puppet 6.28.0-universal-darwin → 7.0.0-universal-darwin
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CODEOWNERS +16 -2
- data/CONTRIBUTING.md +5 -5
- data/Gemfile +5 -7
- data/Gemfile.lock +52 -131
- data/README.md +5 -5
- data/conf/fileserver.conf +5 -10
- data/ext/README.environment +8 -0
- data/ext/build_defaults.yaml +1 -1
- data/ext/dbfix.sql +132 -0
- data/ext/debian/README.Debian +8 -0
- data/ext/debian/README.source +2 -0
- data/ext/debian/TODO.Debian +1 -0
- data/ext/debian/changelog.erb +1122 -0
- data/ext/debian/compat +1 -0
- data/ext/debian/control +144 -0
- data/ext/debian/copyright +339 -0
- data/ext/debian/docs +1 -0
- data/ext/debian/fileserver.conf +41 -0
- data/ext/debian/puppet-common.dirs +13 -0
- data/ext/debian/puppet-common.install +3 -0
- data/ext/debian/puppet-common.lintian-overrides +5 -0
- data/ext/debian/puppet-common.manpages +28 -0
- data/ext/debian/puppet-common.postinst +35 -0
- data/ext/debian/puppet-common.postrm +33 -0
- data/ext/debian/puppet-el.dirs +1 -0
- data/ext/debian/puppet-el.emacsen-install +25 -0
- data/ext/debian/puppet-el.emacsen-remove +11 -0
- data/ext/debian/puppet-el.emacsen-startup +9 -0
- data/ext/debian/puppet-el.install +1 -0
- data/ext/debian/puppet-testsuite.install +2 -0
- data/ext/debian/puppet-testsuite.lintian-overrides +4 -0
- data/ext/debian/puppet.lintian-overrides +3 -0
- data/ext/debian/puppet.logrotate +20 -0
- data/ext/debian/puppet.postinst +20 -0
- data/ext/debian/puppet.postrm +20 -0
- data/ext/debian/puppet.preinst +20 -0
- data/ext/debian/puppetmaster-common.install +2 -0
- data/ext/debian/puppetmaster-common.manpages +2 -0
- data/ext/debian/puppetmaster-common.postinst +6 -0
- data/ext/debian/puppetmaster-passenger.dirs +4 -0
- data/ext/debian/puppetmaster-passenger.postinst +162 -0
- data/ext/debian/puppetmaster-passenger.postrm +61 -0
- data/ext/debian/puppetmaster.README.debian +17 -0
- data/ext/debian/puppetmaster.default +14 -0
- data/ext/debian/puppetmaster.init +137 -0
- data/ext/debian/puppetmaster.lintian-overrides +3 -0
- data/ext/debian/puppetmaster.postinst +20 -0
- data/ext/debian/puppetmaster.postrm +5 -0
- data/ext/debian/puppetmaster.preinst +22 -0
- data/ext/debian/rules +132 -0
- data/ext/debian/source/format +1 -0
- data/ext/debian/source/options +1 -0
- data/ext/debian/vim-puppet.README.Debian +13 -0
- data/ext/debian/vim-puppet.dirs +5 -0
- data/ext/debian/vim-puppet.yaml +7 -0
- data/ext/debian/watch +2 -0
- data/ext/freebsd/puppetd +26 -0
- data/ext/freebsd/puppetmasterd +26 -0
- data/ext/gentoo/conf.d/puppet +5 -0
- data/ext/gentoo/conf.d/puppetmaster +12 -0
- data/ext/gentoo/init.d/puppet +38 -0
- data/ext/gentoo/init.d/puppetmaster +51 -0
- data/ext/gentoo/puppet/fileserver.conf +41 -0
- data/ext/ips/puppet-agent +44 -0
- data/ext/ips/puppet-master +44 -0
- data/ext/ips/puppet.p5m.erb +12 -0
- data/ext/ips/puppetagent.xml +42 -0
- data/ext/ips/puppetmaster.xml +42 -0
- data/ext/ips/rules +19 -0
- data/ext/ips/transforms +34 -0
- data/ext/ldap/puppet.schema +24 -0
- data/ext/logcheck/puppet +23 -0
- data/{examples → ext}/nagios/check_puppet.rb +2 -2
- data/ext/osx/file_mapping.yaml +28 -0
- data/ext/osx/postflight.erb +109 -0
- data/ext/osx/preflight.erb +52 -0
- data/ext/osx/prototype.plist.erb +38 -0
- data/ext/osx/puppet.plist +0 -2
- data/ext/project_data.yaml +1 -15
- data/ext/redhat/fileserver.conf +41 -0
- data/ext/redhat/logrotate +21 -0
- data/ext/redhat/puppet.spec.erb +841 -0
- data/ext/redhat/server.init +128 -0
- data/ext/redhat/server.sysconfig +13 -0
- data/{examples/enc → ext}/regexp_nodes/classes/databases +0 -0
- data/{examples/enc → ext}/regexp_nodes/classes/webservers +0 -0
- data/{examples/enc → ext}/regexp_nodes/environment/development +0 -0
- data/{examples/enc → ext}/regexp_nodes/parameters/service/prod +0 -0
- data/{examples/enc → ext}/regexp_nodes/parameters/service/qa +0 -0
- data/{examples/enc → ext}/regexp_nodes/parameters/service/sandbox +0 -0
- data/{examples/enc → ext}/regexp_nodes/regexp_nodes.rb +0 -0
- data/ext/solaris/pkginfo +6 -0
- data/ext/solaris/smf/puppetd.xml +77 -0
- data/ext/solaris/smf/puppetmasterd.xml +77 -0
- data/ext/solaris/smf/svc-puppetd +71 -0
- data/ext/solaris/smf/svc-puppetmasterd +67 -0
- data/ext/suse/puppet.spec +310 -0
- data/ext/suse/server.init +173 -0
- data/ext/windows/service/daemon.rb +6 -5
- data/ext/yaml_nodes.rb +105 -0
- data/install.rb +21 -17
- data/lib/puppet/agent.rb +11 -47
- data/lib/puppet/application/agent.rb +16 -18
- data/lib/puppet/application/apply.rb +4 -24
- data/lib/puppet/application/device.rb +100 -106
- data/lib/puppet/application/filebucket.rb +13 -10
- data/lib/puppet/application/lookup.rb +24 -74
- data/lib/puppet/application/resource.rb +16 -32
- data/lib/puppet/application/script.rb +0 -2
- data/lib/puppet/application/ssl.rb +1 -13
- data/lib/puppet/application.rb +178 -108
- data/lib/puppet/application_support.rb +0 -7
- data/lib/puppet/concurrent/thread_local_singleton.rb +3 -6
- data/lib/puppet/configurer/downloader.rb +1 -2
- data/lib/puppet/configurer/plugin_handler.rb +21 -19
- data/lib/puppet/configurer.rb +86 -183
- data/lib/puppet/confine/variable.rb +1 -1
- data/lib/puppet/defaults.rb +130 -244
- data/lib/puppet/environments.rb +82 -146
- data/lib/puppet/face/facts.rb +5 -103
- data/lib/puppet/face/generate.rb +0 -2
- data/lib/puppet/face/help/action.erb +0 -1
- data/lib/puppet/face/help/face.erb +0 -1
- data/lib/puppet/face/help.rb +1 -1
- data/lib/puppet/face/node/clean.rb +0 -11
- data/lib/puppet/face/plugin.rb +5 -8
- data/lib/puppet/ffi/windows/api_types.rb +311 -0
- data/lib/puppet/ffi/windows/constants.rb +404 -0
- data/lib/puppet/ffi/windows/functions.rb +628 -0
- data/lib/puppet/ffi/windows/structs.rb +338 -0
- data/lib/puppet/ffi/windows.rb +12 -0
- data/lib/puppet/file_serving/configuration/parser.rb +3 -34
- data/lib/puppet/file_serving/configuration.rb +0 -8
- data/lib/puppet/file_serving/fileset.rb +2 -14
- data/lib/puppet/file_serving/http_metadata.rb +1 -1
- data/lib/puppet/file_serving/metadata.rb +0 -3
- data/lib/puppet/file_serving/mount/file.rb +4 -4
- data/lib/puppet/file_serving/mount.rb +1 -2
- data/lib/puppet/file_system/file_impl.rb +8 -10
- data/lib/puppet/file_system/jruby.rb +1 -1
- data/lib/puppet/file_system/memory_file.rb +1 -8
- data/lib/puppet/file_system/windows.rb +6 -8
- data/lib/puppet/file_system.rb +1 -1
- data/lib/puppet/forge/repository.rb +0 -1
- data/lib/puppet/forge.rb +4 -4
- data/lib/puppet/functions/all.rb +1 -1
- data/lib/puppet/functions/camelcase.rb +1 -1
- data/lib/puppet/functions/capitalize.rb +2 -2
- data/lib/puppet/functions/downcase.rb +2 -2
- data/lib/puppet/functions/empty.rb +0 -8
- data/lib/puppet/functions/find_template.rb +2 -2
- data/lib/puppet/functions/get.rb +5 -5
- data/lib/puppet/functions/group_by.rb +5 -13
- data/lib/puppet/functions/lest.rb +1 -1
- data/lib/puppet/functions/new.rb +100 -100
- data/lib/puppet/functions/next.rb +1 -18
- data/lib/puppet/functions/partition.rb +4 -12
- data/lib/puppet/functions/require.rb +5 -5
- data/lib/puppet/functions/sort.rb +3 -3
- data/lib/puppet/functions/strftime.rb +0 -1
- data/lib/puppet/functions/tree_each.rb +10 -7
- data/lib/puppet/functions/type.rb +4 -4
- data/lib/puppet/functions/unwrap.rb +2 -17
- data/lib/puppet/functions/upcase.rb +2 -2
- data/lib/puppet/functions/versioncmp.rb +2 -6
- data/lib/puppet/generate/models/type/type.rb +4 -1
- data/lib/puppet/generate/type.rb +0 -9
- data/lib/puppet/http/client.rb +167 -137
- data/lib/puppet/{network/resolver.rb → http/dns.rb} +2 -2
- data/lib/puppet/http/errors.rb +16 -0
- data/lib/puppet/http/external_client.rb +5 -7
- data/lib/puppet/{network/http → http}/factory.rb +8 -15
- data/lib/puppet/{network/http → http}/pool.rb +61 -26
- data/lib/puppet/{network/http/session.rb → http/pool_entry.rb} +2 -3
- data/lib/puppet/http/proxy.rb +137 -0
- data/lib/puppet/http/redirector.rb +4 -17
- data/lib/puppet/http/resolver/server_list.rb +10 -25
- data/lib/puppet/http/resolver/settings.rb +4 -7
- data/lib/puppet/http/resolver/srv.rb +7 -11
- data/lib/puppet/http/resolver.rb +5 -15
- data/lib/puppet/http/response.rb +36 -54
