puppetserver-ca 2.0.0 → 2.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6523b5628cc4d83aa2627326400a2fb493a18f28d7e4da4b8046eac41e09c555
-  data.tar.gz: 6e8cfbeb2a63ad443f22b196d9cdf2749242ef552c6376fd55b723aa699ceefd
+  metadata.gz: 33d0c2bbf4e4efae9ed5ee88619f47bfbd850b24b0e7fff02bf7e6a106d40d18
+  data.tar.gz: 70542df4956703b70b73ab3aa8e5cb4ef8c007925fb47dc1e2197d762e1a3269
 SHA512:
-  metadata.gz: 82c62889b706bad66349d5efd8469969b919d8d90741c57c12827eccdedf2de80597ea923509c66de6d6f317da365d860705d556441ce817167d323ad6e80325
-  data.tar.gz: 72cca87e22e38e8c6b2b7975d4920057f5364c7a9499bcf30553894b9285468a0cb1d3fd93aace8974a889a0e0a0ed35f348d902139a07d0f588957e61f479f4
+  metadata.gz: 399ef8c2fecd89f42db48d848685f61ac9efaffa1039a8e726b4c1b60dda3d82c996c4fff2cec8d315a35bcf5643a46233ae0647a5f79e2f730055e41b404e6f
+  data.tar.gz: 342d56b051591b0fbf2211e3f75dd7249ff934f087f1ad2b0005cbdc4dbb0d5d6228e22b248ab22d9a4bb90dd21026daa0ac7fc363937652b5887fe971b29079

data/README.md

@@ -79,8 +79,8 @@ To test your changes on a VM:
 1. Copy the gem to your VM: `scp puppetserver-ca-<version>.gem <your-vm>:.`
 1. Install puppetserver (FOSS) by installing the relevant release package and then installing the puppetserver package. For example:
     ```
-    $ wget http://nightlies.puppet.com/yum/puppet6-nightly-release-el-7.noarch.rpm
-    $ rpm -i puppet6-nightly-release-el-7.noarch.rpm
+    $ wget http://nightlies.puppet.com/yum/puppet-nightly-release-el-7.noarch.rpm
+    $ rpm -i puppet-nightly-release-el-7.noarch.rpm
     $ yum update
     $ yum install -y puppetserver
     ```

data/lib/puppetserver/ca/action/enable.rb

@@ -45,7 +45,7 @@ BANNER
           end
 
           puppet = Config::Puppet.new(config_path)
-          puppet.load({}, @logger)
+          puppet.load(logger: @logger)
           settings = puppet.settings
           return 1 if Errors.handle_with_usage(@logger, puppet.errors)
 

data/lib/puppetserver/ca/action/generate.rb

@@ -126,7 +126,7 @@ BANNER
           # Load, resolve, and validate puppet config settings
           settings_overrides = {}
           puppet = Config::Puppet.new(config_path)
-          puppet.load(settings_overrides, @logger)
+          puppet.load(cli_overrides: settings_overrides, logger: @logger)
           return 1 if Errors.handle_with_usage(@logger, puppet.errors)
 
           # We don't want generate to respect the alt names setting, since it is usually

data/lib/puppetserver/ca/action/import.rb

@@ -56,7 +56,7 @@ BANNER
           settings_overrides[:dns_alt_names] = input['subject-alt-names'] unless input['subject-alt-names'].empty?
 
           puppet = Config::Puppet.new(config_path)
-          puppet.load(settings_overrides, @logger)
+          puppet.load(cli_overrides: settings_overrides, logger: @logger)
           return 1 if Errors.handle_with_usage(@logger, puppet.errors)
 
           # Load most secure signing digest we can for cers/crl/csr signing.

data/lib/puppetserver/ca/action/migrate.rb

@@ -1,22 +1,23 @@
 require 'puppetserver/ca/utils/cli_parsing'
 require 'puppetserver/ca/utils/file_system'
 require 'puppetserver/ca/utils/http_client'
+require 'puppetserver/ca/utils/config'
 
 module Puppetserver
   module Ca
     module Action
       class Migrate
         include Puppetserver::Ca::Utils
-        PUPPETSERVER_CA_DIR = '/etc/puppetlabs/puppetserver/ca'
+        PUPPETSERVER_CA_DIR = Puppetserver::Ca::Utils::Config.new_default_cadir
 
-        SUMMARY = "Migrate the existing CA directory to /etc/puppetlabs/puppetserver/ca"
+        SUMMARY = "Migrate the existing CA directory to #{PUPPETSERVER_CA_DIR}"
         BANNER = <<-BANNER
 Usage:
   puppetserver ca migrate [--help]
   puppetserver ca migrate [--config PATH]
 
 Description:
-  Migrate an existing CA directory to /etc/puppetlabs/puppetserver/ca. This is for
+  Migrate an existing CA directory to #{PUPPETSERVER_CA_DIR}. This is for
   upgrading from Puppet Platform 6.x to Puppet 7. Use the currently configured
   puppet.conf file in your installation, or supply one using the `--config` flag.
 Options:
@@ -29,7 +30,7 @@ BANNER
         def run(input)
           config_path = input['config']
           puppet = Config::Puppet.new(config_path)
-          puppet.load({}, @logger)
+          puppet.load(logger: @logger, ca_dir_warn: false)
           return 1 if HttpClient.check_server_online(puppet.settings, @logger)
 
           errors = FileSystem.check_for_existing_files(PUPPETSERVER_CA_DIR)
@@ -65,7 +66,7 @@ SUCCESS_MESSAGE
 
         def migrate(old_cadir, new_cadir=PUPPETSERVER_CA_DIR)
           FileUtils.mv(old_cadir, new_cadir)
-          FileUtils.symlink(new_cadir, old_cadir)
+          FileSystem.forcibly_symlink(new_cadir, old_cadir)
         end
 
         def parse(args)

data/lib/puppetserver/ca/action/setup.rb

@@ -56,7 +56,7 @@ BANNER
           settings_overrides[:dns_alt_names] = input['subject-alt-names'] unless input['subject-alt-names'].empty?
 
