puppet 6.3.0-x86-mingw32 → 6.4.0-x86-mingw32
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CODEOWNERS +30 -0
- data/Gemfile.lock +9 -9
- data/lib/puppet.rb +13 -0
- data/lib/puppet/application/agent.rb +8 -12
- data/lib/puppet/application/device.rb +2 -3
- data/lib/puppet/application/filebucket.rb +6 -1
- data/lib/puppet/application/ssl.rb +102 -55
- data/lib/puppet/configurer.rb +8 -7
- data/lib/puppet/defaults.rb +3 -1
- data/lib/puppet/file_system.rb +24 -4
- data/lib/puppet/file_system/file_impl.rb +25 -0
- data/lib/puppet/file_system/jruby.rb +23 -0
- data/lib/puppet/file_system/windows.rb +84 -0
- data/lib/puppet/indirector/rest.rb +4 -2
- data/lib/puppet/loaders.rb +1 -0
- data/lib/puppet/network/http.rb +1 -0
- data/lib/puppet/network/http/base_pool.rb +18 -0
- data/lib/puppet/network/http/connection.rb +49 -17
- data/lib/puppet/network/http/nocache_pool.rb +9 -4
- data/lib/puppet/network/http/pool.rb +10 -11
- data/lib/puppet/network/http/session.rb +3 -2
- data/lib/puppet/network/http_pool.rb +32 -0
- data/lib/puppet/pops/loader/generic_plan_instantiator.rb +28 -0
- data/lib/puppet/pops/loader/loader_paths.rb +46 -10
- data/lib/puppet/pops/loader/module_loaders.rb +10 -3
- data/lib/puppet/provider/file/windows.rb +49 -1
- data/lib/puppet/provider/package/windows.rb +5 -1
- data/lib/puppet/reports/http.rb +2 -1
- data/lib/puppet/rest/client.rb +7 -3
- data/lib/puppet/rest/routes.rb +9 -44
- data/lib/puppet/ssl.rb +6 -0
- data/lib/puppet/ssl/error.rb +26 -0
- data/lib/puppet/ssl/host.rb +9 -92
- data/lib/puppet/ssl/ssl_context.rb +30 -0
- data/lib/puppet/ssl/ssl_provider.rb +232 -0
- data/lib/puppet/ssl/state_machine.rb +261 -0
- data/lib/puppet/ssl/validator.rb +1 -0
- data/lib/puppet/ssl/validator/default_validator.rb +1 -0
- data/lib/puppet/ssl/validator/no_validator.rb +2 -0
- data/lib/puppet/ssl/verifier.rb +134 -0
- data/lib/puppet/ssl/verifier_adapter.rb +48 -0
- data/lib/puppet/test/test_helper.rb +2 -1
- data/lib/puppet/type/exec.rb +30 -6
- data/lib/puppet/type/file/mode.rb +6 -1
- data/lib/puppet/type/file/source.rb +2 -2
- data/lib/puppet/type/filebucket.rb +12 -8
- data/lib/puppet/type/user.rb +14 -1
- data/lib/puppet/util/connection.rb +10 -5
- data/lib/puppet/util/feature.rb +11 -2
- data/lib/puppet/util/http_proxy.rb +3 -2
- data/lib/puppet/util/pidlock.rb +1 -1
- data/lib/puppet/util/ssl.rb +1 -10
- data/lib/puppet/util/windows/security.rb +29 -8
- data/lib/puppet/version.rb +1 -1
- data/lib/puppet/x509.rb +7 -0
- data/lib/puppet/x509/cert_provider.rb +286 -0
- data/lib/puppet/x509/pem_store.rb +55 -0
- data/locales/ja/puppet.po +740 -590
- data/locales/puppet.pot +433 -208
- data/man/man5/puppet.conf.5 +6 -3
- data/man/man8/puppet-agent.8 +1 -1
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +1 -1
- data/man/man8/puppet-filebucket.8 +6 -2
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-key.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-man.8 +1 -1
- data/man/man8/puppet-module.8 +1 -1
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +5 -1
- data/man/man8/puppet-status.8 +1 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/ssl/127.0.0.1-key.pem +67 -0
- data/spec/fixtures/ssl/127.0.0.1.pem +48 -0
