puppet 4.7.0-x64-mingw32 → 4.7.1-x64-mingw32
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- data/Gemfile +3 -0
- data/Rakefile +2 -2
- data/ext/systemd/puppet.service +10 -0
- data/lib/puppet/network/http/error.rb +1 -1
- data/lib/puppet/network/http/handler.rb +2 -1
- data/lib/puppet/parser/functions/then.rb +2 -2
- data/lib/puppet/type/ssh_authorized_key.rb +16 -10
- data/lib/puppet/util/tagging.rb +1 -1
- data/lib/puppet/version.rb +1 -1
- data/spec/integration/util/windows/principal_spec.rb +2 -2
- data/spec/integration/util/windows/registry_spec.rb +4 -4
- data/spec/unit/network/http/error_spec.rb +2 -1
- data/spec/unit/network/http/handler_spec.rb +11 -3
- data/spec/unit/ssl/certificate_request_spec.rb +1 -1
- data/spec/unit/transaction/persistence_spec.rb +6 -1
- data/spec/unit/util/tagging_spec.rb +4 -0
- metadata +2 -2
data/Gemfile
CHANGED
@@ -53,6 +53,9 @@ group(:development, :test) do
|
|
53
53
|
|
54
54
|
gem 'rdoc', "~> 4.1", :platforms => [:ruby]
|
55
55
|
|
56
|
+
# webmock requires addressable as as of 2.5.0 addressable started
|
57
|
+
# requiring the public_suffix gem which requires Ruby 2
|
58
|
+
gem 'addressable', '< 2.5.0'
|
56
59
|
gem 'webmock', '~> 1.24'
|
57
60
|
gem 'vcr', '~> 2.9'
|
58
61
|
end
|
data/Rakefile
CHANGED
@@ -83,8 +83,8 @@ task(:commits) do
|
|
83
83
|
# populated with the range of commits the PR contains. If not available, this
|
84
84
|
# falls back to `master..HEAD` as a next best bet as `master` is unlikely to
|
85
85
|
# ever be absent.
|
86
|
-
commit_range = ENV['TRAVIS_COMMIT_RANGE'].nil? ? 'master..HEAD' : ENV['TRAVIS_COMMIT_RANGE']
|
87
|
-
puts "Checking commits
|
86
|
+
commit_range = ENV['TRAVIS_COMMIT_RANGE'].nil? ? 'master..HEAD' : ENV['TRAVIS_COMMIT_RANGE'].sub(/\.\.\./, '..')
|
87
|
+
puts "Checking commits #{commit_range}"
|
88
88
|
%x{git log --no-merges --pretty=%s #{commit_range}}.each_line do |commit_summary|
|
89
89
|
# This regex tests for the currently supported commit summary tokens: maint, doc, packaging, or pup-<number>.
|
90
90
|
# The exception tries to explain it in more full.
|
data/ext/systemd/puppet.service
CHANGED
@@ -1,3 +1,13 @@
|
|
1
|
+
#
|
2
|
+
# Local settings can be configured without being overwritten by package upgrades, for example
|
3
|
+
# if you want to increase puppet open-files-limit to 10000,
|
4
|
+
# you need to increase systemd's LimitNOFILE setting, so create a file named
|
5
|
+
# "/etc/systemd/system/puppet.service.d/limits.conf" containing:
|
6
|
+
# [Service]
|
7
|
+
# LimitNOFILE=10000
|
8
|
+
# You can confirm it worked by running systemctl daemon-reload
|
9
|
+
# then running systemctl show puppet | grep LimitNOFILE
|
10
|
+
#
|
1
11
|
[Unit]
|
2
12
|
Description=Puppet agent
|
3
13
|
Wants=basic.target
|
@@ -59,7 +59,7 @@ module Puppet::Network::HTTP::Error
|
|
59
59
|
|
60
60
|
def initialize(original_error, issue_kind = Issues::RUNTIME_ERROR)
|
61
61
|
super("Server Error: " + original_error.message, CODE, issue_kind)
|
62
|
-
@backtrace =
|
62
|
+
@backtrace = ["Warning: The 'stacktrace' property is deprecated and will be removed in a future version of Puppet. For security reasons, stacktraces are not returned with Puppet HTTP Error responses."]
