puppet 8.1.0-universal-darwin → 8.3.1-universal-darwin

Sign up to get free protection for your applications and to get access to all the features.
Files changed (149) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +1 -1
  3. data/Gemfile.lock +39 -45
  4. data/ext/project_data.yaml +2 -2
  5. data/lib/puppet/application/doc.rb +1 -1
  6. data/lib/puppet/application/ssl.rb +42 -7
  7. data/lib/puppet/application.rb +5 -1
  8. data/lib/puppet/defaults.rb +17 -5
  9. data/lib/puppet/face/config.rb +1 -1
  10. data/lib/puppet/face/epp.rb +2 -2
  11. data/lib/puppet/face/module/list.rb +2 -2
  12. data/lib/puppet/face/parser.rb +1 -1
  13. data/lib/puppet/functions/split.rb +28 -1
  14. data/lib/puppet/http/client.rb +12 -5
  15. data/lib/puppet/http/service/ca.rb +25 -0
  16. data/lib/puppet/indirector/facts/facter.rb +1 -1
  17. data/lib/puppet/indirector/file_bucket_file/file.rb +1 -1
  18. data/lib/puppet/indirector/indirection.rb +1 -1
  19. data/lib/puppet/info_service/task_information_service.rb +1 -1
  20. data/lib/puppet/module_tool.rb +1 -1
  21. data/lib/puppet/network/formats.rb +3 -3
  22. data/lib/puppet/network/http/memory_response.rb +1 -1
  23. data/lib/puppet/node/environment.rb +6 -4
  24. data/lib/puppet/parameter/value_collection.rb +1 -1
  25. data/lib/puppet/parser/files.rb +4 -3
  26. data/lib/puppet/parser/functions.rb +1 -1
  27. data/lib/puppet/pops/evaluator/deferred_resolver.rb +20 -3
  28. data/lib/puppet/pops/loader/loader_paths.rb +4 -4
  29. data/lib/puppet/pops/lookup/explainer.rb +1 -1
  30. data/lib/puppet/pops/lookup/hiera_config.rb +1 -1
  31. data/lib/puppet/pops/model/factory.rb +1 -1
  32. data/lib/puppet/pops/model/tree_dumper.rb +1 -1
  33. data/lib/puppet/pops/parser/epp_support.rb +1 -1
  34. data/lib/puppet/pops/parser/evaluating_parser.rb +1 -1
  35. data/lib/puppet/pops/parser/pn_parser.rb +1 -1
  36. data/lib/puppet/pops/pn.rb +1 -1
  37. data/lib/puppet/pops/serialization/json_path.rb +1 -1
  38. data/lib/puppet/pops/time/timespan.rb +4 -4
  39. data/lib/puppet/pops/types/ruby_generator.rb +2 -2
  40. data/lib/puppet/pops/types/string_converter.rb +6 -6
  41. data/lib/puppet/pops/types/type_formatter.rb +2 -2
  42. data/lib/puppet/pops/types/types.rb +1 -1
  43. data/lib/puppet/provider/nameservice/directoryservice.rb +2 -2
  44. data/lib/puppet/provider/package/apt.rb +1 -1
  45. data/lib/puppet/provider/package/dnf.rb +1 -1
  46. data/lib/puppet/provider/package/yum.rb +1 -1
  47. data/lib/puppet/provider/user/directoryservice.rb +1 -1
  48. data/lib/puppet/reference/configuration.rb +1 -1
  49. data/lib/puppet/reference/indirection.rb +1 -1
  50. data/lib/puppet/reports.rb +1 -1
  51. data/lib/puppet/ssl/oids.rb +2 -0
  52. data/lib/puppet/ssl/ssl_provider.rb +1 -1
  53. data/lib/puppet/ssl/state_machine.rb +60 -9
  54. data/lib/puppet/transaction/report.rb +1 -1
  55. data/lib/puppet/type/filebucket.rb +1 -1
  56. data/lib/puppet/util/diff.rb +1 -1
  57. data/lib/puppet/util/execution.rb +9 -4
  58. data/lib/puppet/util/inifile.rb +2 -2
  59. data/lib/puppet/util/monkey_patches.rb +18 -0
  60. data/lib/puppet/util/package/version/rpm.rb +1 -1
  61. data/lib/puppet/util/provider_features.rb +1 -1
  62. data/lib/puppet/util/selinux.rb +1 -1
  63. data/lib/puppet/util/windows/access_control_entry.rb +1 -1
  64. data/lib/puppet/util/windows/access_control_list.rb +1 -1
  65. data/lib/puppet/util/windows/adsi.rb +9 -2
  66. data/lib/puppet/util/windows/error.rb +1 -1
  67. data/lib/puppet/util/windows/file.rb +2 -2
  68. data/lib/puppet/util/windows/process.rb +1 -1
  69. data/lib/puppet/util/windows/sid.rb +4 -2
  70. data/lib/puppet/util.rb +2 -3
  71. data/lib/puppet/version.rb +1 -1
  72. data/lib/puppet/x509/cert_provider.rb +13 -2
  73. data/locales/puppet.pot +106 -74
  74. data/man/man5/puppet.conf.5 +16 -2
  75. data/man/man8/puppet-agent.8 +1 -1
  76. data/man/man8/puppet-apply.8 +1 -1
  77. data/man/man8/puppet-catalog.8 +1 -1
