puppet 6.3.0-x64-mingw32 → 6.4.0-x64-mingw32

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of puppet might be problematic. Click here for more details.

Files changed (147) hide show
  1. checksums.yaml +4 -4
  2. data/CODEOWNERS +30 -0
  3. data/Gemfile.lock +9 -9
  4. data/lib/puppet.rb +13 -0
  5. data/lib/puppet/application/agent.rb +8 -12
  6. data/lib/puppet/application/device.rb +2 -3
  7. data/lib/puppet/application/filebucket.rb +6 -1
  8. data/lib/puppet/application/ssl.rb +102 -55
  9. data/lib/puppet/configurer.rb +8 -7
  10. data/lib/puppet/defaults.rb +3 -1
  11. data/lib/puppet/file_system.rb +24 -4
  12. data/lib/puppet/file_system/file_impl.rb +25 -0
  13. data/lib/puppet/file_system/jruby.rb +23 -0
  14. data/lib/puppet/file_system/windows.rb +84 -0
  15. data/lib/puppet/indirector/rest.rb +4 -2
  16. data/lib/puppet/loaders.rb +1 -0
  17. data/lib/puppet/network/http.rb +1 -0
  18. data/lib/puppet/network/http/base_pool.rb +18 -0
  19. data/lib/puppet/network/http/connection.rb +49 -17
  20. data/lib/puppet/network/http/nocache_pool.rb +9 -4
  21. data/lib/puppet/network/http/pool.rb +10 -11
  22. data/lib/puppet/network/http/session.rb +3 -2
  23. data/lib/puppet/network/http_pool.rb +32 -0
  24. data/lib/puppet/pops/loader/generic_plan_instantiator.rb +28 -0
  25. data/lib/puppet/pops/loader/loader_paths.rb +46 -10
  26. data/lib/puppet/pops/loader/module_loaders.rb +10 -3
  27. data/lib/puppet/provider/file/windows.rb +49 -1
  28. data/lib/puppet/provider/package/windows.rb +5 -1
  29. data/lib/puppet/reports/http.rb +2 -1
  30. data/lib/puppet/rest/client.rb +7 -3
  31. data/lib/puppet/rest/routes.rb +9 -44
  32. data/lib/puppet/ssl.rb +6 -0
  33. data/lib/puppet/ssl/error.rb +26 -0
  34. data/lib/puppet/ssl/host.rb +9 -92
  35. data/lib/puppet/ssl/ssl_context.rb +30 -0
  36. data/lib/puppet/ssl/ssl_provider.rb +232 -0
  37. data/lib/puppet/ssl/state_machine.rb +261 -0
  38. data/lib/puppet/ssl/validator.rb +1 -0
  39. data/lib/puppet/ssl/validator/default_validator.rb +1 -0
  40. data/lib/puppet/ssl/validator/no_validator.rb +2 -0
  41. data/lib/puppet/ssl/verifier.rb +134 -0
  42. data/lib/puppet/ssl/verifier_adapter.rb +48 -0
  43. data/lib/puppet/test/test_helper.rb +2 -1
  44. data/lib/puppet/type/exec.rb +30 -6
  45. data/lib/puppet/type/file/mode.rb +6 -1
  46. data/lib/puppet/type/file/source.rb +2 -2
  47. data/lib/puppet/type/filebucket.rb +12 -8
  48. data/lib/puppet/type/user.rb +14 -1
  49. data/lib/puppet/util/connection.rb +10 -5
  50. data/lib/puppet/util/feature.rb +11 -2
  51. data/lib/puppet/util/http_proxy.rb +3 -2
  52. data/lib/puppet/util/pidlock.rb +1 -1
  53. data/lib/puppet/util/ssl.rb +1 -10
  54. data/lib/puppet/util/windows/security.rb +29 -8
  55. data/lib/puppet/version.rb +1 -1
  56. data/lib/puppet/x509.rb +7 -0
  57. data/lib/puppet/x509/cert_provider.rb +286 -0
  58. data/lib/puppet/x509/pem_store.rb +55 -0
  59. data/locales/ja/puppet.po +740 -590
  60. data/locales/puppet.pot +433 -208
  61. data/man/man5/puppet.conf.5 +6 -3
  62. data/man/man8/puppet-agent.8 +1 -1
  63. data/man/man8/puppet-apply.8 +1 -1
  64. data/man/man8/puppet-catalog.8 +1 -1
  65. data/man/man8/puppet-config.8 +1 -1
  66. data/man/man8/puppet-describe.8 +1 -1
  67. data/man/man8/puppet-device.8 +1 -1
  68. data/man/man8/puppet-doc.8 +1 -1
  69. data/man/man8/puppet-epp.8 +1 -1
  70. data/man/man8/puppet-facts.8 +1 -1
  71. data/man/man8/puppet-filebucket.8 +6 -2
  72. data/man/man8/puppet-generate.8 +1 -1
  73. data/man/man8/puppet-help.8 +1 -1
  74. data/man/man8/puppet-key.8 +1 -1
  75. data/man/man8/puppet-lookup.8 +1 -1
  76. data/man/man8/puppet-man.8 +1 -1
  77. data/man/man8/puppet-module.8 +1 -1
  78. data/man/man8/puppet-node.8 +1 -1
  79. data/man/man8/puppet-parser.8 +1 -1
  80. data/man/man8/puppet-plugin.8 +1 -1
  81. data/man/man8/puppet-report.8 +1 -1
  82. data/man/man8/puppet-resource.8 +1 -1
  83. data/man/man8/puppet-script.8 +1 -1
  84. data/man/man8/puppet-ssl.8 +5 -1
  85. data/man/man8/puppet-status.8 +1 -1
  86. data/man/man8/puppet.8 +2 -2
  87. data/spec/fixtures/ssl/127.0.0.1-key.pem +67 -0
  88. data/spec/fixtures/ssl/127.0.0.1.pem +48 -0
