_spec.rb +8 -21
- data/spec/unit/pops/parser/parse_containers_spec.rb +13 -2
- data/spec/unit/pops/parser/parse_site_spec.rb +20 -24
- data/spec/unit/pops/resource/resource_type_impl_spec.rb +0 -71
- data/spec/unit/pops/serialization/to_from_hr_spec.rb +1 -1
- data/spec/unit/pops/serialization/to_stringified_spec.rb +0 -5
- data/spec/unit/pops/types/p_sem_ver_type_spec.rb +0 -18
- data/spec/unit/pops/types/p_sensitive_type_spec.rb +0 -18
- data/spec/unit/pops/types/type_calculator_spec.rb +6 -12
- data/spec/unit/pops/types/type_factory_spec.rb +1 -1
- data/spec/unit/pops/validator/validator_spec.rb +61 -51
- data/spec/unit/pops/visitor_spec.rb +1 -1
- data/spec/unit/property_spec.rb +0 -1
- data/spec/unit/provider/group/groupadd_spec.rb +2 -5
- data/spec/unit/provider/nameservice_spec.rb +64 -122
- data/spec/unit/provider/package/apt_spec.rb +23 -28
- data/spec/unit/provider/package/aptitude_spec.rb +1 -1
- data/spec/unit/provider/package/base_spec.rb +5 -6
- data/spec/unit/provider/package/dnfmodule_spec.rb +1 -10
- data/spec/unit/provider/package/dpkg_spec.rb +0 -48
- data/spec/unit/provider/package/gem_spec.rb +33 -1
- data/spec/unit/provider/package/nim_spec.rb +0 -42
- data/spec/unit/provider/package/pacman_spec.rb +12 -18
- data/spec/unit/provider/package/pip2_spec.rb +1 -1
- data/spec/unit/provider/package/pip3_spec.rb +1 -1
- data/spec/unit/provider/package/pip_spec.rb +12 -44
- data/spec/unit/provider/package/pkg_spec.rb +4 -29
- data/spec/unit/provider/package/pkgdmg_spec.rb +4 -0
- data/spec/unit/provider/package/puppet_gem_spec.rb +4 -3
- data/spec/unit/provider/package/puppetserver_gem_spec.rb +3 -3
- data/spec/unit/provider/package/windows/exe_package_spec.rb +0 -17
- data/spec/unit/provider/parsedfile_spec.rb +0 -10
- data/spec/unit/provider/service/gentoo_spec.rb +5 -6
- data/spec/unit/provider/service/init_spec.rb +9 -16
- data/spec/unit/provider/service/launchd_spec.rb +0 -11
- data/spec/unit/provider/service/openwrt_spec.rb +29 -23
- data/spec/unit/provider/service/redhat_spec.rb +2 -3
- data/spec/unit/provider/service/smf_spec.rb +401 -165
- data/spec/unit/provider/service/systemd_spec.rb +9 -54
- data/spec/unit/provider/service/windows_spec.rb +0 -203
- data/spec/unit/provider/user/aix_spec.rb +0 -105
- data/spec/unit/provider/user/directoryservice_spec.rb +36 -68
- data/spec/unit/provider/user/hpux_spec.rb +1 -1
- data/spec/unit/provider/user/pw_spec.rb +0 -2
- data/spec/unit/provider/user/useradd_spec.rb +5 -114
- data/spec/unit/provider_spec.rb +12 -22
- data/spec/unit/puppet_spec.rb +4 -12
- data/spec/unit/resource/catalog_spec.rb +2 -15
- data/spec/unit/resource/type_collection_spec.rb +2 -22
- data/spec/unit/resource/type_spec.rb +1 -1
- data/spec/unit/resource_spec.rb +12 -125
- data/spec/unit/settings/http_extra_headers_spec.rb +2 -4
- data/spec/unit/settings/integer_setting_spec.rb +42 -0
- data/spec/unit/settings/port_setting_spec.rb +31 -0
- data/spec/unit/settings/priority_setting_spec.rb +4 -4
- data/spec/unit/settings_spec.rb +79 -110
- data/spec/unit/ssl/base_spec.rb +37 -3
- data/spec/unit/ssl/certificate_request_spec.rb +21 -45
- data/spec/unit/ssl/certificate_spec.rb +2 -11
- data/spec/unit/ssl/ssl_provider_spec.rb +3 -80
- data/spec/unit/ssl/state_machine_spec.rb +5 -21
- data/spec/unit/ssl/verifier_spec.rb +0 -21
- data/spec/unit/transaction/additional_resource_generator_spec.rb +9 -3
- data/spec/unit/transaction/event_manager_spec.rb +11 -14
- data/spec/unit/transaction/persistence_spec.rb +0 -51
- data/spec/unit/transaction/report_spec.rb +0 -2
- data/spec/unit/transaction/resource_harness_spec.rb +2 -2
- data/spec/unit/transaction_spec.rb +55 -96
- data/spec/unit/type/exec_spec.rb +29 -76
- data/spec/unit/type/file/checksum_spec.rb +6 -6
- data/spec/unit/type/file/content_spec.rb +2 -1
- data/spec/unit/type/file/ensure_spec.rb +1 -1
- data/spec/unit/type/file/mode_spec.rb +1 -1
- data/spec/unit/type/file/selinux_spec.rb +5 -3
- data/spec/unit/type/file/source_spec.rb +4 -5
- data/spec/unit/type/file_spec.rb +18 -6
- data/spec/unit/type/group_spec.rb +6 -13
- data/spec/unit/type/package_spec.rb +1 -1
- data/spec/unit/type/resources_spec.rb +7 -7