  78. data/man/man8/puppet-config.8 +1 -1
  79. data/man/man8/puppet-describe.8 +1 -1
  80. data/man/man8/puppet-device.8 +1 -1
  81. data/man/man8/puppet-doc.8 +1 -1
  82. data/man/man8/puppet-epp.8 +1 -1
  83. data/man/man8/puppet-facts.8 +1 -1
  84. data/man/man8/puppet-filebucket.8 +1 -1
  85. data/man/man8/puppet-generate.8 +1 -1
  86. data/man/man8/puppet-help.8 +1 -1
  87. data/man/man8/puppet-lookup.8 +1 -1
  88. data/man/man8/puppet-module.8 +1 -1
  89. data/man/man8/puppet-node.8 +1 -1
  90. data/man/man8/puppet-parser.8 +1 -1
  91. data/man/man8/puppet-plugin.8 +1 -1
  92. data/man/man8/puppet-report.8 +1 -1
  93. data/man/man8/puppet-resource.8 +1 -1
  94. data/man/man8/puppet-script.8 +1 -1
  95. data/man/man8/puppet-ssl.8 +5 -1
  96. data/man/man8/puppet.8 +2 -2
  97. data/spec/fixtures/ssl/127.0.0.1-key.pem +107 -107
  98. data/spec/fixtures/ssl/127.0.0.1.pem +52 -51
  99. data/spec/fixtures/ssl/bad-basic-constraints.pem +56 -56
  100. data/spec/fixtures/ssl/bad-int-basic-constraints.pem +53 -53
  101. data/spec/fixtures/ssl/ca.pem +54 -54
  102. data/spec/fixtures/ssl/crl.pem +26 -26
  103. data/spec/fixtures/ssl/ec-key.pem +11 -11
  104. data/spec/fixtures/ssl/ec.pem +33 -32
  105. data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
  106. data/spec/fixtures/ssl/encrypted-key.pem +108 -108
  107. data/spec/fixtures/ssl/intermediate-agent-crl.pem +26 -26
  108. data/spec/fixtures/ssl/intermediate-agent.pem +56 -56
  109. data/spec/fixtures/ssl/intermediate-crl.pem +29 -29
  110. data/spec/fixtures/ssl/intermediate.pem +53 -53
  111. data/spec/fixtures/ssl/oid-key.pem +107 -107
  112. data/spec/fixtures/ssl/oid.pem +51 -50
  113. data/spec/fixtures/ssl/pluto-key.pem +107 -107
  114. data/spec/fixtures/ssl/pluto.pem +52 -51
  115. data/spec/fixtures/ssl/renewed.pem +67 -0
  116. data/spec/fixtures/ssl/request-key.pem +107 -107
  117. data/spec/fixtures/ssl/request.pem +50 -48
  118. data/spec/fixtures/ssl/revoked-key.pem +107 -107
  119. data/spec/fixtures/ssl/revoked.pem +51 -50
  120. data/spec/fixtures/ssl/signed-key.pem +107 -107
  121. data/spec/fixtures/ssl/signed.pem +49 -48
  122. data/spec/fixtures/ssl/tampered-cert.pem +51 -50
  123. data/spec/fixtures/ssl/tampered-csr.pem +50 -48
  124. data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +107 -107
  125. data/spec/fixtures/ssl/unknown-127.0.0.1.pem +50 -49
  126. data/spec/fixtures/ssl/unknown-ca-key.pem +107 -107
  127. data/spec/fixtures/ssl/unknown-ca.pem +54 -54
  128. data/spec/integration/application/agent_spec.rb +27 -27
  129. data/spec/integration/application/apply_spec.rb +14 -0
  130. data/spec/integration/http/client_spec.rb +16 -0
  131. data/spec/integration/type/exec_spec.rb +13 -0
  132. data/spec/lib/puppet/test_ca.rb +3 -10
  133. data/spec/lib/puppet_spec/verbose.rb +10 -1
  134. data/spec/unit/agent_spec.rb +2 -9
  135. data/spec/unit/application/ssl_spec.rb +49 -0
  136. data/spec/unit/defaults_spec.rb +2 -40
  137. data/spec/unit/file_system/path_pattern_spec.rb +15 -0
  138. data/spec/unit/functions/split_spec.rb +6 -0
  139. data/spec/unit/http/service/ca_spec.rb +71 -0
  140. data/spec/unit/info_service_spec.rb +1 -1
  141. data/spec/unit/ssl/certificate_signer_spec.rb +17 -0
  142. data/spec/unit/ssl/ssl_provider_spec.rb +21 -1
  143. data/spec/unit/ssl/state_machine_spec.rb +75 -3
  144. data/spec/unit/util/execution_spec.rb +1 -0
  145. data/spec/unit/util/monkey_patches_spec.rb +42 -0
  146. data/spec/unit/util/windows/adsi_spec.rb +25 -0
  147. data/spec/unit/x509/cert_provider_spec.rb +23 -0
  148. data/tasks/generate_cert_fixtures.rake +4 -0
  149. metadata +7 -3
@@ -79,7 +79,7 @@ module Puppet::Util::IniConfig
79
79
  # written to file
80
80
  def format
81
81
  if @destroy
82
- text = String.new
82
+ text = ''.dup
83
83
  else
84
84
  text = "[#{name}]\n"
85
85
  @entries.each do |entry|
@@ -208,7 +208,7 @@ module Puppet::Util::IniConfig
208
208
  end
209
209
 