- data/lib/puppet/http/response_converter.rb +24 -0
- data/lib/puppet/http/response_net_http.rb +42 -0
- data/lib/puppet/http/retry_after_handler.rb +4 -13
- data/lib/puppet/http/service/ca.rb +11 -22
- data/lib/puppet/http/service/compiler.rb +23 -144
- data/lib/puppet/http/service/file_server.rb +19 -29
- data/lib/puppet/http/service/puppetserver.rb +26 -12
- data/lib/puppet/http/service/report.rb +8 -10
- data/lib/puppet/http/service.rb +12 -26
- data/lib/puppet/http/session.rb +11 -20
- data/lib/puppet/{network/http → http}/site.rb +1 -2
- data/lib/puppet/http.rb +22 -13
- data/lib/puppet/indirector/catalog/compiler.rb +6 -25
- data/lib/puppet/indirector/catalog/rest.rb +2 -5
- data/lib/puppet/indirector/facts/facter.rb +6 -6
- data/lib/puppet/indirector/facts/rest.rb +3 -22
- data/lib/puppet/indirector/file_bucket_file/rest.rb +3 -9
- data/lib/puppet/indirector/file_content/rest.rb +2 -6
- data/lib/puppet/indirector/file_metadata/rest.rb +3 -10
- data/lib/puppet/indirector/file_server.rb +1 -8
- data/lib/puppet/indirector/generic_http.rb +0 -11
- data/lib/puppet/indirector/indirection.rb +1 -1
- data/lib/puppet/indirector/node/rest.rb +2 -4
- data/lib/puppet/indirector/report/rest.rb +3 -8
- data/lib/puppet/indirector/request.rb +0 -101
- data/lib/puppet/indirector/resource/ral.rb +1 -6
- data/lib/puppet/indirector/rest.rb +12 -263
- data/lib/puppet/indirector/terminus.rb +0 -4
- data/lib/puppet/interface/documentation.rb +0 -1
- data/lib/puppet/module/plan.rb +1 -0
- data/lib/puppet/module/task.rb +1 -1
- data/lib/puppet/module.rb +0 -1
- data/lib/puppet/module_tool/applications/installer.rb +2 -56
- data/lib/puppet/module_tool/applications/uninstaller.rb +1 -1
- data/lib/puppet/module_tool/applications/upgrader.rb +1 -1
- data/lib/puppet/module_tool/applications.rb +0 -1
- data/lib/puppet/module_tool/errors/shared.rb +2 -34
- data/lib/puppet/network/authconfig.rb +2 -96
- data/lib/puppet/network/authorization.rb +13 -35
- data/lib/puppet/network/formats.rb +0 -67
- data/lib/puppet/network/http/api/indirected_routes.rb +3 -21
- data/lib/puppet/network/http/api/master/v3.rb +11 -13
- data/lib/puppet/network/http/connection.rb +247 -316
- data/lib/puppet/network/http/handler.rb +0 -1
- data/lib/puppet/network/http.rb +3 -3
- data/lib/puppet/network/http_pool.rb +16 -34
- data/lib/puppet/node/environment.rb +11 -10
- data/lib/puppet/node.rb +2 -31
- data/lib/puppet/pal/json_catalog_encoder.rb +4 -0
- data/lib/puppet/pal/pal_impl.rb +4 -2
- data/lib/puppet/parser/ast/leaf.rb +2 -3
- data/lib/puppet/parser/ast/pops_bridge.rb +0 -38
- data/lib/puppet/parser/compiler/catalog_validator/relationship_validator.rb +14 -39
- data/lib/puppet/parser/compiler.rb +0 -198
- data/lib/puppet/parser/functions/fqdn_rand.rb +6 -14
- data/lib/puppet/parser/resource.rb +1 -70
- data/lib/puppet/parser/scope.rb +0 -1
- data/lib/puppet/parser/templatewrapper.rb +1 -2
- data/lib/puppet/pops/evaluator/closure.rb +5 -7
- data/lib/puppet/pops/evaluator/deferred_resolver.rb +3 -5
- data/lib/puppet/pops/evaluator/evaluator_impl.rb +0 -5
- data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +3 -4
- data/lib/puppet/pops/evaluator/runtime3_support.rb +1 -1
- data/lib/puppet/pops/issues.rb +0 -5
- data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +6 -8
- data/lib/puppet/pops/lookup/lookup_adapter.rb +2 -3
- data/lib/puppet/pops/model/ast.pp +0 -42
- data/lib/puppet/pops/model/ast.rb +0 -291
- data/lib/puppet/pops/model/ast_transformer.rb +1 -1
- data/lib/puppet/pops/model/factory.rb +1 -47
- data/lib/puppet/pops/model/model_label_provider.rb +0 -5
- data/lib/puppet/pops/model/model_tree_dumper.rb +0 -22
- data/lib/puppet/pops/model/pn_transformer.rb +0 -16
- data/lib/puppet/pops/parser/code_merger.rb +4 -4
- data/lib/puppet/pops/parser/egrammar.ra +0 -58
- data/lib/puppet/pops/parser/eparser.rb +1685 -1896
- data/lib/puppet/pops/parser/lexer2.rb +91 -92
- data/lib/puppet/pops/parser/parser_support.rb +0 -5
- data/lib/puppet/pops/parser/slurp_support.rb +0 -1
- data/lib/puppet/pops/resource/resource_type_impl.rb +2 -24
- data/lib/puppet/pops/serialization/to_stringified_converter.rb +1 -1
- data/lib/puppet/pops/types/p_sem_ver_type.rb +2 -8
- data/lib/puppet/pops/types/p_sensitive_type.rb +0 -10
- data/lib/puppet/pops/types/type_calculator.rb +0 -7
- data/lib/puppet/pops/types/type_formatter.rb +3 -4
- data/lib/puppet/pops/types/type_mismatch_describer.rb +1 -1
- data/lib/puppet/pops/types/type_parser.rb +0 -4
- data/lib/puppet/pops/types/types.rb +1 -2
- data/lib/puppet/pops/validation/checker4_0.rb +9 -37
- data/lib/puppet/pops/validation/tasks_checker.rb +0 -12
- data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -2
- data/lib/puppet/property/list.rb +1 -1
- data/lib/puppet/provider/aix_object.rb +1 -1
- data/lib/puppet/provider/exec/posix.rb +4 -16
- data/lib/puppet/provider/group/groupadd.rb +10 -18
- data/lib/puppet/provider/nameservice.rb +0 -18
- data/lib/puppet/provider/package/apt.rb +2 -34
- data/lib/puppet/provider/package/aptitude.rb +0 -6
- data/lib/puppet/provider/package/dnfmodule.rb +1 -1
- data/lib/puppet/provider/package/dpkg.rb +0 -10
- data/lib/puppet/provider/package/gem.rb +23 -3
- data/lib/puppet/provider/package/nim.rb +6 -11
- data/lib/puppet/provider/package/pip.rb +3 -16
- data/lib/puppet/provider/package/pkg.rb +2 -23
- data/lib/puppet/provider/package/portage.rb +1 -1
- data/lib/puppet/provider/package/puppet_gem.rb +1 -4
- data/lib/puppet/provider/package/puppetserver_gem.rb +17 -8
- data/lib/puppet/provider/package/windows/exe_package.rb +1 -30
- data/lib/puppet/provider/package/windows/package.rb +1 -2
- data/lib/puppet/provider/package/windows.rb +1 -14
- data/lib/puppet/provider/package/yum.rb +1 -1
- data/lib/puppet/provider/parsedfile.rb +0 -3
- data/lib/puppet/provider/service/base.rb +1 -1
- data/lib/puppet/provider/service/debian.rb +0 -2
- data/lib/puppet/provider/service/init.rb +9 -10
- data/lib/puppet/provider/service/launchd.rb +2 -2
- data/lib/puppet/provider/service/redhat.rb +1 -1
- data/lib/puppet/provider/service/smf.rb +194 -76
- data/lib/puppet/provider/service/systemd.rb +6 -16
- data/lib/puppet/provider/service/upstart.rb +5 -5
- data/lib/puppet/provider/service/windows.rb +0 -38
- data/lib/puppet/provider/user/aix.rb +3 -46
- data/lib/puppet/provider/user/directoryservice.rb +11 -39
- data/lib/puppet/provider/user/useradd.rb +24 -134
- data/lib/puppet/provider.rb +1 -14
- data/lib/puppet/reference/configuration.rb +8 -7
- data/lib/puppet/reference/indirection.rb +1 -1
- data/lib/puppet/reference/providers.rb +2 -2
- data/lib/puppet/resource/catalog.rb +2 -15
- data/lib/puppet/resource/type.rb +3 -119
- data/lib/puppet/resource/type_collection.rb +3 -49
- data/lib/puppet/resource.rb +6 -127
- data/lib/puppet/runtime.rb +2 -13
- data/lib/puppet/settings/environment_conf.rb +0 -1
- data/lib/puppet/settings/integer_setting.rb +17 -0
- data/lib/puppet/settings/port_setting.rb +15 -0
- data/lib/puppet/settings/priority_setting.rb +5 -4
- data/lib/puppet/settings.rb +82 -98
- data/lib/puppet/ssl/base.rb +3 -5
- data/lib/puppet/ssl/certificate.rb +0 -6
- data/lib/puppet/ssl/certificate_request.rb +1 -12
- data/lib/puppet/ssl/certificate_signer.rb +6 -0
- data/lib/puppet/ssl/oids.rb +3 -1
- data/lib/puppet/ssl/ssl_provider.rb +36 -75
- data/lib/puppet/ssl/state_machine.rb +20 -14
- data/lib/puppet/ssl/verifier.rb +2 -6
- data/lib/puppet/ssl.rb +10 -6
- data/lib/puppet/test/test_helper.rb +2 -7
- data/lib/puppet/transaction/additional_resource_generator.rb +1 -1
- data/lib/puppet/transaction/persistence.rb +1 -21
- data/lib/puppet/transaction/report.rb +3 -19
- data/lib/puppet/transaction.rb +1 -7
- data/lib/puppet/type/exec.rb +6 -36
- data/lib/puppet/type/file/checksum.rb +1 -1
- data/lib/puppet/type/file/data_sync.rb +1 -1
- data/lib/puppet/type/file/mode.rb +0 -6
- data/lib/puppet/type/file/selcontext.rb +1 -1
- data/lib/puppet/type/file/source.rb +1 -1
- data/lib/puppet/type/file.rb +12 -32
- data/lib/puppet/type/filebucket.rb +4 -4
- data/lib/puppet/type/group.rb +1 -0
- data/lib/puppet/type/package.rb +8 -16
- data/lib/puppet/type/resources.rb +1 -1
- data/lib/puppet/type/service.rb +41 -26
