puppet 8.6.0 → 8.8.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +7 -2
- data/Gemfile.lock +63 -53
- data/Rakefile +45 -22
- data/examples/hiera/README.md +68 -57
- data/examples/hiera/data/common.yaml +12 -0
- data/examples/hiera/data/dc1.yaml +6 -0
- data/examples/hiera/hiera.yaml +15 -0
- data/examples/hiera/modules/ntp/data/common.yaml +4 -0
- data/examples/hiera/modules/ntp/hiera.yaml +9 -0
- data/examples/hiera/modules/ntp/manifests/config.pp +16 -4
- data/examples/hiera/modules/ntp/templates/ntp.conf.epp +3 -0
- data/examples/hiera/modules/users/manifests/common.pp +7 -2
- data/examples/hiera/modules/users/manifests/dc1.pp +7 -2
- data/examples/hiera/site.pp +1 -1
- data/ext/project_data.yaml +0 -45
- data/ext/windows/service/daemon.rb +9 -2
- data/lib/puppet/application/doc.rb +1 -5
- data/lib/puppet/application/lookup.rb +2 -0
- data/lib/puppet/defaults.rb +5 -19
- data/lib/puppet/file_serving/http_metadata.rb +2 -0
- data/lib/puppet/functions/regsubst.rb +11 -14
- data/lib/puppet/indirector/catalog/compiler.rb +2 -35
- data/lib/puppet/module_tool/tar/gnu.rb +10 -8
- data/lib/puppet/node/server_facts.rb +43 -0
- data/lib/puppet/parser/functions/generate.rb +2 -1
- data/lib/puppet/pops/evaluator/deferred_resolver.rb +41 -6
- data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +2 -1
- data/lib/puppet/pops/evaluator/runtime3_support.rb +0 -6
- data/lib/puppet/pops/loader/static_loader.rb +2 -2
- data/lib/puppet/pops/lookup/module_data_provider.rb +9 -9
- data/lib/puppet/provider/aix_object.rb +1 -1
- data/lib/puppet/provider/file/posix.rb +16 -2
- data/lib/puppet/provider/group/groupadd.rb +30 -9
- data/lib/puppet/provider/package/gem.rb +1 -0
- data/lib/puppet/provider/package/pkgutil.rb +6 -5
- data/lib/puppet/provider/package/puppet_gem.rb +4 -15
- data/lib/puppet/provider/package/xbps.rb +127 -0
- data/lib/puppet/type/exec.rb +8 -0
- data/lib/puppet/type/file/selcontext.rb +7 -6
- data/lib/puppet/type/file/target.rb +9 -11
- data/lib/puppet/util/command_line/trollop.rb +20 -2
- data/lib/puppet/util/execution.rb +1 -1
- data/lib/puppet/util/reference.rb +1 -30
- data/lib/puppet/util/rpm_compare.rb +1 -1
- data/lib/puppet/util/run_mode.rb +40 -0
- data/lib/puppet/util/selinux.rb +14 -4
- data/lib/puppet/util/windows/com.rb +2 -2
- data/lib/puppet/util/windows/daemon.rb +15 -32
- data/lib/puppet/version.rb +1 -1
- data/locales/puppet.pot +648 -648
- data/man/man5/puppet.conf.5 +2 -2
- data/man/man8/puppet-agent.8 +1 -1
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +1 -1
- data/man/man8/puppet-filebucket.8 +1 -1
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-module.8 +1 -1
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +1 -1
- data/man/man8/puppet.8 +2 -2
- metadata +56 -51
- data/examples/hiera/etc/hiera.yaml +0 -15
- data/examples/hiera/etc/hieradb/common.yaml +0 -3
- data/examples/hiera/etc/hieradb/dc1.yaml +0 -6
- data/examples/hiera/etc/hieradb/development.yaml +0 -2
- data/examples/hiera/etc/puppet.conf +0 -3
- data/examples/hiera/modules/data/manifests/common.pp +0 -4
- data/examples/hiera/modules/ntp/manifests/data.pp +0 -4
- data/examples/hiera/modules/ntp/templates/ntp.conf.erb +0 -3
- data/examples/hiera/modules/users/manifests/development.pp +0 -4
- data/tasks/benchmark.rake +0 -180
- data/tasks/cfpropertylist.rake +0 -15
- data/tasks/ci.rake +0 -24
- data/tasks/generate_ast_model.rake +0 -90
- data/tasks/generate_cert_fixtures.rake +0 -199
- data/tasks/manpages.rake +0 -67
- data/tasks/memwalk.rake +0 -195
- data/tasks/parallel.rake +0 -410
- data/tasks/parser.rake +0 -22
- data/tasks/yard.rake +0 -59
data/tasks/benchmark.rake
DELETED
@@ -1,180 +0,0 @@
|
|
1
|
-
require 'benchmark'
|
2
|
-
require 'tmpdir'
|
3
|
-
require 'csv'