  89. data/spec/fixtures/ssl/bad-basic-constraints.pem +59 -0
  90. data/spec/fixtures/ssl/bad-int-basic-constraints.pem +59 -0
  91. data/spec/fixtures/ssl/ca.pem +59 -0
  92. data/spec/fixtures/ssl/crl.pem +30 -0
  93. data/spec/fixtures/ssl/encrypted-key.pem +70 -0
  94. data/spec/fixtures/ssl/intermediate-agent-crl.pem +31 -0
  95. data/spec/fixtures/ssl/intermediate-agent.pem +60 -0
  96. data/spec/fixtures/ssl/intermediate-crl.pem +36 -0
  97. data/spec/fixtures/ssl/intermediate.pem +60 -0
  98. data/spec/fixtures/ssl/netlock-arany-utf8.pem +23 -0
  99. data/spec/fixtures/ssl/pluto-key.pem +67 -0
  100. data/spec/fixtures/ssl/pluto.pem +44 -0
  101. data/spec/fixtures/ssl/request-key.pem +67 -0
  102. data/spec/fixtures/ssl/request.pem +39 -0
  103. data/spec/fixtures/ssl/revoked-key.pem +67 -0
  104. data/spec/fixtures/ssl/revoked.pem +44 -0
  105. data/spec/fixtures/ssl/signed-key.pem +67 -0
  106. data/spec/fixtures/ssl/signed.pem +44 -0
  107. data/spec/fixtures/ssl/tampered-cert.pem +44 -0
  108. data/spec/fixtures/ssl/tampered-csr.pem +39 -0
  109. data/spec/integration/network/http_pool_spec.rb +222 -0
  110. data/spec/integration/provider/file/windows_spec.rb +162 -0
  111. data/spec/integration/rest/client_spec.rb +73 -0
  112. data/spec/integration/type/file_spec.rb +0 -19
  113. data/spec/lib/puppet/test_ca.rb +87 -50
  114. data/spec/lib/puppet_spec/fixtures.rb +20 -0
  115. data/spec/lib/puppet_spec/https.rb +84 -0
  116. data/spec/unit/application/agent_spec.rb +29 -30
  117. data/spec/unit/application/device_spec.rb +12 -49
  118. data/spec/unit/application/ssl_spec.rb +24 -38
  119. data/spec/unit/configurer_spec.rb +11 -11
  120. data/spec/unit/file_system/uniquefile_spec.rb +6 -0
  121. data/spec/unit/file_system_spec.rb +214 -0
  122. data/spec/unit/indirector/rest_spec.rb +3 -3
  123. data/spec/unit/network/http/connection_spec.rb +30 -90
  124. data/spec/unit/network/http/factory_spec.rb +1 -0
  125. data/spec/unit/network/http/nocache_pool_spec.rb +8 -8
  126. data/spec/unit/network/http/pool_spec.rb +63 -33
  127. data/spec/unit/network/http/session_spec.rb +8 -1
  128. data/spec/unit/network/http_pool_spec.rb +36 -0
  129. data/spec/unit/pops/loaders/loader_spec.rb +26 -1
  130. data/spec/unit/provider/package/windows_spec.rb +12 -1
  131. data/spec/unit/reports/http_spec.rb +7 -7
  132. data/spec/unit/rest/client_spec.rb +4 -6
  133. data/spec/unit/ssl/host_spec.rb +39 -33
  134. data/spec/unit/ssl/ssl_provider_spec.rb +428 -0
  135. data/spec/unit/ssl/state_machine_spec.rb +502 -0
  136. data/spec/unit/ssl/verifier_spec.rb +123 -0
  137. data/spec/unit/type/exec_spec.rb +63 -0
  138. data/spec/unit/type/file/source_spec.rb +5 -5
  139. data/spec/unit/type/filebucket_spec.rb +8 -6
  140. data/spec/unit/util/feature_spec.rb +2 -2
  141. data/spec/unit/util/storage_spec.rb +19 -19
  142. data/spec/unit/x509/cert_provider_spec.rb +527 -0
  143. data/spec/unit/x509/pem_store_spec.rb +160 -0
  144. data/tasks/generate_cert_fixtures.rake +158 -0
  145. metadata +78 -4
  146. data/MAINTAINERS +0 -47
  147. data/lib/puppet/rest/ssl_context.rb +0 -13
@@ -305,7 +305,9 @@ module Puppet
305
305
  :manage_internal_file_permissions => {
306
306
  :default => ! Puppet::Util::Platform.windows?,
307
307
  :type => :boolean,
308
- :desc => "Whether Puppet should manage the owner, group, and mode of files it uses internally",
308
+ :desc => "Whether Puppet should manage the owner, group, and mode of files it uses internally.
309
+
310
+ **Note**: For Windows agents, the default is `false` for versions 4.10.13 and greater, versions 5.5.6 and greater, and versions 6.0 and greater.",
309
311
  },
310
312
  :onetime => {
311
313
  :default => false,
@@ -10,10 +10,13 @@ module Puppet::FileSystem
10
10
  @impl = if Puppet::Util::Platform.windows?
11
11
  require 'puppet/file_system/windows'
12
12
  Puppet::FileSystem::Windows
13
- else
14
- require 'puppet/file_system/posix'
15
- Puppet::FileSystem::Posix
16
- end.new()
13
+ elsif Puppet::Util::Platform.jruby?
14
+ require 'puppet/file_system/jruby'
15
+ Puppet::FileSystem::JRuby
16
+ else
17
+ require 'puppet/file_system/posix'
18
+ Puppet::FileSystem::Posix
19
+ end.new()
17
20
 
