puppet 6.7.2-x86-mingw32 → 6.8.0-x86-mingw32
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CODEOWNERS +9 -9
- data/Gemfile +1 -1
- data/Gemfile.lock +7 -7
- data/install.rb +3 -21
- data/lib/puppet/application/agent.rb +17 -13
- data/lib/puppet/application/device.rb +10 -0
- data/lib/puppet/defaults.rb +21 -6
- data/lib/puppet/face/facts.rb +1 -1
- data/lib/puppet/face/parser.rb +3 -2
- data/lib/puppet/forge.rb +19 -4
- data/lib/puppet/indirector/certificate/file.rb +1 -0
- data/lib/puppet/indirector/certificate/rest.rb +1 -0
- data/lib/puppet/indirector/certificate_request/file.rb +1 -0
- data/lib/puppet/indirector/certificate_request/memory.rb +1 -0
- data/lib/puppet/indirector/certificate_request/rest.rb +1 -0
- data/lib/puppet/indirector/key/file.rb +1 -0
- data/lib/puppet/indirector/key/memory.rb +1 -0
- data/lib/puppet/module_tool/applications/installer.rb +0 -3
- data/lib/puppet/network/http/factory.rb +1 -11
- data/lib/puppet/pops/lookup.rb +1 -0
- data/lib/puppet/pops/lookup/key_recorder.rb +18 -0
- data/lib/puppet/pops/lookup/lookup_adapter.rb +7 -0
- data/lib/puppet/provider/file/posix.rb +5 -0
- data/lib/puppet/provider/nameservice.rb +10 -3
- data/lib/puppet/provider/package/apt.rb +1 -1
- data/lib/puppet/provider/package/dpkg.rb +17 -3
- data/lib/puppet/provider/service/launchd.rb +20 -5
- data/lib/puppet/provider/service/systemd.rb +5 -10
- data/lib/puppet/provider/user/pw.rb +12 -3
- data/lib/puppet/provider/user/user_role_add.rb +4 -0
- data/lib/puppet/provider/user/useradd.rb +25 -11
- data/lib/puppet/ssl/certificate.rb +2 -0
- data/lib/puppet/ssl/host.rb +3 -0
- data/lib/puppet/ssl/key.rb +2 -0
- data/lib/puppet/util/http_proxy.rb +17 -3
- data/lib/puppet/util/monkey_patches.rb +0 -16
- data/lib/puppet/util/selinux.rb +5 -1
- data/lib/puppet/util/windows/security.rb +2 -0
- data/lib/puppet/util/windows/sid.rb +1 -0
- data/lib/puppet/version.rb +1 -1
- data/lib/puppet/x509/cert_provider.rb +13 -15
- data/locales/puppet.pot +77 -65
- data/man/man5/puppet.conf.5 +20 -4
- data/man/man8/puppet-agent.8 +24 -7
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +1 -1
- data/man/man8/puppet-filebucket.8 +1 -1
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-key.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-man.8 +1 -1
- data/man/man8/puppet-module.8 +1 -1
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +1 -1
- data/man/man8/puppet-status.8 +1 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/integration/provider/service/systemd_spec.rb +7 -5
- data/spec/integration/type/file_spec.rb +28 -0
- data/spec/unit/application/device_spec.rb +26 -0
- data/spec/unit/face/facts_spec.rb +9 -0
- data/spec/unit/face/parser_spec.rb +17 -5
- data/spec/unit/forge/module_release_spec.rb +66 -31
- data/spec/unit/module_tool/applications/installer_spec.rb +0 -9
- data/spec/unit/network/http/factory_spec.rb +27 -5
- data/spec/unit/provider/package/dpkg_spec.rb +84 -4
- data/spec/unit/provider/service/launchd_spec.rb +28 -0
- data/spec/unit/provider/service/systemd_spec.rb +14 -0
- data/spec/unit/provider/user/pw_spec.rb +37 -0
- data/spec/unit/provider/user/useradd_spec.rb +42 -0
- data/spec/unit/transaction_spec.rb +18 -0
- data/spec/unit/util/http_proxy_spec.rb +24 -1
- data/spec/unit/x509/cert_provider_spec.rb +1 -1
- metadata +4 -7
- data/ext/windows/eventlog/Rakefile +0 -32
- data/ext/windows/eventlog/puppetres.dll +0 -0
- data/ext/windows/eventlog/puppetres.mc +0 -18
@@ -25,17 +25,7 @@ class Puppet::Network::HTTP::Factory
|
|
25
25
|
def create_connection(site)
|
26
26
|
Puppet.debug("Creating new connection for #{site}")
|
27
27
|
|
28
|
-
|
29
|
-
|
30
|
-
unless Puppet::Util::HttpProxy.no_proxy?(site)
|
31
|
-
if Puppet[:http_proxy_host] == "none"
|
32
|
-
args << nil << nil
|
33
|
-
else
|
34
|
-
args << Puppet[:http_proxy_host] << Puppet[:http_proxy_port]
|
35
|
-
end
|
36
|
-
end
|
37
|
-
|
38
|
-
http = Net::HTTP.new(*args)
|
28
|
+
http = Puppet::Util::HttpProxy.proxy(URI(site.addr))
|
39
29
|
http.use_ssl = site.use_ssl?
