RubyGems - puppet - Versions diffs - 6.29.0 → 7.0.0 - Mend

puppet 6.29.0 → 7.0.0

Potentially problematic release.

This version of puppet might be problematic. Click here for more details.

Files changed (811) hide show

checksums.yaml +4 -4
data/CODEOWNERS +16 -2
data/CONTRIBUTING.md +5 -5
data/Gemfile +5 -7
data/Gemfile.lock +52 -143
data/README.md +5 -5
data/conf/fileserver.conf +5 -10
data/ext/README.environment +8 -0
data/ext/build_defaults.yaml +1 -1
data/ext/dbfix.sql +132 -0
data/ext/debian/README.Debian +8 -0
data/ext/debian/README.source +2 -0
data/ext/debian/TODO.Debian +1 -0
data/ext/debian/changelog.erb +1122 -0
data/ext/debian/compat +1 -0
data/ext/debian/control +144 -0
data/ext/debian/copyright +339 -0
data/ext/debian/docs +1 -0
data/ext/debian/fileserver.conf +41 -0
data/ext/debian/puppet-common.dirs +13 -0
data/ext/debian/puppet-common.install +3 -0
data/ext/debian/puppet-common.lintian-overrides +5 -0
data/ext/debian/puppet-common.manpages +28 -0
data/ext/debian/puppet-common.postinst +35 -0
data/ext/debian/puppet-common.postrm +33 -0
data/ext/debian/puppet-el.dirs +1 -0
data/ext/debian/puppet-el.emacsen-install +25 -0
data/ext/debian/puppet-el.emacsen-remove +11 -0
data/ext/debian/puppet-el.emacsen-startup +9 -0
data/ext/debian/puppet-el.install +1 -0
data/ext/debian/puppet-testsuite.install +2 -0
data/ext/debian/puppet-testsuite.lintian-overrides +4 -0
data/ext/debian/puppet.lintian-overrides +3 -0
data/ext/debian/puppet.logrotate +20 -0
data/ext/debian/puppet.postinst +20 -0
data/ext/debian/puppet.postrm +20 -0
data/ext/debian/puppet.preinst +20 -0
data/ext/debian/puppetmaster-common.install +2 -0
data/ext/debian/puppetmaster-common.manpages +2 -0
data/ext/debian/puppetmaster-common.postinst +6 -0
data/ext/debian/puppetmaster-passenger.dirs +4 -0
data/ext/debian/puppetmaster-passenger.postinst +162 -0
data/ext/debian/puppetmaster-passenger.postrm +61 -0
data/ext/debian/puppetmaster.README.debian +17 -0
data/ext/debian/puppetmaster.default +14 -0
data/ext/debian/puppetmaster.init +137 -0
data/ext/debian/puppetmaster.lintian-overrides +3 -0
data/ext/debian/puppetmaster.postinst +20 -0
data/ext/debian/puppetmaster.postrm +5 -0
data/ext/debian/puppetmaster.preinst +22 -0
data/ext/debian/rules +132 -0
data/ext/debian/source/format +1 -0
data/ext/debian/source/options +1 -0
data/ext/debian/vim-puppet.README.Debian +13 -0
data/ext/debian/vim-puppet.dirs +5 -0
data/ext/debian/vim-puppet.yaml +7 -0
data/ext/debian/watch +2 -0
data/ext/freebsd/puppetd +26 -0
data/ext/freebsd/puppetmasterd +26 -0
data/ext/gentoo/conf.d/puppet +5 -0
data/ext/gentoo/conf.d/puppetmaster +12 -0
data/ext/gentoo/init.d/puppet +38 -0
data/ext/gentoo/init.d/puppetmaster +51 -0
data/ext/gentoo/puppet/fileserver.conf +41 -0
data/ext/ips/puppet-agent +44 -0
data/ext/ips/puppet-master +44 -0
data/ext/ips/puppet.p5m.erb +12 -0
data/ext/ips/puppetagent.xml +42 -0
data/ext/ips/puppetmaster.xml +42 -0
data/ext/ips/rules +19 -0
data/ext/ips/transforms +34 -0
data/ext/ldap/puppet.schema +24 -0
data/ext/logcheck/puppet +23 -0
data/{examples → ext}/nagios/check_puppet.rb +2 -2
data/ext/osx/file_mapping.yaml +28 -0
data/ext/osx/postflight.erb +109 -0
data/ext/osx/preflight.erb +52 -0
data/ext/osx/prototype.plist.erb +38 -0
data/ext/osx/puppet.plist +0 -2
data/ext/project_data.yaml +2 -16
data/ext/redhat/fileserver.conf +41 -0
data/ext/redhat/logrotate +21 -0
data/ext/redhat/puppet.spec.erb +841 -0
data/ext/redhat/server.init +128 -0
data/ext/redhat/server.sysconfig +13 -0
data/{examples/enc → ext}/regexp_nodes/classes/databases +0 -0
data/{examples/enc → ext}/regexp_nodes/classes/webservers +0 -0
data/{examples/enc → ext}/regexp_nodes/environment/development +0 -0
data/{examples/enc → ext}/regexp_nodes/parameters/service/prod +0 -0
data/{examples/enc → ext}/regexp_nodes/parameters/service/qa +0 -0
data/{examples/enc → ext}/regexp_nodes/parameters/service/sandbox +0 -0
data/{examples/enc → ext}/regexp_nodes/regexp_nodes.rb +0 -0
data/ext/solaris/pkginfo +6 -0
data/ext/solaris/smf/puppetd.xml +77 -0
data/ext/solaris/smf/puppetmasterd.xml +77 -0
data/ext/solaris/smf/svc-puppetd +71 -0
data/ext/solaris/smf/svc-puppetmasterd +67 -0
data/ext/suse/puppet.spec +310 -0
data/ext/suse/server.init +173 -0
data/ext/windows/service/daemon.rb +6 -5
data/ext/yaml_nodes.rb +105 -0
data/install.rb +21 -17
data/lib/puppet/agent.rb +11 -47
data/lib/puppet/application/agent.rb +16 -18
data/lib/puppet/application/apply.rb +4 -24
data/lib/puppet/application/device.rb +100 -106
data/lib/puppet/application/filebucket.rb +13 -10
data/lib/puppet/application/lookup.rb +24 -74
data/lib/puppet/application/resource.rb +16 -32
data/lib/puppet/application/script.rb +0 -2
data/lib/puppet/application/ssl.rb +1 -13
data/lib/puppet/application.rb +178 -108
data/lib/puppet/application_support.rb +0 -7
data/lib/puppet/concurrent/thread_local_singleton.rb +3 -6
data/lib/puppet/configurer/downloader.rb +1 -2
data/lib/puppet/configurer/plugin_handler.rb +21 -19
data/lib/puppet/configurer.rb +86 -183
data/lib/puppet/confine/variable.rb +1 -1
data/lib/puppet/defaults.rb +130 -244
data/lib/puppet/environments.rb +82 -146
data/lib/puppet/face/facts.rb +5 -103
data/lib/puppet/face/generate.rb +0 -2
data/lib/puppet/face/help/action.erb +0 -1
data/lib/puppet/face/help/face.erb +0 -1
data/lib/puppet/face/help.rb +1 -1
data/lib/puppet/face/node/clean.rb +0 -11
data/lib/puppet/face/plugin.rb +5 -8
data/lib/puppet/ffi/windows/api_types.rb +311 -0
data/lib/puppet/ffi/windows/constants.rb +404 -0
data/lib/puppet/ffi/windows/functions.rb +628 -0
data/lib/puppet/ffi/windows/structs.rb +338 -0
data/lib/puppet/ffi/windows.rb +12 -0
data/lib/puppet/file_serving/configuration/parser.rb +3 -34
data/lib/puppet/file_serving/configuration.rb +0 -8
data/lib/puppet/file_serving/fileset.rb +2 -14
data/lib/puppet/file_serving/http_metadata.rb +1 -1
data/lib/puppet/file_serving/metadata.rb +0 -3
data/lib/puppet/file_serving/mount/file.rb +4 -4
data/lib/puppet/file_serving/mount.rb +1 -2
data/lib/puppet/file_system/file_impl.rb +8 -10
data/lib/puppet/file_system/jruby.rb +1 -1
data/lib/puppet/file_system/memory_file.rb +1 -8
data/lib/puppet/file_system/windows.rb +6 -8
data/lib/puppet/file_system.rb +1 -1
data/lib/puppet/forge/repository.rb +0 -1
data/lib/puppet/forge.rb +4 -4
data/lib/puppet/functions/all.rb +1 -1
data/lib/puppet/functions/camelcase.rb +1 -1
data/lib/puppet/functions/capitalize.rb +2 -2
data/lib/puppet/functions/downcase.rb +2 -2
data/lib/puppet/functions/empty.rb +0 -8
data/lib/puppet/functions/find_template.rb +2 -2
data/lib/puppet/functions/get.rb +5 -5
data/lib/puppet/functions/group_by.rb +5 -13
data/lib/puppet/functions/lest.rb +1 -1
data/lib/puppet/functions/new.rb +100 -100
data/lib/puppet/functions/next.rb +1 -18
data/lib/puppet/functions/partition.rb +4 -12
data/lib/puppet/functions/require.rb +5 -5
data/lib/puppet/functions/sort.rb +3 -3
data/lib/puppet/functions/strftime.rb +0 -1
data/lib/puppet/functions/tree_each.rb +10 -7
data/lib/puppet/functions/type.rb +4 -4
data/lib/puppet/functions/unwrap.rb +2 -17
data/lib/puppet/functions/upcase.rb +2 -2
data/lib/puppet/functions/versioncmp.rb +2 -6
data/lib/puppet/generate/models/type/type.rb +4 -1
data/lib/puppet/generate/type.rb +0 -9
data/lib/puppet/http/client.rb +167 -137
data/lib/puppet/{network/resolver.rb → http/dns.rb} +2 -2
data/lib/puppet/http/errors.rb +16 -0
data/lib/puppet/http/external_client.rb +5 -7
data/lib/puppet/{network/http → http}/factory.rb +8 -15
data/lib/puppet/{network/http → http}/pool.rb +61 -26
data/lib/puppet/{network/http/session.rb → http/pool_entry.rb} +2 -3
data/lib/puppet/http/proxy.rb +137 -0
data/lib/puppet/http/redirector.rb +4 -17
data/lib/puppet/http/resolver/server_list.rb +10 -25
