puppet 8.0.1-x64-mingw32 → 8.1.0-x64-mingw32
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CODEOWNERS +5 -5
- data/Gemfile.lock +32 -24
- data/ext/project_data.yaml +1 -1
- data/lib/puppet/defaults.rb +20 -2
- data/lib/puppet/http/service/ca.rb +7 -2
- data/lib/puppet/ssl/state_machine.rb +89 -11
- data/lib/puppet/thread_local.rb +1 -4
- data/lib/puppet/version.rb +1 -1
- data/lib/puppet/x509/cert_provider.rb +22 -0
- data/locales/puppet.pot +2322 -2310
- data/man/man5/puppet.conf.5 +17 -3
- data/man/man8/puppet-agent.8 +1 -1
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +1 -1
- data/man/man8/puppet-filebucket.8 +1 -1
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-module.8 +1 -1
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +1 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/integration/application/agent_spec.rb +50 -0
- data/spec/unit/application/lookup_spec.rb +1 -0
- data/spec/unit/http/service/ca_spec.rb +12 -0
- data/spec/unit/ssl/state_machine_spec.rb +69 -1
- data/spec/unit/x509/cert_provider_spec.rb +26 -0
- metadata +3 -9
    
        data/man/man5/puppet.conf.5
    CHANGED
    
    | @@ -1,7 +1,7 @@ | |
| 1 1 | 
             
            .\" generated with Ronn/v0.7.3
         | 
| 2 2 | 
             
            .\" http://github.com/rtomayko/ronn/tree/0.7.3
         | 
| 3 3 | 
             
            .
         | 
| 4 | 
            -
            .TH "PUPPETCONF" "5" " | 
| 4 | 
            +
            .TH "PUPPETCONF" "5" "June 2023" "Puppet, Inc." "Puppet manual"
         | 
| 5 5 | 
             
            \fBThis page is autogenerated; any changes will get overwritten\fR
         | 
| 6 6 | 
             
            .
         | 
| 7 7 | 
             
            .SH "Configuration settings"
         | 
| @@ -163,6 +163,20 @@ The port to use for the certificate authority\. | |
| 163 163 | 
             
            .
         | 
| 164 164 | 
             
            .IP "" 0
         | 
| 165 165 | 
             
            .
         | 
| 166 | 
            +
            .SS "ca_refresh_interval"
         | 
| 167 | 
            +
            How often the Puppet agent refreshes its local CA certs\. By default the CA certs are refreshed once every 24 hours\. If a different duration is specified, then the agent will refresh its CA certs whenever it next runs and the elapsed time since the certs were last refreshed exceeds the duration\.
         | 
| 168 | 
            +
            .
         | 
| 169 | 
            +
            .P
         | 
| 170 | 
            +
            In general, the duration should be greater than the \fBruninterval\fR\. Setting it to 0 or an equal or lesser value than \fBruninterval\fR, will cause the CA certs to be refreshed on every run\.
         | 
| 171 | 
            +
            .
         | 
| 172 | 
            +
            .P
         | 
| 173 | 
            +
            If the agent downloads new CA certs, the agent will use it for subsequent network requests\. If the refresh request fails or if the CA certs are unchanged on the server, then the agent run will continue using the local CA certs it already has\. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y)\.
         | 
| 174 | 
            +
            .
         | 
| 175 | 
            +
            .IP "\(bu" 4
         | 
| 176 | 
            +
            \fIDefault\fR: \fB1d\fR
         | 
| 177 | 
            +
            .
         | 
| 178 | 
            +
            .IP "" 0
         | 
| 179 | 
            +
            .
         | 
| 166 180 | 
             
            .SS "ca_server"
         | 
| 167 181 | 
             
            The server to use for certificate authority requests\. It\'s a separate server because it cannot and does not need to horizontally scale\.
         | 
| 168 182 | 
             
            .
         | 
| @@ -395,7 +409,7 @@ Prints the value of a specific configuration setting\. If the name of a setting | |
| 395 409 | 
             
            How often the Puppet agent refreshes its local CRL\. By default the CRL is refreshed once every 24 hours\. If a different duration is specified, then the agent will refresh its CRL whenever it next runs and the elapsed time since the CRL was last refreshed exceeds the duration\.
         | 
| 396 410 | 
             
            .
         | 
| 397 411 | 
             
            .P
         | 
| 398 | 
            -
            In general, the duration should be greater than the \fBruninterval\fR\. Setting it to an equal or lesser value will cause the CRL to be refreshed on every run\.
         | 
| 412 | 
            +
            In general, the duration should be greater than the \fBruninterval\fR\. Setting it to 0 or an equal or lesser value than \fBruninterval\fR, will cause the CRL to be refreshed on every run\.
         | 
| 399 413 | 
             
            .
         | 
| 400 414 | 
             
            .P
         | 
| 401 415 | 
             
            If the agent downloads a new CRL, the agent will use it for subsequent network requests\. If the refresh request fails or if the CRL is unchanged on the server, then the agent run will continue using the local CRL it already has\.This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y)\.
         | 
| @@ -945,7 +959,7 @@ The time to wait for data to be read from an HTTP connection\. If nothing is rea | |
| 945 959 | 
             
            The HTTP User\-Agent string to send when making network requests\.
         | 
| 946 960 | 
             