|
4
|
-
require 'objspace'
|
5
|
-
|
6
|
-
namespace :benchmark do
|
7
|
-
def generate_scenario_tasks(location, name)
|
8
|
-
desc File.read(File.join(location, 'description'))
|
9
|
-
task name => "#{name}:run"
|
10
|
-
# Load a BenchmarkerTask to handle config of the benchmark
|
11
|
-
task_handler_file = File.expand_path(File.join(location, 'benchmarker_task.rb'))
|
12
|
-
if File.exist?(task_handler_file)
|
13
|
-
require task_handler_file
|
14
|
-
run_args = BenchmarkerTask.run_args
|
15
|
-
else
|
16
|
-
run_args = []
|
17
|
-
end
|
18
|
-
|
19
|
-
namespace name do
|
20
|
-
task :setup do
|
21
|
-
ENV['ITERATIONS'] ||= '10'
|
22
|
-
ENV['SIZE'] ||= '100'
|
23
|
-
ENV['TARGET'] ||= Dir.mktmpdir(name)
|
24
|
-
ENV['TARGET'] = File.expand_path(ENV['TARGET'])
|
25
|
-
|
26
|
-
mkdir_p(ENV['TARGET'])
|
27
|
-
|
28
|
-
require File.expand_path(File.join(location, 'benchmarker.rb'))
|
29
|
-
|
30
|
-
@benchmark = Benchmarker.new(ENV['TARGET'], ENV['SIZE'].to_i)
|
31
|
-
end
|
32
|
-
|
33
|
-
task :generate => :setup do
|
34
|
-
@benchmark.generate
|
35
|
-
@benchmark.setup
|
36
|
-
end
|
37
|
-
|
38
|
-
desc "Run the #{name} scenario."
|
39
|
-
task :run, [*run_args] => :generate do |_, args|
|
40
|
-
report = []
|
41
|
-
details = []
|
42
|
-
Benchmark.benchmark(Benchmark::CAPTION, 10, Benchmark::FORMAT, "> total:", "> avg:") do |b|
|
43
|
-
times = []
|
44
|
-
ENV['ITERATIONS'].to_i.times do |i|
|
45
|
-
start_time = Time.now.to_i
|
46
|
-
times << b.report("Run #{i + 1}") do
|
47
|
-
details << @benchmark.run(args)
|
48
|
-
end
|
49
|
-
report << [to_millis(start_time), to_millis(times.last.real), 200, true, name]
|
50
|
-
end
|
51
|
-
|
52
|
-
sum = times.inject(Benchmark::Tms.new, &:+)
|
53
|
-
|
54
|
-
[sum, sum / times.length]
|
55
|
-
end
|
56
|
-
|
57
|
-
write_csv("#{name}.samples",
|
58
|
-
%w{timestamp elapsed responsecode success name},
|
59
|
-
report)
|
60
|
-
|
61
|
-
# report details, if any were produced
|
62
|
-
if details[0].is_a?(Array) && details[0][0].is_a?(Benchmark::Tms)
|
63
|
-
# assume all entries are Tms if the first is
|
64
|
-
# turn each into a hash of label => tms (since labels are lost when doing arithmetic on Tms)
|
65
|
-
hashed = details.reduce([]) do |memo, measures|
|
66
|
-
memo << measures.reduce({}) {|memo2, measure| memo2[measure.label] = measure; memo2}
|
67
|
-
memo
|
68
|
-
end
|
69
|
-
# sum across all hashes
|
70
|
-
result = {}
|
71
|
-
|
72
|
-
hashed_totals = hashed.reduce {|memo, h| memo.merge(h) {|k, old, new| old + new }}
|
73
|
-
# average the totals
|
74
|
-
hashed_totals.keys.each {|k| hashed_totals[k] /= details.length }
|
75
|
-
min_width = 14
|
76
|
-
max_width = (hashed_totals.keys.map(&:length) << min_width).max
|
77
|
-
puts "\n"
|
78
|
-
puts sprintf("%2$*1$s %3$s", -max_width, 'Details (avg)', " user system total real")
|
79
|
-
puts "-" * (46 + max_width)
|
80
|
-
hashed_totals.sort.each {|k,v| puts sprintf("%2$*1$s %3$s", -max_width, k, v.format) }
|
81
|
-
end
|
82
|
-
end
|
83
|
-
|
84
|
-
desc "Profile a single run of the #{name} scenario."
|
85
|
-
task :profile, [:warm_up_runs, *run_args] => :generate do |_, args|
|
86
|
-
warm_up_runs = (args[:warm_up_runs] || '0').to_i
|
87
|
-
warm_up_runs.times do
|
88
|
-
@benchmark.run(args)
|
89
|
-
end
|
90
|
-
|
91
|
-
require 'ruby-prof'
|
92
|
-
|
93
|
-
result = RubyProf.profile do
|
94
|
-
@benchmark.run(args)
|
95
|
-
end
|
96
|
-
|
97
|
-
printer = RubyProf::CallTreePrinter.new(result)
|
98
|
-
printer.print(:profile => name, :path => ENV['TARGET'])
|
99
|
-
path = File.join(ENV['TARGET'], "#{name}.callgrind.out.#{$$}")
|
100
|
-
puts "Generated callgrind file: #{path}"
|
101
|
-
end
|
102
|
-
|
103
|
-
desc "Print a memory profile of the #{name} scenario."