- data/spec/fixtures/ssl/bad-basic-constraints.pem +59 -0
- data/spec/fixtures/ssl/bad-int-basic-constraints.pem +59 -0
- data/spec/fixtures/ssl/ca.pem +59 -0
- data/spec/fixtures/ssl/crl.pem +30 -0
- data/spec/fixtures/ssl/encrypted-key.pem +70 -0
- data/spec/fixtures/ssl/intermediate-agent-crl.pem +31 -0
- data/spec/fixtures/ssl/intermediate-agent.pem +60 -0
- data/spec/fixtures/ssl/intermediate-crl.pem +36 -0
- data/spec/fixtures/ssl/intermediate.pem +60 -0
- data/spec/fixtures/ssl/netlock-arany-utf8.pem +23 -0
- data/spec/fixtures/ssl/pluto-key.pem +67 -0
- data/spec/fixtures/ssl/pluto.pem +44 -0
- data/spec/fixtures/ssl/request-key.pem +67 -0
- data/spec/fixtures/ssl/request.pem +39 -0
- data/spec/fixtures/ssl/revoked-key.pem +67 -0
- data/spec/fixtures/ssl/revoked.pem +44 -0
- data/spec/fixtures/ssl/signed-key.pem +67 -0
- data/spec/fixtures/ssl/signed.pem +44 -0
- data/spec/fixtures/ssl/tampered-cert.pem +44 -0
- data/spec/fixtures/ssl/tampered-csr.pem +39 -0
- data/spec/integration/network/http_pool_spec.rb +222 -0
- data/spec/integration/provider/file/windows_spec.rb +162 -0
- data/spec/integration/rest/client_spec.rb +73 -0
- data/spec/integration/type/file_spec.rb +0 -19
- data/spec/lib/puppet/test_ca.rb +87 -50
- data/spec/lib/puppet_spec/fixtures.rb +20 -0
- data/spec/lib/puppet_spec/https.rb +84 -0
- data/spec/unit/application/agent_spec.rb +29 -30
- data/spec/unit/application/device_spec.rb +12 -49
- data/spec/unit/application/ssl_spec.rb +24 -38
- data/spec/unit/configurer_spec.rb +11 -11
- data/spec/unit/file_system/uniquefile_spec.rb +6 -0
- data/spec/unit/file_system_spec.rb +214 -0
- data/spec/unit/indirector/rest_spec.rb +3 -3
- data/spec/unit/network/http/connection_spec.rb +30 -90
- data/spec/unit/network/http/factory_spec.rb +1 -0
- data/spec/unit/network/http/nocache_pool_spec.rb +8 -8
- data/spec/unit/network/http/pool_spec.rb +63 -33
- data/spec/unit/network/http/session_spec.rb +8 -1
- data/spec/unit/network/http_pool_spec.rb +36 -0
- data/spec/unit/pops/loaders/loader_spec.rb +26 -1
- data/spec/unit/provider/package/windows_spec.rb +12 -1
- data/spec/unit/reports/http_spec.rb +7 -7
- data/spec/unit/rest/client_spec.rb +4 -6
- data/spec/unit/ssl/host_spec.rb +39 -33
- data/spec/unit/ssl/ssl_provider_spec.rb +428 -0
- data/spec/unit/ssl/state_machine_spec.rb +502 -0
- data/spec/unit/ssl/verifier_spec.rb +123 -0
- data/spec/unit/type/exec_spec.rb +63 -0
- data/spec/unit/type/file/source_spec.rb +5 -5
- data/spec/unit/type/filebucket_spec.rb +8 -6
- data/spec/unit/util/feature_spec.rb +2 -2
- data/spec/unit/util/storage_spec.rb +19 -19
- data/spec/unit/x509/cert_provider_spec.rb +527 -0
- data/spec/unit/x509/pem_store_spec.rb +160 -0
- data/tasks/generate_cert_fixtures.rake +158 -0
- metadata +78 -4
- data/MAINTAINERS +0 -47
- data/lib/puppet/rest/ssl_context.rb +0 -13
data/lib/puppet/defaults.rb
CHANGED
@@ -305,7 +305,9 @@ module Puppet
|
|
305
305
|
:manage_internal_file_permissions => {
|
306
306
|
:default => ! Puppet::Util::Platform.windows?,
|
307
307
|
:type => :boolean,
|
308
|
-
:desc => "Whether Puppet should manage the owner, group, and mode of files it uses internally
|
308
|
+
:desc => "Whether Puppet should manage the owner, group, and mode of files it uses internally.