            .
         | 
| 947 961 | 
             
            .IP "\(bu" 4
         | 
| 948 | 
            -
            \fIDefault\fR: \fBPuppet/8\. | 
| 962 | 
            +
            \fIDefault\fR: \fBPuppet/8\.1\.0 Ruby/3\.1\.1\-p18 (x86_64\-linux)\fR
         | 
| 949 963 | 
             
            .
         | 
| 950 964 | 
             
            .IP "" 0
         | 
| 951 965 | 
             
            .
         | 
    
        data/man/man8/puppet-agent.8
    CHANGED
    
    | @@ -1,7 +1,7 @@ | |
| 1 1 | 
             
            .\" generated with Ronn/v0.7.3
         | 
| 2 2 | 
             
            .\" http://github.com/rtomayko/ronn/tree/0.7.3
         | 
| 3 3 | 
             
            .
         | 
| 4 | 
            -
            .TH "PUPPET\-AGENT" "8" " | 
| 4 | 
            +
            .TH "PUPPET\-AGENT" "8" "June 2023" "Puppet, Inc." "Puppet manual"
         | 
| 5 5 | 
             
            .
         | 
| 6 6 | 
             
            .SH "NAME"
         | 
| 7 7 | 
             
            \fBpuppet\-agent\fR \- The puppet agent daemon
         | 
    
        data/man/man8/puppet-apply.8
    CHANGED
    
    | @@ -1,7 +1,7 @@ | |
| 1 1 | 
             
            .\" generated with Ronn/v0.7.3
         | 
| 2 2 | 
             
            .\" http://github.com/rtomayko/ronn/tree/0.7.3
         | 
| 3 3 | 
             
            .
         | 
| 4 | 
            -
            .TH "PUPPET\-APPLY" "8" " | 
| 4 | 
            +
            .TH "PUPPET\-APPLY" "8" "June 2023" "Puppet, Inc." "Puppet manual"
         | 
| 5 5 | 
             
            .
         | 
| 6 6 | 
             
            .SH "NAME"
         | 
| 7 7 | 
             
            \fBpuppet\-apply\fR \- Apply Puppet manifests locally
         | 
    
        data/man/man8/puppet-catalog.8
    CHANGED
    
    | @@ -1,7 +1,7 @@ | |
| 1 1 | 
             
            .\" generated with Ronn/v0.7.3
         | 
| 2 2 | 
             
            .\" http://github.com/rtomayko/ronn/tree/0.7.3
         | 
| 3 3 | 
             
            .
         | 
| 4 | 
            -
            .TH "PUPPET\-CATALOG" "8" " | 
| 4 | 
            +
            .TH "PUPPET\-CATALOG" "8" "June 2023" "Puppet, Inc." "Puppet manual"
         | 
| 5 5 | 
             
            .
         | 
| 6 6 | 
             
            .SH "NAME"
         | 
| 7 7 | 
             
            \fBpuppet\-catalog\fR \- Compile, save, view, and convert catalogs\.
         | 
    
        data/man/man8/puppet-config.8
    CHANGED
    
    | @@ -1,7 +1,7 @@ | |
| 1 1 | 
             
            .\" generated with Ronn/v0.7.3
         | 
| 2 2 | 
             
            .\" http://github.com/rtomayko/ronn/tree/0.7.3
         | 
| 3 3 | 
             
            .
         | 
| 4 | 
            -
            .TH "PUPPET\-CONFIG" "8" " | 
| 4 | 
            +
            .TH "PUPPET\-CONFIG" "8" "June 2023" "Puppet, Inc." "Puppet manual"
         | 
| 5 5 | 
             
            .
         | 
| 6 6 | 
             
            .SH "NAME"
         | 
| 7 7 | 
             
            \fBpuppet\-config\fR \- Interact with Puppet\'s settings\.
         | 
    
        data/man/man8/puppet-describe.8
    CHANGED
    
    | @@ -1,7 +1,7 @@ | |
| 1 1 | 
             
            .\" generated with Ronn/v0.7.3
         | 
| 2 2 | 
             
            .\" http://github.com/rtomayko/ronn/tree/0.7.3
         | 
| 3 3 | 
             
            .
         | 
| 4 | 
            -
            .TH "PUPPET\-DESCRIBE" "8" " | 
| 4 | 
            +
            .TH "PUPPET\-DESCRIBE" "8" "June 2023" "Puppet, Inc." "Puppet manual"
         | 
| 5 5 | 
             
            .
         | 
| 6 6 | 
             
            .SH "NAME"
         | 
| 7 7 | 
             
            \fBpuppet\-describe\fR \- Display help about resource types
         | 
    
        data/man/man8/puppet-device.8
    CHANGED
    
    | @@ -1,7 +1,7 @@ | |
| 1 1 | 
             
            .\" generated with Ronn/v0.7.3
         | 
| 2 2 | 
             
            .\" http://github.com/rtomayko/ronn/tree/0.7.3
         | 
| 3 3 | 
             
            .
         | 
| 4 | 
            -
            .TH "PUPPET\-DEVICE" "8" " | 
| 4 | 
            +
            .TH "PUPPET\-DEVICE" "8" "June 2023" "Puppet, Inc." "Puppet manual"
         | 
| 5 5 | 
             