18
21
  # Allows overriding the filesystem for the duration of the given block.
19
22
  # The filesystem will only contain the given file(s).
@@ -401,4 +404,21 @@ module Puppet::FileSystem
401
404
  def self.chmod(mode, path)
402
405
  @impl.chmod(mode, path)
403
406
  end
407
+
408
+ # Replace the contents of a file atomically, creating the file if necessary.
409
+ # If a `mode` is specified, then it will always be applied to the file. If
410
+ # a `mode` is not specified and the file exists, its mode will be preserved.
411
+ # If the file doesn't exist, the mode will be set to a platform-specific
412
+ # default.
413
+ #
414
+ # @param path [String] The path to the file, can also accept [PathName]
415
+ # @param mode [Integer] Optional mode for the file.
416
+ #
417
+ # @raise [Errno::EISDIR]: path is a directory
418
+ #
419
+ # @api public
420
+ #
421
+ def self.replace_file(path, mode = nil, &block)
422
+ @impl.replace_file(assert_path(path), mode, &block)
423
+ end
404
424
  end
@@ -151,4 +151,29 @@ class Puppet::FileSystem::FileImpl
151
151
  def chmod(mode, path)
152
152
  FileUtils.chmod(mode, path)
153
153
  end
154
+
155
+ def replace_file(path, mode = nil)
156
+ mode ||= begin
157
+ stat = Puppet::FileSystem.lstat(path)
158
+ stat.mode & 07777
159
+ rescue Errno::ENOENT
160
+ 0640
161
+ end
162
+
163
+ tempfile = Puppet::FileSystem::Uniquefile.new(Puppet::FileSystem.basename_string(path), Puppet::FileSystem.dir_string(path))
164
+ begin
165
+ begin
166
+ yield tempfile
167
+ tempfile.flush
168
+ tempfile.fsync
169
+ ensure
170
+ tempfile.close
171
+ end
172
+
173
+ chmod(mode, tempfile.path)
174
+ File.rename(tempfile.path, Puppet::FileSystem.path_string(path))
175
+ ensure
176
+ tempfile.close!
177
+ end
178
+ end
154
179
  end
@@ -0,0 +1,23 @@
1
+ require 'puppet/file_system/posix'
2
+
3
+ class Puppet::FileSystem::JRuby < Puppet::FileSystem::Posix
4
+ def unlink(*paths)
5
+ File.unlink(*paths)
6
+ rescue Errno::ENOENT
7
+ # JRuby raises ENOENT if the path doesn't exist or the parent directory
8
+ # doesn't allow execute/traverse. If it's the former, `stat` will raise
9
+ # ENOENT, if it's the later, it'll raise EACCES
10
+ # See https://github.com/jruby/jruby/issues/5617
11
+ stat(*paths)
12
+ end
13
+
14
+ def replace_file(path, mode = nil, &block)
15
+ # MRI Ruby rename checks if destination is a directory and raises, while
16
+ # JRuby removes the directory and replaces the file.
17
+ if Puppet::FileSystem.directory?(path)
18
+ raise Errno::EISDIR, _("Is a directory: %{directory}") % { directory: path }
19
+ end
20
+
21
+ super
22
+ end
23
+ end
@@ -2,6 +2,8 @@ require 'puppet/file_system/posix'
2
2
  require 'puppet/util/windows'
3
3
 