data/lib/puppet/http/resolver/settings.rb +4 -7
data/lib/puppet/http/resolver/srv.rb +7 -11
data/lib/puppet/http/resolver.rb +5 -15
data/lib/puppet/http/response.rb +36 -54
data/lib/puppet/http/response_converter.rb +24 -0
data/lib/puppet/http/response_net_http.rb +42 -0
data/lib/puppet/http/retry_after_handler.rb +4 -13
data/lib/puppet/http/service/ca.rb +11 -22
data/lib/puppet/http/service/compiler.rb +23 -144
data/lib/puppet/http/service/file_server.rb +19 -29
data/lib/puppet/http/service/puppetserver.rb +26 -12
data/lib/puppet/http/service/report.rb +8 -10
data/lib/puppet/http/service.rb +12 -26
data/lib/puppet/http/session.rb +11 -20
data/lib/puppet/{network/http → http}/site.rb +1 -2
data/lib/puppet/http.rb +22 -13
data/lib/puppet/indirector/catalog/compiler.rb +6 -25
data/lib/puppet/indirector/catalog/rest.rb +2 -5
data/lib/puppet/indirector/facts/facter.rb +6 -6
data/lib/puppet/indirector/facts/rest.rb +3 -22
data/lib/puppet/indirector/file_bucket_file/rest.rb +3 -9
data/lib/puppet/indirector/file_content/rest.rb +2 -6
data/lib/puppet/indirector/file_metadata/rest.rb +3 -10
data/lib/puppet/indirector/file_server.rb +1 -8
data/lib/puppet/indirector/generic_http.rb +0 -11
data/lib/puppet/indirector/indirection.rb +1 -1
data/lib/puppet/indirector/node/rest.rb +2 -4
data/lib/puppet/indirector/report/rest.rb +3 -8
data/lib/puppet/indirector/request.rb +0 -101
data/lib/puppet/indirector/resource/ral.rb +1 -6
data/lib/puppet/indirector/rest.rb +12 -263
data/lib/puppet/indirector/terminus.rb +0 -4
data/lib/puppet/interface/documentation.rb +0 -1
data/lib/puppet/module/plan.rb +1 -0
data/lib/puppet/module/task.rb +1 -1
data/lib/puppet/module.rb +0 -1
data/lib/puppet/module_tool/applications/installer.rb +2 -56
data/lib/puppet/module_tool/applications/uninstaller.rb +1 -1
data/lib/puppet/module_tool/applications/upgrader.rb +1 -1
data/lib/puppet/module_tool/applications.rb +0 -1
data/lib/puppet/module_tool/errors/shared.rb +2 -34
data/lib/puppet/network/authconfig.rb +2 -96
data/lib/puppet/network/authorization.rb +13 -35
data/lib/puppet/network/formats.rb +0 -67
data/lib/puppet/network/http/api/indirected_routes.rb +3 -21
data/lib/puppet/network/http/api/master/v3.rb +11 -13
data/lib/puppet/network/http/connection.rb +247 -316
data/lib/puppet/network/http/handler.rb +0 -1
data/lib/puppet/network/http.rb +3 -3
data/lib/puppet/network/http_pool.rb +16 -34
data/lib/puppet/node/environment.rb +11 -10
data/lib/puppet/node.rb +2 -31
data/lib/puppet/pal/json_catalog_encoder.rb +4 -0
data/lib/puppet/pal/pal_impl.rb +4 -2
data/lib/puppet/parser/ast/leaf.rb +2 -3
data/lib/puppet/parser/ast/pops_bridge.rb +0 -38
data/lib/puppet/parser/compiler/catalog_validator/relationship_validator.rb +14 -39
data/lib/puppet/parser/compiler.rb +0 -198
data/lib/puppet/parser/functions/fqdn_rand.rb +6 -14
data/lib/puppet/parser/resource.rb +1 -70
data/lib/puppet/parser/scope.rb +0 -1
data/lib/puppet/parser/templatewrapper.rb +1 -2
data/lib/puppet/pops/evaluator/closure.rb +5 -7
data/lib/puppet/pops/evaluator/deferred_resolver.rb +3 -5
data/lib/puppet/pops/evaluator/evaluator_impl.rb +0 -5
data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +3 -4
data/lib/puppet/pops/evaluator/runtime3_support.rb +1 -1
data/lib/puppet/pops/issues.rb +0 -5
data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +6 -8
data/lib/puppet/pops/lookup/lookup_adapter.rb +2 -3
data/lib/puppet/pops/model/ast.pp +0 -42
data/lib/puppet/pops/model/ast.rb +0 -291
data/lib/puppet/pops/model/ast_transformer.rb +1 -1
data/lib/puppet/pops/model/factory.rb +1 -47
data/lib/puppet/pops/model/model_label_provider.rb +0 -5
data/lib/puppet/pops/model/model_tree_dumper.rb +0 -22
data/lib/puppet/pops/model/pn_transformer.rb +0 -16
data/lib/puppet/pops/parser/code_merger.rb +4 -4
data/lib/puppet/pops/parser/egrammar.ra +0 -58
data/lib/puppet/pops/parser/eparser.rb +1685 -1896
data/lib/puppet/pops/parser/lexer2.rb +91 -92
data/lib/puppet/pops/parser/parser_support.rb +0 -5
data/lib/puppet/pops/parser/slurp_support.rb +0 -1
data/lib/puppet/pops/resource/resource_type_impl.rb +2 -24
data/lib/puppet/pops/serialization/to_stringified_converter.rb +1 -1
data/lib/puppet/pops/types/p_sem_ver_type.rb +2 -8
data/lib/puppet/pops/types/p_sensitive_type.rb +0 -10
data/lib/puppet/pops/types/type_calculator.rb +0 -7
data/lib/puppet/pops/types/type_formatter.rb +3 -4
data/lib/puppet/pops/types/type_mismatch_describer.rb +1 -1
data/lib/puppet/pops/types/type_parser.rb +0 -4
data/lib/puppet/pops/types/types.rb +1 -2
data/lib/puppet/pops/validation/checker4_0.rb +9 -37
data/lib/puppet/pops/validation/tasks_checker.rb +0 -12
data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -2
data/lib/puppet/property/list.rb +1 -1
data/lib/puppet/provider/aix_object.rb +1 -1
data/lib/puppet/provider/exec/posix.rb +4 -16
data/lib/puppet/provider/group/groupadd.rb +10 -18
data/lib/puppet/provider/nameservice.rb +0 -18
data/lib/puppet/provider/package/apt.rb +2 -34
data/lib/puppet/provider/package/aptitude.rb +0 -6
data/lib/puppet/provider/package/dnfmodule.rb +1 -1
data/lib/puppet/provider/package/dpkg.rb +0 -10
data/lib/puppet/provider/package/gem.rb +23 -3
data/lib/puppet/provider/package/nim.rb +6 -11
data/lib/puppet/provider/package/pip.rb +3 -16
data/lib/puppet/provider/package/pkg.rb +2 -23
data/lib/puppet/provider/package/portage.rb +1 -1
data/lib/puppet/provider/package/puppet_gem.rb +1 -4
data/lib/puppet/provider/package/puppetserver_gem.rb +17 -8
data/lib/puppet/provider/package/windows/exe_package.rb +1 -30
data/lib/puppet/provider/package/windows/package.rb +1 -2
data/lib/puppet/provider/package/windows.rb +1 -14
data/lib/puppet/provider/package/yum.rb +1 -1
data/lib/puppet/provider/parsedfile.rb +0 -3
data/lib/puppet/provider/service/base.rb +1 -1
data/lib/puppet/provider/service/debian.rb +0 -2
data/lib/puppet/provider/service/init.rb +9 -10
data/lib/puppet/provider/service/launchd.rb +2 -2
data/lib/puppet/provider/service/redhat.rb +1 -1
data/lib/puppet/provider/service/smf.rb +194 -76
data/lib/puppet/provider/service/systemd.rb +6 -16
data/lib/puppet/provider/service/upstart.rb +5 -5
data/lib/puppet/provider/service/windows.rb +0 -38
data/lib/puppet/provider/user/aix.rb +3 -46
data/lib/puppet/provider/user/directoryservice.rb +11 -39
data/lib/puppet/provider/user/useradd.rb +24 -134
data/lib/puppet/provider.rb +1 -14
data/lib/puppet/reference/configuration.rb +8 -7
data/lib/puppet/reference/indirection.rb +1 -1
data/lib/puppet/reference/providers.rb +2 -2
data/lib/puppet/resource/catalog.rb +2 -15
data/lib/puppet/resource/type.rb +3 -119
data/lib/puppet/resource/type_collection.rb +3 -49
data/lib/puppet/resource.rb +6 -127
data/lib/puppet/runtime.rb +2 -13
data/lib/puppet/settings/environment_conf.rb +0 -1
data/lib/puppet/settings/integer_setting.rb +17 -0
data/lib/puppet/settings/port_setting.rb +15 -0
data/lib/puppet/settings/priority_setting.rb +5 -4
data/lib/puppet/settings.rb +82 -98
data/lib/puppet/ssl/base.rb +3 -5
data/lib/puppet/ssl/certificate.rb +0 -6
data/lib/puppet/ssl/certificate_request.rb +1 -12
data/lib/puppet/ssl/certificate_signer.rb +6 -0
data/lib/puppet/ssl/oids.rb +3 -1
data/lib/puppet/ssl/ssl_provider.rb +36 -75
data/lib/puppet/ssl/state_machine.rb +20 -14
data/lib/puppet/ssl/verifier.rb +2 -6
data/lib/puppet/ssl.rb +10 -6
data/lib/puppet/test/test_helper.rb +2 -7
data/lib/puppet/transaction/additional_resource_generator.rb +1 -1
data/lib/puppet/transaction/persistence.rb +1 -21
data/lib/puppet/transaction/report.rb +3 -19
data/lib/puppet/transaction.rb +1 -7
data/lib/puppet/type/exec.rb +6 -36
data/lib/puppet/type/file/checksum.rb +1 -1
data/lib/puppet/type/file/data_sync.rb +1 -1
data/lib/puppet/type/file/mode.rb +0 -6
