puppet 8.1.0-x86-mingw32 → 8.3.1-x86-mingw32
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +1 -1
- data/Gemfile.lock +39 -45
- data/ext/project_data.yaml +2 -2
- data/lib/puppet/application/doc.rb +1 -1
- data/lib/puppet/application/ssl.rb +42 -7
- data/lib/puppet/application.rb +5 -1
- data/lib/puppet/defaults.rb +17 -5
- data/lib/puppet/face/config.rb +1 -1
- data/lib/puppet/face/epp.rb +2 -2
- data/lib/puppet/face/module/list.rb +2 -2
- data/lib/puppet/face/parser.rb +1 -1
- data/lib/puppet/functions/split.rb +28 -1
- data/lib/puppet/http/client.rb +12 -5
- data/lib/puppet/http/service/ca.rb +25 -0
- data/lib/puppet/indirector/facts/facter.rb +1 -1
- data/lib/puppet/indirector/file_bucket_file/file.rb +1 -1
- data/lib/puppet/indirector/indirection.rb +1 -1
- data/lib/puppet/info_service/task_information_service.rb +1 -1
- data/lib/puppet/module_tool.rb +1 -1
- data/lib/puppet/network/formats.rb +3 -3
- data/lib/puppet/network/http/memory_response.rb +1 -1
- data/lib/puppet/node/environment.rb +6 -4
- data/lib/puppet/parameter/value_collection.rb +1 -1
- data/lib/puppet/parser/files.rb +4 -3
- data/lib/puppet/parser/functions.rb +1 -1
- data/lib/puppet/pops/evaluator/deferred_resolver.rb +20 -3
- data/lib/puppet/pops/loader/loader_paths.rb +4 -4
- data/lib/puppet/pops/lookup/explainer.rb +1 -1
- data/lib/puppet/pops/lookup/hiera_config.rb +1 -1
- data/lib/puppet/pops/model/factory.rb +1 -1
- data/lib/puppet/pops/model/tree_dumper.rb +1 -1
- data/lib/puppet/pops/parser/epp_support.rb +1 -1
- data/lib/puppet/pops/parser/evaluating_parser.rb +1 -1
- data/lib/puppet/pops/parser/pn_parser.rb +1 -1
- data/lib/puppet/pops/pn.rb +1 -1
- data/lib/puppet/pops/serialization/json_path.rb +1 -1
- data/lib/puppet/pops/time/timespan.rb +4 -4
- data/lib/puppet/pops/types/ruby_generator.rb +2 -2
- data/lib/puppet/pops/types/string_converter.rb +6 -6
- data/lib/puppet/pops/types/type_formatter.rb +2 -2
- data/lib/puppet/pops/types/types.rb +1 -1
- data/lib/puppet/provider/nameservice/directoryservice.rb +2 -2
- data/lib/puppet/provider/package/apt.rb +1 -1
- data/lib/puppet/provider/package/dnf.rb +1 -1
- data/lib/puppet/provider/package/yum.rb +1 -1
- data/lib/puppet/provider/user/directoryservice.rb +1 -1
- data/lib/puppet/reference/configuration.rb +1 -1
- data/lib/puppet/reference/indirection.rb +1 -1
- data/lib/puppet/reports.rb +1 -1
- data/lib/puppet/ssl/oids.rb +2 -0
- data/lib/puppet/ssl/ssl_provider.rb +1 -1
- data/lib/puppet/ssl/state_machine.rb +60 -9
- data/lib/puppet/transaction/report.rb +1 -1
- data/lib/puppet/type/filebucket.rb +1 -1
- data/lib/puppet/util/diff.rb +1 -1
- data/lib/puppet/util/execution.rb +9 -4
