puppet 6.7.2 → 6.8.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of puppet might be problematic. Click here for more details.

Files changed (89) hide show
  1. checksums.yaml +4 -4
  2. data/CODEOWNERS +9 -9
  3. data/Gemfile +1 -1
  4. data/Gemfile.lock +7 -7
  5. data/install.rb +3 -21
  6. data/lib/puppet/application/agent.rb +17 -13
  7. data/lib/puppet/application/device.rb +10 -0
  8. data/lib/puppet/defaults.rb +21 -6
  9. data/lib/puppet/face/facts.rb +1 -1
  10. data/lib/puppet/face/parser.rb +3 -2
  11. data/lib/puppet/forge.rb +19 -4
  12. data/lib/puppet/indirector/certificate/file.rb +1 -0
  13. data/lib/puppet/indirector/certificate/rest.rb +1 -0
  14. data/lib/puppet/indirector/certificate_request/file.rb +1 -0
  15. data/lib/puppet/indirector/certificate_request/memory.rb +1 -0
  16. data/lib/puppet/indirector/certificate_request/rest.rb +1 -0
  17. data/lib/puppet/indirector/key/file.rb +1 -0
  18. data/lib/puppet/indirector/key/memory.rb +1 -0
  19. data/lib/puppet/module_tool/applications/installer.rb +0 -3
  20. data/lib/puppet/network/http/factory.rb +1 -11
  21. data/lib/puppet/pops/lookup.rb +1 -0
  22. data/lib/puppet/pops/lookup/key_recorder.rb +18 -0
  23. data/lib/puppet/pops/lookup/lookup_adapter.rb +7 -0
  24. data/lib/puppet/provider/file/posix.rb +5 -0
  25. data/lib/puppet/provider/nameservice.rb +10 -3
  26. data/lib/puppet/provider/package/apt.rb +1 -1
  27. data/lib/puppet/provider/package/dpkg.rb +17 -3
  28. data/lib/puppet/provider/service/launchd.rb +20 -5
  29. data/lib/puppet/provider/service/systemd.rb +5 -10
  30. data/lib/puppet/provider/user/pw.rb +12 -3
  31. data/lib/puppet/provider/user/user_role_add.rb +4 -0
  32. data/lib/puppet/provider/user/useradd.rb +25 -11
  33. data/lib/puppet/ssl/certificate.rb +2 -0
  34. data/lib/puppet/ssl/host.rb +3 -0
  35. data/lib/puppet/ssl/key.rb +2 -0
  36. data/lib/puppet/util/http_proxy.rb +17 -3
  37. data/lib/puppet/util/monkey_patches.rb +0 -16
  38. data/lib/puppet/util/selinux.rb +5 -1
  39. data/lib/puppet/util/windows/security.rb +2 -0
  40. data/lib/puppet/util/windows/sid.rb +1 -0
  41. data/lib/puppet/version.rb +1 -1
  42. data/lib/puppet/x509/cert_provider.rb +13 -15
  43. data/locales/puppet.pot +77 -65
  44. data/man/man5/puppet.conf.5 +20 -4
  45. data/man/man8/puppet-agent.8 +24 -7
  46. data/man/man8/puppet-apply.8 +1 -1
  47. data/man/man8/puppet-catalog.8 +1 -1
  48. data/man/man8/puppet-config.8 +1 -1
  49. data/man/man8/puppet-describe.8 +1 -1
  50. data/man/man8/puppet-device.8 +1 -1
  51. data/man/man8/puppet-doc.8 +1 -1
  52. data/man/man8/puppet-epp.8 +1 -1
  53. data/man/man8/puppet-facts.8 +1 -1
  54. data/man/man8/puppet-filebucket.8 +1 -1
  55. data/man/man8/puppet-generate.8 +1 -1
  56. data/man/man8/puppet-help.8 +1 -1
  57. data/man/man8/puppet-key.8 +1 -1
  58. data/man/man8/puppet-lookup.8 +1 -1
  59. data/man/man8/puppet-man.8 +1 -1
  60. data/man/man8/puppet-module.8 +1 -1
  61. data/man/man8/puppet-node.8 +1 -1
  62. data/man/man8/puppet-parser.8 +1 -1
  63. data/man/man8/puppet-plugin.8 +1 -1
  64. data/man/man8/puppet-report.8 +1 -1
  65. data/man/man8/puppet-resource.8 +1 -1
  66. data/man/man8/puppet-script.8 +1 -1
  67. data/man/man8/puppet-ssl.8 +1 -1
  68. data/man/man8/puppet-status.8 +1 -1
  69. data/man/man8/puppet.8 +2 -2
  70. data/spec/integration/provider/service/systemd_spec.rb +7 -5
  71. data/spec/integration/type/file_spec.rb +28 -0
  72. data/spec/unit/application/device_spec.rb +26 -0
  73. data/spec/unit/face/facts_spec.rb +9 -0
  74. data/spec/unit/face/parser_spec.rb +17 -5
  75. data/spec/unit/forge/module_release_spec.rb +66 -31
  76. data/spec/unit/module_tool/applications/installer_spec.rb +0 -9
  77. data/spec/unit/network/http/factory_spec.rb +27 -5
  78. data/spec/unit/provider/package/dpkg_spec.rb +84 -4
  79. data/spec/unit/provider/service/launchd_spec.rb +28 -0
  80. data/spec/unit/provider/service/systemd_spec.rb +14 -0
  81. data/spec/unit/provider/user/pw_spec.rb +37 -0
  82. data/spec/unit/provider/user/useradd_spec.rb +42 -0
  83. data/spec/unit/transaction_spec.rb +18 -0
  84. data/spec/unit/util/http_proxy_spec.rb +24 -1
  85. data/spec/unit/x509/cert_provider_spec.rb +1 -1
  86. metadata +4 -7
  87. data/ext/windows/eventlog/Rakefile +0 -32
  88. data/ext/windows/eventlog/puppetres.dll +0 -0
  89. data/ext/windows/eventlog/puppetres.mc +0 -18
@@ -25,17 +25,7 @@ class Puppet::Network::HTTP::Factory
25
25
  def create_connection(site)
26
26
  Puppet.debug("Creating new connection for #{site}")
27
27
 