|
104
|
-
task :memory_profile, [*run_args] => :generate do |_, args|
|
105
|
-
begin
|
106
|
-
require 'memory_profiler'
|
107
|
-
rescue LoadError
|
108
|
-
abort("Run `bundle install --with development` to install the 'memory_profiler' gem.")
|
109
|
-
end
|
110
|
-
|
111
|
-
report = MemoryProfiler.report do
|
112
|
-
@benchmark.run(args)
|
113
|
-
end
|
114
|
-
|
115
|
-
path = "mem_profile_#{$PID}"
|
116
|
-
report.pretty_print(to_file: path)
|
117
|
-
|
118
|
-
puts "Generated memory profile: #{File.absolute_path(path)}"
|
119
|
-
end
|
120
|
-
|
121
|
-
desc "Generate a heap dump with object allocation tracing of the #{name} scenario."
|
122
|
-
task :heap_dump, [*run_args] => :generate do |_, args|
|
123
|
-
ObjectSpace.trace_object_allocations_start
|
124
|
-
|
125
|
-
if ENV['DISABLE_GC']
|
126
|
-
GC.disable
|
127
|
-
end
|
128
|
-
|
129
|
-
@benchmark.run(args)
|
130
|
-
|
131
|
-
unless ENV['DISABLE_GC']
|
132
|
-
GC.start
|
133
|
-
end
|
134
|
-
|
135
|
-
path = "heap_#{$PID}.json"
|
136
|
-
File.open(path, 'w') do |file|
|
137
|
-
ObjectSpace.dump_all(output: file)
|
138
|
-
end
|
139
|
-
|
140
|
-
puts "Generated heap dump: #{File.absolute_path(path)}"
|
141
|
-
end
|
142
|
-
|
143
|
-
def to_millis(seconds)
|
144
|
-
(seconds * 1000).round
|
145
|
-
end
|
146
|
-
|
147
|
-
def write_csv(file, header, data)
|
148
|
-
CSV.open(file, 'w') do |csv|
|
149
|
-
csv << header
|
150
|
-
data.each do |line|
|
151
|
-
csv << line
|
152
|
-
end
|
153
|
-
end
|
154
|
-
end
|
155
|
-
end
|
156
|
-
end
|
157
|
-
|
158
|
-
scenarios = []
|
159
|
-
Dir.glob('benchmarks/*') do |location|
|
160
|
-
name = File.basename(location)
|
161
|
-
scenarios << name
|
162
|
-
generate_scenario_tasks(location, File.basename(location))
|
163
|
-
end
|
164
|
-
|
165
|
-
namespace :all do
|
166
|
-
desc "Profile all of the scenarios. (#{scenarios.join(', ')})"
|
167
|
-
task :profile do
|
168
|
-
scenarios.each do |name|
|
169
|
-
sh "rake benchmark:#{name}:profile"
|
170
|
-
end
|
171
|
-
end
|
172
|
-
|
173
|
-
desc "Run all of the scenarios. (#{scenarios.join(', ')})"
|
174
|
-
task :run do
|
175
|
-
scenarios.each do |name|
|
176
|
-
sh "rake benchmark:#{name}:run"
|
177
|
-
end
|
178
|
-
end
|
179
|
-
end
|
180
|
-
end
|
data/tasks/cfpropertylist.rake
DELETED
@@ -1,15 +0,0 @@
|
|
1
|
-
task 'cfpropertylist' do
|
2
|
-
if defined? Pkg::Config and Pkg::Config.project_root
|
3
|
-
cfp_version = "2.3.5"
|
4
|
-
libdir = File.join(Pkg::Config.project_root, "lib")
|
5
|
-
source = "https://github.com/ckruse/CFPropertyList/archive/cfpropertylist-#{cfp_version}.tar.gz"
|
6
|
-
target_dir = Pkg::Util::File.mktemp
|
7
|
-
target = File.join(target_dir, "cfpropertylist")
|
8
|
-
Pkg::Util::Net.fetch_uri(source, target)
|
9
|
-
Pkg::Util::File.untar_into(target, target_dir, "--strip-components 1")
|
10
|
-
mv(Dir.glob("#{File.join(target_dir, "lib")}/cfpropertylist*"), libdir)
|
11
|
-
mv(Dir.glob("#{target_dir}/{LICENSE,README,THANKS}"), File.join(libdir, "cfpropertylist"))
|
12
|
-
else
|
13
|
-
warn "It looks like the packaging tasks have not been loaded. You'll need to `rake package:bootstrap` before using this task"
|
14
|
-
end
|
15
|
-
end
|
data/tasks/ci.rake
DELETED
@@ -1,24 +0,0 @@
|
|
1
|
-
require 'yaml'
|
2
|
-
require 'time'
|
3
|
-
|
4
|
-
namespace "ci" do
|
5
|
-
desc "Tar up the acceptance/ directory so that package test runs have tests to run against."
