puppet 8.1.0-universal-darwin → 8.3.1-universal-darwin
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +1 -1
- data/Gemfile.lock +39 -45
- data/ext/project_data.yaml +2 -2
- data/lib/puppet/application/doc.rb +1 -1
- data/lib/puppet/application/ssl.rb +42 -7
- data/lib/puppet/application.rb +5 -1
- data/lib/puppet/defaults.rb +17 -5
- data/lib/puppet/face/config.rb +1 -1
- data/lib/puppet/face/epp.rb +2 -2
- data/lib/puppet/face/module/list.rb +2 -2
- data/lib/puppet/face/parser.rb +1 -1
- data/lib/puppet/functions/split.rb +28 -1
- data/lib/puppet/http/client.rb +12 -5
- data/lib/puppet/http/service/ca.rb +25 -0
- data/lib/puppet/indirector/facts/facter.rb +1 -1
- data/lib/puppet/indirector/file_bucket_file/file.rb +1 -1
- data/lib/puppet/indirector/indirection.rb +1 -1
- data/lib/puppet/info_service/task_information_service.rb +1 -1
- data/lib/puppet/module_tool.rb +1 -1
- data/lib/puppet/network/formats.rb +3 -3
- data/lib/puppet/network/http/memory_response.rb +1 -1
- data/lib/puppet/node/environment.rb +6 -4
- data/lib/puppet/parameter/value_collection.rb +1 -1
- data/lib/puppet/parser/files.rb +4 -3
- data/lib/puppet/parser/functions.rb +1 -1
- data/lib/puppet/pops/evaluator/deferred_resolver.rb +20 -3
- data/lib/puppet/pops/loader/loader_paths.rb +4 -4
- data/lib/puppet/pops/lookup/explainer.rb +1 -1
- data/lib/puppet/pops/lookup/hiera_config.rb +1 -1
- data/lib/puppet/pops/model/factory.rb +1 -1
- data/lib/puppet/pops/model/tree_dumper.rb +1 -1
- data/lib/puppet/pops/parser/epp_support.rb +1 -1
- data/lib/puppet/pops/parser/evaluating_parser.rb +1 -1
- data/lib/puppet/pops/parser/pn_parser.rb +1 -1
- data/lib/puppet/pops/pn.rb +1 -1
- data/lib/puppet/pops/serialization/json_path.rb +1 -1
- data/lib/puppet/pops/time/timespan.rb +4 -4
- data/lib/puppet/pops/types/ruby_generator.rb +2 -2
- data/lib/puppet/pops/types/string_converter.rb +6 -6
- data/lib/puppet/pops/types/type_formatter.rb +2 -2
- data/lib/puppet/pops/types/types.rb +1 -1
- data/lib/puppet/provider/nameservice/directoryservice.rb +2 -2
- data/lib/puppet/provider/package/apt.rb +1 -1
- data/lib/puppet/provider/package/dnf.rb +1 -1
- data/lib/puppet/provider/package/yum.rb +1 -1
- data/lib/puppet/provider/user/directoryservice.rb +1 -1
- data/lib/puppet/reference/configuration.rb +1 -1
- data/lib/puppet/reference/indirection.rb +1 -1
- data/lib/puppet/reports.rb +1 -1
- data/lib/puppet/ssl/oids.rb +2 -0
- data/lib/puppet/ssl/ssl_provider.rb +1 -1
- data/lib/puppet/ssl/state_machine.rb +60 -9
- data/lib/puppet/transaction/report.rb +1 -1
- data/lib/puppet/type/filebucket.rb +1 -1
- data/lib/puppet/util/diff.rb +1 -1
- data/lib/puppet/util/execution.rb +9 -4
