puppet 7.16.0-x64-mingw32 → 7.19.0-x64-mingw32

Sign up to get free protection for your applications and to get access to all the features.
Files changed (84) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +76 -15
  3. data/ext/systemd/puppet.service +2 -1
  4. data/lib/puppet/agent.rb +47 -11
  5. data/lib/puppet/application/agent.rb +3 -13
  6. data/lib/puppet/application/apply.rb +2 -2
  7. data/lib/puppet/configurer.rb +1 -1
  8. data/lib/puppet/defaults.rb +11 -1
  9. data/lib/puppet/face/help.rb +1 -1
  10. data/lib/puppet/face/module/list.rb +16 -7
  11. data/lib/puppet/functions/capitalize.rb +1 -1
  12. data/lib/puppet/generate/type.rb +1 -1
  13. data/lib/puppet/http/client.rb +22 -2
  14. data/lib/puppet/info_service/task_information_service.rb +1 -1
  15. data/lib/puppet/module/task.rb +5 -1
  16. data/lib/puppet/parameter.rb +19 -4
  17. data/lib/puppet/parser/templatewrapper.rb +1 -1
  18. data/lib/puppet/pops/evaluator/deferred_resolver.rb +46 -6
  19. data/lib/puppet/pops/functions/dispatcher.rb +10 -6
  20. data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +7 -6
  21. data/lib/puppet/pops/types/type_mismatch_describer.rb +22 -1
  22. data/lib/puppet/provider/package/puppetserver_gem.rb +7 -16
  23. data/lib/puppet/provider/package/yum.rb +8 -3
  24. data/lib/puppet/provider/user/directoryservice.rb +15 -8
  25. data/lib/puppet/reference/configuration.rb +2 -0
  26. data/lib/puppet/ssl/ssl_provider.rb +65 -12
  27. data/lib/puppet/ssl/state_machine.rb +13 -17
  28. data/lib/puppet/transaction.rb +22 -0
  29. data/lib/puppet/type/tidy.rb +1 -1
  30. data/lib/puppet/type/user.rb +3 -0
  31. data/lib/puppet/type.rb +20 -3
  32. data/lib/puppet/util/json.rb +5 -2
  33. data/lib/puppet/util/resource_template.rb +1 -1
  34. data/lib/puppet/util/selinux.rb +1 -1
  35. data/lib/puppet/util.rb +12 -1
  36. data/lib/puppet/version.rb +1 -1
  37. data/lib/puppet.rb +1 -14
  38. data/man/man5/puppet.conf.5 +12 -4
  39. data/man/man8/puppet-agent.8 +2 -2
  40. data/man/man8/puppet-apply.8 +1 -1
  41. data/man/man8/puppet-catalog.8 +1 -1
  42. data/man/man8/puppet-config.8 +1 -1
  43. data/man/man8/puppet-describe.8 +1 -1
  44. data/man/man8/puppet-device.8 +1 -1
  45. data/man/man8/puppet-doc.8 +1 -1
  46. data/man/man8/puppet-epp.8 +1 -1
  47. data/man/man8/puppet-facts.8 +1 -1
  48. data/man/man8/puppet-filebucket.8 +1 -1
  49. data/man/man8/puppet-generate.8 +1 -1
  50. data/man/man8/puppet-help.8 +1 -1
  51. data/man/man8/puppet-lookup.8 +1 -1
  52. data/man/man8/puppet-module.8 +1 -1
  53. data/man/man8/puppet-node.8 +1 -1
  54. data/man/man8/puppet-parser.8 +1 -1
  55. data/man/man8/puppet-plugin.8 +1 -1
  56. data/man/man8/puppet-report.8 +1 -1
  57. data/man/man8/puppet-resource.8 +1 -1
  58. data/man/man8/puppet-script.8 +1 -1
  59. data/man/man8/puppet-ssl.8 +1 -1
  60. data/man/man8/puppet.8 +2 -2
  61. data/spec/integration/application/agent_spec.rb +157 -0
  62. data/spec/integration/application/apply_spec.rb +74 -0
  63. data/spec/integration/http/client_spec.rb +27 -10
  64. data/spec/lib/puppet_spec/https.rb +1 -1
  65. data/spec/lib/puppet_spec/puppetserver.rb +39 -2
  66. data/spec/unit/agent_spec.rb +28 -2
  67. data/spec/unit/application/agent_spec.rb +26 -16
  68. data/spec/unit/daemon_spec.rb +2 -11
  69. data/spec/unit/face/module/list_spec.rb +26 -0
