puppet 6.29.0 → 7.0.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of puppet might be problematic. Click here for more details.

Files changed (811) hide show
  1. checksums.yaml +4 -4
  2. data/CODEOWNERS +16 -2
  3. data/CONTRIBUTING.md +5 -5
  4. data/Gemfile +5 -7
  5. data/Gemfile.lock +52 -143
  6. data/README.md +5 -5
  7. data/conf/fileserver.conf +5 -10
  8. data/ext/README.environment +8 -0
  9. data/ext/build_defaults.yaml +1 -1
  10. data/ext/dbfix.sql +132 -0
  11. data/ext/debian/README.Debian +8 -0
  12. data/ext/debian/README.source +2 -0
  13. data/ext/debian/TODO.Debian +1 -0
  14. data/ext/debian/changelog.erb +1122 -0
  15. data/ext/debian/compat +1 -0
  16. data/ext/debian/control +144 -0
  17. data/ext/debian/copyright +339 -0
  18. data/ext/debian/docs +1 -0
  19. data/ext/debian/fileserver.conf +41 -0
  20. data/ext/debian/puppet-common.dirs +13 -0
  21. data/ext/debian/puppet-common.install +3 -0
  22. data/ext/debian/puppet-common.lintian-overrides +5 -0
  23. data/ext/debian/puppet-common.manpages +28 -0
  24. data/ext/debian/puppet-common.postinst +35 -0
  25. data/ext/debian/puppet-common.postrm +33 -0
  26. data/ext/debian/puppet-el.dirs +1 -0
  27. data/ext/debian/puppet-el.emacsen-install +25 -0
  28. data/ext/debian/puppet-el.emacsen-remove +11 -0
  29. data/ext/debian/puppet-el.emacsen-startup +9 -0
  30. data/ext/debian/puppet-el.install +1 -0
  31. data/ext/debian/puppet-testsuite.install +2 -0
  32. data/ext/debian/puppet-testsuite.lintian-overrides +4 -0
  33. data/ext/debian/puppet.lintian-overrides +3 -0
  34. data/ext/debian/puppet.logrotate +20 -0
  35. data/ext/debian/puppet.postinst +20 -0
  36. data/ext/debian/puppet.postrm +20 -0
  37. data/ext/debian/puppet.preinst +20 -0
  38. data/ext/debian/puppetmaster-common.install +2 -0
  39. data/ext/debian/puppetmaster-common.manpages +2 -0
  40. data/ext/debian/puppetmaster-common.postinst +6 -0
  41. data/ext/debian/puppetmaster-passenger.dirs +4 -0
  42. data/ext/debian/puppetmaster-passenger.postinst +162 -0
  43. data/ext/debian/puppetmaster-passenger.postrm +61 -0
  44. data/ext/debian/puppetmaster.README.debian +17 -0
  45. data/ext/debian/puppetmaster.default +14 -0
  46. data/ext/debian/puppetmaster.init +137 -0
  47. data/ext/debian/puppetmaster.lintian-overrides +3 -0
  48. data/ext/debian/puppetmaster.postinst +20 -0
  49. data/ext/debian/puppetmaster.postrm +5 -0
  50. data/ext/debian/puppetmaster.preinst +22 -0
  51. data/ext/debian/rules +132 -0
  52. data/ext/debian/source/format +1 -0
  53. data/ext/debian/source/options +1 -0
  54. data/ext/debian/vim-puppet.README.Debian +13 -0
  55. data/ext/debian/vim-puppet.dirs +5 -0
  56. data/ext/debian/vim-puppet.yaml +7 -0
  57. data/ext/debian/watch +2 -0
  58. data/ext/freebsd/puppetd +26 -0
  59. data/ext/freebsd/puppetmasterd +26 -0
  60. data/ext/gentoo/conf.d/puppet +5 -0
  61. data/ext/gentoo/conf.d/puppetmaster +12 -0
  62. data/ext/gentoo/init.d/puppet +38 -0
  63. data/ext/gentoo/init.d/puppetmaster +51 -0
  64. data/ext/gentoo/puppet/fileserver.conf +41 -0
  65. data/ext/ips/puppet-agent +44 -0
  66. data/ext/ips/puppet-master +44 -0
  67. data/ext/ips/puppet.p5m.erb +12 -0
  68. data/ext/ips/puppetagent.xml +42 -0
  69. data/ext/ips/puppetmaster.xml +42 -0
  70. data/ext/ips/rules +19 -0
  71. data/ext/ips/transforms +34 -0
  72. data/ext/ldap/puppet.schema +24 -0
  73. data/ext/logcheck/puppet +23 -0
  74. data/{examples → ext}/nagios/check_puppet.rb +2 -2
  75. data/ext/osx/file_mapping.yaml +28 -0
  76. data/ext/osx/postflight.erb +109 -0
  77. data/ext/osx/preflight.erb +52 -0
  78. data/ext/osx/prototype.plist.erb +38 -0
  79. data/ext/osx/puppet.plist +0 -2
  80. data/ext/project_data.yaml +2 -16
  81. data/ext/redhat/fileserver.conf +41 -0
  82. data/ext/redhat/logrotate +21 -0
  83. data/ext/redhat/puppet.spec.erb +841 -0
  84. data/ext/redhat/server.init +128 -0
  85. data/ext/redhat/server.sysconfig +13 -0
  86. data/{examples/enc → ext}/regexp_nodes/classes/databases +0 -0
  87. data/{examples/enc → ext}/regexp_nodes/classes/webservers +0 -0
  88. data/{examples/enc → ext}/regexp_nodes/environment/development +0 -0
  89. data/{examples/enc → ext}/regexp_nodes/parameters/service/prod +0 -0
  90. data/{examples/enc → ext}/regexp_nodes/parameters/service/qa +0 -0
  91. data/{examples/enc → ext}/regexp_nodes/parameters/service/sandbox +0 -0
  92. data/{examples/enc → ext}/regexp_nodes/regexp_nodes.rb +0 -0
  93. data/ext/solaris/pkginfo +6 -0
  94. data/ext/solaris/smf/puppetd.xml +77 -0
  95. data/ext/solaris/smf/puppetmasterd.xml +77 -0
  96. data/ext/solaris/smf/svc-puppetd +71 -0
  97. data/ext/solaris/smf/svc-puppetmasterd +67 -0
  98. data/ext/suse/puppet.spec +310 -0
  99. data/ext/suse/server.init +173 -0
  100. data/ext/windows/service/daemon.rb +6 -5
  101. data/ext/yaml_nodes.rb +105 -0
  102. data/install.rb +21 -17
  103. data/lib/puppet/agent.rb +11 -47
  104. data/lib/puppet/application/agent.rb +16 -18
  105. data/lib/puppet/application/apply.rb +4 -24
  106. data/lib/puppet/application/device.rb +100 -106
  107. data/lib/puppet/application/filebucket.rb +13 -10
  108. data/lib/puppet/application/lookup.rb +24 -74
  109. data/lib/puppet/application/resource.rb +16 -32
  110. data/lib/puppet/application/script.rb +0 -2
  111. data/lib/puppet/application/ssl.rb +1 -13
  112. data/lib/puppet/application.rb +178 -108
  113. data/lib/puppet/application_support.rb +0 -7
  114. data/lib/puppet/concurrent/thread_local_singleton.rb +3 -6
  115. data/lib/puppet/configurer/downloader.rb +1 -2
  116. data/lib/puppet/configurer/plugin_handler.rb +21 -19
  117. data/lib/puppet/configurer.rb +86 -183
  118. data/lib/puppet/confine/variable.rb +1 -1
  119. data/lib/puppet/defaults.rb +130 -244
  120. data/lib/puppet/environments.rb +82 -146
  121. data/lib/puppet/face/facts.rb +5 -103
  122. data/lib/puppet/face/generate.rb +0 -2
  123. data/lib/puppet/face/help/action.erb +0 -1
  124. data/lib/puppet/face/help/face.erb +0 -1
  125. data/lib/puppet/face/help.rb +1 -1
  126. data/lib/puppet/face/node/clean.rb +0 -11
  127. data/lib/puppet/face/plugin.rb +5 -8
  128. data/lib/puppet/ffi/windows/api_types.rb +311 -0
  129. data/lib/puppet/ffi/windows/constants.rb +404 -0
  130. data/lib/puppet/ffi/windows/functions.rb +628 -0
  131. data/lib/puppet/ffi/windows/structs.rb +338 -0
  132. data/lib/puppet/ffi/windows.rb +12 -0
  133. data/lib/puppet/file_serving/configuration/parser.rb +3 -34
  134. data/lib/puppet/file_serving/configuration.rb +0 -8
  135. data/lib/puppet/file_serving/fileset.rb +2 -14
  136. data/lib/puppet/file_serving/http_metadata.rb +1 -1
  137. data/lib/puppet/file_serving/metadata.rb +0 -3
  138. data/lib/puppet/file_serving/mount/file.rb +4 -4
  139. data/lib/puppet/file_serving/mount.rb +1 -2
  140. data/lib/puppet/file_system/file_impl.rb +8 -10
  141. data/lib/puppet/file_system/jruby.rb +1 -1
  142. data/lib/puppet/file_system/memory_file.rb +1 -8
  143. data/lib/puppet/file_system/windows.rb +6 -8
  144. data/lib/puppet/file_system.rb +1 -1
  145. data/lib/puppet/forge/repository.rb +0 -1
  146. data/lib/puppet/forge.rb +4 -4
  147. data/lib/puppet/functions/all.rb +1 -1
  148. data/lib/puppet/functions/camelcase.rb +1 -1
  149. data/lib/puppet/functions/capitalize.rb +2 -2
  150. data/lib/puppet/functions/downcase.rb +2 -2
  151. data/lib/puppet/functions/empty.rb +0 -8
  152. data/lib/puppet/functions/find_template.rb +2 -2
  153. data/lib/puppet/functions/get.rb +5 -5
  154. data/lib/puppet/functions/group_by.rb +5 -13
  155. data/lib/puppet/functions/lest.rb +1 -1
  156. data/lib/puppet/functions/new.rb +100 -100
  157. data/lib/puppet/functions/next.rb +1 -18
  158. data/lib/puppet/functions/partition.rb +4 -12
  159. data/lib/puppet/functions/require.rb +5 -5
  160. data/lib/puppet/functions/sort.rb +3 -3
  161. data/lib/puppet/functions/strftime.rb +0 -1
  162. data/lib/puppet/functions/tree_each.rb +10 -7
  163. data/lib/puppet/functions/type.rb +4 -4
  164. data/lib/puppet/functions/unwrap.rb +2 -17
  165. data/lib/puppet/functions/upcase.rb +2 -2
  166. data/lib/puppet/functions/versioncmp.rb +2 -6
  167. data/lib/puppet/generate/models/type/type.rb +4 -1
  168. data/lib/puppet/generate/type.rb +0 -9
  169. data/lib/puppet/http/client.rb +167 -137
  170. data/lib/puppet/{network/resolver.rb → http/dns.rb} +2 -2
  171. data/lib/puppet/http/errors.rb +16 -0
  172. data/lib/puppet/http/external_client.rb +5 -7
  173. data/lib/puppet/{network/http → http}/factory.rb +8 -15
  174. data/lib/puppet/{network/http → http}/pool.rb +61 -26
  175. data/lib/puppet/{network/http/session.rb → http/pool_entry.rb} +2 -3
  176. data/lib/puppet/http/proxy.rb +137 -0
  177. data/lib/puppet/http/redirector.rb +4 -17
  178. data/lib/puppet/http/resolver/server_list.rb +10 -25
  179. data/lib/puppet/http/resolver/settings.rb +4 -7
  180. data/lib/puppet/http/resolver/srv.rb +7 -11
  181. data/lib/puppet/http/resolver.rb +5 -15
