puppet 7.0.0-x64-mingw32 → 7.5.0-x64-mingw32

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of puppet might be problematic. Click here for more details.

Files changed (191) hide show
  1. checksums.yaml +4 -4
  2. data/CODEOWNERS +2 -16
  3. data/Gemfile +2 -3
  4. data/Gemfile.lock +45 -33
  5. data/ext/build_defaults.yaml +0 -1
  6. data/ext/project_data.yaml +1 -0
  7. data/lib/puppet/application.rb +10 -6
  8. data/lib/puppet/application/agent.rb +1 -0
  9. data/lib/puppet/application/apply.rb +3 -2
  10. data/lib/puppet/application/device.rb +1 -0
  11. data/lib/puppet/application/script.rb +1 -0
  12. data/lib/puppet/application/ssl.rb +11 -0
  13. data/lib/puppet/application_support.rb +7 -0
  14. data/lib/puppet/configurer.rb +16 -3
  15. data/lib/puppet/defaults.rb +14 -41
  16. data/lib/puppet/environments.rb +54 -55
  17. data/lib/puppet/face/facts.rb +26 -2
  18. data/lib/puppet/face/node/clean.rb +8 -0
  19. data/lib/puppet/ffi/posix.rb +10 -0
  20. data/lib/puppet/ffi/posix/constants.rb +14 -0
  21. data/lib/puppet/ffi/posix/functions.rb +24 -0
  22. data/lib/puppet/ffi/windows/api_types.rb +1 -1
  23. data/lib/puppet/ffi/windows/constants.rb +1 -1
  24. data/lib/puppet/file_serving/configuration/parser.rb +5 -2
  25. data/lib/puppet/file_system/memory_file.rb +8 -1
  26. data/lib/puppet/file_system/windows.rb +2 -0
  27. data/lib/puppet/http/factory.rb +4 -0
  28. data/lib/puppet/indirector/facts/facter.rb +1 -0
  29. data/lib/puppet/module_tool/applications/installer.rb +48 -2
  30. data/lib/puppet/module_tool/errors/shared.rb +17 -2
  31. data/lib/puppet/network/formats.rb +67 -0
  32. data/lib/puppet/network/http.rb +5 -2
  33. data/lib/puppet/network/http/api.rb +10 -6
  34. data/lib/puppet/network/http/api/master.rb +3 -2
  35. data/lib/puppet/network/http/api/master/v3.rb +2 -25
  36. data/lib/puppet/network/http/api/master/v3/environments.rb +2 -33
  37. data/lib/puppet/network/http/api/server.rb +10 -0
  38. data/lib/puppet/network/http/api/server/v3.rb +39 -0
  39. data/lib/puppet/network/http/api/server/v3/environments.rb +48 -0
  40. data/lib/puppet/parser/ast/leaf.rb +3 -2
  41. data/lib/puppet/parser/templatewrapper.rb +1 -1
  42. data/lib/puppet/pops/evaluator/deferred_resolver.rb +5 -3
  43. data/lib/puppet/pops/model/ast_transformer.rb +1 -1
  44. data/lib/puppet/pops/parser/lexer2.rb +0 -4
  45. data/lib/puppet/pops/validation/checker4_0.rb +0 -1
  46. data/lib/puppet/property/list.rb +1 -1
  47. data/lib/puppet/provider/group/groupadd.rb +13 -8
  48. data/lib/puppet/provider/package/apt.rb +34 -2
  49. data/lib/puppet/provider/package/aptitude.rb +6 -0
  50. data/lib/puppet/provider/service/debian.rb +2 -0
  51. data/lib/puppet/provider/user/aix.rb +2 -2
  52. data/lib/puppet/provider/user/useradd.rb +62 -8
  53. data/lib/puppet/reference/configuration.rb +6 -5
  54. data/lib/puppet/settings.rb +33 -28
  55. data/lib/puppet/settings/alias_setting.rb +37 -0
  56. data/lib/puppet/settings/environment_conf.rb +1 -0
  57. data/lib/puppet/type/package.rb +3 -3
  58. data/lib/puppet/type/user.rb +1 -1
  59. data/lib/puppet/util/autoload.rb +1 -8
  60. data/lib/puppet/util/monkey_patches.rb +7 -0
  61. data/lib/puppet/util/posix.rb +54 -5
  62. data/lib/puppet/util/windows/adsi.rb +46 -0
  63. data/lib/puppet/util/windows/principal.rb +9 -2
  64. data/lib/puppet/util/windows/sid.rb +4 -2
  65. data/lib/puppet/version.rb +1 -1
  66. data/locales/puppet.pot +166 -146
  67. data/man/man5/puppet.conf.5 +14 -6
  68. data/man/man8/puppet-agent.8 +2 -2
  69. data/man/man8/puppet-apply.8 +2 -2
  70. data/man/man8/puppet-catalog.8 +1 -1
  71. data/man/man8/puppet-config.8 +1 -1
  72. data/man/man8/puppet-describe.8 +1 -1
  73. data/man/man8/puppet-device.8 +2 -2
  74. data/man/man8/puppet-doc.8 +1 -1
  75. data/man/man8/puppet-epp.8 +1 -1
  76. data/man/man8/puppet-facts.8 +8 -2
  77. data/man/man8/puppet-filebucket.8 +1 -1
  78. data/man/man8/puppet-generate.8 +1 -1