  70. data/spec/unit/http/client_spec.rb +18 -0
  71. data/spec/unit/info_service_spec.rb +11 -3
  72. data/spec/unit/pops/evaluator/deferred_resolver_spec.rb +26 -0
  73. data/spec/unit/pops/loaders/loaders_spec.rb +1 -1
  74. data/spec/unit/pops/types/type_mismatch_describer_spec.rb +167 -1
  75. data/spec/unit/provider/package/puppetserver_gem_spec.rb +2 -2
  76. data/spec/unit/provider/user/directoryservice_spec.rb +1 -1
  77. data/spec/unit/ssl/ssl_provider_spec.rb +75 -1
  78. data/spec/unit/ssl/state_machine_spec.rb +1 -0
  79. data/spec/unit/task_spec.rb +56 -13
  80. data/spec/unit/util/resource_template_spec.rb +1 -1
  81. data/spec/unit/util/selinux_spec.rb +5 -0
  82. data/spec/unit/util_spec.rb +11 -1
  83. data/tasks/generate_cert_fixtures.rake +5 -4
  84. metadata +2 -2
data/lib/puppet/util.rb CHANGED
@@ -34,6 +34,17 @@ module Util
34
34
  end
35
35
  module_function :default_env
36
36
 
37
+ if RUBY_VERSION >= "2.6"
38
+ def create_erb(content)
39
+ ERB.new(content, trim_mode: '-')
40
+ end
41
+ else
42
+ def create_erb(content)
43
+ ERB.new(content, 0, '-')
44
+ end
45
+ end
46
+ module_function :create_erb
47
+
37
48
  # @param name [String] The name of the environment variable to retrieve
38
49
  # @param mode [Symbol] Which operating system mode to use e.g. :posix or :windows. Use nil to autodetect
39
50
  # @return [String] Value of the specified environment variable. nil if it does not exist
@@ -530,7 +541,7 @@ module Util
530
541
  IO::new(f.to_i).close rescue nil
531
542
  end
532
543
  end
533
- rescue Errno::ENOENT # /proc/self/fd not found
544
+ rescue Errno::ENOENT, Errno::ENOTDIR # /proc/self/fd not found, /proc/self not a dir
534
545
  3.upto(256){|fd| IO::new(fd).close rescue nil}
535
546
  end
536
547
 
@@ -6,7 +6,7 @@
6
6
  # Raketasks and such to set the version based on the output of `git describe`
7
7
 
8
8
  module Puppet
9
- PUPPETVERSION = '7.16.0'
9
+ PUPPETVERSION = '7.19.0'
10
10
 
11
11
  ##
12
12
  # version is a public API method intended to always provide a fast and
data/lib/puppet.rb CHANGED
@@ -235,20 +235,7 @@ module Puppet
235
235
 
236
236
  {
237
237
  :environments => Puppet::Environments::Cached.new(Puppet::Environments::Combined.new(*loaders)),
238
- :ssl_context => proc {
239
- begin
240
- cert = Puppet::X509::CertProvider.new
241
- password = cert.load_private_key_password
242
- ssl = Puppet::SSL::SSLProvider.new
243
- ssl.load_context(certname: Puppet[:certname], password: password)
244
- rescue => e
245
- # TRANSLATORS: `message` is an already translated string of why SSL failed to initialize
246
- Puppet.log_exception(e, _("Failed to initialize SSL: %{message}") % { message: e.message })
247
- # TRANSLATORS: `puppet agent -t` is a command and should not be translated
248
- Puppet.err(_("Run `puppet agent -t`"))
249
- raise e
250
- end
251
- },
238
+ :ssl_context => proc { Puppet.runtime[:http].default_ssl_context },
252
239
  :http_session => proc { Puppet.runtime[:http].create_session },
253
240
  :plugins => proc { Puppet::Plugins::Configuration.load_plugins },
254
241
  :rich_data => false
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPETCONF" "5" "March 2022" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPETCONF" "5" "September 2022" "Puppet, Inc." "Puppet manual"
5
5
  \fBThis page is autogenerated; any changes will get overwritten\fR
6
6
  .