- data/lib/puppet/util/inifile.rb +2 -2
- data/lib/puppet/util/monkey_patches.rb +18 -0
- data/lib/puppet/util/package/version/rpm.rb +1 -1
- data/lib/puppet/util/provider_features.rb +1 -1
- data/lib/puppet/util/selinux.rb +1 -1
- data/lib/puppet/util/windows/access_control_entry.rb +1 -1
- data/lib/puppet/util/windows/access_control_list.rb +1 -1
- data/lib/puppet/util/windows/adsi.rb +9 -2
- data/lib/puppet/util/windows/error.rb +1 -1
- data/lib/puppet/util/windows/file.rb +2 -2
- data/lib/puppet/util/windows/process.rb +1 -1
- data/lib/puppet/util/windows/sid.rb +4 -2
- data/lib/puppet/util.rb +2 -3
- data/lib/puppet/version.rb +1 -1
- data/lib/puppet/x509/cert_provider.rb +13 -2
- data/locales/puppet.pot +106 -74
- data/man/man5/puppet.conf.5 +16 -2
- data/man/man8/puppet-agent.8 +1 -1
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +1 -1
- data/man/man8/puppet-filebucket.8 +1 -1
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-module.8 +1 -1
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +5 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/ssl/127.0.0.1-key.pem +107 -107
- data/spec/fixtures/ssl/127.0.0.1.pem +52 -51
- data/spec/fixtures/ssl/bad-basic-constraints.pem +56 -56
- data/spec/fixtures/ssl/bad-int-basic-constraints.pem +53 -53
- data/spec/fixtures/ssl/ca.pem +54 -54
- data/spec/fixtures/ssl/crl.pem +26 -26
- data/spec/fixtures/ssl/ec-key.pem +11 -11
- data/spec/fixtures/ssl/ec.pem +33 -32
- data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
- data/spec/fixtures/ssl/encrypted-key.pem +108 -108
- data/spec/fixtures/ssl/intermediate-agent-crl.pem +26 -26
- data/spec/fixtures/ssl/intermediate-agent.pem +56 -56
- data/spec/fixtures/ssl/intermediate-crl.pem +29 -29
- data/spec/fixtures/ssl/intermediate.pem +53 -53
- data/spec/fixtures/ssl/oid-key.pem +107 -107
- data/spec/fixtures/ssl/oid.pem +51 -50
- data/spec/fixtures/ssl/pluto-key.pem +107 -107
- data/spec/fixtures/ssl/pluto.pem +52 -51
- data/spec/fixtures/ssl/renewed.pem +67 -0
- data/spec/fixtures/ssl/request-key.pem +107 -107
- data/spec/fixtures/ssl/request.pem +50 -48
- data/spec/fixtures/ssl/revoked-key.pem +107 -107
- data/spec/fixtures/ssl/revoked.pem +51 -50
- data/spec/fixtures/ssl/signed-key.pem +107 -107
- data/spec/fixtures/ssl/signed.pem +49 -48
- data/spec/fixtures/ssl/tampered-cert.pem +51 -50
- data/spec/fixtures/ssl/tampered-csr.pem +50 -48
- data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +107 -107
- data/spec/fixtures/ssl/unknown-127.0.0.1.pem +50 -49
- data/spec/fixtures/ssl/unknown-ca-key.pem +107 -107
- data/spec/fixtures/ssl/unknown-ca.pem +54 -54