data/lib/puppet/type/file/selcontext.rb +1 -1
data/lib/puppet/type/file/source.rb +1 -1
data/lib/puppet/type/file.rb +12 -32
data/lib/puppet/type/filebucket.rb +4 -4
data/lib/puppet/type/group.rb +1 -0
data/lib/puppet/type/package.rb +8 -16
data/lib/puppet/type/resources.rb +1 -1
data/lib/puppet/type/service.rb +41 -26
data/lib/puppet/type/tidy.rb +3 -22
data/lib/puppet/type/user.rb +13 -35
data/lib/puppet/type.rb +1 -77
data/lib/puppet/util/autoload.rb +8 -1
data/lib/puppet/util/command_line.rb +1 -1
data/lib/puppet/util/execution.rb +0 -11
data/lib/puppet/util/filetype.rb +2 -2
data/lib/puppet/util/http_proxy.rb +2 -215
data/lib/puppet/util/json.rb +0 -20
data/lib/puppet/util/log.rb +4 -8
data/lib/puppet/util/logging.rb +25 -1
data/lib/puppet/util/monkey_patches.rb +2 -59
data/lib/puppet/util/package.rb +16 -25
data/lib/puppet/util/pidlock.rb +1 -1
data/lib/puppet/util/posix.rb +5 -54
data/lib/puppet/util/rdoc/parser/puppet_parser_core.rb +1 -1
data/lib/puppet/util/rdoc.rb +0 -7
data/lib/puppet/util/retry_action.rb +1 -1
data/lib/puppet/util/run_mode.rb +9 -1
data/lib/puppet/util/selinux.rb +4 -30
data/lib/puppet/util/suidmanager.rb +2 -1
data/lib/puppet/util/symbolic_file_mode.rb +17 -29
data/lib/puppet/util/tagging.rb +0 -1
data/lib/puppet/util/windows/adsi.rb +0 -46
data/lib/puppet/util/windows/daemon.rb +360 -0
data/lib/puppet/util/windows/error.rb +1 -0
data/lib/puppet/util/windows/eventlog.rb +4 -9
data/lib/puppet/util/windows/file.rb +8 -242
data/lib/puppet/util/windows/monkey_patches/process.rb +414 -0
data/lib/puppet/util/windows/principal.rb +2 -9
data/lib/puppet/util/windows/process.rb +4 -226
data/lib/puppet/util/windows/service.rb +11 -457
data/lib/puppet/util/windows/sid.rb +2 -6
data/lib/puppet/util/windows/string.rb +12 -13
data/lib/puppet/util/windows/user.rb +2 -0
data/lib/puppet/util/windows.rb +3 -11
data/lib/puppet/util/yaml.rb +1 -42
data/lib/puppet/util.rb +5 -5
data/lib/puppet/vendor/require_vendored.rb +0 -1
data/lib/puppet/version.rb +1 -1
data/lib/puppet/x509/cert_provider.rb +29 -1
data/lib/puppet/x509.rb +5 -1
data/lib/puppet.rb +34 -27
data/locales/puppet.pot +9633 -5
data/man/man5/puppet.conf.5 +286 -401
data/man/man8/puppet-agent.8 +2 -5
data/man/man8/puppet-apply.8 +2 -2
data/man/man8/puppet-catalog.8 +9 -9
data/man/man8/puppet-config.8 +1 -1
data/man/man8/puppet-describe.8 +1 -1
data/man/man8/puppet-device.8 +2 -2
data/man/man8/puppet-doc.8 +1 -1
data/man/man8/puppet-epp.8 +1 -1
data/man/man8/puppet-facts.8 +8 -51
data/man/man8/puppet-filebucket.8 +4 -4
data/man/man8/puppet-generate.8 +1 -1
data/man/man8/puppet-help.8 +1 -1
data/man/man8/puppet-lookup.8 +6 -9
data/man/man8/puppet-module.8 +3 -60
data/man/man8/puppet-node.8 +5 -5
data/man/man8/puppet-parser.8 +1 -1
data/man/man8/puppet-plugin.8 +1 -1
data/man/man8/puppet-report.8 +5 -5
data/man/man8/puppet-resource.8 +1 -1
data/man/man8/puppet-script.8 +2 -2
data/man/man8/puppet-ssl.8 +1 -5
data/man/man8/puppet.8 +2 -2
data/spec/fixtures/ssl/127.0.0.1-key.pem +57 -107
data/spec/fixtures/ssl/127.0.0.1.pem +31 -52
data/spec/fixtures/ssl/bad-basic-constraints.pem +35 -57
data/spec/fixtures/ssl/bad-int-basic-constraints.pem +35 -57
data/spec/fixtures/ssl/ca.pem +35 -57
data/spec/fixtures/ssl/crl.pem +18 -28
data/spec/fixtures/ssl/ec-key.pem +11 -11
data/spec/fixtures/ssl/ec.pem +24 -33
data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
data/spec/fixtures/ssl/encrypted-key.pem +58 -108
data/spec/fixtures/ssl/intermediate-agent-crl.pem +19 -28
data/spec/fixtures/ssl/intermediate-agent.pem +36 -57
data/spec/fixtures/ssl/intermediate-crl.pem +21 -31
data/spec/fixtures/ssl/intermediate.pem +36 -57
data/spec/fixtures/ssl/pluto-key.pem +57 -107
data/spec/fixtures/ssl/pluto.pem +30 -52
data/spec/fixtures/ssl/request-key.pem +57 -107
data/spec/fixtures/ssl/request.pem +26 -47
data/spec/fixtures/ssl/revoked-key.pem +57 -107
data/spec/fixtures/ssl/revoked.pem +30 -52
data/spec/fixtures/ssl/signed-key.pem +57 -107
data/spec/fixtures/ssl/signed.pem +30 -52
data/spec/fixtures/ssl/tampered-cert.pem +30 -52
data/spec/fixtures/ssl/tampered-csr.pem +26 -47
data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +57 -107
data/spec/fixtures/ssl/unknown-127.0.0.1.pem +29 -50
data/spec/fixtures/ssl/unknown-ca-key.pem +57 -107
data/spec/fixtures/ssl/unknown-ca.pem +33 -55
data/spec/fixtures/unit/forge/bacula.json +1 -1
data/spec/fixtures/unit/provider/service/smf/{svcs.out → svcs_instances.out} +0 -0
data/spec/fixtures/unit/provider/user/aix/aix_passwd_file.out +0 -4
data/spec/integration/application/agent_spec.rb +50 -406
data/spec/integration/application/apply_spec.rb +1 -20
data/spec/integration/application/filebucket_spec.rb +16 -32
data/spec/integration/application/help_spec.rb +2 -0
data/spec/integration/application/lookup_spec.rb +50 -81
data/spec/integration/application/module_spec.rb +0 -21
data/spec/integration/application/plugin_spec.rb +24 -2
data/spec/integration/configurer_spec.rb +2 -18
data/spec/integration/defaults_spec.rb +14 -3
data/spec/integration/environments/settings_interpolation_spec.rb +4 -0
data/spec/integration/http/client_spec.rb +4 -63
data/spec/integration/indirector/direct_file_server_spec.rb +3 -1
data/spec/integration/indirector/facts/facter_spec.rb +39 -93
data/spec/integration/network/http_pool_spec.rb +3 -21
data/spec/integration/parser/catalog_spec.rb +0 -38
data/spec/integration/parser/node_spec.rb +0 -9
data/spec/integration/parser/pcore_resource_spec.rb +0 -47
data/spec/integration/resource/type_collection_spec.rb +6 -2
data/spec/integration/transaction/report_spec.rb +1 -1
data/spec/integration/transaction_spec.rb +9 -4
data/spec/integration/type/exec_spec.rb +45 -70
data/spec/integration/type/file_spec.rb +7 -6
data/spec/integration/type/package_spec.rb +6 -6
data/spec/integration/util/rdoc/parser_spec.rb +1 -1
data/spec/integration/util/windows/adsi_spec.rb +1 -21
data/spec/integration/util/windows/monkey_patches/process_spec.rb +231 -0
data/spec/integration/util/windows/principal_spec.rb +0 -21
data/spec/integration/util/windows/process_spec.rb +9 -1
data/spec/integration/util/windows/registry_spec.rb +10 -6
data/spec/integration/util/windows/security_spec.rb +1 -1
data/spec/lib/matchers/include.rb +27 -0
data/spec/lib/matchers/include_spec.rb +32 -0
data/spec/lib/puppet/test_ca.rb +2 -7
data/spec/lib/puppet_spec/https.rb +1 -1
data/spec/lib/puppet_spec/modules.rb +2 -13
data/spec/lib/puppet_spec/puppetserver.rb +3 -55
data/spec/lib/puppet_spec/settings.rb +1 -1
data/spec/shared_behaviours/documentation_on_faces.rb +2 -0
data/spec/spec_helper.rb +17 -13
data/spec/unit/agent_spec.rb +8 -38
data/spec/unit/application/agent_spec.rb +19 -33
data/spec/unit/application/apply_spec.rb +56 -76
data/spec/unit/application/facts_spec.rb +12 -456
data/spec/unit/application/filebucket_spec.rb +43 -39
data/spec/unit/application/lookup_spec.rb +10 -131
data/spec/unit/application/resource_spec.rb +0 -29
data/spec/unit/application/ssl_spec.rb +2 -25
data/spec/unit/application_spec.rb +9 -51
data/spec/unit/certificate_factory_spec.rb +1 -1
data/spec/unit/configurer/downloader_spec.rb +6 -8
data/spec/unit/configurer/plugin_handler_spec.rb +56 -18
data/spec/unit/configurer_spec.rb +68 -327
data/spec/unit/confine/feature_spec.rb +1 -1
data/spec/unit/confine_spec.rb +2 -8
data/spec/unit/context/trusted_information_spec.rb +2 -6
data/spec/unit/daemon_spec.rb +11 -2
data/spec/unit/defaults_spec.rb +68 -55
data/spec/unit/environments_spec.rb +68 -408
data/spec/unit/face/generate_spec.rb +0 -64
data/spec/unit/face/node_spec.rb +11 -0
data/spec/unit/face/plugin_spec.rb +73 -33
data/spec/unit/file_bucket/dipper_spec.rb +2 -2
data/spec/unit/file_bucket/file_spec.rb +1 -1
data/spec/unit/file_serving/configuration/parser_spec.rb +15 -41