- data/lib/puppet/type/tidy.rb +3 -22
- data/lib/puppet/type/user.rb +13 -35
- data/lib/puppet/type.rb +1 -77
- data/lib/puppet/util/autoload.rb +8 -1
- data/lib/puppet/util/command_line.rb +1 -1
- data/lib/puppet/util/execution.rb +0 -11
- data/lib/puppet/util/filetype.rb +2 -2
- data/lib/puppet/util/http_proxy.rb +2 -215
- data/lib/puppet/util/json.rb +0 -20
- data/lib/puppet/util/log.rb +4 -8
- data/lib/puppet/util/logging.rb +25 -1
- data/lib/puppet/util/monkey_patches.rb +2 -59
- data/lib/puppet/util/package.rb +16 -25
- data/lib/puppet/util/pidlock.rb +1 -1
- data/lib/puppet/util/posix.rb +5 -54
- data/lib/puppet/util/rdoc/parser/puppet_parser_core.rb +1 -1
- data/lib/puppet/util/rdoc.rb +0 -7
- data/lib/puppet/util/retry_action.rb +1 -1
- data/lib/puppet/util/run_mode.rb +9 -1
- data/lib/puppet/util/selinux.rb +4 -30
- data/lib/puppet/util/suidmanager.rb +2 -1
- data/lib/puppet/util/symbolic_file_mode.rb +17 -29
- data/lib/puppet/util/tagging.rb +0 -1
- data/lib/puppet/util/windows/adsi.rb +0 -46
- data/lib/puppet/util/windows/daemon.rb +360 -0
- data/lib/puppet/util/windows/error.rb +1 -0
- data/lib/puppet/util/windows/eventlog.rb +4 -9
- data/lib/puppet/util/windows/file.rb +8 -242
- data/lib/puppet/util/windows/monkey_patches/process.rb +414 -0
- data/lib/puppet/util/windows/principal.rb +2 -9
- data/lib/puppet/util/windows/process.rb +4 -226
- data/lib/puppet/util/windows/service.rb +11 -457
- data/lib/puppet/util/windows/sid.rb +2 -6
- data/lib/puppet/util/windows/string.rb +12 -13
- data/lib/puppet/util/windows/user.rb +2 -0
- data/lib/puppet/util/windows.rb +3 -11
- data/lib/puppet/util/yaml.rb +1 -42
- data/lib/puppet/util.rb +5 -5
- data/lib/puppet/vendor/require_vendored.rb +0 -1
- data/lib/puppet/version.rb +1 -1
- data/lib/puppet/x509/cert_provider.rb +29 -1
- data/lib/puppet/x509.rb +5 -1
- data/lib/puppet.rb +34 -27
- data/locales/puppet.pot +9633 -5
- data/man/man5/puppet.conf.5 +286 -401
- data/man/man8/puppet-agent.8 +2 -5
- data/man/man8/puppet-apply.8 +2 -2
- data/man/man8/puppet-catalog.8 +9 -9
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +2 -2
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +8 -51
- data/man/man8/puppet-filebucket.8 +4 -4
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-lookup.8 +6 -9
- data/man/man8/puppet-module.8 +3 -60
- data/man/man8/puppet-node.8 +5 -5
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +5 -5
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +2 -2
- data/man/man8/puppet-ssl.8 +1 -5
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/ssl/127.0.0.1-key.pem +57 -107
- data/spec/fixtures/ssl/127.0.0.1.pem +31 -52
- data/spec/fixtures/ssl/bad-basic-constraints.pem +35 -57
- data/spec/fixtures/ssl/bad-int-basic-constraints.pem +35 -57
- data/spec/fixtures/ssl/ca.pem +35 -57
- data/spec/fixtures/ssl/crl.pem +18 -28
- data/spec/fixtures/ssl/ec-key.pem +11 -11
- data/spec/fixtures/ssl/ec.pem +24 -33
- data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
- data/spec/fixtures/ssl/encrypted-key.pem +58 -108
- data/spec/fixtures/ssl/intermediate-agent-crl.pem +19 -28
- data/spec/fixtures/ssl/intermediate-agent.pem +36 -57
- data/spec/fixtures/ssl/intermediate-crl.pem +21 -31
- data/spec/fixtures/ssl/intermediate.pem +36 -57
- data/spec/fixtures/ssl/pluto-key.pem +57 -107
- data/spec/fixtures/ssl/pluto.pem +30 -52
- data/spec/fixtures/ssl/request-key.pem +57 -107
- data/spec/fixtures/ssl/request.pem +26 -47
- data/spec/fixtures/ssl/revoked-key.pem +57 -107
- data/spec/fixtures/ssl/revoked.pem +30 -52
- data/spec/fixtures/ssl/signed-key.pem +57 -107
- data/spec/fixtures/ssl/signed.pem +30 -52
- data/spec/fixtures/ssl/tampered-cert.pem +30 -52
- data/spec/fixtures/ssl/tampered-csr.pem +26 -47
- data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +57 -107
- data/spec/fixtures/ssl/unknown-127.0.0.1.pem +29 -50
- data/spec/fixtures/ssl/unknown-ca-key.pem +57 -107
- data/spec/fixtures/ssl/unknown-ca.pem +33 -55
- data/spec/fixtures/unit/forge/bacula.json +1 -1
- data/spec/fixtures/unit/provider/service/smf/{svcs.out → svcs_instances.out} +0 -0
- data/spec/fixtures/unit/provider/user/aix/aix_passwd_file.out +0 -4
- data/spec/integration/application/agent_spec.rb +50 -406
- data/spec/integration/application/apply_spec.rb +1 -20
- data/spec/integration/application/filebucket_spec.rb +16 -32
- data/spec/integration/application/help_spec.rb +2 -0
- data/spec/integration/application/lookup_spec.rb +50 -81
- data/spec/integration/application/module_spec.rb +0 -21
- data/spec/integration/application/plugin_spec.rb +24 -2
- data/spec/integration/configurer_spec.rb +2 -18
- data/spec/integration/defaults_spec.rb +14 -3
- data/spec/integration/environments/settings_interpolation_spec.rb +4 -0
- data/spec/integration/http/client_spec.rb +4 -63
- data/spec/integration/indirector/direct_file_server_spec.rb +3 -1
- data/spec/integration/indirector/facts/facter_spec.rb +39 -93
- data/spec/integration/network/http_pool_spec.rb +3 -21
- data/spec/integration/parser/catalog_spec.rb +0 -38
- data/spec/integration/parser/node_spec.rb +0 -9
- data/spec/integration/parser/pcore_resource_spec.rb +0 -47
- data/spec/integration/resource/type_collection_spec.rb +6 -2
- data/spec/integration/transaction/report_spec.rb +1 -1
- data/spec/integration/transaction_spec.rb +9 -4
- data/spec/integration/type/exec_spec.rb +45 -70
- data/spec/integration/type/file_spec.rb +7 -6
- data/spec/integration/type/package_spec.rb +6 -6
- data/spec/integration/util/rdoc/parser_spec.rb +1 -1
- data/spec/integration/util/windows/adsi_spec.rb +1 -21
- data/spec/integration/util/windows/monkey_patches/process_spec.rb +231 -0
- data/spec/integration/util/windows/principal_spec.rb +0 -21
- data/spec/integration/util/windows/process_spec.rb +9 -1
- data/spec/integration/util/windows/registry_spec.rb +10 -6
- data/spec/integration/util/windows/security_spec.rb +1 -1
- data/spec/lib/matchers/include.rb +27 -0
- data/spec/lib/matchers/include_spec.rb +32 -0
- data/spec/lib/puppet/test_ca.rb +2 -7
- data/spec/lib/puppet_spec/https.rb +1 -1
- data/spec/lib/puppet_spec/modules.rb +2 -13
- data/spec/lib/puppet_spec/puppetserver.rb +3 -55
- data/spec/lib/puppet_spec/settings.rb +1 -1
- data/spec/shared_behaviours/documentation_on_faces.rb +2 -0
- data/spec/spec_helper.rb +17 -13
- data/spec/unit/agent_spec.rb +8 -38
- data/spec/unit/application/agent_spec.rb +19 -33
- data/spec/unit/application/apply_spec.rb +56 -76
- data/spec/unit/application/facts_spec.rb +12 -456
- data/spec/unit/application/filebucket_spec.rb +43 -39
- data/spec/unit/application/lookup_spec.rb +10 -131
- data/spec/unit/application/resource_spec.rb +0 -29
- data/spec/unit/application/ssl_spec.rb +2 -25
- data/spec/unit/application_spec.rb +9 -51
- data/spec/unit/certificate_factory_spec.rb +1 -1
- data/spec/unit/configurer/downloader_spec.rb +6 -8
- data/spec/unit/configurer/plugin_handler_spec.rb +56 -18
- data/spec/unit/configurer_spec.rb +68 -327
- data/spec/unit/confine/feature_spec.rb +1 -1
- data/spec/unit/confine_spec.rb +2 -8
- data/spec/unit/context/trusted_information_spec.rb +2 -6
- data/spec/unit/daemon_spec.rb +11 -2
- data/spec/unit/defaults_spec.rb +68 -55
- data/spec/unit/environments_spec.rb +68 -408
- data/spec/unit/face/generate_spec.rb +0 -64
- data/spec/unit/face/node_spec.rb +11 -0
- data/spec/unit/face/plugin_spec.rb +73 -33
- data/spec/unit/file_bucket/dipper_spec.rb +2 -2
- data/spec/unit/file_bucket/file_spec.rb +1 -1
- data/spec/unit/file_serving/configuration/parser_spec.rb +15 -41
- data/spec/unit/file_serving/configuration_spec.rb +10 -26
- data/spec/unit/file_serving/fileset_spec.rb +0 -60
- data/spec/unit/file_serving/metadata_spec.rb +3 -3
- data/spec/unit/file_serving/terminus_helper_spec.rb +4 -11
- data/spec/unit/file_system_spec.rb +4 -56
- data/spec/unit/forge/module_release_spec.rb +10 -5
- data/spec/unit/functions/assert_type_spec.rb +1 -1
- data/spec/unit/functions/camelcase_spec.rb +1 -1
- data/spec/unit/functions/capitalize_spec.rb +1 -1
- data/spec/unit/functions/downcase_spec.rb +1 -1
- data/spec/unit/functions/empty_spec.rb +0 -10