- data/lib/puppet/util/inifile.rb +2 -2
- data/lib/puppet/util/monkey_patches.rb +18 -0
- data/lib/puppet/util/package/version/rpm.rb +1 -1
- data/lib/puppet/util/provider_features.rb +1 -1
- data/lib/puppet/util/selinux.rb +1 -1
- data/lib/puppet/util/windows/access_control_entry.rb +1 -1
- data/lib/puppet/util/windows/access_control_list.rb +1 -1
- data/lib/puppet/util/windows/adsi.rb +9 -2
- data/lib/puppet/util/windows/error.rb +1 -1
- data/lib/puppet/util/windows/file.rb +2 -2
- data/lib/puppet/util/windows/process.rb +1 -1
- data/lib/puppet/util/windows/sid.rb +4 -2
- data/lib/puppet/util.rb +2 -3
- data/lib/puppet/version.rb +1 -1
- data/lib/puppet/x509/cert_provider.rb +13 -2
- data/locales/puppet.pot +106 -74
- data/man/man5/puppet.conf.5 +16 -2
- data/man/man8/puppet-agent.8 +1 -1
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +1 -1
- data/man/man8/puppet-filebucket.8 +1 -1
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-module.8 +1 -1
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +5 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/ssl/127.0.0.1-key.pem +107 -107
- data/spec/fixtures/ssl/127.0.0.1.pem +52 -51
- data/spec/fixtures/ssl/bad-basic-constraints.pem +56 -56
- data/spec/fixtures/ssl/bad-int-basic-constraints.pem +53 -53
- data/spec/fixtures/ssl/ca.pem +54 -54
- data/spec/fixtures/ssl/crl.pem +26 -26
- data/spec/fixtures/ssl/ec-key.pem +11 -11
- data/spec/fixtures/ssl/ec.pem +33 -32
- data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
- data/spec/fixtures/ssl/encrypted-key.pem +108 -108
- data/spec/fixtures/ssl/intermediate-agent-crl.pem +26 -26
- data/spec/fixtures/ssl/intermediate-agent.pem +56 -56
- data/spec/fixtures/ssl/intermediate-crl.pem +29 -29
- data/spec/fixtures/ssl/intermediate.pem +53 -53
- data/spec/fixtures/ssl/oid-key.pem +107 -107
- data/spec/fixtures/ssl/oid.pem +51 -50
- data/spec/fixtures/ssl/pluto-key.pem +107 -107
- data/spec/fixtures/ssl/pluto.pem +52 -51
- data/spec/fixtures/ssl/renewed.pem +67 -0
- data/spec/fixtures/ssl/request-key.pem +107 -107
- data/spec/fixtures/ssl/request.pem +50 -48
- data/spec/fixtures/ssl/revoked-key.pem +107 -107
- data/spec/fixtures/ssl/revoked.pem +51 -50
- data/spec/fixtures/ssl/signed-key.pem +107 -107
- data/spec/fixtures/ssl/signed.pem +49 -48
- data/spec/fixtures/ssl/tampered-cert.pem +51 -50
- data/spec/fixtures/ssl/tampered-csr.pem +50 -48
- data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +107 -107
- data/spec/fixtures/ssl/unknown-127.0.0.1.pem +50 -49
- data/spec/fixtures/ssl/unknown-ca-key.pem +107 -107
- data/spec/fixtures/ssl/unknown-ca.pem +54 -54