28
- args = [site.host, site.port]
29
-
30
- unless Puppet::Util::HttpProxy.no_proxy?(site)
31
- if Puppet[:http_proxy_host] == "none"
32
- args << nil << nil
33
- else
34
- args << Puppet[:http_proxy_host] << Puppet[:http_proxy_port]
35
- end
36
- end
37
-
38
- http = Net::HTTP.new(*args)
28
+ http = Puppet::Util::HttpProxy.proxy(URI(site.addr))
39
29
  http.use_ssl = site.use_ssl?
40
30
  http.read_timeout = Puppet[:http_read_timeout]
41
31
  http.open_timeout = Puppet[:http_connect_timeout]
@@ -94,3 +94,4 @@ end
94
94
  end
95
95
 
96
96
  require_relative 'lookup/lookup_adapter'
97
+ require_relative 'lookup/key_recorder'
@@ -0,0 +1,18 @@
1
+ # This class defines the private API of the Lookup Key Recorder support.
2
+ # @api private
3
+ #
4
+ class Puppet::Pops::Lookup::KeyRecorder
5
+
6
+ def initialize()
7
+ end
8
+
9
+ def self.singleton
10
+ @null_recorder ||= self.new
11
+ end
12
+
13
+ # Records a key
14
+ # (This implementation does nothing)
15
+ #
16
+ def record(key)
17
+ end
18
+ end
@@ -27,6 +27,8 @@ class LookupAdapter < DataAdapter
27
27
  super()
28
28
  @compiler = compiler
29
29
  @lookup_options = {}
30
+ # Get a KeyRecorder from context, and set a "null recorder" if not defined
31
+ @key_recorder = Puppet.lookup(:lookup_key_recorder) { KeyRecorder.singleton }
30
32
  end
31
33
 
32
34
  # Performs a lookup using global, environment, and module data providers. Merge the result using the given
@@ -48,6 +50,11 @@ class LookupAdapter < DataAdapter
48
50
  end
49
51
  end
50
52
 