|
6
|
-
task :acceptance_artifacts => :tag_creator do
|
7
|
-
Dir.chdir("acceptance") do
|
8
|
-
rm_f "acceptance-artifacts.tar.gz"
|
9
|
-
sh "tar -czv --exclude .bundle -f acceptance-artifacts.tar.gz *"
|
10
|
-
end
|
11
|
-
end
|
12
|
-
|
13
|
-
task :tag_creator do
|
14
|
-
Dir.chdir("acceptance") do
|
15
|
-
File.open('creator.txt', 'w') do |fh|
|
16
|
-
YAML.dump({
|
17
|
-
'creator_id' => ENV['CREATOR'] || ENV['BUILD_URL'] || 'unknown',
|
18
|
-
'created_on' => Time.now.iso8601,
|
19
|
-
'commit' => (`git log -1 --oneline` rescue "unknown: #{$!}")
|
20
|
-
}, fh)
|
21
|
-
end
|
22
|
-
end
|
23
|
-
end
|
24
|
-
end
|
@@ -1,90 +0,0 @@
|
|
1
|
-
begin
|
2
|
-
require 'puppet'
|
3
|
-
rescue LoadError
|
4
|
-
#nothing to see here
|
5
|
-
else
|
6
|
-
desc "Generate the Pcore model that represents the AST for the Puppet Language"
|
7
|
-
task :gen_pcore_ast do
|
8
|
-
Puppet::Pops.generate_ast
|
9
|
-
end
|
10
|
-
|
11
|
-
module Puppet::Pops
|
12
|
-
def self.generate_ast
|
13
|
-
Puppet.initialize_settings
|
14
|
-
env = Puppet.lookup(:environments).get(Puppet[:environment])
|
15
|
-
loaders = Loaders.new(env)
|
16
|
-
ast_pp = Pathname(__FILE__).parent.parent + 'lib/puppet/pops/model/ast.pp'
|
17
|
-
Puppet.override(:current_environment => env, :loaders => loaders) do
|
18
|
-
ast_factory = Parser::Parser.new.parse_file(ast_pp.expand_path.to_s)
|
19
|
-
ast_model = Types::TypeParser.singleton.interpret(
|
20
|
-
ast_factory.model.body, Loader::PredefinedLoader.new(loaders.find_loader(nil), 'TypeSet loader'))
|
21
|
-
|
22
|
-
ruby = Types::RubyGenerator.new.module_definition_from_typeset(ast_model)
|
23
|
-
|
24
|
-
# Replace ref() constructs to known Pcore types with directly initialized types. ref() cannot be used
|
25
|
-
# since it requires a parser (chicken-and-egg problem)
|
26
|
-
ruby.gsub!(/^module Parser\nmodule Locator\n.*\nend\nend\nmodule Model\n/m, "module Model\n")
|
27
|
-
|
28
|
-
# Remove generated RubyMethod annotations. The ruby methods are there now, no need to also have
|
29
|
-
# the annotations present.
|
30
|
-
ruby.gsub!(/^\s+'annotations' => \{\n\s+ref\('RubyMethod'\) => \{\n.*\n\s+\}\n\s+\},\n/, '')
|
31
|
-
|
32
|
-
ruby.gsub!(/ref\('([A-Za-z]+)'\)/, 'Types::P\1Type::DEFAULT')
|
33
|
-
ruby.gsub!(/ref\('Optional\[([0-9A-Za-z_]+)\]'\)/, 'Types::POptionalType.new(Types::P\1Type::DEFAULT)')
|
34
|
-
ruby.gsub!(/ref\('Array\[([0-9A-Za-z_]+)\]'\)/, 'Types::PArrayType.new(Types::P\1Type::DEFAULT)')
|
35
|
-
ruby.gsub!(/ref\('Optional\[Array\[([0-9A-Za-z_]+)\]\]'\)/,
|
36
|
-
'Types::POptionalType.new(Types::PArrayType.new(Types::P\1Type::DEFAULT))')
|
37
|
-
ruby.gsub!(/ref\('Enum(\[[^\]]+\])'\)/) do |match|
|
38
|
-
params = $1
|
39
|
-
params.gsub!(/\\'/, '\'')
|
40
|
-
"Types::PEnumType.new(#{params})"
|
41
|
-
end
|
42
|
-
|
43
|
-
# Replace ref() constructs with references to _pcore_type of the types in the module namespace
|
44
|
-
ruby.gsub!(/ref\('Puppet::AST::Locator'\)/, 'Parser::Locator::Locator19._pcore_type')
|
45
|
-
ruby.gsub!(/ref\('Puppet::AST::([0-9A-Za-z_]+)'\)/, '\1._pcore_type')
|
46
|
-
ruby.gsub!(/ref\('Optional\[Puppet::AST::([0-9A-Za-z_]+)\]'\)/, 'Types::POptionalType.new(\1._pcore_type)')
|
47
|
-
ruby.gsub!(/ref\('Array\[Puppet::AST::([0-9A-Za-z_]+)\]'\)/, 'Types::PArrayType.new(\1._pcore_type)')
|
48
|
-
ruby.gsub!(/ref\('Array\[Puppet::AST::([0-9A-Za-z_]+), 1, default\]'\)/,
|
49
|
-
'Types::PArrayType.new(\1._pcore_type, Types::PCollectionType::NOT_EMPTY_SIZE)')
|
50
|
-
|
51
|
-
# Remove the generated ref() method. It's not needed by this model
|
52
|
-
ruby.gsub!(/ def self\.ref\(type_string\)\n.*\n end\n\n/, '')
|
53
|
-
|
54
|
-
# Add Program#current method for backward compatibility
|
55
|
-
ruby.gsub!(/(attr_reader :body\n attr_reader :definitions\n attr_reader :locator)/, "\\1\n\n def current\n self\n end")