  182. data/lib/puppet/http/response.rb +36 -54
  183. data/lib/puppet/http/response_converter.rb +24 -0
  184. data/lib/puppet/http/response_net_http.rb +42 -0
  185. data/lib/puppet/http/retry_after_handler.rb +4 -13
  186. data/lib/puppet/http/service/ca.rb +11 -22
  187. data/lib/puppet/http/service/compiler.rb +23 -144
  188. data/lib/puppet/http/service/file_server.rb +19 -29
  189. data/lib/puppet/http/service/puppetserver.rb +26 -12
  190. data/lib/puppet/http/service/report.rb +8 -10
  191. data/lib/puppet/http/service.rb +12 -26
  192. data/lib/puppet/http/session.rb +11 -20
  193. data/lib/puppet/{network/http → http}/site.rb +1 -2
  194. data/lib/puppet/http.rb +22 -13
  195. data/lib/puppet/indirector/catalog/compiler.rb +6 -25
  196. data/lib/puppet/indirector/catalog/rest.rb +2 -5
  197. data/lib/puppet/indirector/facts/facter.rb +6 -6
  198. data/lib/puppet/indirector/facts/rest.rb +3 -22
  199. data/lib/puppet/indirector/file_bucket_file/rest.rb +3 -9
  200. data/lib/puppet/indirector/file_content/rest.rb +2 -6
  201. data/lib/puppet/indirector/file_metadata/rest.rb +3 -10
  202. data/lib/puppet/indirector/file_server.rb +1 -8
  203. data/lib/puppet/indirector/generic_http.rb +0 -11
  204. data/lib/puppet/indirector/indirection.rb +1 -1
  205. data/lib/puppet/indirector/node/rest.rb +2 -4
  206. data/lib/puppet/indirector/report/rest.rb +3 -8
  207. data/lib/puppet/indirector/request.rb +0 -101
  208. data/lib/puppet/indirector/resource/ral.rb +1 -6
  209. data/lib/puppet/indirector/rest.rb +12 -263
  210. data/lib/puppet/indirector/terminus.rb +0 -4
  211. data/lib/puppet/interface/documentation.rb +0 -1
  212. data/lib/puppet/module/plan.rb +1 -0
  213. data/lib/puppet/module/task.rb +1 -1
  214. data/lib/puppet/module.rb +0 -1
  215. data/lib/puppet/module_tool/applications/installer.rb +2 -56
  216. data/lib/puppet/module_tool/applications/uninstaller.rb +1 -1
  217. data/lib/puppet/module_tool/applications/upgrader.rb +1 -1
  218. data/lib/puppet/module_tool/applications.rb +0 -1
  219. data/lib/puppet/module_tool/errors/shared.rb +2 -34
  220. data/lib/puppet/network/authconfig.rb +2 -96
  221. data/lib/puppet/network/authorization.rb +13 -35
  222. data/lib/puppet/network/formats.rb +0 -67
  223. data/lib/puppet/network/http/api/indirected_routes.rb +3 -21
  224. data/lib/puppet/network/http/api/master/v3.rb +11 -13
  225. data/lib/puppet/network/http/connection.rb +247 -316
  226. data/lib/puppet/network/http/handler.rb +0 -1
  227. data/lib/puppet/network/http.rb +3 -3
  228. data/lib/puppet/network/http_pool.rb +16 -34
  229. data/lib/puppet/node/environment.rb +11 -10
  230. data/lib/puppet/node.rb +2 -31
  231. data/lib/puppet/pal/json_catalog_encoder.rb +4 -0
  232. data/lib/puppet/pal/pal_impl.rb +4 -2
  233. data/lib/puppet/parser/ast/leaf.rb +2 -3
  234. data/lib/puppet/parser/ast/pops_bridge.rb +0 -38
  235. data/lib/puppet/parser/compiler/catalog_validator/relationship_validator.rb +14 -39
  236. data/lib/puppet/parser/compiler.rb +0 -198
  237. data/lib/puppet/parser/functions/fqdn_rand.rb +6 -14
  238. data/lib/puppet/parser/resource.rb +1 -70
  239. data/lib/puppet/parser/scope.rb +0 -1
  240. data/lib/puppet/parser/templatewrapper.rb +1 -2
  241. data/lib/puppet/pops/evaluator/closure.rb +5 -7
  242. data/lib/puppet/pops/evaluator/deferred_resolver.rb +3 -5
  243. data/lib/puppet/pops/evaluator/evaluator_impl.rb +0 -5
  244. data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +3 -4
  245. data/lib/puppet/pops/evaluator/runtime3_support.rb +1 -1
  246. data/lib/puppet/pops/issues.rb +0 -5
  247. data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +6 -8
  248. data/lib/puppet/pops/lookup/lookup_adapter.rb +2 -3
  249. data/lib/puppet/pops/model/ast.pp +0 -42
  250. data/lib/puppet/pops/model/ast.rb +0 -291
  251. data/lib/puppet/pops/model/ast_transformer.rb +1 -1
  252. data/lib/puppet/pops/model/factory.rb +1 -47
  253. data/lib/puppet/pops/model/model_label_provider.rb +0 -5
  254. data/lib/puppet/pops/model/model_tree_dumper.rb +0 -22
  255. data/lib/puppet/pops/model/pn_transformer.rb +0 -16
  256. data/lib/puppet/pops/parser/code_merger.rb +4 -4
  257. data/lib/puppet/pops/parser/egrammar.ra +0 -58
  258. data/lib/puppet/pops/parser/eparser.rb +1685 -1896
  259. data/lib/puppet/pops/parser/lexer2.rb +91 -92
  260. data/lib/puppet/pops/parser/parser_support.rb +0 -5
  261. data/lib/puppet/pops/parser/slurp_support.rb +0 -1
  262. data/lib/puppet/pops/resource/resource_type_impl.rb +2 -24
  263. data/lib/puppet/pops/serialization/to_stringified_converter.rb +1 -1
  264. data/lib/puppet/pops/types/p_sem_ver_type.rb +2 -8
  265. data/lib/puppet/pops/types/p_sensitive_type.rb +0 -10
  266. data/lib/puppet/pops/types/type_calculator.rb +0 -7
  267. data/lib/puppet/pops/types/type_formatter.rb +3 -4
  268. data/lib/puppet/pops/types/type_mismatch_describer.rb +1 -1
  269. data/lib/puppet/pops/types/type_parser.rb +0 -4
  270. data/lib/puppet/pops/types/types.rb +1 -2
  271. data/lib/puppet/pops/validation/checker4_0.rb +9 -37
  272. data/lib/puppet/pops/validation/tasks_checker.rb +0 -12
  273. data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -2
  274. data/lib/puppet/property/list.rb +1 -1
  275. data/lib/puppet/provider/aix_object.rb +1 -1
  276. data/lib/puppet/provider/exec/posix.rb +4 -16
  277. data/lib/puppet/provider/group/groupadd.rb +10 -18
  278. data/lib/puppet/provider/nameservice.rb +0 -18
  279. data/lib/puppet/provider/package/apt.rb +2 -34
  280. data/lib/puppet/provider/package/aptitude.rb +0 -6
  281. data/lib/puppet/provider/package/dnfmodule.rb +1 -1
  282. data/lib/puppet/provider/package/dpkg.rb +0 -10
  283. data/lib/puppet/provider/package/gem.rb +23 -3
  284. data/lib/puppet/provider/package/nim.rb +6 -11
  285. data/lib/puppet/provider/package/pip.rb +3 -16
  286. data/lib/puppet/provider/package/pkg.rb +2 -23
  287. data/lib/puppet/provider/package/portage.rb +1 -1
  288. data/lib/puppet/provider/package/puppet_gem.rb +1 -4
  289. data/lib/puppet/provider/package/puppetserver_gem.rb +17 -8
  290. data/lib/puppet/provider/package/windows/exe_package.rb +1 -30
  291. data/lib/puppet/provider/package/windows/package.rb +1 -2
  292. data/lib/puppet/provider/package/windows.rb +1 -14
  293. data/lib/puppet/provider/package/yum.rb +1 -1
  294. data/lib/puppet/provider/parsedfile.rb +0 -3
  295. data/lib/puppet/provider/service/base.rb +1 -1
  296. data/lib/puppet/provider/service/debian.rb +0 -2
  297. data/lib/puppet/provider/service/init.rb +9 -10
  298. data/lib/puppet/provider/service/launchd.rb +2 -2
  299. data/lib/puppet/provider/service/redhat.rb +1 -1
  300. data/lib/puppet/provider/service/smf.rb +194 -76
  301. data/lib/puppet/provider/service/systemd.rb +6 -16
  302. data/lib/puppet/provider/service/upstart.rb +5 -5
  303. data/lib/puppet/provider/service/windows.rb +0 -38
  304. data/lib/puppet/provider/user/aix.rb +3 -46
  305. data/lib/puppet/provider/user/directoryservice.rb +11 -39
  306. data/lib/puppet/provider/user/useradd.rb +24 -134
  307. data/lib/puppet/provider.rb +1 -14
  308. data/lib/puppet/reference/configuration.rb +8 -7
  309. data/lib/puppet/reference/indirection.rb +1 -1
  310. data/lib/puppet/reference/providers.rb +2 -2
  311. data/lib/puppet/resource/catalog.rb +2 -15
  312. data/lib/puppet/resource/type.rb +3 -119
  313. data/lib/puppet/resource/type_collection.rb +3 -49
  314. data/lib/puppet/resource.rb +6 -127
  315. data/lib/puppet/runtime.rb +2 -13
  316. data/lib/puppet/settings/environment_conf.rb +0 -1
  317. data/lib/puppet/settings/integer_setting.rb +17 -0
  318. data/lib/puppet/settings/port_setting.rb +15 -0
  319. data/lib/puppet/settings/priority_setting.rb +5 -4
  320. data/lib/puppet/settings.rb +82 -98
  321. data/lib/puppet/ssl/base.rb +3 -5
  322. data/lib/puppet/ssl/certificate.rb +0 -6
  323. data/lib/puppet/ssl/certificate_request.rb +1 -12
  324. data/lib/puppet/ssl/certificate_signer.rb +6 -0
  325. data/lib/puppet/ssl/oids.rb +3 -1
  326. data/lib/puppet/ssl/ssl_provider.rb +36 -75
  327. data/lib/puppet/ssl/state_machine.rb +20 -14
  328. data/lib/puppet/ssl/verifier.rb +2 -6
  329. data/lib/puppet/ssl.rb +10 -6
  330. data/lib/puppet/test/test_helper.rb +2 -7
  331. data/lib/puppet/transaction/additional_resource_generator.rb +1 -1
  332. data/lib/puppet/transaction/persistence.rb +1 -21
  333. data/lib/puppet/transaction/report.rb +3 -19
  334. data/lib/puppet/transaction.rb +1 -7
  335. data/lib/puppet/type/exec.rb +6 -36
  336. data/lib/puppet/type/file/checksum.rb +1 -1
  337. data/lib/puppet/type/file/data_sync.rb +1 -1
  338. data/lib/puppet/type/file/mode.rb +0 -6
  339. data/lib/puppet/type/file/selcontext.rb +1 -1
  340. data/lib/puppet/type/file/source.rb +1 -1
  341. data/lib/puppet/type/file.rb +12 -32
  342. data/lib/puppet/type/filebucket.rb +4 -4
  343. data/lib/puppet/type/group.rb +1 -0
  344. data/lib/puppet/type/package.rb +8 -16