data/spec/unit/file_serving/configuration_spec.rb +10 -26
data/spec/unit/file_serving/fileset_spec.rb +0 -60
data/spec/unit/file_serving/metadata_spec.rb +3 -3
data/spec/unit/file_serving/terminus_helper_spec.rb +4 -11
data/spec/unit/file_system_spec.rb +4 -56
data/spec/unit/forge/module_release_spec.rb +10 -5
data/spec/unit/functions/assert_type_spec.rb +1 -1
data/spec/unit/functions/camelcase_spec.rb +1 -1
data/spec/unit/functions/capitalize_spec.rb +1 -1
data/spec/unit/functions/downcase_spec.rb +1 -1
data/spec/unit/functions/empty_spec.rb +0 -10
data/spec/unit/functions/logging_spec.rb +0 -1
data/spec/unit/functions/lookup_spec.rb +0 -64
data/spec/unit/functions/unwrap_spec.rb +0 -8
data/spec/unit/functions/upcase_spec.rb +1 -1
data/spec/unit/functions/versioncmp_spec.rb +4 -40
data/spec/unit/functions4_spec.rb +2 -2
data/spec/unit/gettext/config_spec.rb +0 -12
data/spec/unit/http/client_spec.rb +8 -84
data/spec/unit/{network/resolver_spec.rb → http/dns_spec.rb} +3 -3
data/spec/unit/http/external_client_spec.rb +4 -4
data/spec/unit/{network/http → http}/factory_spec.rb +5 -30
data/spec/unit/{network/http/session_spec.rb → http/pool_entry_spec.rb} +3 -3
data/spec/unit/{network/http → http}/pool_spec.rb +12 -17
data/spec/unit/{util/http_proxy_spec.rb → http/proxy_spec.rb} +2 -69
data/spec/unit/http/resolver_spec.rb +13 -13
data/spec/unit/http/service/compiler_spec.rb +0 -193
data/spec/unit/http/service/file_server_spec.rb +3 -3
data/spec/unit/http/service/puppetserver_spec.rb +34 -4
data/spec/unit/http/service_spec.rb +0 -1
data/spec/unit/http/session_spec.rb +16 -14
data/spec/unit/{network/http → http}/site_spec.rb +3 -3
data/spec/unit/indirector/catalog/compiler_spec.rb +10 -101
data/spec/unit/indirector/catalog/rest_spec.rb +0 -8
data/spec/unit/indirector/face_spec.rb +1 -0
data/spec/unit/indirector/facts/facter_spec.rb +3 -0
data/spec/unit/indirector/file_bucket_file/file_spec.rb +5 -3
data/spec/unit/indirector/file_bucket_file/selector_spec.rb +8 -26
data/spec/unit/indirector/file_content/rest_spec.rb +0 -4
data/spec/unit/indirector/file_metadata/rest_spec.rb +0 -4
data/spec/unit/indirector/file_server_spec.rb +1 -15
data/spec/unit/indirector/indirection_spec.rb +15 -18
data/spec/unit/indirector/report/rest_spec.rb +2 -17
data/spec/unit/indirector/request_spec.rb +0 -264
data/spec/unit/indirector/resource/ral_spec.rb +75 -40
data/spec/unit/indirector/rest_spec.rb +98 -752
data/spec/unit/indirector/store_configs_spec.rb +7 -0
data/spec/unit/indirector_spec.rb +2 -2
data/spec/unit/interface/action_spec.rb +9 -0
data/spec/unit/module_spec.rb +1 -15
data/spec/unit/module_tool/applications/installer_spec.rb +0 -105
data/spec/unit/network/authconfig_spec.rb +2 -129
data/spec/unit/network/authorization_spec.rb +2 -55
data/spec/unit/network/formats_spec.rb +4 -51
data/spec/unit/network/http/api/indirected_routes_spec.rb +5 -92
data/spec/unit/network/http/api/master/v3_spec.rb +28 -7
data/spec/unit/network/http/api_spec.rb +10 -0
data/spec/unit/network/http/connection_spec.rb +19 -41
data/spec/unit/network/http/handler_spec.rb +0 -1
data/spec/unit/network/http_pool_spec.rb +0 -4
data/spec/unit/node/environment_spec.rb +33 -21
data/spec/unit/node_spec.rb +2 -60
data/spec/unit/parser/compiler_spec.rb +19 -3
data/spec/unit/parser/functions/create_resources_spec.rb +2 -20
data/spec/unit/parser/functions/fqdn_rand_spec.rb +1 -15
data/spec/unit/parser/resource_spec.rb +8 -14
data/spec/unit/parser/templatewrapper_spec.rb +5 -16
data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +4 -7
data/spec/unit/pops/loaders/loaders_spec.rb +6 -21
data/spec/unit/pops/parser/parse_application_spec.rb +4 -22
data/spec/unit/pops/parser/parse_basic_expressions_spec.rb +0 -1
data/spec/unit/pops/parser/parse_capabilities_spec.rb +8 -21
data/spec/unit/pops/parser/parse_containers_spec.rb +13 -2
data/spec/unit/pops/parser/parse_site_spec.rb +20 -24
data/spec/unit/pops/resource/resource_type_impl_spec.rb +0 -71
data/spec/unit/pops/serialization/to_from_hr_spec.rb +1 -1
data/spec/unit/pops/serialization/to_stringified_spec.rb +0 -5
data/spec/unit/pops/types/p_sem_ver_type_spec.rb +0 -18
data/spec/unit/pops/types/p_sensitive_type_spec.rb +0 -18
data/spec/unit/pops/types/type_calculator_spec.rb +6 -12
data/spec/unit/pops/types/type_factory_spec.rb +1 -1
data/spec/unit/pops/validator/validator_spec.rb +61 -51
data/spec/unit/pops/visitor_spec.rb +1 -1
data/spec/unit/property_spec.rb +0 -1
data/spec/unit/provider/group/groupadd_spec.rb +2 -5
data/spec/unit/provider/nameservice_spec.rb +64 -122
data/spec/unit/provider/package/apt_spec.rb +23 -28
data/spec/unit/provider/package/aptitude_spec.rb +1 -1
data/spec/unit/provider/package/base_spec.rb +5 -6
data/spec/unit/provider/package/dnfmodule_spec.rb +1 -10
data/spec/unit/provider/package/dpkg_spec.rb +0 -48
data/spec/unit/provider/package/gem_spec.rb +33 -1
data/spec/unit/provider/package/nim_spec.rb +0 -42
data/spec/unit/provider/package/pacman_spec.rb +12 -18
data/spec/unit/provider/package/pip2_spec.rb +1 -1
data/spec/unit/provider/package/pip3_spec.rb +1 -1
data/spec/unit/provider/package/pip_spec.rb +12 -44
data/spec/unit/provider/package/pkg_spec.rb +4 -29
data/spec/unit/provider/package/pkgdmg_spec.rb +4 -0
data/spec/unit/provider/package/puppet_gem_spec.rb +4 -3
data/spec/unit/provider/package/puppetserver_gem_spec.rb +3 -3
data/spec/unit/provider/package/windows/exe_package_spec.rb +0 -17
data/spec/unit/provider/parsedfile_spec.rb +0 -10
data/spec/unit/provider/service/gentoo_spec.rb +5 -6
data/spec/unit/provider/service/init_spec.rb +9 -16
data/spec/unit/provider/service/launchd_spec.rb +0 -11
data/spec/unit/provider/service/openwrt_spec.rb +29 -23
data/spec/unit/provider/service/redhat_spec.rb +2 -3
data/spec/unit/provider/service/smf_spec.rb +401 -165
data/spec/unit/provider/service/systemd_spec.rb +9 -54
data/spec/unit/provider/service/windows_spec.rb +0 -203
data/spec/unit/provider/user/aix_spec.rb +0 -105
data/spec/unit/provider/user/directoryservice_spec.rb +36 -68
data/spec/unit/provider/user/hpux_spec.rb +1 -1
data/spec/unit/provider/user/pw_spec.rb +0 -2
data/spec/unit/provider/user/useradd_spec.rb +5 -114
data/spec/unit/provider_spec.rb +12 -22
data/spec/unit/puppet_spec.rb +4 -12
data/spec/unit/resource/catalog_spec.rb +2 -15
data/spec/unit/resource/type_collection_spec.rb +2 -22
data/spec/unit/resource/type_spec.rb +1 -1
data/spec/unit/resource_spec.rb +12 -125
data/spec/unit/settings/http_extra_headers_spec.rb +2 -4
data/spec/unit/settings/integer_setting_spec.rb +42 -0
data/spec/unit/settings/port_setting_spec.rb +31 -0
data/spec/unit/settings/priority_setting_spec.rb +4 -4
data/spec/unit/settings_spec.rb +79 -110
data/spec/unit/ssl/base_spec.rb +37 -3
data/spec/unit/ssl/certificate_request_spec.rb +21 -45
data/spec/unit/ssl/certificate_spec.rb +2 -11
data/spec/unit/ssl/ssl_provider_spec.rb +3 -80
data/spec/unit/ssl/state_machine_spec.rb +5 -21
data/spec/unit/ssl/verifier_spec.rb +0 -21
data/spec/unit/transaction/additional_resource_generator_spec.rb +9 -3
data/spec/unit/transaction/event_manager_spec.rb +11 -14
data/spec/unit/transaction/persistence_spec.rb +0 -51
data/spec/unit/transaction/report_spec.rb +0 -2
data/spec/unit/transaction/resource_harness_spec.rb +2 -2
data/spec/unit/transaction_spec.rb +55 -96
data/spec/unit/type/exec_spec.rb +29 -76
data/spec/unit/type/file/checksum_spec.rb +6 -6
data/spec/unit/type/file/content_spec.rb +2 -1
data/spec/unit/type/file/ensure_spec.rb +1 -1
data/spec/unit/type/file/mode_spec.rb +1 -1
data/spec/unit/type/file/selinux_spec.rb +5 -3
data/spec/unit/type/file/source_spec.rb +4 -5
data/spec/unit/type/file_spec.rb +18 -6
data/spec/unit/type/group_spec.rb +6 -13
data/spec/unit/type/package_spec.rb +1 -1