           puppet = Config::Puppet.new(config_path)
-          puppet.load(settings_overrides, @logger)
+          puppet.load(cli_overrides: settings_overrides, logger: @logger)
           return 1 if Errors.handle_with_usage(@logger, puppet.errors)
 
           # Load most secure signing digest we can for cers/crl/csr signing.

data/lib/puppetserver/ca/config/puppet.rb

@@ -25,7 +25,7 @@ module Puppetserver
 
         def self.parse(config_path, logger)
           instance = new(config_path)
-          instance.load({}, logger)
+          instance.load(logger: logger)
 
           return instance
         end
@@ -54,20 +54,23 @@ module Puppetserver
           user_specific_puppet_confdir + '/puppet.conf'
         end
 
-        def load(cli_overrides = {}, logger)
+        def load(cli_overrides: {}, logger:, ca_dir_warn: true)
           if explicitly_given_config_file_or_default_config_exists?
             results = parse_text(File.read(@config_path))
           end
 
           results ||= {}
           results[:main] ||= {}
+          # The [master] config section is deprecated
+          # We now favor [server], but support both for backwards compatibility
           results[:master] ||= {}
+          results[:server] ||= {}
           results[:agent] ||= {}
 
-          overrides = results[:agent].merge(results[:main]).merge(results[:master])
+          overrides = results[:agent].merge(results[:main]).merge(results[:master]).merge(results[:server])
           overrides.merge!(cli_overrides)
 
-          @settings = resolve_settings(overrides, logger).freeze
+          @settings = resolve_settings(overrides, logger, ca_dir_warn: ca_dir_warn).freeze
         end
 
         def default_certname
@@ -84,7 +87,7 @@ module Puppetserver
 
         # Resolve settings from default values, with any overrides for the
         # specific settings or their dependent settings (ssldir, cadir) taken into account.
-        def resolve_settings(overrides = {}, logger)
+        def resolve_settings(overrides = {}, logger, ca_dir_warn: true)
           unresolved_setting = /\$[a-z_]+/
 
           # Returning the key for unknown keys (rather than nil) is required to
@@ -145,7 +148,8 @@ module Puppetserver
           cadir = find_cadir(overrides.fetch(:cadir, false),
                              settings[:confdir],
                              settings[:ssldir],
-                             logger)
+                             logger,
+                             ca_dir_warn)
           settings[:cadir] = substitutions['$cadir'] = cadir
 
 
@@ -212,7 +216,7 @@ module Puppetserver
        private
 
 
-        def find_cadir(configured_cadir, confdir, ssldir, logger)
+        def find_cadir(configured_cadir, confdir, ssldir, logger, ca_dir_warn)
           warning = 'The cadir is currently configured to be inside the ' +
             '%{ssldir} directory. This config setting and the directory ' +
             'location will not be used in a future version of puppet. ' +
@@ -221,7 +225,7 @@ module Puppetserver
             'Use `puppetserver ca migrate --help` for more info.'
 
           if configured_cadir
-            if configured_cadir.start_with?(ssldir)
+            if ca_dir_warn && configured_cadir.start_with?(ssldir)
               logger.warn(warning % {ssldir: ssldir})
             end
             configured_cadir
@@ -230,7 +234,7 @@ module Puppetserver
             old_cadir = Puppetserver::Ca::Utils::Config.old_default_cadir(confdir)
             new_cadir = Puppetserver::Ca::Utils::Config.new_default_cadir(confdir)
             if File.exist?(old_cadir) && !File.symlink?(old_cadir)
-              logger.warn(warning % {ssldir: ssldir})
+              logger.warn(warning % {ssldir: ssldir}) if ca_dir_warn
               old_cadir
             else
               new_cadir

data/lib/puppetserver/ca/utils/file_system.rb

@@ -53,6 +53,14 @@ module Puppetserver
         def self.forcibly_symlink(source, link_target)
           FileUtils.remove_dir(link_target, true)
           FileUtils.symlink(source, link_target)
+          # Ensure the symlink has the same ownership as the source.
+          # This requires using `FileUtils.chown` rather than `File.chown`, as
+          # the latter will update the ownership of the source rather than the
+          # link itself.
+          # Symlink permissions are ignored in favor of the source's permissions,
+          # so we don't have to change those.
+          source_info = File.stat(source)
+          FileUtils.chown(source_info.uid, source_info.gid, link_target)
         end
 
         def initialize

data/lib/puppetserver/ca/utils/http_client.rb

@@ -174,7 +174,7 @@ module Puppetserver
             self.new(settings, with_client_cert: false).with_connection(status_url) do |conn|
               result = conn.get
               if result.body == "running"
-                logger.err "CA service is running. Please stop it before attempting to run this command."
+                logger.err "Puppetserver service is running. Please stop it before attempting to run this command."
                 true
               else
                 false

data/lib/puppetserver/ca/version.rb

@@ -1,5 +1,5 @@
 module Puppetserver
   module Ca
-    VERSION = "2.0.0"
+    VERSION = "2.0.1"
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: puppetserver-ca
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 2.0.1
 platform: ruby
 authors:
 - Puppet, Inc.
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-11-05 00:00:00.000000000 Z
+date: 2020-12-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: facter