|
40
30
|
http.read_timeout = Puppet[:http_read_timeout]
|
41
31
|
http.open_timeout = Puppet[:http_connect_timeout]
|
data/lib/puppet/pops/lookup.rb
CHANGED
@@ -0,0 +1,18 @@
|
|
1
|
+
# This class defines the private API of the Lookup Key Recorder support.
|
2
|
+
# @api private
|
3
|
+
#
|
4
|
+
class Puppet::Pops::Lookup::KeyRecorder
|
5
|
+
|
6
|
+
def initialize()
|
7
|
+
end
|
8
|
+
|
9
|
+
def self.singleton
|
10
|
+
@null_recorder ||= self.new
|
11
|
+
end
|
12
|
+
|
13
|
+
# Records a key
|
14
|
+
# (This implementation does nothing)
|
15
|
+
#
|
16
|
+
def record(key)
|
17
|
+
end
|
18
|
+
end
|
@@ -27,6 +27,8 @@ class LookupAdapter < DataAdapter
|
|
27
27
|
super()
|
28
28
|
@compiler = compiler
|
29
29
|
@lookup_options = {}
|
30
|
+
# Get a KeyRecorder from context, and set a "null recorder" if not defined
|
31
|
+
@key_recorder = Puppet.lookup(:lookup_key_recorder) { KeyRecorder.singleton }
|
30
32
|
end
|
31
33
|
|
32
34
|
# Performs a lookup using global, environment, and module data providers. Merge the result using the given
|
@@ -48,6 +50,11 @@ class LookupAdapter < DataAdapter
|
|
48
50
|
end
|
49
51
|
end
|
50
52
|
|
53
|
+
# Record that the key was looked up. This will record all keys for which a lookup is performed
|
54
|
+
# except 'lookup_options' (since that is illegal from a user perspective,
|
55
|
+
# and from an impact perspective is always looked up).
|
56
|
+
@key_recorder.record(key)
|
57
|
+
|
51
58
|
key = LookupKey.new(key)
|
52
59
|
lookup_invocation.lookup(key, key.module_name) do
|
53
60
|
if lookup_invocation.only_explain_options?
|
@@ -8,6 +8,11 @@ Puppet::Type.type(:file).provide :posix do
|
|
8
8
|
include Puppet::Util::Warnings
|
9
9
|
|
10
10
|
require 'etc'
|
11
|
+
require 'puppet/util/selinux'
|
12
|
+
|
13
|
+
def self.post_resource_eval
|
14
|
+
Selinux.matchpathcon_fini if Puppet::Util::SELinux.selinux_support?
|
15
|
+
end
|
11
16
|
|
12
17
|
def uid2name(id)
|
13
18
|
return id.to_s if id.is_a?(Symbol) or id.is_a?(String)
|
@@ -173,9 +173,10 @@ class Puppet::Provider::NameService < Puppet::Provider
|
|
173
173
|
end
|
174
174
|
|
175
175
|
begin
|
176
|
-
|
176
|
+
sensitive = has_sensitive_data?
