puppet 6.28.0-universal-darwin → 7.0.0-universal-darwin

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of puppet might be problematic. Click here for more details.

Files changed (811) hide show
  1. checksums.yaml +4 -4
  2. data/CODEOWNERS +16 -2
  3. data/CONTRIBUTING.md +5 -5
  4. data/Gemfile +5 -7
  5. data/Gemfile.lock +52 -131
  6. data/README.md +5 -5
  7. data/conf/fileserver.conf +5 -10
  8. data/ext/README.environment +8 -0
  9. data/ext/build_defaults.yaml +1 -1
  10. data/ext/dbfix.sql +132 -0
  11. data/ext/debian/README.Debian +8 -0
  12. data/ext/debian/README.source +2 -0
  13. data/ext/debian/TODO.Debian +1 -0
  14. data/ext/debian/changelog.erb +1122 -0
  15. data/ext/debian/compat +1 -0
  16. data/ext/debian/control +144 -0
  17. data/ext/debian/copyright +339 -0
  18. data/ext/debian/docs +1 -0
  19. data/ext/debian/fileserver.conf +41 -0
  20. data/ext/debian/puppet-common.dirs +13 -0
  21. data/ext/debian/puppet-common.install +3 -0
  22. data/ext/debian/puppet-common.lintian-overrides +5 -0
  23. data/ext/debian/puppet-common.manpages +28 -0
  24. data/ext/debian/puppet-common.postinst +35 -0
  25. data/ext/debian/puppet-common.postrm +33 -0
  26. data/ext/debian/puppet-el.dirs +1 -0
  27. data/ext/debian/puppet-el.emacsen-install +25 -0
  28. data/ext/debian/puppet-el.emacsen-remove +11 -0
  29. data/ext/debian/puppet-el.emacsen-startup +9 -0
  30. data/ext/debian/puppet-el.install +1 -0
  31. data/ext/debian/puppet-testsuite.install +2 -0
  32. data/ext/debian/puppet-testsuite.lintian-overrides +4 -0
  33. data/ext/debian/puppet.lintian-overrides +3 -0
  34. data/ext/debian/puppet.logrotate +20 -0
  35. data/ext/debian/puppet.postinst +20 -0
  36. data/ext/debian/puppet.postrm +20 -0
  37. data/ext/debian/puppet.preinst +20 -0
  38. data/ext/debian/puppetmaster-common.install +2 -0
  39. data/ext/debian/puppetmaster-common.manpages +2 -0
  40. data/ext/debian/puppetmaster-common.postinst +6 -0
  41. data/ext/debian/puppetmaster-passenger.dirs +4 -0
  42. data/ext/debian/puppetmaster-passenger.postinst +162 -0
  43. data/ext/debian/puppetmaster-passenger.postrm +61 -0
  44. data/ext/debian/puppetmaster.README.debian +17 -0
  45. data/ext/debian/puppetmaster.default +14 -0
  46. data/ext/debian/puppetmaster.init +137 -0
  47. data/ext/debian/puppetmaster.lintian-overrides +3 -0
  48. data/ext/debian/puppetmaster.postinst +20 -0
  49. data/ext/debian/puppetmaster.postrm +5 -0
  50. data/ext/debian/puppetmaster.preinst +22 -0
  51. data/ext/debian/rules +132 -0
  52. data/ext/debian/source/format +1 -0
  53. data/ext/debian/source/options +1 -0
  54. data/ext/debian/vim-puppet.README.Debian +13 -0
  55. data/ext/debian/vim-puppet.dirs +5 -0
  56. data/ext/debian/vim-puppet.yaml +7 -0
  57. data/ext/debian/watch +2 -0
  58. data/ext/freebsd/puppetd +26 -0
  59. data/ext/freebsd/puppetmasterd +26 -0
  60. data/ext/gentoo/conf.d/puppet +5 -0
  61. data/ext/gentoo/conf.d/puppetmaster +12 -0
  62. data/ext/gentoo/init.d/puppet +38 -0
  63. data/ext/gentoo/init.d/puppetmaster +51 -0
  64. data/ext/gentoo/puppet/fileserver.conf +41 -0
  65. data/ext/ips/puppet-agent +44 -0
  66. data/ext/ips/puppet-master +44 -0
  67. data/ext/ips/puppet.p5m.erb +12 -0
  68. data/ext/ips/puppetagent.xml +42 -0
  69. data/ext/ips/puppetmaster.xml +42 -0
  70. data/ext/ips/rules +19 -0
  71. data/ext/ips/transforms +34 -0
  72. data/ext/ldap/puppet.schema +24 -0
  73. data/ext/logcheck/puppet +23 -0
  74. data/{examples → ext}/nagios/check_puppet.rb +2 -2
  75. data/ext/osx/file_mapping.yaml +28 -0
  76. data/ext/osx/postflight.erb +109 -0
  77. data/ext/osx/preflight.erb +52 -0
  78. data/ext/osx/prototype.plist.erb +38 -0
  79. data/ext/osx/puppet.plist +0 -2
  80. data/ext/project_data.yaml +1 -15
  81. data/ext/redhat/fileserver.conf +41 -0
  82. data/ext/redhat/logrotate +21 -0
  83. data/ext/redhat/puppet.spec.erb +841 -0
  84. data/ext/redhat/server.init +128 -0
  85. data/ext/redhat/server.sysconfig +13 -0
  86. data/{examples/enc → ext}/regexp_nodes/classes/databases +0 -0
  87. data/{examples/enc → ext}/regexp_nodes/classes/webservers +0 -0
  88. data/{examples/enc → ext}/regexp_nodes/environment/development +0 -0
  89. data/{examples/enc → ext}/regexp_nodes/parameters/service/prod +0 -0
  90. data/{examples/enc → ext}/regexp_nodes/parameters/service/qa +0 -0
  91. data/{examples/enc → ext}/regexp_nodes/parameters/service/sandbox +0 -0
  92. data/{examples/enc → ext}/regexp_nodes/regexp_nodes.rb +0 -0
  93. data/ext/solaris/pkginfo +6 -0
  94. data/ext/solaris/smf/puppetd.xml +77 -0
  95. data/ext/solaris/smf/puppetmasterd.xml +77 -0
  96. data/ext/solaris/smf/svc-puppetd +71 -0
  97. data/ext/solaris/smf/svc-puppetmasterd +67 -0
  98. data/ext/suse/puppet.spec +310 -0
  99. data/ext/suse/server.init +173 -0
  100. data/ext/windows/service/daemon.rb +6 -5
  101. data/ext/yaml_nodes.rb +105 -0
  102. data/install.rb +21 -17
  103. data/lib/puppet/agent.rb +11 -47
  104. data/lib/puppet/application/agent.rb +16 -18
  105. data/lib/puppet/application/apply.rb +4 -24
  106. data/lib/puppet/application/device.rb +100 -106
  107. data/lib/puppet/application/filebucket.rb +13 -10
  108. data/lib/puppet/application/lookup.rb +24 -74
  109. data/lib/puppet/application/resource.rb +16 -32
  110. data/lib/puppet/application/script.rb +0 -2
  111. data/lib/puppet/application/ssl.rb +1 -13
  112. data/lib/puppet/application.rb +178 -108
  113. data/lib/puppet/application_support.rb +0 -7
  114. data/lib/puppet/concurrent/thread_local_singleton.rb +3 -6
  115. data/lib/puppet/configurer/downloader.rb +1 -2
  116. data/lib/puppet/configurer/plugin_handler.rb +21 -19
  117. data/lib/puppet/configurer.rb +86 -183
  118. data/lib/puppet/confine/variable.rb +1 -1
  119. data/lib/puppet/defaults.rb +130 -244
  120. data/lib/puppet/environments.rb +82 -146
  121. data/lib/puppet/face/facts.rb +5 -103
  122. data/lib/puppet/face/generate.rb +0 -2
  123. data/lib/puppet/face/help/action.erb +0 -1
  124. data/lib/puppet/face/help/face.erb +0 -1
  125. data/lib/puppet/face/help.rb +1 -1
  126. data/lib/puppet/face/node/clean.rb +0 -11
  127. data/lib/puppet/face/plugin.rb +5 -8
  128. data/lib/puppet/ffi/windows/api_types.rb +311 -0
  129. data/lib/puppet/ffi/windows/constants.rb +404 -0
  130. data/lib/puppet/ffi/windows/functions.rb +628 -0
  131. data/lib/puppet/ffi/windows/structs.rb +338 -0
  132. data/lib/puppet/ffi/windows.rb +12 -0
  133. data/lib/puppet/file_serving/configuration/parser.rb +3 -34
  134. data/lib/puppet/file_serving/configuration.rb +0 -8
  135. data/lib/puppet/file_serving/fileset.rb +2 -14
  136. data/lib/puppet/file_serving/http_metadata.rb +1 -1
  137. data/lib/puppet/file_serving/metadata.rb +0 -3
  138. data/lib/puppet/file_serving/mount/file.rb +4 -4
  139. data/lib/puppet/file_serving/mount.rb +1 -2
  140. data/lib/puppet/file_system/file_impl.rb +8 -10
  141. data/lib/puppet/file_system/jruby.rb +1 -1
  142. data/lib/puppet/file_system/memory_file.rb +1 -8
  143. data/lib/puppet/file_system/windows.rb +6 -8
  144. data/lib/puppet/file_system.rb +1 -1
  145. data/lib/puppet/forge/repository.rb +0 -1
  146. data/lib/puppet/forge.rb +4 -4
  147. data/lib/puppet/functions/all.rb +1 -1
  148. data/lib/puppet/functions/camelcase.rb +1 -1
  149. data/lib/puppet/functions/capitalize.rb +2 -2
  150. data/lib/puppet/functions/downcase.rb +2 -2
  151. data/lib/puppet/functions/empty.rb +0 -8
  152. data/lib/puppet/functions/find_template.rb +2 -2
  153. data/lib/puppet/functions/get.rb +5 -5
  154. data/lib/puppet/functions/group_by.rb +5 -13
  155. data/lib/puppet/functions/lest.rb +1 -1
  156. data/lib/puppet/functions/new.rb +100 -100
