puppet 8.1.0-x64-mingw32 → 8.3.0-x64-mingw32
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +1 -1
- data/Gemfile.lock +30 -30
- data/ext/project_data.yaml +2 -2
- data/lib/puppet/application/doc.rb +1 -1
- data/lib/puppet/application/ssl.rb +42 -7
- data/lib/puppet/application.rb +5 -1
- data/lib/puppet/defaults.rb +17 -5
- data/lib/puppet/face/config.rb +1 -1
- data/lib/puppet/face/epp.rb +2 -2
- data/lib/puppet/face/module/list.rb +2 -2
- data/lib/puppet/face/parser.rb +1 -1
- data/lib/puppet/functions/split.rb +28 -1
- data/lib/puppet/http/client.rb +12 -5
- data/lib/puppet/http/service/ca.rb +25 -0
- data/lib/puppet/indirector/facts/facter.rb +1 -1
- data/lib/puppet/indirector/file_bucket_file/file.rb +1 -1
- data/lib/puppet/indirector/indirection.rb +1 -1
- data/lib/puppet/info_service/task_information_service.rb +1 -1
- data/lib/puppet/module_tool.rb +1 -1
- data/lib/puppet/network/formats.rb +3 -3
- data/lib/puppet/network/http/memory_response.rb +1 -1
- data/lib/puppet/node/environment.rb +6 -4
- data/lib/puppet/parameter/value_collection.rb +1 -1
- data/lib/puppet/parser/files.rb +4 -3
- data/lib/puppet/parser/functions.rb +1 -1
- data/lib/puppet/pops/evaluator/deferred_resolver.rb +20 -3
- data/lib/puppet/pops/loader/loader_paths.rb +4 -4
- data/lib/puppet/pops/lookup/explainer.rb +1 -1
- data/lib/puppet/pops/lookup/hiera_config.rb +1 -1
- data/lib/puppet/pops/model/factory.rb +1 -1
- data/lib/puppet/pops/model/tree_dumper.rb +1 -1
- data/lib/puppet/pops/parser/epp_support.rb +1 -1
- data/lib/puppet/pops/parser/evaluating_parser.rb +1 -1
- data/lib/puppet/pops/parser/pn_parser.rb +1 -1
- data/lib/puppet/pops/pn.rb +1 -1
- data/lib/puppet/pops/serialization/json_path.rb +1 -1
- data/lib/puppet/pops/time/timespan.rb +4 -4
- data/lib/puppet/pops/types/ruby_generator.rb +2 -2
- data/lib/puppet/pops/types/string_converter.rb +6 -6
- data/lib/puppet/pops/types/type_formatter.rb +2 -2
- data/lib/puppet/pops/types/types.rb +1 -1
- data/lib/puppet/provider/nameservice/directoryservice.rb +2 -2
- data/lib/puppet/provider/package/apt.rb +1 -1
- data/lib/puppet/provider/package/dnf.rb +1 -1
- data/lib/puppet/provider/package/yum.rb +1 -1
- data/lib/puppet/provider/user/directoryservice.rb +1 -1
- data/lib/puppet/reference/configuration.rb +1 -1
- data/lib/puppet/reference/indirection.rb +1 -1
- data/lib/puppet/reports.rb +1 -1
- data/lib/puppet/ssl/oids.rb +2 -0
- data/lib/puppet/ssl/ssl_provider.rb +1 -1
- data/lib/puppet/ssl/state_machine.rb +60 -9
- data/lib/puppet/transaction/report.rb +1 -1
- data/lib/puppet/type/filebucket.rb +1 -1
- data/lib/puppet/util/diff.rb +1 -1
- data/lib/puppet/util/execution.rb +9 -4
- data/lib/puppet/util/inifile.rb +2 -2
- data/lib/puppet/util/monkey_patches.rb +18 -0
- data/lib/puppet/util/package/version/rpm.rb +1 -1
- data/lib/puppet/util/provider_features.rb +1 -1
- data/lib/puppet/util/selinux.rb +1 -1
- data/lib/puppet/util/windows/access_control_entry.rb +1 -1
- data/lib/puppet/util/windows/access_control_list.rb +1 -1
- data/lib/puppet/util/windows/adsi.rb +9 -2
- data/lib/puppet/util/windows/error.rb +1 -1
- data/lib/puppet/util/windows/file.rb +2 -2
- data/lib/puppet/util/windows/process.rb +1 -1
- data/lib/puppet/util/windows/sid.rb +4 -2
- data/lib/puppet/util.rb +2 -3
- data/lib/puppet/version.rb +1 -1
- data/lib/puppet/x509/cert_provider.rb +13 -2
- data/locales/puppet.pot +106 -74
- data/man/man5/puppet.conf.5 +16 -2
- data/man/man8/puppet-agent.8 +1 -1
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +1 -1
- data/man/man8/puppet-filebucket.8 +1 -1
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-module.8 +1 -1
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +5 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/ssl/127.0.0.1-key.pem +107 -107