210
210
  def format
211
- text = String.new
211
+ text = ''.dup
212
212
 
213
213
  @contents.each do |content|
214
214
  if content.is_a? Section
@@ -30,6 +30,24 @@ class Object
30
30
  end
31
31
  end
32
32
 
33
+ unless Dir.singleton_methods.include?(:exists?)
34
+ class Dir
35
+ def self.exists?(file_name)
36
+ warn("Dir.exists?('#{file_name}') is deprecated, use Dir.exist? instead") if $VERBOSE
37
+ Dir.exist?(file_name)
38
+ end
39
+ end
40
+ end
41
+
42
+ unless File.singleton_methods.include?(:exists?)
43
+ class File
44
+ def self.exists?(file_name)
45
+ warn("File.exists?('#{file_name}') is deprecated, use File.exist? instead") if $VERBOSE
46
+ File.exist?(file_name)
47
+ end
48
+ end
49
+ end
50
+
33
51
  require_relative '../../puppet/ssl/openssl_loader'
34
52
  unless Puppet::Util::Platform.jruby_fips?
35
53
  class OpenSSL::SSL::SSLContext
@@ -19,7 +19,7 @@ module Puppet::Util::Package::Version
19
19
  end
20
20
 
21
21
  def to_s
22
- version_found = String.new
22
+ version_found = ''.dup
23
23
  version_found += "#{@epoch}:" if @epoch
24
24
  version_found += @version
25
25
  version_found += "-#{@release}" if @release
@@ -76,7 +76,7 @@ module Puppet::Util::ProviderFeatures
76
76
 
77
77
  # @return [String] Returns a string with documentation covering all features.
78
78
  def featuredocs
79
- str = String.new
79
+ str = ''.dup
80
80
  @features ||= {}
81
81
  return nil if @features.empty?
82
82
  names = @features.keys.sort_by(&:to_s)
@@ -227,7 +227,7 @@ module Puppet::Util::SELinux
227
227
 