- data/spec/unit/type/service_spec.rb +189 -87
- data/spec/unit/type/tidy_spec.rb +8 -24
- data/spec/unit/type_spec.rb +24 -4
- data/spec/unit/util/at_fork_spec.rb +2 -2
- data/spec/unit/util/autoload_spec.rb +1 -5
- data/spec/unit/util/backups_spec.rb +2 -3
- data/spec/unit/util/execution_spec.rb +11 -44
- data/spec/unit/util/inifile_spec.rb +14 -6
- data/spec/unit/util/log_spec.rb +7 -8
- data/spec/unit/util/logging_spec.rb +3 -5
- data/spec/unit/util/monkey_patches_spec.rb +0 -6
- data/spec/unit/util/posix_spec.rb +15 -363
- data/spec/unit/util/run_mode_spec.rb +21 -121
- data/spec/unit/util/selinux_spec.rb +68 -163
- data/spec/unit/util/storage_spec.rb +1 -3
- data/spec/unit/util/suidmanager_spec.rb +41 -44
- data/spec/unit/util/windows/sid_spec.rb +0 -41
- data/spec/unit/util/windows/string_spec.rb +1 -3
- data/spec/unit/util/yaml_spec.rb +13 -92
- data/spec/unit/util_spec.rb +6 -31
- data/tasks/generate_cert_fixtures.rake +7 -17
- data/tasks/parallel.rake +3 -3
- metadata +138 -233
- data/conf/auth.conf +0 -150
- data/ext/README.md +0 -13
- data/lib/puppet/application/cert.rb +0 -76
- data/lib/puppet/application/key.rb +0 -4
- data/lib/puppet/application/man.rb +0 -4
- data/lib/puppet/application/status.rb +0 -4
- data/lib/puppet/face/key.rb +0 -16
- data/lib/puppet/face/man.rb +0 -145
- data/lib/puppet/face/module/build.rb +0 -14
- data/lib/puppet/face/module/generate.rb +0 -14
- data/lib/puppet/face/module/search.rb +0 -103
- data/lib/puppet/face/status.rb +0 -51
- data/lib/puppet/facter_impl.rb +0 -96
- data/lib/puppet/ffi/posix/constants.rb +0 -14
- data/lib/puppet/ffi/posix/functions.rb +0 -24
- data/lib/puppet/ffi/posix.rb +0 -10
- data/lib/puppet/file_serving/mount/scripts.rb +0 -24
- data/lib/puppet/indirector/certificate/file.rb +0 -9
- data/lib/puppet/indirector/certificate/rest.rb +0 -18
- data/lib/puppet/indirector/certificate_request/file.rb +0 -9
- data/lib/puppet/indirector/certificate_request/memory.rb +0 -7
- data/lib/puppet/indirector/certificate_request/rest.rb +0 -11
- data/lib/puppet/indirector/file_content/http.rb +0 -22
- data/lib/puppet/indirector/key/file.rb +0 -46
- data/lib/puppet/indirector/key/memory.rb +0 -7
- data/lib/puppet/indirector/ssl_file.rb +0 -162
- data/lib/puppet/indirector/status/local.rb +0 -12
- data/lib/puppet/indirector/status/rest.rb +0 -27
- data/lib/puppet/indirector/status.rb +0 -3
- data/lib/puppet/module_tool/applications/searcher.rb +0 -29
- data/lib/puppet/network/auth_config_parser.rb +0 -90
- data/lib/puppet/network/authstore.rb +0 -283
- data/lib/puppet/network/http/api/master/v3/authorization.rb +0 -18
- data/lib/puppet/network/http/api/master/v3/environment.rb +0 -88
- data/lib/puppet/network/http/base_pool.rb +0 -36
- data/lib/puppet/network/http/compression.rb +0 -127
- data/lib/puppet/network/http/connection_adapter.rb +0 -184
- data/lib/puppet/network/http/nocache_pool.rb +0 -28
- data/lib/puppet/network/rest_controller.rb +0 -2
- data/lib/puppet/network/rights.rb +0 -210
- data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +0 -66
- data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +0 -22
- data/lib/puppet/parser/environment_compiler.rb +0 -202
- data/lib/puppet/pops/types/enumeration.rb +0 -16
- data/lib/puppet/resource/capability_finder.rb +0 -154
- data/lib/puppet/rest/errors.rb +0 -15
- data/lib/puppet/rest/response.rb +0 -35
- data/lib/puppet/rest/route.rb +0 -85
- data/lib/puppet/rest/routes.rb +0 -135
- data/lib/puppet/settings/alias_setting.rb +0 -37
- data/lib/puppet/ssl/host.rb +0 -505
- data/lib/puppet/ssl/key.rb +0 -61
- data/lib/puppet/ssl/validator/default_validator.rb +0 -209
- data/lib/puppet/ssl/validator/no_validator.rb +0 -22
- data/lib/puppet/ssl/validator.rb +0 -61
- data/lib/puppet/ssl/verifier_adapter.rb +0 -58
- data/lib/puppet/status.rb +0 -40
- data/lib/puppet/util/connection.rb +0 -88
- data/lib/puppet/util/fact_dif.rb +0 -81
- data/lib/puppet/util/ssl.rb +0 -83
- data/lib/puppet/util/windows/api_types.rb +0 -309
- data/lib/puppet/util/windows/monkey_patches/dir.rb +0 -40
- data/lib/puppet/vendor/load_pathspec.rb +0 -1
- data/lib/puppet/vendor/pathspec/CHANGELOG.md +0 -2