- data/spec/unit/functions/logging_spec.rb +0 -1
- data/spec/unit/functions/lookup_spec.rb +0 -64
- data/spec/unit/functions/unwrap_spec.rb +0 -8
- data/spec/unit/functions/upcase_spec.rb +1 -1
- data/spec/unit/functions/versioncmp_spec.rb +4 -40
- data/spec/unit/functions4_spec.rb +2 -2
- data/spec/unit/gettext/config_spec.rb +0 -12
- data/spec/unit/http/client_spec.rb +8 -84
- data/spec/unit/{network/resolver_spec.rb → http/dns_spec.rb} +3 -3
- data/spec/unit/http/external_client_spec.rb +4 -4
- data/spec/unit/{network/http → http}/factory_spec.rb +5 -30
- data/spec/unit/{network/http/session_spec.rb → http/pool_entry_spec.rb} +3 -3
- data/spec/unit/{network/http → http}/pool_spec.rb +12 -17
- data/spec/unit/{util/http_proxy_spec.rb → http/proxy_spec.rb} +2 -69
- data/spec/unit/http/resolver_spec.rb +13 -13
- data/spec/unit/http/service/compiler_spec.rb +0 -193
- data/spec/unit/http/service/file_server_spec.rb +3 -3
- data/spec/unit/http/service/puppetserver_spec.rb +34 -4
- data/spec/unit/http/service_spec.rb +0 -1
- data/spec/unit/http/session_spec.rb +16 -14
- data/spec/unit/{network/http → http}/site_spec.rb +3 -3
- data/spec/unit/indirector/catalog/compiler_spec.rb +10 -101
- data/spec/unit/indirector/catalog/rest_spec.rb +0 -8
- data/spec/unit/indirector/face_spec.rb +1 -0
- data/spec/unit/indirector/facts/facter_spec.rb +3 -0
- data/spec/unit/indirector/file_bucket_file/file_spec.rb +5 -3
- data/spec/unit/indirector/file_bucket_file/selector_spec.rb +8 -26
- data/spec/unit/indirector/file_content/rest_spec.rb +0 -4
- data/spec/unit/indirector/file_metadata/rest_spec.rb +0 -4
- data/spec/unit/indirector/file_server_spec.rb +1 -15
- data/spec/unit/indirector/indirection_spec.rb +15 -18
- data/spec/unit/indirector/report/rest_spec.rb +2 -17
- data/spec/unit/indirector/request_spec.rb +0 -264
- data/spec/unit/indirector/resource/ral_spec.rb +75 -40
- data/spec/unit/indirector/rest_spec.rb +98 -752
- data/spec/unit/indirector/store_configs_spec.rb +7 -0
- data/spec/unit/indirector_spec.rb +2 -2
- data/spec/unit/interface/action_spec.rb +9 -0
- data/spec/unit/module_spec.rb +1 -15
- data/spec/unit/module_tool/applications/installer_spec.rb +0 -105
- data/spec/unit/network/authconfig_spec.rb +2 -129
- data/spec/unit/network/authorization_spec.rb +2 -55
- data/spec/unit/network/formats_spec.rb +4 -51
- data/spec/unit/network/http/api/indirected_routes_spec.rb +5 -92
- data/spec/unit/network/http/api/master/v3_spec.rb +28 -7
- data/spec/unit/network/http/api_spec.rb +10 -0
- data/spec/unit/network/http/connection_spec.rb +19 -41
- data/spec/unit/network/http/handler_spec.rb +0 -1
- data/spec/unit/network/http_pool_spec.rb +0 -4
- data/spec/unit/node/environment_spec.rb +33 -21
- data/spec/unit/node_spec.rb +2 -60
- data/spec/unit/parser/compiler_spec.rb +19 -3
- data/spec/unit/parser/functions/create_resources_spec.rb +2 -20
- data/spec/unit/parser/functions/fqdn_rand_spec.rb +1 -15
- data/spec/unit/parser/resource_spec.rb +8 -14
- data/spec/unit/parser/templatewrapper_spec.rb +5 -16
- data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +4 -7
- data/spec/unit/pops/loaders/loaders_spec.rb +6 -21
- data/spec/unit/pops/parser/parse_application_spec.rb +4 -22
- data/spec/unit/pops/parser/parse_basic_expressions_spec.rb +0 -1
- data/spec/unit/pops/parser/parse_capabilities_spec.rb +8 -21
- data/spec/unit/pops/parser/parse_containers_spec.rb +13 -2
- data/spec/unit/pops/parser/parse_site_spec.rb +20 -24
- data/spec/unit/pops/resource/resource_type_impl_spec.rb +0 -71
- data/spec/unit/pops/serialization/to_from_hr_spec.rb +1 -1
- data/spec/unit/pops/serialization/to_stringified_spec.rb +0 -5
- data/spec/unit/pops/types/p_sem_ver_type_spec.rb +0 -18
- data/spec/unit/pops/types/p_sensitive_type_spec.rb +0 -18
- data/spec/unit/pops/types/type_calculator_spec.rb +6 -12
- data/spec/unit/pops/types/type_factory_spec.rb +1 -1
- data/spec/unit/pops/validator/validator_spec.rb +61 -51
- data/spec/unit/pops/visitor_spec.rb +1 -1
- data/spec/unit/property_spec.rb +0 -1
- data/spec/unit/provider/group/groupadd_spec.rb +2 -5
- data/spec/unit/provider/nameservice_spec.rb +64 -122
- data/spec/unit/provider/package/apt_spec.rb +23 -28
- data/spec/unit/provider/package/aptitude_spec.rb +1 -1
- data/spec/unit/provider/package/base_spec.rb +5 -6
- data/spec/unit/provider/package/dnfmodule_spec.rb +1 -10
- data/spec/unit/provider/package/dpkg_spec.rb +0 -48
- data/spec/unit/provider/package/gem_spec.rb +33 -1
- data/spec/unit/provider/package/nim_spec.rb +0 -42
- data/spec/unit/provider/package/pacman_spec.rb +12 -18
- data/spec/unit/provider/package/pip2_spec.rb +1 -1
- data/spec/unit/provider/package/pip3_spec.rb +1 -1
- data/spec/unit/provider/package/pip_spec.rb +12 -44
- data/spec/unit/provider/package/pkg_spec.rb +4 -29
- data/spec/unit/provider/package/pkgdmg_spec.rb +4 -0
- data/spec/unit/provider/package/puppet_gem_spec.rb +4 -3
- data/spec/unit/provider/package/puppetserver_gem_spec.rb +3 -3
- data/spec/unit/provider/package/windows/exe_package_spec.rb +0 -17
- data/spec/unit/provider/parsedfile_spec.rb +0 -10
- data/spec/unit/provider/service/gentoo_spec.rb +5 -6
- data/spec/unit/provider/service/init_spec.rb +9 -16
- data/spec/unit/provider/service/launchd_spec.rb +0 -11
- data/spec/unit/provider/service/openwrt_spec.rb +29 -23
- data/spec/unit/provider/service/redhat_spec.rb +2 -3
- data/spec/unit/provider/service/smf_spec.rb +401 -165
- data/spec/unit/provider/service/systemd_spec.rb +9 -54
- data/spec/unit/provider/service/windows_spec.rb +0 -203
- data/spec/unit/provider/user/aix_spec.rb +0 -105
- data/spec/unit/provider/user/directoryservice_spec.rb +36 -68
- data/spec/unit/provider/user/hpux_spec.rb +1 -1
- data/spec/unit/provider/user/pw_spec.rb +0 -2
- data/spec/unit/provider/user/useradd_spec.rb +5 -114
- data/spec/unit/provider_spec.rb +12 -22
- data/spec/unit/puppet_spec.rb +4 -12
- data/spec/unit/resource/catalog_spec.rb +2 -15
- data/spec/unit/resource/type_collection_spec.rb +2 -22
- data/spec/unit/resource/type_spec.rb +1 -1
- data/spec/unit/resource_spec.rb +12 -125
- data/spec/unit/settings/http_extra_headers_spec.rb +2 -4
- data/spec/unit/settings/integer_setting_spec.rb +42 -0
- data/spec/unit/settings/port_setting_spec.rb +31 -0
- data/spec/unit/settings/priority_setting_spec.rb +4 -4
- data/spec/unit/settings_spec.rb +79 -110
- data/spec/unit/ssl/base_spec.rb +37 -3
- data/spec/unit/ssl/certificate_request_spec.rb +21 -45
- data/spec/unit/ssl/certificate_spec.rb +2 -11
- data/spec/unit/ssl/ssl_provider_spec.rb +3 -80
- data/spec/unit/ssl/state_machine_spec.rb +5 -21
- data/spec/unit/ssl/verifier_spec.rb +0 -21
- data/spec/unit/transaction/additional_resource_generator_spec.rb +9 -3
- data/spec/unit/transaction/event_manager_spec.rb +11 -14
- data/spec/unit/transaction/persistence_spec.rb +0 -51
- data/spec/unit/transaction/report_spec.rb +0 -2
- data/spec/unit/transaction/resource_harness_spec.rb +2 -2
- data/spec/unit/transaction_spec.rb +55 -96
- data/spec/unit/type/exec_spec.rb +29 -76
- data/spec/unit/type/file/checksum_spec.rb +6 -6
- data/spec/unit/type/file/content_spec.rb +2 -1
- data/spec/unit/type/file/ensure_spec.rb +1 -1
- data/spec/unit/type/file/mode_spec.rb +1 -1
- data/spec/unit/type/file/selinux_spec.rb +5 -3
- data/spec/unit/type/file/source_spec.rb +4 -5
- data/spec/unit/type/file_spec.rb +18 -6
- data/spec/unit/type/group_spec.rb +6 -13
- data/spec/unit/type/package_spec.rb +1 -1
- data/spec/unit/type/resources_spec.rb +7 -7
- data/spec/unit/type/service_spec.rb +189 -87
- data/spec/unit/type/tidy_spec.rb +8 -24
- data/spec/unit/type_spec.rb +24 -4
- data/spec/unit/util/at_fork_spec.rb +2 -2
- data/spec/unit/util/autoload_spec.rb +1 -5
- data/spec/unit/util/backups_spec.rb +2 -3
- data/spec/unit/util/execution_spec.rb +11 -44
- data/spec/unit/util/inifile_spec.rb +14 -6
- data/spec/unit/util/log_spec.rb +7 -8
- data/spec/unit/util/logging_spec.rb +3 -5
- data/spec/unit/util/monkey_patches_spec.rb +0 -6
- data/spec/unit/util/posix_spec.rb +15 -363
- data/spec/unit/util/run_mode_spec.rb +21 -121
- data/spec/unit/util/selinux_spec.rb +68 -163
- data/spec/unit/util/storage_spec.rb +1 -3