  157. data/lib/puppet/functions/next.rb +1 -18
  158. data/lib/puppet/functions/partition.rb +4 -12
  159. data/lib/puppet/functions/require.rb +5 -5
  160. data/lib/puppet/functions/sort.rb +3 -3
  161. data/lib/puppet/functions/strftime.rb +0 -1
  162. data/lib/puppet/functions/tree_each.rb +10 -7
  163. data/lib/puppet/functions/type.rb +4 -4
  164. data/lib/puppet/functions/unwrap.rb +2 -17
  165. data/lib/puppet/functions/upcase.rb +2 -2
  166. data/lib/puppet/functions/versioncmp.rb +2 -6
  167. data/lib/puppet/generate/models/type/type.rb +4 -1
  168. data/lib/puppet/generate/type.rb +0 -9
  169. data/lib/puppet/http/client.rb +167 -137
  170. data/lib/puppet/{network/resolver.rb → http/dns.rb} +2 -2
  171. data/lib/puppet/http/errors.rb +16 -0
  172. data/lib/puppet/http/external_client.rb +5 -7
  173. data/lib/puppet/{network/http → http}/factory.rb +8 -15
  174. data/lib/puppet/{network/http → http}/pool.rb +61 -26
  175. data/lib/puppet/{network/http/session.rb → http/pool_entry.rb} +2 -3
  176. data/lib/puppet/http/proxy.rb +137 -0
  177. data/lib/puppet/http/redirector.rb +4 -17
  178. data/lib/puppet/http/resolver/server_list.rb +10 -25
  179. data/lib/puppet/http/resolver/settings.rb +4 -7
  180. data/lib/puppet/http/resolver/srv.rb +7 -11
  181. data/lib/puppet/http/resolver.rb +5 -15
  182. data/lib/puppet/http/response.rb +36 -54
  183. data/lib/puppet/http/response_converter.rb +24 -0
  184. data/lib/puppet/http/response_net_http.rb +42 -0
  185. data/lib/puppet/http/retry_after_handler.rb +4 -13
  186. data/lib/puppet/http/service/ca.rb +11 -22
  187. data/lib/puppet/http/service/compiler.rb +23 -144
  188. data/lib/puppet/http/service/file_server.rb +19 -29
  189. data/lib/puppet/http/service/puppetserver.rb +26 -12
  190. data/lib/puppet/http/service/report.rb +8 -10
  191. data/lib/puppet/http/service.rb +12 -26
  192. data/lib/puppet/http/session.rb +11 -20
  193. data/lib/puppet/{network/http → http}/site.rb +1 -2
  194. data/lib/puppet/http.rb +22 -13
  195. data/lib/puppet/indirector/catalog/compiler.rb +6 -25
  196. data/lib/puppet/indirector/catalog/rest.rb +2 -5
  197. data/lib/puppet/indirector/facts/facter.rb +6 -6
  198. data/lib/puppet/indirector/facts/rest.rb +3 -22
  199. data/lib/puppet/indirector/file_bucket_file/rest.rb +3 -9
  200. data/lib/puppet/indirector/file_content/rest.rb +2 -6
  201. data/lib/puppet/indirector/file_metadata/rest.rb +3 -10
  202. data/lib/puppet/indirector/file_server.rb +1 -8
  203. data/lib/puppet/indirector/generic_http.rb +0 -11
  204. data/lib/puppet/indirector/indirection.rb +1 -1
  205. data/lib/puppet/indirector/node/rest.rb +2 -4
  206. data/lib/puppet/indirector/report/rest.rb +3 -8
  207. data/lib/puppet/indirector/request.rb +0 -101
  208. data/lib/puppet/indirector/resource/ral.rb +1 -6
  209. data/lib/puppet/indirector/rest.rb +12 -263
  210. data/lib/puppet/indirector/terminus.rb +0 -4
  211. data/lib/puppet/interface/documentation.rb +0 -1
  212. data/lib/puppet/module/plan.rb +1 -0
  213. data/lib/puppet/module/task.rb +1 -1
  214. data/lib/puppet/module.rb +0 -1
  215. data/lib/puppet/module_tool/applications/installer.rb +2 -56
  216. data/lib/puppet/module_tool/applications/uninstaller.rb +1 -1
  217. data/lib/puppet/module_tool/applications/upgrader.rb +1 -1
  218. data/lib/puppet/module_tool/applications.rb +0 -1
  219. data/lib/puppet/module_tool/errors/shared.rb +2 -34
  220. data/lib/puppet/network/authconfig.rb +2 -96
  221. data/lib/puppet/network/authorization.rb +13 -35
  222. data/lib/puppet/network/formats.rb +0 -67
  223. data/lib/puppet/network/http/api/indirected_routes.rb +3 -21
  224. data/lib/puppet/network/http/api/master/v3.rb +11 -13
  225. data/lib/puppet/network/http/connection.rb +247 -316
  226. data/lib/puppet/network/http/handler.rb +0 -1
  227. data/lib/puppet/network/http.rb +3 -3
  228. data/lib/puppet/network/http_pool.rb +16 -34
  229. data/lib/puppet/node/environment.rb +11 -10
  230. data/lib/puppet/node.rb +2 -31
  231. data/lib/puppet/pal/json_catalog_encoder.rb +4 -0
  232. data/lib/puppet/pal/pal_impl.rb +4 -2
  233. data/lib/puppet/parser/ast/leaf.rb +2 -3
  234. data/lib/puppet/parser/ast/pops_bridge.rb +0 -38
  235. data/lib/puppet/parser/compiler/catalog_validator/relationship_validator.rb +14 -39
  236. data/lib/puppet/parser/compiler.rb +0 -198
  237. data/lib/puppet/parser/functions/fqdn_rand.rb +6 -14
  238. data/lib/puppet/parser/resource.rb +1 -70
  239. data/lib/puppet/parser/scope.rb +0 -1
  240. data/lib/puppet/parser/templatewrapper.rb +1 -2
  241. data/lib/puppet/pops/evaluator/closure.rb +5 -7
  242. data/lib/puppet/pops/evaluator/deferred_resolver.rb +3 -5
  243. data/lib/puppet/pops/evaluator/evaluator_impl.rb +0 -5
  244. data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +3 -4
  245. data/lib/puppet/pops/evaluator/runtime3_support.rb +1 -1
  246. data/lib/puppet/pops/issues.rb +0 -5
  247. data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +6 -8
  248. data/lib/puppet/pops/lookup/lookup_adapter.rb +2 -3
  249. data/lib/puppet/pops/model/ast.pp +0 -42
  250. data/lib/puppet/pops/model/ast.rb +0 -291
  251. data/lib/puppet/pops/model/ast_transformer.rb +1 -1
  252. data/lib/puppet/pops/model/factory.rb +1 -47
  253. data/lib/puppet/pops/model/model_label_provider.rb +0 -5
  254. data/lib/puppet/pops/model/model_tree_dumper.rb +0 -22
  255. data/lib/puppet/pops/model/pn_transformer.rb +0 -16
  256. data/lib/puppet/pops/parser/code_merger.rb +4 -4
  257. data/lib/puppet/pops/parser/egrammar.ra +0 -58
  258. data/lib/puppet/pops/parser/eparser.rb +1685 -1896
  259. data/lib/puppet/pops/parser/lexer2.rb +91 -92
  260. data/lib/puppet/pops/parser/parser_support.rb +0 -5
  261. data/lib/puppet/pops/parser/slurp_support.rb +0 -1
  262. data/lib/puppet/pops/resource/resource_type_impl.rb +2 -24
  263. data/lib/puppet/pops/serialization/to_stringified_converter.rb +1 -1
  264. data/lib/puppet/pops/types/p_sem_ver_type.rb +2 -8
  265. data/lib/puppet/pops/types/p_sensitive_type.rb +0 -10
  266. data/lib/puppet/pops/types/type_calculator.rb +0 -7
  267. data/lib/puppet/pops/types/type_formatter.rb +3 -4
  268. data/lib/puppet/pops/types/type_mismatch_describer.rb +1 -1
  269. data/lib/puppet/pops/types/type_parser.rb +0 -4
  270. data/lib/puppet/pops/types/types.rb +1 -2
  271. data/lib/puppet/pops/validation/checker4_0.rb +9 -37
  272. data/lib/puppet/pops/validation/tasks_checker.rb +0 -12
  273. data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -2
  274. data/lib/puppet/property/list.rb +1 -1
  275. data/lib/puppet/provider/aix_object.rb +1 -1
  276. data/lib/puppet/provider/exec/posix.rb +4 -16
  277. data/lib/puppet/provider/group/groupadd.rb +10 -18
  278. data/lib/puppet/provider/nameservice.rb +0 -18
  279. data/lib/puppet/provider/package/apt.rb +2 -34
  280. data/lib/puppet/provider/package/aptitude.rb +0 -6
  281. data/lib/puppet/provider/package/dnfmodule.rb +1 -1
  282. data/lib/puppet/provider/package/dpkg.rb +0 -10
  283. data/lib/puppet/provider/package/gem.rb +23 -3
  284. data/lib/puppet/provider/package/nim.rb +6 -11
  285. data/lib/puppet/provider/package/pip.rb +3 -16
  286. data/lib/puppet/provider/package/pkg.rb +2 -23
  287. data/lib/puppet/provider/package/portage.rb +1 -1
  288. data/lib/puppet/provider/package/puppet_gem.rb +1 -4
  289. data/lib/puppet/provider/package/puppetserver_gem.rb +17 -8
  290. data/lib/puppet/provider/package/windows/exe_package.rb +1 -30
  291. data/lib/puppet/provider/package/windows/package.rb +1 -2
  292. data/lib/puppet/provider/package/windows.rb +1 -14
  293. data/lib/puppet/provider/package/yum.rb +1 -1
  294. data/lib/puppet/provider/parsedfile.rb +0 -3