4
4
  class Puppet::FileSystem::Windows < Puppet::FileSystem::Posix
5
+ FULL_CONTROL = Puppet::Util::Windows::File::FILE_ALL_ACCESS
6
+ FILE_READ = Puppet::Util::Windows::File::FILE_GENERIC_READ
5
7
 
6
8
  def open(path, mode, options, &block)
7
9
  # PUP-6959 mode is explicitly ignored until it can be implemented
@@ -114,8 +116,90 @@ class Puppet::FileSystem::Windows < Puppet::FileSystem::Posix
114
116
  contents
115
117
  end
116
118
 
119
+ # https://docs.microsoft.com/en-us/windows/desktop/debug/system-error-codes--0-499-
120
+ ACCESS_DENIED = 5
121
+ SHARING_VIOLATION = 32
122
+ LOCK_VIOLATION = 33
123
+
124
+ def replace_file(path, mode = nil)
125
+ if Puppet::FileSystem.directory?(path)
126
+ raise Errno::EISDIR, _("Is a directory: %{directory}") % { directory: path }
127
+ end
128
+
129
+ current_sid = Puppet::Util::Windows::SID.name_to_sid(Puppet::Util::Windows::ADSI::User.current_user_name)
130
+ dacl = case mode
131
+ when 0644
132
+ dacl = secure_dacl(current_sid)
133
+ dacl.allow(Puppet::Util::Windows::SID::BuiltinUsers, FILE_READ)
134
+ dacl
135
+ when 0640, 0600
136
+ secure_dacl(current_sid)
137
+ when nil
138
+ get_dacl_from_file(path) || secure_dacl(current_sid)
139
+ else
140
+ raise ArgumentError, "Only modes 0644, 0640 and 0600 are allowed"
141
+ end
142
+
143
+
144
+ tempfile = Puppet::FileSystem::Uniquefile.new(Puppet::FileSystem.basename_string(path), Puppet::FileSystem.dir_string(path))
145
+ begin
146
+ tempdacl = Puppet::Util::Windows::AccessControlList.new
147
+ tempdacl.allow(current_sid, FULL_CONTROL)
148
+ set_dacl(tempfile.path, tempdacl)
149
+
150
+ begin
151
+ yield tempfile
152
+ tempfile.flush
153
+ tempfile.fsync
154
+ ensure
155
+ tempfile.close
156
+ end
157
+
158
+ set_dacl(tempfile.path, dacl) if dacl
159
+ File.rename(tempfile.path, Puppet::FileSystem.path_string(path))
160
+ ensure
161
+ tempfile.close!
162
+ end
163
+ rescue Puppet::Util::Windows::Error => e
164
+ case e.code
165
+ when ACCESS_DENIED, SHARING_VIOLATION, LOCK_VIOLATION
166
+ raise Errno::EACCES.new(Puppet::FileSystem.path_string(path), e)
167
+ else
168
+ raise SystemCallError.new(e.message)
169
+ end
170
+ end
171
+
117
172
  private
118
173
 