7
7
  .SH "Configuration settings"
@@ -929,7 +929,7 @@ The time to wait for data to be read from an HTTP connection\. If nothing is rea
929
929
  The HTTP User\-Agent string to send when making network requests\.
930
930
  .
931
931
  .IP "\(bu" 4
932
- \fIDefault\fR: \fBPuppet/7\.16\.0 Ruby/2\.7\.5\-p203 (x86_64\-linux)\fR
932
+ \fIDefault\fR: \fBPuppet/7\.19\.0 Ruby/2\.7\.5\-p203 (x86_64\-linux)\fR
933
933
  .
934
934
  .IP "" 0
935
935
  .
@@ -1486,6 +1486,14 @@ The preferred means of serializing ruby instances for passing over the wire\. Th
1486
1486
  .
1487
1487
  .IP "" 0
1488
1488
  .
1489
+ .SS "preprocess_deferred"
1490
+ Whether puppet should call deferred functions before applying the catalog\. If set to \fBtrue\fR, then all prerequisites needed for the deferred function must be satified prior to puppet running\. If set to \fBfalse\fR, then deferred functions will follow puppet relationships and ordering\. This allows puppet to install prerequisites needed for a deferred function and call the deferred function in the same run\.
1491
+ .
1492
+ .IP "\(bu" 4
1493
+ \fIDefault\fR: \fBtrue\fR
1494
+ .
1495
+ .IP "" 0
1496
+ .
1489
1497
  .SS "prerun_command"
1490
1498
  A command to run before every agent run\. If this command returns a non\-zero return code, the entire Puppet run will fail\.
1491
1499
  .
@@ -1800,7 +1808,7 @@ The maximum time to delay before an agent\'s first run when \fBsplay\fR is enabl
1800
1808
  The domain which will be queried to find the SRV records of servers to use\.
1801
1809
  .
1802
1810
  .IP "\(bu" 4
1803
- \fIDefault\fR: \fBci\-jenkins\-setup\-platform\.svc\.cluster\.local\fR
1811
+ \fIDefault\fR: \fBexample\.com\fR
1804
1812
  .
1805
1813
  .IP "" 0
1806
1814
  .
@@ -2000,7 +2008,7 @@ Whether to print stack traces on some errors\. Will print internal Ruby stack tr
2000
2008
  .IP "" 0
2001
2009
  .
2002
2010
  .SS "transactionstorefile"
2003
- Transactional storage file for persisting data between transactions for the purposes of infering information (such as corrective_change) on new data received\.
2011
+ Transactional storage file for persisting data between transactions for the purposes of inferring information (such as corrective_change) on new data received\.
2004
2012
  .
2005
2013
  .IP "\(bu" 4
2006
2014
  \fIDefault\fR: \fB$statedir/transactionstore\.yaml\fR
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-AGENT" "8" "March 2022" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-AGENT" "8" "September 2022" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-agent\fR \- The puppet agent daemon
@@ -51,7 +51,7 @@ Some flags are meant specifically for interactive use \-\-\- in particular, \'te
51
51
  \'\-\-tags\' allows you to specify what portions of a configuration you want to apply\. Puppet elements are tagged with all of the class or definition names that contain them, and you can use the \'tags\' flag to specify one of these names, causing only configuration elements contained within that class or definition to be applied\. This is very useful when you are testing new configurations \-\-\- for instance, if you are just starting to manage \'ntpd\', you would put all of the new elements into an \'ntpd\' class, and call puppet with \'\-\-tags ntpd\', which would only apply that small portion of the configuration during your testing, rather than applying the whole thing\.
52
52
  .