- data/spec/integration/application/agent_spec.rb +27 -27
- data/spec/integration/application/apply_spec.rb +14 -0
- data/spec/integration/http/client_spec.rb +16 -0
- data/spec/integration/type/exec_spec.rb +13 -0
- data/spec/lib/puppet/test_ca.rb +3 -10
- data/spec/lib/puppet_spec/verbose.rb +10 -1
- data/spec/unit/agent_spec.rb +2 -9
- data/spec/unit/application/ssl_spec.rb +49 -0
- data/spec/unit/defaults_spec.rb +2 -40
- data/spec/unit/file_system/path_pattern_spec.rb +15 -0
- data/spec/unit/functions/split_spec.rb +6 -0
- data/spec/unit/http/service/ca_spec.rb +71 -0
- data/spec/unit/info_service_spec.rb +1 -1
- data/spec/unit/ssl/certificate_signer_spec.rb +17 -0
- data/spec/unit/ssl/ssl_provider_spec.rb +21 -1
- data/spec/unit/ssl/state_machine_spec.rb +75 -3
- data/spec/unit/util/execution_spec.rb +1 -0
- data/spec/unit/util/monkey_patches_spec.rb +42 -0
- data/spec/unit/util/windows/adsi_spec.rb +25 -0
- data/spec/unit/x509/cert_provider_spec.rb +23 -0
- data/tasks/generate_cert_fixtures.rake +4 -0
- metadata +7 -3
data/lib/puppet/util/inifile.rb
CHANGED
@@ -79,7 +79,7 @@ module Puppet::Util::IniConfig
|
|
79
79
|
# written to file
|
80
80
|
def format
|
81
81
|
if @destroy
|
82
|
-
text =
|
82
|
+
text = ''.dup
|
83
83
|
else
|
84
84
|
text = "[#{name}]\n"
|
85
85
|
@entries.each do |entry|
|
@@ -208,7 +208,7 @@ module Puppet::Util::IniConfig
|
|
208
208
|
end
|
209
209
|
|
210
210
|
def format
|
211
|
-
text =
|
211
|
+
text = ''.dup
|
212
212
|
|
213
213
|
@contents.each do |content|
|
214
214
|
if content.is_a? Section
|
@@ -30,6 +30,24 @@ class Object
|
|
30
30
|
end
|
31
31
|
end
|
32
32
|
|
33
|
+
unless Dir.singleton_methods.include?(:exists?)
|
34
|
+
class Dir
|
35
|
+
def self.exists?(file_name)
|
36
|
+
warn("Dir.exists?('#{file_name}') is deprecated, use Dir.exist? instead") if $VERBOSE
|
37
|
+
Dir.exist?(file_name)
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|
41
|
+
|
42
|
+
unless File.singleton_methods.include?(:exists?)
|
43
|
+
class File
|
44
|
+
def self.exists?(file_name)
|
45
|
+
warn("File.exists?('#{file_name}') is deprecated, use File.exist? instead") if $VERBOSE
|
46
|
+
File.exist?(file_name)
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
50
|
+
|
33
51
|
require_relative '../../puppet/ssl/openssl_loader'
|
34
52
|
unless Puppet::Util::Platform.jruby_fips?
|
35
53
|
class OpenSSL::SSL::SSLContext
|
@@ -76,7 +76,7 @@ module Puppet::Util::ProviderFeatures
|
|
76
76
|
|
77
77
|
# @return [String] Returns a string with documentation covering all features.
|
78
78
|
def featuredocs
|
79
|
-
str =
|
79
|
+
str = ''.dup
|
80
80
|
@features ||= {}
|
81
81
|
return nil if @features.empty?