  345. data/lib/puppet/type/resources.rb +1 -1
  346. data/lib/puppet/type/service.rb +41 -26
  347. data/lib/puppet/type/tidy.rb +3 -22
  348. data/lib/puppet/type/user.rb +13 -35
  349. data/lib/puppet/type.rb +1 -77
  350. data/lib/puppet/util/autoload.rb +8 -1
  351. data/lib/puppet/util/command_line.rb +1 -1
  352. data/lib/puppet/util/execution.rb +0 -11
  353. data/lib/puppet/util/filetype.rb +2 -2
  354. data/lib/puppet/util/http_proxy.rb +2 -215
  355. data/lib/puppet/util/json.rb +0 -20
  356. data/lib/puppet/util/log.rb +4 -8
  357. data/lib/puppet/util/logging.rb +25 -1
  358. data/lib/puppet/util/monkey_patches.rb +2 -59
  359. data/lib/puppet/util/package.rb +16 -25
  360. data/lib/puppet/util/pidlock.rb +1 -1
  361. data/lib/puppet/util/posix.rb +5 -54
  362. data/lib/puppet/util/rdoc/parser/puppet_parser_core.rb +1 -1
  363. data/lib/puppet/util/rdoc.rb +0 -7
  364. data/lib/puppet/util/retry_action.rb +1 -1
  365. data/lib/puppet/util/run_mode.rb +9 -1
  366. data/lib/puppet/util/selinux.rb +4 -30
  367. data/lib/puppet/util/suidmanager.rb +2 -1
  368. data/lib/puppet/util/symbolic_file_mode.rb +17 -29
  369. data/lib/puppet/util/tagging.rb +0 -1
  370. data/lib/puppet/util/windows/adsi.rb +0 -46
  371. data/lib/puppet/util/windows/daemon.rb +360 -0
  372. data/lib/puppet/util/windows/error.rb +1 -0
  373. data/lib/puppet/util/windows/eventlog.rb +4 -9
  374. data/lib/puppet/util/windows/file.rb +8 -242
  375. data/lib/puppet/util/windows/monkey_patches/process.rb +414 -0
  376. data/lib/puppet/util/windows/principal.rb +2 -9
  377. data/lib/puppet/util/windows/process.rb +4 -226
  378. data/lib/puppet/util/windows/service.rb +11 -457
  379. data/lib/puppet/util/windows/sid.rb +2 -6
  380. data/lib/puppet/util/windows/string.rb +12 -13
  381. data/lib/puppet/util/windows/user.rb +2 -0
  382. data/lib/puppet/util/windows.rb +3 -11
  383. data/lib/puppet/util/yaml.rb +1 -42
  384. data/lib/puppet/util.rb +5 -5
  385. data/lib/puppet/vendor/require_vendored.rb +0 -1
  386. data/lib/puppet/version.rb +1 -1
  387. data/lib/puppet/x509/cert_provider.rb +29 -1
  388. data/lib/puppet/x509.rb +5 -1
  389. data/lib/puppet.rb +34 -27
  390. data/locales/puppet.pot +9633 -5
  391. data/man/man5/puppet.conf.5 +286 -401
  392. data/man/man8/puppet-agent.8 +2 -5
  393. data/man/man8/puppet-apply.8 +2 -2
  394. data/man/man8/puppet-catalog.8 +9 -9
  395. data/man/man8/puppet-config.8 +1 -1
  396. data/man/man8/puppet-describe.8 +1 -1
  397. data/man/man8/puppet-device.8 +2 -2
  398. data/man/man8/puppet-doc.8 +1 -1
  399. data/man/man8/puppet-epp.8 +1 -1
  400. data/man/man8/puppet-facts.8 +8 -51
  401. data/man/man8/puppet-filebucket.8 +4 -4
  402. data/man/man8/puppet-generate.8 +1 -1
  403. data/man/man8/puppet-help.8 +1 -1
  404. data/man/man8/puppet-lookup.8 +6 -9
  405. data/man/man8/puppet-module.8 +3 -60
  406. data/man/man8/puppet-node.8 +5 -5
  407. data/man/man8/puppet-parser.8 +1 -1
  408. data/man/man8/puppet-plugin.8 +1 -1
  409. data/man/man8/puppet-report.8 +5 -5
  410. data/man/man8/puppet-resource.8 +1 -1
  411. data/man/man8/puppet-script.8 +2 -2
  412. data/man/man8/puppet-ssl.8 +1 -5
  413. data/man/man8/puppet.8 +2 -2
  414. data/spec/fixtures/ssl/127.0.0.1-key.pem +57 -107
  415. data/spec/fixtures/ssl/127.0.0.1.pem +31 -52
  416. data/spec/fixtures/ssl/bad-basic-constraints.pem +35 -57
  417. data/spec/fixtures/ssl/bad-int-basic-constraints.pem +35 -57
  418. data/spec/fixtures/ssl/ca.pem +35 -57
  419. data/spec/fixtures/ssl/crl.pem +18 -28
  420. data/spec/fixtures/ssl/ec-key.pem +11 -11
  421. data/spec/fixtures/ssl/ec.pem +24 -33
  422. data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
  423. data/spec/fixtures/ssl/encrypted-key.pem +58 -108
  424. data/spec/fixtures/ssl/intermediate-agent-crl.pem +19 -28
  425. data/spec/fixtures/ssl/intermediate-agent.pem +36 -57
  426. data/spec/fixtures/ssl/intermediate-crl.pem +21 -31
  427. data/spec/fixtures/ssl/intermediate.pem +36 -57
  428. data/spec/fixtures/ssl/pluto-key.pem +57 -107
  429. data/spec/fixtures/ssl/pluto.pem +30 -52
  430. data/spec/fixtures/ssl/request-key.pem +57 -107
  431. data/spec/fixtures/ssl/request.pem +26 -47
  432. data/spec/fixtures/ssl/revoked-key.pem +57 -107
  433. data/spec/fixtures/ssl/revoked.pem +30 -52
  434. data/spec/fixtures/ssl/signed-key.pem +57 -107
  435. data/spec/fixtures/ssl/signed.pem +30 -52
  436. data/spec/fixtures/ssl/tampered-cert.pem +30 -52
  437. data/spec/fixtures/ssl/tampered-csr.pem +26 -47
  438. data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +57 -107
  439. data/spec/fixtures/ssl/unknown-127.0.0.1.pem +29 -50
  440. data/spec/fixtures/ssl/unknown-ca-key.pem +57 -107
  441. data/spec/fixtures/ssl/unknown-ca.pem +33 -55
  442. data/spec/fixtures/unit/forge/bacula.json +1 -1
  443. data/spec/fixtures/unit/provider/service/smf/{svcs.out → svcs_instances.out} +0 -0
  444. data/spec/fixtures/unit/provider/user/aix/aix_passwd_file.out +0 -4
  445. data/spec/integration/application/agent_spec.rb +50 -406
  446. data/spec/integration/application/apply_spec.rb +1 -20
  447. data/spec/integration/application/filebucket_spec.rb +16 -32
  448. data/spec/integration/application/help_spec.rb +2 -0
  449. data/spec/integration/application/lookup_spec.rb +50 -81
  450. data/spec/integration/application/module_spec.rb +0 -21
  451. data/spec/integration/application/plugin_spec.rb +24 -2
  452. data/spec/integration/configurer_spec.rb +2 -18
  453. data/spec/integration/defaults_spec.rb +14 -3
  454. data/spec/integration/environments/settings_interpolation_spec.rb +4 -0
  455. data/spec/integration/http/client_spec.rb +4 -63
  456. data/spec/integration/indirector/direct_file_server_spec.rb +3 -1
  457. data/spec/integration/indirector/facts/facter_spec.rb +39 -93
  458. data/spec/integration/network/http_pool_spec.rb +3 -21
  459. data/spec/integration/parser/catalog_spec.rb +0 -38
  460. data/spec/integration/parser/node_spec.rb +0 -9
  461. data/spec/integration/parser/pcore_resource_spec.rb +0 -47
  462. data/spec/integration/resource/type_collection_spec.rb +6 -2
  463. data/spec/integration/transaction/report_spec.rb +1 -1
  464. data/spec/integration/transaction_spec.rb +9 -4
  465. data/spec/integration/type/exec_spec.rb +45 -70
  466. data/spec/integration/type/file_spec.rb +7 -6
  467. data/spec/integration/type/package_spec.rb +6 -6
  468. data/spec/integration/util/rdoc/parser_spec.rb +1 -1
  469. data/spec/integration/util/windows/adsi_spec.rb +1 -21
  470. data/spec/integration/util/windows/monkey_patches/process_spec.rb +231 -0
  471. data/spec/integration/util/windows/principal_spec.rb +0 -21
  472. data/spec/integration/util/windows/process_spec.rb +9 -1
  473. data/spec/integration/util/windows/registry_spec.rb +10 -6
  474. data/spec/integration/util/windows/security_spec.rb +1 -1
  475. data/spec/lib/matchers/include.rb +27 -0
  476. data/spec/lib/matchers/include_spec.rb +32 -0
  477. data/spec/lib/puppet/test_ca.rb +2 -7
  478. data/spec/lib/puppet_spec/https.rb +1 -1
  479. data/spec/lib/puppet_spec/modules.rb +2 -13
  480. data/spec/lib/puppet_spec/puppetserver.rb +3 -55
  481. data/spec/lib/puppet_spec/settings.rb +1 -1
  482. data/spec/shared_behaviours/documentation_on_faces.rb +2 -0
  483. data/spec/spec_helper.rb +17 -13
  484. data/spec/unit/agent_spec.rb +8 -38
  485. data/spec/unit/application/agent_spec.rb +19 -33
  486. data/spec/unit/application/apply_spec.rb +56 -76
  487. data/spec/unit/application/facts_spec.rb +12 -456
  488. data/spec/unit/application/filebucket_spec.rb +43 -39
  489. data/spec/unit/application/lookup_spec.rb +10 -131
  490. data/spec/unit/application/resource_spec.rb +0 -29
  491. data/spec/unit/application/ssl_spec.rb +2 -25
  492. data/spec/unit/application_spec.rb +9 -51
  493. data/spec/unit/certificate_factory_spec.rb +1 -1
  494. data/spec/unit/configurer/downloader_spec.rb +6 -8
  495. data/spec/unit/configurer/plugin_handler_spec.rb +56 -18
  496. data/spec/unit/configurer_spec.rb +68 -327
  497. data/spec/unit/confine/feature_spec.rb +1 -1
  498. data/spec/unit/confine_spec.rb +2 -8
  499. data/spec/unit/context/trusted_information_spec.rb +2 -6
  500. data/spec/unit/daemon_spec.rb +11 -2
  501. data/spec/unit/defaults_spec.rb +68 -55
  502. data/spec/unit/environments_spec.rb +68 -408
  503. data/spec/unit/face/generate_spec.rb +0 -64
  504. data/spec/unit/face/node_spec.rb +11 -0
  505. data/spec/unit/face/plugin_spec.rb +73 -33
  506. data/spec/unit/file_bucket/dipper_spec.rb +2 -2
  507. data/spec/unit/file_bucket/file_spec.rb +1 -1
  508. data/spec/unit/file_serving/configuration/parser_spec.rb +15 -41
  509. data/spec/unit/file_serving/configuration_spec.rb +10 -26
  510. data/spec/unit/file_serving/fileset_spec.rb +0 -60
  511. data/spec/unit/file_serving/metadata_spec.rb +3 -3
  512. data/spec/unit/file_serving/terminus_helper_spec.rb +4 -11
  513. data/spec/unit/file_system_spec.rb +4 -56