            .
         | 
| 6 6 | 
             
            .SH "NAME"
         | 
| 7 7 | 
             
            \fBpuppet\-device\fR \- Manage remote network devices
         | 
    
        data/man/man8/puppet-doc.8
    CHANGED
    
    | @@ -1,7 +1,7 @@ | |
| 1 1 | 
             
            .\" generated with Ronn/v0.7.3
         | 
| 2 2 | 
             
            .\" http://github.com/rtomayko/ronn/tree/0.7.3
         | 
| 3 3 | 
             
            .
         | 
| 4 | 
            -
            .TH "PUPPET\-DOC" "8" " | 
| 4 | 
            +
            .TH "PUPPET\-DOC" "8" "June 2023" "Puppet, Inc." "Puppet manual"
         | 
| 5 5 | 
             
            .
         | 
| 6 6 | 
             
            .SH "NAME"
         | 
| 7 7 | 
             
            \fBpuppet\-doc\fR \- Generate Puppet references
         | 
    
        data/man/man8/puppet-epp.8
    CHANGED
    
    | @@ -1,7 +1,7 @@ | |
| 1 1 | 
             
            .\" generated with Ronn/v0.7.3
         | 
| 2 2 | 
             
            .\" http://github.com/rtomayko/ronn/tree/0.7.3
         | 
| 3 3 | 
             
            .
         | 
| 4 | 
            -
            .TH "PUPPET\-EPP" "8" " | 
| 4 | 
            +
            .TH "PUPPET\-EPP" "8" "June 2023" "Puppet, Inc." "Puppet manual"
         | 
| 5 5 | 
             
            .
         | 
| 6 6 | 
             
            .SH "NAME"
         | 
| 7 7 | 
             
            \fBpuppet\-epp\fR \- Interact directly with the EPP template parser/renderer\.
         | 
    
        data/man/man8/puppet-facts.8
    CHANGED
    
    | @@ -1,7 +1,7 @@ | |
| 1 1 | 
             
            .\" generated with Ronn/v0.7.3
         | 
| 2 2 | 
             
            .\" http://github.com/rtomayko/ronn/tree/0.7.3
         | 
| 3 3 | 
             
            .
         | 
| 4 | 
            -
            .TH "PUPPET\-FACTS" "8" " | 
| 4 | 
            +
            .TH "PUPPET\-FACTS" "8" "June 2023" "Puppet, Inc." "Puppet manual"
         | 
| 5 5 | 
             
            .
         | 
| 6 6 | 
             
            .SH "NAME"
         | 
| 7 7 | 
             
            \fBpuppet\-facts\fR \- Retrieve and store facts\.
         | 
| @@ -1,7 +1,7 @@ | |
| 1 1 | 
             
            .\" generated with Ronn/v0.7.3
         | 
| 2 2 | 
             
            .\" http://github.com/rtomayko/ronn/tree/0.7.3
         | 
| 3 3 | 
             
            .
         | 
| 4 | 
            -
            .TH "PUPPET\-FILEBUCKET" "8" " | 
| 4 | 
            +
            .TH "PUPPET\-FILEBUCKET" "8" "June 2023" "Puppet, Inc." "Puppet manual"
         | 
| 5 5 | 
             
            .
         | 
| 6 6 | 
             
            .SH "NAME"
         | 
| 7 7 | 
             
            \fBpuppet\-filebucket\fR \- Store and retrieve files in a filebucket
         | 
    
        data/man/man8/puppet-generate.8
    CHANGED
    
    | @@ -1,7 +1,7 @@ | |
| 1 1 | 
             
            .\" generated with Ronn/v0.7.3
         | 
| 2 2 | 
             
            .\" http://github.com/rtomayko/ronn/tree/0.7.3
         | 
| 3 3 | 
             
            .
         | 
| 4 | 
            -
            .TH "PUPPET\-GENERATE" "8" " | 
| 4 | 
            +
            .TH "PUPPET\-GENERATE" "8" "June 2023" "Puppet, Inc." "Puppet manual"
         | 
| 5 5 | 
             
            .
         | 
| 6 6 | 
             
            .SH "NAME"
         | 
| 7 7 | 
             
            \fBpuppet\-generate\fR \- Generates Puppet code from Ruby definitions\.
         | 
    
        data/man/man8/puppet-help.8
    CHANGED
    
    | @@ -1,7 +1,7 @@ | |
| 1 1 | 
             
            .\" generated with Ronn/v0.7.3
         | 
| 2 2 | 
             
            .\" http://github.com/rtomayko/ronn/tree/0.7.3
         | 
| 3 3 | 
             
            .
         | 
| 4 | 
            -
            .TH "PUPPET\-HELP" "8" " | 
| 4 | 
            +
            .TH "PUPPET\-HELP" "8" "June 2023" "Puppet, Inc." "Puppet manual"
         | 
| 5 5 | 
             
            .
         | 
| 6 6 | 
             
            .SH "NAME"
         | 
| 7 7 | 
             
            \fBpuppet\-help\fR \- Display Puppet help\.
         | 
    
        data/man/man8/puppet-lookup.8
    CHANGED
    
    | @@ -1,7 +1,7 @@ | |
| 1 1 | 
             
            .\" generated with Ronn/v0.7.3
         | 
| 2 2 | 
             
            .\" http://github.com/rtomayko/ronn/tree/0.7.3
         | 
| 3 3 | 
             
            .
         | 
| 4 | 
            -
            .TH "PUPPET\-LOOKUP" "8" " | 
| 4 | 
            +
            .TH "PUPPET\-LOOKUP" "8" "June 2023" "Puppet, Inc." "Puppet manual"
         | 
| 5 5 | 
             