53
53
  .P
54
- \'\-\-fingerprint\' is a one\-time flag\. In this mode \'puppet agent\' runs once and displays on the console (and in the log) the current certificate (or certificate request) fingerprint\. Providing the \'\-\-digest\' option allows to use a different digest algorithm to generate the fingerprint\. The main use is to verify that before signing a certificate request on the master, the certificate request the master received is the same as the one the client sent (to prevent against man\-in\-the\-middle attacks when signing certificates)\.
54
+ \'\-\-fingerprint\' is a one\-time flag\. In this mode \'puppet agent\' runs once and displays on the console (and in the log) the current certificate (or certificate request) fingerprint\. Providing the \'\-\-digest\' option allows you to use a different digest algorithm to generate the fingerprint\. The main use is to verify that before signing a certificate request on the master, the certificate request the master received is the same as the one the client sent (to prevent against man\-in\-the\-middle attacks when signing certificates)\.
55
55
  .
56
56
  .P
57
57
  \'\-\-skip_tags\' is a flag used to filter resources\. If this is set, then only resources not tagged with the specified tags will be applied\. Values must be comma\-separated\.
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-APPLY" "8" "March 2022" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-APPLY" "8" "September 2022" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-apply\fR \- Apply Puppet manifests locally
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-CATALOG" "8" "March 2022" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-CATALOG" "8" "September 2022" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-catalog\fR \- Compile, save, view, and convert catalogs\.
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-CONFIG" "8" "March 2022" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-CONFIG" "8" "September 2022" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-config\fR \- Interact with Puppet\'s settings\.
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-DESCRIBE" "8" "March 2022" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-DESCRIBE" "8" "September 2022" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-describe\fR \- Display help about resource types
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-DEVICE" "8" "March 2022" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-DEVICE" "8" "September 2022" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-device\fR \- Manage remote network devices
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-DOC" "8" "March 2022" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-DOC" "8" "September 2022" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-doc\fR \- Generate Puppet references
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-EPP" "8" "March 2022" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-EPP" "8" "September 2022" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-epp\fR \- Interact directly with the EPP template parser/renderer\.
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-FACTS" "8" "March 2022" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-FACTS" "8" "September 2022" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-facts\fR \- Retrieve and store facts\.
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-FILEBUCKET" "8" "March 2022" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-FILEBUCKET" "8" "September 2022" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-filebucket\fR \- Store and retrieve files in a filebucket
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-GENERATE" "8" "March 2022" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-GENERATE" "8" "September 2022" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-generate\fR \- Generates Puppet code from Ruby definitions\.
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-HELP" "8" "March 2022" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-HELP" "8" "September 2022" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-help\fR \- Display Puppet help\.
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-LOOKUP" "8" "March 2022" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-LOOKUP" "8" "September 2022" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-lookup\fR \- Interactive Hiera lookup
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-MODULE" "8" "March 2022" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-MODULE" "8" "September 2022" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-module\fR \- Creates, installs and searches for modules on the Puppet Forge\.
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-NODE" "8" "March 2022" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-NODE" "8" "September 2022" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-node\fR \- View and manage node definitions\.
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-PARSER" "8" "March 2022" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-PARSER" "8" "September 2022" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-parser\fR \- Interact directly with the parser\.
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-PLUGIN" "8" "March 2022" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-PLUGIN" "8" "September 2022" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-plugin\fR \- Interact with the Puppet plugin system\.
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-REPORT" "8" "March 2022" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-REPORT" "8" "September 2022" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-report\fR \- Create, display, and submit reports\.
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-RESOURCE" "8" "March 2022" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-RESOURCE" "8" "September 2022" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-resource\fR \- The resource abstraction layer shell
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-SCRIPT" "8" "March 2022" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-SCRIPT" "8" "September 2022" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-script\fR \- Run a puppet manifests as a script without compiling a catalog
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-SSL" "8" "March 2022" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET\-SSL" "8" "September 2022" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-ssl\fR \- Manage SSL keys and certificates for puppet SSL clients
data/man/man8/puppet.8 CHANGED
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET" "8" "March 2022" "Puppet, Inc." "Puppet manual"
4
+ .TH "PUPPET" "8" "September 2022" "Puppet, Inc." "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\fR
@@ -25,4 +25,4 @@ Specialized:
25
25
  catalog Compile, save, view, and convert catalogs\. describe Display help about resource types device Manage remote network devices doc Generate Puppet references epp Interact directly with the EPP template parser/renderer\. facts Retrieve and store facts\. filebucket Store and retrieve files in a filebucket generate Generates Puppet code from Ruby definitions\. node View and manage node definitions\. parser Interact directly with the parser\. plugin Interact with the Puppet plugin system\. script Run a puppet manifests as a script without compiling a catalog ssl Manage SSL keys and certificates for puppet SSL clients
26
26
  .