- data/spec/integration/application/agent_spec.rb +27 -27
- data/spec/integration/application/apply_spec.rb +14 -0
- data/spec/integration/http/client_spec.rb +16 -0
- data/spec/integration/type/exec_spec.rb +13 -0
- data/spec/lib/puppet/test_ca.rb +3 -10
- data/spec/lib/puppet_spec/verbose.rb +10 -1
- data/spec/unit/agent_spec.rb +2 -9
- data/spec/unit/application/ssl_spec.rb +49 -0
- data/spec/unit/defaults_spec.rb +2 -40
- data/spec/unit/file_system/path_pattern_spec.rb +15 -0
- data/spec/unit/functions/split_spec.rb +6 -0
- data/spec/unit/http/service/ca_spec.rb +71 -0
- data/spec/unit/info_service_spec.rb +1 -1
- data/spec/unit/ssl/certificate_signer_spec.rb +17 -0
- data/spec/unit/ssl/ssl_provider_spec.rb +21 -1
- data/spec/unit/ssl/state_machine_spec.rb +75 -3
- data/spec/unit/util/execution_spec.rb +1 -0
- data/spec/unit/util/monkey_patches_spec.rb +42 -0
- data/spec/unit/util/windows/adsi_spec.rb +25 -0
- data/spec/unit/x509/cert_provider_spec.rb +23 -0
- data/tasks/generate_cert_fixtures.rake +4 -0
- metadata +11 -13
data/lib/puppet/util/inifile.rb
CHANGED
@@ -79,7 +79,7 @@ module Puppet::Util::IniConfig
|
|
79
79
|
# written to file
|
80
80
|
def format
|
81
81
|
if @destroy
|
82
|
-
text =
|
82
|
+
text = ''.dup
|
83
83
|
else
|
84
84
|
text = "[#{name}]\n"
|
85
85
|
@entries.each do |entry|
|
@@ -208,7 +208,7 @@ module Puppet::Util::IniConfig
|
|
208
208
|
end
|
209
209
|
|
210
210
|
def format
|
211
|
-
text =
|
211
|
+
text = ''.dup
|
212
212
|
|
213
213
|
@contents.each do |content|
|
214
214
|
if content.is_a? Section
|
@@ -30,6 +30,24 @@ class Object
|
|
30
30
|
end
|
31
31
|
end
|
32
32
|
|
33
|
+
unless Dir.singleton_methods.include?(:exists?)
|
34
|
+
class Dir
|
35
|
+
def self.exists?(file_name)
|
36
|
+
warn("Dir.exists?('#{file_name}') is deprecated, use Dir.exist? instead") if $VERBOSE
|
37
|
+
Dir.exist?(file_name)
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|
41
|
+
|
42
|
+
unless File.singleton_methods.include?(:exists?)
|
43
|
+
class File
|
44
|
+
def self.exists?(file_name)
|
45
|
+
warn("File.exists?('#{file_name}') is deprecated, use File.exist? instead") if $VERBOSE
|
46
|
+
File.exist?(file_name)
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
50
|
+
|
33
51
|
require_relative '../../puppet/ssl/openssl_loader'
|
34
52
|
unless Puppet::Util::Platform.jruby_fips?
|
35
53
|
class OpenSSL::SSL::SSLContext
|
@@ -76,7 +76,7 @@ module Puppet::Util::ProviderFeatures
|
|
76
76
|
|
77
77
|
# @return [String] Returns a string with documentation covering all features.
|
78
78
|
def featuredocs
|
79
|
-
str =
|
79
|
+
str = ''.dup
|
80
80
|
@features ||= {}
|
81
81
|
return nil if @features.empty?