  295. data/lib/puppet/provider/service/base.rb +1 -1
  296. data/lib/puppet/provider/service/debian.rb +0 -2
  297. data/lib/puppet/provider/service/init.rb +9 -10
  298. data/lib/puppet/provider/service/launchd.rb +2 -2
  299. data/lib/puppet/provider/service/redhat.rb +1 -1
  300. data/lib/puppet/provider/service/smf.rb +194 -76
  301. data/lib/puppet/provider/service/systemd.rb +6 -16
  302. data/lib/puppet/provider/service/upstart.rb +5 -5
  303. data/lib/puppet/provider/service/windows.rb +0 -38
  304. data/lib/puppet/provider/user/aix.rb +3 -46
  305. data/lib/puppet/provider/user/directoryservice.rb +11 -39
  306. data/lib/puppet/provider/user/useradd.rb +24 -134
  307. data/lib/puppet/provider.rb +1 -14
  308. data/lib/puppet/reference/configuration.rb +8 -7
  309. data/lib/puppet/reference/indirection.rb +1 -1
  310. data/lib/puppet/reference/providers.rb +2 -2
  311. data/lib/puppet/resource/catalog.rb +2 -15
  312. data/lib/puppet/resource/type.rb +3 -119
  313. data/lib/puppet/resource/type_collection.rb +3 -49
  314. data/lib/puppet/resource.rb +6 -127
  315. data/lib/puppet/runtime.rb +2 -13
  316. data/lib/puppet/settings/environment_conf.rb +0 -1
  317. data/lib/puppet/settings/integer_setting.rb +17 -0
  318. data/lib/puppet/settings/port_setting.rb +15 -0
  319. data/lib/puppet/settings/priority_setting.rb +5 -4
  320. data/lib/puppet/settings.rb +82 -98
  321. data/lib/puppet/ssl/base.rb +3 -5
  322. data/lib/puppet/ssl/certificate.rb +0 -6
  323. data/lib/puppet/ssl/certificate_request.rb +1 -12
  324. data/lib/puppet/ssl/certificate_signer.rb +6 -0
  325. data/lib/puppet/ssl/oids.rb +3 -1
  326. data/lib/puppet/ssl/ssl_provider.rb +36 -75
  327. data/lib/puppet/ssl/state_machine.rb +20 -14
  328. data/lib/puppet/ssl/verifier.rb +2 -6
  329. data/lib/puppet/ssl.rb +10 -6
  330. data/lib/puppet/test/test_helper.rb +2 -7
  331. data/lib/puppet/transaction/additional_resource_generator.rb +1 -1
  332. data/lib/puppet/transaction/persistence.rb +1 -21
  333. data/lib/puppet/transaction/report.rb +3 -19
  334. data/lib/puppet/transaction.rb +1 -7
  335. data/lib/puppet/type/exec.rb +6 -36
  336. data/lib/puppet/type/file/checksum.rb +1 -1
  337. data/lib/puppet/type/file/data_sync.rb +1 -1
  338. data/lib/puppet/type/file/mode.rb +0 -6
  339. data/lib/puppet/type/file/selcontext.rb +1 -1
  340. data/lib/puppet/type/file/source.rb +1 -1
  341. data/lib/puppet/type/file.rb +12 -32
  342. data/lib/puppet/type/filebucket.rb +4 -4
  343. data/lib/puppet/type/group.rb +1 -0
  344. data/lib/puppet/type/package.rb +8 -16
  345. data/lib/puppet/type/resources.rb +1 -1
  346. data/lib/puppet/type/service.rb +41 -26
  347. data/lib/puppet/type/tidy.rb +3 -22
  348. data/lib/puppet/type/user.rb +13 -35
  349. data/lib/puppet/type.rb +1 -77
  350. data/lib/puppet/util/autoload.rb +8 -1
  351. data/lib/puppet/util/command_line.rb +1 -1
  352. data/lib/puppet/util/execution.rb +0 -11
  353. data/lib/puppet/util/filetype.rb +2 -2
  354. data/lib/puppet/util/http_proxy.rb +2 -215
  355. data/lib/puppet/util/json.rb +0 -20
  356. data/lib/puppet/util/log.rb +4 -8
  357. data/lib/puppet/util/logging.rb +25 -1
  358. data/lib/puppet/util/monkey_patches.rb +2 -59
  359. data/lib/puppet/util/package.rb +16 -25
  360. data/lib/puppet/util/pidlock.rb +1 -1
  361. data/lib/puppet/util/posix.rb +5 -54
  362. data/lib/puppet/util/rdoc/parser/puppet_parser_core.rb +1 -1
  363. data/lib/puppet/util/rdoc.rb +0 -7
  364. data/lib/puppet/util/retry_action.rb +1 -1
  365. data/lib/puppet/util/run_mode.rb +9 -1
  366. data/lib/puppet/util/selinux.rb +4 -30
  367. data/lib/puppet/util/suidmanager.rb +2 -1
  368. data/lib/puppet/util/symbolic_file_mode.rb +17 -29
  369. data/lib/puppet/util/tagging.rb +0 -1
  370. data/lib/puppet/util/windows/adsi.rb +0 -46
  371. data/lib/puppet/util/windows/daemon.rb +360 -0
  372. data/lib/puppet/util/windows/error.rb +1 -0
  373. data/lib/puppet/util/windows/eventlog.rb +4 -9
  374. data/lib/puppet/util/windows/file.rb +8 -242
  375. data/lib/puppet/util/windows/monkey_patches/process.rb +414 -0
  376. data/lib/puppet/util/windows/principal.rb +2 -9
  377. data/lib/puppet/util/windows/process.rb +4 -226
  378. data/lib/puppet/util/windows/service.rb +11 -457
  379. data/lib/puppet/util/windows/sid.rb +2 -6
  380. data/lib/puppet/util/windows/string.rb +12 -13
  381. data/lib/puppet/util/windows/user.rb +2 -0
  382. data/lib/puppet/util/windows.rb +3 -11
  383. data/lib/puppet/util/yaml.rb +1 -42
  384. data/lib/puppet/util.rb +5 -5
  385. data/lib/puppet/vendor/require_vendored.rb +0 -1
  386. data/lib/puppet/version.rb +1 -1
  387. data/lib/puppet/x509/cert_provider.rb +29 -1
  388. data/lib/puppet/x509.rb +5 -1
  389. data/lib/puppet.rb +34 -27
  390. data/locales/puppet.pot +9633 -5
  391. data/man/man5/puppet.conf.5 +286 -401
  392. data/man/man8/puppet-agent.8 +2 -5
  393. data/man/man8/puppet-apply.8 +2 -2
  394. data/man/man8/puppet-catalog.8 +9 -9
  395. data/man/man8/puppet-config.8 +1 -1
  396. data/man/man8/puppet-describe.8 +1 -1
  397. data/man/man8/puppet-device.8 +2 -2
  398. data/man/man8/puppet-doc.8 +1 -1
  399. data/man/man8/puppet-epp.8 +1 -1
  400. data/man/man8/puppet-facts.8 +8 -51
  401. data/man/man8/puppet-filebucket.8 +4 -4
  402. data/man/man8/puppet-generate.8 +1 -1
  403. data/man/man8/puppet-help.8 +1 -1
  404. data/man/man8/puppet-lookup.8 +6 -9
  405. data/man/man8/puppet-module.8 +3 -60
  406. data/man/man8/puppet-node.8 +5 -5
  407. data/man/man8/puppet-parser.8 +1 -1
  408. data/man/man8/puppet-plugin.8 +1 -1
  409. data/man/man8/puppet-report.8 +5 -5
  410. data/man/man8/puppet-resource.8 +1 -1
  411. data/man/man8/puppet-script.8 +2 -2
  412. data/man/man8/puppet-ssl.8 +1 -5
  413. data/man/man8/puppet.8 +2 -2
  414. data/spec/fixtures/ssl/127.0.0.1-key.pem +57 -107
  415. data/spec/fixtures/ssl/127.0.0.1.pem +31 -52
  416. data/spec/fixtures/ssl/bad-basic-constraints.pem +35 -57
  417. data/spec/fixtures/ssl/bad-int-basic-constraints.pem +35 -57
  418. data/spec/fixtures/ssl/ca.pem +35 -57
  419. data/spec/fixtures/ssl/crl.pem +18 -28
  420. data/spec/fixtures/ssl/ec-key.pem +11 -11
  421. data/spec/fixtures/ssl/ec.pem +24 -33
  422. data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
  423. data/spec/fixtures/ssl/encrypted-key.pem +58 -108
  424. data/spec/fixtures/ssl/intermediate-agent-crl.pem +19 -28
  425. data/spec/fixtures/ssl/intermediate-agent.pem +36 -57
  426. data/spec/fixtures/ssl/intermediate-crl.pem +21 -31
  427. data/spec/fixtures/ssl/intermediate.pem +36 -57
  428. data/spec/fixtures/ssl/pluto-key.pem +57 -107
  429. data/spec/fixtures/ssl/pluto.pem +30 -52
  430. data/spec/fixtures/ssl/request-key.pem +57 -107
  431. data/spec/fixtures/ssl/request.pem +26 -47
  432. data/spec/fixtures/ssl/revoked-key.pem +57 -107
  433. data/spec/fixtures/ssl/revoked.pem +30 -52
  434. data/spec/fixtures/ssl/signed-key.pem +57 -107
  435. data/spec/fixtures/ssl/signed.pem +30 -52
  436. data/spec/fixtures/ssl/tampered-cert.pem +30 -52
  437. data/spec/fixtures/ssl/tampered-csr.pem +26 -47
  438. data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +57 -107
  439. data/spec/fixtures/ssl/unknown-127.0.0.1.pem +29 -50
  440. data/spec/fixtures/ssl/unknown-ca-key.pem +57 -107
  441. data/spec/fixtures/ssl/unknown-ca.pem +33 -55
  442. data/spec/fixtures/unit/forge/bacula.json +1 -1
  443. data/spec/fixtures/unit/provider/service/smf/{svcs.out → svcs_instances.out} +0 -0
  444. data/spec/fixtures/unit/provider/user/aix/aix_passwd_file.out +0 -4
  445. data/spec/integration/application/agent_spec.rb +50 -406
  446. data/spec/integration/application/apply_spec.rb +1 -20