- data/lib/puppet/vendor/pathspec/LICENSE +0 -201
- data/lib/puppet/vendor/pathspec/PUPPET_README.md +0 -6
- data/lib/puppet/vendor/pathspec/README.md +0 -53
- data/lib/puppet/vendor/pathspec/lib/pathspec/gitignorespec.rb +0 -275
- data/lib/puppet/vendor/pathspec/lib/pathspec/regexspec.rb +0 -17
- data/lib/puppet/vendor/pathspec/lib/pathspec/spec.rb +0 -14
- data/lib/puppet/vendor/pathspec/lib/pathspec.rb +0 -122
- data/man/man8/puppet-key.8 +0 -126
- data/man/man8/puppet-man.8 +0 -76
- data/man/man8/puppet-status.8 +0 -108
- data/spec/fixtures/integration/application/agent/cached_deferred_catalog.json +0 -92
- data/spec/fixtures/integration/application/agent/lib/facter/agent_spec_role.rb +0 -3
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/Gemfile +0 -4
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/Rakefile +0 -3
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/lib/puppet/functions/l10n.rb +0 -8
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/config.yaml +0 -25
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/ja/puppet-l10n.po +0 -19
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/puppet-l10n.pot +0 -20
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/metadata.json +0 -8
- data/spec/fixtures/ssl/oid-key.pem +0 -117
- data/spec/fixtures/ssl/oid.pem +0 -69
- data/spec/fixtures/ssl/trusted_oid_mapping.yaml +0 -5
- data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services_vendor_preset +0 -9
- data/spec/integration/application/resource_spec.rb +0 -68
- data/spec/integration/application/ssl_spec.rb +0 -20
- data/spec/integration/l10n/compiler_spec.rb +0 -37
- data/spec/integration/network/authconfig_spec.rb +0 -256
- data/spec/integration/util/windows/monkey_patches/dir_spec.rb +0 -11
- data/spec/shared_contexts/l10n.rb +0 -32
- data/spec/unit/application/man_spec.rb +0 -52
- data/spec/unit/capability_spec.rb +0 -414
- data/spec/unit/concurrent/thread_local_singleton_spec.rb +0 -39
- data/spec/unit/face/key_spec.rb +0 -9
- data/spec/unit/face/module/search_spec.rb +0 -231
- data/spec/unit/face/status_spec.rb +0 -9
- data/spec/unit/facter_impl_spec.rb +0 -31
- data/spec/unit/file_serving/mount/scripts_spec.rb +0 -69
- data/spec/unit/indirector/certificate/file_spec.rb +0 -14
- data/spec/unit/indirector/certificate/rest_spec.rb +0 -61
- data/spec/unit/indirector/certificate_request/file_spec.rb +0 -14
- data/spec/unit/indirector/certificate_request/rest_spec.rb +0 -25
- data/spec/unit/indirector/key/file_spec.rb +0 -78
- data/spec/unit/indirector/ssl_file_spec.rb +0 -305
- data/spec/unit/indirector/status/local_spec.rb +0 -10
- data/spec/unit/indirector/status/rest_spec.rb +0 -50
- data/spec/unit/module_tool/applications/searcher_spec.rb +0 -38
- data/spec/unit/network/auth_config_parser_spec.rb +0 -115
- data/spec/unit/network/authstore_spec.rb +0 -407
- data/spec/unit/network/http/api/master/v3/authorization_spec.rb +0 -57
- data/spec/unit/network/http/api/master/v3/environment_spec.rb +0 -185
- data/spec/unit/network/http/compression_spec.rb +0 -240
- data/spec/unit/network/http/nocache_pool_spec.rb +0 -64
- data/spec/unit/network/http_spec.rb +0 -9
- data/spec/unit/network/rights_spec.rb +0 -439
- data/spec/unit/parser/environment_compiler_spec.rb +0 -730
- data/spec/unit/pops/evaluator/deferred_resolver_spec.rb +0 -20
- data/spec/unit/pops/types/enumeration_spec.rb +0 -51
- data/spec/unit/resource/capability_finder_spec.rb +0 -148
- data/spec/unit/rest/route_spec.rb +0 -132
- data/spec/unit/ssl/host_spec.rb +0 -645
- data/spec/unit/ssl/key_spec.rb +0 -173
- data/spec/unit/ssl/validator_spec.rb +0 -278
- data/spec/unit/status_spec.rb +0 -45
- data/spec/unit/util/json_spec.rb +0 -126
- data/spec/unit/util/ssl_spec.rb +0 -91
- data/spec/unit/util/windows_spec.rb +0 -23
data/lib/puppet/ssl/host.rb
DELETED
@@ -1,505 +0,0 @@
|
|
1
|
-
require 'puppet/ssl'
|
2
|
-
require 'puppet/ssl/key'
|
3
|
-
require 'puppet/ssl/certificate'
|
4
|
-
require 'puppet/ssl/certificate_request'
|
5
|
-
require 'puppet/ssl/certificate_request_attributes'
|
6
|
-
require 'puppet/ssl/state_machine'
|
7
|
-
require 'puppet/rest/errors'
|
8
|
-
require 'puppet/rest/routes'