|
56
|
-
|
57
|
-
# Replace the generated registration with a registration that uses the static loader. This will
|
58
|
-
# become part of the Puppet bootstrap code and there will be no other loader until we have a
|
59
|
-
# parser.
|
60
|
-
ruby.gsub!(/^Puppet::Pops::Pcore.register_implementations\((\[[^\]]+\])\)/, <<-RUBY)
|
61
|
-
|
62
|
-
module Model
|
63
|
-
@@pcore_ast_initialized = false
|
64
|
-
def self.register_pcore_types
|
65
|
-
return if @@pcore_ast_initialized
|
66
|
-
@@pcore_ast_initialized = true
|
67
|
-
all_types = \\1
|
68
|
-
|
69
|
-
# Create and register a TypeSet that corresponds to all types in the AST model
|
70
|
-
types_map = {}
|
71
|
-
all_types.each do |type|
|
72
|
-
types_map[type._pcore_type.simple_name] = type._pcore_type
|
73
|
-
end
|
74
|
-
type_set = Types::PTypeSetType.new({
|
75
|
-
'name' => 'Puppet::AST',
|
76
|
-
'pcore_version' => '1.0.0',
|
77
|
-
'types' => types_map
|
78
|
-
})
|
79
|
-
loc = Puppet::Util.path_to_uri("\#{__FILE__}")
|
80
|
-
Loaders.static_loader.set_entry(Loader::TypedName.new(:type, 'puppet::ast', Pcore::RUNTIME_NAME_AUTHORITY), type_set, URI("\#{loc}?line=1"))
|
81
|
-
Loaders.register_static_implementations(all_types)
|
82
|
-
end
|
83
|
-
end
|
84
|
-
RUBY
|
85
|
-
ast_rb = Pathname(__FILE__).parent.parent + 'lib/puppet/pops/model/ast.rb'
|
86
|
-
File.open(ast_rb.to_s, 'w') { |f| f.write(ruby) }
|
87
|
-
end
|
88
|
-
end
|
89
|
-
end
|
90
|
-
end
|
@@ -1,199 +0,0 @@
|
|
1
|
-
# Run this rake task to generate cert fixtures used in unit tests. This should
|
2
|
-
# be run whenever new fixtures are required that derive from the existing ones
|
3
|
-
# such as to add an extension to client certs, change expiration, etc. All
|
4
|
-
# regenerated fixtures should be committed together.
|
5
|
-
desc "Generate cert test fixtures"
|
6
|
-
task(:gen_cert_fixtures) do
|
7
|
-
$LOAD_PATH << File.expand_path(File.join(File.dirname(__FILE__), '../spec/lib'))
|
8
|
-
require 'puppet/test_ca'
|
9
|
-
|
10
|
-
def save(dir, name, x509)
|
11
|
-
path = File.join(dir, name)
|
12
|
-
puts "Generating #{path}"
|
13
|
-
File.open(path, 'w') do |f|
|
14
|
-
f.write(x509.to_text)
|
15
|
-
text = if block_given?
|
16
|
-
yield x509
|
17
|
-
else
|
18
|
-
x509.to_pem
|
19
|
-
end
|
20
|
-
|
21
|
-
f.write(text)