  447. data/spec/integration/application/filebucket_spec.rb +16 -32
  448. data/spec/integration/application/help_spec.rb +2 -0
  449. data/spec/integration/application/lookup_spec.rb +50 -81
  450. data/spec/integration/application/module_spec.rb +0 -21
  451. data/spec/integration/application/plugin_spec.rb +24 -2
  452. data/spec/integration/configurer_spec.rb +2 -18
  453. data/spec/integration/defaults_spec.rb +14 -3
  454. data/spec/integration/environments/settings_interpolation_spec.rb +4 -0
  455. data/spec/integration/http/client_spec.rb +4 -63
  456. data/spec/integration/indirector/direct_file_server_spec.rb +3 -1
  457. data/spec/integration/indirector/facts/facter_spec.rb +39 -93
  458. data/spec/integration/network/http_pool_spec.rb +3 -21
  459. data/spec/integration/parser/catalog_spec.rb +0 -38
  460. data/spec/integration/parser/node_spec.rb +0 -9
  461. data/spec/integration/parser/pcore_resource_spec.rb +0 -47
  462. data/spec/integration/resource/type_collection_spec.rb +6 -2
  463. data/spec/integration/transaction/report_spec.rb +1 -1
  464. data/spec/integration/transaction_spec.rb +9 -4
  465. data/spec/integration/type/exec_spec.rb +45 -70
  466. data/spec/integration/type/file_spec.rb +7 -6
  467. data/spec/integration/type/package_spec.rb +6 -6
  468. data/spec/integration/util/rdoc/parser_spec.rb +1 -1
  469. data/spec/integration/util/windows/adsi_spec.rb +1 -21
  470. data/spec/integration/util/windows/monkey_patches/process_spec.rb +231 -0
  471. data/spec/integration/util/windows/principal_spec.rb +0 -21
  472. data/spec/integration/util/windows/process_spec.rb +9 -1
  473. data/spec/integration/util/windows/registry_spec.rb +10 -6
  474. data/spec/integration/util/windows/security_spec.rb +1 -1
  475. data/spec/lib/matchers/include.rb +27 -0
  476. data/spec/lib/matchers/include_spec.rb +32 -0
  477. data/spec/lib/puppet/test_ca.rb +2 -7
  478. data/spec/lib/puppet_spec/https.rb +1 -1
  479. data/spec/lib/puppet_spec/modules.rb +2 -13
  480. data/spec/lib/puppet_spec/puppetserver.rb +3 -55
  481. data/spec/lib/puppet_spec/settings.rb +1 -1
  482. data/spec/shared_behaviours/documentation_on_faces.rb +2 -0
  483. data/spec/spec_helper.rb +17 -13
  484. data/spec/unit/agent_spec.rb +8 -38
  485. data/spec/unit/application/agent_spec.rb +19 -33
  486. data/spec/unit/application/apply_spec.rb +56 -76
  487. data/spec/unit/application/facts_spec.rb +12 -456
  488. data/spec/unit/application/filebucket_spec.rb +43 -39
  489. data/spec/unit/application/lookup_spec.rb +10 -131
  490. data/spec/unit/application/resource_spec.rb +0 -29
  491. data/spec/unit/application/ssl_spec.rb +2 -25
  492. data/spec/unit/application_spec.rb +9 -51
  493. data/spec/unit/certificate_factory_spec.rb +1 -1
  494. data/spec/unit/configurer/downloader_spec.rb +6 -8
  495. data/spec/unit/configurer/plugin_handler_spec.rb +56 -18
  496. data/spec/unit/configurer_spec.rb +68 -327
  497. data/spec/unit/confine/feature_spec.rb +1 -1
  498. data/spec/unit/confine_spec.rb +2 -8
  499. data/spec/unit/context/trusted_information_spec.rb +2 -6
  500. data/spec/unit/daemon_spec.rb +11 -2
  501. data/spec/unit/defaults_spec.rb +68 -55
  502. data/spec/unit/environments_spec.rb +68 -408
  503. data/spec/unit/face/generate_spec.rb +0 -64
  504. data/spec/unit/face/node_spec.rb +11 -0
  505. data/spec/unit/face/plugin_spec.rb +73 -33
  506. data/spec/unit/file_bucket/dipper_spec.rb +2 -2
  507. data/spec/unit/file_bucket/file_spec.rb +1 -1
  508. data/spec/unit/file_serving/configuration/parser_spec.rb +15 -41
  509. data/spec/unit/file_serving/configuration_spec.rb +10 -26
  510. data/spec/unit/file_serving/fileset_spec.rb +0 -60
  511. data/spec/unit/file_serving/metadata_spec.rb +3 -3
  512. data/spec/unit/file_serving/terminus_helper_spec.rb +4 -11
  513. data/spec/unit/file_system_spec.rb +4 -56
  514. data/spec/unit/forge/module_release_spec.rb +10 -5
  515. data/spec/unit/functions/assert_type_spec.rb +1 -1
  516. data/spec/unit/functions/camelcase_spec.rb +1 -1
  517. data/spec/unit/functions/capitalize_spec.rb +1 -1
  518. data/spec/unit/functions/downcase_spec.rb +1 -1
  519. data/spec/unit/functions/empty_spec.rb +0 -10
  520. data/spec/unit/functions/logging_spec.rb +0 -1
  521. data/spec/unit/functions/lookup_spec.rb +0 -64
  522. data/spec/unit/functions/unwrap_spec.rb +0 -8
  523. data/spec/unit/functions/upcase_spec.rb +1 -1
  524. data/spec/unit/functions/versioncmp_spec.rb +4 -40
  525. data/spec/unit/functions4_spec.rb +2 -2
  526. data/spec/unit/gettext/config_spec.rb +0 -12
  527. data/spec/unit/http/client_spec.rb +8 -84
  528. data/spec/unit/{network/resolver_spec.rb → http/dns_spec.rb} +3 -3
  529. data/spec/unit/http/external_client_spec.rb +4 -4
  530. data/spec/unit/{network/http → http}/factory_spec.rb +5 -30
  531. data/spec/unit/{network/http/session_spec.rb → http/pool_entry_spec.rb} +3 -3
  532. data/spec/unit/{network/http → http}/pool_spec.rb +12 -17
  533. data/spec/unit/{util/http_proxy_spec.rb → http/proxy_spec.rb} +2 -69
  534. data/spec/unit/http/resolver_spec.rb +13 -13
  535. data/spec/unit/http/service/compiler_spec.rb +0 -193
  536. data/spec/unit/http/service/file_server_spec.rb +3 -3
  537. data/spec/unit/http/service/puppetserver_spec.rb +34 -4
  538. data/spec/unit/http/service_spec.rb +0 -1
  539. data/spec/unit/http/session_spec.rb +16 -14
  540. data/spec/unit/{network/http → http}/site_spec.rb +3 -3
  541. data/spec/unit/indirector/catalog/compiler_spec.rb +10 -101
  542. data/spec/unit/indirector/catalog/rest_spec.rb +0 -8
  543. data/spec/unit/indirector/face_spec.rb +1 -0
  544. data/spec/unit/indirector/facts/facter_spec.rb +3 -0
  545. data/spec/unit/indirector/file_bucket_file/file_spec.rb +5 -3
  546. data/spec/unit/indirector/file_bucket_file/selector_spec.rb +8 -26
  547. data/spec/unit/indirector/file_content/rest_spec.rb +0 -4
  548. data/spec/unit/indirector/file_metadata/rest_spec.rb +0 -4
  549. data/spec/unit/indirector/file_server_spec.rb +1 -15
  550. data/spec/unit/indirector/indirection_spec.rb +15 -18
  551. data/spec/unit/indirector/report/rest_spec.rb +2 -17
  552. data/spec/unit/indirector/request_spec.rb +0 -264
  553. data/spec/unit/indirector/resource/ral_spec.rb +75 -40
  554. data/spec/unit/indirector/rest_spec.rb +98 -752
  555. data/spec/unit/indirector/store_configs_spec.rb +7 -0
  556. data/spec/unit/indirector_spec.rb +2 -2
  557. data/spec/unit/interface/action_spec.rb +9 -0
  558. data/spec/unit/module_spec.rb +1 -15
  559. data/spec/unit/module_tool/applications/installer_spec.rb +0 -105
  560. data/spec/unit/network/authconfig_spec.rb +2 -129
  561. data/spec/unit/network/authorization_spec.rb +2 -55
  562. data/spec/unit/network/formats_spec.rb +4 -51
  563. data/spec/unit/network/http/api/indirected_routes_spec.rb +5 -92
  564. data/spec/unit/network/http/api/master/v3_spec.rb +28 -7
  565. data/spec/unit/network/http/api_spec.rb +10 -0
  566. data/spec/unit/network/http/connection_spec.rb +19 -41
  567. data/spec/unit/network/http/handler_spec.rb +0 -1
  568. data/spec/unit/network/http_pool_spec.rb +0 -4
  569. data/spec/unit/node/environment_spec.rb +33 -21
  570. data/spec/unit/node_spec.rb +2 -60
  571. data/spec/unit/parser/compiler_spec.rb +19 -3
  572. data/spec/unit/parser/functions/create_resources_spec.rb +2 -20
  573. data/spec/unit/parser/functions/fqdn_rand_spec.rb +1 -15
  574. data/spec/unit/parser/resource_spec.rb +8 -14
  575. data/spec/unit/parser/templatewrapper_spec.rb +5 -16
  576. data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +4 -7
  577. data/spec/unit/pops/loaders/loaders_spec.rb +6 -21
  578. data/spec/unit/pops/parser/parse_application_spec.rb +4 -22