            .
         | 
| 6 6 | 
             
            .SH "NAME"
         | 
| 7 7 | 
             
            \fBpuppet\-lookup\fR \- Interactive Hiera lookup
         | 
    
        data/man/man8/puppet-module.8
    CHANGED
    
    | @@ -1,7 +1,7 @@ | |
| 1 1 | 
             
            .\" generated with Ronn/v0.7.3
         | 
| 2 2 | 
             
            .\" http://github.com/rtomayko/ronn/tree/0.7.3
         | 
| 3 3 | 
             
            .
         | 
| 4 | 
            -
            .TH "PUPPET\-MODULE" "8" " | 
| 4 | 
            +
            .TH "PUPPET\-MODULE" "8" "June 2023" "Puppet, Inc." "Puppet manual"
         | 
| 5 5 | 
             
            .
         | 
| 6 6 | 
             
            .SH "NAME"
         | 
| 7 7 | 
             
            \fBpuppet\-module\fR \- Creates, installs and searches for modules on the Puppet Forge\.
         | 
    
        data/man/man8/puppet-node.8
    CHANGED
    
    | @@ -1,7 +1,7 @@ | |
| 1 1 | 
             
            .\" generated with Ronn/v0.7.3
         | 
| 2 2 | 
             
            .\" http://github.com/rtomayko/ronn/tree/0.7.3
         | 
| 3 3 | 
             
            .
         | 
| 4 | 
            -
            .TH "PUPPET\-NODE" "8" " | 
| 4 | 
            +
            .TH "PUPPET\-NODE" "8" "June 2023" "Puppet, Inc." "Puppet manual"
         | 
| 5 5 | 
             
            .
         | 
| 6 6 | 
             
            .SH "NAME"
         | 
| 7 7 | 
             
            \fBpuppet\-node\fR \- View and manage node definitions\.
         | 
    
        data/man/man8/puppet-parser.8
    CHANGED
    
    | @@ -1,7 +1,7 @@ | |
| 1 1 | 
             
            .\" generated with Ronn/v0.7.3
         | 
| 2 2 | 
             
            .\" http://github.com/rtomayko/ronn/tree/0.7.3
         | 
| 3 3 | 
             
            .
         | 
| 4 | 
            -
            .TH "PUPPET\-PARSER" "8" " | 
| 4 | 
            +
            .TH "PUPPET\-PARSER" "8" "June 2023" "Puppet, Inc." "Puppet manual"
         | 
| 5 5 | 
             
            .
         | 
| 6 6 | 
             
            .SH "NAME"
         | 
| 7 7 | 
             
            \fBpuppet\-parser\fR \- Interact directly with the parser\.
         | 
    
        data/man/man8/puppet-plugin.8
    CHANGED
    
    | @@ -1,7 +1,7 @@ | |
| 1 1 | 
             
            .\" generated with Ronn/v0.7.3
         | 
| 2 2 | 
             
            .\" http://github.com/rtomayko/ronn/tree/0.7.3
         | 
| 3 3 | 
             
            .
         | 
| 4 | 
            -
            .TH "PUPPET\-PLUGIN" "8" " | 
| 4 | 
            +
            .TH "PUPPET\-PLUGIN" "8" "June 2023" "Puppet, Inc." "Puppet manual"
         | 
| 5 5 | 
             
            .
         | 
| 6 6 | 
             
            .SH "NAME"
         | 
| 7 7 | 
             
            \fBpuppet\-plugin\fR \- Interact with the Puppet plugin system\.
         | 
    
        data/man/man8/puppet-report.8
    CHANGED
    
    | @@ -1,7 +1,7 @@ | |
| 1 1 | 
             
            .\" generated with Ronn/v0.7.3
         | 
| 2 2 | 
             
            .\" http://github.com/rtomayko/ronn/tree/0.7.3
         | 
| 3 3 | 
             
            .
         | 
| 4 | 
            -
            .TH "PUPPET\-REPORT" "8" " | 
| 4 | 
            +
            .TH "PUPPET\-REPORT" "8" "June 2023" "Puppet, Inc." "Puppet manual"
         | 
| 5 5 | 
             
            .
         | 
| 6 6 | 
             
            .SH "NAME"
         | 
| 7 7 | 
             
            \fBpuppet\-report\fR \- Create, display, and submit reports\.
         | 
    
        data/man/man8/puppet-resource.8
    CHANGED
    
    | @@ -1,7 +1,7 @@ | |
| 1 1 | 
             
            .\" generated with Ronn/v0.7.3
         | 
| 2 2 | 
             
            .\" http://github.com/rtomayko/ronn/tree/0.7.3
         | 
| 3 3 | 
             
            .
         | 
| 4 | 
            -
            .TH "PUPPET\-RESOURCE" "8" " | 
| 4 | 
            +
            .TH "PUPPET\-RESOURCE" "8" "June 2023" "Puppet, Inc." "Puppet manual"
         | 
| 5 5 | 
             
            .
         | 
| 6 6 | 
             
            .SH "NAME"
         | 
| 7 7 | 
             
            \fBpuppet\-resource\fR \- The resource abstraction layer shell
         | 
    
        data/man/man8/puppet-script.8
    CHANGED
    
    | @@ -1,7 +1,7 @@ | |
| 1 1 | 
             
            .\" generated with Ronn/v0.7.3
         | 
| 2 2 | 
             
            .\" http://github.com/rtomayko/ronn/tree/0.7.3
         | 
| 3 3 | 
             
            .
         | 
| 4 | 
            -
            .TH "PUPPET\-SCRIPT" "8" " | 
| 4 | 
            +
            .TH "PUPPET\-SCRIPT" "8" "June 2023" "Puppet, Inc." "Puppet manual"
         | 
| 5 5 | 
             