|
9
|
-
|
10
|
-
# The class that manages all aspects of our SSL certificates --
|
11
|
-
# private keys, public keys, requests, etc.
|
12
|
-
#
|
13
|
-
# @deprecated Use {Puppet::SSL::SSLProvider} instead.
|
14
|
-
class Puppet::SSL::Host
|
15
|
-
# Yay, ruby's strange constant lookups.
|
16
|
-
Key = Puppet::SSL::Key
|
17
|
-
CA_NAME = Puppet::SSL::CA_NAME
|
18
|
-
Certificate = Puppet::SSL::Certificate
|
19
|
-
CertificateRequest = Puppet::SSL::CertificateRequest
|
20
|
-
|
21
|
-
attr_reader :name, :device, :crl_path
|
22
|
-
|
23
|
-
attr_writer :key, :certificate, :certificate_request, :crl_usage
|
24
|
-
|
25
|
-
def self.localhost(suppress_warning = false)
|
26
|
-
return @localhost if @localhost
|
27
|
-
@localhost = new(nil, false, suppress_warning)
|
28
|
-
@localhost.generate unless @localhost.certificate
|
29
|
-
@localhost.key
|
30
|
-
@localhost
|
31
|
-
end
|
32
|
-
|
33
|
-
def self.reset
|
34
|
-
@localhost = nil
|
35
|
-
end
|
36
|
-
|
37
|
-
# Configure how our various classes interact with their various terminuses.
|
38
|
-
def self.configure_indirection(terminus, cache = nil)
|
39
|
-
Certificate.indirection.terminus_class = terminus
|
40
|
-
CertificateRequest.indirection.terminus_class = terminus
|
41
|
-
|
42
|
-
if cache
|
43
|
-
# This is weird; we don't actually cache our keys, we
|
44
|
-
# use what would otherwise be the cache as our normal
|
45
|
-
# terminus.
|
46
|
-
Key.indirection.terminus_class = cache
|
47
|
-
else
|
48
|
-
Key.indirection.terminus_class = terminus
|
49
|
-
end
|
50
|
-
|
51
|
-
if cache
|
52
|
-
Certificate.indirection.cache_class = cache
|
53
|
-
CertificateRequest.indirection.cache_class = cache
|
54
|
-
else
|
55
|
-
# Make sure we have no cache configured. puppet master
|
56
|
-
# switches the configurations around a bit, so it's important
|
57
|
-
# that we specify the configs for absolutely everything, every
|
58
|
-
# time.
|
59
|
-
Certificate.indirection.cache_class = nil
|
60
|
-
CertificateRequest.indirection.cache_class = nil
|
61
|
-
end
|
62
|
-
end
|
63
|
-
|
64
|
-
def self.from_data_hash(data)
|
65
|
-
instance = new(data["name"])
|
66
|
-
if data["desired_state"]
|
67
|
-
instance.desired_state = data["desired_state"]
|
68
|
-
end
|
69
|
-
instance
|
70
|
-
end
|
71
|
-
|
72
|
-
def key
|
73
|
-
@key ||= Key.indirection.find(name)
|
74
|
-
end
|
75
|
-
|
76
|
-
# This is the private key; we can create it from scratch
|
77
|
-
# with no inputs.
|
78
|
-
def generate_key
|
79
|
-
@key = Key.new(name)
|
80
|
-
@key.generate
|
81
|
-
begin
|
82
|
-
Key.indirection.save(@key)
|
83
|
-
rescue
|
84
|
-
@key = nil
|
85
|
-
raise
|
86
|
-
end
|
87
|
-
true
|
88
|
-
end
|
89
|
-
|
90
|
-
# Our certificate request requires the key but that's all.
|
91
|
-
def generate_certificate_request(options = {})
|
92
|
-
generate_key unless key
|
93
|
-
|
94
|
-
# If this CSR is for the current machine...
|
95
|
-
if name == Puppet[:certname].downcase
|
96
|
-
# ...add our configured dns_alt_names
|
97
|
-
if Puppet[:dns_alt_names] and Puppet[:dns_alt_names] != ''
|
98
|
-
options[:dns_alt_names] ||= Puppet[:dns_alt_names]
|
99
|
-
end
|
100
|
-
end
|
101
|
-
|
102
|
-
csr_attributes = Puppet::SSL::CertificateRequestAttributes.new(Puppet[:csr_attributes])
|
103
|
-
if csr_attributes.load
|
104
|
-
options[:csr_attributes] = csr_attributes.custom_attributes
|
105
|
-
options[:extension_requests] = csr_attributes.extension_requests
|
106
|
-
end
|
107
|
-
|
108
|
-
@certificate_request = CertificateRequest.new(name)
|
109
|
-
@certificate_request.generate(key.content, options)
|
110
|
-
begin
|
111
|
-
submit_certificate_request(@certificate_request)
|
112
|
-
save_certificate_request(@certificate_request)
|
113
|
-
rescue
|
114
|
-
@certificate_request = nil
|
115
|
-
raise
|
116
|
-
end
|
117
|
-
|
118
|
-
true
|
119
|
-
end
|
120
|
-
|
121
|
-
def certificate
|
122
|
-
unless @certificate
|
123
|
-
generate_key unless key
|
124
|
-
|
125
|
-
# get CA and optional CRL
|
126
|
-
sm = Puppet::SSL::StateMachine.new(onetime: true)
|
127
|
-
sm.ensure_ca_certificates
|
128
|
-
|
129
|
-
cert = get_host_certificate
|
130
|
-
return nil unless cert
|
131
|
-
|
132
|
-
validate_certificate_with_key(cert)
|
133
|
-
@certificate = cert
|
134
|
-
end
|
135
|
-
@certificate
|
136
|
-
end
|
137
|
-
|
138
|
-
# The puppet parameters for commands output by the validate_ methods depend
|
139
|
-
# upon whether this is an agent or a device.
|
140
|
-
|
141
|
-
def clean_params
|
142
|
-
@device ? "--target #{Puppet[:certname]}" : ''
|
143
|
-
end
|
144
|
-
|
145
|
-
def puppet_params
|
146
|
-
@device ? "device -v --target #{Puppet[:certname]}" : 'agent -t'