  579. data/spec/unit/pops/parser/parse_basic_expressions_spec.rb +0 -1
  580. data/spec/unit/pops/parser/parse_capabilities_spec.rb +8 -21
  581. data/spec/unit/pops/parser/parse_containers_spec.rb +13 -2
  582. data/spec/unit/pops/parser/parse_site_spec.rb +20 -24
  583. data/spec/unit/pops/resource/resource_type_impl_spec.rb +0 -71
  584. data/spec/unit/pops/serialization/to_from_hr_spec.rb +1 -1
  585. data/spec/unit/pops/serialization/to_stringified_spec.rb +0 -5
  586. data/spec/unit/pops/types/p_sem_ver_type_spec.rb +0 -18
  587. data/spec/unit/pops/types/p_sensitive_type_spec.rb +0 -18
  588. data/spec/unit/pops/types/type_calculator_spec.rb +6 -12
  589. data/spec/unit/pops/types/type_factory_spec.rb +1 -1
  590. data/spec/unit/pops/validator/validator_spec.rb +61 -51
  591. data/spec/unit/pops/visitor_spec.rb +1 -1
  592. data/spec/unit/property_spec.rb +0 -1
  593. data/spec/unit/provider/group/groupadd_spec.rb +2 -5
  594. data/spec/unit/provider/nameservice_spec.rb +64 -122
  595. data/spec/unit/provider/package/apt_spec.rb +23 -28
  596. data/spec/unit/provider/package/aptitude_spec.rb +1 -1
  597. data/spec/unit/provider/package/base_spec.rb +5 -6
  598. data/spec/unit/provider/package/dnfmodule_spec.rb +1 -10
  599. data/spec/unit/provider/package/dpkg_spec.rb +0 -48
  600. data/spec/unit/provider/package/gem_spec.rb +33 -1
  601. data/spec/unit/provider/package/nim_spec.rb +0 -42
  602. data/spec/unit/provider/package/pacman_spec.rb +12 -18
  603. data/spec/unit/provider/package/pip2_spec.rb +1 -1
  604. data/spec/unit/provider/package/pip3_spec.rb +1 -1
  605. data/spec/unit/provider/package/pip_spec.rb +12 -44
  606. data/spec/unit/provider/package/pkg_spec.rb +4 -29
  607. data/spec/unit/provider/package/pkgdmg_spec.rb +4 -0
  608. data/spec/unit/provider/package/puppet_gem_spec.rb +4 -3
  609. data/spec/unit/provider/package/puppetserver_gem_spec.rb +3 -3
  610. data/spec/unit/provider/package/windows/exe_package_spec.rb +0 -17
  611. data/spec/unit/provider/parsedfile_spec.rb +0 -10
  612. data/spec/unit/provider/service/gentoo_spec.rb +5 -6
  613. data/spec/unit/provider/service/init_spec.rb +9 -16
  614. data/spec/unit/provider/service/launchd_spec.rb +0 -11
  615. data/spec/unit/provider/service/openwrt_spec.rb +29 -23
  616. data/spec/unit/provider/service/redhat_spec.rb +2 -3
  617. data/spec/unit/provider/service/smf_spec.rb +401 -165
  618. data/spec/unit/provider/service/systemd_spec.rb +9 -54
  619. data/spec/unit/provider/service/windows_spec.rb +0 -203
  620. data/spec/unit/provider/user/aix_spec.rb +0 -105
  621. data/spec/unit/provider/user/directoryservice_spec.rb +36 -68
  622. data/spec/unit/provider/user/hpux_spec.rb +1 -1
  623. data/spec/unit/provider/user/pw_spec.rb +0 -2
  624. data/spec/unit/provider/user/useradd_spec.rb +5 -114
  625. data/spec/unit/provider_spec.rb +12 -22
  626. data/spec/unit/puppet_spec.rb +4 -12
  627. data/spec/unit/resource/catalog_spec.rb +2 -15
  628. data/spec/unit/resource/type_collection_spec.rb +2 -22
  629. data/spec/unit/resource/type_spec.rb +1 -1
  630. data/spec/unit/resource_spec.rb +12 -125
  631. data/spec/unit/settings/http_extra_headers_spec.rb +2 -4
  632. data/spec/unit/settings/integer_setting_spec.rb +42 -0
  633. data/spec/unit/settings/port_setting_spec.rb +31 -0
  634. data/spec/unit/settings/priority_setting_spec.rb +4 -4
  635. data/spec/unit/settings_spec.rb +79 -110
  636. data/spec/unit/ssl/base_spec.rb +37 -3
  637. data/spec/unit/ssl/certificate_request_spec.rb +21 -45
  638. data/spec/unit/ssl/certificate_spec.rb +2 -11
  639. data/spec/unit/ssl/ssl_provider_spec.rb +3 -80
  640. data/spec/unit/ssl/state_machine_spec.rb +5 -21
  641. data/spec/unit/ssl/verifier_spec.rb +0 -21
  642. data/spec/unit/transaction/additional_resource_generator_spec.rb +9 -3
  643. data/spec/unit/transaction/event_manager_spec.rb +11 -14
  644. data/spec/unit/transaction/persistence_spec.rb +0 -51
  645. data/spec/unit/transaction/report_spec.rb +0 -2
  646. data/spec/unit/transaction/resource_harness_spec.rb +2 -2
  647. data/spec/unit/transaction_spec.rb +55 -96
  648. data/spec/unit/type/exec_spec.rb +29 -76
  649. data/spec/unit/type/file/checksum_spec.rb +6 -6
  650. data/spec/unit/type/file/content_spec.rb +2 -1
  651. data/spec/unit/type/file/ensure_spec.rb +1 -1
  652. data/spec/unit/type/file/mode_spec.rb +1 -1
  653. data/spec/unit/type/file/selinux_spec.rb +5 -3
  654. data/spec/unit/type/file/source_spec.rb +4 -5
  655. data/spec/unit/type/file_spec.rb +18 -6
  656. data/spec/unit/type/group_spec.rb +6 -13
  657. data/spec/unit/type/package_spec.rb +1 -1
  658. data/spec/unit/type/resources_spec.rb +7 -7
  659. data/spec/unit/type/service_spec.rb +189 -87
  660. data/spec/unit/type/tidy_spec.rb +8 -24
  661. data/spec/unit/type_spec.rb +24 -4
  662. data/spec/unit/util/at_fork_spec.rb +2 -2
  663. data/spec/unit/util/autoload_spec.rb +1 -5
  664. data/spec/unit/util/backups_spec.rb +2 -3
  665. data/spec/unit/util/execution_spec.rb +11 -44
  666. data/spec/unit/util/inifile_spec.rb +14 -6
  667. data/spec/unit/util/log_spec.rb +7 -8
  668. data/spec/unit/util/logging_spec.rb +3 -5
  669. data/spec/unit/util/monkey_patches_spec.rb +0 -6
  670. data/spec/unit/util/posix_spec.rb +15 -363
  671. data/spec/unit/util/run_mode_spec.rb +21 -121
  672. data/spec/unit/util/selinux_spec.rb +68 -163
  673. data/spec/unit/util/storage_spec.rb +1 -3
  674. data/spec/unit/util/suidmanager_spec.rb +41 -44
  675. data/spec/unit/util/windows/sid_spec.rb +0 -41
  676. data/spec/unit/util/windows/string_spec.rb +1 -3
  677. data/spec/unit/util/yaml_spec.rb +13 -92
  678. data/spec/unit/util_spec.rb +6 -31
  679. data/tasks/generate_cert_fixtures.rake +7 -17
  680. data/tasks/parallel.rake +3 -3
  681. metadata +138 -233
  682. data/conf/auth.conf +0 -150
  683. data/ext/README.md +0 -13
  684. data/lib/puppet/application/cert.rb +0 -76
  685. data/lib/puppet/application/key.rb +0 -4
  686. data/lib/puppet/application/man.rb +0 -4
  687. data/lib/puppet/application/status.rb +0 -4
  688. data/lib/puppet/face/key.rb +0 -16
  689. data/lib/puppet/face/man.rb +0 -145
  690. data/lib/puppet/face/module/build.rb +0 -14
  691. data/lib/puppet/face/module/generate.rb +0 -14
  692. data/lib/puppet/face/module/search.rb +0 -103
  693. data/lib/puppet/face/status.rb +0 -51
  694. data/lib/puppet/facter_impl.rb +0 -96
  695. data/lib/puppet/ffi/posix/constants.rb +0 -14
  696. data/lib/puppet/ffi/posix/functions.rb +0 -24
  697. data/lib/puppet/ffi/posix.rb +0 -10
  698. data/lib/puppet/file_serving/mount/scripts.rb +0 -24
  699. data/lib/puppet/indirector/certificate/file.rb +0 -9
  700. data/lib/puppet/indirector/certificate/rest.rb +0 -18
  701. data/lib/puppet/indirector/certificate_request/file.rb +0 -9
  702. data/lib/puppet/indirector/certificate_request/memory.rb +0 -7
  703. data/lib/puppet/indirector/certificate_request/rest.rb +0 -11
  704. data/lib/puppet/indirector/file_content/http.rb +0 -22
  705. data/lib/puppet/indirector/key/file.rb +0 -46
  706. data/lib/puppet/indirector/key/memory.rb +0 -7
  707. data/lib/puppet/indirector/ssl_file.rb +0 -162
  708. data/lib/puppet/indirector/status/local.rb +0 -12
  709. data/lib/puppet/indirector/status/rest.rb +0 -27
  710. data/lib/puppet/indirector/status.rb +0 -3
  711. data/lib/puppet/module_tool/applications/searcher.rb +0 -29
  712. data/lib/puppet/network/auth_config_parser.rb +0 -90
  713. data/lib/puppet/network/authstore.rb +0 -283
  714. data/lib/puppet/network/http/api/master/v3/authorization.rb +0 -18
  715. data/lib/puppet/network/http/api/master/v3/environment.rb +0 -88
  716. data/lib/puppet/network/http/base_pool.rb +0 -36