|
22
|
-
end
|
23
|
-
end
|
24
|
-
|
25
|
-
# This task generates a PKI consisting of a root CA, intermediate CA and
|
26
|
-
# several leaf certs. A CRL is generated for each CA. The root CA CRL is
|
27
|
-
# empty, while the intermediate CA CRL contains the revoked cert's serial
|
28
|
-
# number. A textual representation of each X509 object is included in the
|
29
|
-
# fixture as a comment.
|
30
|
-
#
|
31
|
-
# Certs
|
32
|
-
# =====
|
33
|
-
#
|
34
|
-
# ca.pem /CN=Test CA
|
35
|
-
# |
|
36
|
-
# intermediate.pem +- /CN=Test CA Subauthority
|
37
|
-
# | |
|
38
|
-
# signed.pem | +- /CN=signed
|
39
|
-
# revoked.pem | +- /CN=revoked
|
40
|
-
# tampered-cert.pem | +- /CN=signed (with different public key)
|
41
|
-
# ec.pem | +- /CN=ec (with EC private key)
|
42
|
-
# oid.pem | +- /CN=oid (with custom oid)
|
43
|
-
# |
|
44
|
-
# 127.0.0.1.pem +- /CN=127.0.0.1 (with dns alt names)
|
45
|
-
# |
|
46
|
-
# intermediate-agent.pem +- /CN=Test CA Agent Subauthority
|
47
|
-
# | |
|
48
|
-
# pluto.pem | +- /CN=pluto
|
49
|
-
# |
|
50
|
-
# bad-int-basic-constraints.pem +- /CN=Test CA Subauthority (bad isCA constraint)
|
51
|
-
#
|
52
|
-
# bad-basic-constraints.pem /CN=Test CA (bad isCA constraint)
|
53
|
-
#
|
54
|
-
# unknown-ca.pem /CN=Unknown CA
|
55
|
-
# |
|
56
|
-
# unknown-127.0.0.1.pem +- /CN=127.0.0.1
|
57
|
-
#
|
58
|
-
# Keys
|
59
|
-
# ====
|
60
|
-
#
|
61
|
-
# The RSA private key for each leaf cert is also generated. In addition,
|
62
|
-
# `encrypted-key.pem` contains the private key for the `signed` cert.
|
63
|
-
#
|
64
|
-
# Requests
|
65
|
-
# ========
|
66
|
-
#
|
67
|
-
# `request.pem` contains a valid CSR for /CN=pending, while `tampered_csr.pem`
|
68
|
-
# is the same as `request.pem`, but it's public key has been replaced.
|
69
|
-
#
|
70
|
-
dir = File.join(RAKE_ROOT, 'spec/fixtures/ssl')
|
71
|
-
|
72
|
-
# Create self-signed CA & key
|
73
|
-
unknown_ca = Puppet::TestCa.new('Unknown CA')
|
74
|
-
save(dir, 'unknown-ca.pem', unknown_ca.ca_cert)
|
75
|
-
save(dir, 'unknown-ca-key.pem', unknown_ca.key)
|
76
|
-
|
77
|
-
# Create an SSL cert for 127.0.0.1
|
78
|
-
signed = unknown_ca.create_cert('127.0.0.1', unknown_ca.ca_cert, unknown_ca.key, subject_alt_names: 'DNS:127.0.0.1,DNS:127.0.0.2')
|
79
|
-
save(dir, 'unknown-127.0.0.1.pem', signed[:cert])
|
80
|
-
save(dir, 'unknown-127.0.0.1-key.pem', signed[:private_key])
|
81
|
-
|
82
|
-
# Create Test CA & CRL
|
83
|
-
ca = Puppet::TestCa.new
|
84
|
-
save(dir, 'ca.pem', ca.ca_cert)
|
85
|
-
save(dir, 'crl.pem', ca.ca_crl)
|
86
|
-
|
87
|
-
# Create Intermediate CA & CRL "Test CA Subauthority" issued by "Test CA"
|
88
|
-
inter = ca.create_intermediate_cert('Test CA Subauthority', ca.ca_cert, ca.key)
|
89
|
-
save(dir, 'intermediate.pem', inter[:cert])
|
90
|
-
save(dir, 'intermediate-key.pem', inter[:private_key])
|
91
|
-
inter_crl = ca.create_crl(inter[:cert], inter[:private_key])
|
92
|
-
|
93
|
-
# Create a leaf/entity key and cert for host "signed" and issued by "Test CA Subauthority"
|
94
|
-
signed = ca.create_cert('signed', inter[:cert], inter[:private_key])
|
95
|
-
save(dir, 'signed.pem', signed[:cert])
|
96
|
-
save(dir, 'signed-key.pem', signed[:private_key])
|
97
|
-
|
98
|
-
# Create a cert for host "renewed" and issued by "Test CA Subauthority"
|
99
|
-
renewed = ca.create_cert('renewed', inter[:cert], inter[:private_key], reuse_key: signed[:private_key])
|
100
|
-
save(dir, 'renewed.pem', renewed[:cert])
|
101
|
-
|
102
|
-
# Create an encrypted version of the above private key for host "signed"
|
103
|
-
save(dir, 'encrypted-key.pem', signed[:private_key]) do |x509|
|
104
|
-
# private key password was chosen at random
|
105
|
-
x509.to_pem(OpenSSL::Cipher::AES.new(128, :CBC), '74695716c8b6')
|
106
|
-
end
|
107
|
-
|
108
|
-
# Create an SSL cert for 127.0.0.1 with dns_alt_names
|