  79. data/man/man8/puppet-help.8 +1 -1
  80. data/man/man8/puppet-lookup.8 +1 -1
  81. data/man/man8/puppet-module.8 +1 -1
  82. data/man/man8/puppet-node.8 +1 -1
  83. data/man/man8/puppet-parser.8 +1 -1
  84. data/man/man8/puppet-plugin.8 +1 -1
  85. data/man/man8/puppet-report.8 +1 -1
  86. data/man/man8/puppet-resource.8 +1 -1
  87. data/man/man8/puppet-script.8 +2 -2
  88. data/man/man8/puppet-ssl.8 +5 -1
  89. data/man/man8/puppet.8 +2 -2
  90. data/spec/fixtures/integration/application/agent/cached_deferred_catalog.json +91 -0
  91. data/spec/fixtures/unit/provider/user/aix/aix_passwd_file.out +4 -0
  92. data/spec/integration/application/agent_spec.rb +160 -3
  93. data/spec/integration/application/apply_spec.rb +19 -0
  94. data/spec/integration/application/plugin_spec.rb +1 -1
  95. data/spec/integration/defaults_spec.rb +0 -7
  96. data/spec/integration/http/client_spec.rb +12 -0
  97. data/spec/integration/indirector/direct_file_server_spec.rb +1 -3
  98. data/spec/integration/indirector/file_content/file_server_spec.rb +0 -2
  99. data/spec/integration/indirector/file_metadata/file_server_spec.rb +0 -2
  100. data/spec/integration/parser/collection_spec.rb +10 -0
  101. data/spec/integration/resource/type_collection_spec.rb +2 -6
  102. data/spec/integration/transaction_spec.rb +4 -9
  103. data/spec/integration/util/windows/adsi_spec.rb +21 -1
  104. data/spec/integration/util/windows/principal_spec.rb +21 -0
  105. data/spec/integration/util/windows/registry_spec.rb +6 -10
  106. data/spec/spec_helper.rb +1 -4
  107. data/spec/unit/agent_spec.rb +8 -6
  108. data/spec/unit/application/agent_spec.rb +0 -1
  109. data/spec/unit/application/facts_spec.rb +58 -7
  110. data/spec/unit/application/filebucket_spec.rb +0 -2
  111. data/spec/unit/application/ssl_spec.rb +23 -0
  112. data/spec/unit/application_spec.rb +51 -9
  113. data/spec/unit/confine/feature_spec.rb +1 -1
  114. data/spec/unit/confine_spec.rb +8 -2
  115. data/spec/unit/defaults_spec.rb +1 -56
  116. data/spec/unit/environments_spec.rb +221 -68
  117. data/spec/unit/face/node_spec.rb +14 -13
  118. data/spec/unit/file_serving/configuration/parser_spec.rb +8 -1
  119. data/spec/unit/file_serving/metadata_spec.rb +3 -3
  120. data/spec/unit/file_serving/terminus_helper_spec.rb +11 -4
  121. data/spec/unit/file_system_spec.rb +9 -0
  122. data/spec/unit/forge/module_release_spec.rb +2 -7
  123. data/spec/unit/http/factory_spec.rb +19 -0
  124. data/spec/unit/indirector/face_spec.rb +0 -1
  125. data/spec/unit/indirector/facts/facter_spec.rb +20 -5
  126. data/spec/unit/indirector/file_bucket_file/selector_spec.rb +26 -8
  127. data/spec/unit/indirector/indirection_spec.rb +8 -12
  128. data/spec/unit/indirector_spec.rb +2 -2
  129. data/spec/unit/module_tool/applications/installer_spec.rb +66 -0
  130. data/spec/unit/network/formats_spec.rb +41 -0
  131. data/spec/unit/network/http/api/indirected_routes_spec.rb +0 -4
  132. data/spec/unit/network/http/api/master_spec.rb +38 -0
  133. data/spec/unit/network/http/api/{master → server}/v3/environments_spec.rb +2 -2
  134. data/spec/unit/network/http/api/{master → server}/v3_spec.rb +19 -19
  135. data/spec/unit/network/http/api_spec.rb +11 -11
  136. data/spec/unit/parser/compiler_spec.rb +3 -19
  137. data/spec/unit/parser/resource_spec.rb +14 -8
  138. data/spec/unit/parser/templatewrapper_spec.rb +4 -3
  139. data/spec/unit/pops/evaluator/deferred_resolver_spec.rb +20 -0
  140. data/spec/unit/pops/parser/lexer2_spec.rb +0 -4
  141. data/spec/unit/pops/validator/validator_spec.rb +20 -43
  142. data/spec/unit/property_spec.rb +1 -0
  143. data/spec/unit/provider/group/groupadd_spec.rb +5 -2
  144. data/spec/unit/provider/nameservice_spec.rb +66 -65
  145. data/spec/unit/provider/package/apt_spec.rb +28 -23
  146. data/spec/unit/provider/package/aptitude_spec.rb +1 -1
  147. data/spec/unit/provider/package/base_spec.rb +6 -5