|
177
|
+
execute(self.addcmd, {:failonfail => true, :combine => true, :custom_environment => @custom_environment, :sensitive => sensitive})
|
177
178
|
if feature?(:manages_password_age) && (cmd = passcmd)
|
178
|
-
execute(cmd, {:failonfail => true, :combine => true, :custom_environment => @custom_environment})
|
179
|
+
execute(cmd, {:failonfail => true, :combine => true, :custom_environment => @custom_environment, :sensitive => sensitive})
|
179
180
|
end
|
180
181
|
rescue Puppet::ExecutionFailure => detail
|
181
182
|
raise Puppet::Error, _("Could not create %{resource} %{name}: %{detail}") % { resource: @resource.class.name, name: @resource.name, detail: detail }, detail.backtrace
|
@@ -279,13 +280,19 @@ class Puppet::Provider::NameService < Puppet::Provider
|
|
279
280
|
self.class.validate(param, value)
|
280
281
|
cmd = modifycmd(param, munge(param, value))
|
281
282
|
raise Puppet::DevError, _("Nameservice command must be an array") unless cmd.is_a?(Array)
|
283
|
+
sensitive = has_sensitive_data?(param)
|
282
284
|
begin
|
283
|
-
execute(cmd, {:failonfail => true, :combine => true, :custom_environment => @custom_environment})
|
285
|
+
execute(cmd, {:failonfail => true, :combine => true, :custom_environment => @custom_environment, :sensitive => sensitive})
|
284
286
|
rescue Puppet::ExecutionFailure => detail
|
285
287
|
raise Puppet::Error, _("Could not set %{param} on %{resource}[%{name}]: %{detail}") % { param: param, resource: @resource.class.name, name: @resource.name, detail: detail }, detail.backtrace
|
286
288
|
end
|
287
289
|
end
|
288
290
|
|
291
|
+
#Derived classes can override to declare sensitive data so a flag can be passed to execute
|
292
|
+
def has_sensitive_data?(property = nil)
|
293
|
+
false
|
294
|
+
end
|
295
|
+
|
289
296
|
# From overriding Puppet::Property#insync? Ruby Etc::getpwnam < 2.1.0 always
|
290
297
|
# returns a struct with binary encoded string values, and >= 2.1.0 will return
|
291
298
|
# binary encoded strings for values incompatible with current locale charset,
|
@@ -8,7 +8,7 @@ Puppet::Type.type(:package).provide :apt, :parent => :dpkg, :source => :dpkg do
|
|
8
8
|
These options should be specified as an array where each element is either a
|
9
9
|
string or a hash."
|
10
10
|
|
11
|
-
has_feature :versionable, :install_options
|
11
|
+
has_feature :versionable, :install_options, :virtual_packages
|
12
12
|
|
13
13
|
commands :aptget => "/usr/bin/apt-get"
|
14
14
|
commands :aptcache => "/usr/bin/apt-cache"
|
@@ -5,7 +5,7 @@ Puppet::Type.type(:package).provide :dpkg, :parent => Puppet::Provider::Package
|
|
5
5
|
and not `apt`, you must specify the source of any packages you want
|
6
6
|
to manage."
|
7
7
|
|
8
|
-
has_feature :holdable
|
8
|
+
has_feature :holdable, :virtual_packages
|
9
9
|
|
10
10
|
commands :dpkg => "/usr/bin/dpkg"
|
11
11
|
commands :dpkg_deb => "/usr/bin/dpkg-deb"
|
@@ -45,16 +45,18 @@ Puppet::Type.type(:package).provide :dpkg, :parent => Puppet::Provider::Package