- data/spec/unit/util/suidmanager_spec.rb +41 -44
- data/spec/unit/util/windows/sid_spec.rb +0 -41
- data/spec/unit/util/windows/string_spec.rb +1 -3
- data/spec/unit/util/yaml_spec.rb +13 -92
- data/spec/unit/util_spec.rb +6 -31
- data/tasks/generate_cert_fixtures.rake +7 -17
- data/tasks/parallel.rake +3 -3
- metadata +138 -233
- data/conf/auth.conf +0 -150
- data/ext/README.md +0 -13
- data/lib/puppet/application/cert.rb +0 -76
- data/lib/puppet/application/key.rb +0 -4
- data/lib/puppet/application/man.rb +0 -4
- data/lib/puppet/application/status.rb +0 -4
- data/lib/puppet/face/key.rb +0 -16
- data/lib/puppet/face/man.rb +0 -145
- data/lib/puppet/face/module/build.rb +0 -14
- data/lib/puppet/face/module/generate.rb +0 -14
- data/lib/puppet/face/module/search.rb +0 -103
- data/lib/puppet/face/status.rb +0 -51
- data/lib/puppet/facter_impl.rb +0 -96
- data/lib/puppet/ffi/posix/constants.rb +0 -14
- data/lib/puppet/ffi/posix/functions.rb +0 -24
- data/lib/puppet/ffi/posix.rb +0 -10
- data/lib/puppet/file_serving/mount/scripts.rb +0 -24
- data/lib/puppet/indirector/certificate/file.rb +0 -9
- data/lib/puppet/indirector/certificate/rest.rb +0 -18
- data/lib/puppet/indirector/certificate_request/file.rb +0 -9
- data/lib/puppet/indirector/certificate_request/memory.rb +0 -7
- data/lib/puppet/indirector/certificate_request/rest.rb +0 -11
- data/lib/puppet/indirector/file_content/http.rb +0 -22
- data/lib/puppet/indirector/key/file.rb +0 -46
- data/lib/puppet/indirector/key/memory.rb +0 -7
- data/lib/puppet/indirector/ssl_file.rb +0 -162
- data/lib/puppet/indirector/status/local.rb +0 -12
- data/lib/puppet/indirector/status/rest.rb +0 -27
- data/lib/puppet/indirector/status.rb +0 -3
- data/lib/puppet/module_tool/applications/searcher.rb +0 -29
- data/lib/puppet/network/auth_config_parser.rb +0 -90
- data/lib/puppet/network/authstore.rb +0 -283
- data/lib/puppet/network/http/api/master/v3/authorization.rb +0 -18
- data/lib/puppet/network/http/api/master/v3/environment.rb +0 -88
- data/lib/puppet/network/http/base_pool.rb +0 -36
- data/lib/puppet/network/http/compression.rb +0 -127
- data/lib/puppet/network/http/connection_adapter.rb +0 -184
- data/lib/puppet/network/http/nocache_pool.rb +0 -28
- data/lib/puppet/network/rest_controller.rb +0 -2
- data/lib/puppet/network/rights.rb +0 -210
- data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +0 -66
- data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +0 -22
- data/lib/puppet/parser/environment_compiler.rb +0 -202
- data/lib/puppet/pops/types/enumeration.rb +0 -16
- data/lib/puppet/resource/capability_finder.rb +0 -154
- data/lib/puppet/rest/errors.rb +0 -15
- data/lib/puppet/rest/response.rb +0 -35
- data/lib/puppet/rest/route.rb +0 -85
- data/lib/puppet/rest/routes.rb +0 -135
- data/lib/puppet/settings/alias_setting.rb +0 -37
- data/lib/puppet/ssl/host.rb +0 -505
- data/lib/puppet/ssl/key.rb +0 -61
- data/lib/puppet/ssl/validator/default_validator.rb +0 -209
- data/lib/puppet/ssl/validator/no_validator.rb +0 -22
- data/lib/puppet/ssl/validator.rb +0 -61
- data/lib/puppet/ssl/verifier_adapter.rb +0 -58
- data/lib/puppet/status.rb +0 -40
- data/lib/puppet/util/connection.rb +0 -88
- data/lib/puppet/util/fact_dif.rb +0 -81
- data/lib/puppet/util/ssl.rb +0 -83
- data/lib/puppet/util/windows/api_types.rb +0 -309
- data/lib/puppet/util/windows/monkey_patches/dir.rb +0 -40
- data/lib/puppet/vendor/load_pathspec.rb +0 -1
- data/lib/puppet/vendor/pathspec/CHANGELOG.md +0 -2
- data/lib/puppet/vendor/pathspec/LICENSE +0 -201
- data/lib/puppet/vendor/pathspec/PUPPET_README.md +0 -6
- data/lib/puppet/vendor/pathspec/README.md +0 -53
- data/lib/puppet/vendor/pathspec/lib/pathspec/gitignorespec.rb +0 -275
- data/lib/puppet/vendor/pathspec/lib/pathspec/regexspec.rb +0 -17
- data/lib/puppet/vendor/pathspec/lib/pathspec/spec.rb +0 -14
- data/lib/puppet/vendor/pathspec/lib/pathspec.rb +0 -122
- data/man/man8/puppet-key.8 +0 -126
- data/man/man8/puppet-man.8 +0 -76
- data/man/man8/puppet-status.8 +0 -108
- data/spec/fixtures/integration/application/agent/cached_deferred_catalog.json +0 -92
- data/spec/fixtures/integration/application/agent/lib/facter/agent_spec_role.rb +0 -3
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/Gemfile +0 -4
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/Rakefile +0 -3
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/lib/puppet/functions/l10n.rb +0 -8
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/config.yaml +0 -25
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/ja/puppet-l10n.po +0 -19
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/puppet-l10n.pot +0 -20
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/metadata.json +0 -8
- data/spec/fixtures/ssl/oid-key.pem +0 -117
- data/spec/fixtures/ssl/oid.pem +0 -69
- data/spec/fixtures/ssl/trusted_oid_mapping.yaml +0 -5
- data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services_vendor_preset +0 -9
- data/spec/integration/application/resource_spec.rb +0 -68
- data/spec/integration/application/ssl_spec.rb +0 -20
- data/spec/integration/l10n/compiler_spec.rb +0 -37
- data/spec/integration/network/authconfig_spec.rb +0 -256
- data/spec/integration/util/windows/monkey_patches/dir_spec.rb +0 -11
- data/spec/shared_contexts/l10n.rb +0 -32
- data/spec/unit/application/man_spec.rb +0 -52
- data/spec/unit/capability_spec.rb +0 -414
- data/spec/unit/concurrent/thread_local_singleton_spec.rb +0 -39
- data/spec/unit/face/key_spec.rb +0 -9
- data/spec/unit/face/module/search_spec.rb +0 -231
- data/spec/unit/face/status_spec.rb +0 -9
- data/spec/unit/facter_impl_spec.rb +0 -31
- data/spec/unit/file_serving/mount/scripts_spec.rb +0 -69
- data/spec/unit/indirector/certificate/file_spec.rb +0 -14
- data/spec/unit/indirector/certificate/rest_spec.rb +0 -61
- data/spec/unit/indirector/certificate_request/file_spec.rb +0 -14
- data/spec/unit/indirector/certificate_request/rest_spec.rb +0 -25
- data/spec/unit/indirector/key/file_spec.rb +0 -78
- data/spec/unit/indirector/ssl_file_spec.rb +0 -305
- data/spec/unit/indirector/status/local_spec.rb +0 -10
- data/spec/unit/indirector/status/rest_spec.rb +0 -50
- data/spec/unit/module_tool/applications/searcher_spec.rb +0 -38
- data/spec/unit/network/auth_config_parser_spec.rb +0 -115
- data/spec/unit/network/authstore_spec.rb +0 -407
- data/spec/unit/network/http/api/master/v3/authorization_spec.rb +0 -57
- data/spec/unit/network/http/api/master/v3/environment_spec.rb +0 -185
- data/spec/unit/network/http/compression_spec.rb +0 -240
- data/spec/unit/network/http/nocache_pool_spec.rb +0 -64
- data/spec/unit/network/http_spec.rb +0 -9
- data/spec/unit/network/rights_spec.rb +0 -439
- data/spec/unit/parser/environment_compiler_spec.rb +0 -730
- data/spec/unit/pops/evaluator/deferred_resolver_spec.rb +0 -20
- data/spec/unit/pops/types/enumeration_spec.rb +0 -51
- data/spec/unit/resource/capability_finder_spec.rb +0 -148
- data/spec/unit/rest/route_spec.rb +0 -132
- data/spec/unit/ssl/host_spec.rb +0 -645
- data/spec/unit/ssl/key_spec.rb +0 -173
- data/spec/unit/ssl/validator_spec.rb +0 -278
- data/spec/unit/status_spec.rb +0 -45
- data/spec/unit/util/json_spec.rb +0 -126
- data/spec/unit/util/ssl_spec.rb +0 -91
- data/spec/unit/util/windows_spec.rb +0 -23
@@ -1,209 +0,0 @@
|
|
1
|
-
require 'puppet/ssl/openssl_loader'
|
2
|
-
require 'puppet/ssl'
|
3
|
-
|
4
|
-
# Perform peer certificate verification against the known CA.
|
5
|
-
# If there is no CA information known, then no verification is performed
|
6
|
-
#
|
7
|
-
# @deprecated
|
8
|
-
# @api private
|
9
|
-
#
|
10
|
-
class Puppet::SSL::Validator::DefaultValidator #< class Puppet::SSL::Validator
|
11
|
-
attr_reader :peer_certs
|
12
|
-
attr_reader :verify_errors
|
13
|
-
attr_reader :last_error
|
14
|
-
|
15
|
-
FIVE_MINUTES_AS_SECONDS = 5 * 60
|
16
|
-
|
17
|
-
# Creates a new DefaultValidator, optionally with an SSL Configuration and SSL Host.
|
18
|
-
#
|
19
|
-
# @param ca_path [String] Filepath for the cacert
|
20
|
-
#
|
21
|
-
# @api private
|
22
|
-
#
|
23
|
-
def initialize(
|
24
|
-
ca_path = Puppet[:ssl_client_ca_auth] || Puppet[:localcacert])
|
25
|
-
|
26
|
-
reset!