data/spec/unit/type/resources_spec.rb +7 -7
data/spec/unit/type/service_spec.rb +189 -87
data/spec/unit/type/tidy_spec.rb +8 -24
data/spec/unit/type_spec.rb +24 -4
data/spec/unit/util/at_fork_spec.rb +2 -2
data/spec/unit/util/autoload_spec.rb +1 -5
data/spec/unit/util/backups_spec.rb +2 -3
data/spec/unit/util/execution_spec.rb +11 -44
data/spec/unit/util/inifile_spec.rb +14 -6
data/spec/unit/util/log_spec.rb +7 -8
data/spec/unit/util/logging_spec.rb +3 -5
data/spec/unit/util/monkey_patches_spec.rb +0 -6
data/spec/unit/util/posix_spec.rb +15 -363
data/spec/unit/util/run_mode_spec.rb +21 -121
data/spec/unit/util/selinux_spec.rb +68 -163
data/spec/unit/util/storage_spec.rb +1 -3
data/spec/unit/util/suidmanager_spec.rb +41 -44
data/spec/unit/util/windows/sid_spec.rb +0 -41
data/spec/unit/util/windows/string_spec.rb +1 -3
data/spec/unit/util/yaml_spec.rb +13 -92
data/spec/unit/util_spec.rb +6 -31
data/tasks/generate_cert_fixtures.rake +7 -17
data/tasks/parallel.rake +3 -3
metadata +138 -239
data/conf/auth.conf +0 -150
data/ext/README.md +0 -13
data/lib/puppet/application/cert.rb +0 -76
data/lib/puppet/application/key.rb +0 -4
data/lib/puppet/application/man.rb +0 -4
data/lib/puppet/application/status.rb +0 -4
data/lib/puppet/face/key.rb +0 -16
data/lib/puppet/face/man.rb +0 -145
data/lib/puppet/face/module/build.rb +0 -14
data/lib/puppet/face/module/generate.rb +0 -14
data/lib/puppet/face/module/search.rb +0 -103
data/lib/puppet/face/status.rb +0 -51
data/lib/puppet/facter_impl.rb +0 -96
data/lib/puppet/ffi/posix/constants.rb +0 -14
data/lib/puppet/ffi/posix/functions.rb +0 -24
data/lib/puppet/ffi/posix.rb +0 -10
data/lib/puppet/file_serving/mount/scripts.rb +0 -24
data/lib/puppet/indirector/certificate/file.rb +0 -9
data/lib/puppet/indirector/certificate/rest.rb +0 -18
data/lib/puppet/indirector/certificate_request/file.rb +0 -9
data/lib/puppet/indirector/certificate_request/memory.rb +0 -7
data/lib/puppet/indirector/certificate_request/rest.rb +0 -11
data/lib/puppet/indirector/file_content/http.rb +0 -22
data/lib/puppet/indirector/key/file.rb +0 -46
data/lib/puppet/indirector/key/memory.rb +0 -7
data/lib/puppet/indirector/ssl_file.rb +0 -162
data/lib/puppet/indirector/status/local.rb +0 -12
data/lib/puppet/indirector/status/rest.rb +0 -27
data/lib/puppet/indirector/status.rb +0 -3
data/lib/puppet/module_tool/applications/searcher.rb +0 -29
data/lib/puppet/network/auth_config_parser.rb +0 -90
data/lib/puppet/network/authstore.rb +0 -283
data/lib/puppet/network/http/api/master/v3/authorization.rb +0 -18
data/lib/puppet/network/http/api/master/v3/environment.rb +0 -88
data/lib/puppet/network/http/base_pool.rb +0 -36
data/lib/puppet/network/http/compression.rb +0 -127
data/lib/puppet/network/http/connection_adapter.rb +0 -184
data/lib/puppet/network/http/nocache_pool.rb +0 -28
data/lib/puppet/network/rest_controller.rb +0 -2
data/lib/puppet/network/rights.rb +0 -210
data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +0 -66
data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +0 -22
data/lib/puppet/parser/environment_compiler.rb +0 -202
data/lib/puppet/pops/types/enumeration.rb +0 -16
data/lib/puppet/resource/capability_finder.rb +0 -154
data/lib/puppet/rest/errors.rb +0 -15
data/lib/puppet/rest/response.rb +0 -35
data/lib/puppet/rest/route.rb +0 -85
data/lib/puppet/rest/routes.rb +0 -135
data/lib/puppet/settings/alias_setting.rb +0 -37
data/lib/puppet/ssl/host.rb +0 -505
data/lib/puppet/ssl/key.rb +0 -61
data/lib/puppet/ssl/validator/default_validator.rb +0 -209
data/lib/puppet/ssl/validator/no_validator.rb +0 -22
data/lib/puppet/ssl/validator.rb +0 -61
data/lib/puppet/ssl/verifier_adapter.rb +0 -58
data/lib/puppet/status.rb +0 -40
data/lib/puppet/util/connection.rb +0 -88
data/lib/puppet/util/fact_dif.rb +0 -81
data/lib/puppet/util/ssl.rb +0 -83
data/lib/puppet/util/windows/api_types.rb +0 -309
data/lib/puppet/util/windows/monkey_patches/dir.rb +0 -40
data/lib/puppet/vendor/load_pathspec.rb +0 -1
data/lib/puppet/vendor/pathspec/CHANGELOG.md +0 -2
data/lib/puppet/vendor/pathspec/LICENSE +0 -201
data/lib/puppet/vendor/pathspec/PUPPET_README.md +0 -6
data/lib/puppet/vendor/pathspec/README.md +0 -53
data/lib/puppet/vendor/pathspec/lib/pathspec/gitignorespec.rb +0 -275
data/lib/puppet/vendor/pathspec/lib/pathspec/regexspec.rb +0 -17
data/lib/puppet/vendor/pathspec/lib/pathspec/spec.rb +0 -14
data/lib/puppet/vendor/pathspec/lib/pathspec.rb +0 -122
data/man/man8/puppet-key.8 +0 -126
data/man/man8/puppet-man.8 +0 -76
data/man/man8/puppet-status.8 +0 -108
data/spec/fixtures/integration/application/agent/cached_deferred_catalog.json +0 -92
data/spec/fixtures/integration/application/agent/lib/facter/agent_spec_role.rb +0 -3
data/spec/fixtures/integration/l10n/envs/prod/modules/demo/Gemfile +0 -4
data/spec/fixtures/integration/l10n/envs/prod/modules/demo/Rakefile +0 -3
data/spec/fixtures/integration/l10n/envs/prod/modules/demo/lib/puppet/functions/l10n.rb +0 -8
data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/config.yaml +0 -25
data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/ja/puppet-l10n.po +0 -19
data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/puppet-l10n.pot +0 -20
data/spec/fixtures/integration/l10n/envs/prod/modules/demo/metadata.json +0 -8
data/spec/fixtures/ssl/oid-key.pem +0 -117
data/spec/fixtures/ssl/oid.pem +0 -69
data/spec/fixtures/ssl/trusted_oid_mapping.yaml +0 -5
data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services_vendor_preset +0 -9
data/spec/integration/application/resource_spec.rb +0 -68
data/spec/integration/application/ssl_spec.rb +0 -20
data/spec/integration/l10n/compiler_spec.rb +0 -37
data/spec/integration/network/authconfig_spec.rb +0 -256
data/spec/integration/util/windows/monkey_patches/dir_spec.rb +0 -11
data/spec/shared_contexts/l10n.rb +0 -32
data/spec/unit/application/man_spec.rb +0 -52
data/spec/unit/capability_spec.rb +0 -414
data/spec/unit/concurrent/thread_local_singleton_spec.rb +0 -39
data/spec/unit/face/key_spec.rb +0 -9
data/spec/unit/face/module/search_spec.rb +0 -231
data/spec/unit/face/status_spec.rb +0 -9
data/spec/unit/facter_impl_spec.rb +0 -31
data/spec/unit/file_serving/mount/scripts_spec.rb +0 -69
data/spec/unit/indirector/certificate/file_spec.rb +0 -14
data/spec/unit/indirector/certificate/rest_spec.rb +0 -61
data/spec/unit/indirector/certificate_request/file_spec.rb +0 -14
data/spec/unit/indirector/certificate_request/rest_spec.rb +0 -25
data/spec/unit/indirector/key/file_spec.rb +0 -78
data/spec/unit/indirector/ssl_file_spec.rb +0 -305
data/spec/unit/indirector/status/local_spec.rb +0 -10
data/spec/unit/indirector/status/rest_spec.rb +0 -50
data/spec/unit/module_tool/applications/searcher_spec.rb +0 -38
data/spec/unit/network/auth_config_parser_spec.rb +0 -115
data/spec/unit/network/authstore_spec.rb +0 -407
data/spec/unit/network/http/api/master/v3/authorization_spec.rb +0 -57
data/spec/unit/network/http/api/master/v3/environment_spec.rb +0 -185
data/spec/unit/network/http/compression_spec.rb +0 -240
data/spec/unit/network/http/nocache_pool_spec.rb +0 -64
data/spec/unit/network/http_spec.rb +0 -9
data/spec/unit/network/rights_spec.rb +0 -439
data/spec/unit/parser/environment_compiler_spec.rb +0 -730
data/spec/unit/pops/evaluator/deferred_resolver_spec.rb +0 -20
data/spec/unit/pops/types/enumeration_spec.rb +0 -51
data/spec/unit/resource/capability_finder_spec.rb +0 -148
data/spec/unit/rest/route_spec.rb +0 -132
data/spec/unit/ssl/host_spec.rb +0 -645
data/spec/unit/ssl/key_spec.rb +0 -173
data/spec/unit/ssl/validator_spec.rb +0 -278
data/spec/unit/status_spec.rb +0 -45
data/spec/unit/util/json_spec.rb +0 -126
data/spec/unit/util/ssl_spec.rb +0 -91
data/spec/unit/util/windows_spec.rb +0 -23