            .
         | 
| 6 6 | 
             
            .SH "NAME"
         | 
| 7 7 | 
             
            \fBpuppet\-script\fR \- Run a puppet manifests as a script without compiling a catalog
         | 
    
        data/man/man8/puppet-ssl.8
    CHANGED
    
    | @@ -1,7 +1,7 @@ | |
| 1 1 | 
             
            .\" generated with Ronn/v0.7.3
         | 
| 2 2 | 
             
            .\" http://github.com/rtomayko/ronn/tree/0.7.3
         | 
| 3 3 | 
             
            .
         | 
| 4 | 
            -
            .TH "PUPPET\-SSL" "8" " | 
| 4 | 
            +
            .TH "PUPPET\-SSL" "8" "June 2023" "Puppet, Inc." "Puppet manual"
         | 
| 5 5 | 
             
            .
         | 
| 6 6 | 
             
            .SH "NAME"
         | 
| 7 7 | 
             
            \fBpuppet\-ssl\fR \- Manage SSL keys and certificates for puppet SSL clients
         | 
    
        data/man/man8/puppet.8
    CHANGED
    
    | @@ -1,7 +1,7 @@ | |
| 1 1 | 
             
            .\" generated with Ronn/v0.7.3
         | 
| 2 2 | 
             
            .\" http://github.com/rtomayko/ronn/tree/0.7.3
         | 
| 3 3 | 
             
            .
         | 
| 4 | 
            -
            .TH "PUPPET" "8" " | 
| 4 | 
            +
            .TH "PUPPET" "8" "June 2023" "Puppet, Inc." "Puppet manual"
         | 
| 5 5 | 
             
            .
         | 
| 6 6 | 
             
            .SH "NAME"
         | 
| 7 7 | 
             
            \fBpuppet\fR
         | 
| @@ -25,4 +25,4 @@ Specialized: | |
| 25 25 | 
             
            catalog Compile, save, view, and convert catalogs\. describe Display help about resource types device Manage remote network devices doc Generate Puppet references epp Interact directly with the EPP template parser/renderer\. facts Retrieve and store facts\. filebucket Store and retrieve files in a filebucket generate Generates Puppet code from Ruby definitions\. node View and manage node definitions\. parser Interact directly with the parser\. plugin Interact with the Puppet plugin system\. script Run a puppet manifests as a script without compiling a catalog ssl Manage SSL keys and certificates for puppet SSL clients
         | 
| 26 26 | 
             
            .
         | 
| 27 27 | 
             
            .P
         | 
| 28 | 
            -
            See \'puppet help \fIsubcommand\fR \fIaction\fR\' for help on a specific subcommand action\. See \'puppet help \fIsubcommand\fR\' for help on a specific subcommand\. Puppet v8\. | 
| 28 | 
            +
            See \'puppet help \fIsubcommand\fR \fIaction\fR\' for help on a specific subcommand action\. See \'puppet help \fIsubcommand\fR\' for help on a specific subcommand\. Puppet v8\.1\.0
         | 
| @@ -896,6 +896,55 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do | |
| 896 896 | 
             
                     .and output(%r{Certificate 'CN=revoked' is revoked}).to_stderr
         | 
| 897 897 | 
             
                  end
         | 
| 898 898 | 
             
                end
         | 
| 899 | 
            +
             | 
| 900 | 
            +
                it "refreshes the CA and CRL" do
         | 
| 901 | 
            +
                  Puppet[:localcacert] = ca = tmpfile('ca')
         | 
| 902 | 
            +
                  Puppet[:hostcrl] = crl = tmpfile('crl')
         | 
| 903 | 
            +
                  copy_fixtures(%w[ca.pem intermediate.pem], ca)
         | 
| 904 | 
            +
                  copy_fixtures(%w[crl.pem intermediate-crl.pem], crl)
         | 
| 905 | 
            +
             | 
| 906 | 
            +
                  now = Time.now
         | 
| 907 | 
            +
                  yesterday = now - (60 * 60 * 24)
         | 
| 908 | 
            +
                  Puppet::FileSystem.touch(ca, mtime: yesterday)
         | 
| 909 | 
            +
                  Puppet::FileSystem.touch(crl, mtime: yesterday)
         | 
| 910 | 
            +
             | 
| 911 | 
            +
                  server.start_server do |port|
         | 
| 912 | 
            +
                    Puppet[:serverport] = port
         | 
| 913 | 
            +
                    Puppet[:ca_refresh_interval] = 1
         | 
| 914 | 
            +
             | 
| 915 | 
            +
                    expect {
         | 
| 916 | 
            +
                      agent.command_line.args << '--test'
         | 
| 917 | 
            +
                      agent.run
         | 
| 918 | 
            +
                    }.to exit_with(0)
         | 
| 919 | 
            +
                     .and output(/Info: Refreshed CA certificate: /).to_stdout
         | 
| 920 | 
            +
                  end
         | 
| 921 | 
            +
             | 
| 922 | 
            +
                  # If the CA is updated, then the CRL must be updated too
         | 
| 923 | 
            +
                  expect(Puppet::FileSystem.stat(ca).mtime).to be >= now
         | 
| 924 | 
            +
                  expect(Puppet::FileSystem.stat(crl).mtime).to be >= now
         | 
| 925 | 
            +
                end
         | 
| 926 | 
            +
             | 
| 927 | 
            +
                it "refreshes only the CRL" do
         | 
| 928 | 
            +
                  Puppet[:hostcrl] = crl = tmpfile('crl')
         | 
| 929 | 
            +
                  copy_fixtures(%w[crl.pem intermediate-crl.pem], crl)
         | 
| 930 | 
            +
             | 
| 931 | 
            +
                  now = Time.now
         | 
| 932 | 
            +
                  yesterday = now - (60 * 60 * 24)
         | 
| 933 | 
            +
                  Puppet::FileSystem.touch(crl, mtime: yesterday)
         | 
| 934 | 
            +
             | 
| 935 | 
            +
                  server.start_server do |port|
         | 
| 936 | 
            +
                    Puppet[:serverport] = port
         | 
| 937 | 
            +
                    Puppet[:crl_refresh_interval] = 1
         | 
| 938 | 
            +
             | 
| 939 | 
            +
                    expect {
         | 
| 940 | 
            +
                      agent.command_line.args << '--test'
         | 
| 941 | 
            +
                      agent.run
         | 
| 942 | 
            +
                    }.to exit_with(0)
         | 
| 943 | 
            +
                     .and output(/Info: Refreshed CRL: /).to_stdout
         | 
| 944 | 
            +
                  end
         | 
| 945 | 
            +
             | 
| 946 | 
            +
                  expect(Puppet::FileSystem.stat(crl).mtime).to be >= now
         | 
| 947 | 
            +
                end
         | 
| 899 948 | 
             