|
27
|
-
@ca_path = ca_path
|
28
|
-
end
|
29
|
-
|
30
|
-
|
31
|
-
# Resets this validator to its initial validation state. The ssl configuration is not changed.
|
32
|
-
#
|
33
|
-
# @api private
|
34
|
-
#
|
35
|
-
def reset!
|
36
|
-
@peer_certs = []
|
37
|
-
@verify_errors = []
|
38
|
-
@hostname = nil
|
39
|
-
@last_error = nil
|
40
|
-
end
|
41
|
-
|
42
|
-
# Performs verification of the SSL connection and collection of the
|
43
|
-
# certificates for use in constructing the error message if the verification
|
44
|
-
# failed. This callback will be executed once for each certificate in a
|
45
|
-
# chain being verified.
|
46
|
-
#
|
47
|
-
# From the [OpenSSL
|
48
|
-
# documentation](https://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html):
|
49
|
-
# The `verify_callback` function is used to control the behaviour when the
|
50
|
-
# SSL_VERIFY_PEER flag is set. It must be supplied by the application and
|
51
|
-
# receives two arguments: preverify_ok indicates, whether the verification of
|
52
|
-
# the certificate in question was passed (preverify_ok=1) or not
|
53
|
-
# (preverify_ok=0). x509_store_ctx is a pointer to the complete context used for
|
54
|
-
# the certificate chain verification.
|
55
|
-
#
|
56
|
-
# See {Puppet::Network::HTTP::Connection} for more information and where this
|
57
|
-
# class is intended to be used.
|
58
|
-
#
|
59
|
-
# @param [Boolean] preverify_ok indicates whether the verification of the
|
60
|
-
# certificate in question was passed (preverify_ok=true)
|
61
|
-
# @param [OpenSSL::X509::StoreContext] store_context holds the X509 store context
|
62
|
-
# for the chain being verified.
|
63
|
-
#
|
64
|
-
# @return [Boolean] false if the peer is invalid, true otherwise.
|
65
|
-
#
|
66
|
-
# @api private
|
67
|
-
#
|
68
|
-
def call(preverify_ok, store_context)
|
69
|
-
current_cert = store_context.current_cert
|
70
|
-
@peer_certs << current_cert
|
71
|
-
|
72
|
-
# We must make a copy since the scope of the store_context will be lost
|
73
|
-
# across invocations of this method.
|
74
|
-
if preverify_ok
|
75
|
-
# If we've copied all of the certs in the chain out of the SSL library
|
76
|
-
if @peer_certs.length == store_context.chain.length
|
77
|
-
# (#20027) The peer cert must be issued by a specific authority
|
78
|
-
preverify_ok = valid_peer?
|
79
|
-
end
|
80
|
-
else
|
81
|
-
error = store_context.error || 0
|
82
|
-
error_string = store_context.error_string || "OpenSSL error #{error}"
|
83
|
-
|
84
|
-
case error
|
85
|
-
when OpenSSL::X509::V_OK
|
86
|
-
if @hostname
|
87
|
-
# chain is from leaf to root, opposite of the order that `call` is invoked
|
88
|
-
chain_cert = store_context.chain.first
|
89
|
-
|
90
|
-
# ruby 2.4 doesn't compare certs based on value, so force to DER byte array
|
91
|
-
if current_cert && chain_cert && current_cert.to_der == chain_cert.to_der && !OpenSSL::SSL.verify_certificate_identity(current_cert, @hostname)
|
92
|
-
@last_error = Puppet::SSL::CertMismatchError.new(current_cert, @hostname)
|
93
|
-
return false
|
94
|
-
else
|
95
|
-
@verify_errors << "#{error_string} for #{current_cert.subject.to_utf8}"
|
96
|
-
end
|
97
|
-
else
|
98
|
-
@verify_errors << "#{error_string} for #{current_cert.subject.to_utf8}"
|
99
|
-
end
|
100
|
-
|
101
|
-
when OpenSSL::X509::V_ERR_CRL_NOT_YET_VALID
|
102
|
-
# current_crl can be nil
|
103
|
-
# https://github.com/ruby/ruby/blob/ruby_1_9_3/ext/openssl/ossl_x509store.c#L501-L510
|
104
|
-
crl = store_context.current_crl
|
105
|
-
if crl
|
106
|
-
if crl.last_update && crl.last_update < Time.now + FIVE_MINUTES_AS_SECONDS
|
107
|
-
Puppet.debug { "Ignoring CRL not yet valid, current time #{Time.now.utc}, CRL last updated #{crl.last_update.utc}" }
|
108
|
-
preverify_ok = true
|
109
|
-
else
|
110
|
-
@verify_errors << "#{error_string} for #{crl.issuer.to_utf8}"
|
111
|
-
end
|
112
|
-
else
|
113
|
-
@verify_errors << error_string
|
114
|
-
end
|
115
|
-
else
|
116
|
-
@verify_errors << "#{error_string} for #{current_cert.subject.to_utf8}"
|
117
|
-
end
|
118
|
-
end
|
119
|
-
preverify_ok
|
120
|
-
rescue => ex
|
121
|
-
@verify_errors << ex.message
|
122
|
-
false
|
123
|
-
end
|
124
|
-
|
125
|
-
# Registers the instance's call method with the connection.
|
126
|
-
#
|
127
|
-
# @param [Net::HTTP] connection The connection to validate
|
128
|
-
#
|
129
|
-
# @param [Puppet::SSL::Host] host The host object containing SSL data
|
130
|
-
# @return [void]
|
131
|
-
#
|
132
|
-
# @api private
|
133
|
-
#
|
134
|
-
def setup_connection(connection, ssl_host = Puppet.lookup(:ssl_host))
|
135
|
-
@hostname = connection.address
|
136
|
-
|
137
|
-
if ssl_certificates_are_present?
|
138
|
-
connection.cert_store = ssl_host.ssl_store
|
139
|
-
connection.ca_file = @ca_path
|
140
|
-
connection.cert = ssl_host.certificate.content
|
141
|
-
connection.key = ssl_host.key.content
|
142
|
-
connection.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
143
|
-
connection.verify_callback = self
|
144
|
-
else
|
145
|
-
connection.verify_mode = OpenSSL::SSL::VERIFY_NONE
|
146
|
-
end
|
147
|
-
end
|
148
|
-
|
149
|
-
##
|
150
|
-
# Decode a string of concatenated certificates
|
151
|
-
#
|
152
|
-
# @return [Array<OpenSSL::X509::Certificate>]
|
153
|
-
def decode_cert_bundle(bundle_str)
|
154
|
-
re = /-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----/m
|
155
|
-
pem_ary = bundle_str.scan(re)
|
156
|
-
pem_ary.map do |pem_str|
|
157
|
-
OpenSSL::X509::Certificate.new(pem_str)
|
158
|
-
end
|
159
|
-
end
|
160
|
-
|
161
|
-
# read_file makes testing easier.
|
162
|
-
def read_file(path)
|
163
|
-
# https://www.ietf.org/rfc/rfc2459.txt defines the x509 V3 certificate format
|
164
|
-
# CA bundles are concatenated X509 certificates, but may also include
|
165
|
-
# comments, which could have UTF-8 characters
|
166
|
-
Puppet::FileSystem.read(path, :encoding => Encoding::UTF_8)
|
167
|
-
end
|
168
|
-
|
169
|
-
# Validates the peer certificates against the authorized certificates.
|
170
|
-
#
|
171
|
-
# @api private
|
172
|
-
#
|
173
|
-
def valid_peer?
|
174
|
-
descending_cert_chain = @peer_certs.reverse
|
175
|
-
authz_ca_certs = decode_cert_bundle(read_file(@ca_path))
|
176
|
-
|
177
|
-
if not has_authz_peer_cert(descending_cert_chain, authz_ca_certs)
|
178
|
-
msg = "The server presented a SSL certificate chain which does not include a " <<
|
179
|
-
"CA listed in the ssl_client_ca_auth file. "
|
180
|
-
msg << "Authorized Issuers: #{authz_ca_certs.collect {|c| c.subject.to_utf8}.join(', ')} " <<
|
181
|
-
"Peer Chain: #{descending_cert_chain.collect {|c| c.subject.to_utf8}.join(' => ')}"
|
182
|
-
@verify_errors << msg
|
183
|
-
false
|
184
|
-
else
|
185
|
-
true
|
186
|
-
end
|
187
|
-
end
|
188
|
-
|
189
|
-
# Checks if the set of peer_certs contains at least one certificate issued
|
190
|
-
# by a certificate listed in authz_certs
|
191
|
-
#
|
192
|
-
# @return [Boolean]
|
193
|
-
#
|
194
|
-
# @api private
|
195
|
-
#
|
196
|
-
def has_authz_peer_cert(peer_certs, authz_certs)
|
197
|
-
peer_certs.any? do |peer_cert|
|
198
|
-
authz_certs.any? do |authz_cert|
|
199
|
-
peer_cert.verify(authz_cert.public_key)
|
200
|
-
end
|
201
|
-
end
|
202
|
-
end
|
203
|
-
|
204
|
-
# @api private
|
205
|
-
#
|
206
|
-
def ssl_certificates_are_present?