174
+ def set_dacl(path, dacl)
175
+ sd = Puppet::Util::Windows::Security.get_security_descriptor(path)
176
+ new_sd = Puppet::Util::Windows::SecurityDescriptor.new(sd.owner, sd.group, dacl, true)
177
+ Puppet::Util::Windows::Security.set_security_descriptor(path, new_sd)
178
+ end
179
+
180
+ def secure_dacl(current_sid)
181
+ dacl = Puppet::Util::Windows::AccessControlList.new
182
+ [
183
+ Puppet::Util::Windows::SID::LocalSystem,
184
+ Puppet::Util::Windows::SID::BuiltinAdministrators,
185
+ current_sid
186
+ ].uniq.map do |sid|
187
+ dacl.allow(sid, FULL_CONTROL)
188
+ end
189
+ dacl
190
+ end
191
+
192
+ def get_dacl_from_file(path)
193
+ sd = Puppet::Util::Windows::Security.get_security_descriptor(Puppet::FileSystem.path_string(path))
194
+ sd.dacl
195
+ rescue Puppet::Util::Windows::Error => e
196
+ if e.code == 2 # ERROR_FILE_NOT_FOUND
197
+ nil
198
+ else
199
+ raise e
200
+ end
201
+ end
202
+
119
203
  def raise_if_symlinks_unsupported
120
204
  if ! Puppet.features.manages_symlinks?
121
205
  msg = _("This version of Windows does not support symlinks. Windows Vista / 2008 or higher is required.")
@@ -73,8 +73,10 @@ class Puppet::Indirector::REST < Puppet::Indirector::Terminus
73
73
  end
74
74
 
75
75
  def network(request)
76
- Puppet::Network::HttpPool.http_instance(request.server || self.class.server,
77
- request.port || self.class.port)
76
+ ssl_context = Puppet.lookup(:ssl_context)
77
+ Puppet::Network::HttpPool.connection(request.server || self.class.server,
78
+ request.port || self.class.port,
79
+ ssl_context: ssl_context)
78
80
  end
79
81
 
80
82
  def http_get(request, path, headers = nil, *args)
@@ -21,6 +21,7 @@ module Puppet
21
21
  require 'puppet/pops/loader/loader_paths'
22
22
  require 'puppet/pops/loader/simple_environment_loader'
23
23
  require 'puppet/pops/loader/predefined_loader'
24
+ require 'puppet/pops/loader/generic_plan_instantiator'
24
25
  require 'puppet/pops/loader/puppet_plan_instantiator'
25
26
  end
26
27
  end
@@ -21,6 +21,7 @@ module Puppet::Network::HTTP
21
21
  require 'puppet/network/http/site'
22
22
  require 'puppet/network/http/session'
23
23
  require 'puppet/network/http/factory'
24
+ require 'puppet/network/http/base_pool'
24
25
  require 'puppet/network/http/nocache_pool'
25
26
  require 'puppet/network/http/pool'
26
27
  require 'puppet/network/http/memory_response'
@@ -0,0 +1,18 @@
1
+ # Base pool for HTTP connections.
2
+ #
3
+ # @api private
4
+ class Puppet::Network::HTTP::BasePool
5
+ def start(site, verifier, http)
6
+ Puppet.debug("Starting connection for #{site}")
7
+ if verifier
8
+ verifier.setup_connection(http)
9
+ begin
10
+ http.start
11
+ rescue OpenSSL::SSL::SSLError => error
12
+ verifier.handle_connection_error(http, error)
13
+ end
14
+ else
15
+ http.start
16
+ end
17
+ end
18
+ end
@@ -25,7 +25,8 @@ module Puppet::Network::HTTP
25
25
 
26
26
  OPTION_DEFAULTS = {
27
27
  :use_ssl => true,
28
- :verify => nil,
28
+ :verify => nil, # Puppet::SSL::Validator is deprecated
29
+ :verifier => nil,
29
30
  :redirect_limit => 10,
30
31
  }
31
32
 