109
|
-
signed = ca.create_cert('127.0.0.1', ca.ca_cert, ca.key, subject_alt_names: 'DNS:127.0.0.1,DNS:127.0.0.2')
|
110
|
-
save(dir, '127.0.0.1.pem', signed[:cert])
|
111
|
-
save(dir, '127.0.0.1-key.pem', signed[:private_key])
|
112
|
-
|
113
|
-
# Create an SSL cert with extensions containing custom oids
|
114
|
-
extensions = [
|
115
|
-
['1.3.6.1.4.1.34380.1.2.1.1', OpenSSL::ASN1::UTF8String.new('somevalue'), false],
|
116
|
-
]
|
117
|
-
oid = ca.create_cert('oid', inter[:cert], inter[:private_key], extensions: extensions)
|
118
|
-
save(dir, 'oid.pem', oid[:cert])
|
119
|
-
save(dir, 'oid-key.pem', oid[:private_key])
|
120
|
-
|
121
|
-
# Create a leaf/entity key and cert for host "revoked", issued by "Test CA Subauthority"
|
122
|
-
# and revoke the cert
|
123
|
-
revoked = ca.create_cert('revoked', inter[:cert], inter[:private_key])
|
124
|
-
ca.revoke(revoked[:cert], inter_crl, inter[:private_key])
|
125
|
-
save(dir, 'revoked.pem', revoked[:cert])
|
126
|
-
save(dir, 'revoked-key.pem', revoked[:private_key])
|
127
|
-
|
128
|
-
# Create an EC key and cert, issued by "Test CA Subauthority"
|
129
|
-
ec = ca.create_cert('ec', inter[:cert], inter[:private_key], key_type: :ec)
|
130
|
-
save(dir, 'ec.pem', ec[:cert])
|
131
|
-
save(dir, 'ec-key.pem', ec[:private_key])
|
132
|
-
|
133
|
-
# Create an encrypted version of the above private key for host "ec"
|
134
|
-
save(dir, 'encrypted-ec-key.pem', ec[:private_key]) do |x509|
|
135
|
-
# private key password was chosen at random
|
136
|
-
x509.to_pem(OpenSSL::Cipher::AES.new(128, :CBC), '74695716c8b6')
|
137
|
-
end
|
138
|
-
|
139
|
-
# Update intermediate CRL now that we've revoked
|
140
|
-
save(dir, 'intermediate-crl.pem', inter_crl)
|
141
|
-
|
142
|
-
# Create a pending request (CSR) and private key for host "pending"
|
143
|
-
request = ca.create_request('pending')
|
144
|
-
save(dir, 'request.pem', request[:csr])
|
145
|
-
save(dir, 'request-key.pem', request[:private_key])
|
146
|
-
|
147
|
-
# Create an intermediate for agent certs
|
148
|
-
inter_agent = ca.create_intermediate_cert('Test CA Agent Subauthority', ca.ca_cert, ca.key)
|
149
|
-
save(dir, 'intermediate-agent.pem', inter_agent[:cert])
|
150
|
-
inter_agent_crl = ca.create_crl(inter_agent[:cert], inter_agent[:private_key])
|
151
|
-
save(dir, 'intermediate-agent-crl.pem', inter_agent_crl)
|
152
|
-
|
153
|
-
# Create a leaf/entity key and cert for host "pluto" and issued by "Test CA Agent Subauthority"
|
154
|
-
pluto = ca.create_cert('pluto', inter_agent[:cert], inter_agent[:private_key])
|
155
|
-
save(dir, 'pluto.pem', pluto[:cert])
|
156
|
-
save(dir, 'pluto-key.pem', pluto[:private_key])
|
157
|
-
|
158
|
-
# Create a new root CA cert, but change the "isCA" basic constraint.
|
159
|
-
# It should not be trusted to act as a CA.
|
160
|
-
badconstraints = ca.create_cacert('Test CA')[:cert]
|
161
|
-
badconstraints.public_key = ca.ca_cert.public_key
|
162
|
-
badconstraints.extensions = []
|
163
|
-
ca.ca_cert.extensions.each do |ext|
|
164
|
-
if ext.oid == 'basicConstraints'
|
165
|
-
ef = OpenSSL::X509::ExtensionFactory.new
|
166
|
-
badconstraints.add_extension(ef.create_extension("basicConstraints","CA:FALSE", true))
|
167
|
-
else
|
168
|
-
badconstraints.add_extension(ext)
|
169
|
-
end
|
170
|
-
end
|
171
|
-
badconstraints.sign(ca.key, OpenSSL::Digest::SHA256.new)
|
172
|
-
save(dir, 'bad-basic-constraints.pem', badconstraints)
|
173
|
-
|
174
|
-
# Same as above, but create a new intermediate CA
|
175
|
-
badintconstraints = inter[:cert].dup
|
176
|
-
badintconstraints.public_key = inter[:cert].public_key
|
177
|
-
badintconstraints.extensions = []
|
178
|
-
inter[:cert].extensions.each do |ext|
|
179
|
-
if ext.oid == 'basicConstraints'
|
180
|
-
ef = OpenSSL::X509::ExtensionFactory.new
|
181
|
-