53
+ # Record that the key was looked up. This will record all keys for which a lookup is performed
54
+ # except 'lookup_options' (since that is illegal from a user perspective,
55
+ # and from an impact perspective is always looked up).
56
+ @key_recorder.record(key)
57
+
51
58
  key = LookupKey.new(key)
52
59
  lookup_invocation.lookup(key, key.module_name) do
53
60
  if lookup_invocation.only_explain_options?
@@ -8,6 +8,11 @@ Puppet::Type.type(:file).provide :posix do
8
8
  include Puppet::Util::Warnings
9
9
 
10
10
  require 'etc'
11
+ require 'puppet/util/selinux'
12
+
13
+ def self.post_resource_eval
14
+ Selinux.matchpathcon_fini if Puppet::Util::SELinux.selinux_support?
15
+ end
11
16
 
12
17
  def uid2name(id)
13
18
  return id.to_s if id.is_a?(Symbol) or id.is_a?(String)
@@ -173,9 +173,10 @@ class Puppet::Provider::NameService < Puppet::Provider
173
173
  end
174
174
 
175
175
  begin
176
- execute(self.addcmd, {:failonfail => true, :combine => true, :custom_environment => @custom_environment})
176
+ sensitive = has_sensitive_data?
177
+ execute(self.addcmd, {:failonfail => true, :combine => true, :custom_environment => @custom_environment, :sensitive => sensitive})
177
178
  if feature?(:manages_password_age) && (cmd = passcmd)
178
- execute(cmd, {:failonfail => true, :combine => true, :custom_environment => @custom_environment})
179
+ execute(cmd, {:failonfail => true, :combine => true, :custom_environment => @custom_environment, :sensitive => sensitive})
179
180
  end
180
181
  rescue Puppet::ExecutionFailure => detail
181
182
  raise Puppet::Error, _("Could not create %{resource} %{name}: %{detail}") % { resource: @resource.class.name, name: @resource.name, detail: detail }, detail.backtrace
@@ -279,13 +280,19 @@ class Puppet::Provider::NameService < Puppet::Provider
279
280
  self.class.validate(param, value)
280
281
  cmd = modifycmd(param, munge(param, value))
281
282
  raise Puppet::DevError, _("Nameservice command must be an array") unless cmd.is_a?(Array)
283
+ sensitive = has_sensitive_data?(param)
282
284
  begin
283
- execute(cmd, {:failonfail => true, :combine => true, :custom_environment => @custom_environment})
285
+ execute(cmd, {:failonfail => true, :combine => true, :custom_environment => @custom_environment, :sensitive => sensitive})
284
286
  rescue Puppet::ExecutionFailure => detail
285
287
  raise Puppet::Error, _("Could not set %{param} on %{resource}[%{name}]: %{detail}") % { param: param, resource: @resource.class.name, name: @resource.name, detail: detail }, detail.backtrace
286
288
  end
287
289
  end
288
290
 
291
+ #Derived classes can override to declare sensitive data so a flag can be passed to execute
292
+ def has_sensitive_data?(property = nil)
293
+ false
294
+ end
295
+
289
296
  # From overriding Puppet::Property#insync? Ruby Etc::getpwnam < 2.1.0 always
290
297
  # returns a struct with binary encoded string values, and >= 2.1.0 will return
291
298
  # binary encoded strings for values incompatible with current locale charset,
@@ -8,7 +8,7 @@ Puppet::Type.type(:package).provide :apt, :parent => :dpkg, :source => :dpkg do
8
8
  These options should be specified as an array where each element is either a
9
9
  string or a hash."
10
10
 
11
- has_feature :versionable, :install_options
11
+ has_feature :versionable, :install_options, :virtual_packages
12
12
 
13
13
  commands :aptget => "/usr/bin/apt-get"
14
14
  commands :aptcache => "/usr/bin/apt-cache"
@@ -5,7 +5,7 @@ Puppet::Type.type(:package).provide :dpkg, :parent => Puppet::Provider::Package
5
5
  and not `apt`, you must specify the source of any packages you want
6
6
  to manage."
7
7
 