|
207
|
-
Puppet::FileSystem.exist?(Puppet[:hostcert]) && Puppet::FileSystem.exist?(@ca_path)
|
208
|
-
end
|
209
|
-
end
|
@@ -1,22 +0,0 @@
|
|
1
|
-
require 'puppet/ssl/openssl_loader'
|
2
|
-
require 'puppet/ssl'
|
3
|
-
|
4
|
-
# Performs no SSL verification
|
5
|
-
#
|
6
|
-
# @deprecated
|
7
|
-
# @api private
|
8
|
-
#
|
9
|
-
class Puppet::SSL::Validator::NoValidator < Puppet::SSL::Validator
|
10
|
-
|
11
|
-
def setup_connection(connection)
|
12
|
-
connection.verify_mode = OpenSSL::SSL::VERIFY_NONE
|
13
|
-
end
|
14
|
-
|
15
|
-
def peer_certs
|
16
|
-
[]
|
17
|
-
end
|
18
|
-
|
19
|
-
def verify_errors
|
20
|
-
[]
|
21
|
-
end
|
22
|
-
end
|
data/lib/puppet/ssl/validator.rb
DELETED
@@ -1,61 +0,0 @@
|
|
1
|
-
require 'puppet/ssl/openssl_loader'
|
2
|
-
|
3
|
-
# API for certificate verification
|
4
|
-
#
|
5
|
-
# @deprecated
|
6
|
-
# @api public
|
7
|
-
class Puppet::SSL::Validator
|
8
|
-
|
9
|
-
# Factory method for creating an instance of a null/no validator.
|
10
|
-
# This method does not have to be implemented by concrete implementations of this API.
|
11
|
-
#
|
12
|
-
# @return [Puppet::SSL::Validator] produces a validator that performs no validation
|
13
|
-
#
|
14
|
-
# @api public
|
15
|
-
#
|
16
|
-
def self.no_validator()
|
17
|
-
@@no_validator_cache ||= Puppet::SSL::Validator::NoValidator.new()
|
18
|
-
end
|
19
|
-
|
20
|
-
# Factory method for creating an instance of the default Puppet validator.
|
21
|
-
# This method does not have to be implemented by concrete implementations of this API.
|
22
|
-
#
|
23
|
-
# @return [Puppet::SSL::Validator] produces a validator that performs no validation
|
24
|
-
#
|
25
|
-
# @api public
|
26
|
-
#
|
27
|
-
def self.default_validator()
|
28
|
-
Puppet::SSL::Validator::DefaultValidator.new()
|
29
|
-
end
|
30
|
-
|
31
|
-
# Array of peer certificates
|
32
|
-
# @return [Array<Puppet::SSL::Certificate>] peer certificates
|
33
|
-
#
|
34
|
-
# @api public
|
35
|
-
#
|
36
|
-
def peer_certs
|
37
|
-
raise NotImplementedError, "Concrete class should have implemented this method"
|
38
|
-
end
|
39
|
-
|
40
|
-
# Contains the result of validation
|
41
|
-
# @return [Array<String>, nil] nil, empty Array, or Array with messages
|
42
|
-
#
|
43
|
-
# @api public
|
44
|
-
#
|
45
|
-
def verify_errors
|
46
|
-
raise NotImplementedError, "Concrete class should have implemented this method"
|
47
|
-
end
|
48
|
-
|
49
|
-
# Registers the connection to validate.
|
50
|
-
#
|
51
|
-
# @param [Net::HTTP] connection The connection to validate
|
52
|
-
#
|
53
|
-
# @return [void]
|
54
|
-
#
|
55
|
-
# @api public
|
56
|
-
#
|
57
|
-
def setup_connection(connection)
|
58
|
-
raise NotImplementedError, "Concrete class should have implemented this method"
|
59
|
-
end
|
60
|
-
end
|
61
|
-
|
@@ -1,58 +0,0 @@
|
|
1
|
-
# Allows a `Puppet::SSL::Validator` to be used in situations where a
|
2
|
-
# `Verifier` is required, while preserving the legacy validator behavior of:
|
3
|
-
#
|
4
|
-
# * Loading CA certs from `ssl_client_ca_auth` or `localcacert`
|
5
|
-
# * Verifying each cert in the peer's chain is contained in the file
|
6
|
-
# loaded above.
|
7
|
-
#
|
8
|
-
class Puppet::SSL::VerifierAdapter
|
9
|
-
attr_reader :validator, :ssl_context
|
10
|
-
|
11
|
-
def initialize(validator)
|
12
|
-
@validator = validator
|
13
|
-
|
14
|
-
if validator.is_a?(Puppet::SSL::Validator::NoValidator)
|
15
|
-
ssl = Puppet::SSL::SSLProvider.new
|
16
|
-
@ssl_context = ssl.create_insecure_context
|
17
|
-
else
|
18
|
-
# nil means use the default SSLContext
|
19
|
-
@ssl_context = nil
|
20
|
-
end
|
21
|
-
end
|
22
|
-
|
23
|
-
# Return true if `self` is reusable with `verifier` meaning they
|
24
|
-
# are both using the same class of `Puppet::SSL::Validator`. In this
|
25
|
-
# case we only care the Validator class is the same. We can't require
|
26
|
-
# the same instances, because a new instance is created each time
|
27
|
-
# HttpPool.http_instance is called.
|
28
|
-
#
|
29
|
-
# @param verifier [Puppet::SSL::Verifier] the verifier to compare against
|
30
|
-
# @return [Boolean] return true if a cached connection can be used, false otherwise
|
31
|
-
def reusable?(verifier)
|
32
|
-
verifier.instance_of?(self.class) &&
|
33
|
-
verifier.validator.instance_of?(@validator.class)
|
34
|
-
end
|
35
|
-
|
36
|
-
# Configure the `http` connection based on the current `ssl_context`.
|
37
|
-
#
|
38
|
-
# @param http [Net::HTTP] connection
|
39
|
-
# @api private
|
40
|
-
def setup_connection(http)
|
41
|
-
@validator.setup_connection(http)
|
42
|
-
end
|
43
|
-
|
44
|
-
# Handle an SSL connection error.
|
45
|
-
#
|
46
|
-
# @param http [Net::HTTP] connection
|
47
|
-
# @param error [OpenSSL::SSL::SSLError] connection error
|
48
|
-
# @return (see Puppet::SSL::Verifier#handle_connection_error)
|
49
|
-
# @raise [Puppet::SSL::CertVerifyError] SSL connection failed due to a
|
50
|
-
# verification error with the server's certificate or chain
|
51
|
-
# @raise [Puppet::Error] server hostname does not match certificate
|
52
|
-
# @raise [OpenSSL::SSL::SSLError] low-level SSL connection failure
|
53
|
-
def handle_connection_error(http, error)
|
54
|
-
raise @validator.last_error if @validator.respond_to?(:last_error) && @validator.last_error
|
55
|
-
|
56
|
-
Puppet::Util::SSL.handle_connection_error(error, @validator, http.address)
|
57
|
-
end
|
58
|
-
end
|
data/lib/puppet/status.rb
DELETED
@@ -1,40 +0,0 @@
|
|
1
|
-
require 'puppet/indirector'
|
2
|
-
|
3
|
-
class Puppet::Status
|
4
|
-
extend Puppet::Indirector
|
5
|
-
indirects :status, :terminus_class => :local
|
6
|
-
|
7
|
-
attr_accessor :status
|
8
|
-
|
9
|
-
def initialize( status = nil )
|
10
|
-
@status = status || {"is_alive" => true}
|
11
|
-
end
|
12
|
-
|
13
|
-
def to_data_hash
|
14
|
-
@status
|
15
|
-
end
|
16
|
-
|
17
|
-
def self.from_data_hash(data)
|
18
|
-
if data.include?('status')
|
19
|
-
self.new(data['status'])
|
20
|
-
else
|
21
|
-
self.new(data)
|
22
|
-
end
|
23
|
-
end
|
24
|
-
|
25
|
-
def name
|
26
|
-
"status"
|
27
|
-
end
|
28
|
-
|
29
|
-
def name=(name)
|
30
|
-
# NOOP
|
31
|
-
end
|
32
|
-
|
33
|
-
def version
|
34
|
-
@status['version']
|
35
|
-
end
|
36
|
-
|
37
|
-
def version=(version)
|
38
|
-
@status['version'] = version
|
39
|
-
end
|
40
|
-
end
|
@@ -1,88 +0,0 @@
|
|
1
|
-
require 'puppet'
|
2
|
-
require 'puppet/util/warnings'
|
3
|
-
|
4
|
-
module Puppet::Util
|
5
|
-
module Connection
|
6
|
-
extend Puppet::Util::Warnings
|
7
|
-
|
8
|
-
# The logic for server and port is kind of gross. In summary:
|
9
|
-
# IF an endpoint-specific setting is requested AND that setting has been set by the user
|
10
|
-
# Use that setting.
|
11
|
-
# The defaults for these settings are the "normal" server/serverport settings, so
|
12
|
-
# when they are unset we instead want to "fall back" to the failover-selected
|
13
|
-
# host/port pair.
|
14
|
-
# ELSE IF we have a failover-selected host/port
|
15
|
-
# Use what the failover logic came up with
|
16
|
-
# ELSE IF the server_list setting is in use
|
17
|
-
# Use the first entry - failover hasn't happened yet, but that
|
18
|
-
# setting is still authoritative
|
19
|
-
# ELSE
|
20
|
-
# Go for the legacy server/serverport settings, and hope for the best
|
21
|
-
|
22
|
-
# Determines which server to use based on the specified setting, taking into
|
23
|
-
# account HA fallback from server_list.
|
24
|
-
# @param [Symbol] setting The preferred server setting to use
|
25
|
-
# @return [String] the name of the server for use in the request
|
26
|
-
def self.determine_server(setting)
|
27
|
-
if setting && setting != :server && Puppet.settings.set_by_config?(setting)
|
28
|
-
debug_once _("Selected server from the %{setting} setting: %{server}") % {setting: setting, server: Puppet.settings[setting]}
|
29
|
-
Puppet[setting]
|
30
|
-
else
|
31
|
-
server = Puppet.lookup(:server) do
|
32
|
-
primary_server = Puppet.settings[:server_list][0]
|
33
|
-
if primary_server
|
34
|
-
#TRANSLATORS 'server_list' is the name of a setting and should not be translated
|
35
|
-
debug_once _("Dynamically-bound server lookup failed; using first entry from the `server_list` setting: %{server}") % {server: primary_server[0]}
|
36
|
-
primary_server[0]
|
37
|
-
else
|
38
|
-
setting ||= :server
|
39
|
-
debug_once _("Dynamically-bound server lookup failed, falling back to %{setting} setting: %{server}") % {setting: setting, server: Puppet.settings[setting]}
|
40
|
-
Puppet.settings[setting]