- data/spec/fixtures/ssl/127.0.0.1.pem +52 -51
- data/spec/fixtures/ssl/bad-basic-constraints.pem +56 -56
- data/spec/fixtures/ssl/bad-int-basic-constraints.pem +53 -53
- data/spec/fixtures/ssl/ca.pem +54 -54
- data/spec/fixtures/ssl/crl.pem +26 -26
- data/spec/fixtures/ssl/ec-key.pem +11 -11
- data/spec/fixtures/ssl/ec.pem +33 -32
- data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
- data/spec/fixtures/ssl/encrypted-key.pem +108 -108
- data/spec/fixtures/ssl/intermediate-agent-crl.pem +26 -26
- data/spec/fixtures/ssl/intermediate-agent.pem +56 -56
- data/spec/fixtures/ssl/intermediate-crl.pem +29 -29
- data/spec/fixtures/ssl/intermediate.pem +53 -53
- data/spec/fixtures/ssl/oid-key.pem +107 -107
- data/spec/fixtures/ssl/oid.pem +51 -50
- data/spec/fixtures/ssl/pluto-key.pem +107 -107
- data/spec/fixtures/ssl/pluto.pem +52 -51
- data/spec/fixtures/ssl/renewed.pem +67 -0
- data/spec/fixtures/ssl/request-key.pem +107 -107
- data/spec/fixtures/ssl/request.pem +50 -48
- data/spec/fixtures/ssl/revoked-key.pem +107 -107
- data/spec/fixtures/ssl/revoked.pem +51 -50
- data/spec/fixtures/ssl/signed-key.pem +107 -107
- data/spec/fixtures/ssl/signed.pem +49 -48
- data/spec/fixtures/ssl/tampered-cert.pem +51 -50
- data/spec/fixtures/ssl/tampered-csr.pem +50 -48
- data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +107 -107
- data/spec/fixtures/ssl/unknown-127.0.0.1.pem +50 -49
- data/spec/fixtures/ssl/unknown-ca-key.pem +107 -107
- data/spec/fixtures/ssl/unknown-ca.pem +54 -54
- data/spec/integration/application/agent_spec.rb +27 -27
- data/spec/integration/application/apply_spec.rb +14 -0
- data/spec/integration/http/client_spec.rb +16 -0
- data/spec/integration/type/exec_spec.rb +13 -0
- data/spec/lib/puppet/test_ca.rb +3 -10
- data/spec/lib/puppet_spec/verbose.rb +10 -1
- data/spec/unit/agent_spec.rb +2 -9
- data/spec/unit/application/ssl_spec.rb +49 -0
- data/spec/unit/defaults_spec.rb +2 -40
- data/spec/unit/file_system/path_pattern_spec.rb +15 -0
- data/spec/unit/functions/split_spec.rb +6 -0
- data/spec/unit/http/service/ca_spec.rb +71 -0
- data/spec/unit/info_service_spec.rb +1 -1
- data/spec/unit/ssl/certificate_signer_spec.rb +17 -0
- data/spec/unit/ssl/ssl_provider_spec.rb +21 -1
- data/spec/unit/ssl/state_machine_spec.rb +75 -3
- data/spec/unit/util/execution_spec.rb +1 -0
- data/spec/unit/util/monkey_patches_spec.rb +42 -0
- data/spec/unit/util/windows/adsi_spec.rb +25 -0
- data/spec/unit/x509/cert_provider_spec.rb +23 -0
- data/tasks/generate_cert_fixtures.rake +4 -0
- metadata +11 -13
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: afc62779e736a2f0f556e5f1de16b04dee763e93533bd5eaf71c836f50a373cb
|
4
|
+
data.tar.gz: b24126f5caad879cd67b9218be6920a3f00cf8c7037d6897909ea6fcbf67a809
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a40646b8256a9bfa48027688273233d8775825d8c1bc037ab61d7811842f7a6a2891a5935db8b76a9e908564176c42510f7b8b920d6640ef0b284fe14bf4d8b4
|
7
|
+
data.tar.gz: ff847955208a64f5860e557a41d43e73cf7ca5fa87769e396235a3f314baa456d9481dd78524b440ea8f36cada20a306547eabae0c6c67ca852e4373f651612a
|
data/Gemfile
CHANGED
@@ -36,7 +36,7 @@ group(:features) do
|
|
36
36
|
end
|
37
37
|
|
38
38
|
group(:test) do
|
39
|
-
gem "ffi", require: false
|
39
|
+
gem "ffi", '1.15.5', require: false
|
40
40
|
gem "json-schema", "~> 2.0", require: false
|
41
41
|
gem "rake", *location_for(ENV['RAKE_LOCATION'] || '~> 13.0')
|
42
42
|
gem "rspec", "~> 3.1", require: false
|
data/Gemfile.lock
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
GIT
|
2
2
|
remote: https://github.com/puppetlabs/packaging
|
3
|
-
revision:
|
3
|
+
revision: 8adf33f59cc443c311c5d5d70c6ba2084625ceea
|
4
4
|
branch: 1.0.x
|
5
5
|
specs:
|
6
6
|
packaging (0)
|
@@ -15,7 +15,7 @@ GIT
|
|
15
15
|
PATH
|
16
16
|
remote: .
|
17
17
|
specs:
|
18
|
-
puppet (8.