|
147
|
-
end
|
148
|
-
|
149
|
-
# Validate that our private key matches the specified certificate.
|
150
|
-
#
|
151
|
-
# @param [Puppet::SSL::Certificate] cert the certificate to check
|
152
|
-
# @raises [Puppet::Error] if the private key does not match
|
153
|
-
def validate_certificate_with_key(cert)
|
154
|
-
raise Puppet::Error, _("No certificate to validate.") unless cert
|
155
|
-
raise Puppet::Error, _("No private key with which to validate certificate with fingerprint: %{fingerprint}") % { fingerprint: cert.fingerprint } unless key
|
156
|
-
unless cert.content.check_private_key(key.content)
|
157
|
-
raise Puppet::Error, _(<<ERROR_STRING) % { fingerprint: cert.fingerprint, cert_name: Puppet[:certname], clean_params: clean_params, puppet_params: puppet_params }
|
158
|
-
The certificate retrieved from the master does not match the agent's private key. Did you forget to run as root?
|
159
|
-
Certificate fingerprint: %{fingerprint}
|
160
|
-
To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certificate.
|
161
|
-
On the master:
|
162
|
-
puppetserver ca clean --certname %{cert_name}
|
163
|
-
On the agent:
|
164
|
-
1. puppet ssl clean %{clean_params}
|
165
|
-
2. puppet %{puppet_params}
|
166
|
-
ERROR_STRING
|
167
|
-
end
|
168
|
-
end
|
169
|
-
|
170
|
-
def download_host_certificate
|
171
|
-
cert = download_certificate_from_ca(name)
|
172
|
-
return nil unless cert
|
173
|
-
|
174
|
-
validate_certificate_with_key(cert)
|
175
|
-
save_host_certificate(cert)
|
176
|
-
cert
|
177
|
-
end
|
178
|
-
|
179
|
-
# Search for an existing CSR for this host either cached on
|
180
|
-
# disk or stored by the CA. Returns nil if no request exists.
|
181
|
-
# @return [Puppet::SSL::CertificateRequest, nil]
|
182
|
-
def certificate_request
|
183
|
-
unless @certificate_request
|
184
|
-
csr = load_certificate_request_from_file
|
185
|
-
if csr
|
186
|
-
@certificate_request = csr
|
187
|
-
else
|
188
|
-
csr = download_csr_from_ca
|
189
|
-
if csr
|
190
|
-
@certificate_request = csr
|
191
|
-
end
|
192
|
-
end
|
193
|
-
end
|
194
|
-
@certificate_request
|
195
|
-
end
|
196
|
-
|
197
|
-
# Generate all necessary parts of our ssl host.
|
198
|
-
def generate
|
199
|
-
generate_key unless key
|
200
|
-
|
201
|
-
existing_request = certificate_request
|
202
|
-
|
203
|
-
# if CSR downloaded from master, but the local keypair was just generated and
|
204
|
-
# does not match the public key in the CSR, fail hard
|
205
|
-
validate_csr_with_key(existing_request, key) if existing_request
|
206
|
-
|
207
|
-
generate_certificate_request unless existing_request
|
208
|
-
end
|
209
|
-
|
210
|
-
def validate_csr_with_key(csr, key)
|
211
|
-
if key.content.public_key.to_s != csr.content.public_key.to_s
|
212
|
-
raise Puppet::Error, _(<<ERROR_STRING) % { fingerprint: csr.fingerprint, csr_public_key: csr.content.public_key.to_text, agent_public_key: key.content.public_key.to_text, cert_name: Puppet[:certname], clean_params: clean_params, puppet_params: puppet_params }
|
213
|
-
The CSR retrieved from the master does not match the agent's public key.
|
214
|
-
CSR fingerprint: %{fingerprint}
|
215
|
-
CSR public key: %{csr_public_key}
|
216
|
-
Agent public key: %{agent_public_key}
|
217
|
-
To fix this, remove the CSR from both the master and the agent and then start a puppet run, which will automatically regenerate a CSR.
|
218
|
-
On the master:
|
219
|
-
puppetserver ca clean --certname %{cert_name}
|
220
|
-
On the agent:
|
221
|
-
1. puppet ssl clean %{clean_params}
|
222
|
-
2. puppet %{puppet_params}
|
223
|
-
ERROR_STRING
|
224
|
-
end
|
225
|
-
end
|
226
|
-
private :validate_csr_with_key
|
227
|
-
|
228
|
-
def initialize(name = nil, device = false, suppress_warning = false)
|
229
|
-
@name = (name || Puppet[:certname]).downcase
|
230
|
-
@device = device
|
231
|
-
Puppet::SSL::Base.validate_certname(@name)
|
232
|
-
@key = @certificate = @certificate_request = nil
|
233
|
-
@crl_usage = Puppet.settings[:certificate_revocation]
|
234
|
-
@crl_path = Puppet.settings[:hostcrl]
|
235
|
-
Puppet.deprecation_warning(_("Puppet::SSL::Host is deprecated and will be removed in a future release of Puppet.")) unless suppress_warning
|
236
|
-
end
|
237
|
-
|
238
|
-
# Extract the public key from the private key.
|
239
|
-
def public_key
|
240
|
-
key.content.public_key
|
241
|
-
end
|
242
|
-
|
243
|
-
def use_crl?
|
244
|
-
!!@crl_usage
|
245
|
-
end
|
246
|
-
|
247
|
-
def use_crl_chain?
|
248
|
-
@crl_usage == true || @crl_usage == :chain
|
249
|
-
end
|
250
|
-
|
251
|
-
# Create/return a store that uses our SSL info to validate
|
252
|
-
# connections.
|
253
|
-
def ssl_store(purpose = OpenSSL::X509::PURPOSE_ANY)
|
254
|
-
if @ssl_store.nil?