              end
         | 
| 900 949 |  | 
| 901 950 | 
             
              context "legacy facts" do
         | 
| @@ -994,6 +1043,7 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do | |
| 994 1043 | 
             
                    expect {
         | 
| 995 1044 | 
             
                      agent.run
         | 
| 996 1045 | 
             
                    }.to exit_with(1)
         | 
| 1046 | 
            +
                      .and output(/Info: Loading facts/).to_stdout
         | 
| 997 1047 | 
             
                      .and output(
         | 
| 998 1048 | 
             
                        match(/Error: Evaluation Error: Unknown variable: 'osfamily'/)
         | 
| 999 1049 | 
             
                          .and match(/Error: Could not retrieve catalog from remote server: Error 500 on SERVER:/)
         | 
| @@ -95,6 +95,18 @@ describe Puppet::HTTP::Service::Ca do | |
| 95 95 | 
             
                    expect(err.response.code).to eq(404)
         | 
| 96 96 | 
             
                  end
         | 
| 97 97 | 
             
                end
         | 
| 98 | 
            +
             | 
| 99 | 
            +
                it 'raises a 304 response error if it is unmodified' do
         | 
| 100 | 
            +
                  stub_request(:get, url).to_return(status: [304, 'Not Modified'])
         | 
| 101 | 
            +
             | 
| 102 | 
            +
                  expect {
         | 
| 103 | 
            +
                    subject.get_certificate('ca', if_modified_since: Time.now)
         | 
| 104 | 
            +
                  }.to raise_error do |err|
         | 
| 105 | 
            +
                    expect(err).to be_an_instance_of(Puppet::HTTP::ResponseError)
         | 
| 106 | 
            +
                    expect(err.message).to eq("Not Modified")
         | 
| 107 | 
            +
                    expect(err.response.code).to eq(304)
         | 
| 108 | 
            +
                  end
         | 
| 109 | 
            +
                end
         | 
| 98 110 | 
             
              end
         | 
| 99 111 |  | 
| 100 112 | 
             
              context 'when getting CRLs' do
         | 
| @@ -30,7 +30,9 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do | |
| 30 30 | 
             
                Puppet[:daemonize] = false
         | 
| 31 31 | 
             
                Puppet[:ssl_lockfile] = tmpfile('ssllock')
         | 
| 32 32 | 
             
                allow(Kernel).to receive(:sleep)
         | 
| 33 | 
            -
                 | 
| 33 | 
            +
                future = Time.now + (5 * 60)
         | 
| 34 | 
            +
                allow_any_instance_of(Puppet::X509::CertProvider).to receive(:crl_last_update).and_return(future)
         | 
| 35 | 
            +
                allow_any_instance_of(Puppet::X509::CertProvider).to receive(:ca_last_update).and_return(future)
         | 
| 34 36 | 
             
              end
         | 
| 35 37 |  | 
| 36 38 | 
             
              def expected_digest(name, content)
         | 
| @@ -396,6 +398,16 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do | |
| 396 398 | 
             
                  expect(File).to_not exist(Puppet[:localcacert])
         | 
| 397 399 | 
             
                end
         | 
| 398 400 |  | 
| 401 | 
            +
                it 'skips CA refresh if it has not expired' do
         | 
| 402 | 
            +
                  Puppet[:ca_refresh_interval] = '1y'
         | 
| 403 | 
            +
                  Puppet::FileSystem.touch(Puppet[:localcacert], mtime: Time.now)
         | 
| 404 | 
            +
             | 
| 405 | 
            +
                  allow_any_instance_of(Puppet::X509::CertProvider).to receive(:load_cacerts).and_return(cacerts)
         | 
| 406 | 
            +
             | 
| 407 | 
            +
                  # we're expecting a net/http request to never be made
         | 
| 408 | 
            +
                  state.next_state
         | 
| 409 | 
            +
                end
         | 
| 410 | 
            +
             | 
| 399 411 | 
             