|
18
|
+
puppet (8.3.0)
|
19
19
|
CFPropertyList (~> 2.2)
|
20
20
|
concurrent-ruby (~> 1.0)
|
21
21
|
deep_merge (~> 1.0)
|
@@ -31,35 +31,37 @@ GEM
|
|
31
31
|
remote: https://artifactory.delivery.puppetlabs.net/artifactory/api/gems/rubygems/
|
32
32
|
specs:
|
33
33
|
CFPropertyList (2.3.6)
|
34
|
-
addressable (2.8.
|
34
|
+
addressable (2.8.5)
|
35
35
|
public_suffix (>= 2.0.2, < 6.0)
|
36
36
|
apt_stage_artifacts (0.11.0)
|
37
37
|
docopt
|
38
38
|
artifactory (3.0.15)
|
39
39
|
ast (2.4.2)
|
40
|
+
base64 (0.1.1)
|
40
41
|
coderay (1.1.3)
|
41
42
|
concurrent-ruby (1.2.2)
|
42
43
|
crack (0.4.5)
|
43
44
|
rexml
|
44
|
-
csv (3.2.
|
45
|
+
csv (3.2.7)
|
45
46
|
declarative (0.0.20)
|
46
47
|
deep_merge (1.2.2)
|
47
48
|
diff-lcs (1.5.0)
|
48
|
-
digest-crc (0.6.
|
49
|
+
digest-crc (0.6.5)
|
49
50
|
rake (>= 12.0.0, < 14.0.0)
|
50
51
|
docopt (0.6.1)
|
51
52
|
erubi (1.12.0)
|
52
|
-
facter (4.
|
53
|
+
facter (4.5.0)
|
53
54
|
hocon (~> 1.3)
|
54
55
|
thor (>= 1.0.1, < 2.0)
|
55
|
-
faraday (2.7.
|
56
|
+
faraday (2.7.11)
|
57
|
+
base64
|
56
58
|
faraday-net_http (>= 2.0, < 3.1)
|
57
59
|
ruby2_keywords (>= 0.0.4)
|
58
60
|
faraday-net_http (3.0.2)
|
59
61
|
fast_gettext (2.3.0)
|
60
62
|
ffi (1.15.5)
|
61
63
|
forwardable (1.3.3)
|
62
|
-
gettext (3.4.
|
64
|
+
gettext (3.4.9)
|
63
65
|
erubi
|
64
66
|
locale (>= 2.0.5)
|
65
67
|
prime
|
@@ -69,7 +71,7 @@ GEM
|
|
69
71
|
fast_gettext (~> 2.1)
|
70
72
|
gettext (~> 3.4)
|
71
73
|
locale
|
72
|
-
google-apis-core (0.11.
|
74
|
+
google-apis-core (0.11.1)
|
73
75
|
addressable (~> 2.5, >= 2.5.1)
|
74
76
|
googleauth (>= 0.16.2, < 2.a)
|
75
77
|
httpclient (>= 2.8.1, < 3.a)
|
@@ -96,10 +98,9 @@ GEM
|
|
96
98
|
google-cloud-core (~> 1.6)
|
97
99
|
googleauth (>= 0.16.2, < 2.a)
|
98
100
|
mini_mime (~> 1.0)
|
99
|
-
googleauth (1.
|
101
|
+
googleauth (1.8.1)
|
100
102
|
faraday (>= 0.17.3, < 3.a)
|
101
103
|
jwt (>= 1.4, < 3.0)
|
102
|
-
memoist (~> 0.16)
|
103
104
|
multi_json (~> 1.11)
|
104
105
|
os (>= 0.9, < 2.0)
|
105
106
|
signet (>= 0.16, < 2.a)
|
@@ -115,18 +116,17 @@ GEM
|
|
115
116
|
addressable (>= 2.4)
|
116
117
|
jwt (2.7.1)
|
117
118
|
locale (2.1.3)
|
118
|
-
memoist (0.16.2)
|
119
119
|
memory_profiler (1.0.1)
|
120
120
|
method_source (1.0.0)
|
121
|
-
mini_mime (1.1.
|
121
|
+
mini_mime (1.1.5)
|
122
122
|
minitar (0.9)
|
123
|
-
msgpack (1.7.
|
123
|
+
msgpack (1.7.2)
|
124
124
|
multi_json (1.15.0)
|
125
125
|
mustache (1.1.1)
|
126
|
-
optimist (3.0
|
126
|
+
optimist (3.1.0)
|
127
127
|
os (1.1.4)
|
128
128
|
parallel (1.23.0)
|
129
|
-
parser (3.2.2.
|
129
|
+
parser (3.2.2.4)
|
130
130
|
ast (~> 2.4.1)
|
131
131
|
racc
|
132
132
|
prime (0.1.2)
|
@@ -135,17 +135,17 @@ GEM
|
|
135
135
|
pry (0.14.2)
|
136
136
|
coderay (~> 1.1)
|
137
137
|
method_source (~> 1.0)
|
138
|
-
public_suffix (5.0.
|
139
|
-
puppet-resource_api (1.
|
138
|
+
public_suffix (5.0.3)
|
139
|
+
puppet-resource_api (1.9.0)
|
140
140
|
hocon (>= 1.0)
|
141
141
|
puppetserver-ca (2.6.0)
|
142
142
|
facter (>= 2.0.1, < 5)
|
143
143
|
racc (1.5.2)
|
144
144
|
rainbow (3.1.1)
|
145
145
|
rake (13.0.6)
|
146
|
-
rdiscount (2.2.7)
|
146
|
+
rdiscount (2.2.7.1)
|
147
147
|
rdoc (6.3.3)
|
148
|
-
regexp_parser (2.8.