27
27
  .P
28
- See \'puppet help \fIsubcommand\fR \fIaction\fR\' for help on a specific subcommand action\. See \'puppet help \fIsubcommand\fR\' for help on a specific subcommand\. Puppet v7\.16\.0
28
+ See \'puppet help \fIsubcommand\fR \fIaction\fR\' for help on a specific subcommand action\. See \'puppet help \fIsubcommand\fR\' for help on a specific subcommand\. Puppet v7\.19\.0
@@ -3,6 +3,7 @@ require 'puppet_spec/files'
3
3
  require 'puppet_spec/puppetserver'
4
4
  require 'puppet_spec/compiler'
5
5
  require 'puppet_spec/https'
6
+ require 'puppet/application/agent'
6
7
 
7
8
  describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
8
9
  include PuppetSpec::Files
@@ -97,6 +98,18 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
97
98
  end
98
99
 
99
100
  context 'rich data' do
101
+ let(:deferred_file) { tmpfile('deferred') }
102
+ let(:deferred_manifest) do <<~END
103
+ file { '#{deferred_file}':
104
+ ensure => file,
105
+ content => '123',
106
+ } ->
107
+ notify { 'deferred':
108
+ message => Deferred('binary_file', ['#{deferred_file}'])
109
+ }
110
+ END
111
+ end
112
+
100
113
  it "calls a deferred 4x function" do
101
114
  catalog_handler = -> (req, res) {
102
115
  catalog = compile_to_catalog(<<-MANIFEST, node)
@@ -141,6 +154,43 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
141
154
  end
142
155
  end
143
156
 
157
+ it "fails to apply a deferred function with an unsatified prerequisite" do
158
+ catalog_handler = -> (req, res) {
159
+ catalog = compile_to_catalog(deferred_manifest, node)
160
+ res.body = formatter.render(catalog)
161
+ res['Content-Type'] = formatter.mime
162
+ }
163
+
164
+ server.start_server(mounts: {catalog: catalog_handler}) do |port|
165
+ Puppet[:serverport] = port
166
+ expect {
167
+ agent.command_line.args << '--test'
168
+ agent.run
169
+ }.to exit_with(1)
170
+ .and output(%r{Using environment}).to_stdout
171
+ .and output(%r{The given file '#{deferred_file}' does not exist}).to_stderr
172
+ end
173
+ end
174
+
175
+ it "applies a deferred function and its prerequisite in the same run" do
176
+ Puppet[:preprocess_deferred] = false
177
+
178
+ catalog_handler = -> (req, res) {
179
+ catalog = compile_to_catalog(deferred_manifest, node)
180
+ res.body = formatter.render(catalog)
181
+ res['Content-Type'] = formatter.mime
182
+ }
183
+
184
+ server.start_server(mounts: {catalog: catalog_handler}) do |port|
185
+ Puppet[:serverport] = port
186
+ expect {
187
+ agent.command_line.args << '--test'
188
+ agent.run
189
+ }.to exit_with(2)
190
+ .and output(%r{defined 'message' as Binary\("MTIz"\)}).to_stdout
191
+ end
192
+ end
193
+
144
194
  it "re-evaluates a deferred function in a cached catalog" do
145
195
  Puppet[:report] = false
146
196
  Puppet[:use_cached_catalog] = true
@@ -740,4 +790,111 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
740
790
  end
741
791
  end
742
792
  end
793
+
794
+ context "ssl" do
795
+ context "bootstrapping" do
796
+ before :each do
797
+ # reconfigure ssl to non-existent dir and files to force bootstrapping
798
+ dir = tmpdir('ssl')
799
+ Puppet[:ssldir] = dir
800
+ Puppet[:localcacert] = File.join(dir, 'ca.pem')
801