|
309
|
+
|
310
|
+
**Note**: For Windows agents, the default is `false` for versions 4.10.13 and greater, versions 5.5.6 and greater, and versions 6.0 and greater.",
|
309
311
|
},
|
310
312
|
:onetime => {
|
311
313
|
:default => false,
|
data/lib/puppet/file_system.rb
CHANGED
@@ -10,10 +10,13 @@ module Puppet::FileSystem
|
|
10
10
|
@impl = if Puppet::Util::Platform.windows?
|
11
11
|
require 'puppet/file_system/windows'
|
12
12
|
Puppet::FileSystem::Windows
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
13
|
+
elsif Puppet::Util::Platform.jruby?
|
14
|
+
require 'puppet/file_system/jruby'
|
15
|
+
Puppet::FileSystem::JRuby
|
16
|
+
else
|
17
|
+
require 'puppet/file_system/posix'
|
18
|
+
Puppet::FileSystem::Posix
|
19
|
+
end.new()
|
17
20
|
|
18
21
|
# Allows overriding the filesystem for the duration of the given block.
|
19
22
|
# The filesystem will only contain the given file(s).
|
@@ -401,4 +404,21 @@ module Puppet::FileSystem
|
|
401
404
|
def self.chmod(mode, path)
|
402
405
|
@impl.chmod(mode, path)
|
403
406
|
end
|
407
|
+
|
408
|
+
# Replace the contents of a file atomically, creating the file if necessary.
|
409
|
+
# If a `mode` is specified, then it will always be applied to the file. If
|
410
|
+
# a `mode` is not specified and the file exists, its mode will be preserved.
|
411
|
+
# If the file doesn't exist, the mode will be set to a platform-specific
|
412
|
+
# default.
|
413
|
+
#
|
414
|
+
# @param path [String] The path to the file, can also accept [PathName]
|
415
|
+
# @param mode [Integer] Optional mode for the file.
|
416
|
+
#
|
417
|
+
# @raise [Errno::EISDIR]: path is a directory
|
418
|
+
#
|
419
|
+
# @api public
|
420
|
+
#
|
421
|
+
def self.replace_file(path, mode = nil, &block)
|
422
|
+
@impl.replace_file(assert_path(path), mode, &block)
|
423
|
+
end
|
404
424
|
end
|
@@ -151,4 +151,29 @@ class Puppet::FileSystem::FileImpl
|
|
151
151
|
def chmod(mode, path)
|
152
152
|
FileUtils.chmod(mode, path)
|
153
153
|
end
|
154
|
+
|
155
|
+
def replace_file(path, mode = nil)
|
156
|
+
mode ||= begin
|
157
|
+
stat = Puppet::FileSystem.lstat(path)
|
158
|
+
stat.mode & 07777
|
159
|
+
rescue Errno::ENOENT
|
160
|
+
0640
|
161
|
+
end
|
162
|
+
|
163
|
+
tempfile = Puppet::FileSystem::Uniquefile.new(Puppet::FileSystem.basename_string(path), Puppet::FileSystem.dir_string(path))
|
164
|
+
begin
|
165
|
+
begin
|
166
|
+
yield tempfile
|
167
|
+
tempfile.flush
|
168
|
+
tempfile.fsync
|
169
|
+
ensure
|
170
|
+
tempfile.close
|
171
|
+
end
|
172
|
+
|
173
|
+
chmod(mode, tempfile.path)
|
174
|
+
File.rename(tempfile.path, Puppet::FileSystem.path_string(path))
|
175
|
+
ensure
|
176
|
+
tempfile.close!