  514. data/spec/unit/forge/module_release_spec.rb +10 -5
  515. data/spec/unit/functions/assert_type_spec.rb +1 -1
  516. data/spec/unit/functions/camelcase_spec.rb +1 -1
  517. data/spec/unit/functions/capitalize_spec.rb +1 -1
  518. data/spec/unit/functions/downcase_spec.rb +1 -1
  519. data/spec/unit/functions/empty_spec.rb +0 -10
  520. data/spec/unit/functions/logging_spec.rb +0 -1
  521. data/spec/unit/functions/lookup_spec.rb +0 -64
  522. data/spec/unit/functions/unwrap_spec.rb +0 -8
  523. data/spec/unit/functions/upcase_spec.rb +1 -1
  524. data/spec/unit/functions/versioncmp_spec.rb +4 -40
  525. data/spec/unit/functions4_spec.rb +2 -2
  526. data/spec/unit/gettext/config_spec.rb +0 -12
  527. data/spec/unit/http/client_spec.rb +8 -84
  528. data/spec/unit/{network/resolver_spec.rb → http/dns_spec.rb} +3 -3
  529. data/spec/unit/http/external_client_spec.rb +4 -4
  530. data/spec/unit/{network/http → http}/factory_spec.rb +5 -30
  531. data/spec/unit/{network/http/session_spec.rb → http/pool_entry_spec.rb} +3 -3
  532. data/spec/unit/{network/http → http}/pool_spec.rb +12 -17
  533. data/spec/unit/{util/http_proxy_spec.rb → http/proxy_spec.rb} +2 -69
  534. data/spec/unit/http/resolver_spec.rb +13 -13
  535. data/spec/unit/http/service/compiler_spec.rb +0 -193
  536. data/spec/unit/http/service/file_server_spec.rb +3 -3
  537. data/spec/unit/http/service/puppetserver_spec.rb +34 -4
  538. data/spec/unit/http/service_spec.rb +0 -1
  539. data/spec/unit/http/session_spec.rb +16 -14
  540. data/spec/unit/{network/http → http}/site_spec.rb +3 -3
  541. data/spec/unit/indirector/catalog/compiler_spec.rb +10 -101
  542. data/spec/unit/indirector/catalog/rest_spec.rb +0 -8
  543. data/spec/unit/indirector/face_spec.rb +1 -0
  544. data/spec/unit/indirector/facts/facter_spec.rb +3 -0
  545. data/spec/unit/indirector/file_bucket_file/file_spec.rb +5 -3
  546. data/spec/unit/indirector/file_bucket_file/selector_spec.rb +8 -26
  547. data/spec/unit/indirector/file_content/rest_spec.rb +0 -4
  548. data/spec/unit/indirector/file_metadata/rest_spec.rb +0 -4
  549. data/spec/unit/indirector/file_server_spec.rb +1 -15
  550. data/spec/unit/indirector/indirection_spec.rb +15 -18
  551. data/spec/unit/indirector/report/rest_spec.rb +2 -17
  552. data/spec/unit/indirector/request_spec.rb +0 -264
  553. data/spec/unit/indirector/resource/ral_spec.rb +75 -40
  554. data/spec/unit/indirector/rest_spec.rb +98 -752
  555. data/spec/unit/indirector/store_configs_spec.rb +7 -0
  556. data/spec/unit/indirector_spec.rb +2 -2
  557. data/spec/unit/interface/action_spec.rb +9 -0
  558. data/spec/unit/module_spec.rb +1 -15
  559. data/spec/unit/module_tool/applications/installer_spec.rb +0 -105
  560. data/spec/unit/network/authconfig_spec.rb +2 -129
  561. data/spec/unit/network/authorization_spec.rb +2 -55
  562. data/spec/unit/network/formats_spec.rb +4 -51
  563. data/spec/unit/network/http/api/indirected_routes_spec.rb +5 -92
  564. data/spec/unit/network/http/api/master/v3_spec.rb +28 -7
  565. data/spec/unit/network/http/api_spec.rb +10 -0
  566. data/spec/unit/network/http/connection_spec.rb +19 -41
  567. data/spec/unit/network/http/handler_spec.rb +0 -1
  568. data/spec/unit/network/http_pool_spec.rb +0 -4
  569. data/spec/unit/node/environment_spec.rb +33 -21
  570. data/spec/unit/node_spec.rb +2 -60
  571. data/spec/unit/parser/compiler_spec.rb +19 -3
  572. data/spec/unit/parser/functions/create_resources_spec.rb +2 -20
  573. data/spec/unit/parser/functions/fqdn_rand_spec.rb +1 -15
  574. data/spec/unit/parser/resource_spec.rb +8 -14
  575. data/spec/unit/parser/templatewrapper_spec.rb +5 -16
  576. data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +4 -7
  577. data/spec/unit/pops/loaders/loaders_spec.rb +6 -21
  578. data/spec/unit/pops/parser/parse_application_spec.rb +4 -22
  579. data/spec/unit/pops/parser/parse_basic_expressions_spec.rb +0 -1
  580. data/spec/unit/pops/parser/parse_capabilities_spec.rb +8 -21
  581. data/spec/unit/pops/parser/parse_containers_spec.rb +13 -2
  582. data/spec/unit/pops/parser/parse_site_spec.rb +20 -24
  583. data/spec/unit/pops/resource/resource_type_impl_spec.rb +0 -71
  584. data/spec/unit/pops/serialization/to_from_hr_spec.rb +1 -1
  585. data/spec/unit/pops/serialization/to_stringified_spec.rb +0 -5
  586. data/spec/unit/pops/types/p_sem_ver_type_spec.rb +0 -18
  587. data/spec/unit/pops/types/p_sensitive_type_spec.rb +0 -18
  588. data/spec/unit/pops/types/type_calculator_spec.rb +6 -12
  589. data/spec/unit/pops/types/type_factory_spec.rb +1 -1
  590. data/spec/unit/pops/validator/validator_spec.rb +61 -51
  591. data/spec/unit/pops/visitor_spec.rb +1 -1
  592. data/spec/unit/property_spec.rb +0 -1
  593. data/spec/unit/provider/group/groupadd_spec.rb +2 -5
  594. data/spec/unit/provider/nameservice_spec.rb +64 -122
  595. data/spec/unit/provider/package/apt_spec.rb +23 -28
  596. data/spec/unit/provider/package/aptitude_spec.rb +1 -1
  597. data/spec/unit/provider/package/base_spec.rb +5 -6
  598. data/spec/unit/provider/package/dnfmodule_spec.rb +1 -10
  599. data/spec/unit/provider/package/dpkg_spec.rb +0 -48
  600. data/spec/unit/provider/package/gem_spec.rb +33 -1
  601. data/spec/unit/provider/package/nim_spec.rb +0 -42
  602. data/spec/unit/provider/package/pacman_spec.rb +12 -18
  603. data/spec/unit/provider/package/pip2_spec.rb +1 -1
  604. data/spec/unit/provider/package/pip3_spec.rb +1 -1
  605. data/spec/unit/provider/package/pip_spec.rb +12 -44
  606. data/spec/unit/provider/package/pkg_spec.rb +4 -29
  607. data/spec/unit/provider/package/pkgdmg_spec.rb +4 -0
  608. data/spec/unit/provider/package/puppet_gem_spec.rb +4 -3
  609. data/spec/unit/provider/package/puppetserver_gem_spec.rb +3 -3
  610. data/spec/unit/provider/package/windows/exe_package_spec.rb +0 -17
  611. data/spec/unit/provider/parsedfile_spec.rb +0 -10
  612. data/spec/unit/provider/service/gentoo_spec.rb +5 -6
  613. data/spec/unit/provider/service/init_spec.rb +9 -16
  614. data/spec/unit/provider/service/launchd_spec.rb +0 -11
  615. data/spec/unit/provider/service/openwrt_spec.rb +29 -23
  616. data/spec/unit/provider/service/redhat_spec.rb +2 -3
  617. data/spec/unit/provider/service/smf_spec.rb +401 -165
  618. data/spec/unit/provider/service/systemd_spec.rb +9 -54
  619. data/spec/unit/provider/service/windows_spec.rb +0 -203
  620. data/spec/unit/provider/user/aix_spec.rb +0 -105
  621. data/spec/unit/provider/user/directoryservice_spec.rb +36 -68
  622. data/spec/unit/provider/user/hpux_spec.rb +1 -1
  623. data/spec/unit/provider/user/pw_spec.rb +0 -2
  624. data/spec/unit/provider/user/useradd_spec.rb +5 -114
  625. data/spec/unit/provider_spec.rb +12 -22
  626. data/spec/unit/puppet_spec.rb +4 -12
  627. data/spec/unit/resource/catalog_spec.rb +2 -15
  628. data/spec/unit/resource/type_collection_spec.rb +2 -22
  629. data/spec/unit/resource/type_spec.rb +1 -1
  630. data/spec/unit/resource_spec.rb +12 -125
  631. data/spec/unit/settings/http_extra_headers_spec.rb +2 -4
  632. data/spec/unit/settings/integer_setting_spec.rb +42 -0
  633. data/spec/unit/settings/port_setting_spec.rb +31 -0
  634. data/spec/unit/settings/priority_setting_spec.rb +4 -4
  635. data/spec/unit/settings_spec.rb +79 -110
  636. data/spec/unit/ssl/base_spec.rb +37 -3
  637. data/spec/unit/ssl/certificate_request_spec.rb +21 -45
  638. data/spec/unit/ssl/certificate_spec.rb +2 -11
  639. data/spec/unit/ssl/ssl_provider_spec.rb +3 -80
  640. data/spec/unit/ssl/state_machine_spec.rb +5 -21
  641. data/spec/unit/ssl/verifier_spec.rb +0 -21
  642. data/spec/unit/transaction/additional_resource_generator_spec.rb +9 -3
  643. data/spec/unit/transaction/event_manager_spec.rb +11 -14
  644. data/spec/unit/transaction/persistence_spec.rb +0 -51
  645. data/spec/unit/transaction/report_spec.rb +0 -2
  646. data/spec/unit/transaction/resource_harness_spec.rb +2 -2
  647. data/spec/unit/transaction_spec.rb +55 -96
  648. data/spec/unit/type/exec_spec.rb +29 -76
  649. data/spec/unit/type/file/checksum_spec.rb +6 -6
  650. data/spec/unit/type/file/content_spec.rb +2 -1
  651. data/spec/unit/type/file/ensure_spec.rb +1 -1
  652. data/spec/unit/type/file/mode_spec.rb +1 -1
  653. data/spec/unit/type/file/selinux_spec.rb +5 -3
  654. data/spec/unit/type/file/source_spec.rb +4 -5
  655. data/spec/unit/type/file_spec.rb +18 -6
  656. data/spec/unit/type/group_spec.rb +6 -13
  657. data/spec/unit/type/package_spec.rb +1 -1
  658. data/spec/unit/type/resources_spec.rb +7 -7
  659. data/spec/unit/type/service_spec.rb +189 -87
  660. data/spec/unit/type/tidy_spec.rb +8 -24
  661. data/spec/unit/type_spec.rb +24 -4
  662. data/spec/unit/util/at_fork_spec.rb +2 -2
  663. data/spec/unit/util/autoload_spec.rb +1 -5
  664. data/spec/unit/util/backups_spec.rb +2 -3
  665. data/spec/unit/util/execution_spec.rb +11 -44
  666. data/spec/unit/util/inifile_spec.rb +14 -6
  667. data/spec/unit/util/log_spec.rb +7 -8