|
|
45
45
|
# Note: self:: is required here to keep these constants in the context of what will
|
46
46
|
# eventually become this Puppet::Type::Package::ProviderDpkg class.
|
47
47
|
self::DPKG_QUERY_FORMAT_STRING = %Q{'${Status} ${Package} ${Version}\\n'}
|
48
|
+
self::DPKG_QUERY_PROVIDES_FORMAT_STRING = %Q{'${Status} ${Package} ${Version} [${Provides}]\\n'}
|
48
49
|
self::FIELDS_REGEX = %r{^(\S+) +(\S+) +(\S+) (\S+) (\S*)$}
|
50
|
+
self::FIELDS_REGEX_WITH_PROVIDES = %r{^(\S+) +(\S+) +(\S+) (\S+) (\S*) \[.*\]$}
|
49
51
|
self::FIELDS= [:desired, :error, :status, :name, :ensure]
|
50
52
|
|
51
53
|
# @param line [String] one line of dpkg-query output
|
52
54
|
# @return [Hash,nil] a hash of FIELDS or nil if we failed to match
|
53
55
|
# @api private
|
54
|
-
def self.parse_line(line)
|
56
|
+
def self.parse_line(line, regex=self::FIELDS_REGEX)
|
55
57
|
hash = nil
|
56
58
|
|
57
|
-
match =
|
59
|
+
match = regex.match(line)
|
58
60
|
if match
|
59
61
|
hash = {}
|
60
62
|
|
@@ -116,6 +118,18 @@ Puppet::Type.type(:package).provide :dpkg, :parent => Puppet::Provider::Package
|
|
116
118
|
|
117
119
|
# list out our specific package
|
118
120
|
begin
|
121
|
+
if @resource.allow_virtual?
|
122
|
+
output = dpkgquery(
|
123
|
+
"-W",
|
124
|
+
"--showformat",
|
125
|
+
self.class::DPKG_QUERY_PROVIDES_FORMAT_STRING
|
126
|
+
).lines.find {|package| package.match(/\[.*#{@resource[:name]}.*\]/)}
|
127
|
+
if output
|
128
|
+
hash = self.class.parse_line(output,self.class::FIELDS_REGEX_WITH_PROVIDES)
|
129
|
+
Puppet.info("Package #{@resource[:name]} is virtual, defaulting to #{hash[:name]}")
|
130
|
+
@resource[:name] = hash[:name]
|
131
|
+
end
|
132
|
+
end
|
119
133
|
output = dpkgquery(
|
120
134
|
"-W",
|
121
135
|
"--showformat",
|
@@ -241,12 +241,20 @@ Puppet::Type.type(:service).provide :launchd, :parent => :base do
|
|
241
241
|
def status
|
242
242
|
if @resource && ((@resource[:hasstatus] == :false) || (@resource[:status]))
|
243
243
|
return super
|
244
|
-
|
245
|
-
|
246
|
-
|
244
|
+
elsif @property_hash[:status].nil?
|
245
|
+
# property_hash was flushed so the service changed status
|
246
|
+
service_name = @resource[:name]
|
247
|
+
# Updating services with new statuses
|
248
|
+
job_list = self.class.job_list
|
249
|
+
# if job is present in job_list, return its status
|
250
|
+
if job_list.key?(service_name)
|
251
|
+
job_list[service_name]
|
252
|
+
# if job is no longer present in job_list, it was stopped
|
247
253
|
else
|
248
|
-
|
254
|
+
:stopped
|
249
255
|
end
|
256
|
+
else
|
257
|
+
@property_hash[:status]
|
250
258
|
end
|
251
259
|
end
|
252
260
|
|
@@ -314,7 +322,14 @@ Puppet::Type.type(:service).provide :launchd, :parent => :base do
|
|
314
322
|
job_plist_disabled = nil
|
315
323
|
overrides_disabled = nil
|
316
324
|
|
317
|
-
|
325
|
+
begin
|
326
|
+
_, job_plist = plist_from_label(resource[:name])
|
327
|
+
rescue Puppet::Error => err
|
328
|
+
# if job does not exist, log the error and return false as on other platforms
|
329
|
+
Puppet.log_exception(err)
|
330
|
+
return :false
|
331
|
+
end
|
332
|
+
|
318
333
|
job_plist_disabled = job_plist["Disabled"] if job_plist.has_key?("Disabled")
|
319
334
|
|
320
335
|
overrides = self.class.read_overrides if FileTest.file?(self.class.launchd_overrides)
|
@@ -1,5 +1,7 @@
|
|
1
1
|
# Manage systemd services using systemctl
|
2
2
|
|
3
|
+
require 'puppet/file_system'
|
4
|
+
|
3
5
|
Puppet::Type.type(:service).provide :systemd, :parent => :base do
|
4
6
|
desc "Manages `systemd` services using `systemctl`.