|
177
|
+
end
|
178
|
+
end
|
154
179
|
end
|
@@ -0,0 +1,23 @@
|
|
1
|
+
require 'puppet/file_system/posix'
|
2
|
+
|
3
|
+
class Puppet::FileSystem::JRuby < Puppet::FileSystem::Posix
|
4
|
+
def unlink(*paths)
|
5
|
+
File.unlink(*paths)
|
6
|
+
rescue Errno::ENOENT
|
7
|
+
# JRuby raises ENOENT if the path doesn't exist or the parent directory
|
8
|
+
# doesn't allow execute/traverse. If it's the former, `stat` will raise
|
9
|
+
# ENOENT, if it's the later, it'll raise EACCES
|
10
|
+
# See https://github.com/jruby/jruby/issues/5617
|
11
|
+
stat(*paths)
|
12
|
+
end
|
13
|
+
|
14
|
+
def replace_file(path, mode = nil, &block)
|
15
|
+
# MRI Ruby rename checks if destination is a directory and raises, while
|
16
|
+
# JRuby removes the directory and replaces the file.
|
17
|
+
if Puppet::FileSystem.directory?(path)
|
18
|
+
raise Errno::EISDIR, _("Is a directory: %{directory}") % { directory: path }
|
19
|
+
end
|
20
|
+
|
21
|
+
super
|
22
|
+
end
|
23
|
+
end
|
@@ -2,6 +2,8 @@ require 'puppet/file_system/posix'
|
|
2
2
|
require 'puppet/util/windows'
|
3
3
|
|
4
4
|
class Puppet::FileSystem::Windows < Puppet::FileSystem::Posix
|
5
|
+
FULL_CONTROL = Puppet::Util::Windows::File::FILE_ALL_ACCESS
|
6
|
+
FILE_READ = Puppet::Util::Windows::File::FILE_GENERIC_READ
|
5
7
|
|
6
8
|
def open(path, mode, options, &block)
|
7
9
|
# PUP-6959 mode is explicitly ignored until it can be implemented
|
@@ -114,8 +116,90 @@ class Puppet::FileSystem::Windows < Puppet::FileSystem::Posix
|
|
114
116
|
contents
|
115
117
|
end
|
116
118
|
|
119
|
+
# https://docs.microsoft.com/en-us/windows/desktop/debug/system-error-codes--0-499-
|
120
|
+
ACCESS_DENIED = 5
|
121
|
+
SHARING_VIOLATION = 32
|
122
|
+
LOCK_VIOLATION = 33
|
123
|
+
|
124
|
+
def replace_file(path, mode = nil)
|
125
|
+
if Puppet::FileSystem.directory?(path)
|
126
|
+
raise Errno::EISDIR, _("Is a directory: %{directory}") % { directory: path }
|
127
|
+
end
|
128
|
+
|
129
|
+
current_sid = Puppet::Util::Windows::SID.name_to_sid(Puppet::Util::Windows::ADSI::User.current_user_name)
|
130
|
+
dacl = case mode
|
131
|
+
when 0644
|
132
|
+
dacl = secure_dacl(current_sid)
|
133
|
+
dacl.allow(Puppet::Util::Windows::SID::BuiltinUsers, FILE_READ)
|
134
|
+
dacl
|
135
|
+
when 0640, 0600
|
136
|
+
secure_dacl(current_sid)
|
137
|
+
when nil
|
138
|
+
get_dacl_from_file(path) || secure_dacl(current_sid)
|
139
|
+
else
|
140
|
+
raise ArgumentError, "Only modes 0644, 0640 and 0600 are allowed"
|
141
|
+
end
|
142
|
+
|
143
|
+
|
144
|
+
tempfile = Puppet::FileSystem::Uniquefile.new(Puppet::FileSystem.basename_string(path), Puppet::FileSystem.dir_string(path))
|
145
|
+
begin
|
146
|
+
tempdacl = Puppet::Util::Windows::AccessControlList.new
|
147
|
+
tempdacl.allow(current_sid, FULL_CONTROL)
|
148
|
+
set_dacl(tempfile.path, tempdacl)
|
149
|
+
|
150
|
+
begin
|
151
|
+
yield tempfile
|
152
|
+
tempfile.flush
|
153
|
+
tempfile.fsync
|
154
|
+
ensure
|
155
|
+
tempfile.close
|
156
|
+
end
|
157
|
+
|
158
|
+
set_dacl(tempfile.path, dacl) if dacl
|
159
|
+
File.rename(tempfile.path, Puppet::FileSystem.path_string(path))
|
160
|
+
ensure
|
161
|
+
tempfile.close!