badintconstraints.add_extension(ef.create_extension("basicConstraints","CA:FALSE", true))
|
182
|
-
else
|
183
|
-
badintconstraints.add_extension(ext)
|
184
|
-
end
|
185
|
-
end
|
186
|
-
badintconstraints.sign(ca.key, OpenSSL::Digest::SHA256.new)
|
187
|
-
save(dir, 'bad-int-basic-constraints.pem', badintconstraints)
|
188
|
-
|
189
|
-
# Create a request, but replace its public key after it's signed
|
190
|
-
tampered_csr = ca.create_request('signed')[:csr]
|
191
|
-
tampered_csr.public_key = OpenSSL::PKey::RSA.new(2048).public_key
|
192
|
-
save(dir, 'tampered-csr.pem', tampered_csr)
|
193
|
-
|
194
|
-
# Create a cert issued from the real intermediate CA, but replace its
|
195
|
-
# public key
|
196
|
-
tampered_cert = ca.create_cert('signed', inter[:cert], inter[:private_key])[:cert]
|
197
|
-
tampered_cert.public_key = OpenSSL::PKey::RSA.new(2048).public_key
|
198
|
-
save(dir, 'tampered-cert.pem', tampered_cert)
|
199
|
-
end
|
data/tasks/manpages.rake
DELETED
@@ -1,67 +0,0 @@
|
|
1
|
-
desc "Build Puppet manpages"
|
2
|
-
task :gen_manpages do
|
3
|
-
require 'puppet/face'
|
4
|
-
require 'fileutils'
|
5
|
-
|
6
|
-
Puppet.initialize_settings
|
7
|
-
helpface = Puppet::Face[:help, '0.0.1']
|
8
|
-
|
9
|
-
bins = Dir.glob(%w{bin/*})
|
10
|
-
non_face_applications = helpface.legacy_applications
|
11
|
-
faces = Puppet::Face.faces.map(&:to_s)
|
12
|
-
apps = non_face_applications + faces
|
13
|
-
|
14
|
-
ronn_args = '--manual="Puppet manual" --organization="Puppet, Inc." --roff'
|
15
|
-
|
16
|
-
unless ENV['SOURCE_DATE_EPOCH'].nil?
|
17
|
-
source_date = Time.at(ENV['SOURCE_DATE_EPOCH'].to_i).strftime('%Y-%m-%d')
|
18
|
-
ronn_args += " --date=#{source_date}"
|
19
|
-
end
|
20
|
-
|
21
|
-
# Locate ronn
|
22
|
-
begin
|
23
|
-
require 'ronn'
|
24
|
-
rescue LoadError
|
25
|
-
abort("Run `bundle install --with documentation` to install the `ronn` gem.")
|
26
|
-
end
|
27
|
-
|
28
|
-
ronn = %x{which ronn}.chomp
|
29
|
-
unless File.executable?(ronn)
|
30
|
-
abort("Ronn does not appear to be installed")
|
31
|
-
end
|
32
|
-
|
33
|
-
%x{mkdir -p ./man/man5 ./man/man8}
|
34
|
-
%x{RUBYLIB=./lib:$RUBYLIB bin/puppet doc --reference configuration > ./man/man5/puppetconf.5.ronn}
|
35
|
-
%x{#{ronn} #{ronn_args} ./man/man5/puppetconf.5.ronn}
|
36
|
-
FileUtils.mv("./man/man5/puppetconf.5", "./man/man5/puppet.conf.5")
|
37
|
-
FileUtils.rm("./man/man5/puppetconf.5.ronn")
|
38
|
-
|
39
|
-
# Create LEGACY binary man pages (i.e. delete me for 2.8.0)
|
40
|
-
bins.each do |bin|
|
41
|
-
b = bin.gsub( /^s?bin\//, "")
|
42
|
-
%x{RUBYLIB=./lib:$RUBYLIB #{bin} --help > ./man/man8/#{b}.8.ronn}
|
43
|
-
%x{#{ronn} #{ronn_args} ./man/man8/#{b}.8.ronn}
|
44
|
-
FileUtils.rm("./man/man8/#{b}.8.ronn")
|
45
|
-
end
|
46
|
-
|
47
|
-
apps.each do |app|
|
48
|
-
%x{RUBYLIB=./lib:$RUBYLIB bin/puppet help #{app} --ronn > ./man/man8/puppet-#{app}.8.ronn}
|
49
|
-
%x{#{ronn} #{ronn_args} ./man/man8/puppet-#{app}.8.ronn}
|
50
|
-
FileUtils.rm("./man/man8/puppet-#{app}.8.ronn")
|
51
|
-
end
|
52
|
-
|
53
|
-
# Delete orphaned manpages if binary was deleted
|
54
|
-
Dir.glob(%w{./man/man8/puppet-*.8}) do |app|
|
55
|
-
appname = app.match(/puppet-(.*)\.8/)[1]
|
56
|
-
FileUtils.rm("./man/man8/puppet-#{appname}.8") unless apps.include?(appname)
|
57
|
-
end
|
58
|
-
|
59
|
-
# Vile hack: create puppet resource man page
|
60
|
-
# Currently, the useless resource face wins against puppet resource in puppet
|
61
|
-
# man. (And actually, it even gets removed from the list of legacy
|
62
|
-
# applications.) So we overwrite it with the correct man page at the end.
|
63
|
-
%x{RUBYLIB=./lib:$RUBYLIB bin/puppet resource --help > ./man/man8/puppet-resource.8.ronn}
|
64
|
-
%x{#{ronn} #{ronn_args} ./man/man8/puppet-resource.8.ronn}
|
65
|
-
FileUtils.rm("./man/man8/puppet-resource.8.ronn")
|
66
|
-
|
67
|
-
end
|