  668. data/spec/unit/util/logging_spec.rb +3 -5
  669. data/spec/unit/util/monkey_patches_spec.rb +0 -6
  670. data/spec/unit/util/posix_spec.rb +15 -363
  671. data/spec/unit/util/run_mode_spec.rb +21 -121
  672. data/spec/unit/util/selinux_spec.rb +68 -163
  673. data/spec/unit/util/storage_spec.rb +1 -3
  674. data/spec/unit/util/suidmanager_spec.rb +41 -44
  675. data/spec/unit/util/windows/sid_spec.rb +0 -41
  676. data/spec/unit/util/windows/string_spec.rb +1 -3
  677. data/spec/unit/util/yaml_spec.rb +13 -92
  678. data/spec/unit/util_spec.rb +6 -31
  679. data/tasks/generate_cert_fixtures.rake +7 -17
  680. data/tasks/parallel.rake +3 -3
  681. metadata +138 -239
  682. data/conf/auth.conf +0 -150
  683. data/ext/README.md +0 -13
  684. data/lib/puppet/application/cert.rb +0 -76
  685. data/lib/puppet/application/key.rb +0 -4
  686. data/lib/puppet/application/man.rb +0 -4
  687. data/lib/puppet/application/status.rb +0 -4
  688. data/lib/puppet/face/key.rb +0 -16
  689. data/lib/puppet/face/man.rb +0 -145
  690. data/lib/puppet/face/module/build.rb +0 -14
  691. data/lib/puppet/face/module/generate.rb +0 -14
  692. data/lib/puppet/face/module/search.rb +0 -103
  693. data/lib/puppet/face/status.rb +0 -51
  694. data/lib/puppet/facter_impl.rb +0 -96
  695. data/lib/puppet/ffi/posix/constants.rb +0 -14
  696. data/lib/puppet/ffi/posix/functions.rb +0 -24
  697. data/lib/puppet/ffi/posix.rb +0 -10
  698. data/lib/puppet/file_serving/mount/scripts.rb +0 -24
  699. data/lib/puppet/indirector/certificate/file.rb +0 -9
  700. data/lib/puppet/indirector/certificate/rest.rb +0 -18
  701. data/lib/puppet/indirector/certificate_request/file.rb +0 -9
  702. data/lib/puppet/indirector/certificate_request/memory.rb +0 -7
  703. data/lib/puppet/indirector/certificate_request/rest.rb +0 -11
  704. data/lib/puppet/indirector/file_content/http.rb +0 -22
  705. data/lib/puppet/indirector/key/file.rb +0 -46
  706. data/lib/puppet/indirector/key/memory.rb +0 -7
  707. data/lib/puppet/indirector/ssl_file.rb +0 -162
  708. data/lib/puppet/indirector/status/local.rb +0 -12
  709. data/lib/puppet/indirector/status/rest.rb +0 -27
  710. data/lib/puppet/indirector/status.rb +0 -3
  711. data/lib/puppet/module_tool/applications/searcher.rb +0 -29
  712. data/lib/puppet/network/auth_config_parser.rb +0 -90
  713. data/lib/puppet/network/authstore.rb +0 -283
  714. data/lib/puppet/network/http/api/master/v3/authorization.rb +0 -18
  715. data/lib/puppet/network/http/api/master/v3/environment.rb +0 -88
  716. data/lib/puppet/network/http/base_pool.rb +0 -36
  717. data/lib/puppet/network/http/compression.rb +0 -127
  718. data/lib/puppet/network/http/connection_adapter.rb +0 -184
  719. data/lib/puppet/network/http/nocache_pool.rb +0 -28
  720. data/lib/puppet/network/rest_controller.rb +0 -2
  721. data/lib/puppet/network/rights.rb +0 -210
  722. data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +0 -66
  723. data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +0 -22
  724. data/lib/puppet/parser/environment_compiler.rb +0 -202
  725. data/lib/puppet/pops/types/enumeration.rb +0 -16
  726. data/lib/puppet/resource/capability_finder.rb +0 -154
  727. data/lib/puppet/rest/errors.rb +0 -15
  728. data/lib/puppet/rest/response.rb +0 -35
  729. data/lib/puppet/rest/route.rb +0 -85
  730. data/lib/puppet/rest/routes.rb +0 -135
  731. data/lib/puppet/settings/alias_setting.rb +0 -37
  732. data/lib/puppet/ssl/host.rb +0 -505
  733. data/lib/puppet/ssl/key.rb +0 -61
  734. data/lib/puppet/ssl/validator/default_validator.rb +0 -209
  735. data/lib/puppet/ssl/validator/no_validator.rb +0 -22
  736. data/lib/puppet/ssl/validator.rb +0 -61
  737. data/lib/puppet/ssl/verifier_adapter.rb +0 -58
  738. data/lib/puppet/status.rb +0 -40
  739. data/lib/puppet/util/connection.rb +0 -88
  740. data/lib/puppet/util/fact_dif.rb +0 -81
  741. data/lib/puppet/util/ssl.rb +0 -83
  742. data/lib/puppet/util/windows/api_types.rb +0 -309
  743. data/lib/puppet/util/windows/monkey_patches/dir.rb +0 -40
  744. data/lib/puppet/vendor/load_pathspec.rb +0 -1
  745. data/lib/puppet/vendor/pathspec/CHANGELOG.md +0 -2
  746. data/lib/puppet/vendor/pathspec/LICENSE +0 -201
  747. data/lib/puppet/vendor/pathspec/PUPPET_README.md +0 -6
  748. data/lib/puppet/vendor/pathspec/README.md +0 -53
  749. data/lib/puppet/vendor/pathspec/lib/pathspec/gitignorespec.rb +0 -275
  750. data/lib/puppet/vendor/pathspec/lib/pathspec/regexspec.rb +0 -17
  751. data/lib/puppet/vendor/pathspec/lib/pathspec/spec.rb +0 -14
  752. data/lib/puppet/vendor/pathspec/lib/pathspec.rb +0 -122
  753. data/man/man8/puppet-key.8 +0 -126
  754. data/man/man8/puppet-man.8 +0 -76
  755. data/man/man8/puppet-status.8 +0 -108
  756. data/spec/fixtures/integration/application/agent/cached_deferred_catalog.json +0 -92
  757. data/spec/fixtures/integration/application/agent/lib/facter/agent_spec_role.rb +0 -3
  758. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/Gemfile +0 -4
  759. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/Rakefile +0 -3
  760. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/lib/puppet/functions/l10n.rb +0 -8
  761. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/config.yaml +0 -25
  762. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/ja/puppet-l10n.po +0 -19
  763. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/puppet-l10n.pot +0 -20
  764. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/metadata.json +0 -8
  765. data/spec/fixtures/ssl/oid-key.pem +0 -117
  766. data/spec/fixtures/ssl/oid.pem +0 -69
  767. data/spec/fixtures/ssl/trusted_oid_mapping.yaml +0 -5
  768. data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services_vendor_preset +0 -9
  769. data/spec/integration/application/resource_spec.rb +0 -68
  770. data/spec/integration/application/ssl_spec.rb +0 -20
  771. data/spec/integration/l10n/compiler_spec.rb +0 -37
  772. data/spec/integration/network/authconfig_spec.rb +0 -256
  773. data/spec/integration/util/windows/monkey_patches/dir_spec.rb +0 -11
  774. data/spec/shared_contexts/l10n.rb +0 -32
  775. data/spec/unit/application/man_spec.rb +0 -52
  776. data/spec/unit/capability_spec.rb +0 -414
  777. data/spec/unit/concurrent/thread_local_singleton_spec.rb +0 -39
  778. data/spec/unit/face/key_spec.rb +0 -9
  779. data/spec/unit/face/module/search_spec.rb +0 -231
  780. data/spec/unit/face/status_spec.rb +0 -9
  781. data/spec/unit/facter_impl_spec.rb +0 -31
  782. data/spec/unit/file_serving/mount/scripts_spec.rb +0 -69
  783. data/spec/unit/indirector/certificate/file_spec.rb +0 -14
  784. data/spec/unit/indirector/certificate/rest_spec.rb +0 -61
  785. data/spec/unit/indirector/certificate_request/file_spec.rb +0 -14
  786. data/spec/unit/indirector/certificate_request/rest_spec.rb +0 -25
  787. data/spec/unit/indirector/key/file_spec.rb +0 -78
  788. data/spec/unit/indirector/ssl_file_spec.rb +0 -305
  789. data/spec/unit/indirector/status/local_spec.rb +0 -10
  790. data/spec/unit/indirector/status/rest_spec.rb +0 -50
  791. data/spec/unit/module_tool/applications/searcher_spec.rb +0 -38
  792. data/spec/unit/network/auth_config_parser_spec.rb +0 -115
  793. data/spec/unit/network/authstore_spec.rb +0 -407
  794. data/spec/unit/network/http/api/master/v3/authorization_spec.rb +0 -57
  795. data/spec/unit/network/http/api/master/v3/environment_spec.rb +0 -185
  796. data/spec/unit/network/http/compression_spec.rb +0 -240
  797. data/spec/unit/network/http/nocache_pool_spec.rb +0 -64
  798. data/spec/unit/network/http_spec.rb +0 -9
  799. data/spec/unit/network/rights_spec.rb +0 -439
  800. data/spec/unit/parser/environment_compiler_spec.rb +0 -730
  801. data/spec/unit/pops/evaluator/deferred_resolver_spec.rb +0 -20
  802. data/spec/unit/pops/types/enumeration_spec.rb +0 -51
  803. data/spec/unit/resource/capability_finder_spec.rb +0 -148
  804. data/spec/unit/rest/route_spec.rb +0 -132
  805. data/spec/unit/ssl/host_spec.rb +0 -645
  806. data/spec/unit/ssl/key_spec.rb +0 -173
  807. data/spec/unit/ssl/validator_spec.rb +0 -278
  808. data/spec/unit/status_spec.rb +0 -45
  809. data/spec/unit/util/json_spec.rb +0 -126
  810. data/spec/unit/util/ssl_spec.rb +0 -91
  811. data/spec/unit/util/windows_spec.rb +0 -23
@@ -21,6 +21,8 @@ class Puppet::Settings
21
21
  require 'puppet/settings/file_or_directory_setting'
22
22
  require 'puppet/settings/path_setting'
23
23
  require 'puppet/settings/boolean_setting'
24
+ require 'puppet/settings/integer_setting'
25
+ require 'puppet/settings/port_setting'
24
26
  require 'puppet/settings/terminus_setting'
25
27
  require 'puppet/settings/duration_setting'
26
28
  require 'puppet/settings/ttl_setting'
@@ -32,7 +34,6 @@ class Puppet::Settings
32
34
  require 'puppet/settings/server_list_setting'
33
35
  require 'puppet/settings/http_extra_headers_setting'
34
36
  require 'puppet/settings/certificate_revocation_setting'
35
- require 'puppet/settings/alias_setting'
36
37
 