|
5
7
|
|
@@ -9,14 +11,7 @@ Puppet::Type.type(:service).provide :systemd, :parent => :base do
|
|
9
11
|
|
10
12
|
commands :systemctl => "systemctl"
|
11
13
|
|
12
|
-
|
13
|
-
# With multiple init systems on Debian, it is possible to have
|
14
|
-
# pieces of systemd around (e.g. systemctl) but not really be
|
15
|
-
# using systemd. We do not do this on other platforms as it can
|
16
|
-
# cause issues when running in a chroot without /run mounted
|
17
|
-
# (PUP-5577)
|
18
|
-
confine :exists => "/run/systemd/system"
|
19
|
-
end
|
14
|
+
confine :true => Puppet::FileSystem.exist?('/proc/1/exe') && Puppet::FileSystem.readlink('/proc/1/exe').include?('systemd')
|
20
15
|
|
21
16
|
defaultfor :osfamily => [:archlinux]
|
22
17
|
defaultfor :osfamily => :redhat, :operatingsystemmajrelease => ["7", "8"]
|
@@ -24,8 +19,8 @@ Puppet::Type.type(:service).provide :systemd, :parent => :base do
|
|
24
19
|
defaultfor :osfamily => :suse
|
25
20
|
defaultfor :osfamily => :coreos
|
26
21
|
defaultfor :operatingsystem => :amazon, :operatingsystemmajrelease => ["2"]
|
27
|
-
defaultfor :operatingsystem => :debian
|
28
|
-
|
22
|
+
defaultfor :operatingsystem => :debian
|
23
|
+
notdefaultfor :operatingsystem => :debian, :operatingsystemmajrelease => ["5", "6", "7"] # These are using the "debian" method
|
29
24
|
defaultfor :operatingsystem => :LinuxMint
|
30
25
|
notdefaultfor :operatingsystem => :LinuxMint, :operatingsystemmajrelease => ["10", "11", "12", "13", "14", "15", "16", "17"] # These are using upstart
|
31
26
|
defaultfor :operatingsystem => :ubuntu
|
@@ -67,11 +67,11 @@ Puppet::Type.type(:user).provide :pw, :parent => Puppet::Provider::NameService::
|
|
67
67
|
|
68
68
|
# use pw to update password hash
|
69
69
|
def password=(cryptopw)
|
70
|
-
Puppet.debug "change password for user '#{@resource[:name]}' method called with hash
|
70
|
+
Puppet.debug "change password for user '#{@resource[:name]}' method called with hash [redacted]"
|
71
71
|
stdin, _, _ = Open3.popen3("pw user mod #{@resource[:name]} -H 0")
|
72
72
|
stdin.puts(cryptopw)
|
73
73
|
stdin.close
|
74
|
-
Puppet.debug "finished password for user '#{@resource[:name]}' method called with hash
|
74
|
+
Puppet.debug "finished password for user '#{@resource[:name]}' method called with hash [redacted]"
|
75
75
|
end
|
76
76
|
|
77
77
|
# get password from /etc/master.passwd
|
@@ -79,10 +79,19 @@ Puppet::Type.type(:user).provide :pw, :parent => Puppet::Provider::NameService::
|
|
79
79
|
Puppet.debug "checking password for user '#{@resource[:name]}' method called"
|
80
80
|
current_passline = `getent passwd #{@resource[:name]}`
|
81
81
|
current_password = current_passline.chomp.split(':')[1] if current_passline
|
82
|
-
Puppet.debug "finished password for user '#{@resource[:name]}' method called :
|
82
|
+
Puppet.debug "finished password for user '#{@resource[:name]}' method called : [redacted]"
|
83
83
|
current_password
|
84
84
|
end
|
85
85
|
|
86
|
+
def has_sensitive_data?(property = nil)
|
87
|
+
#Check for sensitive values?