@@ -56,7 +57,17 @@ module Puppet::Network::HTTP
56
57
 
57
58
  options = OPTION_DEFAULTS.merge(options)
58
59
  @use_ssl = options[:use_ssl]
59
- @verify = options[:verify]
60
+ if @use_ssl
61
+ if options[:verifier]
62
+ unless options[:verifier].is_a?(Puppet::SSL::Verifier)
63
+ raise ArgumentError, _("Expected an instance of Puppet::SSL::Verifier but was passed a %{klass}") % { klass: options[:verifier].class }
64
+ end
65
+
66
+ @verifier = options[:verifier]
67
+ else
68
+ @verifier = Puppet::SSL::VerifierAdapter.new(options[:verify])
69
+ end
70
+ end
60
71
  @redirect_limit = options[:redirect_limit]
61
72
  @site = Puppet::Network::HTTP::Site.new(@use_ssl ? 'https' : 'http', host, port)
62
73
  @pool = Puppet.lookup(:http_pool)
@@ -130,20 +141,26 @@ module Puppet::Network::HTTP
130
141
  # future we may want to refactor these so that they are funneled through
131
142
  # that method and do inherit the error handling.
132
143
  def request_get(*args, &block)
133
- with_connection(@site) do |connection|
134
- connection.request_get(*args, &block)
144
+ with_connection(@site) do |http|
145
+ resp = http.request_get(*args, &block)
146
+ Puppet.debug("HTTP GET #{@site}#{args.first.split('?').first} returned #{resp.code} #{resp.message}")
147
+ resp
135
148
  end
136
149
  end
137
150
 
138
151
  def request_head(*args, &block)
139
- with_connection(@site) do |connection|
140
- connection.request_head(*args, &block)
152
+ with_connection(@site) do |http|
153
+ resp = http.request_head(*args, &block)
154
+ Puppet.debug("HTTP HEAD #{@site}#{args.first.split('?').first} returned #{resp.code} #{resp.message}")
155
+ resp
141
156
  end
142
157
  end
143
158
 
144
159
  def request_post(*args, &block)
145
- with_connection(@site) do |connection|
146
- connection.request_post(*args, &block)
160
+ with_connection(@site) do |http|
161
+ resp = http.request_post(*args, &block)
162
+ Puppet.debug("HTTP POST #{@site}#{args.first.split('?').first} returned #{resp.code} #{resp.message}")
163
+ resp
147
164
  end
148
165
  end
149
166
  # end of Net::HTTP#request_* proxies
@@ -163,6 +180,11 @@ module Puppet::Network::HTTP
163
180
  @site.use_ssl?
164
181
  end
165
182
 
183
+ # @api private
184
+ def verifier
185
+ @verifier
186
+ end
187
+
166
188
  private
167
189
 
168
190
  def do_request(request, options)
@@ -297,23 +319,33 @@ module Puppet::Network::HTTP
297
319
 
298
320
  def execute_request(connection, request)
299
321
  start = Time.now
300
- connection.request(request)
301
- rescue EOFError => e
322
+ resp = connection.request(request)
323
+ Puppet.debug("HTTP #{request.method.upcase} #{@site}#{request.path.split('?').first} returned #{resp.code} #{resp.message}")
324
+ resp
325
+ rescue => exception
302
326
  elapsed = (Time.now - start).to_f.round(3)
303
- uri = @site.addr + request.path.split('?')[0]
304
- eof = EOFError.new(_('request %{uri} interrupted after %{elapsed} seconds') % {uri: uri, elapsed: elapsed})
305
- eof.set_backtrace(e.backtrace) unless e.backtrace.empty?
306
- raise eof
327
+ uri = [@site.addr, request.path.split('?')[0]].join('/')
328
+ eclass = exception.class
329
+
330
+ err = case exception
331
+ when EOFError
332
+ eclass.new(_('request %{uri} interrupted after %{elapsed} seconds') % {uri: uri, elapsed: elapsed})
333
+ when Timeout::Error
334
+ eclass.new(_('request %{uri} timed out after %{elapsed} seconds') % {uri: uri, elapsed: elapsed})
335
+ else
336
+ eclass.new(_('request %{uri} failed: %{msg}') % {uri: uri, msg: exception.message})
337
+ end
338
+
339
+ err.set_backtrace(exception.backtrace) unless exception.backtrace.empty?
340
+ raise err
307
341
  end
308
342
 