37
38
  # local reference for convenience
38
39
  PuppetOptionParser = Puppet::Util::CommandLine::PuppetOptionParser
@@ -53,13 +54,14 @@ class Puppet::Settings
53
54
  # returns reasonable application default settings values for a given run_mode.
54
55
  def self.app_defaults_for_run_mode(run_mode)
55
56
  {
56
- :name => run_mode.to_s,
57
- :run_mode => run_mode.name,
58
- :confdir => run_mode.conf_dir,
59
- :codedir => run_mode.code_dir,
60
- :vardir => run_mode.var_dir,
61
- :rundir => run_mode.run_dir,
62
- :logdir => run_mode.log_dir,
57
+ :name => run_mode.to_s,
58
+ :run_mode => run_mode.name,
59
+ :confdir => run_mode.conf_dir,
60
+ :codedir => run_mode.code_dir,
61
+ :vardir => run_mode.var_dir,
62
+ :publicdir => run_mode.public_dir,
63
+ :rundir => run_mode.run_dir,
64
+ :logdir => run_mode.log_dir,
63
65
  }
64
66
  end
65
67
 
@@ -75,11 +77,11 @@ class Puppet::Settings
75
77
  end
76
78
 
77
79
  def self.hostname_fact()
78
- Puppet.runtime[:facter].value :hostname
80
+ Facter.value :hostname
79
81
  end
80
82
 
81
83
  def self.domain_fact()
82
- Puppet.runtime[:facter].value :domain
84
+ Facter.value :domain
83
85
  end
84
86
 
85
87
  def self.default_config_file_name
@@ -386,6 +388,19 @@ class Puppet::Settings
386
388
  call_hooks_deferred_to_application_initialization
387
389
  issue_deprecations
388
390
 
391
+ run_mode = Puppet::Util::RunMode[self.preferred_run_mode]
392
+ if run_mode.agent? || run_mode.server?
393
+ if self.set_in_section?(:masterport, run_mode.name) && !self.set_in_section?(:serverport, run_mode.name)
394
+ self[:serverport] = self[:masterport]
395
+ elsif self.set_by_config?(:masterport) && !self.set_by_config?(:serverport)
396
+ self[:serverport] = self[:masterport]
397
+ elsif self.set_in_section?(:serverport, run_mode.name) && !self.set_in_section?(:masterport, run_mode.name)
398
+ self[:masterport] = self[:serverport]
399
+ elsif self.set_by_config?(:serverport) && !self.set_by_config?(:masterport)
400
+ self[:masterport] = self[:serverport]
401
+ end
402
+ end
403
+
389
404
  REQUIRED_APP_SETTINGS.each do |key|
390
405
  create_ancestors(Puppet[key])
391
406
  end
@@ -720,6 +735,8 @@ class Puppet::Settings
720
735
  :file_or_directory => FileOrDirectorySetting,
721
736
  :path => PathSetting,
722
737
  :boolean => BooleanSetting,
738
+ :integer => IntegerSetting,
739
+ :port => PortSetting,
723
740
  :terminus => TerminusSetting,
724
741
  :duration => DurationSetting,
725
742
  :ttl => TTLSetting,
@@ -730,8 +747,7 @@ class Puppet::Settings
730
747
  :autosign => AutosignSetting,
731
748
  :server_list => ServerListSetting,
732
749
  :http_extra_headers => HttpExtraHeadersSetting,
733
- :certificate_revocation => CertificateRevocationSetting,
734
- :alias => AliasSetting
750
+ :certificate_revocation => CertificateRevocationSetting
735
751
  }
736
752
 
737
753
  # Create a new setting. The value is passed in because it's used to determine
@@ -862,11 +878,7 @@ class Puppet::Settings
862
878
  if self[:user]
863
879
  user = Puppet::Type.type(:user).new :name => self[:user], :audit => :ensure
864
880
 
865
- if user.suitable?
866
- @service_user_available = user.exists?
867
- else
868
- raise Puppet::Error, (_("Cannot manage owner permissions, because the provider for '%{name}' is not functional") % { name: user })
869
- end
881
+ @service_user_available = user.exists?
870
882
  else
871
883
  @service_user_available = false
872
884
  end
@@ -878,11 +890,7 @@ class Puppet::Settings
878
890
  if self[:group]
879
891
  group = Puppet::Type.type(:group).new :name => self[:group], :audit => :ensure
880
892
 
881
- if group.suitable?
882
- @service_group_available = group.exists?
883
- else
884
- raise Puppet::Error, (_("Cannot manage group permissions, because the provider for '%{name}' is not functional") % { name: group })
885
- end
893
+ @service_group_available = group.exists?
886
894
  else
887
895
  @service_group_available = false
888
896
  end
@@ -891,16 +899,9 @@ class Puppet::Settings
891
899
  # Allow later inspection to determine if the setting was set on the
892
900
  # command line, or through some other code path. Used for the
893
901
  # `dns_alt_names` option during cert generate. --daniel 2011-10-18
894
- #
895
- # @param param [String, Symbol] the setting to look up
896
- # @return [Object, nil] the value of the setting or nil if unset
897
- def set_by_cli(param)
898
- param = param.to_sym
899
- @value_sets[:cli].lookup(param)
900
- end
901
-
902
902
  def set_by_cli?(param)
903
- !!set_by_cli(param)
903
+ param = param.to_sym
904
+ !@value_sets[:cli].lookup(param).nil?
904
905
  end
905
906
 
906
907
  # Get values from a search path entry.
@@ -933,13 +934,9 @@ class Puppet::Settings
933
934
  end
934
935
  end
935
936
 
936
- # Allow later inspection to determine if the setting was set in a specific
937
- # section
938
- #
939
- # @param param [String, Symbol] the setting to look up
940
- # @param section [Symbol] the section in which to look up the setting
941
- # @return [Object, nil] the value of the setting or nil if unset
942
- def set_in_section(param, section)
937
+ # Allow later inspection to determine if the setting was set by user
938
+ # config, rather than a default setting.
939
+ def set_in_section?(param, section)
943
940
  param = param.to_sym
944
941
  vals = searchpath_values(SearchPathElement.new(section, :section))
945
942
  if vals
@@ -947,10 +944,6 @@ class Puppet::Settings
947
944
  end
948
945
  end
949
946
 
950
- def set_in_section?(param, section)
951
- !!set_in_section(param, section)
952
- end
953
-
954
947
  # Patches the value for a param in a section.
955
948
  # This method is required to support the use case of unifying --dns-alt-names and
956
949
  # --dns_alt_names in the certificate face. Ideally this should be cleaned up.
@@ -1097,41 +1090,48 @@ Generated on #{Time.now}.
1097
1090
  # Create the necessary objects to use a section. This is idempotent;
1098
1091
  # you can 'use' a section as many times as you want.
1099
1092
  def use(*sections)
1100
- Puppet.warning(":master section deprecated in favor of :server section") if sections.include?(:master)
1093
+ if Puppet[:settings_catalog]
1094
+ sections = sections.collect { |s| s.to_sym }
1095
+ sections = sections.reject { |s| @used.include?(s) }
1101
1096
 
1102
- # add :server if sections include :master or :master if sections include :server
1103
- sections |= [:master, :server] if (sections & [:master, :server]).any?
1097
+ Puppet.warning(":master section deprecated in favor of :server section") if sections.include?(:master)
1104
1098
 
1105
- sections = sections.collect { |s| s.to_sym }
1106
- sections = sections.reject { |s| @used.include?(s) }
1099
+ # add :server if sections include :master or :master if sections include :server
1100
+ sections |= [:master, :server] if (sections & [:master, :server]).any?
1107
1101
 
1108
- return if sections.empty?
1102
+ sections = sections.collect { |s| s.to_sym }
1103
+ sections = sections.reject { |s| @used.include?(s) }
1109
1104
 
1110
- Puppet.debug { "Applying settings catalog for sections #{sections.join(', ')}" }
1105
+ return if sections.empty?
1111
1106
 
1112
- begin
1113
- catalog = to_catalog(*sections).to_ral
1114
- rescue => detail
1115
- Puppet.log_and_raise(detail, "Could not create resources for managing Puppet's files and directories in sections #{sections.inspect}: #{detail}")
1116
- end
1107
+ Puppet.debug { "Applying settings catalog for sections #{sections.join(', ')}" }
1117
1108
 