|
148
|
+
regexp_parser (2.8.2)
|
149
149
|
release-metrics (1.1.0)
|
150
150
|
csv
|
151
151
|
docopt
|
@@ -154,7 +154,7 @@ GEM
|
|
154
154
|
trailblazer-option (>= 0.1.1, < 0.2.0)
|
155
155
|
uber (< 0.2.0)
|
156
156
|
retriable (3.1.2)
|
157
|
-
rexml (3.2.
|
157
|
+
rexml (3.2.6)
|
158
158
|
ronn (0.7.3)
|
159
159
|
hpricot (>= 0.8.2)
|
160
160
|
mustache (>= 0.7.0)
|
@@ -171,10 +171,10 @@ GEM
|
|
171
171
|
rspec-its (1.3.0)
|
172
172
|
rspec-core (>= 3.0.0)
|
173
173
|
rspec-expectations (>= 3.0.0)
|
174
|
-
rspec-mocks (3.12.
|
174
|
+
rspec-mocks (3.12.6)
|
175
175
|
diff-lcs (>= 1.2.0, < 2.0)
|
176
176
|
rspec-support (~> 3.12.0)
|
177
|
-
rspec-support (3.12.
|
177
|
+
rspec-support (3.12.1)
|
178
178
|
rubocop (1.28.0)
|
179
179
|
parallel (~> 1.10)
|
180
180
|
parser (>= 3.1.0.0)
|
@@ -193,19 +193,19 @@ GEM
|
|
193
193
|
ruby2_keywords (0.0.5)
|
194
194
|
scanf (1.0.0)
|
195
195
|
semantic_puppet (1.1.0)
|
196
|
-
signet (0.
|
196
|
+
signet (0.18.0)
|
197
197
|
addressable (~> 2.8)
|
198
198
|
faraday (>= 0.17.5, < 3.a)
|
199
199
|
jwt (>= 1.5, < 3.0)
|
200
200
|
multi_json (~> 1.10)
|
201
201
|
singleton (0.1.1)
|
202
202
|
text (1.3.1)
|
203
|
-
thor (1.
|
203
|
+
thor (1.3.0)
|
204
204
|
trailblazer-option (0.1.2)
|
205
205
|
uber (0.1.0)
|
206
|
-
unicode-display_width (2.
|
207
|
-
vcr (6.
|
208
|
-
webmock (3.
|
206
|
+
unicode-display_width (2.5.0)
|
207
|
+
vcr (6.2.0)
|
208
|
+
webmock (3.19.1)
|
209
209
|
addressable (>= 2.8.0)
|
210
210
|
crack (>= 0.3.2)
|
211
211
|
hashdiff (>= 0.4.0, < 2.0.0)
|
@@ -218,7 +218,7 @@ PLATFORMS
|
|
218
218
|
DEPENDENCIES
|
219
219
|
diff-lcs (~> 1.3)
|
220
220
|
facter (~> 4.3)
|
221
|
-
ffi
|
221
|
+
ffi (= 1.15.5)
|
222
222
|
gettext-setup (~> 1.0)
|
223
223
|
hiera-eyaml
|
224
224
|
hocon (~> 1.0)
|
@@ -248,4 +248,4 @@ DEPENDENCIES
|
|
248
248
|
yard
|
249
249
|
|
250
250
|
BUNDLED WITH
|
251
|
-
2.4.
|
251
|
+
2.4.20
|
data/ext/project_data.yaml
CHANGED
@@ -39,11 +39,11 @@ gem_platform_dependencies:
|
|
39
39
|
CFPropertyList: '~> 2.2'
|
40
40
|
x86-mingw32:
|
41
41
|
gem_runtime_dependencies:
|
42
|
-
ffi:
|
42
|
+
ffi: '1.15.5'
|
43
43
|
minitar: '~> 0.9'
|
44
44
|
x64-mingw32:
|
45
45
|
gem_runtime_dependencies:
|
46
|
-
ffi:
|
46
|
+
ffi: '1.15.5'
|
47
47
|
minitar: '~> 0.9'
|
48
48
|
bundle_platforms:
|
49
49
|
universal-darwin: all
|
@@ -60,6 +60,11 @@ ACTIONS
|
|
60
60
|
the CSR. Otherwise a new key pair will be generated. If a CSR has already
|
61
61
|
been submitted with the given `certname`, then the operation will fail.
|
62
62
|
|
63
|
+
* generate_request:
|
64
|
+
Generate a certificate signing request (CSR). If
|
65
|
+
a private and public key pair already exist, they will be used to generate
|
66
|
+
the CSR. Otherwise a new key pair will be generated.
|
67
|
+
|
63
68
|
* download_cert:
|
64
69
|
Download a certificate for this host. If the current private key matches
|
65
70
|
the downloaded certificate, then the certificate will be saved and used
|
@@ -137,9 +142,21 @@ HELP
|
|
137
142
|
unless cert
|
138
143
|
raise Puppet::Error, _("The certificate for '%{name}' has not yet been signed") % { name: certname }
|
139
144
|
end
|
145
|
+
when 'generate_request'
|
146
|
+
generate_request(certname)
|
140
147
|
when 'verify'
|
141
148
|
verify(certname)
|
142
149
|
when 'clean'
|
150
|
+
possible_extra_args = command_line.args.drop(1)
|
151
|
+
unless possible_extra_args.empty?