8
- has_feature :holdable
8
+ has_feature :holdable, :virtual_packages
9
9
 
10
10
  commands :dpkg => "/usr/bin/dpkg"
11
11
  commands :dpkg_deb => "/usr/bin/dpkg-deb"
@@ -45,16 +45,18 @@ Puppet::Type.type(:package).provide :dpkg, :parent => Puppet::Provider::Package
45
45
  # Note: self:: is required here to keep these constants in the context of what will
46
46
  # eventually become this Puppet::Type::Package::ProviderDpkg class.
47
47
  self::DPKG_QUERY_FORMAT_STRING = %Q{'${Status} ${Package} ${Version}\\n'}
48
+ self::DPKG_QUERY_PROVIDES_FORMAT_STRING = %Q{'${Status} ${Package} ${Version} [${Provides}]\\n'}
48
49
  self::FIELDS_REGEX = %r{^(\S+) +(\S+) +(\S+) (\S+) (\S*)$}
50
+ self::FIELDS_REGEX_WITH_PROVIDES = %r{^(\S+) +(\S+) +(\S+) (\S+) (\S*) \[.*\]$}
49
51
  self::FIELDS= [:desired, :error, :status, :name, :ensure]
50
52
 
51
53
  # @param line [String] one line of dpkg-query output
52
54
  # @return [Hash,nil] a hash of FIELDS or nil if we failed to match
53
55
  # @api private
54
- def self.parse_line(line)
56
+ def self.parse_line(line, regex=self::FIELDS_REGEX)
55
57
  hash = nil
56
58
 
57
- match = self::FIELDS_REGEX.match(line)
59
+ match = regex.match(line)
58
60
  if match
59
61
  hash = {}
60
62
 
@@ -116,6 +118,18 @@ Puppet::Type.type(:package).provide :dpkg, :parent => Puppet::Provider::Package
116
118
 
117
119
  # list out our specific package
118
120
  begin
121
+ if @resource.allow_virtual?
122
+ output = dpkgquery(
123
+ "-W",
124
+ "--showformat",
125
+ self.class::DPKG_QUERY_PROVIDES_FORMAT_STRING
126
+ ).lines.find {|package| package.match(/\[.*#{@resource[:name]}.*\]/)}
127
+ if output
128
+ hash = self.class.parse_line(output,self.class::FIELDS_REGEX_WITH_PROVIDES)
129
+ Puppet.info("Package #{@resource[:name]} is virtual, defaulting to #{hash[:name]}")
130
+ @resource[:name] = hash[:name]
131
+ end
132
+ end
119
133
  output = dpkgquery(
120
134
  "-W",
121
135
  "--showformat",
@@ -241,12 +241,20 @@ Puppet::Type.type(:service).provide :launchd, :parent => :base do
241
241
  def status
242
242
  if @resource && ((@resource[:hasstatus] == :false) || (@resource[:status]))
243
243
  return super
244
- else
245
- if @property_hash[:status].nil?
246
- :absent
244
+ elsif @property_hash[:status].nil?
245
+ # property_hash was flushed so the service changed status
246
+ service_name = @resource[:name]
247
+ # Updating services with new statuses
248
+ job_list = self.class.job_list
249
+ # if job is present in job_list, return its status
250
+ if job_list.key?(service_name)
251
+ job_list[service_name]
252
+ # if job is no longer present in job_list, it was stopped
247
253
  else
248
- @property_hash[:status]
254
+ :stopped
249
255
  end
256
+ else
257
+ @property_hash[:status]
250
258
  end
251
259
  end
252
260
 
@@ -314,7 +322,14 @@ Puppet::Type.type(:service).provide :launchd, :parent => :base do
314
322
  job_plist_disabled = nil
315
323
  overrides_disabled = nil
316
324
 