1118
- catalog.host_config = false
1119
- catalog.apply do |transaction|
1120
- if transaction.any_failed?
1121
- report = transaction.report
1122
- status_failures = report.resource_statuses.values.select { |r| r.failed? }
1123
- status_fail_msg = status_failures.
1124
- collect(&:events).
1125
- flatten.
1126
- select { |event| event.status == 'failure' }.
1127
- collect { |event| "#{event.resource}: #{event.message}" }.join("; ")
1109
+ begin
1110
+ catalog = to_catalog(*sections).to_ral
1111
+ rescue => detail
1112
+ Puppet.log_and_raise(detail, "Could not create resources for managing Puppet's files and directories in sections #{sections.inspect}: #{detail}")
1113
+ end
1128
1114
 
1129
- raise "Got #{status_failures.length} failure(s) while initializing: #{status_fail_msg}"
1115
+ catalog.host_config = false
1116
+ catalog.apply do |transaction|
1117
+ if transaction.any_failed?
1118
+ report = transaction.report
1119
+ status_failures = report.resource_statuses.values.select { |r| r.failed? }
1120
+ status_fail_msg = status_failures.
1121
+ collect(&:events).
1122
+ flatten.
1123
+ select { |event| event.status == 'failure' }.
1124
+ collect { |event| "#{event.resource}: #{event.message}" }.join("; ")
1125
+
1126
+ raise "Got #{status_failures.length} failure(s) while initializing: #{status_fail_msg}"
1127
+ end
1130
1128
  end
1131
- end
1132
1129
 
1133
- sections.each { |s| @used << s }
1134
- @used.uniq!
1130
+ sections.each { |s| @used << s }
1131
+ @used.uniq!
1132
+ else
1133
+ Puppet.debug("Skipping settings catalog for sections #{sections.join(', ')}")
1134
+ end
1135
1135
  end
1136
1136
 
1137
1137
  def valid?(param)
@@ -1285,37 +1285,27 @@ Generated on #{Time.now}.
1285
1285
  end
1286
1286
 
1287
1287
  def add_environment_resources(catalog, sections)
1288
+ path = self[:environmentpath]
1289
+ envdir = path.split(File::PATH_SEPARATOR).first if path
1288
1290
  configured_environment = self[:environment]
1289
-
1290
- if configured_environment == "production" && !production_environment_exists?
1291
- environment_path = self[:environmentpath]
1292
- first_environment_path = environment_path.split(File::PATH_SEPARATOR).first
1293
-
1294
- if Puppet::FileSystem.exist?(first_environment_path)
1295
- production_environment_path = File.join(first_environment_path, configured_environment)
1291
+ if configured_environment == "production" && envdir && Puppet::FileSystem.exist?(envdir)
1292
+ configured_environment_path = File.join(envdir, configured_environment)
1293
+ # If configured_environment_path is a symlink, assume the source path is being managed
1294
+ # elsewhere, so don't do any of this configuration
1295
+ if !Puppet::FileSystem.symlink?(configured_environment_path)
1296
1296
  parameters = { :ensure => 'directory' }
1297
- parameters[:mode] = '0750'
1298
- if Puppet.features.root?
1299
- parameters[:owner] = Puppet[:user] if service_user_available?
1300
- parameters[:group] = Puppet[:group] if service_group_available?
1297
+ unless Puppet::FileSystem.exist?(configured_environment_path)
1298
+ parameters[:mode] = '0750'
1299
+ if Puppet.features.root?
1300
+ parameters[:owner] = Puppet[:user] if service_user_available?
1301
+ parameters[:group] = Puppet[:group] if service_group_available?
1302
+ end
1301
1303
  end
1302
- catalog.add_resource(Puppet::Resource.new(:file, production_environment_path, :parameters => parameters))
1304
+ catalog.add_resource(Puppet::Resource.new(:file, configured_environment_path, :parameters => parameters))
1303
1305
  end
1304
1306
  end
1305
1307
  end
1306
1308
 
1307
- def production_environment_exists?
1308
- environment_path = self[:environmentpath]
1309
- paths = environment_path.split(File::PATH_SEPARATOR)
1310
-
1311
- paths.any? do |path|
1312
- # If expected_path is a symlink, assume the source path is being managed
1313
- # elsewhere, so accept it also as a valid production environment path
1314
- expected_path = File.join(path, 'production')
1315
- Puppet::FileSystem.directory?(expected_path) || Puppet::FileSystem.symlink?(expected_path)
1316
- end
1317
- end
1318
-
1319
1309
  def add_user_resources(catalog, sections)
1320
1310
  return unless Puppet.features.root?
1321
1311
  return if Puppet::Util::Platform.windows?
@@ -1416,12 +1406,6 @@ Generated on #{Time.now}.
1416
1406
  end
1417
1407
  end
1418
1408
 
1419
- setting = @defaults[name]
1420
- if setting.respond_to?(:alias_name)
1421
- val = lookup(setting.alias_name)
1422
- return val if val
1423
- end
1424
-
1425
1409
  @defaults[name].default
1426
1410
  end
1427
1411
 
@@ -1,7 +1,6 @@
1
1
  require 'puppet/ssl/openssl_loader'
2
2
  require 'puppet/ssl'
3
3
  require 'puppet/ssl/digest'
4
- require 'puppet/util/ssl'
5
4
 
6
5
  # The base class for wrapping SSL instances.
7
6
  class Puppet::SSL::Base
@@ -54,7 +53,9 @@ class Puppet::SSL::Base
54
53
  #
55
54
  # @return [String] the name (CN) extracted from the subject.
56
55
  def self.name_from_subject(subject)
57
- Puppet::Util::SSL.cn_from_subject(subject)
56
+ if subject.respond_to? :to_a
57
+ (subject.to_a.assoc('CN') || [])[1]
58
+ end
58
59
  end
59
60
 
60
61
  # Create an instance of our Puppet::SSL::* class using a given instance of the wrapped class
@@ -82,15 +83,12 @@ class Puppet::SSL::Base
82
83
  # Read content from disk appropriately.
83
84
  def read(path)
84
85
  # applies to Puppet::SSL::Certificate, Puppet::SSL::CertificateRequest
85
- # Puppet::SSL::Key uses this, but also provides its own override
86
86
  # nothing derives from Puppet::SSL::Certificate, but it is called by a number of other SSL Indirectors:
87
87
  # Puppet::Indirector::CertificateStatus::File (.indirection.find)
88
88
  # Puppet::Network::HTTP::WEBrick (.indirection.find)
89
89
  # Puppet::Network::HTTP::RackREST (.from_instance)
90
90
  # Puppet::Network::HTTP::WEBrickREST (.from_instance)
91
- # Puppet::SSL::Host (.indirection.find)
92
91
  # Puppet::SSL::Inventory (.indirection.search, implements its own add / rebuild / serials with encoding UTF8)
93
- # Puppet::SSL::Validator::DefaultValidator (.from_instance) / Puppet::SSL::Validator::NoValidator does nothing
94
92
  @content = wrapped_class.new(Puppet::FileSystem.read(path, :encoding => Encoding::ASCII))
95
93
  end
96
94
 
@@ -11,12 +11,6 @@ class Puppet::SSL::Certificate < Puppet::SSL::Base
11
11
  # This is defined from the base class
12
12
  wraps OpenSSL::X509::Certificate
13
13
 
14
- extend Puppet::Indirector
15
- indirects :certificate, :terminus_class => :file, :doc => <<DOC
16
- This indirection wraps an `OpenSSL::X509::Certificate` object, representing a certificate (signed public key).
17
- The indirection key is the certificate CN (generally a hostname).
18
- DOC
19
-
20
14
  # Because of how the format handler class is included, this
21
15
  # can't be in the base class.
22
16
  def self.supported_formats
@@ -28,13 +28,6 @@ require 'puppet/ssl/certificate_signer'
28
28
  class Puppet::SSL::CertificateRequest < Puppet::SSL::Base
29
29
  wraps OpenSSL::X509::Request
30
30
 
31
- extend Puppet::Indirector
32
-
33
- indirects :certificate_request, :terminus_class => :file, :doc => <<DOC
34
- This indirection wraps an `OpenSSL::X509::Request` object, representing a certificate signing request (CSR).
35
- The indirection key is the certificate CN (generally a hostname).
36
- DOC
37
-
38
31
  # Because of how the format handler class is included, this
39
32
  # can't be in the base class.
40
33
  def self.supported_formats
@@ -47,8 +40,7 @@ DOC
47
40
 
48
41
  # Create a certificate request with our system settings.
49
42
  #
50
- # @param key [OpenSSL::X509::Key, Puppet::SSL::Key] The key pair associated
51
- # with this CSR.
43
+ # @param key [OpenSSL::X509::Key] The private key associated with this CSR.
52
44
  # @param options [Hash]
53
45
  # @option options [String] :dns_alt_names A comma separated list of
54
46
  # Subject Alternative Names to include in the CSR extension request.
@@ -64,9 +56,6 @@ DOC
64
56
  def generate(key, options = {})
65
57
  Puppet.info _("Creating a new SSL certificate request for %{name}") % { name: name }
66
58
 
67
- # Support either an actual SSL key, or a Puppet key.
68
- key = key.content if key.is_a?(Puppet::SSL::Key)
69
-
70
59
  # If we're a CSR for the CA, then use the real ca_name, rather than the
71
60
  # fake 'ca' name. This is mostly for backward compatibility with 0.24.x,
72
61
  # but it's also just a good idea.
@@ -27,6 +27,12 @@ class Puppet::SSL::CertificateSigner
27
27
  @digest
28
28
  end
29
29
 
30
+ # Sign a certificate signing request (CSR) with a private key.
31
+ #
32
+ # @param [OpenSSL::X509::Request] content The CSR to sign
33
+ # @param [OpenSSL::X509::PKey] key The private key to sign with
34
+ #
35
+ # @api private
30
36
  def sign(content, key)
31
37
  content.sign(key, @digest.new)
32
38
  end
@@ -2,10 +2,11 @@ require 'puppet/ssl'
2
2
 