228
228
  # Internal helper function to read and parse /proc/mounts
229
229
  def read_mounts
230
- mounts = String.new
230
+ mounts = ''.dup
231
231
  begin
232
232
  if File.method_defined? "read_nonblock"
233
233
  # If possible we use read_nonblock in a loop rather than read to work-
@@ -61,7 +61,7 @@ class Puppet::Util::Windows::AccessControlEntry
61
61
  end
62
62
 
63
63
  def inspect
64
- inheritance = String.new
64
+ inheritance = ''.dup
65
65
  inheritance << '(I)' if inherited?
66
66
  inheritance << '(OI)' if object_inherit?
67
67
  inheritance << '(CI)' if container_inherit?
@@ -98,7 +98,7 @@ class Puppet::Util::Windows::AccessControlList
98
98
  end
99
99
 
100
100
  def inspect
101
- str = String.new
101
+ str = ''.dup
102
102
  @aces.each do |ace|
103
103
  str << " #{ace.inspect}\n"
104
104
  end
@@ -176,6 +176,13 @@ module Puppet::Util::Windows::ADSI
176
176
  sids = []
177
177
  adsi_child_collection.each do |m|
178
178
  sids << Puppet::Util::Windows::SID.ads_to_principal(m)
179
+ rescue Puppet::Util::Windows::Error => e
180
+ case e.code
181
+ when Puppet::Util::Windows::SID::ERROR_TRUSTED_RELATIONSHIP_FAILURE, Puppet::Util::Windows::SID::ERROR_TRUSTED_DOMAIN_FAILURE
182
+ sids << Puppet::Util::Windows::SID.unresolved_principal(m.name, m.sid)
183
+ else
184
+ raise e
185
+ end
179
186
  end
180
187
 
181
188
  sids
@@ -488,7 +495,7 @@ module Puppet::Util::Windows::ADSI
488
495
  # UNLEN from lmcons.h - https://stackoverflow.com/a/2155176
489
496
  MAX_USERNAME_LENGTH = 256
490
497
  def self.current_user_name
491
- user_name = String.new
498
+ user_name = ''.dup
492
499
  max_length = MAX_USERNAME_LENGTH + 1 # NULL terminated
493
500
  FFI::MemoryPointer.new(max_length * 2) do |buffer| # wide string
494
501
  FFI::MemoryPointer.new(:dword, 1) do |buffer_size|
@@ -520,7 +527,7 @@ module Puppet::Util::Windows::ADSI
520
527
  NameSurname = 14
521
528
 
522
529
  def self.current_user_name_with_format(format)
523
- user_name = String.new
530
+ user_name = ''.dup
524
531
  max_length = 1024
525
532
 
526
533
  FFI::MemoryPointer.new(:lpwstr, max_length * 2 + 1) do |buffer|
@@ -32,7 +32,7 @@ class Puppet::Util::Windows::Error < Puppet::Error
32
32
  FORMAT_MESSAGE_ARGUMENT_ARRAY |
33
33
  FORMAT_MESSAGE_IGNORE_INSERTS |
34
34
  FORMAT_MESSAGE_MAX_WIDTH_MASK
35
- error_string = String.new
35
+ error_string = ''.dup
36
36
 
37
37
  # this pointer actually points to a :lpwstr (pointer) since we're letting Windows allocate for us
38
38
  FFI::MemoryPointer.new(:pointer, 1) do |buffer_ptr|
@@ -245,7 +245,7 @@ module Puppet::Util::Windows::File
245
245
  module_function :readlink
246
246
 
247
247
  def get_long_pathname(path)
248
- converted = String.new
248
+ converted = ''.dup
249
249
  FFI::Pointer.from_string_to_wide_string(path) do |path_ptr|
250
250
  # includes terminating NULL
251
251
  buffer_size = GetLongPathNameW(path_ptr, FFI::Pointer::NULL, 0)
@@ -263,7 +263,7 @@ module Puppet::Util::Windows::File
263
263
  module_function :get_long_pathname
264
264
 