  717. data/lib/puppet/network/http/compression.rb +0 -127
  718. data/lib/puppet/network/http/connection_adapter.rb +0 -184
  719. data/lib/puppet/network/http/nocache_pool.rb +0 -28
  720. data/lib/puppet/network/rest_controller.rb +0 -2
  721. data/lib/puppet/network/rights.rb +0 -210
  722. data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +0 -66
  723. data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +0 -22
  724. data/lib/puppet/parser/environment_compiler.rb +0 -202
  725. data/lib/puppet/pops/types/enumeration.rb +0 -16
  726. data/lib/puppet/resource/capability_finder.rb +0 -154
  727. data/lib/puppet/rest/errors.rb +0 -15
  728. data/lib/puppet/rest/response.rb +0 -35
  729. data/lib/puppet/rest/route.rb +0 -85
  730. data/lib/puppet/rest/routes.rb +0 -135
  731. data/lib/puppet/settings/alias_setting.rb +0 -37
  732. data/lib/puppet/ssl/host.rb +0 -505
  733. data/lib/puppet/ssl/key.rb +0 -61
  734. data/lib/puppet/ssl/validator/default_validator.rb +0 -209
  735. data/lib/puppet/ssl/validator/no_validator.rb +0 -22
  736. data/lib/puppet/ssl/validator.rb +0 -61
  737. data/lib/puppet/ssl/verifier_adapter.rb +0 -58
  738. data/lib/puppet/status.rb +0 -40
  739. data/lib/puppet/util/connection.rb +0 -88
  740. data/lib/puppet/util/fact_dif.rb +0 -81
  741. data/lib/puppet/util/ssl.rb +0 -83
  742. data/lib/puppet/util/windows/api_types.rb +0 -309
  743. data/lib/puppet/util/windows/monkey_patches/dir.rb +0 -40
  744. data/lib/puppet/vendor/load_pathspec.rb +0 -1
  745. data/lib/puppet/vendor/pathspec/CHANGELOG.md +0 -2
  746. data/lib/puppet/vendor/pathspec/LICENSE +0 -201
  747. data/lib/puppet/vendor/pathspec/PUPPET_README.md +0 -6
  748. data/lib/puppet/vendor/pathspec/README.md +0 -53
  749. data/lib/puppet/vendor/pathspec/lib/pathspec/gitignorespec.rb +0 -275
  750. data/lib/puppet/vendor/pathspec/lib/pathspec/regexspec.rb +0 -17
  751. data/lib/puppet/vendor/pathspec/lib/pathspec/spec.rb +0 -14
  752. data/lib/puppet/vendor/pathspec/lib/pathspec.rb +0 -122
  753. data/man/man8/puppet-key.8 +0 -126
  754. data/man/man8/puppet-man.8 +0 -76
  755. data/man/man8/puppet-status.8 +0 -108
  756. data/spec/fixtures/integration/application/agent/cached_deferred_catalog.json +0 -92
  757. data/spec/fixtures/integration/application/agent/lib/facter/agent_spec_role.rb +0 -3
  758. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/Gemfile +0 -4
  759. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/Rakefile +0 -3
  760. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/lib/puppet/functions/l10n.rb +0 -8
  761. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/config.yaml +0 -25
  762. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/ja/puppet-l10n.po +0 -19
  763. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/puppet-l10n.pot +0 -20
  764. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/metadata.json +0 -8
  765. data/spec/fixtures/ssl/oid-key.pem +0 -117
  766. data/spec/fixtures/ssl/oid.pem +0 -69
  767. data/spec/fixtures/ssl/trusted_oid_mapping.yaml +0 -5
  768. data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services_vendor_preset +0 -9
  769. data/spec/integration/application/resource_spec.rb +0 -68
  770. data/spec/integration/application/ssl_spec.rb +0 -20
  771. data/spec/integration/l10n/compiler_spec.rb +0 -37
  772. data/spec/integration/network/authconfig_spec.rb +0 -256
  773. data/spec/integration/util/windows/monkey_patches/dir_spec.rb +0 -11
  774. data/spec/shared_contexts/l10n.rb +0 -32
  775. data/spec/unit/application/man_spec.rb +0 -52
  776. data/spec/unit/capability_spec.rb +0 -414
  777. data/spec/unit/concurrent/thread_local_singleton_spec.rb +0 -39
  778. data/spec/unit/face/key_spec.rb +0 -9
  779. data/spec/unit/face/module/search_spec.rb +0 -231
  780. data/spec/unit/face/status_spec.rb +0 -9
  781. data/spec/unit/facter_impl_spec.rb +0 -31
  782. data/spec/unit/file_serving/mount/scripts_spec.rb +0 -69
  783. data/spec/unit/indirector/certificate/file_spec.rb +0 -14
  784. data/spec/unit/indirector/certificate/rest_spec.rb +0 -61
  785. data/spec/unit/indirector/certificate_request/file_spec.rb +0 -14
  786. data/spec/unit/indirector/certificate_request/rest_spec.rb +0 -25
  787. data/spec/unit/indirector/key/file_spec.rb +0 -78
  788. data/spec/unit/indirector/ssl_file_spec.rb +0 -305
  789. data/spec/unit/indirector/status/local_spec.rb +0 -10
  790. data/spec/unit/indirector/status/rest_spec.rb +0 -50
  791. data/spec/unit/module_tool/applications/searcher_spec.rb +0 -38
  792. data/spec/unit/network/auth_config_parser_spec.rb +0 -115
  793. data/spec/unit/network/authstore_spec.rb +0 -407
  794. data/spec/unit/network/http/api/master/v3/authorization_spec.rb +0 -57
  795. data/spec/unit/network/http/api/master/v3/environment_spec.rb +0 -185
  796. data/spec/unit/network/http/compression_spec.rb +0 -240
  797. data/spec/unit/network/http/nocache_pool_spec.rb +0 -64
  798. data/spec/unit/network/http_spec.rb +0 -9
  799. data/spec/unit/network/rights_spec.rb +0 -439
  800. data/spec/unit/parser/environment_compiler_spec.rb +0 -730
  801. data/spec/unit/pops/evaluator/deferred_resolver_spec.rb +0 -20
  802. data/spec/unit/pops/types/enumeration_spec.rb +0 -51
  803. data/spec/unit/resource/capability_finder_spec.rb +0 -148
  804. data/spec/unit/rest/route_spec.rb +0 -132
  805. data/spec/unit/ssl/host_spec.rb +0 -645
  806. data/spec/unit/ssl/key_spec.rb +0 -173
  807. data/spec/unit/ssl/validator_spec.rb +0 -278
  808. data/spec/unit/status_spec.rb +0 -45
  809. data/spec/unit/util/json_spec.rb +0 -126
  810. data/spec/unit/util/ssl_spec.rb +0 -91
  811. data/spec/unit/util/windows_spec.rb +0 -23
@@ -1,505 +0,0 @@
1
- require 'puppet/ssl'
2
- require 'puppet/ssl/key'
3
- require 'puppet/ssl/certificate'
4
- require 'puppet/ssl/certificate_request'
5
- require 'puppet/ssl/certificate_request_attributes'
6
- require 'puppet/ssl/state_machine'
7
- require 'puppet/rest/errors'
8
- require 'puppet/rest/routes'
9
-
10
- # The class that manages all aspects of our SSL certificates --
11
- # private keys, public keys, requests, etc.
12
- #
13
- # @deprecated Use {Puppet::SSL::SSLProvider} instead.
14
- class Puppet::SSL::Host
15
- # Yay, ruby's strange constant lookups.
16
- Key = Puppet::SSL::Key
17
- CA_NAME = Puppet::SSL::CA_NAME
18
- Certificate = Puppet::SSL::Certificate
19
- CertificateRequest = Puppet::SSL::CertificateRequest
20
-
21
- attr_reader :name, :device, :crl_path
22
-
23
- attr_writer :key, :certificate, :certificate_request, :crl_usage
24
-
25
- def self.localhost(suppress_warning = false)
26
- return @localhost if @localhost
27
- @localhost = new(nil, false, suppress_warning)
28
- @localhost.generate unless @localhost.certificate
29
- @localhost.key
30
- @localhost
31
- end
32
-
33
- def self.reset
34
- @localhost = nil
35
- end
36
-
37
- # Configure how our various classes interact with their various terminuses.
38
- def self.configure_indirection(terminus, cache = nil)
39
- Certificate.indirection.terminus_class = terminus
40
- CertificateRequest.indirection.terminus_class = terminus
41
-
42
- if cache
43
- # This is weird; we don't actually cache our keys, we
44
- # use what would otherwise be the cache as our normal
45
- # terminus.
46
- Key.indirection.terminus_class = cache
47
- else
48
- Key.indirection.terminus_class = terminus
49
- end
50
-
51
- if cache
52
- Certificate.indirection.cache_class = cache
53
- CertificateRequest.indirection.cache_class = cache
54
- else
55
- # Make sure we have no cache configured. puppet master
56
- # switches the configurations around a bit, so it's important
57
- # that we specify the configs for absolutely everything, every
58
- # time.