3
3
  # This module defines OIDs for use within Puppet.
4
4
  #
5
- # == ASN.1 Definition
5
+ # # ASN.1 Definition
6
6
  #
7
7
  # The following is the formal definition of OIDs specified in this file.
8
8
  #
9
+ # ```
9
10
  # puppetCertExtensions OBJECT IDENTIFIER ::= {iso(1) identified-organization(3)
10
11
  # dod(6) internet(1) private(4) enterprise(1) 34380 1}
11
12
  #
@@ -22,6 +23,7 @@ require 'puppet/ssl'
22
23
  # pp_instance_id OBJECT IDENTIFIER ::= { registeredExtensions 2 }
23
24
  # pp_image_name OBJECT IDENTIFIER ::= { registeredExtensions 3 }
24
25
  # pp_preshared_key OBJECT IDENTIFIER ::= { registeredExtensions 4 }
26
+ # ```
25
27
  #
26
28
  # @api private
27
29
  module Puppet::SSL::Oids
@@ -3,6 +3,23 @@ require 'puppet/ssl'
3
3
  # SSL Provider creates `SSLContext` objects that can be used to create
4
4
  # secure connections.
5
5
  #
6
+ # @example To load an SSLContext from an existing private key and related certs/crls:
7
+ # ssl_context = provider.load_context
8
+ #
9
+ # @example To load an SSLContext from an existing password-protected private key and related certs/crls:
10
+ # ssl_context = provider.load_context(password: 'opensesame')
11
+ #
12
+ # @example To create an SSLContext from in-memory certs and keys:
13
+ # cacerts = [<OpenSSL::X509::Certificate>]
14
+ # crls = [<OpenSSL::X509::CRL>]
15
+ # key = <OpenSSL::X509::PKey>
16
+ # cert = <OpenSSL::X509::Certificate>
17
+ # ssl_context = provider.create_context(cacerts: cacerts, crls: crls, private_key: key, client_cert: cert)
18
+ #
19
+ # @example To create an SSLContext to connect to non-puppet HTTPS servers:
20
+ # cacerts = [<OpenSSL::X509::Certificate>]
21
+ # ssl_context = provider.create_root_context(cacerts: cacerts)
22
+ #
6
23
  # @api private
7
24
  class Puppet::SSL::SSLProvider
8
25
  # Create an insecure `SSLContext`. Connections made from the returned context
@@ -42,19 +59,17 @@ class Puppet::SSL::SSLProvider
42
59
  # refers to the cacerts bundle in the puppet-agent package.
43
60
  #
44
61
  # Connections made from the returned context will authenticate the server,
45
- # i.e. `VERIFY_PEER`, but will not use a client certificate (unless requested)
46
- # and will not perform revocation checking.
62
+ # i.e. `VERIFY_PEER`, but will not use a client certificate and will not
63
+ # perform revocation checking.
47
64
  #
48
65
  # @param cacerts [Array<OpenSSL::X509::Certificate>] Array of trusted CA certs
49
66
  # @param path [String, nil] A file containing additional trusted CA certs.
50
- # @param include_client_cert [true, false] If true, the client cert will be added to the context
51
- # allowing mutual TLS authentication. The default is false. If the client cert doesn't exist
52
- # then the option will be ignored.
53
67
  # @return [Puppet::SSL::SSLContext] A context to use to create connections
54
68
  # @raise (see #create_context)
55
69
  # @api private
56
- def create_system_context(cacerts:, path: Puppet[:ssl_trust_store], include_client_cert: false)
57
- store = create_x509_store(cacerts, [], false, include_system_store: true)
70
+ def create_system_context(cacerts:, path: Puppet[:ssl_trust_store])
71
+ store = create_x509_store(cacerts, [], false)
72
+ store.set_default_paths
58
73
 
59
74
  if path
60
75
  stat = Puppet::FileSystem.stat(path)
@@ -74,29 +89,6 @@ class Puppet::SSL::SSLProvider
74
89
  end
75
90
  end
76
91
 
77
- if include_client_cert
78
- cert_provider = Puppet::X509::CertProvider.new
79
- private_key = cert_provider.load_private_key(Puppet[:certname], required: false)
80
- unless private_key
81
- Puppet.warning("Private key for '#{Puppet[:certname]}' does not exist")
82
- end
83
-
84
- client_cert = cert_provider.load_client_cert(Puppet[:certname], required: false)
85
- unless client_cert
86
- Puppet.warning("Client certificate for '#{Puppet[:certname]}' does not exist")
87
- end
88
-
89
- if private_key && client_cert
90
- client_chain = resolve_client_chain(store, client_cert, private_key)
91
-
92
- return Puppet::SSL::SSLContext.new(
93
- store: store, cacerts: cacerts, crls: [],
94
- private_key: private_key, client_cert: client_cert, client_chain: client_chain,
95
- revocation: false
96
- ).freeze
97
- end
98
- end
99
-
100
92
  Puppet::SSL::SSLContext.new(store: store, cacerts: cacerts, crls: [], revocation: false).freeze
101
93
  end
102
94
 
@@ -119,21 +111,28 @@ class Puppet::SSL::SSLProvider
119
111
  # @param client_cert [OpenSSL::X509::Certificate] client's cert whose public
120
112
  # key matches the `private_key`
121
113
  # @param revocation [:chain, :leaf, false] revocation mode
122
- # @param include_system_store [true, false] Also trust system CA
123
114
  # @return [Puppet::SSL::SSLContext] A context to use to create connections
124
115
  # @raise [Puppet::SSL::CertVerifyError] There was an issue with
125
116
  # one of the certs or CRLs.
126
117
  # @raise [Puppet::SSL::SSLError] There was an issue with the
127
118
  # `private_key`.
128
119
  # @api private
129
- def create_context(cacerts:, crls:, private_key:, client_cert:, revocation: Puppet[:certificate_revocation], include_system_store: false)
120
+ def create_context(cacerts:, crls:, private_key:, client_cert:, revocation: Puppet[:certificate_revocation])
130
121
  raise ArgumentError, _("CA certs are missing") unless cacerts
131
122
  raise ArgumentError, _("CRLs are missing") unless crls
132
123
  raise ArgumentError, _("Private key is missing") unless private_key
133
124
  raise ArgumentError, _("Client cert is missing") unless client_cert
134
125
 
135
- store = create_x509_store(cacerts, crls, revocation, include_system_store: include_system_store)
136
- client_chain = resolve_client_chain(store, client_cert, private_key)
126
+ store = create_x509_store(cacerts, crls, revocation)
127
+ client_chain = verify_cert_with_store(store, client_cert)
128
+
129
+ if !private_key.is_a?(OpenSSL::PKey::RSA) && !private_key.is_a?(OpenSSL::PKey::EC)
130
+ raise Puppet::SSL::SSLError, _("Unsupported key '%{type}'") % { type: private_key.class.name }
131
+ end
132
+
133
+ unless client_cert.check_private_key(private_key)
134
+ raise Puppet::SSL::SSLError, _("The certificate for '%{name}' does not match its private key") % { name: subject(client_cert) }
135
+ end
137
136
 
138
137
  Puppet::SSL::SSLContext.new(
139
138
  store: store, cacerts: cacerts, crls: crls,
@@ -152,13 +151,12 @@ class Puppet::SSL::SSLProvider
152
151
  # @param password [String, nil] If the private key is encrypted, decrypt
153
152
  # it using the password. If the key is encrypted, but a password is
154
153
  # not specified, then the key cannot be loaded.
155
- # @param include_system_store [true, false] Also trust system CA
156
154
  # @return [Puppet::SSL::SSLContext] A context to use to create connections
157
155
  # @raise [Puppet::SSL::CertVerifyError] There was an issue with
158
156
  # one of the certs or CRLs.
159
157
  # @raise [Puppet::Error] There was an issue with one of the required components.
160
158
  # @api private
161
- def load_context(certname: Puppet[:certname], revocation: Puppet[:certificate_revocation], password: nil, include_system_store: false)
159
+ def load_context(certname: Puppet[:certname], revocation: Puppet[:certificate_revocation], password: nil)
162
160
  cert = Puppet::X509::CertProvider.new
163
161
  cacerts = cert.load_cacerts(required: true)
164
162
  crls = case revocation
@@ -170,7 +168,7 @@ class Puppet::SSL::SSLProvider
170
168
  private_key = cert.load_private_key(certname, required: true, password: password)
171
169
  client_cert = cert.load_client_cert(certname, required: true)
172
170
 
173
- create_context(cacerts: cacerts, crls: crls, private_key: private_key, client_cert: client_cert, revocation: revocation, include_system_store: include_system_store)
171
+ create_context(cacerts: cacerts, crls: crls, private_key: private_key, client_cert: client_cert, revocation: revocation)
174
172
  rescue OpenSSL::PKey::PKeyError => e
175
173
  raise Puppet::SSL::SSLError.new(_("Failed to load private key for host '%{name}': %{message}") % { name: certname, message: e.message }, e)
176
174
  end
@@ -192,27 +190,6 @@ class Puppet::SSL::SSLProvider
192
190
  csr
193
191
  end
194
192
 
195
- def print(ssl_context, alg = 'SHA256')
196
- if Puppet::Util::Log.sendlevel?(:debug)
197
- chain = ssl_context.client_chain
198
- # print from root to client
199
- chain.reverse.each_with_index do |cert, i|
200
- digest = Puppet::SSL::Digest.new(alg, cert.to_der)
201
- if i == chain.length - 1
202
- Puppet.debug(_("Verified client certificate '%{subject}' fingerprint %{digest}") % {subject: cert.subject.to_utf8, digest: digest})
203
- else
204
- Puppet.debug(_("Verified CA certificate '%{subject}' fingerprint %{digest}") % {subject: cert.subject.to_utf8, digest: digest})
205
- end
206
- end
207
- ssl_context.crls.each do |crl|
208
- oid_values = Hash[crl.extensions.map { |ext| [ext.oid, ext.value] }]
209
- crlNumber = oid_values['crlNumber'] || 'unknown'
210
- authKeyId = (oid_values['authorityKeyIdentifier'] || 'unknown').chomp!
211
- Puppet.debug("Using CRL '#{crl.issuer.to_utf8}' authorityKeyIdentifier '#{authKeyId}' crlNumber '#{crlNumber }'")
212
- end
213
- end
214
- end
215
-
216
193
  private
217
194
 
218
195
  def default_flags
@@ -226,7 +203,7 @@ class Puppet::SSL::SSLProvider
226
203
  end
227
204
  end
228
205
 
229
- def create_x509_store(roots, crls, revocation, include_system_store: false)
206
+ def create_x509_store(roots, crls, revocation)
230
207
  store = OpenSSL::X509::Store.new
231
208
  store.purpose = OpenSSL::X509::PURPOSE_ANY
232
209
  store.flags = default_flags | revocation_mode(revocation)
@@ -234,8 +211,6 @@ class Puppet::SSL::SSLProvider
234
211
  roots.each { |cert| store.add_cert(cert) }
235
212
  crls.each { |crl| store.add_crl(crl) }
236
213
 
237
- store.set_default_paths if include_system_store
238
-
239
214
  store
240
215
  end
241
216
 
@@ -259,20 +234,6 @@ class Puppet::SSL::SSLProvider
259
234
  end
260
235
  end
261
236
 
262
- def resolve_client_chain(store, client_cert, private_key)
263
- client_chain = verify_cert_with_store(store, client_cert)
264
-
265
- if !private_key.is_a?(OpenSSL::PKey::RSA) && !private_key.is_a?(OpenSSL::PKey::EC)
266
- raise Puppet::SSL::SSLError, _("Unsupported key '%{type}'") % { type: private_key.class.name }
267
- end
268
-
269
- unless client_cert.check_private_key(private_key)
270
- raise Puppet::SSL::SSLError, _("The certificate for '%{name}' does not match its private key") % { name: subject(client_cert) }
271
- end
272
-
273
- client_chain
274
- end
275
-
276
237
  def verify_cert_with_store(store, cert)
277
238
  # StoreContext#initialize accepts a chain argument, but it's set to [] because
278
239
  # puppet requires any intermediate CA certs needed to complete the client's