|
82
82
|
names = @features.keys.sort_by(&:to_s)
|
data/lib/puppet/util/selinux.rb
CHANGED
@@ -227,7 +227,7 @@ module Puppet::Util::SELinux
|
|
227
227
|
|
228
228
|
# Internal helper function to read and parse /proc/mounts
|
229
229
|
def read_mounts
|
230
|
-
mounts =
|
230
|
+
mounts = ''.dup
|
231
231
|
begin
|
232
232
|
if File.method_defined? "read_nonblock"
|
233
233
|
# If possible we use read_nonblock in a loop rather than read to work-
|
@@ -176,6 +176,13 @@ module Puppet::Util::Windows::ADSI
|
|
176
176
|
sids = []
|
177
177
|
adsi_child_collection.each do |m|
|
178
178
|
sids << Puppet::Util::Windows::SID.ads_to_principal(m)
|
179
|
+
rescue Puppet::Util::Windows::Error => e
|
180
|
+
case e.code
|
181
|
+
when Puppet::Util::Windows::SID::ERROR_TRUSTED_RELATIONSHIP_FAILURE, Puppet::Util::Windows::SID::ERROR_TRUSTED_DOMAIN_FAILURE
|
182
|
+
sids << Puppet::Util::Windows::SID.unresolved_principal(m.name, m.sid)
|
183
|
+
else
|
184
|
+
raise e
|
185
|
+
end
|
179
186
|
end
|
180
187
|
|
181
188
|
sids
|
@@ -488,7 +495,7 @@ module Puppet::Util::Windows::ADSI
|
|
488
495
|
# UNLEN from lmcons.h - https://stackoverflow.com/a/2155176
|
489
496
|
MAX_USERNAME_LENGTH = 256
|
490
497
|
def self.current_user_name
|
491
|
-
user_name =
|
498
|
+
user_name = ''.dup
|
492
499
|
max_length = MAX_USERNAME_LENGTH + 1 # NULL terminated
|
493
500
|
FFI::MemoryPointer.new(max_length * 2) do |buffer| # wide string
|
494
501
|
FFI::MemoryPointer.new(:dword, 1) do |buffer_size|
|
@@ -520,7 +527,7 @@ module Puppet::Util::Windows::ADSI
|
|
520
527
|
NameSurname = 14
|
521
528
|
|
522
529
|
def self.current_user_name_with_format(format)
|
523
|
-
user_name =
|
530
|
+
user_name = ''.dup
|
524
531
|
max_length = 1024
|
525
532
|
|
526
533
|
FFI::MemoryPointer.new(:lpwstr, max_length * 2 + 1) do |buffer|
|
@@ -32,7 +32,7 @@ class Puppet::Util::Windows::Error < Puppet::Error
|
|
32
32
|
FORMAT_MESSAGE_ARGUMENT_ARRAY |
|
33
33
|
FORMAT_MESSAGE_IGNORE_INSERTS |
|
34
34
|
FORMAT_MESSAGE_MAX_WIDTH_MASK
|
35
|
-
error_string =
|
35
|
+
error_string = ''.dup
|
36
36
|
|
37
37
|
# this pointer actually points to a :lpwstr (pointer) since we're letting Windows allocate for us
|
38
38
|
FFI::MemoryPointer.new(:pointer, 1) do |buffer_ptr|
|
@@ -245,7 +245,7 @@ module Puppet::Util::Windows::File
|
|
245
245
|
module_function :readlink
|
246
246
|
|
247
247
|
def get_long_pathname(path)
|
248
|
-
converted =
|
248
|
+
converted = ''.dup
|
249
249
|
FFI::Pointer.from_string_to_wide_string(path) do |path_ptr|
|
250
250
|
# includes terminating NULL
|
251
251
|
buffer_size = GetLongPathNameW(path_ptr, FFI::Pointer::NULL, 0)
|
@@ -263,7 +263,7 @@ module Puppet::Util::Windows::File
|
|
263
263
|
module_function :get_long_pathname
|
264
264
|
|
265
265
|
def get_short_pathname(path)
|
266
|
-
converted =
|
266
|
+
converted = ''.dup
|
267
267
|
FFI::Pointer.from_string_to_wide_string(path) do |path_ptr|
|
268
268
|
# includes terminating NULL
|
269
269
|
buffer_size = GetShortPathNameW(path_ptr, FFI::Pointer::NULL, 0)