  148. data/spec/unit/provider/package/pacman_spec.rb +18 -12
  149. data/spec/unit/provider/package/pip_spec.rb +6 -11
  150. data/spec/unit/provider/package/pkgdmg_spec.rb +0 -4
  151. data/spec/unit/provider/user/aix_spec.rb +5 -0
  152. data/spec/unit/provider/user/hpux_spec.rb +1 -1
  153. data/spec/unit/provider/user/pw_spec.rb +2 -0
  154. data/spec/unit/provider/user/useradd_spec.rb +56 -3
  155. data/spec/unit/provider_spec.rb +6 -8
  156. data/spec/unit/resource/type_spec.rb +1 -1
  157. data/spec/unit/resource_spec.rb +11 -10
  158. data/spec/unit/settings_spec.rb +13 -6
  159. data/spec/unit/ssl/base_spec.rb +0 -1
  160. data/spec/unit/ssl/certificate_request_spec.rb +4 -10
  161. data/spec/unit/ssl/ssl_provider_spec.rb +5 -2
  162. data/spec/unit/transaction/additional_resource_generator_spec.rb +3 -7
  163. data/spec/unit/transaction/event_manager_spec.rb +14 -11
  164. data/spec/unit/transaction_spec.rb +13 -4
  165. data/spec/unit/type/file/content_spec.rb +0 -1
  166. data/spec/unit/type/file/selinux_spec.rb +0 -2
  167. data/spec/unit/type/file_spec.rb +0 -6
  168. data/spec/unit/type/group_spec.rb +13 -6
  169. data/spec/unit/type/resources_spec.rb +7 -7
  170. data/spec/unit/type/service_spec.rb +1 -1
  171. data/spec/unit/type/tidy_spec.rb +0 -1
  172. data/spec/unit/type_spec.rb +2 -2
  173. data/spec/unit/util/at_fork_spec.rb +2 -2
  174. data/spec/unit/util/autoload_spec.rb +5 -1
  175. data/spec/unit/util/backups_spec.rb +1 -2
  176. data/spec/unit/util/execution_spec.rb +15 -11
  177. data/spec/unit/util/inifile_spec.rb +6 -14
  178. data/spec/unit/util/log_spec.rb +8 -7
  179. data/spec/unit/util/logging_spec.rb +3 -3
  180. data/spec/unit/util/posix_spec.rb +363 -15
  181. data/spec/unit/util/selinux_spec.rb +76 -52
  182. data/spec/unit/util/storage_spec.rb +3 -1
  183. data/spec/unit/util/suidmanager_spec.rb +44 -41
  184. data/spec/unit/util/windows/sid_spec.rb +6 -0
  185. data/spec/unit/util_spec.rb +13 -6
  186. metadata +33 -16
  187. data/spec/lib/matchers/include.rb +0 -27
  188. data/spec/lib/matchers/include_spec.rb +0 -32
  189. data/spec/unit/pops/parser/parse_application_spec.rb +0 -13
  190. data/spec/unit/pops/parser/parse_capabilities_spec.rb +0 -23
  191. data/spec/unit/pops/parser/parse_site_spec.rb +0 -43
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9329aafa3ece7ad47eb0bc16f9e852fe84b7af220281aea339d058afd51b012b
4
- data.tar.gz: 5a62475b96aac33593df2ec4e6d8684df608569f91c890b24e977e123e413fe0
3
+ metadata.gz: fa9b7a15f4253ed60d5c63718410c36de96134febc6c940430b5c75ab30736b8
4
+ data.tar.gz: 61e7341398349d2a05d44e3ccc4f5da4557cd39ad7e1017e45a34a86392da5ff
5
5
  SHA512:
6
- metadata.gz: 0d4f22931a1f4c8d7389c984cedd1692ca332de31898077b57c30e299eaf6b6d9cccabe87a3683a541b3b90f5055d3bf2d0a6e47a350dbf6ffee36921a088bb6
7
- data.tar.gz: a2f1d1f5adae1d1238d3d66ed5be88bb1db449b66a94c7eebdd562741792a3dc0dc1e2accc9f54a358a29365d1fe33cac3a788b7d702630bec2f197175ba1df3
6
+ metadata.gz: 9d37fc99d52cce580328b84256b626c057c918a4d50b8bcd87b22df5f6ffe5170d6947a46930c432141311b4a9729b054dd56eb1951db7dc2fe577ee5b69fdaf
7
+ data.tar.gz: e0ba897dac6c1d742347c8081e99803b4fbaaef4568bdae8d49886528008ed63d8a544794bbcd6934313ef3135b026b57ddbc8d21a18149579586fc8842bf450
data/CODEOWNERS CHANGED
@@ -1,23 +1,9 @@
1
- # default to platform-core
2
- * @puppetlabs/platform-core @puppetlabs/puppetserver-maintainers
3
-
4
- # Night's Watch
5
- /lib/puppet/type/group @puppetlabs/night-s-watch
6
- /lib/puppet/type/package @puppetlabs/night-s-watch
7
- /lib/puppet/type/service @puppetlabs/night-s-watch
8
- /lib/puppet/type/user @puppetlabs/night-s-watch
9
- /lib/puppet/provider/group @puppetlabs/night-s-watch
10
- /lib/puppet/provider/package @puppetlabs/night-s-watch
11
- /lib/puppet/provider/service @puppetlabs/night-s-watch
12
- /lib/puppet/provider/user @puppetlabs/night-s-watch
1
+ # defaults
2
+ * @puppetlabs/platform-core @puppetlabs/puppetserver-maintainers @puppetlabs/night-s-watch
13
3
 