data/lib/puppet/ssl/validator/default_validator.rb DELETED Viewed

@@ -1,209 +0,0 @@
-require 'puppet/ssl/openssl_loader'
-require 'puppet/ssl'
-# Perform peer certificate verification against the known CA.
-# If there is no CA information known, then no verification is performed
-#
-# @deprecated
-# @api private
-#
-class Puppet::SSL::Validator::DefaultValidator #< class Puppet::SSL::Validator
-  attr_reader :peer_certs
-  attr_reader :verify_errors
-  attr_reader :last_error
-  FIVE_MINUTES_AS_SECONDS = 5 * 60
-  # Creates a new DefaultValidator, optionally with an SSL Configuration and SSL Host.
-  #
-  # @param ca_path [String] Filepath for the cacert
-  #
-  # @api private
-  #
-  def initialize(
-    ca_path = Puppet[:ssl_client_ca_auth] || Puppet[:localcacert])
-    reset!
-    @ca_path = ca_path
-  end
-  # Resets this validator to its initial validation state. The ssl configuration is not changed.
-  #
-  # @api private
-  #
-  def reset!
-    @peer_certs = []
-    @verify_errors = []
-    @hostname = nil
-    @last_error = nil
-  end
-  # Performs verification of the SSL connection and collection of the
-  # certificates for use in constructing the error message if the verification
-  # failed.  This callback will be executed once for each certificate in a
-  # chain being verified.
-  #
-  # From the [OpenSSL
-  # documentation](https://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html):
-  # The `verify_callback` function is used to control the behaviour when the
-  # SSL_VERIFY_PEER flag is set. It must be supplied by the application and
-  # receives two arguments: preverify_ok indicates, whether the verification of
-  # the certificate in question was passed (preverify_ok=1) or not
-  # (preverify_ok=0). x509_store_ctx is a pointer to the complete context used for
-  # the certificate chain verification.
-  #
-  # See {Puppet::Network::HTTP::Connection} for more information and where this
-  # class is intended to be used.
-  #
-  # @param [Boolean] preverify_ok indicates whether the verification of the
-  #   certificate in question was passed (preverify_ok=true)
-  # @param [OpenSSL::X509::StoreContext] store_context holds the X509 store context
-  #   for the chain being verified.
-  #
-  # @return [Boolean] false if the peer is invalid, true otherwise.
-  #
-  # @api private
-  #
-  def call(preverify_ok, store_context)
-    current_cert = store_context.current_cert
-    @peer_certs << current_cert
-    # We must make a copy since the scope of the store_context will be lost
-    # across invocations of this method.
-    if preverify_ok
-      # If we've copied all of the certs in the chain out of the SSL library
-      if @peer_certs.length == store_context.chain.length
-        # (#20027) The peer cert must be issued by a specific authority
-        preverify_ok = valid_peer?
-      end
-    else
-      error = store_context.error || 0
-      error_string = store_context.error_string || "OpenSSL error #{error}"
-      case error
-      when OpenSSL::X509::V_OK
-        if @hostname
-          # chain is from leaf to root, opposite of the order that `call` is invoked
-          chain_cert = store_context.chain.first
-          # ruby 2.4 doesn't compare certs based on value, so force to DER byte array
-          if current_cert && chain_cert && current_cert.to_der == chain_cert.to_der && !OpenSSL::SSL.verify_certificate_identity(current_cert, @hostname)
-            @last_error = Puppet::SSL::CertMismatchError.new(current_cert, @hostname)
-            return false
-          else
-            @verify_errors << "#{error_string} for #{current_cert.subject.to_utf8}"
-          end
-        else
-          @verify_errors << "#{error_string} for #{current_cert.subject.to_utf8}"
-        end
-      when OpenSSL::X509::V_ERR_CRL_NOT_YET_VALID
-        # current_crl can be nil
-        # https://github.com/ruby/ruby/blob/ruby_1_9_3/ext/openssl/ossl_x509store.c#L501-L510
-        crl = store_context.current_crl
-        if crl
-          if crl.last_update && crl.last_update < Time.now + FIVE_MINUTES_AS_SECONDS
-            Puppet.debug { "Ignoring CRL not yet valid, current time #{Time.now.utc}, CRL last updated #{crl.last_update.utc}" }
-            preverify_ok = true
-          else
-            @verify_errors << "#{error_string} for #{crl.issuer.to_utf8}"
-          end
-        else
-          @verify_errors << error_string
-        end
-      else
-        @verify_errors << "#{error_string} for #{current_cert.subject.to_utf8}"
-      end
-    end
-    preverify_ok
-  rescue => ex
-    @verify_errors << ex.message
-    false
-  end
-  # Registers the instance's call method with the connection.
-  #
-  # @param [Net::HTTP] connection The connection to validate
-  #
-  # @param [Puppet::SSL::Host] host The host object containing SSL data
-  # @return [void]
-  #
-  # @api private
-  #
-  def setup_connection(connection, ssl_host = Puppet.lookup(:ssl_host))
-    @hostname = connection.address
-    if ssl_certificates_are_present?
-      connection.cert_store = ssl_host.ssl_store
-      connection.ca_file = @ca_path
-      connection.cert = ssl_host.certificate.content
-      connection.key = ssl_host.key.content
-      connection.verify_mode = OpenSSL::SSL::VERIFY_PEER
-      connection.verify_callback = self
-    else
-      connection.verify_mode = OpenSSL::SSL::VERIFY_NONE
-    end
-  end
-  ##
-  # Decode a string of concatenated certificates
-  #
-  # @return [Array<OpenSSL::X509::Certificate>]
-  def decode_cert_bundle(bundle_str)
-    re = /-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----/m
-    pem_ary = bundle_str.scan(re)
-    pem_ary.map do |pem_str|
-      OpenSSL::X509::Certificate.new(pem_str)
-    end
-  end
-  # read_file makes testing easier.
-  def read_file(path)
-    # https://www.ietf.org/rfc/rfc2459.txt defines the x509 V3 certificate format
-    # CA bundles are concatenated X509 certificates, but may also include
-    # comments, which could have UTF-8 characters
-    Puppet::FileSystem.read(path, :encoding => Encoding::UTF_8)
-  end
-  # Validates the peer certificates against the authorized certificates.
-  #
-  # @api private
-  #
-  def valid_peer?
-    descending_cert_chain = @peer_certs.reverse
-    authz_ca_certs = decode_cert_bundle(read_file(@ca_path))
-    if not has_authz_peer_cert(descending_cert_chain, authz_ca_certs)
-      msg = "The server presented a SSL certificate chain which does not include a " <<
-        "CA listed in the ssl_client_ca_auth file.  "
-      msg << "Authorized Issuers: #{authz_ca_certs.collect {|c| c.subject.to_utf8}.join(', ')}  " <<
-        "Peer Chain: #{descending_cert_chain.collect {|c| c.subject.to_utf8}.join(' => ')}"
-      @verify_errors << msg
-      false
-    else
-      true
-    end
-  end
-  # Checks if the set of peer_certs contains at least one certificate issued
-  # by a certificate listed in authz_certs
-  #
-  # @return [Boolean]
-  #
-  # @api private
-  #
-  def has_authz_peer_cert(peer_certs, authz_certs)
-    peer_certs.any? do |peer_cert|
-      authz_certs.any? do |authz_cert|
-        peer_cert.verify(authz_cert.public_key)
-      end
-    end
-  end
-  # @api private
-  #
-  def ssl_certificates_are_present?
-    Puppet::FileSystem.exist?(Puppet[:hostcert]) && Puppet::FileSystem.exist?(@ca_path)
-  end
-end