                context 'when verifying CA cert bundle' do
         | 
| 400 412 | 
             
                  before :each do
         | 
| 401 413 | 
             
                    allow(cert_provider).to receive(:load_cacerts).and_return(nil)
         | 
| @@ -436,6 +448,61 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do | |
| 436 448 | 
             
                    expect(st.message).to eq("CA bundle with digest (SHA256) #{fingerprint} did not match expected digest WR:ON:G!")
         | 
| 437 449 | 
             
                  end
         | 
| 438 450 | 
             
                end
         | 
| 451 | 
            +
             | 
| 452 | 
            +
                context 'when refreshing a CA bundle' do
         | 
| 453 | 
            +
                  before :each do
         | 
| 454 | 
            +
                    Puppet[:ca_refresh_interval] = '1s'
         | 
| 455 | 
            +
                    allow_any_instance_of(Puppet::X509::CertProvider).to receive(:load_cacerts).and_return(cacerts)
         | 
| 456 | 
            +
             | 
| 457 | 
            +
                    yesterday = Time.now - (24 * 60 * 60)
         | 
| 458 | 
            +
                    allow_any_instance_of(Puppet::X509::CertProvider).to receive(:ca_last_update).and_return(yesterday)
         | 
| 459 | 
            +
                  end
         | 
| 460 | 
            +
             | 
| 461 | 
            +
                  let(:new_ca_bundle) do
         | 
| 462 | 
            +
                    # add 'unknown' cert to the bundle
         | 
| 463 | 
            +
                    [cacert, cert_fixture('intermediate.pem'), cert_fixture('unknown-ca.pem')].map(&:to_pem)
         | 
| 464 | 
            +
                  end
         | 
| 465 | 
            +
             | 
| 466 | 
            +
                  it 'uses the local CA if it has not been modified' do
         | 
| 467 | 
            +
                    stub_request(:get, %r{puppet-ca/v1/certificate/ca}).to_return(status: 304)
         | 
| 468 | 
            +
             | 
| 469 | 
            +
                    expect(state.next_state.ssl_context.cacerts).to eq(cacerts)
         | 
| 470 | 
            +
                  end
         | 
| 471 | 
            +
             | 
| 472 | 
            +
                  it 'uses the local CA if refreshing fails in HTTP layer' do
         | 
| 473 | 
            +
                    stub_request(:get, %r{puppet-ca/v1/certificate/ca}).to_return(status: 503)
         | 
| 474 | 
            +
             | 
| 475 | 
            +
                    expect(state.next_state.ssl_context.cacerts).to eq(cacerts)
         | 
| 476 | 
            +
                  end
         | 
| 477 | 
            +
             | 
| 478 | 
            +
                  it 'uses the local CA if refreshing fails in TCP layer' do
         | 
| 479 | 
            +
                    stub_request(:get, %r{puppet-ca/v1/certificate/ca}).to_raise(Errno::ECONNREFUSED)
         | 
| 480 | 
            +
             | 
| 481 | 
            +
                    expect(state.next_state.ssl_context.cacerts).to eq(cacerts)
         | 
| 482 | 
            +
                  end
         | 
| 483 | 
            +
             | 
| 484 | 
            +
                  it 'uses the updated crl for the future requests' do
         | 
| 485 | 
            +
                    stub_request(:get, %r{puppet-ca/v1/certificate/ca}).to_return(status: 200, body: new_ca_bundle.join)
         | 
| 486 | 
            +
             | 
| 487 | 
            +
                    expect(state.next_state.ssl_context.cacerts.map(&:to_pem)).to eq(new_ca_bundle)
         | 
| 488 | 
            +
                  end
         | 
| 489 | 
            +
             | 
| 490 | 
            +
                  it 'updates the `last_update` time' do
         | 
| 491 | 
            +
                    stub_request(:get, %r{puppet-ca/v1/certificate/ca}).to_return(status: 200, body: new_ca_bundle.join)
         | 
| 492 | 
            +
             | 
| 493 | 
            +
                    expect_any_instance_of(Puppet::X509::CertProvider).to receive(:ca_last_update=).with(be_within(60).of(Time.now))
         | 
| 494 | 
            +
             | 
| 495 | 
            +
                    state.next_state
         | 
| 496 | 
            +
                  end
         | 
| 497 | 
            +
             | 
| 498 | 
            +
                  it 'forces the NeedCRLs to refresh' do
         | 
| 499 | 
            +
                    stub_request(:get, %r{puppet-ca/v1/certificate/ca}).to_return(status: 200, body: new_ca_bundle.join)
         | 
| 500 | 
            +
             | 
| 501 | 
            +
                    st = state.next_state
         | 
| 502 | 
            +
                    expect(st).to be_an_instance_of(Puppet::SSL::StateMachine::NeedCRLs)
         | 
| 503 | 
            +
                    expect(st.force_crl_refresh).to eq(true)
         | 
| 504 | 
            +
                  end
         | 
| 505 | 
            +
                end
         | 
| 439 506 | 
             
              end
         | 
| 440 507 |  | 
| 441 508 | 
             
              context 'NeedCRLs' do
         | 
| @@ -533,6 +600,7 @@ describe Puppet::SSL::StateMachine, unless: Puppet::Util::Platform.jruby? do | |
| 533 600 |  | 
| 534 601 | 
             