14
4
  # PAL
15
5
  /lib/puppet/pal @puppetlabs/bolt
16
6
 
17
- # puppet device
18
- /lib/puppet/application/device.rb @puppetlabs/networking
19
- /lib/puppet/util/network_device @puppetlabs/networking
20
-
21
7
  # puppet module
22
8
  /lib/puppet/application/module.rb @puppetlabs/pdk
23
9
  /lib/puppet/face/module @puppetlabs/pdk
data/Gemfile CHANGED
@@ -18,8 +18,6 @@ gem "hiera", *location_for(ENV['HIERA_LOCATION']) if ENV.has_key?('HIERA_LOCATIO
18
18
  gem "semantic_puppet", *location_for(ENV['SEMANTIC_PUPPET_LOCATION'] || ["~> 1.0"])
19
19
  gem "puppet-resource_api", *location_for(ENV['RESOURCE_API_LOCATION'] || ["~> 1.5"])
20
20
 
21
- gem "scanf" if RUBY_VERSION.to_f >= 2.7
22
-
23
21
  group(:features) do
24
22
  gem 'diff-lcs', '~> 1.3', require: false
25
23
  gem 'hiera-eyaml', *location_for(ENV['HIERA_EYAML_LOCATION'])
@@ -33,10 +31,11 @@ group(:features) do
33
31
  # gem 'ruby-augeas', require: false, platforms: [:ruby]
34
32
  # requires native ldap headers/libs
35
33
  # gem 'ruby-ldap', '~> 0.9', require: false, platforms: [:ruby]
36
- gem 'puppetserver-ca', '~> 1.1', require: false
34
+ gem 'puppetserver-ca', '~> 2.0', require: false
37
35
  end
38
36
 
39
37
  group(:test) do
38
+ gem "ffi", require: false
40
39
  gem "json-schema", "~> 2.0", require: false
41
40
  gem "rake", *location_for(ENV['RAKE_LOCATION'] || '~> 12.2')
42
41
  gem "rspec", "~> 3.1", require: false
data/Gemfile.lock CHANGED
@@ -1,7 +1,18 @@
1
+ GIT
2
+ remote: git://github.com/ciprianbadescu/packaging
3
+ revision: 5f8d2bda941abfeeb8fb1731c9b1dd4d108f5d33
4
+ branch: maint/windows-signing
5
+ specs:
6
+ packaging (0.99.49.171.g5f8d2bd)
7
+ artifactory (~> 2)
8
+ csv (= 3.1.5)
9
+ rake (>= 12.3)
10
+ release-metrics
11
+
1
12
  PATH
2
13
  remote: .
3
14
  specs:
4
- puppet (7.0.0)
15
+ puppet (7.5.0)
5
16
  CFPropertyList (~> 2.2)
6
17
  concurrent-ruby (~> 1.0)
7
18
  deep_merge (~> 1.0)
@@ -10,6 +21,7 @@ PATH
10
21
  hiera (>= 3.2.1, < 4)
11
22
  locale (~> 2.1)
12
23
  multi_json (~> 1.13)
24
+ scanf (~> 1.0)
13
25
  semantic_puppet (~> 1.0)
14
26
 