|
@@ -121,7 +121,7 @@ module Puppet::Util::Windows::Process
|
|
121
121
|
module_function :with_process_token
|
122
122
|
|
123
123
|
def get_process_image_name_by_pid(pid)
|
124
|
-
image_name =
|
124
|
+
image_name = ''.dup
|
125
125
|
|
126
126
|
Puppet::Util::Windows::Security.with_privilege(Puppet::Util::Windows::Security::SE_DEBUG_NAME) do
|
127
127
|
open_process(PROCESS_QUERY_INFORMATION, false, pid) do |phandle|
|
@@ -7,8 +7,10 @@ module Puppet::Util::Windows
|
|
7
7
|
extend FFI::Library
|
8
8
|
|
9
9
|
# missing from Windows::Error
|
10
|
-
ERROR_NONE_MAPPED
|
11
|
-
ERROR_INVALID_SID_STRUCTURE
|
10
|
+
ERROR_NONE_MAPPED = 1332
|
11
|
+
ERROR_INVALID_SID_STRUCTURE = 1337
|
12
|
+
ERROR_TRUSTED_DOMAIN_FAILURE = 1788
|
13
|
+
ERROR_TRUSTED_RELATIONSHIP_FAILURE = 1789
|
12
14
|
|
13
15
|
# Well Known SIDs
|
14
16
|
Null = 'S-1-0'
|
data/lib/puppet/util.rb
CHANGED
@@ -409,8 +409,7 @@ module Util
|
|
409
409
|
def uri_encode(path, opts = { :allow_fragment => false })
|
410
410
|
raise ArgumentError.new(_('path may not be nil')) if path.nil?
|
411
411
|
|
412
|
-
|
413
|
-
encoded = String.new.encode!(Encoding::UTF_8)
|
412
|
+
encoded = ''.dup
|
414
413
|
|
415
414
|
# parse uri into named matches, then reassemble properly encoded
|
416
415
|
parts = path.match(RFC_3986_URI_REGEX)
|
@@ -454,7 +453,7 @@ module Util
|
|
454
453
|
|
455
454
|
def rfc2396_escape(str)
|
456
455
|
str.gsub(UNSAFE) do |match|
|
457
|
-
tmp =
|
456
|
+
tmp = ''.dup
|
458
457
|
match.each_byte do |uc|
|
459
458
|
tmp << sprintf('%%%02X', uc)
|
460
459
|
end
|
data/lib/puppet/version.rb
CHANGED
@@ -311,6 +311,13 @@ class Puppet::X509::CertProvider
|
|
311
311
|
options[:extension_requests] = csr_attributes.extension_requests
|
312
312
|
end
|
313
313
|
|
314
|
+
# Adds auto-renew attribute to CSR if the agent supports auto-renewal of
|
315
|
+
# certificates
|
316
|
+
if Puppet[:hostcert_renewal_interval] && Puppet[:hostcert_renewal_interval] > 0
|
317
|
+
options[:csr_attributes] ||= {}
|
318
|
+
options[:csr_attributes].merge!({'1.3.6.1.4.1.34380.1.3.2' => 'true'})
|
319
|
+
end
|
320
|
+
|
314
321
|
csr = Puppet::SSL::CertificateRequest.new(name)
|
315
322
|
csr.generate(private_key, options)
|
316
323
|
end
|
@@ -369,13 +376,17 @@ class Puppet::X509::CertProvider
|
|
369
376
|
OpenSSL::X509::Request.new(pem)
|
370
377
|
end
|
371
378
|
|
372
|
-
|
373
|
-
|
379
|
+
# Return the path to the cert related object (key, CSR, cert, etc).
|
380
|
+
#
|
381
|
+
# @param base [String] base directory
|
382
|
+
# @param name [String] the name associated with the cert related object
|
374
383
|
def to_path(base, name)
|
375
384
|
raise _("Certname %{name} must not contain unprintable or non-ASCII characters") % { name: name.inspect } unless name =~ VALID_CERTNAME
|
376
385
|
File.join(base, "#{name.downcase}.pem")
|
377
386
|
end
|
378
387
|
|
388
|
+
private
|
389
|
+
|
379
390
|
def permissions_for_setting(name)
|
380
391
|
setting = Puppet.settings.setting(name)
|
381
392
|
perm = { mode: setting.mode.to_i(8) }
|