|
152
|
+
raise Puppet::Error, _(<<END) % { args: possible_extra_args.join(' ')}
|
153
|
+
Extra arguments detected: %{args}
|
154
|
+
Did you mean to run:
|
155
|
+
puppetserver ca clean --certname <name>
|
156
|
+
Or:
|
157
|
+
puppet ssl clean --target <name>
|
158
|
+
END
|
159
|
+
end
|
143
160
|
clean(certname)
|
144
161
|
when 'bootstrap'
|
145
162
|
if !Puppet::Util::Log.sendlevel?(:info)
|
@@ -163,13 +180,7 @@ HELP
|
|
163
180
|
def submit_request(ssl_context)
|
164
181
|
key = @cert_provider.load_private_key(Puppet[:certname])
|
165
182
|
unless key
|
166
|
-
|
167
|
-
Puppet.info _("Creating a new EC SSL key for %{name} using curve %{curve}") % { name: Puppet[:certname], curve: Puppet[:named_curve] }
|
168
|
-
key = OpenSSL::PKey::EC.generate(Puppet[:named_curve])
|
169
|
-
else
|
170
|
-
Puppet.info _("Creating a new SSL key for %{name}") % { name: Puppet[:certname] }
|
171
|
-
key = OpenSSL::PKey::RSA.new(Puppet[:keylength].to_i)
|
172
|
-
end
|
183
|
+
key = create_key(Puppet[:certname])
|
173
184
|
@cert_provider.save_private_key(Puppet[:certname], key)
|
174
185
|
end
|
175
186
|
|
@@ -188,6 +199,20 @@ HELP
|
|
188
199
|
raise Puppet::Error.new(_("Failed to submit certificate request: %{message}") % { message: e.message }, e)
|
189
200
|
end
|
190
201
|
|
202
|
+
def generate_request(certname)
|
203
|
+
key = @cert_provider.load_private_key(certname)
|
204
|
+
unless key
|
205
|
+
key = create_key(certname)
|
206
|
+
@cert_provider.save_private_key(certname, key)
|
207
|
+
end
|
208
|
+
|
209
|
+
csr = @cert_provider.create_request(certname, key)
|
210
|
+
@cert_provider.save_request(certname, csr)
|
211
|
+
Puppet.notice _("Generated certificate request in '%{path}'") % { path: @cert_provider.to_path(Puppet[:requestdir], certname) }
|
212
|
+
rescue => e
|
213
|
+
raise Puppet::Error.new(_("Failed to generate certificate request: %{message}") % { message: e.message }, e)
|
214
|
+
end
|
215
|
+
|
191
216
|
def download_cert(ssl_context)
|
192
217
|
key = @cert_provider.load_private_key(Puppet[:certname])
|
193
218
|
|
@@ -286,4 +311,14 @@ END
|
|
286
311
|
def create_route(ssl_context)
|
287
312
|
@session.route_to(:ca, ssl_context: ssl_context)
|
288
313
|
end
|
314
|
+
|
315
|
+
def create_key(certname)
|
316
|
+
if Puppet[:key_type] == 'ec'
|
317
|
+
Puppet.info _("Creating a new EC SSL key for %{name} using curve %{curve}") % { name: certname, curve: Puppet[:named_curve] }
|
318
|
+
OpenSSL::PKey::EC.generate(Puppet[:named_curve])
|
319
|
+
else
|
320
|
+
Puppet.info _("Creating a new SSL key for %{name}") % { name: certname }
|
321
|
+
OpenSSL::PKey::RSA.new(Puppet[:keylength].to_i)
|
322
|
+
end
|
323
|
+
end
|
289
324
|
end
|
data/lib/puppet/application.rb
CHANGED
@@ -504,8 +504,12 @@ class Application
|
|
504
504
|
runtime_info = {
|
505
505
|
'puppet_version' => Puppet.version,
|
506
506
|
'ruby_version' => RUBY_VERSION,
|
507
|
-
'run_mode' => self.class.run_mode.name
|
507
|
+
'run_mode' => self.class.run_mode.name
|
508
508
|
}
|
509
|
+
unless Puppet::Util::Platform.jruby_fips?
|
510
|
+
runtime_info['openssl_version'] = "'#{OpenSSL::OPENSSL_VERSION}'"
|
511
|
+
runtime_info['openssl_fips'] = OpenSSL::OPENSSL_FIPS
|
512
|
+
end
|
509
513
|
runtime_info['default_encoding'] = Encoding.default_external
|
510
514
|
runtime_info.merge!(extra_info) unless extra_info.nil?