317
- _, job_plist = plist_from_label(resource[:name])
325
+ begin
326
+ _, job_plist = plist_from_label(resource[:name])
327
+ rescue Puppet::Error => err
328
+ # if job does not exist, log the error and return false as on other platforms
329
+ Puppet.log_exception(err)
330
+ return :false
331
+ end
332
+
318
333
  job_plist_disabled = job_plist["Disabled"] if job_plist.has_key?("Disabled")
319
334
 
320
335
  overrides = self.class.read_overrides if FileTest.file?(self.class.launchd_overrides)
@@ -1,5 +1,7 @@
1
1
  # Manage systemd services using systemctl
2
2
 
3
+ require 'puppet/file_system'
4
+
3
5
  Puppet::Type.type(:service).provide :systemd, :parent => :base do
4
6
  desc "Manages `systemd` services using `systemctl`.
5
7
 
@@ -9,14 +11,7 @@ Puppet::Type.type(:service).provide :systemd, :parent => :base do
9
11
 
10
12
  commands :systemctl => "systemctl"
11
13
 
12
- if Facter.value(:osfamily).downcase == 'debian'
13
- # With multiple init systems on Debian, it is possible to have
14
- # pieces of systemd around (e.g. systemctl) but not really be
15
- # using systemd. We do not do this on other platforms as it can
16
- # cause issues when running in a chroot without /run mounted
17
- # (PUP-5577)
18
- confine :exists => "/run/systemd/system"
19
- end
14
+ confine :true => Puppet::FileSystem.exist?('/proc/1/exe') && Puppet::FileSystem.readlink('/proc/1/exe').include?('systemd')
20
15
 
21
16
  defaultfor :osfamily => [:archlinux]
22
17
  defaultfor :osfamily => :redhat, :operatingsystemmajrelease => ["7", "8"]
@@ -24,8 +19,8 @@ Puppet::Type.type(:service).provide :systemd, :parent => :base do
24
19
  defaultfor :osfamily => :suse
25
20
  defaultfor :osfamily => :coreos
26
21
  defaultfor :operatingsystem => :amazon, :operatingsystemmajrelease => ["2"]
27
- defaultfor :operatingsystem => :debian, :operatingsystemmajrelease => ["8", "stretch/sid", "9", "buster/sid"]
28
-
22
+ defaultfor :operatingsystem => :debian
23
+ notdefaultfor :operatingsystem => :debian, :operatingsystemmajrelease => ["5", "6", "7"] # These are using the "debian" method
29
24
  defaultfor :operatingsystem => :LinuxMint
30
25
  notdefaultfor :operatingsystem => :LinuxMint, :operatingsystemmajrelease => ["10", "11", "12", "13", "14", "15", "16", "17"] # These are using upstart
31
26
  defaultfor :operatingsystem => :ubuntu
@@ -67,11 +67,11 @@ Puppet::Type.type(:user).provide :pw, :parent => Puppet::Provider::NameService::
67
67
 
68
68
  # use pw to update password hash
69
69
  def password=(cryptopw)
70
- Puppet.debug "change password for user '#{@resource[:name]}' method called with hash '#{cryptopw}'"
70
+ Puppet.debug "change password for user '#{@resource[:name]}' method called with hash [redacted]"
71
71
  stdin, _, _ = Open3.popen3("pw user mod #{@resource[:name]} -H 0")
72
72
  stdin.puts(cryptopw)
73
73
  stdin.close
74
- Puppet.debug "finished password for user '#{@resource[:name]}' method called with hash '#{cryptopw}'"
74
+ Puppet.debug "finished password for user '#{@resource[:name]}' method called with hash [redacted]"
75
75
  end
76
76
 
77
77
  # get password from /etc/master.passwd
@@ -79,10 +79,19 @@ Puppet::Type.type(:user).provide :pw, :parent => Puppet::Provider::NameService::
79
79
  Puppet.debug "checking password for user '#{@resource[:name]}' method called"
80
80
  current_passline = `getent passwd #{@resource[:name]}`
81
81
  current_password = current_passline.chomp.split(':')[1] if current_passline
82
- Puppet.debug "finished password for user '#{@resource[:name]}' method called : '#{current_password}'"
82
+ Puppet.debug "finished password for user '#{@resource[:name]}' method called : [redacted]"
83
83
  current_password
84
84
  end
85
85
 