|
88
|
+
properties = property ? [property] : Puppet::Type.type(:user).validproperties
|
89
|
+
properties.any? do |prop|
|
90
|
+
p = @resource.parameter(prop)
|
91
|
+
p && p.respond_to?(:is_sensitive) && p.is_sensitive
|
92
|
+
end
|
93
|
+
end
|
94
|
+
|
86
95
|
# Get expiry from system and convert to Puppet-style date
|
87
96
|
def expiry
|
88
97
|
expiry = self.get(:expiry)
|
@@ -204,6 +204,10 @@ Puppet::Type.type(:user).provide :user_role_add, :parent => :useradd, :source =>
|
|
204
204
|
shadow_entry[5].empty? ? -1 : shadow_entry[5]
|
205
205
|
end
|
206
206
|
|
207
|
+
def has_sensitive_data?(property = nil)
|
208
|
+
false
|
209
|
+
end
|
210
|
+
|
207
211
|
# Read in /etc/shadow, find the line for our used and rewrite it with the
|
208
212
|
# new pw. Smooth like 80 grit sandpaper.
|
209
213
|
#
|
@@ -147,21 +147,35 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
|
|
147
147
|
# validproperties is a list of properties in undefined order
|
148
148
|
# sort them to have a predictable command line in tests
|
149
149
|
Puppet::Type.type(:user).validproperties.sort.each do |property|
|
150
|
-
|
151
|
-
next if
|
152
|
-
|
153
|
-
|
154
|
-
|
155
|
-
value = @resource.should(property)
|
156
|
-
if value && value != ""
|
157
|
-
# the value needs to be quoted, mostly because -c might
|
158
|
-
# have spaces in it
|
159
|
-
cmd << flag(property) << munge(property, value)
|
160
|
-
end
|
150
|
+
value = get_value_for_property(property)
|
151
|
+
next if value.nil?
|
152
|
+
# the value needs to be quoted, mostly because -c might
|
153
|
+
# have spaces in it
|
154
|
+
cmd << flag(property) << munge(property, value)
|
161
155
|
end
|
162
156
|
cmd
|
163
157
|
end
|
164
158
|
|
159
|
+
def get_value_for_property(property)
|
160
|
+
return nil if property == :ensure
|
161
|
+
return nil if property_manages_password_age?(property)
|
162
|
+
return nil if property == :groups and @resource.forcelocal?
|
163
|
+
return nil if property == :expiry and @resource.forcelocal?
|
164
|
+
value = @resource.should(property)
|
165
|
+
return nil if !value || value == ""
|
166
|
+
|
167
|
+
value
|
168
|
+
end
|
169
|
+
|
170
|
+
def has_sensitive_data?(property = nil)
|
171
|
+
#Check for sensitive values?
|
172
|
+
properties = property ? [property] : Puppet::Type.type(:user).validproperties
|
173
|
+
properties.any? do |prop|
|
174
|
+
p = @resource.parameter(prop)
|
175
|
+
p && p.respond_to?(:is_sensitive) && p.is_sensitive
|
176
|
+
end
|
177
|
+
end
|
178
|
+
|
165
179
|
def addcmd
|
166
180
|
if @resource.forcelocal?
|
167
181
|
cmd = [command(:localadd)]
|
@@ -5,6 +5,8 @@ require 'puppet/ssl/base'
|
|
5
5
|
# for turning CSRs into certificates; we can only
|
6
6
|
# retrieve them from the CA (or not, as is often
|
7
7
|
# the case).
|
8
|
+
#
|
9
|
+
# @deprecated Use {Puppet::SSL::SSLProvider} instead.
|
8
10
|
class Puppet::SSL::Certificate < Puppet::SSL::Base
|
9
11
|
# This is defined from the base class
|
10
12
|
wraps OpenSSL::X509::Certificate
|
data/lib/puppet/ssl/host.rb
CHANGED
@@ -9,6 +9,8 @@ require 'puppet/rest/routes'