|
162
|
+
end
|
163
|
+
rescue Puppet::Util::Windows::Error => e
|
164
|
+
case e.code
|
165
|
+
when ACCESS_DENIED, SHARING_VIOLATION, LOCK_VIOLATION
|
166
|
+
raise Errno::EACCES.new(Puppet::FileSystem.path_string(path), e)
|
167
|
+
else
|
168
|
+
raise SystemCallError.new(e.message)
|
169
|
+
end
|
170
|
+
end
|
171
|
+
|
117
172
|
private
|
118
173
|
|
174
|
+
def set_dacl(path, dacl)
|
175
|
+
sd = Puppet::Util::Windows::Security.get_security_descriptor(path)
|
176
|
+
new_sd = Puppet::Util::Windows::SecurityDescriptor.new(sd.owner, sd.group, dacl, true)
|
177
|
+
Puppet::Util::Windows::Security.set_security_descriptor(path, new_sd)
|
178
|
+
end
|
179
|
+
|
180
|
+
def secure_dacl(current_sid)
|
181
|
+
dacl = Puppet::Util::Windows::AccessControlList.new
|
182
|
+
[
|
183
|
+
Puppet::Util::Windows::SID::LocalSystem,
|
184
|
+
Puppet::Util::Windows::SID::BuiltinAdministrators,
|
185
|
+
current_sid
|
186
|
+
].uniq.map do |sid|
|
187
|
+
dacl.allow(sid, FULL_CONTROL)
|
188
|
+
end
|
189
|
+
dacl
|
190
|
+
end
|
191
|
+
|
192
|
+
def get_dacl_from_file(path)
|
193
|
+
sd = Puppet::Util::Windows::Security.get_security_descriptor(Puppet::FileSystem.path_string(path))
|
194
|
+
sd.dacl
|
195
|
+
rescue Puppet::Util::Windows::Error => e
|
196
|
+
if e.code == 2 # ERROR_FILE_NOT_FOUND
|
197
|
+
nil
|
198
|
+
else
|
199
|
+
raise e
|
200
|
+
end
|
201
|
+
end
|
202
|
+
|
119
203
|
def raise_if_symlinks_unsupported
|
120
204
|
if ! Puppet.features.manages_symlinks?
|
121
205
|
msg = _("This version of Windows does not support symlinks. Windows Vista / 2008 or higher is required.")