|
255
|
-
@ssl_store = build_ssl_store(purpose)
|
256
|
-
end
|
257
|
-
@ssl_store
|
258
|
-
end
|
259
|
-
|
260
|
-
# Attempt to retrieve a cert, if we don't already have one.
|
261
|
-
def wait_for_cert(time)
|
262
|
-
begin
|
263
|
-
return if certificate
|
264
|
-
generate
|
265
|
-
return if certificate
|
266
|
-
rescue StandardError => detail
|
267
|
-
Puppet.log_exception(detail, _("Could not request certificate: %{message}") % { message: detail.message })
|
268
|
-
if time < 1
|
269
|
-
puts _("Exiting; failed to retrieve certificate and waitforcert is disabled")
|
270
|
-
exit(1)
|
271
|
-
else
|
272
|
-
sleep(time)
|
273
|
-
end
|
274
|
-
retry
|
275
|
-
end
|
276
|
-
|
277
|
-
if time < 1
|
278
|
-
puts _("Exiting; no certificate found and waitforcert is disabled")
|
279
|
-
exit(1)
|
280
|
-
end
|
281
|
-
|
282
|
-
loop do
|
283
|
-
sleep time
|
284
|
-
begin
|
285
|
-
break if certificate
|
286
|
-
Puppet.notice _("Did not receive certificate")
|
287
|
-
rescue StandardError => detail
|
288
|
-
Puppet.log_exception(detail, _("Could not request certificate: %{message}") % { message: detail.message })
|
289
|
-
end
|
290
|
-
end
|
291
|
-
end
|
292
|
-
|
293
|
-
# Saves the given certificate to disc, at a location determined by this
|
294
|
-
# host's configuration.
|
295
|
-
# @param [Puppet::SSL::Certificate] cert the cert to save
|
296
|
-
def save_host_certificate(cert)
|
297
|
-
file_path = certificate_location(name)
|
298
|
-
Puppet::Util.replace_file(file_path, 0644) do |f|
|
299
|
-
f.write(cert.to_s)
|
300
|
-
end
|
301
|
-
end
|
302
|
-
|
303
|
-
private
|
304
|
-
|
305
|
-
# Load a previously generated CSR from disk
|
306
|
-
# @return [Puppet::SSL::CertificateRequest, nil]
|
307
|
-
def load_certificate_request_from_file
|
308
|
-
request_path = certificate_request_location(name)
|
309
|
-
if Puppet::FileSystem.exist?(request_path)
|
310
|
-
Puppet::SSL::CertificateRequest.from_s(Puppet::FileSystem.read(request_path))
|
311
|
-
end
|
312
|
-
end
|
313
|
-
|
314
|
-
# Download the CSR for this host from the CA. Returns nil if the CA
|
315
|
-
# has no saved CSR for this host.
|
316
|
-
# @raises [Puppet::Error] if the response from the server is not a valid
|
317
|
-
# CSR or an error occurs while fetching.
|
318
|
-
# @return [Puppet::SSL::CertificateRequest, nil]
|
319
|
-
def download_csr_from_ca
|
320
|
-
begin
|
321
|
-
body = Puppet::Rest::Routes.get_certificate_request(
|
322
|
-
name, Puppet::SSL::SSLContext.new(store: ssl_store))
|
323
|
-
begin
|
324
|
-
Puppet::SSL::CertificateRequest.from_s(body)
|
325
|
-
rescue OpenSSL::X509::RequestError => e
|
326
|
-
raise Puppet::Error, _("Response from the CA did not contain a valid certificate request: %{message}") % { message: e.message }
|
327
|
-
end
|
328
|
-
rescue Puppet::Rest::ResponseError => e
|
329
|
-
if e.response.code.to_i == 404
|
330
|
-
nil
|
331
|
-
else
|
332
|
-
raise Puppet::Error, _('Could not download certificate request: %{message}') % { message: e.message }
|
333
|
-
end
|
334
|
-
end
|
335
|
-
end
|
336
|
-
# Submit the CSR to the CA via an HTTP PUT request.
|
337
|
-
# @param [Puppet::SSL::CertificateRequest] csr the request to submit
|
338
|
-
def submit_certificate_request(csr)
|
339
|
-
Puppet::Rest::Routes.put_certificate_request(
|
340
|
-
csr.render, name, Puppet::SSL::SSLContext.new(store: ssl_store))
|
341
|
-
end
|
342
|
-
|
343
|
-
def save_certificate_request(csr)
|
344
|
-
Puppet::Util.replace_file(certificate_request_location(name), 0644) do |file|
|
345
|
-
file.write(csr.render)
|
346
|
-
end
|
347
|
-
end
|
348
|
-
|
349
|
-
# @param crl_string [String] CRLs read from disk or obtained from server
|
350
|
-
# @return [Array<OpenSSL::X509::CRL>] CRLs from chain
|
351
|
-
# @raise [Puppet::Error<OpenSSL::X509::CRLError>] if the CRL chain is malformed
|
352
|
-
def process_crl_string(crl_string)
|
353
|
-
delimiters = /-----BEGIN X509 CRL-----.*?-----END X509 CRL-----/m
|
354
|
-
crl_string.scan(delimiters).map do |crl|
|
355
|
-
begin
|
356
|
-
OpenSSL::X509::CRL.new(crl)
|
357
|
-
rescue OpenSSL::X509::CRLError => e
|
358
|
-
raise Puppet::Error.new(
|
359
|
-
_("Failed attempting to load CRL from %{crl_path}! The CRL below caused the error '%{error}':\n%{crl}" % {crl_path: crl_path, error: e.message, crl: crl}),
|
360
|
-
e)
|
361
|
-
end
|
362
|
-
end
|
363
|
-
end
|
364
|
-
|
365
|
-
# @param path [String] Path to CRL Chain
|
366
|
-
# @return [Array<OpenSSL::X509::CRL>] CRLs from chain
|
367
|
-
# @raise [Puppet::Error<OpenSSL::X509::CRLError>] if the CRL chain is malformed
|
368
|
-
def load_crls(path)
|
369
|
-
crls_pems = Puppet::FileSystem.read(path, encoding: Encoding::UTF_8)
|
370
|
-
process_crl_string(crls_pems)