data/lib/puppet/ssl/validator/no_validator.rb DELETED Viewed

@@ -1,22 +0,0 @@
-require 'puppet/ssl/openssl_loader'
-require 'puppet/ssl'
-# Performs no SSL verification
-#
-# @deprecated
-# @api private
-#
-class Puppet::SSL::Validator::NoValidator < Puppet::SSL::Validator
-  def setup_connection(connection)
-    connection.verify_mode = OpenSSL::SSL::VERIFY_NONE
-  end
-  def peer_certs
-    []
-  end
-  def verify_errors
-    []
-  end
-end

data/lib/puppet/ssl/validator.rb DELETED Viewed

@@ -1,61 +0,0 @@
-require 'puppet/ssl/openssl_loader'
-# API for certificate verification
-#
-# @deprecated
-# @api public
-class Puppet::SSL::Validator
-  # Factory method for creating an instance of a null/no validator.
-  # This method does not have to be implemented by concrete implementations of this API.
-  #
-  # @return [Puppet::SSL::Validator] produces a validator that performs no validation
-  #
-  # @api public
-  #
-  def self.no_validator()
-    @@no_validator_cache ||= Puppet::SSL::Validator::NoValidator.new()
-  end
-  # Factory method for creating an instance of the default Puppet validator.
-  # This method does not have to be implemented by concrete implementations of this API.
-  #
-  # @return [Puppet::SSL::Validator] produces a validator that performs no validation
-  #
-  # @api public
-  #
-  def self.default_validator()
-    Puppet::SSL::Validator::DefaultValidator.new()
-  end
-  # Array of peer certificates
-  # @return [Array<Puppet::SSL::Certificate>] peer certificates
-  #
-  # @api public
-  #
-  def peer_certs
-    raise NotImplementedError, "Concrete class should have implemented this method"
-  end
-  # Contains the result of validation
-  # @return [Array<String>, nil] nil, empty Array, or Array with messages
-  #
-  # @api public
-  #
-  def verify_errors
-    raise NotImplementedError, "Concrete class should have implemented this method"
-  end
-  # Registers the connection to validate.
-  #
-  # @param [Net::HTTP] connection The connection to validate
-  #
-  # @return [void]
-  #
-  # @api public
-  #
-  def setup_connection(connection)
-    raise NotImplementedError, "Concrete class should have implemented this method"
-  end
-end

data/lib/puppet/ssl/verifier_adapter.rb DELETED Viewed

@@ -1,58 +0,0 @@
-# Allows a `Puppet::SSL::Validator` to be used in situations where a
-# `Verifier` is required, while preserving the legacy validator behavior of:
-#
-# * Loading CA certs from `ssl_client_ca_auth` or `localcacert`
-# * Verifying each cert in the peer's chain is contained in the file
-#   loaded above.
-#
-class Puppet::SSL::VerifierAdapter
-  attr_reader :validator, :ssl_context
-  def initialize(validator)
-    @validator = validator
-    if validator.is_a?(Puppet::SSL::Validator::NoValidator)
-      ssl = Puppet::SSL::SSLProvider.new
-      @ssl_context = ssl.create_insecure_context
-    else
-      # nil means use the default SSLContext
-      @ssl_context = nil
-    end
-  end
-  # Return true if `self` is reusable with `verifier` meaning they
-  # are both using the same class of `Puppet::SSL::Validator`. In this
-  # case we only care the Validator class is the same. We can't require
-  # the same instances, because a new instance is created each time
-  # HttpPool.http_instance is called.
-  #
-  # @param verifier [Puppet::SSL::Verifier] the verifier to compare against
-  # @return [Boolean] return true if a cached connection can be used, false otherwise
-  def reusable?(verifier)
-    verifier.instance_of?(self.class) &&
-      verifier.validator.instance_of?(@validator.class)
-  end
-  # Configure the `http` connection based on the current `ssl_context`.
-  #
-  # @param http [Net::HTTP] connection
-  # @api private
-  def setup_connection(http)
-    @validator.setup_connection(http)
-  end
-  # Handle an SSL connection error.
-  #
-  # @param http [Net::HTTP] connection
-  # @param error [OpenSSL::SSL::SSLError] connection error
-  # @return (see Puppet::SSL::Verifier#handle_connection_error)
-  # @raise [Puppet::SSL::CertVerifyError] SSL connection failed due to a
-  #   verification error with the server's certificate or chain
-  # @raise [Puppet::Error] server hostname does not match certificate
-  # @raise [OpenSSL::SSL::SSLError] low-level SSL connection failure
-  def handle_connection_error(http, error)
-    raise @validator.last_error if @validator.respond_to?(:last_error) && @validator.last_error
-    Puppet::Util::SSL.handle_connection_error(error, @validator, http.address)
-  end
-end

data/lib/puppet/status.rb DELETED Viewed

@@ -1,40 +0,0 @@
-require 'puppet/indirector'
-class Puppet::Status
-  extend Puppet::Indirector
-  indirects :status, :terminus_class => :local
-  attr_accessor :status
-  def initialize( status = nil )
-    @status = status || {"is_alive" => true}
-  end
-  def to_data_hash
-    @status
-  end
-  def self.from_data_hash(data)
-    if data.include?('status')
-      self.new(data['status'])
-    else
-      self.new(data)
-    end
-  end
-  def name
-    "status"
-  end
-  def name=(name)
-    # NOOP
-  end
-  def version
-    @status['version']
-  end
-  def version=(version)
-    @status['version'] = version
-  end
-end