265
265
  def get_short_pathname(path)
266
- converted = String.new
266
+ converted = ''.dup
267
267
  FFI::Pointer.from_string_to_wide_string(path) do |path_ptr|
268
268
  # includes terminating NULL
269
269
  buffer_size = GetShortPathNameW(path_ptr, FFI::Pointer::NULL, 0)
@@ -121,7 +121,7 @@ module Puppet::Util::Windows::Process
121
121
  module_function :with_process_token
122
122
 
123
123
  def get_process_image_name_by_pid(pid)
124
- image_name = String.new
124
+ image_name = ''.dup
125
125
 
126
126
  Puppet::Util::Windows::Security.with_privilege(Puppet::Util::Windows::Security::SE_DEBUG_NAME) do
127
127
  open_process(PROCESS_QUERY_INFORMATION, false, pid) do |phandle|
@@ -7,8 +7,10 @@ module Puppet::Util::Windows
7
7
  extend FFI::Library
8
8
 
9
9
  # missing from Windows::Error
10
- ERROR_NONE_MAPPED = 1332
11
- ERROR_INVALID_SID_STRUCTURE = 1337
10
+ ERROR_NONE_MAPPED = 1332
11
+ ERROR_INVALID_SID_STRUCTURE = 1337
12
+ ERROR_TRUSTED_DOMAIN_FAILURE = 1788
13
+ ERROR_TRUSTED_RELATIONSHIP_FAILURE = 1789
12
14
 
13
15
  # Well Known SIDs
14
16
  Null = 'S-1-0'
data/lib/puppet/util.rb CHANGED
@@ -409,8 +409,7 @@ module Util
409
409
  def uri_encode(path, opts = { :allow_fragment => false })
410
410
  raise ArgumentError.new(_('path may not be nil')) if path.nil?
411
411
 
412
- # ensure string starts as UTF-8 for the sake of Ruby 1.9.3
413
- encoded = String.new.encode!(Encoding::UTF_8)
412
+ encoded = ''.dup
414
413
 
415
414
  # parse uri into named matches, then reassemble properly encoded
416
415
  parts = path.match(RFC_3986_URI_REGEX)
@@ -454,7 +453,7 @@ module Util
454
453
 
455
454
  def rfc2396_escape(str)
456
455
  str.gsub(UNSAFE) do |match|
457
- tmp = String.new
456
+ tmp = ''.dup
458
457
  match.each_byte do |uc|
459
458
  tmp << sprintf('%%%02X', uc)
460
459
  end
@@ -7,7 +7,7 @@
7
7
  # Raketasks and such to set the version based on the output of `git describe`
8
8
 
9
9
  module Puppet
10
- PUPPETVERSION = '8.1.0'
10
+ PUPPETVERSION = '8.3.1'
11
11
 
12
12
  ##
13
13
  # version is a public API method intended to always provide a fast and
@@ -311,6 +311,13 @@ class Puppet::X509::CertProvider
311
311
  options[:extension_requests] = csr_attributes.extension_requests
312
312
  end
313
313
 
314
+ # Adds auto-renew attribute to CSR if the agent supports auto-renewal of
315
+ # certificates
316
+ if Puppet[:hostcert_renewal_interval] && Puppet[:hostcert_renewal_interval] > 0
317
+ options[:csr_attributes] ||= {}
318
+ options[:csr_attributes].merge!({'1.3.6.1.4.1.34380.1.3.2' => 'true'})
319
+ end
320
+
314
321
  csr = Puppet::SSL::CertificateRequest.new(name)
315
322
  csr.generate(private_key, options)
316
323
  end
@@ -369,13 +376,17 @@ class Puppet::X509::CertProvider
369
376
  OpenSSL::X509::Request.new(pem)
370
377
  end
371
378
 
372
- private
373
-
379
+ # Return the path to the cert related object (key, CSR, cert, etc).
380
+ #
381
+ # @param base [String] base directory
382
+ # @param name [String] the name associated with the cert related object
374
383
  def to_path(base, name)
375
384
  raise _("Certname %{name} must not contain unprintable or non-ASCII characters") % { name: name.inspect } unless name =~ VALID_CERTNAME
376
385
  File.join(base, "#{name.downcase}.pem")
377
386
  end
378
387
 
388
+ private
389
+
379
390
  def permissions_for_setting(name)
380
391
  setting = Puppet.settings.setting(name)
381
392
  perm = { mode: setting.mode.to_i(8) }