|
63
63
|
end
|
64
64
|
|
65
65
|
def to_json
|
@@ -68,7 +68,8 @@ module Puppet::Network::HTTP::Handler
|
|
68
68
|
new_response.respond_with(e.status, "application/json", e.to_json)
|
69
69
|
rescue StandardError => e
|
70
70
|
http_e = Puppet::Network::HTTP::Error::HTTPServerError.new(e)
|
71
|
-
|
71
|
+
log_msg = [http_e.message, *e.backtrace].join("\n")
|
72
|
+
Puppet.err(log_msg)
|
72
73
|
new_response.respond_with(http_e.status, "application/json", http_e.to_json)
|
73
74
|
ensure
|
74
75
|
if profiler
|
@@ -1,5 +1,5 @@
|
|
1
1
|
Puppet::Parser::Functions::newfunction(
|
2
|
-
:
|
2
|
+
:then,
|
3
3
|
:type => :rvalue,
|
4
4
|
:arity => -2,
|
5
5
|
:doc => <<-DOC
|
@@ -31,7 +31,7 @@ notice $data.dig(a, b, 1, x).then |$x| { $x * 2 }
|
|
31
31
|
Which would notice `undef` since the last lookup of 'x' results in `undef` which
|
32
32
|
is returned (without calling the lambda given to the `then` function).
|
33
33
|
|
34
|
-
As a result there is no need for conditional logic or a temporary (non local)
|
34
|
+
As a result there is no need for conditional logic or a temporary (non local)
|
35
35
|
variable as the result is now either the wanted value (`x`) multiplied
|
36
36
|
by 2 or `undef`.
|
37
37
|
|
@@ -2,18 +2,20 @@ module Puppet
|
|
2
2
|
Type.newtype(:ssh_authorized_key) do
|
3
3
|
@doc = "Manages SSH authorized keys. Currently only type 2 keys are supported.
|
4
4
|
|
5
|
-
In their native habitat, SSH keys usually appear as a single long line
|
6
|
-
|
7
|
-
|
5
|
+
In their native habitat, SSH keys usually appear as a single long line, in
|
6
|
+
the format `<TYPE> <KEY> <NAME/COMMENT>`. This resource type requires you
|
7
|
+
to split that line into several attributes. Thus, a key that appears in
|
8
|
+
your `~/.ssh/id_rsa.pub` file like this...
|
8
9
|
|
9
|
-
ssh-rsa AAAAB3Nza[...]qXfdaQ== nick@magpie.
|
10
|
+
ssh-rsa AAAAB3Nza[...]qXfdaQ== nick@magpie.example.com
|
10
11
|
|
11
12
|
...would translate to the following resource:
|
12
13
|
|
13
|
-
ssh_authorized_key { 'nick@magpie.
|
14
|
-
|
15
|
-
|
16
|
-
|
14
|
+
ssh_authorized_key { 'nick@magpie.example.com':
|
15
|
+
ensure => present,
|
16
|
+
user => 'nick',
|
17
|
+
type => 'ssh-rsa',
|
18
|
+
key => 'AAAAB3Nza[...]qXfdaQ==',
|
17
19
|
}
|
18
20
|
|
19
21
|
To ensure that only the currently approved keys are present, you can purge
|
@@ -36,8 +38,12 @@ module Puppet
|
|
36
38
|
ensurable
|
37
39
|
|
38
40
|
newparam(:name) do
|
39
|
-
desc "The SSH key comment. This
|
40
|
-
|
41
|
+
desc "The SSH key comment. This can be anything, and doesn't need to match
|
42
|
+
the original comment from the `.pub` file.
|
43
|
+
|
44
|
+
Due to internal limitations, this must be unique across all user accounts;
|
45
|
+
if you want to specify one key for multiple users, you must use a different
|
46
|
+
comment for each instance."
|
41
47
|
|
42
48
|
isnamevar
|
43
49
|
|
data/lib/puppet/util/tagging.rb
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
require 'puppet/util/tag_set'