|
82
82
|
names = @features.keys.sort_by(&:to_s)
|
data/lib/puppet/util/selinux.rb
CHANGED
@@ -227,7 +227,7 @@ module Puppet::Util::SELinux
|
|
227
227
|
|
228
228
|
# Internal helper function to read and parse /proc/mounts
|
229
229
|
def read_mounts
|
230
|
-
mounts =
|
230
|
+
mounts = ''.dup
|
231
231
|
begin
|
232
232
|
if File.method_defined? "read_nonblock"
|
233
233
|
# If possible we use read_nonblock in a loop rather than read to work-
|
@@ -176,6 +176,13 @@ module Puppet::Util::Windows::ADSI
|
|
176
176
|
sids = []
|
177
177
|
adsi_child_collection.each do |m|
|
178
178
|
sids << Puppet::Util::Windows::SID.ads_to_principal(m)
|
179
|
+
rescue Puppet::Util::Windows::Error => e
|
180
|
+
case e.code
|
181
|
+
when Puppet::Util::Windows::SID::ERROR_TRUSTED_RELATIONSHIP_FAILURE, Puppet::Util::Windows::SID::ERROR_TRUSTED_DOMAIN_FAILURE
|
182
|
+
sids << Puppet::Util::Windows::SID.unresolved_principal(m.name, m.sid)
|
183
|
+
else
|
184
|
+
raise e
|
185
|
+
end
|
179
186
|
end
|
180
187
|
|
181
188
|
sids
|
@@ -488,7 +495,7 @@ module Puppet::Util::Windows::ADSI
|
|
488
495
|
# UNLEN from lmcons.h - https://stackoverflow.com/a/2155176
|
489
496
|
MAX_USERNAME_LENGTH = 256
|
490
497
|
def self.current_user_name
|
491
|
-
user_name =
|
498
|
+
user_name = ''.dup
|
492
499
|
max_length = MAX_USERNAME_LENGTH + 1 # NULL terminated
|
493
500
|
FFI::MemoryPointer.new(max_length * 2) do |buffer| # wide string
|
494
501
|
FFI::MemoryPointer.new(:dword, 1) do |buffer_size|
|
@@ -520,7 +527,7 @@ module Puppet::Util::Windows::ADSI
|
|
520
527
|
NameSurname = 14
|
521
528
|
|
522
529
|
def self.current_user_name_with_format(format)
|
523
|
-
user_name =
|
530
|
+
user_name = ''.dup
|
524
531
|
max_length = 1024
|
525
532
|
|
526
533
|
FFI::MemoryPointer.new(:lpwstr, max_length * 2 + 1) do |buffer|
|
@@ -32,7 +32,7 @@ class Puppet::Util::Windows::Error < Puppet::Error
|
|
32
32
|
FORMAT_MESSAGE_ARGUMENT_ARRAY |
|
33
33
|
FORMAT_MESSAGE_IGNORE_INSERTS |
|
34
34
|
FORMAT_MESSAGE_MAX_WIDTH_MASK
|
35
|
-
error_string =
|
35
|
+
error_string = ''.dup
|
36
36
|
|
37
37
|
# this pointer actually points to a :lpwstr (pointer) since we're letting Windows allocate for us
|
38
38
|
FFI::MemoryPointer.new(:pointer, 1) do |buffer_ptr|
|
@@ -245,7 +245,7 @@ module Puppet::Util::Windows::File
|
|
245
245
|
module_function :readlink
|
246
246
|
|
247
247
|
def get_long_pathname(path)
|
248
|
-
converted =
|
248
|
+
converted = ''.dup
|
249
249
|
FFI::Pointer.from_string_to_wide_string(path) do |path_ptr|
|
250
250
|
# includes terminating NULL
|
251
251
|
buffer_size = GetLongPathNameW(path_ptr, FFI::Pointer::NULL, 0)
|
@@ -263,7 +263,7 @@ module Puppet::Util::Windows::File
|
|
263
263
|
module_function :get_long_pathname
|
264
264
|
|
265
265
|
def get_short_pathname(path)
|
266
|
-
converted =
|
266
|
+
converted = ''.dup
|
267
267
|
FFI::Pointer.from_string_to_wide_string(path) do |path_ptr|
|
268
268
|
# includes terminating NULL
|
269
269
|
buffer_size = GetShortPathNameW(path_ptr, FFI::Pointer::NULL, 0)