15
27
  GEM
@@ -19,18 +31,20 @@ GEM
19
31
  addressable (2.7.0)
20
32
  public_suffix (>= 2.0.2, < 5.0)
21
33
  artifactory (2.8.2)
22
- ast (2.4.1)
34
+ ast (2.4.2)
23
35
  coderay (1.1.3)
24
- concurrent-ruby (1.1.7)
25
- crack (0.4.4)
36
+ concurrent-ruby (1.1.8)
37
+ crack (0.4.5)
38
+ rexml
26
39
  csv (3.1.5)
27
40
  deep_merge (1.2.1)
28
41
  diff-lcs (1.4.4)
29
42
  docopt (0.6.1)
30
- facter (4.0.44)
43
+ facter (4.0.51)
31
44
  hocon (~> 1.3)
32
45
  thor (>= 1.0.1, < 2.0)
33
46
  fast_gettext (1.1.2)
47
+ ffi (1.15.0)
34
48
  gettext (3.2.9)
35
49
  locale (>= 2.0.5)
36
50
  text (>= 1.3.0)
@@ -40,48 +54,44 @@ GEM
40
54
  locale
41
55
  hashdiff (1.0.1)
42
56
  hiera (3.6.0)
43
- hiera-eyaml (3.2.0)
44
- highline (~> 1.6.19)
57
+ hiera-eyaml (3.2.1)
58
+ highline
45
59
  optimist
46
- highline (1.6.21)
60
+ highline (2.0.3)
47
61
  hocon (1.3.1)
48
62
  hpricot (0.8.6)
49
63
  json-schema (2.8.1)
50
64
  addressable (>= 2.4)
51
65
  locale (2.1.3)
52
- memory_profiler (0.9.14)
66
+ memory_profiler (1.0.0)
53
67
  method_source (1.0.0)
54
68
  minitar (0.9)
55
- msgpack (1.3.3)
69
+ msgpack (1.4.2)
56
70
  multi_json (1.15.0)
57
71
  mustache (1.1.1)
58
72
  optimist (3.0.1)
59
- packaging (0.99.73)
60
- artifactory (~> 2)
61
- csv (= 3.1.5)
62
- rake (>= 12.3)
63
- release-metrics
64
- parallel (1.20.0)
73
+ parallel (1.20.1)
65
74
  parser (2.7.2.0)
66
75
  ast (~> 2.4.1)
67
- powerpack (0.1.2)
68
- pry (0.13.1)
76
+ powerpack (0.1.3)
77
+ pry (0.14.0)
69
78
  coderay (~> 1.1)
70
79
  method_source (~> 1.0)
71
80
  public_suffix (4.0.6)
72
81
  puppet-resource_api (1.8.13)
73
82
  hocon (>= 1.0)
74
- puppetserver-ca (1.9.0)
83
+ puppetserver-ca (2.0.1)
75
84
  facter (>= 2.0.1, < 5)
76
85
  racc (1.4.9)
77
86
  rainbow (2.2.2)
78
87
  rake
79
88
  rake (12.3.3)
80
89
  rdiscount (2.2.0.2)
81
- rdoc (6.2.1)
90
+ rdoc (6.3.0)
82
91
  release-metrics (1.1.0)
83
92
  csv
84
93
  docopt
94
+ rexml (3.2.4)
85
95
  ronn (0.7.3)
86
96
  hpricot (>= 0.8.2)
87
97
  mustache (>= 0.7.0)
@@ -90,18 +100,18 @@ GEM
90
100
  rspec-core (~> 3.10.0)
91
101
  rspec-expectations (~> 3.10.0)
92
102
  rspec-mocks (~> 3.10.0)
93
- rspec-core (3.10.0)
103
+ rspec-core (3.10.1)
94
104
  rspec-support (~> 3.10.0)
95
- rspec-expectations (3.10.0)
105
+ rspec-expectations (3.10.1)
96
106
  diff-lcs (>= 1.2.0, < 2.0)
97
107
  rspec-support (~> 3.10.0)
98
108
  rspec-its (1.3.0)
99
109
  rspec-core (>= 3.0.0)
100
110
  rspec-expectations (>= 3.0.0)
101
- rspec-mocks (3.10.0)
111
+ rspec-mocks (3.10.2)
102
112
  diff-lcs (>= 1.2.0, < 2.0)
103
113
  rspec-support (~> 3.10.0)
104
- rspec-support (3.10.0)
114
+ rspec-support (3.10.2)
105
115
  rubocop (0.49.1)
106
116
  parallel (~> 1.10)
107
117
  parser (>= 2.3.3.1, < 3.0)
@@ -111,24 +121,26 @@ GEM
111
121
  unicode-display_width (~> 1.0, >= 1.0.1)
112
122
  rubocop-i18n (1.2.0)
113
123
  rubocop (~> 0.49.0)
114
- ruby-prof (1.4.2)
115
- ruby-progressbar (1.10.1)
116
- semantic_puppet (1.0.2)
124
+ ruby-prof (1.4.3)
125
+ ruby-progressbar (1.11.0)
126
+ scanf (1.0.0)
127
+ semantic_puppet (1.0.3)
117
128
  text (1.3.1)
118
- thor (1.0.1)
129
+ thor (1.1.0)
119
130
  unicode-display_width (1.7.0)
120
131
  vcr (5.1.0)
121
- webmock (3.10.0)
132
+ webmock (3.12.1)
122
133
  addressable (>= 2.3.6)
123
134
  crack (>= 0.3.2)
124
135
  hashdiff (>= 0.4.0, < 2.0.0)
125
- yard (0.9.25)
136
+ yard (0.9.26)
126
137
 
127
138
  PLATFORMS
128
139
  ruby
129
140
 
130
141
  DEPENDENCIES
131
142
  diff-lcs (~> 1.3)
143
+ ffi
132
144
  gettext-setup (~> 0.28)
133
145
  hiera-eyaml
134
146
  hocon (~> 1.0)
@@ -136,11 +148,11 @@ DEPENDENCIES
136
148
  memory_profiler
137
149
  minitar (~> 0.9)
138
150
  msgpack (~> 1.2)
139
- packaging (~> 0.99)
151
+ packaging!
140
152
  pry
141
153
  puppet!
142
154
  puppet-resource_api (~> 1.5)
143
- puppetserver-ca (~> 1.1)
155
+ puppetserver-ca (~> 2.0)
144
156
  racc (= 1.4.9)
145
157
  rake (~> 12.2)
146
158
  rdoc (~> 6.0)
@@ -157,4 +169,4 @@ DEPENDENCIES
157
169
  yard
158
170
 