|
511
515
|
|
data/lib/puppet/defaults.rb
CHANGED
@@ -4,11 +4,7 @@ require_relative '../puppet/util/platform'
|
|
4
4
|
module Puppet
|
5
5
|
|
6
6
|
def self.default_diffargs
|
7
|
-
|
8
|
-
""
|
9
|
-
else
|
10
|
-
"-u"
|
11
|
-
end
|
7
|
+
'-u'
|
12
8
|
end
|
13
9
|
|
14
10
|
def self.default_digest_algorithm
|
@@ -1248,6 +1244,22 @@ EOT
|
|
1248
1244
|
unchanged on the server, then the agent run will continue using the
|
1249
1245
|
local CRL it already has.#{AS_DURATION}",
|
1250
1246
|
},
|
1247
|
+
:hostcert_renewal_interval => {
|
1248
|
+
:default => "30d",
|
1249
|
+
:type => :duration,
|
1250
|
+
:desc => "When the Puppet agent refreshes its client certificate.
|
1251
|
+
By default the client certificate will refresh 30 days before the certificate
|
1252
|
+
expires. If a different duration is specified, then the agent will refresh its
|
1253
|
+
client certificate whenever it next runs and if the client certificate expires
|
1254
|
+
within the duration specified.
|
1255
|
+
|
1256
|
+
In general, the duration should be greater than the `runinterval`.
|
1257
|
+
Setting it to 0 will disable automatic renewal.
|
1258
|
+
|
1259
|
+
If the agent downloads a new certificate, the agent will use it for subsequent
|
1260
|
+
network requests. If the refresh request fails, then the agent run will continue using the
|
1261
|
+
certificate it already has. #{AS_DURATION}",
|
1262
|
+
},
|
1251
1263
|
:keylength => {
|
1252
1264
|
:default => 4096,
|
1253
1265
|
:type => :integer,
|
data/lib/puppet/face/config.rb
CHANGED
@@ -82,7 +82,7 @@ Puppet::Face.define(:config, '0.0.1') do
|
|
82
82
|
end
|
83
83
|
|
84
84
|
when_rendering :console do |to_be_rendered|
|
85
|
-
output =
|
85
|
+
output = ''.dup
|
86
86
|
if to_be_rendered.keys.length > 1
|
87
87
|
to_be_rendered.keys.sort.each do |setting|
|
88
88
|
output << "#{setting} = #{to_be_rendered[setting]}\n"
|
data/lib/puppet/face/epp.rb
CHANGED
@@ -367,7 +367,7 @@ Puppet::Face.define(:epp, '0.0.1') do
|
|
367
367
|
end
|
368
368
|
|
369
369
|
def dump_parse(source, filename, options, show_filename = true)
|
370
|
-
output =
|
370
|
+
output = ''.dup
|
371
371
|
evaluating_parser = Puppet::Pops::Parser::EvaluatingParser::EvaluatingEppParser.new
|
372
372
|
begin
|
373
373
|
if options[:validate]
|
@@ -451,7 +451,7 @@ Puppet::Face.define(:epp, '0.0.1') do
|
|
451
451
|
|
452
452
|
def render_file(epp_template_name, compiler, options, show_filename, file_nbr)
|
453
453
|
template_args = get_values(compiler, options)
|
454
|
-
output =
|
454
|
+
output = ''.dup
|
455
455
|
begin
|
456
456
|
if show_filename && options[:header]
|
457
457
|
output << "\n" unless file_nbr == 1
|
@@ -74,7 +74,7 @@ Puppet::Face.define(:module, '1.0.0') do
|
|
74
74
|
environment = result[:environment]
|
75
75
|
modules_by_path = result[:modules_by_path]
|
76
76
|
|
77
|
-
output =
|
77
|
+
output = ''.dup
|
78
78
|
|
79
79
|
warn_unmet_dependencies(environment)
|
80
80
|
|
@@ -248,7 +248,7 @@ Puppet::Face.define(:module, '1.0.0') do
|
|
248
248
|
# Returns a Hash
|
249
249
|
#
|
250
250
|
def list_build_node(mod, parent, params)
|
251
|
-
str =
|
251
|
+
str = ''.dup
|
252
252
|
str << (mod.forge_name ? mod.forge_name.tr('/', '-') : mod.name)
|
253
253
|
str << ' (' + colorize(:cyan, mod.version ? "v#{mod.version}" : '???') + ')'
|
254
254
|
|
data/lib/puppet/face/parser.rb
CHANGED
@@ -174,7 +174,7 @@ Puppet::Face.define(:parser, '0.0.1') do
|
|
174
174
|
end
|
175
175
|
|
176
176
|
def dump_parse(source, filename, options, show_filename = true)
|
177
|
-
output =
|
177
|
+
output = ''.dup
|
178
178
|
evaluating_parser = Puppet::Pops::Parser::EvaluatingParser.new
|
179
179
|
begin
|
180
180
|
if options[:validate]
|
@@ -36,6 +36,21 @@ Puppet::Functions.create_function(:split) do
|
|
36
36
|
param 'Type[Regexp]', :pattern
|
37
37
|
end
|
38
38
|
|
39
|
+
dispatch :split_String_sensitive do
|
40
|
+
param 'Sensitive[String]', :sensitive
|
41
|
+
param 'String', :pattern
|
42
|
+
end
|
43
|
+
|
44
|
+
dispatch :split_Regexp_sensitive do
|
45
|
+
param 'Sensitive[String]', :sensitive
|
46
|
+
param 'Regexp', :pattern
|
47
|
+
end
|
48
|
+
|
49
|
+
dispatch :split_RegexpType_sensitive do
|
50
|
+
param 'Sensitive[String]', :sensitive
|
51
|
+
param 'Type[Regexp]', :pattern
|
52
|
+
end
|
53
|
+
|
39
54
|
def split_String(str, pattern)
|
40
55
|
str.split(Regexp.compile(pattern))
|
41
56
|
end
|
@@ -47,4 +62,16 @@ Puppet::Functions.create_function(:split) do
|
|
47
62
|