86
+ def has_sensitive_data?(property = nil)
87
+ #Check for sensitive values?
88
+ properties = property ? [property] : Puppet::Type.type(:user).validproperties
89
+ properties.any? do |prop|
90
+ p = @resource.parameter(prop)
91
+ p && p.respond_to?(:is_sensitive) && p.is_sensitive
92
+ end
93
+ end
94
+
86
95
  # Get expiry from system and convert to Puppet-style date
87
96
  def expiry
88
97
  expiry = self.get(:expiry)
@@ -204,6 +204,10 @@ Puppet::Type.type(:user).provide :user_role_add, :parent => :useradd, :source =>
204
204
  shadow_entry[5].empty? ? -1 : shadow_entry[5]
205
205
  end
206
206
 
207
+ def has_sensitive_data?(property = nil)
208
+ false
209
+ end
210
+
207
211
  # Read in /etc/shadow, find the line for our used and rewrite it with the
208
212
  # new pw. Smooth like 80 grit sandpaper.
209
213
  #
@@ -147,21 +147,35 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
147
147
  # validproperties is a list of properties in undefined order
148
148
  # sort them to have a predictable command line in tests
149
149
  Puppet::Type.type(:user).validproperties.sort.each do |property|
150
- next if property == :ensure
151
- next if property_manages_password_age?(property)
152
- next if (property == :groups) && @resource.forcelocal?
153
- next if (property == :expiry) && @resource.forcelocal?
154
-
155
- value = @resource.should(property)
156
- if value && value != ""
157
- # the value needs to be quoted, mostly because -c might
158
- # have spaces in it
159
- cmd << flag(property) << munge(property, value)
160
- end
150
+ value = get_value_for_property(property)
151
+ next if value.nil?
152
+ # the value needs to be quoted, mostly because -c might
153
+ # have spaces in it
154
+ cmd << flag(property) << munge(property, value)
161
155
  end
162
156
  cmd
163
157
  end
164
158
 
159
+ def get_value_for_property(property)
160
+ return nil if property == :ensure
161
+ return nil if property_manages_password_age?(property)
162
+ return nil if property == :groups and @resource.forcelocal?
163
+ return nil if property == :expiry and @resource.forcelocal?
164
+ value = @resource.should(property)
165
+ return nil if !value || value == ""
166
+
167
+ value
168
+ end
169
+
170
+ def has_sensitive_data?(property = nil)
171
+ #Check for sensitive values?
172
+ properties = property ? [property] : Puppet::Type.type(:user).validproperties
173
+ properties.any? do |prop|
174
+ p = @resource.parameter(prop)
175
+ p && p.respond_to?(:is_sensitive) && p.is_sensitive
176
+ end
177
+ end
178
+
165
179
  def addcmd
166
180
  if @resource.forcelocal?
167
181
  cmd = [command(:localadd)]
@@ -5,6 +5,8 @@ require 'puppet/ssl/base'
5
5
  # for turning CSRs into certificates; we can only
6
6
  # retrieve them from the CA (or not, as is often
7
7
  # the case).
8
+ #
9
+ # @deprecated Use {Puppet::SSL::SSLProvider} instead.
8
10
  class Puppet::SSL::Certificate < Puppet::SSL::Base
9
11
  # This is defined from the base class
10
12
  wraps OpenSSL::X509::Certificate
@@ -9,6 +9,8 @@ require 'puppet/rest/routes'
9
9
 
10
10
  # The class that manages all aspects of our SSL certificates --
11
11
  # private keys, public keys, requests, etc.
12
+ #
13
+ # @deprecated Use {Puppet::SSL::SSLProvider} instead.
12
14
  class Puppet::SSL::Host
13
15
  # Yay, ruby's strange constant lookups.
14
16
  Key = Puppet::SSL::Key
@@ -230,6 +232,7 @@ ERROR_STRING
230
232
  @key = @certificate = @certificate_request = nil
231
233
  @crl_usage = Puppet.settings[:certificate_revocation]
232
234
  @crl_path = Puppet.settings[:hostcrl]
235
+ Puppet.deprecation_warning(_("Puppet::SSL::Host is deprecated and will be removed in a future release of Puppet."));
233
236
  end
234
237
 