159
171
  BUNDLED WITH
160
- 2.0.0
172
+ 1.17.3
@@ -1,6 +1,5 @@
1
1
  ---
2
2
  packager: 'puppetlabs'
3
- gpg_key: '7F438280EF8D349F'
4
3
 
5
4
  # These are the build targets used by the packaging repo. Uncomment to allow use.
6
5
  #final_mocks: 'pl-el-5-i386 pl-el-6-i386 pl-el-7-x86_64'
@@ -26,6 +26,7 @@ gem_runtime_dependencies:
26
26
  puppet-resource_api: '~>1.5'
27
27
  concurrent-ruby: '~> 1.0'
28
28
  deep_merge: '~> 1.0'
29
+ scanf: '~> 1.0'
29
30
  gem_rdoc_options:
30
31
  - --title
31
32
  - "Puppet - Configuration Management"
@@ -475,12 +475,16 @@ class Application
475
475
  def handle_logdest_arg(arg)
476
476
  return if arg.nil?
477
477
 
478
- begin
479
- Puppet[:logdest] = arg
480
- Puppet::Util::Log.newdestination(arg)
481
- options[:setdest] = true
482
- rescue => detail
483
- Puppet.log_and_raise(detail, _("Could not set logdest to %{dest}.") % { dest: arg })
478
+ logdest = arg.split(',').map!(&:strip)
479
+ Puppet[:logdest] = arg
480
+
481
+ logdest.each do |dest|
482
+ begin
483
+ Puppet::Util::Log.newdestination(dest)
484
+ options[:setdest] = true
485
+ rescue => detail
486
+ Puppet.log_and_raise(detail, _("Could not set logdest to %{dest}.") % { dest: arg })
487
+ end
484
488
  end
485
489
  end
486
490
 
@@ -267,6 +267,7 @@ generated by running puppet agent with '--genconfig'.
267
267
  service), 'eventlog' (the Windows Event Log), 'console', or the path to a log
268
268
  file. If debugging or verbosity is enabled, this defaults to 'console'.
269
269
  Otherwise, it defaults to 'syslog' on POSIX systems and 'eventlog' on Windows.
270
+ Multiple destinations can be set using a comma separated list (eg: `/path/file1,console,/path/file2`)"
270
271
 
271
272
  A path ending with '.json' will receive structured output in JSON format. The
272
273
  log file will not have an ending ']' automatically written to it due to the
@@ -113,6 +113,7 @@ configuration options by running puppet with
113
113
  Where to send log messages. Choose between 'syslog' (the POSIX syslog
114
114
  service), 'eventlog' (the Windows Event Log), 'console', or the path to a log
115
115
  file. Defaults to 'console'.
116
+ Multiple destinations can be set using a comma separated list (eg: `/path/file1,console,/path/file2`)"
116
117
 
117
118
  A path ending with '.json' will receive structured output in JSON format. The
118
119
  log file will not have an ending ']' automatically written to it due to the
@@ -236,7 +237,7 @@ Copyright (c) 2011 Puppet Inc., LLC Licensed under the Apache 2.0 License
236
237
  end
237
238
 
238
239
  # Resolve all deferred values and replace them / mutate the catalog
239
- Puppet::Pops::Evaluator::DeferredResolver.resolve_and_replace(node.facts, catalog)
240
+ Puppet::Pops::Evaluator::DeferredResolver.resolve_and_replace(node.facts, catalog, apply_environment)
240
241
 
241
242
  # Translate it to a RAL catalog
242
243
  catalog = catalog.to_ral
@@ -330,7 +331,7 @@ Copyright (c) 2011 Puppet Inc., LLC Licensed under the Apache 2.0 License
330
331
  raise Puppet::Error, _("Could not deserialize catalog from %{format}: %{detail}") % { format: format, detail: detail }, detail.backtrace
331
332
  end
332
333
  # Resolve all deferred values and replace them / mutate the catalog
333
- Puppet::Pops::Evaluator::DeferredResolver.resolve_and_replace(node.facts, catalog)
334
+ Puppet::Pops::Evaluator::DeferredResolver.resolve_and_replace(node.facts, catalog, configured_environment)
334
335
 
335
336
  catalog.to_ral
336
337
  end
@@ -155,6 +155,7 @@ you can specify '--server <servername>' as an argument.
155
155
  Where to send log messages. Choose between 'syslog' (the POSIX syslog
156
156
  service), 'console', or the path to a log file. If debugging or verbosity is
157
157
  enabled, this defaults to 'console'. Otherwise, it defaults to 'syslog'.
158
+ Multiple destinations can be set using a comma separated list (eg: `/path/file1,console,/path/file2`)"
158
159
 