309
343
  def with_connection(site, &block)
310
344
  response = nil
311
- @pool.with_connection(site, @verify) do |conn|
345
+ @pool.with_connection(site, @verifier) do |conn|
312
346
  response = yield conn
313
347
  end
314
348
  response
315
- rescue OpenSSL::SSL::SSLError => error
316
- Puppet::Util::SSL.handle_connection_error(error, @verify, site.host)
317
349
  end
318
350
  end
319
351
  end
@@ -1,7 +1,7 @@
1
1
  # A pool that does not cache HTTP connections.
2
2
  #
3
3
  # @api private
4
- class Puppet::Network::HTTP::NoCachePool
4
+ class Puppet::Network::HTTP::NoCachePool < Puppet::Network::HTTP::BasePool
5
5
  def initialize(factory = Puppet::Network::HTTP::Factory.new)
6
6
  @factory = factory
7
7
  end
@@ -9,10 +9,15 @@ class Puppet::Network::HTTP::NoCachePool
9
9
  # Yields a <tt>Net::HTTP</tt> connection.
10
10
  #
11
11
  # @yieldparam http [Net::HTTP] An HTTP connection
12
- def with_connection(site, verify, &block)
12
+ def with_connection(site, verifier, &block)
13
13
  http = @factory.create_connection(site)
14
- verify.setup_connection(http)
15
- yield http
14
+ start(site, verifier, http)
15
+ begin
16
+ yield http
17
+ ensure
18
+ Puppet.debug("Closing connection for #{site}")
19
+ http.finish
20
+ end
16
21
  end
17
22
 
18
23
  def close
@@ -8,7 +8,7 @@
8
8
  #
9
9
  # @api private
10
10
  #
11
- class Puppet::Network::HTTP::Pool
11
+ class Puppet::Network::HTTP::Pool < Puppet::Network::HTTP::BasePool
12
12
  FIFTEEN_SECONDS = 15
13
13
 
14
14
  attr_reader :factory
@@ -19,10 +19,10 @@ class Puppet::Network::HTTP::Pool
19
19
  @keepalive_timeout = keepalive_timeout
20
20
  end
21
21
 
22
- def with_connection(site, verify, &block)
22
+ def with_connection(site, verifier, &block)
23
23
  reuse = true
24
24
 
25
- http = borrow(site, verify)
25
+ http = borrow(site, verifier)
26
26
  begin
27
27
  if http.use_ssl? && http.verify_mode != OpenSSL::SSL::VERIFY_PEER
28
28
  reuse = false
@@ -34,7 +34,7 @@ class Puppet::Network::HTTP::Pool
34
34
  raise detail
35
35
  ensure
36
36
  if reuse
37
- release(site, http)
37
+ release(site, verifier, http)
38
38
  else
39
39
  close_connection(site, http)
40
40
  end
@@ -69,18 +69,17 @@ class Puppet::Network::HTTP::Pool
69
69
  # connection is created, it will be started prior to being returned.
70
70
  #
71
71
  # @api private
72
- def borrow(site, verify)
72
+ def borrow(site, verifier)
73
73
  @pool[site] = active_sessions(site)
74
- session = @pool[site].shift
74
+ index = @pool[site].index { |session| verifier.reusable?(session.verifier) }
75
+ session = index ? @pool[site].delete_at(index) : nil
75
76
  if session
76
77
  Puppet.debug("Using cached connection for #{site}")
77
78
  session.connection
78
79
  else
79
80
  http = @factory.create_connection(site)
80
- verify.setup_connection(http)
81
81
 
82
- Puppet.debug("Starting connection for #{site}")
83
- http.start
82
+ start(site, verifier, http)
84
83
  setsockopts(http.instance_variable_get(:@socket))
85
84
  http
86
85
  end
@@ -97,9 +96,9 @@ class Puppet::Network::HTTP::Pool
97
96
  # Release a connection back into the pool.
98
97
  #
99
98
  # @api private
100
- def release(site, http)
99
+ def release(site, verifier, http)
101
100
  expiration = Time.now + @keepalive_timeout
102
- session = Puppet::Network::HTTP::Session.new(http, expiration)
101
+ session = Puppet::Network::HTTP::Session.new(http, verifier, expiration)
103
102
  Puppet.debug("Caching connection for #{site}")
104
103
 
105
104
  sessions = @pool[site]