|
@@ -73,8 +73,10 @@ class Puppet::Indirector::REST < Puppet::Indirector::Terminus
|
|
73
73
|
end
|
74
74
|
|
75
75
|
def network(request)
|
76
|
-
Puppet
|
77
|
-
|
76
|
+
ssl_context = Puppet.lookup(:ssl_context)
|
77
|
+
Puppet::Network::HttpPool.connection(request.server || self.class.server,
|
78
|
+
request.port || self.class.port,
|
79
|
+
ssl_context: ssl_context)
|
78
80
|
end
|
79
81
|
|
80
82
|
def http_get(request, path, headers = nil, *args)
|
data/lib/puppet/loaders.rb
CHANGED
@@ -21,6 +21,7 @@ module Puppet
|
|
21
21
|
require 'puppet/pops/loader/loader_paths'
|
22
22
|
require 'puppet/pops/loader/simple_environment_loader'
|
23
23
|
require 'puppet/pops/loader/predefined_loader'
|
24
|
+
require 'puppet/pops/loader/generic_plan_instantiator'
|
24
25
|
require 'puppet/pops/loader/puppet_plan_instantiator'
|
25
26
|
end
|
26
27
|
end
|
data/lib/puppet/network/http.rb
CHANGED
@@ -21,6 +21,7 @@ module Puppet::Network::HTTP
|
|
21
21
|
require 'puppet/network/http/site'
|
22
22
|
require 'puppet/network/http/session'
|
23
23
|
require 'puppet/network/http/factory'
|
24
|
+
require 'puppet/network/http/base_pool'
|
24
25
|
require 'puppet/network/http/nocache_pool'
|
25
26
|
require 'puppet/network/http/pool'
|
26
27
|
require 'puppet/network/http/memory_response'
|
@@ -0,0 +1,18 @@
|
|
1
|
+
# Base pool for HTTP connections.
|
2
|
+
#
|
3
|
+
# @api private
|
4
|
+
class Puppet::Network::HTTP::BasePool
|
5
|
+
def start(site, verifier, http)
|
6
|
+
Puppet.debug("Starting connection for #{site}")
|
7
|
+
if verifier
|
8
|
+
verifier.setup_connection(http)
|
9
|
+
begin
|
10
|
+
http.start
|
11
|
+
rescue OpenSSL::SSL::SSLError => error
|
12
|
+
verifier.handle_connection_error(http, error)
|
13
|
+
end
|
14
|
+
else
|
15
|
+
http.start
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
@@ -25,7 +25,8 @@ module Puppet::Network::HTTP
|
|
25
25
|
|
26
26
|
OPTION_DEFAULTS = {
|
27
27
|
:use_ssl => true,
|
28
|
-
:verify => nil,
|
28
|
+
:verify => nil, # Puppet::SSL::Validator is deprecated
|
29
|
+
:verifier => nil,
|
29
30
|
:redirect_limit => 10,
|
30
31
|
}
|
31
32
|
|
@@ -56,7 +57,17 @@ module Puppet::Network::HTTP
|
|
56
57
|
|
57
58
|
options = OPTION_DEFAULTS.merge(options)
|
58
59
|
@use_ssl = options[:use_ssl]
|
59
|
-
@
|
60
|
+
if @use_ssl
|
61
|
+
if options[:verifier]
|
62
|
+
unless options[:verifier].is_a?(Puppet::SSL::Verifier)
|
63
|
+
raise ArgumentError, _("Expected an instance of Puppet::SSL::Verifier but was passed a %{klass}") % { klass: options[:verifier].class }
|
64
|
+
end
|
65
|
+
|
66
|
+
@verifier = options[:verifier]
|
67
|
+
else
|
68
|
+
@verifier = Puppet::SSL::VerifierAdapter.new(options[:verify])
|
69
|
+
end
|
70
|
+
end
|
60
71
|
@redirect_limit = options[:redirect_limit]
|
61
72
|
@site = Puppet::Network::HTTP::Site.new(@use_ssl ? 'https' : 'http', host, port)
|
62
73
|
@pool = Puppet.lookup(:http_pool)