159
160
  A path ending with '.json' will receive structured output in JSON format. The
160
161
  log file will not have an ending ']' automatically written to it due to the
@@ -71,6 +71,7 @@ configuration options can also be generated by running puppet with
71
71
  Where to send log messages. Choose between 'syslog' (the POSIX syslog
72
72
  service), 'eventlog' (the Windows Event Log), 'console', or the path to a log
73
73
  file. Defaults to 'console'.
74
+ Multiple destinations can be set using a comma separated list (eg: `/path/file1,console,/path/file2`)"
74
75
 
75
76
  A path ending with '.json' will receive structured output in JSON format. The
76
77
  log file will not have an ending ']' automatically written to it due to the
@@ -74,6 +74,9 @@ ACTIONS
74
74
  `--localca` is specified, then also remove this host's local copy of the
75
75
  CA certificate(s) and CRL bundle. if `--target CERTNAME` is specified, then
76
76
  remove the files for the specified device on this host instead of this host.
77
+
78
+ * show:
79
+ Print the full-text version of this host's certificate.
77
80
  HELP
78
81
  end
79
82
 
@@ -142,11 +145,19 @@ HELP
142
145
  end
143
146
  @machine.ensure_client_certificate
144
147
  Puppet.notice(_("Completed SSL initialization"))
148
+ when 'show'
149
+ show(certname)
145
150
  else
146
151
  raise Puppet::Error, _("Unknown action '%{action}'") % { action: action }
147
152
  end
148
153
  end
149
154
 
155
+ def show(certname)
156
+ password = @cert_provider.load_private_key_password
157
+ ssl_context = @ssl_provider.load_context(certname: certname, password: password)
158
+ puts ssl_context.client_cert.to_text
159
+ end
160
+
150
161
  def submit_request(ssl_context)
151
162
  key = @cert_provider.load_private_key(Puppet[:certname])
152
163
  unless key
@@ -53,6 +53,13 @@ module Puppet
53
53
  route_file = Puppet[:route_file]
54
54
  if Puppet::FileSystem.exist?(route_file)
55
55
  routes = Puppet::Util::Yaml.safe_load_file(route_file, [Symbol])
56
+ if routes["server"] && routes["master"]
57
+ Puppet.warning("Route file #{route_file} contains both server and master route settings.")
58
+ elsif routes["server"] && !routes["master"]
59
+ routes["master"] = routes["server"]
60
+ elsif routes["master"] && !routes["server"]
61
+ routes["server"] = routes["master"]
62
+ end
56
63
  application_routes = routes[application_name]
57
64
  Puppet::Indirector.configure_routes(application_routes) if application_routes
58
65
  end
@@ -112,7 +112,7 @@ class Puppet::Configurer
112
112
  catalog_conversion_time = thinmark do
113
113
  # Will mutate the result and replace all Deferred values with resolved values
114
114
  if facts
115
- Puppet::Pops::Evaluator::DeferredResolver.resolve_and_replace(facts, result)
115
+ Puppet::Pops::Evaluator::DeferredResolver.resolve_and_replace(facts, result, Puppet.lookup(:current_environment))
116
116
  end
117
117
 
118
118
  catalog = result.to_ral
@@ -395,16 +395,29 @@ class Puppet::Configurer
395
395
  if !cached_catalog && options[:catalog]
396
396
  ral_catalog = options[:catalog]
397
397
  else
398
+ # Ordering here matters. We have to resolve deferred resources in the
399
+ # resource catalog, convert the resource catalog to a RAL catalog (which
400
+ # triggers type/provider validation), and only if that is successful,
401
+ # should we cache the *original* resource catalog. However, deferred
402
+ # evaluation mutates the resource catalog, so we need to make a copy of
403
+ # it here. If PUP-9323 is ever implemented so that we resolve deferred
404
+ # resources in the RAL catalog as they are needed, then we could eliminate
405
+ # this step.
406
+ catalog_to_cache = Puppet.override(:rich_data => Puppet[:rich_data]) do
407
+ Puppet::Resource::Catalog.from_data_hash(catalog.to_data_hash)
408
+ end
409
+
398
410
  # REMIND @duration is the time spent loading the last catalog, and doesn't
399
411
  # account for things like we failed to download and fell back to the cache
400
412
  ral_catalog = convert_catalog(catalog, @duration, facts, options)
401
413
 
402
- # If not noop, commit the cached resource catalog (not ral catalog). Ideally
414
+ # Validation succeeded, so commit the `catalog_to_cache` for non-noop runs. Don't
415
+ # commit `catalog` since it contains the result of deferred evaluation. Ideally
403
416
  # we'd just copy the downloaded response body, instead of serializing the
404
417
  # in-memory catalog, but that's hard due to the indirector.
405
418
  indirection = Puppet::Resource::Catalog.indirection
406
419
  if !Puppet[:noop] && indirection.cache?
407
- request = indirection.request(:save, nil, catalog, environment: Puppet::Node::Environment.remote(catalog.environment))
420
+ request = indirection.request(:save, nil, catalog_to_cache, environment: Puppet::Node::Environment.remote(catalog_to_cache.environment))
408
421
  Puppet.info("Caching catalog for #{request.key}")
409
422
  indirection.cache.save(request)
410
423
  end
@@ -32,20 +32,6 @@ module Puppet
32
32
  %w[sha256 sha256lite sha384 sha512 sha224 sha1 sha1lite md5 md5lite mtime ctime]
33
33
  end
34
34
 