59
- Certificate.indirection.cache_class = nil
60
- CertificateRequest.indirection.cache_class = nil
61
- end
62
- end
63
-
64
- def self.from_data_hash(data)
65
- instance = new(data["name"])
66
- if data["desired_state"]
67
- instance.desired_state = data["desired_state"]
68
- end
69
- instance
70
- end
71
-
72
- def key
73
- @key ||= Key.indirection.find(name)
74
- end
75
-
76
- # This is the private key; we can create it from scratch
77
- # with no inputs.
78
- def generate_key
79
- @key = Key.new(name)
80
- @key.generate
81
- begin
82
- Key.indirection.save(@key)
83
- rescue
84
- @key = nil
85
- raise
86
- end
87
- true
88
- end
89
-
90
- # Our certificate request requires the key but that's all.
91
- def generate_certificate_request(options = {})
92
- generate_key unless key
93
-
94
- # If this CSR is for the current machine...
95
- if name == Puppet[:certname].downcase
96
- # ...add our configured dns_alt_names
97
- if Puppet[:dns_alt_names] and Puppet[:dns_alt_names] != ''
98
- options[:dns_alt_names] ||= Puppet[:dns_alt_names]
99
- end
100
- end
101
-
102
- csr_attributes = Puppet::SSL::CertificateRequestAttributes.new(Puppet[:csr_attributes])
103
- if csr_attributes.load
104
- options[:csr_attributes] = csr_attributes.custom_attributes
105
- options[:extension_requests] = csr_attributes.extension_requests
106
- end
107
-
108
- @certificate_request = CertificateRequest.new(name)
109
- @certificate_request.generate(key.content, options)
110
- begin
111
- submit_certificate_request(@certificate_request)
112
- save_certificate_request(@certificate_request)
113
- rescue
114
- @certificate_request = nil
115
- raise
116
- end
117
-
118
- true
119
- end
120
-
121
- def certificate
122
- unless @certificate
123
- generate_key unless key
124
-
125
- # get CA and optional CRL
126
- sm = Puppet::SSL::StateMachine.new(onetime: true)
127
- sm.ensure_ca_certificates
128
-
129
- cert = get_host_certificate
130
- return nil unless cert
131
-
132
- validate_certificate_with_key(cert)
133
- @certificate = cert
134
- end
135
- @certificate
136
- end
137
-
138
- # The puppet parameters for commands output by the validate_ methods depend
139
- # upon whether this is an agent or a device.
140
-
141
- def clean_params
142
- @device ? "--target #{Puppet[:certname]}" : ''
143
- end
144
-
145
- def puppet_params
146
- @device ? "device -v --target #{Puppet[:certname]}" : 'agent -t'
147
- end
148
-
149
- # Validate that our private key matches the specified certificate.
150
- #
151
- # @param [Puppet::SSL::Certificate] cert the certificate to check
152
- # @raises [Puppet::Error] if the private key does not match
153
- def validate_certificate_with_key(cert)
154
- raise Puppet::Error, _("No certificate to validate.") unless cert
155
- raise Puppet::Error, _("No private key with which to validate certificate with fingerprint: %{fingerprint}") % { fingerprint: cert.fingerprint } unless key
156
- unless cert.content.check_private_key(key.content)
157
- raise Puppet::Error, _(<<ERROR_STRING) % { fingerprint: cert.fingerprint, cert_name: Puppet[:certname], clean_params: clean_params, puppet_params: puppet_params }
158
- The certificate retrieved from the master does not match the agent's private key. Did you forget to run as root?
159
- Certificate fingerprint: %{fingerprint}
160
- To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certificate.
161
- On the master:
162
- puppetserver ca clean --certname %{cert_name}
163
- On the agent:
164
- 1. puppet ssl clean %{clean_params}
165
- 2. puppet %{puppet_params}
166
- ERROR_STRING
167
- end
168
- end
169
-
170
- def download_host_certificate
171
- cert = download_certificate_from_ca(name)
172
- return nil unless cert
173
-
174
- validate_certificate_with_key(cert)
175
- save_host_certificate(cert)
176
- cert
177
- end
178
-
179
- # Search for an existing CSR for this host either cached on
180
- # disk or stored by the CA. Returns nil if no request exists.
181
- # @return [Puppet::SSL::CertificateRequest, nil]
182
- def certificate_request
183
- unless @certificate_request
184
- csr = load_certificate_request_from_file
185
- if csr
186
- @certificate_request = csr
187
- else
188
- csr = download_csr_from_ca
189
- if csr
190
- @certificate_request = csr
191
- end
192
- end
193
- end
194
- @certificate_request
195
- end
196
-
197
- # Generate all necessary parts of our ssl host.
198
- def generate
199
- generate_key unless key
200
-
201
- existing_request = certificate_request
202
-
203
- # if CSR downloaded from master, but the local keypair was just generated and
204
- # does not match the public key in the CSR, fail hard
205
- validate_csr_with_key(existing_request, key) if existing_request
206
-
207
- generate_certificate_request unless existing_request
208
- end
209
-
210
- def validate_csr_with_key(csr, key)
211
- if key.content.public_key.to_s != csr.content.public_key.to_s
212
- raise Puppet::Error, _(<<ERROR_STRING) % { fingerprint: csr.fingerprint, csr_public_key: csr.content.public_key.to_text, agent_public_key: key.content.public_key.to_text, cert_name: Puppet[:certname], clean_params: clean_params, puppet_params: puppet_params }
213
- The CSR retrieved from the master does not match the agent's public key.
214
- CSR fingerprint: %{fingerprint}
215
- CSR public key: %{csr_public_key}
216
- Agent public key: %{agent_public_key}
217
- To fix this, remove the CSR from both the master and the agent and then start a puppet run, which will automatically regenerate a CSR.
218
- On the master:
219
- puppetserver ca clean --certname %{cert_name}
220
- On the agent:
221
- 1. puppet ssl clean %{clean_params}
222
- 2. puppet %{puppet_params}
223
- ERROR_STRING
224
- end
225
- end
226
- private :validate_csr_with_key
227
-
228
- def initialize(name = nil, device = false, suppress_warning = false)
229
- @name = (name || Puppet[:certname]).downcase
230
- @device = device
231
- Puppet::SSL::Base.validate_certname(@name)
232
- @key = @certificate = @certificate_request = nil
233
- @crl_usage = Puppet.settings[:certificate_revocation]
234
- @crl_path = Puppet.settings[:hostcrl]
235
- Puppet.deprecation_warning(_("Puppet::SSL::Host is deprecated and will be removed in a future release of Puppet.")) unless suppress_warning
236
- end
237
-
238
- # Extract the public key from the private key.
239
- def public_key
240
- key.content.public_key
241
- end
242
-
243
- def use_crl?
244
- !!@crl_usage
245
- end
246
-
247
- def use_crl_chain?
248
- @crl_usage == true || @crl_usage == :chain
249
- end
250
-
251
- # Create/return a store that uses our SSL info to validate
252
- # connections.
253
- def ssl_store(purpose = OpenSSL::X509::PURPOSE_ANY)
254
- if @ssl_store.nil?
255
- @ssl_store = build_ssl_store(purpose)
256
- end
257
- @ssl_store
258
- end
259
-
260
- # Attempt to retrieve a cert, if we don't already have one.
261
- def wait_for_cert(time)
262
- begin
263
- return if certificate
264
- generate
265
- return if certificate
266
- rescue StandardError => detail
267
- Puppet.log_exception(detail, _("Could not request certificate: %{message}") % { message: detail.message })
268
- if time < 1
269
- puts _("Exiting; failed to retrieve certificate and waitforcert is disabled")
270
- exit(1)
271
- else
272
- sleep(time)
273
- end
274
- retry
275
- end
276
-
277
- if time < 1
278
- puts _("Exiting; no certificate found and waitforcert is disabled")
279
- exit(1)
280
- end
281
-
282
- loop do
283
- sleep time
284
- begin
285
- break if certificate
286
- Puppet.notice _("Did not receive certificate")
287
- rescue StandardError => detail
288
- Puppet.log_exception(detail, _("Could not request certificate: %{message}") % { message: detail.message })
289
- end
290
- end
291
- end
292
-
293
- # Saves the given certificate to disc, at a location determined by this
294
- # host's configuration.
295
- # @param [Puppet::SSL::Certificate] cert the cert to save
296
- def save_host_certificate(cert)
297
- file_path = certificate_location(name)
298
- Puppet::Util.replace_file(file_path, 0644) do |f|
299
- f.write(cert.to_s)
300
- end
301
- end
302
-
303
- private
304
-
305
- # Load a previously generated CSR from disk
306
- # @return [Puppet::SSL::CertificateRequest, nil]
307
- def load_certificate_request_from_file
308
- request_path = certificate_request_location(name)
309
- if Puppet::FileSystem.exist?(request_path)
310
- Puppet::SSL::CertificateRequest.from_s(Puppet::FileSystem.read(request_path))
311
- end
312
- end
313
-
314
- # Download the CSR for this host from the CA. Returns nil if the CA
315
- # has no saved CSR for this host.
316
- # @raises [Puppet::Error] if the response from the server is not a valid
317
- # CSR or an error occurs while fetching.
318
- # @return [Puppet::SSL::CertificateRequest, nil]
319
- def download_csr_from_ca
320
- begin
321
- body = Puppet::Rest::Routes.get_certificate_request(
322
- name, Puppet::SSL::SSLContext.new(store: ssl_store))
323
- begin
324
- Puppet::SSL::CertificateRequest.from_s(body)
325
- rescue OpenSSL::X509::RequestError => e
326
- raise Puppet::Error, _("Response from the CA did not contain a valid certificate request: %{message}") % { message: e.message }
327
- end
328
- rescue Puppet::Rest::ResponseError => e
329
- if e.response.code.to_i == 404
330
- nil
331
- else
332
- raise Puppet::Error, _('Could not download certificate request: %{message}') % { message: e.message }
333
- end
334
- end
335
- end
336
- # Submit the CSR to the CA via an HTTP PUT request.