def split_RegexpType(str, pattern)
|
48
63
|
str.split(pattern.regexp)
|
49
64
|
end
|
50
|
-
|
65
|
+
|
66
|
+
def split_String_sensitive(sensitive, pattern)
|
67
|
+
Puppet::Pops::Types::PSensitiveType::Sensitive.new(split_String(sensitive.unwrap, pattern))
|
68
|
+
end
|
69
|
+
|
70
|
+
def split_Regexp_sensitive(sensitive, pattern)
|
71
|
+
Puppet::Pops::Types::PSensitiveType::Sensitive.new(split_Regexp(sensitive.unwrap, pattern))
|
72
|
+
end
|
73
|
+
|
74
|
+
def split_RegexpType_sensitive(sensitive, pattern)
|
75
|
+
Puppet::Pops::Types::PSensitiveType::Sensitive.new(split_RegexpType(sensitive.unwrap, pattern))
|
76
|
+
end
|
77
|
+
end
|
data/lib/puppet/http/client.rb
CHANGED
@@ -368,6 +368,7 @@ class Puppet::HTTP::Client
|
|
368
368
|
apply_auth(request, basic_auth) if redirects.zero?
|
369
369
|
|
370
370
|
# don't call return within the `request` block
|
371
|
+
close_and_sleep = nil
|
371
372
|
http.request(request) do |nethttp|
|
372
373
|
response = Puppet::HTTP::ResponseNetHTTP.new(request.uri, nethttp)
|
373
374
|
begin
|
@@ -381,12 +382,14 @@ class Puppet::HTTP::Client
|
|
381
382
|
interval = @retry_after_handler.retry_after_interval(request, response, retries)
|
382
383
|
retries += 1
|
383
384
|
if interval
|
384
|
-
|
385
|
-
|
386
|
-
|
385
|
+
close_and_sleep = proc do
|
386
|
+
if http.started?
|
387
|
+
Puppet.debug("Closing connection for #{Puppet::HTTP::Site.from_uri(request.uri)}")
|
388
|
+
http.finish
|
389
|
+
end
|
390
|
+
Puppet.warning(_("Sleeping for %{interval} seconds before retrying the request") % { interval: interval })
|
391
|
+
::Kernel.sleep(interval)
|
387
392
|
end
|
388
|
-
Puppet.warning(_("Sleeping for %{interval} seconds before retrying the request") % { interval: interval })
|
389
|
-
::Kernel.sleep(interval)
|
390
393
|
next
|
391
394
|
end
|
392
395
|
end
|
@@ -405,6 +408,10 @@ class Puppet::HTTP::Client
|
|
405
408
|
|
406
409
|
done = true
|
407
410
|
end
|
411
|
+
ensure
|
412
|
+
# If a server responded with a retry, make sure the connection is closed and then
|
413
|
+
# sleep the specified time.
|
414
|
+
close_and_sleep.call if close_and_sleep
|
408
415
|
end
|
409
416
|
end
|
410
417
|
|
@@ -104,4 +104,29 @@ class Puppet::HTTP::Service::Ca < Puppet::HTTP::Service
|
|
104
104
|
|
105
105
|
response
|
106
106
|
end
|
107
|
+
|
108
|
+
# Submit a POST request to send a certificate renewal request to the server
|
109
|
+
#
|
110
|
+
# @param [Puppet::SSL::SSLContext] ssl_context
|
111
|
+
#
|
112
|
+
# @return [Array<Puppet::HTTP::Response, String>] The request response
|
113
|
+
#
|
114
|
+
# @api public
|
115
|
+
def post_certificate_renewal(ssl_context)
|
116
|
+
headers = add_puppet_headers(HEADERS)
|
117
|
+
headers['Content-Type'] = 'text/plain'
|
118
|
+
|
119
|
+
response = @client.post(
|
120
|
+
with_base_url('/certificate_renewal'),
|
121
|
+
'', # Puppet::HTTP::Client.post requires a body, the API endpoint does not
|
122
|
+
headers: headers,
|
123
|
+
options: {ssl_context: ssl_context}
|
124
|
+
)
|
125
|
+
|
126
|
+
raise ArgumentError.new(_('SSL context must contain a client certificate.')) unless ssl_context.client_cert
|
127
|
+
|
128
|
+
process_response(response)
|
129
|
+
|
130
|
+
[response, response.body.to_s]
|
131
|
+
end
|
107
132
|
end
|
@@ -105,7 +105,7 @@ class Puppet::Node::Facts::Facter < Puppet::Indirector::Code
|
|
105
105
|
|
106
106
|
def find_with_options(request)
|
107
107
|
options = request.options
|
108
|
-
options_for_facter =
|
108
|
+
options_for_facter = ''.dup
|
109
109
|
options_for_facter += options[:user_query].join(' ')
|
110
110
|
options_for_facter += " --config #{options[:config_file]}" if options[:config_file]
|
111
111
|
options_for_facter += " --show-legacy" if options[:show_legacy]
|
@@ -58,7 +58,7 @@ module Puppet::FileBucketFile
|
|
58
58
|
end
|
59
59
|
# Setting hash's default value to [], needed by the following loop
|
60
60
|
bucket = Hash.new {[]}
|
61
|
-
msg =
|
61
|
+
msg = ''.dup
|
62
62
|
# Get all files with mtime between 'from' and 'to'
|
63
63
|
Pathname.new(request.options[:bucket_path]).find { |item|
|
64
64
|
if item.file? and item.basename.to_s == "paths"
|
@@ -13,7 +13,7 @@ class Puppet::InfoService::TaskInformationService
|
|
13
13
|
task.validate
|
14
14
|
{:module => {:name => task.module.name}, :name => task.name, :metadata => task.metadata}
|
15
15
|
rescue Puppet::Module::Task::Error => err
|
16
|
-
Puppet.log_exception(err
|
16
|
+
Puppet.log_exception(err)