|
371
|
-
end
|
372
|
-
|
373
|
-
# Fetches and saves the crl bundle from the CA server without validating
|
374
|
-
# its contents. Takes an optional store to use with the http_client,
|
375
|
-
# necessary for initial download of the CRL because `build_ssl_store`
|
376
|
-
# calls this `download_and_save_crl_bundle`. If there is an error during
|
377
|
-
# this downloading process, the file should not be replaced at all. This
|
378
|
-
# streams the file directly to disk to avoid loading the entire CRL in memory.
|
379
|
-
# @param [OpenSSL::X509::Store] store optional ssl_store to use with http_client
|
380
|
-
# @raise [Puppet::Error<Puppet::Rest::ResponseError>] if bad response from server
|
381
|
-
# @return nil
|
382
|
-
def download_and_save_crl_bundle(store=nil)
|
383
|
-
begin
|
384
|
-
# If no SSL store was supplied, use this host's SSL store
|
385
|
-
store ||= ssl_store
|
386
|
-
Puppet::Util.replace_file(crl_path, 0644) do |file|
|
387
|
-
result = Puppet::Rest::Routes.get_crls(CA_NAME, Puppet::SSL::SSLContext.new(store: store))
|
388
|
-
file.write(result)
|
389
|
-
end
|
390
|
-
rescue Puppet::Rest::ResponseError => e
|
391
|
-
raise Puppet::Error, _('Could not download CRLs: %{message}') % { message: e.message }
|
392
|
-
end
|
393
|
-
end
|
394
|
-
|
395
|
-
# Attempts to load or fetch this host's certificate. Returns nil if
|
396
|
-
# no certificate could be found.
|
397
|
-
# @return [Puppet::SSL::Certificate, nil]
|
398
|
-
def get_host_certificate
|
399
|
-
cert = check_for_certificate_on_disk(name)
|
400
|
-
if cert
|
401
|
-
return cert
|
402
|
-
else
|
403
|
-
cert = download_certificate_from_ca(name)
|
404
|
-
if cert
|
405
|
-
save_host_certificate(cert)
|
406
|
-
return cert
|
407
|
-
else
|
408
|
-
return nil
|
409
|
-
end
|
410
|
-
end
|
411
|
-
end
|
412
|
-
|
413
|
-
# Checks for the requested certificate on disc, at a location
|
414
|
-
# determined by this host's configuration.
|
415
|
-
# @name [String] name the name of the cert to look for
|
416
|
-
# @raise [Puppet::Error] if contents of certificate file is invalid
|
417
|
-
# and could not be loaded
|
418
|
-
# @return [Puppet::SSL::Certificate, nil]
|
419
|
-
def check_for_certificate_on_disk(cert_name)
|
420
|
-
file_path = certificate_location(cert_name)
|
421
|
-
if Puppet::FileSystem.exist?(file_path)
|
422
|
-
begin
|
423
|
-
Puppet::SSL::Certificate.from_s(Puppet::FileSystem.read(file_path))
|
424
|
-
rescue OpenSSL::X509::CertificateError
|
425
|
-
raise Puppet::Error, _("The certificate at %{file_path} is invalid. Could not load.") % { file_path: file_path }
|
426
|
-
end
|
427
|
-
end
|
428
|
-
end
|
429
|
-
public :check_for_certificate_on_disk
|
430
|
-
|
431
|
-
# Attempts to download this host's certificate from the CA server.
|
432
|
-
# Returns nil if the CA does not yet have a signed cert for this host.
|
433
|
-
# @param [String] name then name of the cert to fetch
|
434
|
-
# @raise [Puppet::Error] if response from the CA does not contain a valid
|
435
|
-
# certificate
|
436
|
-
# @return [Puppet::SSL::Certificate, nil]
|
437
|
-
def download_certificate_from_ca(cert_name)
|
438
|
-
begin
|
439
|
-
cert = Puppet::Rest::Routes.get_certificate(
|
440
|
-
cert_name,
|
441
|
-
Puppet::SSL::SSLContext.new(store: ssl_store)
|
442
|
-
)
|
443
|
-
begin
|
444
|
-
Puppet::SSL::Certificate.from_s(cert)
|
445
|
-
rescue OpenSSL::X509::CertificateError
|
446
|
-
raise Puppet::Error, _("Response from the CA did not contain a valid certificate for %{cert_name}.") % { cert_name: cert_name }
|
447
|
-
end
|
448
|
-
rescue Puppet::Rest::ResponseError => e
|
449
|
-
if e.response.code.to_i == 404
|
450
|
-
Puppet.debug _("No certificate for %{cert_name} on CA") % { cert_name: cert_name }
|
451
|
-
nil
|
452
|
-
else
|
453
|
-
raise Puppet::Rest::ResponseError, _("Could not download host certificate: %{message}") % { message: e.message }