235
238
  # Extract the public key from the private key.
@@ -2,6 +2,8 @@ require 'puppet/ssl/base'
2
2
  require 'puppet/indirector'
3
3
 
4
4
  # Manage private and public keys as a pair.
5
+ #
6
+ # @deprecated Use {Puppet::SSL::SSLProvider} instead.
5
7
  class Puppet::SSL::Key < Puppet::SSL::Base
6
8
  wraps OpenSSL::PKey::RSA
7
9
 
@@ -33,8 +33,8 @@ module Puppet::Util::HttpProxy
33
33
  # .example.com
34
34
  # We'll accommodate both here.
35
35
  def self.no_proxy?(dest)
36
- no_proxy_env = ENV["no_proxy"] || ENV["NO_PROXY"]
37
- unless no_proxy_env
36
+ no_proxy = self.no_proxy
37
+ unless no_proxy
38
38
  return false
39
39
  end
40
40
 
@@ -46,7 +46,7 @@ module Puppet::Util::HttpProxy
46
46
  end
47
47
  end
48
48
 
49
- no_proxy_env.split(/\s*,\s*/).each do |d|
49
+ no_proxy.split(/\s*,\s*/).each do |d|
50
50
  host, port = d.split(':')
51
51
  host = Regexp.escape(host).gsub('\*', '.*')
52
52
 
@@ -128,6 +128,20 @@ module Puppet::Util::HttpProxy
128
128
  return Puppet.settings[:http_proxy_password]
129
129
  end
130
130
 
131
+ def self.no_proxy
132
+ no_proxy_env = ENV["no_proxy"] || ENV["NO_PROXY"]
133
+
134
+ if no_proxy_env
135
+ return no_proxy_env
136
+ end
137
+
138
+ if Puppet.settings[:no_proxy] == 'none'
139
+ return nil
140
+ end
141
+
142
+ return Puppet.settings[:no_proxy]
143
+ end
144
+
131
145
  # Return a Net::HTTP::Proxy object.
132
146
  #
133
147
  # This method optionally configures SSL correctly if the URI scheme is
@@ -99,22 +99,6 @@ unless OpenSSL::X509::Name.instance_methods.include?(:to_utf8)
99
99
  end
100
100
  end
101
101
 
102
- if RUBY_VERSION =~ /^2\.3/
103
- module OpenSSL::PKey
104
- alias __original_read read
105
- def read(*args)
106
- __original_read(*args)
107
- rescue ArgumentError => e
108
- # ruby <= 2.3 raises ArgumentError if it can't decrypt
109
- # passphrase protected private keys, fixed in 2.4.0
110
- # see https://bugs.ruby-lang.org/issues/11774
111
- raise OpenSSL::PKey::PKeyError, e.message
112
- end
113
- module_function :read
114
- module_function :__original_read
115
- end
116
- end
117
-
118
102
  unless OpenSSL::PKey::EC.instance_methods.include?(:private?)
119
103
  class OpenSSL::PKey::EC
120
104
  # Added in ruby 2.4.0 in https://github.com/ruby/ruby/commit/7c971e61f04
@@ -13,7 +13,7 @@ require 'pathname'
13
13
 
14
14
  module Puppet::Util::SELinux
15
15
 
16
- def selinux_support?
16
+ def self.selinux_support?
17
17
  return false unless defined?(Selinux)
18
18
  if Selinux.is_selinux_enabled == 1
19
19
  return true
@@ -21,6 +21,10 @@ module Puppet::Util::SELinux
21
21
  false
22
22
  end
23
23
 
24
+ def selinux_support?
25
+ Puppet::Util::SELinux.selinux_support?
26
+ end
27
+
24
28
  # Retrieve and return the full context of the file. If we don't have
25
29
  # SELinux support or if the SELinux call fails then return nil.
26
30
  def get_selinux_current_context(file)