35
- def self.log_ca_migration_warning
36
- urge_to_migrate = <<-UTM
37
- The cadir is currently configured to be inside the #{Puppet[:ssldir]} directory. This config
38
- setting and the directory location will not be used in a future version of puppet. Please run the
39
- puppetserver ca tool to migrate out from the puppet confdir to the /etc/puppetlabs/puppetserver/ca
40
- directory. Use `puppetserver ca migrate --help` for more info.
41
- UTM
42
- Puppet.warn_once('deprecations',
43
- 'CA migration message',
44
- urge_to_migrate,
45
- :default,
46
- :default)
47
- end
48
-
49
35
  def self.default_cadir
50
36
  return "" if Puppet::Util::Platform.windows?
51
37
  old_ca_dir = "#{Puppet[:ssldir]}/ca"
@@ -53,13 +39,8 @@ UTM
53
39
 
54
40
  if File.exist?(old_ca_dir)
55
41
  if File.symlink?(old_ca_dir)
56
- target = File.readlink(old_ca_dir)
57
- if target.start_with?(Puppet[:ssldir])
58
- Puppet.log_ca_migration_warning
59
- end
60
- target
42
+ File.readlink(old_ca_dir)
61
43
  else
62
- Puppet.log_ca_migration_warning
63
44
  old_ca_dir
64
45
  end
65
46
  else
@@ -1052,6 +1033,14 @@ EOT
1052
1033
  certificate revocation checking and does not attempt to download the CRL.
1053
1034
  EOT
1054
1035
  },
1036
+ :ciphers => {
1037
+ :default => 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256',
1038
+ :type => :string,
1039
+ :desc => "The list of ciphersuites for TLS connections initiated by puppet. The
1040
+ default value is chosen to support TLS 1.0 and up, but can be made
1041
+ more restrictive if needed. The ciphersuites must be specified in OpenSSL
1042
+ format, not IANA."
1043
+ },
1055
1044
  :key_type => {
1056
1045
  :default => 'rsa',
1057
1046
  :type => :enum,
@@ -1095,7 +1084,7 @@ EOT
1095
1084
  :type => :string,
1096
1085
  :desc => "Where to send log messages. Choose between 'syslog' (the POSIX syslog
1097
1086
  service), 'eventlog' (the Windows Event Log), 'console', or the path to a log
1098
- file."
1087
+ file. Multiple destinations can be set using a comma separated list (eg: `/path/file1,console,/path/file2`)"
1099
1088
  # Sure would be nice to set the Puppet::Util::Log destination here in an :on_initialize_and_write hook,
1100
1089
  # unfortunately we have a large number of tests that rely on the logging not resetting itself when the
1101
1090
  # settings are initialized as they test what gets logged during settings initialization.
@@ -1112,13 +1101,6 @@ EOT
1112
1101
  :default => lambda { default_cadir },
1113
1102
  :type => :directory,
1114
1103
  :desc => "The root directory for the certificate authority.",
1115
- :call_hook => :on_initialize_and_write,
1116
- :hook => proc do |value|
1117
- if value.start_with?(Puppet[:ssldir])
1118
- Puppet.log_ca_migration_warning
1119
- end
1120
- value
1121
- end
1122
1104
  },
1123
1105
  :cacert => {
1124
1106
  :default => "$cadir/ca_crt.pem",
@@ -1345,25 +1327,16 @@ EOT
1345
1327
  by `puppet`, and should only be set if you're writing your own Puppet
1346
1328
  executable.",
1347
1329
  },
1348
- :serverport => {
1330
+ :masterport => {
1349
1331
  :default => 8140,
1350
1332
  :type => :port,
1351
1333
  :desc => "The default port puppet subcommands use to communicate
1352
1334
  with Puppet Server. (eg `puppet facts upload`, `puppet agent`). May be
1353
1335
  overridden by more specific settings (see `ca_port`, `report_port`).",
1354
- :hook => proc do |value|
1355
- Puppet[:masterport] = value unless Puppet.settings.set_by_config?(:masterport)
1356
- end
1357
1336
  },
1358
- :masterport => {
1359
- :default => "$serverport",
1360
- :type => :port,
1361
- :desc => "The default port puppet subcommands use to communicate
1362
- with Puppet Server. (eg `puppet facts upload`, `puppet agent`). May be
1363
- overridden by more specific settings (see `ca_port`, `report_port`).",
1364
- :hook => proc do |value|
1365
- Puppet[:serverport] = value unless Puppet.settings.set_by_config?(:serverport)
1366
- end
1337
+ :serverport => {
1338
+ :type => :alias,
1339
+ :alias_for => :masterport
1367
1340
  },
1368
1341
  :bucketdir => {
1369
1342
  :default => "$vardir/bucket",