337
- # @param [Puppet::SSL::CertificateRequest] csr the request to submit
338
- def submit_certificate_request(csr)
339
- Puppet::Rest::Routes.put_certificate_request(
340
- csr.render, name, Puppet::SSL::SSLContext.new(store: ssl_store))
341
- end
342
-
343
- def save_certificate_request(csr)
344
- Puppet::Util.replace_file(certificate_request_location(name), 0644) do |file|
345
- file.write(csr.render)
346
- end
347
- end
348
-
349
- # @param crl_string [String] CRLs read from disk or obtained from server
350
- # @return [Array<OpenSSL::X509::CRL>] CRLs from chain
351
- # @raise [Puppet::Error<OpenSSL::X509::CRLError>] if the CRL chain is malformed
352
- def process_crl_string(crl_string)
353
- delimiters = /-----BEGIN X509 CRL-----.*?-----END X509 CRL-----/m
354
- crl_string.scan(delimiters).map do |crl|
355
- begin
356
- OpenSSL::X509::CRL.new(crl)
357
- rescue OpenSSL::X509::CRLError => e
358
- raise Puppet::Error.new(
359
- _("Failed attempting to load CRL from %{crl_path}! The CRL below caused the error '%{error}':\n%{crl}" % {crl_path: crl_path, error: e.message, crl: crl}),
360
- e)
361
- end
362
- end
363
- end
364
-
365
- # @param path [String] Path to CRL Chain
366
- # @return [Array<OpenSSL::X509::CRL>] CRLs from chain
367
- # @raise [Puppet::Error<OpenSSL::X509::CRLError>] if the CRL chain is malformed
368
- def load_crls(path)
369
- crls_pems = Puppet::FileSystem.read(path, encoding: Encoding::UTF_8)
370
- process_crl_string(crls_pems)
371
- end
372
-
373
- # Fetches and saves the crl bundle from the CA server without validating
374
- # its contents. Takes an optional store to use with the http_client,
375
- # necessary for initial download of the CRL because `build_ssl_store`
376
- # calls this `download_and_save_crl_bundle`. If there is an error during
377
- # this downloading process, the file should not be replaced at all. This
378
- # streams the file directly to disk to avoid loading the entire CRL in memory.
379
- # @param [OpenSSL::X509::Store] store optional ssl_store to use with http_client
380
- # @raise [Puppet::Error<Puppet::Rest::ResponseError>] if bad response from server
381
- # @return nil
382
- def download_and_save_crl_bundle(store=nil)
383
- begin
384
- # If no SSL store was supplied, use this host's SSL store
385
- store ||= ssl_store
386
- Puppet::Util.replace_file(crl_path, 0644) do |file|
387
- result = Puppet::Rest::Routes.get_crls(CA_NAME, Puppet::SSL::SSLContext.new(store: store))
388
- file.write(result)
389
- end
390
- rescue Puppet::Rest::ResponseError => e
391
- raise Puppet::Error, _('Could not download CRLs: %{message}') % { message: e.message }
392
- end
393
- end
394
-
395
- # Attempts to load or fetch this host's certificate. Returns nil if
396
- # no certificate could be found.
397
- # @return [Puppet::SSL::Certificate, nil]
398
- def get_host_certificate
399
- cert = check_for_certificate_on_disk(name)
400
- if cert
401
- return cert
402
- else
403
- cert = download_certificate_from_ca(name)
404
- if cert
405
- save_host_certificate(cert)
406
- return cert
407
- else
408
- return nil
409
- end
410
- end
411
- end
412
-
413
- # Checks for the requested certificate on disc, at a location
414
- # determined by this host's configuration.
415
- # @name [String] name the name of the cert to look for
416
- # @raise [Puppet::Error] if contents of certificate file is invalid
417
- # and could not be loaded
418
- # @return [Puppet::SSL::Certificate, nil]
419
- def check_for_certificate_on_disk(cert_name)
420
- file_path = certificate_location(cert_name)
421
- if Puppet::FileSystem.exist?(file_path)
422
- begin
423
- Puppet::SSL::Certificate.from_s(Puppet::FileSystem.read(file_path))
424
- rescue OpenSSL::X509::CertificateError
425
- raise Puppet::Error, _("The certificate at %{file_path} is invalid. Could not load.") % { file_path: file_path }
426
- end
427
- end
428
- end
429
- public :check_for_certificate_on_disk
430
-
431
- # Attempts to download this host's certificate from the CA server.
432
- # Returns nil if the CA does not yet have a signed cert for this host.
433
- # @param [String] name then name of the cert to fetch
434
- # @raise [Puppet::Error] if response from the CA does not contain a valid
435
- # certificate
436
- # @return [Puppet::SSL::Certificate, nil]
437
- def download_certificate_from_ca(cert_name)
438
- begin
439
- cert = Puppet::Rest::Routes.get_certificate(
440
- cert_name,
441
- Puppet::SSL::SSLContext.new(store: ssl_store)
442
- )
443
- begin
444
- Puppet::SSL::Certificate.from_s(cert)
445
- rescue OpenSSL::X509::CertificateError
446
- raise Puppet::Error, _("Response from the CA did not contain a valid certificate for %{cert_name}.") % { cert_name: cert_name }
447
- end
448
- rescue Puppet::Rest::ResponseError => e
449
- if e.response.code.to_i == 404
450
- Puppet.debug _("No certificate for %{cert_name} on CA") % { cert_name: cert_name }
451
- nil
452
- else
453
- raise Puppet::Rest::ResponseError, _("Could not download host certificate: %{message}") % { message: e.message }
454
- end
455
- end
456
- end
457
- public :download_certificate_from_ca
458
-
459
- # Returns the file path for the named certificate, based on this host's
460
- # configuration.
461
- # @param [String] name the name of the cert to find
462
- # @return [String] file path to the cert's location
463
- def certificate_location(cert_name)
464
- cert_name == CA_NAME ? Puppet[:localcacert] : File.join(Puppet[:certdir], "#{cert_name}.pem")
465
- end
466
-
467
- # Returns the file path for the named CSR, based on this host's configuration.
468
- # @param [String] name the name of the CSR to find
469
- # @return [String] file path to the CSR's location
470
- def certificate_request_location(cert_name)
471
- File.join(Puppet[:requestdir], "#{cert_name}.pem")
472
- end
473
-
474
- # @param [OpenSSL::X509::PURPOSE_*] constant defining the kinds of certs
475
- # this store can verify
476
- # @return [OpenSSL::X509::Store]
477
- # @raise [OpenSSL::X509::StoreError] if localcacert is malformed or non-existant
478
- # @raise [Puppet::Error] if the CRL chain is malformed
479
- # @raise [Errno::ENOENT] if the CRL does not exist on disk but use_crl? is true
480
- def build_ssl_store(purpose=OpenSSL::X509::PURPOSE_ANY)
481
- store = OpenSSL::X509::Store.new
482
- store.purpose = purpose
483
-
484
- # Use the file path here, because we don't want to cause
485
- # a lookup in the middle of setting our ssl connection.
486
- store.add_file(Puppet.settings[:localcacert])
487
-
488
- if use_crl?
489
- if !Puppet::FileSystem.exist?(crl_path)
490
- download_and_save_crl_bundle(store)
491
- end
492
-
493
- crls = load_crls(crl_path)
494
-
495
- flags = OpenSSL::X509::V_FLAG_CRL_CHECK
496
- if use_crl_chain?
497
- flags |= OpenSSL::X509::V_FLAG_CRL_CHECK_ALL
498
- end
499
-
500
- store.flags = flags
501
- crls.each {|crl| store.add_crl(crl) }
502
- end
503
- store
504
- end
505
- end
@@ -1,61 +0,0 @@
1
- require 'puppet/ssl/base'
2
- require 'puppet/indirector'
3
-
4
- # Manage private and public keys as a pair.
5
- #
6
- # @deprecated Use {Puppet::SSL::SSLProvider} instead.
7
- class Puppet::SSL::Key < Puppet::SSL::Base
8
- wraps OpenSSL::PKey::RSA
9
-
10
- extend Puppet::Indirector
11
- indirects :key, :terminus_class => :file, :doc => <<DOC
12
- This indirection wraps an `OpenSSL::PKey::RSA object, representing a private key.
13
- The indirection key is the certificate CN (generally a hostname).
14
- DOC
15
-
16
- # Because of how the format handler class is included, this
17
- # can't be in the base class.
18
- def self.supported_formats
19
- [:s]
20
- end
21
-
22
- attr_accessor :password_file
23
-
24
- # Knows how to create keys with our system defaults.
25
- def generate
26
- Puppet.info _("Creating a new SSL key for %{name}") % { name: name }
27
- @content = OpenSSL::PKey::RSA.new(Puppet[:keylength].to_i)
28
- end
29
-
30
- def initialize(name)
31
- super
32
-
33
- @password_file = Puppet[:passfile]
34
- end
35
-
36
- def password
37
- return nil unless password_file and Puppet::FileSystem.exist?(password_file)
38
-
39
- # Puppet generates files at the default Puppet[:capass] using ASCII
40
- # User configured :passfile could be in any encoding
41
- # Use BINARY given the string is passed to an OpenSSL API accepting bytes
42
- # note this is only called internally
43
- Puppet::FileSystem.read(password_file, :encoding => Encoding::BINARY)
44
- end
45
-
46
- # Optionally support specifying a password file.
47
- def read(path)
48
- return super unless password_file
49
-
50
- # RFC 1421 states PEM is 7-bit ASCII https://tools.ietf.org/html/rfc1421
51
- @content = wrapped_class.new(Puppet::FileSystem.read(path, :encoding => Encoding::ASCII), password)
52
- end
53
-
54
- def to_s
55
- if password
56
- @content.export(OpenSSL::Cipher::DES.new(:EDE3, :CBC), password)
57
- else
58
- return super
59
- end
60
- end
61
- end