|
454
|
-
end
|
455
|
-
end
|
456
|
-
end
|
457
|
-
public :download_certificate_from_ca
|
458
|
-
|
459
|
-
# Returns the file path for the named certificate, based on this host's
|
460
|
-
# configuration.
|
461
|
-
# @param [String] name the name of the cert to find
|
462
|
-
# @return [String] file path to the cert's location
|
463
|
-
def certificate_location(cert_name)
|
464
|
-
cert_name == CA_NAME ? Puppet[:localcacert] : File.join(Puppet[:certdir], "#{cert_name}.pem")
|
465
|
-
end
|
466
|
-
|
467
|
-
# Returns the file path for the named CSR, based on this host's configuration.
|
468
|
-
# @param [String] name the name of the CSR to find
|
469
|
-
# @return [String] file path to the CSR's location
|
470
|
-
def certificate_request_location(cert_name)
|
471
|
-
File.join(Puppet[:requestdir], "#{cert_name}.pem")
|
472
|
-
end
|
473
|
-
|
474
|
-
# @param [OpenSSL::X509::PURPOSE_*] constant defining the kinds of certs
|
475
|
-
# this store can verify
|
476
|
-
# @return [OpenSSL::X509::Store]
|
477
|
-
# @raise [OpenSSL::X509::StoreError] if localcacert is malformed or non-existant
|
478
|
-
# @raise [Puppet::Error] if the CRL chain is malformed
|
479
|
-
# @raise [Errno::ENOENT] if the CRL does not exist on disk but use_crl? is true
|
480
|
-
def build_ssl_store(purpose=OpenSSL::X509::PURPOSE_ANY)
|
481
|
-
store = OpenSSL::X509::Store.new
|
482
|
-
store.purpose = purpose
|
483
|
-
|
484
|
-
# Use the file path here, because we don't want to cause
|
485
|
-
# a lookup in the middle of setting our ssl connection.
|
486
|
-
store.add_file(Puppet.settings[:localcacert])
|
487
|
-
|
488
|
-
if use_crl?
|
489
|
-
if !Puppet::FileSystem.exist?(crl_path)
|
490
|
-
download_and_save_crl_bundle(store)
|
491
|
-
end
|
492
|
-
|
493
|
-
crls = load_crls(crl_path)
|
494
|
-
|
495
|
-
flags = OpenSSL::X509::V_FLAG_CRL_CHECK
|
496
|
-
if use_crl_chain?
|
497
|
-
flags |= OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
|
498
|
-
end
|
499
|
-
|
500
|
-
store.flags = flags
|
501
|
-
crls.each {|crl| store.add_crl(crl) }
|
502
|
-
end
|
503
|
-
store
|
504
|
-
end
|
505
|
-
end
|
data/lib/puppet/ssl/key.rb
DELETED
@@ -1,61 +0,0 @@
|
|
1
|
-
require 'puppet/ssl/base'
|
2
|
-
require 'puppet/indirector'
|
3
|
-
|
4
|
-
# Manage private and public keys as a pair.
|
5
|
-
#
|
6
|
-
# @deprecated Use {Puppet::SSL::SSLProvider} instead.
|
7
|
-
class Puppet::SSL::Key < Puppet::SSL::Base
|
8
|
-
wraps OpenSSL::PKey::RSA
|
9
|
-
|
10
|
-
extend Puppet::Indirector
|
11
|
-
indirects :key, :terminus_class => :file, :doc => <<DOC
|
12
|
-
This indirection wraps an `OpenSSL::PKey::RSA object, representing a private key.
|
13
|
-
The indirection key is the certificate CN (generally a hostname).
|
14
|
-
DOC
|
15
|
-
|
16
|
-
# Because of how the format handler class is included, this
|
17
|
-
# can't be in the base class.
|
18
|
-
def self.supported_formats
|
19
|
-
[:s]
|
20
|
-
end
|
21
|
-
|
22
|
-
attr_accessor :password_file
|
23
|
-
|
24
|
-
# Knows how to create keys with our system defaults.
|
25
|
-
def generate
|
26
|
-
Puppet.info _("Creating a new SSL key for %{name}") % { name: name }
|
27
|
-
@content = OpenSSL::PKey::RSA.new(Puppet[:keylength].to_i)
|
28
|
-
end
|
29
|
-
|
30
|
-
def initialize(name)
|
31
|
-
super
|
32
|
-
|
33
|
-
@password_file = Puppet[:passfile]
|
34
|
-
end
|
35
|
-
|
36
|
-
def password
|
37
|
-
return nil unless password_file and Puppet::FileSystem.exist?(password_file)
|
38
|
-
|
39
|
-
# Puppet generates files at the default Puppet[:capass] using ASCII
|
40
|
-
# User configured :passfile could be in any encoding
|
41
|
-
# Use BINARY given the string is passed to an OpenSSL API accepting bytes
|
42
|
-
# note this is only called internally
|
43
|
-
Puppet::FileSystem.read(password_file, :encoding => Encoding::BINARY)
|
44
|
-
end
|
45
|
-
|
46
|
-
# Optionally support specifying a password file.
|
47
|
-
def read(path)
|
48
|
-
return super unless password_file
|
49
|
-
|
50
|
-
# RFC 1421 states PEM is 7-bit ASCII https://tools.ietf.org/html/rfc1421
|
51
|
-
@content = wrapped_class.new(Puppet::FileSystem.read(path, :encoding => Encoding::ASCII), password)
|
52
|
-
end
|
53
|
-
|
54
|
-
def to_s
|
55
|
-
if password
|
56
|
-
@content.export(OpenSSL::Cipher::DES.new(:EDE3, :CBC), password)
|
57
|
-
else
|
58
|
-
return super
|
59
|
-
end
|
60
|
-
end
|
61
|
-
end
|