data/lib/puppet/util/connection.rb DELETED Viewed

@@ -1,88 +0,0 @@
-require 'puppet'
-require 'puppet/util/warnings'
-module Puppet::Util
-  module Connection
-    extend Puppet::Util::Warnings
-    # The logic for server and port is kind of gross. In summary:
-    # IF an endpoint-specific setting is requested AND that setting has been set by the user
-    #    Use that setting.
-    #         The defaults for these settings are the "normal" server/serverport settings, so
-    #         when they are unset we instead want to "fall back" to the failover-selected
-    #         host/port pair.
-    # ELSE IF we have a failover-selected host/port
-    #    Use what the failover logic came up with
-    # ELSE IF the server_list setting is in use
-    #    Use the first entry - failover hasn't happened yet, but that
-    #    setting is still authoritative
-    # ELSE
-    #    Go for the legacy server/serverport settings, and hope for the best
-    # Determines which server to use based on the specified setting, taking into
-    # account HA fallback from server_list.
-    # @param [Symbol] setting The preferred server setting to use
-    # @return [String] the name of the server for use in the request
-    def self.determine_server(setting)
-      if setting && setting != :server && Puppet.settings.set_by_config?(setting)
-        debug_once _("Selected server from the %{setting} setting: %{server}") % {setting: setting, server: Puppet.settings[setting]}
-        Puppet[setting]
-      else
-        server = Puppet.lookup(:server) do
-          primary_server = Puppet.settings[:server_list][0]
-          if primary_server
-            #TRANSLATORS 'server_list' is the name of a setting and should not be translated
-            debug_once _("Dynamically-bound server lookup failed; using first entry from the `server_list` setting: %{server}") % {server: primary_server[0]}
-            primary_server[0]
-          else
-            setting ||= :server
-            debug_once _("Dynamically-bound server lookup failed, falling back to %{setting} setting: %{server}") % {setting: setting, server: Puppet.settings[setting]}
-            Puppet.settings[setting]
-          end
-        end
-        server
-      end
-    end
-    # Determines which port to use based on the specified setting, taking into
-    # account HA fallback from server_list.
-    # For port there's a little bit of an extra snag: setting a specific
-    # server setting and relying on the default port for that server is
-    # common, so we also want to check if the assocaited SERVER setting
-    # has been set by the user. If either of those are set we ignore the
-    # failover-selected port.
-    # @param [Symbol] port_setting The preferred port setting to use
-    # @param [Symbol] server_setting The server setting assoicated with this route.
-    # @return [Integer] the port to use for use in the request
-    def self.determine_port(port_setting, server_setting)
-      if (port_setting && port_setting != :serverport && Puppet.settings.set_by_config?(port_setting)) ||
-         (server_setting && server_setting != :server && Puppet.settings.set_by_config?(server_setting))
-        debug_once _("Selected port from the %{setting} setting: %{port}") % {setting: port_setting, port: Puppet.settings[port_setting].to_i}
-        Puppet.settings[port_setting].to_i
-      else
-        port = Puppet.lookup(:serverport) do
-          primary_server = Puppet.settings[:server_list][0]
-          if primary_server
-            # Port might not be set, so we want to fallback in that
-            # case. We know we don't need to use `setting` here, since
-            # the default value of every port setting is `serverport`
-            if primary_server[1]
-              #TRANSLATORS 'server_list' is the name of a setting and should not be translated
-              debug_once _("Dynamically-bound port lookup failed; using first entry from the `server_list` setting: %{port}") % {port: primary_server[1]}
-              primary_server[1]
-            else
-              #TRANSLATORS 'serverport' is the name of a setting and should not be translated
-              debug_once _("Dynamically-bound port lookup failed; falling back to `serverport` setting: %{port}") % {port: Puppet.settings[:serverport]}
-              Puppet.settings[:serverport]
-            end
-          else
-            port_setting ||= :serverport
-            debug_once _("Dynamically-bound port lookup failed; falling back to %{setting} setting: %{port}") % {setting: port_setting, port: Puppet.settings[port_setting]}
-            Puppet.settings[port_setting]
-          end
-        end
-        port.to_i
-      end
-    end
-  end
-end

data/lib/puppet/util/fact_dif.rb DELETED Viewed

@@ -1,81 +0,0 @@
-require 'json'
-class FactDif
-  def initialize(old_output, new_output, exclude_list, save_structured)
-    @c_facter = JSON.parse(old_output)
-    @next_facter = JSON.parse(new_output)
-    @exclude_list = exclude_list
-    @save_structured = save_structured
-    @flat_diff = []
-    @diff = {}
-  end
-  def difs
-    search_hash(((@c_facter.to_a - @next_facter.to_a) | (@next_facter.to_a - @c_facter.to_a)).to_h)
-    @flat_diff.sort_by { |a| a[0] }.each do |pair|
-      fact_path = pair[0]
-      value = pair[1]
-      compare(fact_path, value, @c_facter)
-      compare(fact_path, value, @next_facter)
-    end
-    @diff
-  end
-  private
-  def search_hash(sh, path = [])
-    if sh.is_a?(Hash)
-      sh.each do |k, v|
-        search_hash(v, path.push(k))
-        path.pop
-      end
-    elsif sh.is_a?(Array)
-      sh.each_with_index do |v, index|
-        search_hash(v, path.push(index))
-        path.pop
-      end
-    else
-      @flat_diff.push([path.dup, sh])
-    end
-  end
-  def compare(fact_path, given_value, compared_hash)
-    compared_value = compared_hash.dig(*fact_path)
-    if different?(compared_value, given_value) && !excluded?(fact_path.join('.'))
-      fact_path = fact_path.map{|f| f.to_s.include?('.') ? "\"#{f}\"" : f}.join('.') unless @save_structured
-      if compared_hash == @c_facter
-        bury(*fact_path, { :new_value => given_value, :old_value => compared_value }, @diff)
-      else
-        bury(*fact_path, { :new_value => compared_value, :old_value => given_value }, @diff)
-      end
-    end
-  end
-  def bury(*paths, value, hash)
-    if paths.count > 1
-      path = paths.shift
-      hash[path] = Hash.new unless hash.key?(path)
-      bury(*paths, value, hash[path])
-    else
-      hash[*paths] = value
-    end
-  end
-  def different?(new, old)
-    if old.is_a?(String) && new.is_a?(String) && (old.include?(',') || new.include?(','))
-      old_values = old.split(',')
-      new_values = new.split(',')
-      diff = (old_values - new_values) | (new_values - old_values)
-      return diff.size.positive?
-    end
-    old != new
-  end
-  def excluded?(fact_name)
-    @exclude_list.any? {|excluded_fact| fact_name =~ /#{excluded_fact}/}
-  end
-end

data/lib/puppet/util/ssl.rb DELETED Viewed

@@ -1,83 +0,0 @@
-require 'puppet/ssl/openssl_loader'
-##
-# SSL is a private module with class methods that help work with x.509
-# subjects and errors.
-#
-# @api private
-module Puppet::Util::SSL
-  @@dn_parsers = nil
-  @@no_name = nil
-  # Given a DN string, parse it into an OpenSSL certificate subject.  This
-  # method will flexibly handle both OpenSSL and RFC2253 formats, as given by
-  # nginx and Apache, respectively.
-  #
-  # @param [String] dn the x.509 Distinguished Name (DN) string.
-  #
-  # @return [OpenSSL::X509::Name] the certificate subject
-  def self.subject_from_dn(dn)
-    if is_possibly_valid_dn?(dn)
-      parsers = @@dn_parsers ||= [
-            OpenSSL::X509::Name.method(:parse_rfc2253),
-            OpenSSL::X509::Name.method(:parse_openssl)
-        ]
-      parsers.each do |parser|
-        begin
-          return parser.call(dn)
-        rescue OpenSSL::X509::NameError
-        end
-      end
-    end
-    @@no_name ||= OpenSSL::X509::Name.new
-  end
-  ##
-  # cn_from_subject extracts the CN from the given OpenSSL certificate
-  # subject.
-  #
-  # @api private
-  #
-  # @param [OpenSSL::X509::Name] subject the subject to extract the CN field from
-  #
-  # @return [String, nil] the CN, or nil if not found
-  def self.cn_from_subject(subject)
-    if subject.respond_to? :to_a
-      (subject.to_a.assoc('CN') || [])[1]
-    end
-  end
-  def self.is_possibly_valid_dn?(dn)
-    dn =~ /=/
-  end
-  ##
-  # Extract and format meaningful error messages from OpenSSL::OpenSSLErrors
-  # and a Validator. Re-raises the error if unknown.
-  #
-  # @api private
-  #
-  # @param [OpenSSL::OpenSSLError] error An error thrown during creating a
-  #   connection
-  # @param [Puppet::SSL::DefaultValidator] verifier A Validator who may have
-  #   invalidated the connection
-  # @param [String] host The DNS name of the other end of the SSL connection
-  #
-  # @raises [Puppet::Error, OpenSSL::OpenSSLError]
-  def self.handle_connection_error(error, verifier, host)
-    # can be nil
-    peer_cert = verifier.peer_certs.last
-    if error.message.include? "certificate verify failed"
-      msg = error.message
-      msg << ": [" + verifier.verify_errors.join('; ') + "]"
-      raise Puppet::Error, msg, error.backtrace
-    elsif peer_cert && !OpenSSL::SSL.verify_certificate_identity(peer_cert, host)
-      raise Puppet::SSL::CertMismatchError.new(peer_cert, host)
-    else
-      raise error
-    end
-  end
-end