+ Puppet[:hostcrl] = File.join(dir, 'crl.pem')
802
+ Puppet[:hostprivkey] = File.join(dir, 'cert.pem')
803
+ Puppet[:hostcert] = File.join(dir, 'key.pem')
804
+
805
+ Puppet[:daemonize] = false
806
+ Puppet[:logdest] = 'console'
807
+ Puppet[:log_level] = 'info'
808
+ end
809
+
810
+ it "exits if the agent is not allowed to wait" do
811
+ Puppet[:waitforcert] = 0
812
+
813
+ server.start_server do |port|
814
+ Puppet[:serverport] = port
815
+ expect {
816
+ agent.run
817
+ }.to exit_with(1)
818
+ .and output(%r{Exiting now because the waitforcert setting is set to 0}).to_stdout
819
+ .and output(%r{Failed to submit the CSR, HTTP response was 404}).to_stderr
820
+ end
821
+ end
822
+
823
+ it "exits if the maxwaitforcert time is exceeded" do
824
+ Puppet[:waitforcert] = 1
825
+ Puppet[:maxwaitforcert] = 1
826
+
827
+ server.start_server do |port|
828
+ Puppet[:serverport] = port
829
+ expect {
830
+ agent.run
831
+ }.to exit_with(1)
832
+ .and output(%r{Couldn't fetch certificate from CA server; you might still need to sign this agent's certificate \(127.0.0.1\). Exiting now because the maxwaitforcert timeout has been exceeded.}).to_stdout
833
+ .and output(%r{Failed to submit the CSR, HTTP response was 404}).to_stderr
834
+ end
835
+ end
836
+ end
837
+
838
+ def copy_fixtures(sources, dest)
839
+ ssldir = File.join(PuppetSpec::FIXTURE_DIR, 'ssl')
840
+ File.open(dest, 'w') do |f|
841
+ sources.each do |s|
842
+ f.write(File.read(File.join(ssldir, s)))
843
+ end
844
+ end
845
+ end
846
+
847
+ it "reloads the CRL between runs" do
848
+ Puppet[:localcacert] = ca = tmpfile('ca')
849
+ Puppet[:hostcrl] = crl = tmpfile('crl')
850
+ Puppet[:hostcert] = cert = tmpfile('cert')
851
+ Puppet[:hostprivkey] = key = tmpfile('key')
852
+
853
+ copy_fixtures(%w[ca.pem intermediate.pem], ca)
854
+ copy_fixtures(%w[crl.pem intermediate-crl.pem], crl)
855
+ copy_fixtures(%w[127.0.0.1.pem], cert)
856
+ copy_fixtures(%w[127.0.0.1-key.pem], key)
857
+
858
+ revoked = cert_fixture('revoked.pem')
859
+ revoked_key = key_fixture('revoked-key.pem')
860
+
861
+ mounts = {}
862
+ mounts[:catalog] = -> (req, res) {
863
+ catalog = compile_to_catalog(<<~MANIFEST, node)
864
+ file { '#{cert}':
865
+ ensure => file,
866
+ content => '#{revoked}'
867
+ }
868
+ file { '#{key}':
869
+ ensure => file,
870
+ content => '#{revoked_key}'
871
+ }
872
+ MANIFEST
873
+
874
+ res.body = formatter.render(catalog)
875
+ res['Content-Type'] = formatter.mime
876
+ }
877
+
878
+ server.start_server(mounts: mounts) do |port|
879
+ Puppet[:serverport] = port
880
+ Puppet[:daemonize] = false
881
+ Puppet[:runinterval] = 1
882
+ Puppet[:waitforcert] = 1
883
+ Puppet[:maxwaitforcert] = 1
884
+
885
+ # simulate two runs of the agent, then return so we don't infinite loop
886
+ allow_any_instance_of(Puppet::Daemon).to receive(:run_event_loop) do |instance|
887
+ instance.agent.run(splay: false)
888
+ instance.agent.run(splay: false)
889
+ end
890
+
891
+ agent.command_line.args << '--verbose'
892
+ expect {
893
+ agent.run
894
+ }.to exit_with(1)
895
+ .and output(%r{Exiting now because the maxwaitforcert timeout has been exceeded}).to_stdout
896
+ .and output(%r{Certificate 'CN=revoked' is revoked}).to_stderr