                  allow_any_instance_of(Puppet::X509::CertProvider).to receive(:load_crls).and_return(crls)
         | 
| 535 602 |  | 
| 603 | 
            +
                  # we're expecting a net/http request to never be made
         | 
| 536 604 | 
             
                  state.next_state
         | 
| 537 605 | 
             
                end
         | 
| 538 606 |  | 
| @@ -586,6 +586,32 @@ describe Puppet::X509::CertProvider do | |
| 586 586 | 
             
                end
         | 
| 587 587 | 
             
              end
         | 
| 588 588 |  | 
| 589 | 
            +
              context 'CA last update time' do
         | 
| 590 | 
            +
                let(:ca_path) { tmpfile('pem_ca') }
         | 
| 591 | 
            +
             | 
| 592 | 
            +
                it 'returns nil if the CA does not exist' do
         | 
| 593 | 
            +
                  provider = create_provider(capath: '/does/not/exist')
         | 
| 594 | 
            +
             | 
| 595 | 
            +
                  expect(provider.ca_last_update).to be_nil
         | 
| 596 | 
            +
                end
         | 
| 597 | 
            +
             | 
| 598 | 
            +
                it 'returns the last update time' do
         | 
| 599 | 
            +
                  time = Time.now - 30
         | 
| 600 | 
            +
                  Puppet::FileSystem.touch(ca_path, mtime: time)
         | 
| 601 | 
            +
                  provider = create_provider(capath: ca_path)
         | 
| 602 | 
            +
             | 
| 603 | 
            +
                  expect(provider.ca_last_update).to be_within(1).of(time)
         | 
| 604 | 
            +
                end
         | 
| 605 | 
            +
             | 
| 606 | 
            +
                it 'sets the last update time' do
         | 
| 607 | 
            +
                  time = Time.now - 30
         | 
| 608 | 
            +
                  provider = create_provider(capath: ca_path)
         | 
| 609 | 
            +
                  provider.ca_last_update = time
         | 
| 610 | 
            +
             | 
| 611 | 
            +
                  expect(Puppet::FileSystem.stat(ca_path).mtime).to be_within(1).of(time)
         | 
| 612 | 
            +
                end
         | 
| 613 | 
            +
              end
         | 
| 614 | 
            +
             | 
| 589 615 | 
             
              context 'CRL last update time' do
         | 
| 590 616 | 
             
                let(:crl_path) { tmpfile('pem_crls') }
         | 
| 591 617 |  | 
    
        metadata
    CHANGED
    
    | @@ -1,14 +1,14 @@ | |
| 1 1 | 
             
            --- !ruby/object:Gem::Specification
         | 
| 2 2 | 
             
            name: puppet
         | 
| 3 3 | 
             
            version: !ruby/object:Gem::Version
         | 
| 4 | 
            -
              version: 8.0 | 
| 4 | 
            +
              version: 8.1.0
         | 
| 5 5 | 
             
            platform: x64-mingw32
         | 
| 6 6 | 
             
            authors:
         | 
| 7 7 | 
             
            - Puppet Labs
         | 
| 8 8 | 
             
            autorequire: 
         | 
| 9 9 | 
             
            bindir: bin
         | 
| 10 10 | 
             
            cert_chain: []
         | 
| 11 | 
            -
            date: 2023- | 
| 11 | 
            +
            date: 2023-06-13 00:00:00.000000000 Z
         | 
| 12 12 | 
             
            dependencies:
         | 
| 13 13 | 
             
            - !ruby/object:Gem::Dependency
         | 
| 14 14 | 
             
              name: facter
         | 
| @@ -113,9 +113,6 @@ dependencies: | |
| 113 113 | 
             
                - - "~>"
         | 
| 114 114 | 
             
                  - !ruby/object:Gem::Version
         | 
| 115 115 | 
             
                    version: '1.0'
         | 
| 116 | 
            -
                - - "<"
         | 
| 117 | 
            -
                  - !ruby/object:Gem::Version
         | 
| 118 | 
            -
                    version: 1.2.0
         | 
| 119 116 | 
             
              type: :runtime
         | 
| 120 117 | 
             
              prerelease: false
         | 
| 121 118 | 
             
              version_requirements: !ruby/object:Gem::Requirement
         | 
| @@ -123,9 +120,6 @@ dependencies: | |
| 123 120 | 
             
                - - "~>"
         | 
| 124 121 | 
             
                  - !ruby/object:Gem::Version
         | 
| 125 122 | 
             
                    version: '1.0'
         | 
| 126 | 
            -
                - - "<"
         | 
| 127 | 
            -
                  - !ruby/object:Gem::Version
         | 
| 128 | 
            -
                    version: 1.2.0
         | 
| 129 123 | 
             
            - !ruby/object:Gem::Dependency
         | 
| 130 124 | 
             
              name: deep_merge
         | 
| 131 125 | 
             
              requirement: !ruby/object:Gem::Requirement
         | 
| @@ -2557,7 +2551,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement | |
| 2557 2551 | 
             
                - !ruby/object:Gem::Version
         | 
| 2558 2552 | 
             
                  version: 1.3.1
         | 
| 2559 2553 | 
             
            requirements: []
         | 
| 2560 | 
            -
            rubygems_version: 3. | 
| 2554 | 
            +
            rubygems_version: 3.4.12
         | 
| 2561 2555 | 
             
            signing_key: 
         | 
| 2562 2556 | 
             
            specification_version: 4
         | 
| 2563 2557 | 
             
            summary: Puppet, an automated configuration management tool
         |