|
@@ -130,20 +141,26 @@ module Puppet::Network::HTTP
|
|
130
141
|
# future we may want to refactor these so that they are funneled through
|
131
142
|
# that method and do inherit the error handling.
|
132
143
|
def request_get(*args, &block)
|
133
|
-
with_connection(@site) do |
|
134
|
-
|
144
|
+
with_connection(@site) do |http|
|
145
|
+
resp = http.request_get(*args, &block)
|
146
|
+
Puppet.debug("HTTP GET #{@site}#{args.first.split('?').first} returned #{resp.code} #{resp.message}")
|
147
|
+
resp
|
135
148
|
end
|
136
149
|
end
|
137
150
|
|
138
151
|
def request_head(*args, &block)
|
139
|
-
with_connection(@site) do |
|
140
|
-
|
152
|
+
with_connection(@site) do |http|
|
153
|
+
resp = http.request_head(*args, &block)
|
154
|
+
Puppet.debug("HTTP HEAD #{@site}#{args.first.split('?').first} returned #{resp.code} #{resp.message}")
|
155
|
+
resp
|
141
156
|
end
|
142
157
|
end
|
143
158
|
|
144
159
|
def request_post(*args, &block)
|
145
|
-
with_connection(@site) do |
|
146
|
-
|
160
|
+
with_connection(@site) do |http|
|
161
|
+
resp = http.request_post(*args, &block)
|
162
|
+
Puppet.debug("HTTP POST #{@site}#{args.first.split('?').first} returned #{resp.code} #{resp.message}")
|
163
|
+
resp
|
147
164
|
end
|
148
165
|
end
|
149
166
|
# end of Net::HTTP#request_* proxies
|
@@ -163,6 +180,11 @@ module Puppet::Network::HTTP
|
|
163
180
|
@site.use_ssl?
|
164
181
|
end
|
165
182
|
|
183
|
+
# @api private
|
184
|
+
def verifier
|
185
|
+
@verifier
|
186
|
+
end
|
187
|
+
|
166
188
|
private
|
167
189
|
|
168
190
|
def do_request(request, options)
|
@@ -297,23 +319,33 @@ module Puppet::Network::HTTP
|
|
297
319
|
|
298
320
|
def execute_request(connection, request)
|
299
321
|
start = Time.now
|
300
|
-
connection.request(request)
|
301
|
-
|
322
|
+
resp = connection.request(request)
|
323
|
+
Puppet.debug("HTTP #{request.method.upcase} #{@site}#{request.path.split('?').first} returned #{resp.code} #{resp.message}")
|
324
|
+
resp
|
325
|
+
rescue => exception
|
302
326
|
elapsed = (Time.now - start).to_f.round(3)
|
303
|
-
uri = @site.addr
|
304
|
-
|
305
|
-
|
306
|
-
|
327
|
+
uri = [@site.addr, request.path.split('?')[0]].join('/')
|
328
|
+
eclass = exception.class
|
329
|
+
|
330
|
+
err = case exception
|
331
|
+
when EOFError
|
332
|
+
eclass.new(_('request %{uri} interrupted after %{elapsed} seconds') % {uri: uri, elapsed: elapsed})
|
333
|
+
when Timeout::Error
|
334
|
+
eclass.new(_('request %{uri} timed out after %{elapsed} seconds') % {uri: uri, elapsed: elapsed})
|
335
|
+
else
|
336
|
+
eclass.new(_('request %{uri} failed: %{msg}') % {uri: uri, msg: exception.message})
|
337
|
+
end
|
338
|
+
|
339
|
+
err.set_backtrace(exception.backtrace) unless exception.backtrace.empty?
|
340
|
+
raise err
|
307
341
|
end
|
308
342
|
|
309
343
|
def with_connection(site, &block)
|
310
344
|
response = nil
|
311
|
-
@pool.with_connection(site, @
|
345
|
+
@pool.with_connection(site, @verifier) do |conn|
|
312
346
|
response = yield conn
|
313
347
|
end
|
314
348
|
response
|
315
|
-
rescue OpenSSL::SSL::SSLError => error
|
316
|
-
Puppet::Util::SSL.handle_connection_error(error, @verify, site.host)
|
317
349
|
end
|
318
350
|
end
|
319
351
|
end
|
@@ -1,7 +1,7 @@
|
|
1
1
|
# A pool that does not cache HTTP connections.
|
2
2
|
#
|
3
3
|
# @api private
|
4
|
-
class Puppet::Network::HTTP::NoCachePool
|
4
|
+
class Puppet::Network::HTTP::NoCachePool < Puppet::Network::HTTP::BasePool
|
5
5
|
def initialize(factory = Puppet::Network::HTTP::Factory.new)