|
|
9
9
|
|
10
10
|
# The class that manages all aspects of our SSL certificates --
|
11
11
|
# private keys, public keys, requests, etc.
|
12
|
+
#
|
13
|
+
# @deprecated Use {Puppet::SSL::SSLProvider} instead.
|
12
14
|
class Puppet::SSL::Host
|
13
15
|
# Yay, ruby's strange constant lookups.
|
14
16
|
Key = Puppet::SSL::Key
|
@@ -230,6 +232,7 @@ ERROR_STRING
|
|
230
232
|
@key = @certificate = @certificate_request = nil
|
231
233
|
@crl_usage = Puppet.settings[:certificate_revocation]
|
232
234
|
@crl_path = Puppet.settings[:hostcrl]
|
235
|
+
Puppet.deprecation_warning(_("Puppet::SSL::Host is deprecated and will be removed in a future release of Puppet."));
|
233
236
|
end
|
234
237
|
|
235
238
|
# Extract the public key from the private key.
|
data/lib/puppet/ssl/key.rb
CHANGED
@@ -33,8 +33,8 @@ module Puppet::Util::HttpProxy
|
|
33
33
|
# .example.com
|
34
34
|
# We'll accommodate both here.
|
35
35
|
def self.no_proxy?(dest)
|
36
|
-
|
37
|
-
unless
|
36
|
+
no_proxy = self.no_proxy
|
37
|
+
unless no_proxy
|
38
38
|
return false
|
39
39
|
end
|
40
40
|
|
@@ -46,7 +46,7 @@ module Puppet::Util::HttpProxy
|
|
46
46
|
end
|
47
47
|
end
|
48
48
|
|
49
|
-
|
49
|
+
no_proxy.split(/\s*,\s*/).each do |d|
|
50
50
|
host, port = d.split(':')
|
51
51
|
host = Regexp.escape(host).gsub('\*', '.*')
|
52
52
|
|
@@ -128,6 +128,20 @@ module Puppet::Util::HttpProxy
|
|
128
128
|
return Puppet.settings[:http_proxy_password]
|
129
129
|
end
|
130
130
|
|
131
|
+
def self.no_proxy
|
132
|
+
no_proxy_env = ENV["no_proxy"] || ENV["NO_PROXY"]
|
133
|
+
|
134
|
+
if no_proxy_env
|
135
|
+
return no_proxy_env
|
136
|
+
end
|
137
|
+
|
138
|
+
if Puppet.settings[:no_proxy] == 'none'
|
139
|
+
return nil
|
140
|
+
end
|
141
|
+
|
142
|
+
return Puppet.settings[:no_proxy]
|
143
|
+
end
|
144
|
+
|
131
145
|
# Return a Net::HTTP::Proxy object.
|
132
146
|
#
|
133
147
|
# This method optionally configures SSL correctly if the URI scheme is
|
@@ -99,22 +99,6 @@ unless OpenSSL::X509::Name.instance_methods.include?(:to_utf8)
|
|
99
99
|
end
|
100
100
|
end
|
101
101
|
|
102
|
-
if RUBY_VERSION =~ /^2\.3/
|
103
|
-
module OpenSSL::PKey
|
104
|
-
alias __original_read read
|
105
|
-
def read(*args)
|
106
|
-
__original_read(*args)
|
107
|
-
rescue ArgumentError => e
|
108
|
-
# ruby <= 2.3 raises ArgumentError if it can't decrypt
|
109
|
-
# passphrase protected private keys, fixed in 2.4.0
|
110
|
-
# see https://bugs.ruby-lang.org/issues/11774
|
111
|
-
raise OpenSSL::PKey::PKeyError, e.message
|
112
|
-
end
|
113
|
-
module_function :read
|
114
|
-
module_function :__original_read
|
115
|
-
end
|
116
|
-
end
|
117
|
-
|
118
102
|
unless OpenSSL::PKey::EC.instance_methods.include?(:private?)
|
119
103
|
class OpenSSL::PKey::EC
|
120
104
|
# Added in ruby 2.4.0 in https://github.com/ruby/ruby/commit/7c971e61f04
|