|
41
|
-
end
|
42
|
-
end
|
43
|
-
server
|
44
|
-
end
|
45
|
-
end
|
46
|
-
|
47
|
-
# Determines which port to use based on the specified setting, taking into
|
48
|
-
# account HA fallback from server_list.
|
49
|
-
# For port there's a little bit of an extra snag: setting a specific
|
50
|
-
# server setting and relying on the default port for that server is
|
51
|
-
# common, so we also want to check if the assocaited SERVER setting
|
52
|
-
# has been set by the user. If either of those are set we ignore the
|
53
|
-
# failover-selected port.
|
54
|
-
# @param [Symbol] port_setting The preferred port setting to use
|
55
|
-
# @param [Symbol] server_setting The server setting assoicated with this route.
|
56
|
-
# @return [Integer] the port to use for use in the request
|
57
|
-
def self.determine_port(port_setting, server_setting)
|
58
|
-
if (port_setting && port_setting != :serverport && Puppet.settings.set_by_config?(port_setting)) ||
|
59
|
-
(server_setting && server_setting != :server && Puppet.settings.set_by_config?(server_setting))
|
60
|
-
debug_once _("Selected port from the %{setting} setting: %{port}") % {setting: port_setting, port: Puppet.settings[port_setting].to_i}
|
61
|
-
Puppet.settings[port_setting].to_i
|
62
|
-
else
|
63
|
-
port = Puppet.lookup(:serverport) do
|
64
|
-
primary_server = Puppet.settings[:server_list][0]
|
65
|
-
if primary_server
|
66
|
-
# Port might not be set, so we want to fallback in that
|
67
|
-
# case. We know we don't need to use `setting` here, since
|
68
|
-
# the default value of every port setting is `serverport`
|
69
|
-
if primary_server[1]
|
70
|
-
#TRANSLATORS 'server_list' is the name of a setting and should not be translated
|
71
|
-
debug_once _("Dynamically-bound port lookup failed; using first entry from the `server_list` setting: %{port}") % {port: primary_server[1]}
|
72
|
-
primary_server[1]
|
73
|
-
else
|
74
|
-
#TRANSLATORS 'serverport' is the name of a setting and should not be translated
|
75
|
-
debug_once _("Dynamically-bound port lookup failed; falling back to `serverport` setting: %{port}") % {port: Puppet.settings[:serverport]}
|
76
|
-
Puppet.settings[:serverport]
|
77
|
-
end
|
78
|
-
else
|
79
|
-
port_setting ||= :serverport
|
80
|
-
debug_once _("Dynamically-bound port lookup failed; falling back to %{setting} setting: %{port}") % {setting: port_setting, port: Puppet.settings[port_setting]}
|
81
|
-
Puppet.settings[port_setting]
|
82
|
-
end
|
83
|
-
end
|
84
|
-
port.to_i
|
85
|
-
end
|
86
|
-
end
|
87
|
-
end
|
88
|
-
end
|
data/lib/puppet/util/fact_dif.rb
DELETED
@@ -1,81 +0,0 @@
|
|
1
|
-
require 'json'
|
2
|
-
|
3
|
-
class FactDif
|
4
|
-
def initialize(old_output, new_output, exclude_list, save_structured)
|
5
|
-
@c_facter = JSON.parse(old_output)
|
6
|
-
@next_facter = JSON.parse(new_output)
|
7
|
-
@exclude_list = exclude_list
|
8
|
-
@save_structured = save_structured
|
9
|
-
@flat_diff = []
|
10
|
-
@diff = {}
|
11
|
-
end
|
12
|
-
|
13
|
-
def difs
|
14
|
-
search_hash(((@c_facter.to_a - @next_facter.to_a) | (@next_facter.to_a - @c_facter.to_a)).to_h)
|
15
|
-
|
16
|
-
@flat_diff.sort_by { |a| a[0] }.each do |pair|
|
17
|
-
fact_path = pair[0]
|
18
|
-
value = pair[1]
|
19
|
-
compare(fact_path, value, @c_facter)
|
20
|
-
compare(fact_path, value, @next_facter)
|
21
|
-
end
|
22
|
-
|
23
|
-
@diff
|
24
|
-
end
|
25
|
-
|
26
|
-
private
|
27
|
-
|
28
|
-
def search_hash(sh, path = [])
|
29
|
-
if sh.is_a?(Hash)
|
30
|
-
sh.each do |k, v|
|
31
|
-
search_hash(v, path.push(k))
|
32
|
-
path.pop
|
33
|
-
end
|
34
|
-
elsif sh.is_a?(Array)
|
35
|
-
sh.each_with_index do |v, index|
|
36
|
-
search_hash(v, path.push(index))
|
37
|
-
path.pop
|
38
|
-
end
|
39
|
-
else
|
40
|
-
@flat_diff.push([path.dup, sh])
|
41
|
-
end
|
42
|
-
end
|
43
|
-
|
44
|
-
def compare(fact_path, given_value, compared_hash)
|
45
|
-
compared_value = compared_hash.dig(*fact_path)
|
46
|
-
if different?(compared_value, given_value) && !excluded?(fact_path.join('.'))
|
47
|
-
fact_path = fact_path.map{|f| f.to_s.include?('.') ? "\"#{f}\"" : f}.join('.') unless @save_structured
|
48
|
-
if compared_hash == @c_facter
|
49
|
-
bury(*fact_path, { :new_value => given_value, :old_value => compared_value }, @diff)
|
50
|
-
else
|
51
|
-
bury(*fact_path, { :new_value => compared_value, :old_value => given_value }, @diff)
|
52
|
-
end
|
53
|
-
end
|
54
|
-
end
|
55
|
-
|
56
|
-
def bury(*paths, value, hash)
|
57
|
-
if paths.count > 1
|
58
|
-
path = paths.shift
|
59
|
-
hash[path] = Hash.new unless hash.key?(path)
|
60
|
-
bury(*paths, value, hash[path])
|
61
|
-
else
|
62
|
-
hash[*paths] = value
|
63
|
-
end
|
64
|
-
end
|
65
|
-
|
66
|
-
def different?(new, old)
|
67
|
-
if old.is_a?(String) && new.is_a?(String) && (old.include?(',') || new.include?(','))
|
68
|
-
old_values = old.split(',')
|
69
|
-
new_values = new.split(',')
|
70
|
-
|
71
|
-
diff = (old_values - new_values) | (new_values - old_values)
|
72
|
-
return diff.size.positive?
|
73
|
-
end
|
74
|
-
|
75
|
-
old != new
|
76
|
-
end
|
77
|
-
|
78
|
-
def excluded?(fact_name)
|
79
|
-
@exclude_list.any? {|excluded_fact| fact_name =~ /#{excluded_fact}/}
|
80
|
-
end
|
81
|
-
end
|
data/lib/puppet/util/ssl.rb
DELETED
@@ -1,83 +0,0 @@
|
|
1
|
-
require 'puppet/ssl/openssl_loader'
|
2
|
-
|
3
|
-
##
|
4
|
-
# SSL is a private module with class methods that help work with x.509
|
5
|
-
# subjects and errors.
|
6
|
-
#
|
7
|
-
# @api private
|
8
|
-
module Puppet::Util::SSL
|
9
|
-
|
10
|
-
@@dn_parsers = nil
|
11
|
-
@@no_name = nil
|
12
|
-
|
13
|
-
# Given a DN string, parse it into an OpenSSL certificate subject. This
|
14
|
-
# method will flexibly handle both OpenSSL and RFC2253 formats, as given by
|
15
|
-
# nginx and Apache, respectively.
|
16
|
-
#
|
17
|
-
# @param [String] dn the x.509 Distinguished Name (DN) string.
|
18
|
-
#
|
19
|
-
# @return [OpenSSL::X509::Name] the certificate subject
|
20
|
-
def self.subject_from_dn(dn)
|
21
|
-
if is_possibly_valid_dn?(dn)
|
22
|
-
parsers = @@dn_parsers ||= [
|
23
|
-
OpenSSL::X509::Name.method(:parse_rfc2253),
|
24
|
-
OpenSSL::X509::Name.method(:parse_openssl)
|
25
|
-
]
|
26
|
-
parsers.each do |parser|
|
27
|
-
begin
|
28
|
-
return parser.call(dn)
|
29
|
-
rescue OpenSSL::X509::NameError
|
30
|
-
end
|
31
|
-
end
|
32
|
-
end
|
33
|
-
|
34
|
-
@@no_name ||= OpenSSL::X509::Name.new
|
35
|
-
end
|
36
|
-
|
37
|
-
##
|
38
|
-
# cn_from_subject extracts the CN from the given OpenSSL certificate
|
39
|
-
# subject.
|
40
|
-
#
|
41
|
-
# @api private
|
42
|
-
#
|
43
|
-
# @param [OpenSSL::X509::Name] subject the subject to extract the CN field from
|
44
|
-
#
|
45
|
-
# @return [String, nil] the CN, or nil if not found
|
46
|
-
def self.cn_from_subject(subject)
|
47
|
-
if subject.respond_to? :to_a
|
48
|
-
(subject.to_a.assoc('CN') || [])[1]
|
49
|
-
end
|
50
|
-
end
|
51
|
-
|
52
|
-
def self.is_possibly_valid_dn?(dn)
|
53
|
-
dn =~ /=/
|
54
|
-
end
|
55
|
-
|
56
|
-
##
|
57
|
-
# Extract and format meaningful error messages from OpenSSL::OpenSSLErrors
|
58
|
-
# and a Validator. Re-raises the error if unknown.
|
59
|
-
#
|
60
|
-
# @api private
|
61
|
-
#
|
62
|
-
# @param [OpenSSL::OpenSSLError] error An error thrown during creating a
|
63
|
-
# connection
|
64
|
-
# @param [Puppet::SSL::DefaultValidator] verifier A Validator who may have
|
65
|
-
# invalidated the connection
|
66
|
-
# @param [String] host The DNS name of the other end of the SSL connection
|
67
|
-
#
|
68
|
-
# @raises [Puppet::Error, OpenSSL::OpenSSLError]
|
69
|
-
def self.handle_connection_error(error, verifier, host)
|
70
|
-
# can be nil
|
71
|
-
peer_cert = verifier.peer_certs.last
|
72
|
-
|
73
|
-
if error.message.include? "certificate verify failed"
|
74
|
-
msg = error.message
|
75
|
-
msg << ": [" + verifier.verify_errors.join('; ') + "]"
|
76
|
-
raise Puppet::Error, msg, error.backtrace
|
77
|
-
elsif peer_cert && !OpenSSL::SSL.verify_certificate_identity(peer_cert, host)
|
78
|
-
raise Puppet::SSL::CertMismatchError.new(peer_cert, host)
|
79
|
-
else
|
80
|
-
raise error
|
81
|
-
end
|
82
|
-
end
|
83
|
-
end
|