|
6
6
|
@factory = factory
|
7
7
|
end
|
@@ -9,10 +9,15 @@ class Puppet::Network::HTTP::NoCachePool
|
|
9
9
|
# Yields a <tt>Net::HTTP</tt> connection.
|
10
10
|
#
|
11
11
|
# @yieldparam http [Net::HTTP] An HTTP connection
|
12
|
-
def with_connection(site,
|
12
|
+
def with_connection(site, verifier, &block)
|
13
13
|
http = @factory.create_connection(site)
|
14
|
-
|
15
|
-
|
14
|
+
start(site, verifier, http)
|
15
|
+
begin
|
16
|
+
yield http
|
17
|
+
ensure
|
18
|
+
Puppet.debug("Closing connection for #{site}")
|
19
|
+
http.finish
|
20
|
+
end
|
16
21
|
end
|
17
22
|
|
18
23
|
def close
|
@@ -8,7 +8,7 @@
|
|
8
8
|
#
|
9
9
|
# @api private
|
10
10
|
#
|
11
|
-
class Puppet::Network::HTTP::Pool
|
11
|
+
class Puppet::Network::HTTP::Pool < Puppet::Network::HTTP::BasePool
|
12
12
|
FIFTEEN_SECONDS = 15
|
13
13
|
|
14
14
|
attr_reader :factory
|
@@ -19,10 +19,10 @@ class Puppet::Network::HTTP::Pool
|
|
19
19
|
@keepalive_timeout = keepalive_timeout
|
20
20
|
end
|
21
21
|
|
22
|
-
def with_connection(site,
|
22
|
+
def with_connection(site, verifier, &block)
|
23
23
|
reuse = true
|
24
24
|
|
25
|
-
http = borrow(site,
|
25
|
+
http = borrow(site, verifier)
|
26
26
|
begin
|
27
27
|
if http.use_ssl? && http.verify_mode != OpenSSL::SSL::VERIFY_PEER
|
28
28
|
reuse = false
|
@@ -34,7 +34,7 @@ class Puppet::Network::HTTP::Pool
|
|
34
34
|
raise detail
|
35
35
|
ensure
|
36
36
|
if reuse
|
37
|
-
release(site, http)
|
37
|
+
release(site, verifier, http)
|
38
38
|
else
|
39
39
|
close_connection(site, http)
|
40
40
|
end
|
@@ -69,18 +69,17 @@ class Puppet::Network::HTTP::Pool
|
|
69
69
|
# connection is created, it will be started prior to being returned.
|
70
70
|
#
|
71
71
|
# @api private
|
72
|
-
def borrow(site,
|
72
|
+
def borrow(site, verifier)
|
73
73
|
@pool[site] = active_sessions(site)
|
74
|
-
|
74
|
+
index = @pool[site].index { |session| verifier.reusable?(session.verifier) }
|
75
|
+
session = index ? @pool[site].delete_at(index) : nil
|
75
76
|
if session
|
76
77
|
Puppet.debug("Using cached connection for #{site}")
|
77
78
|
session.connection
|
78
79
|
else
|
79
80
|
http = @factory.create_connection(site)
|
80
|
-
verify.setup_connection(http)
|
81
81
|
|
82
|
-
|
83
|
-
http.start
|
82
|
+
start(site, verifier, http)
|
84
83
|
setsockopts(http.instance_variable_get(:@socket))
|
85
84
|
http
|
86
85
|
end
|
@@ -97,9 +96,9 @@ class Puppet::Network::HTTP::Pool
|
|
97
96
|
# Release a connection back into the pool.
|
98
97
|
#
|
99
98
|
# @api private
|
100
|
-
def release(site, http)
|
99
|
+
def release(site, verifier, http)
|
101
100
|
expiration = Time.now + @keepalive_timeout
|
102
|
-
session = Puppet::Network::HTTP::Session.new(http, expiration)
|
101
|
+
session = Puppet::Network::HTTP::Session.new(http, verifier, expiration)
|
103
102
|
Puppet.debug("Caching connection for #{site}")
|
104
103
|
|
105
104
|
sessions = @pool[site]
|