|
17
17
|
nil
|
18
18
|
end
|
19
19
|
end
|
data/lib/puppet/module_tool.rb
CHANGED
@@ -70,7 +70,7 @@ module Puppet
|
|
70
70
|
# Builds a formatted tree from a list of node hashes containing +:text+
|
71
71
|
# and +:dependencies+ keys.
|
72
72
|
def self.format_tree(nodes, level = 0)
|
73
|
-
str =
|
73
|
+
str = ''.dup
|
74
74
|
nodes.each_with_index do |node, i|
|
75
75
|
last_node = nodes.length - 1 == i
|
76
76
|
deps = node[:dependencies] || []
|
@@ -156,7 +156,7 @@ Puppet::Network::FormatHandler.create(:console,
|
|
156
156
|
|
157
157
|
# Simple hash to table
|
158
158
|
if datum.is_a?(Hash) && datum.keys.all? { |x| x.is_a?(String) || x.is_a?(Numeric) }
|
159
|
-
output =
|
159
|
+
output = ''.dup
|
160
160
|
column_a = datum.empty? ? 2 : datum.map{ |k,v| k.to_s.length }.max + 2
|
161
161
|
datum.sort_by { |k,v| k.to_s } .each do |key, value|
|
162
162
|
output << key.to_s.ljust(column_a)
|
@@ -169,7 +169,7 @@ Puppet::Network::FormatHandler.create(:console,
|
|
169
169
|
|
170
170
|
# Print one item per line for arrays
|
171
171
|
if datum.is_a? Array
|
172
|
-
output =
|
172
|
+
output = ''.dup
|
173
173
|
datum.each do |item|
|
174
174
|
output << item.to_s
|
175
175
|
output << "\n"
|
@@ -227,7 +227,7 @@ Puppet::Network::FormatHandler.create(:flat,
|
|
227
227
|
end
|
228
228
|
|
229
229
|
def construct_output(data)
|
230
|
-
output =
|
230
|
+
output = ''.dup
|
231
231
|
data.each do |key, value|
|
232
232
|
output << "#{key}=#{value}"
|
233
233
|
output << "\n"
|
@@ -592,10 +592,12 @@ class Puppet::Node::Environment
|
|
592
592
|
if file == NO_MANIFEST
|
593
593
|
empty_parse_result
|
594
594
|
elsif File.directory?(file)
|
595
|
-
|
596
|
-
|
597
|
-
|
598
|
-
|
595
|
+
# JRuby does not properly perform Dir.glob operations with wildcards, (see PUP-11788 and https://github.com/jruby/jruby/issues/7836).
|
596
|
+
# We sort the results because Dir.glob order is inconsistent in Ruby < 3 (see PUP-10115).
|
597
|
+
parse_results = Puppet::FileSystem::PathPattern.absolute(File.join(file, '**/*')).glob.select {|globbed_file| globbed_file.end_with?('.pp')}.sort.map do | file_to_parse |
|
598
|
+
parser.file = file_to_parse
|
599
|
+
parser.parse
|
600
|
+
end
|
599
601
|
# Use a parser type specific merger to concatenate the results
|
600
602
|
Puppet::Parser::AST::Hostclass.new('', :code => Puppet::Parser::ParserFactory.code_merger.concatenate(parse_results))
|
601
603
|
else
|
data/lib/puppet/parser/files.rb
CHANGED
@@ -29,9 +29,10 @@ module Puppet::Parser::Files
|
|
29
29
|
# * modulename/filename selector: a file is found in the file directory
|
30
30
|
# of the named module.
|
31
31
|
#
|
32
|
-
#
|
33
|
-
#
|
34
|
-
#
|
32
|
+
# The check for file existence is performed on the node compiling the
|
33
|
+
# manifest. A node running "puppet apply" compiles its own manifest, but
|
34
|
+
# a node running "puppet agent" depends on the configured puppetserver
|
35
|
+
# for compiling. In either case, a nil is returned if no file is found.
|
35
36
|
#
|
36
37
|
# @param template [String] the file selector
|
37
38
|
# @param environment [Puppet::Node::Environment] the environment in which to search
|