|
@@ -121,7 +121,7 @@ module Puppet::Util::Windows::Process
|
|
121
121
|
module_function :with_process_token
|
122
122
|
|
123
123
|
def get_process_image_name_by_pid(pid)
|
124
|
-
image_name =
|
124
|
+
image_name = ''.dup
|
125
125
|
|
126
126
|
Puppet::Util::Windows::Security.with_privilege(Puppet::Util::Windows::Security::SE_DEBUG_NAME) do
|
127
127
|
open_process(PROCESS_QUERY_INFORMATION, false, pid) do |phandle|
|
@@ -7,8 +7,10 @@ module Puppet::Util::Windows
|
|
7
7
|
extend FFI::Library
|
8
8
|
|
9
9
|
# missing from Windows::Error
|
10
|
-
ERROR_NONE_MAPPED
|
11
|
-
ERROR_INVALID_SID_STRUCTURE
|
10
|
+
ERROR_NONE_MAPPED = 1332
|
11
|
+
ERROR_INVALID_SID_STRUCTURE = 1337
|
12
|
+
ERROR_TRUSTED_DOMAIN_FAILURE = 1788
|
13
|
+
ERROR_TRUSTED_RELATIONSHIP_FAILURE = 1789
|
12
14
|
|
13
15
|
# Well Known SIDs
|
14
16
|
Null = 'S-1-0'
|
data/lib/puppet/util.rb
CHANGED
@@ -409,8 +409,7 @@ module Util
|
|
409
409
|
def uri_encode(path, opts = { :allow_fragment => false })
|
410
410
|
raise ArgumentError.new(_('path may not be nil')) if path.nil?
|
411
411
|
|
412
|
-
|
413
|
-
encoded = String.new.encode!(Encoding::UTF_8)
|
412
|
+
encoded = ''.dup
|
414
413
|
|
415
414
|
# parse uri into named matches, then reassemble properly encoded
|
416
415
|
parts = path.match(RFC_3986_URI_REGEX)
|
@@ -454,7 +453,7 @@ module Util
|
|
454
453
|
|
455
454
|
def rfc2396_escape(str)
|
456
455
|
str.gsub(UNSAFE) do |match|
|
457
|
-
tmp =
|
456
|
+
tmp = ''.dup
|
458
457
|
match.each_byte do |uc|
|
459
458
|
tmp << sprintf('%%%02X', uc)
|
460
459
|
end
|
data/lib/puppet/version.rb
CHANGED
@@ -311,6 +311,13 @@ class Puppet::X509::CertProvider
|
|
311
311
|
options[:extension_requests] = csr_attributes.extension_requests
|
312
312
|
end
|
313
313
|
|
314
|
+
# Adds auto-renew attribute to CSR if the agent supports auto-renewal of
|
315
|
+
# certificates
|
316
|
+
if Puppet[:hostcert_renewal_interval] && Puppet[:hostcert_renewal_interval] > 0
|
317
|
+
options[:csr_attributes] ||= {}
|
318
|
+
options[:csr_attributes].merge!({'1.3.6.1.4.1.34380.1.3.2' => 'true'})
|
319
|
+
end
|
320
|
+
|
314
321
|
csr = Puppet::SSL::CertificateRequest.new(name)
|
315
322
|
csr.generate(private_key, options)
|
316
323
|
end
|
@@ -369,13 +376,17 @@ class Puppet::X509::CertProvider
|
|
369
376
|
OpenSSL::X509::Request.new(pem)
|
370
377
|
end
|
371
378
|
|
372
|
-
|
373
|
-
|
379
|
+
# Return the path to the cert related object (key, CSR, cert, etc).
|
380
|
+
#
|
381
|
+
# @param base [String] base directory
|
382
|
+
# @param name [String] the name associated with the cert related object
|
374
383
|
def to_path(base, name)
|
375
384
|
raise _("Certname %{name} must not contain unprintable or non-ASCII characters") % { name: name.inspect } unless name =~ VALID_CERTNAME
|
376
385
|
File.join(base, "#{name.downcase}.pem")
|
377
386
|
end
|
378
387
|
|
388
|
+
private
|
389
|
+
|
379
390
|
def permissions_for_setting(name)
|
380
391
|
setting = Puppet.settings.setting(name)
|
381
392
|
perm = { mode: setting.mode.to_i(8) }
|