|
2
2
|
|
3
3
|
module Puppet::Util::Tagging
|
4
|
-
ValidTagRegex =
|
4
|
+
ValidTagRegex = /\A[0-9A-Za-z_][0-9A-Za-z_:.-]*\Z/
|
5
5
|
|
6
6
|
# Add a tag to the current tag set.
|
7
7
|
# When a tag set is used for a scope, these tags will be added to all of
|
data/lib/puppet/version.rb
CHANGED
@@ -8,7 +8,7 @@ describe Puppet::Util::Windows::SID::Principal, :if => Puppet.features.microsoft
|
|
8
8
|
let (:system_bytes) { [1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0] }
|
9
9
|
let (:null_sid_bytes) { bytes = [1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0] }
|
10
10
|
let (:administrator_bytes) { [1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0] }
|
11
|
-
let (:computer_sid) { Puppet::Util::Windows::SID.name_to_sid_object(
|
11
|
+
let (:computer_sid) { Puppet::Util::Windows::SID.name_to_sid_object(Puppet::Util::Windows::ADSI.computer_name) }
|
12
12
|
# BUILTIN is localized on German Windows, but not French
|
13
13
|
# looking this up like this dilutes the values of the tests as we're comparing two mechanisms
|
14
14
|
# for returning the same values, rather than to a known good
|
@@ -64,7 +64,7 @@ describe Puppet::Util::Windows::SID::Principal, :if => Puppet.features.microsoft
|
|
64
64
|
# otherwise running in AppVeyor there is no Administrator and a the current local user can be used
|
65
65
|
skip if (running_as_system && !user_exists)
|
66
66
|
|
67
|
-
hostname =
|
67
|
+
hostname = Puppet::Util::Windows::ADSI.computer_name
|
68
68
|
|
69
69
|
principal = Puppet::Util::Windows::SID::Principal.lookup_account_name("#{hostname}\\#{username}")
|
70
70
|
expect(principal.account).to match(/^#{Regexp.quote(username)}$/i)
|
@@ -129,7 +129,7 @@ describe Puppet::Util::Windows::Registry do
|
|
129
129
|
|
130
130
|
let (:hklm) { Win32::Registry::HKEY_LOCAL_MACHINE }
|
131
131
|
let (:puppet_key) { "SOFTWARE\\Puppet Labs"}
|
132
|
-
let (:subkey_name) { "PuppetRegistryTest" }
|
132
|
+
let (:subkey_name) { "PuppetRegistryTest#{SecureRandom.uuid}" }
|
133
133
|
let (:guid) { SecureRandom.uuid }
|
134
134
|
let (:regsam) { Puppet::Util::Windows::Registry::KEY32 }
|
135
135
|
|
@@ -187,7 +187,7 @@ describe Puppet::Util::Windows::Registry do
|
|
187
187
|
context "when reading values" do
|
188
188
|
let (:hklm) { Win32::Registry::HKEY_LOCAL_MACHINE }
|
189
189
|
let (:puppet_key) { "SOFTWARE\\Puppet Labs"}
|
190
|
-
let (:subkey_name) { "PuppetRegistryTest" }
|
190
|
+
let (:subkey_name) { "PuppetRegistryTest#{SecureRandom.uuid}" }
|
191
191
|
let (:value_name) { SecureRandom.uuid }
|
192
192
|
|
193
193
|
after(:each) do
|
@@ -228,7 +228,7 @@ describe Puppet::Util::Windows::Registry do
|
|
228
228
|
context "when reading corrupt values" do
|
229
229
|
let (:hklm) { Win32::Registry::HKEY_LOCAL_MACHINE }
|
230
230
|
let (:puppet_key) { "SOFTWARE\\Puppet Labs"}
|
231
|
-
let (:subkey_name) { "PuppetRegistryTest" }
|
231
|
+
let (:subkey_name) { "PuppetRegistryTest#{SecureRandom.uuid}" }
|
232
232
|
let (:value_name) { SecureRandom.uuid }
|
233
233
|
|
234
234
|
before(:each) do
|
@@ -254,4 +254,4 @@ describe Puppet::Util::Windows::Registry do
|
|
254
254
|
end
|
255
255
|
end
|
256
256
|
end
|
257
|
-
end
|
257
|
+
end
|
@@ -15,7 +15,7 @@ describe Puppet::Network::HTTP::Error do
|
|
15
15
|
end
|
16
16
|
|
17
17
|
describe Puppet::Network::HTTP::Error::HTTPServerError do
|
18
|
-
it "should serialize to JSON that matches the error schema and has
|
18
|
+
it "should serialize to JSON that matches the error schema and has a deprecated stacktrace property" do
|
19
19
|
begin
|
20
20
|
raise Exception, "a wild Exception appeared!"