897
+ end
898
+ end
899
+ end
743
900
  end
@@ -665,6 +665,18 @@ class amod::bad_type {
665
665
  end
666
666
 
667
667
  context 'rich data' do
668
+ let(:deferred_file) { tmpfile('deferred') }
669
+ let(:deferred_manifest) do <<~END
670
+ file { '#{deferred_file}':
671
+ ensure => file,
672
+ content => '123',
673
+ } ->
674
+ notify { 'deferred':
675
+ message => Deferred('binary_file', ['#{deferred_file}'])
676
+ }
677
+ END
678
+ end
679
+
668
680
  it "calls a deferred 4x function" do
669
681
  apply.command_line.args = ['-e', 'notify { "deferred3x": message => Deferred("join", [[1,2,3], ":"]) }']
670
682
 
@@ -681,5 +693,67 @@ class amod::bad_type {
681
693
  }.to exit_with(0) # for some reason apply returns 0 instead of 2
682
694
  .and output(%r{Notice: /Stage\[main\]/Main/Notify\[deferred4x\]/message: defined 'message' as 'I am deferred'}).to_stdout
683
695
  end
696
+
697
+ it "fails to apply a deferred function with an unsatified prerequisite" do
698
+ apply.command_line.args = ['-e', deferred_manifest]
699
+ expect {
700
+ apply.run
701
+ }.to exit_with(1) # for some reason apply returns 0 instead of 2
702
+ .and output(/Compiled catalog/).to_stdout
703
+ .and output(%r{The given file '#{deferred_file}' does not exist}).to_stderr
704
+ end
705
+
706
+ it "applies a deferred function and its prerequisite in the same run" do
707
+ Puppet[:preprocess_deferred] = false
708
+
709
+ apply.command_line.args = ['-e', deferred_manifest]
710
+ expect {
711
+ apply.run
712
+ }.to exit_with(0) # for some reason apply returns 0 instead of 2
713
+ .and output(%r{defined 'message' as Binary\("MTIz"\)}).to_stdout
714
+ end
715
+
716
+ it "validates the deferred resource before applying any resources" do
717
+ undeferred_file = tmpfile('undeferred')
718
+
719
+ manifest = <<~END
720
+ file { '#{undeferred_file}':
721
+ ensure => file,
722
+ }
723
+ file { '#{deferred_file}':
724
+ ensure => file,
725
+ content => Deferred('inline_epp', ['<%= 42 %>']),
726
+ source => 'http://example.com/content',
727
+ }
728
+ END
729
+ apply.command_line.args = ['-e', manifest]
730
+ expect {
731
+ apply.run
732
+ }.to exit_with(1)
733
+ .and output(/Compiled catalog/).to_stdout
734
+ .and output(/Validation of File.* failed: You cannot specify more than one of content, source, target/).to_stderr
735
+
736
+ # validation happens before all resources are applied, so this shouldn't exist
737
+ expect(File).to_not be_exist(undeferred_file)
738
+ end
739
+
740
+ it "evaluates resources before validating the deferred resource" do
741
+ Puppet[:preprocess_deferred] = false
742
+
743
+ manifest = <<~END
744
+ notify { 'runs before file': } ->
745
+ file { '#{deferred_file}':
746
+ ensure => file,
747
+ content => Deferred('inline_epp', ['<%= 42 %>']),
748
+ source => 'http://example.com/content',
749
+ }
750
+ END
751
+ apply.command_line.args = ['-e', manifest]
752
+ expect {
753
+ apply.run
754
+ }.to exit_with(1)
755
+ .and output(/Notify\[runs before file\]/).to_stdout
756
+ .and output(/Validation of File.* failed: You cannot specify more than one of content, source, target/).to_stderr
757
+ end
684
758
  end
685
759
  end