|
21
21
|
rescue Exception => e
|
@@ -24,6 +24,7 @@ describe Puppet::Network::HTTP::Error do
|
|
24
24
|
error = Puppet::Network::HTTP::Error::HTTPServerError.new(culpable)
|
25
25
|
|
26
26
|
expect(error.to_json).to validate_against('api/schemas/error.json')
|
27
|
+
expect(error.to_json).to match(/The 'stacktrace' property is deprecated/)
|
27
28
|
end
|
28
29
|
end
|
29
30
|
|
@@ -74,9 +74,16 @@ describe Puppet::Network::HTTP::Handler do
|
|
74
74
|
expect(res[:status]).to eq(404)
|
75
75
|
end
|
76
76
|
|
77
|
-
it "returns a structured error response
|
77
|
+
it "returns a structured error response when the server encounters an internal error" do
|
78
|
+
error = StandardError.new("the sky is falling!")
|
79
|
+
original_stacktrace = ['a.rb', 'b.rb']
|
80
|
+
error.set_backtrace(original_stacktrace)
|
81
|
+
|
78
82
|
handler = PuppetSpec::Handler.new(
|
79
|
-
Puppet::Network::HTTP::Route.path(/.*/).get(lambda { |_, _| raise
|
83
|
+
Puppet::Network::HTTP::Route.path(/.*/).get(lambda { |_, _| raise error}))
|
84
|
+
|
85
|
+
# Stacktraces should be included in logs
|
86
|
+
Puppet.expects(:err).with("Server Error: the sky is falling!\na.rb\nb.rb")
|
80
87
|
|
81
88
|
req = a_request("GET", "/vtest/foo")
|
82
89
|
res = {}
|
@@ -89,7 +96,8 @@ describe Puppet::Network::HTTP::Handler do
|
|
89
96
|
expect(res_body["issue_kind"]).to eq(Puppet::Network::HTTP::Issues::RUNTIME_ERROR.to_s)
|
90
97
|
expect(res_body["message"]).to eq("Server Error: the sky is falling!")
|
91
98
|
expect(res_body["stacktrace"].is_a?(Array) && !res_body["stacktrace"].empty?).to be_truthy
|
92
|
-
expect(res_body["stacktrace"][0]).to match(
|
99
|
+
expect(res_body["stacktrace"][0]).to match(/The 'stacktrace' property is deprecated/)
|
100
|
+
expect(res_body["stacktrace"] & original_stacktrace).to be_empty
|
93
101
|
expect(res[:status]).to eq(500)
|
94
102
|
end
|
95
103
|
|
@@ -287,7 +287,7 @@ describe Puppet::SSL::CertificateRequest do
|
|
287
287
|
exts = {"thats.no.moon" => "death star"}
|
288
288
|
expect do
|
289
289
|
request.generate(key, :extension_requests => exts)
|
290
|
-
end.to raise_error Puppet::Error, /Cannot create CSR with extension request thats\.no\.moon
|
290
|
+
end.to raise_error Puppet::Error, /Cannot create CSR with extension request thats\.no\.moon.*: first num too large/
|
291
291
|
end
|
292
292
|
end
|
293
293
|
|
@@ -148,7 +148,12 @@ describe Puppet::Transaction::Persistence do
|
|
148
148
|
persistence = Puppet::Transaction::Persistence.new
|
149
149
|
|
150
150
|
if Puppet.features.microsoft_windows?
|
151
|
-
expect
|
151
|
+
expect do
|
152
|
+
persistence.save
|
153
|
+
end.to raise_error do |error|
|
154
|
+
expect(error).to be_a(Puppet::Util::Windows::Error)
|
155
|
+
expect(error.code).to eq(5) # ERROR_ACCESS_DENIED
|
156
|
+
end
|
152
157
|
else
|
153
158
|
expect { persistence.save }.to raise_error(Errno::EISDIR, /Is a directory/)
|
154
159
|
end
|
@@ -36,6 +36,10 @@ describe Puppet::Util::Tagging do
|
|
36
36
|
expect { tagger.tag("bad tag") }.to raise_error(Puppet::ParseError)
|
37
37
|
end
|
38
38
|
|
39
|
+
it "should fail on tags containing newline characters" do
|
40
|
+
expect { tagger.tag("bad\ntag") }.to raise_error(Puppet::ParseError)
|
41
|
+
end
|
42
|
+
|
39
43
|
it "should allow alpha tags" do
|
40
44
|
expect { tagger.tag("good_tag") }.not_to raise_error
|
41
45
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: puppet
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.7.
|
4
|
+
version: 4.7.1
|
5
5
|
prerelease:
|
6
6
|
platform: x64-mingw32
|
7
7
|
authors:
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2017-01-17 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: facter
|