RubyGems - puppetserver-ca - Versions diffs - 2.0.0 → 2.0.1 - Mend

puppetserver-ca 2.0.0 → 2.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

checksums.yaml +4 -4
data/README.md +2 -2
data/lib/puppetserver/ca/action/enable.rb +1 -1
data/lib/puppetserver/ca/action/generate.rb +1 -1
data/lib/puppetserver/ca/action/import.rb +1 -1
data/lib/puppetserver/ca/action/migrate.rb +6 -5
data/lib/puppetserver/ca/action/setup.rb +1 -1
data/lib/puppetserver/ca/config/puppet.rb +13 -9
data/lib/puppetserver/ca/utils/file_system.rb +8 -0
data/lib/puppetserver/ca/utils/http_client.rb +1 -1
data/lib/puppetserver/ca/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6523b5628cc4d83aa2627326400a2fb493a18f28d7e4da4b8046eac41e09c555
-  data.tar.gz: 6e8cfbeb2a63ad443f22b196d9cdf2749242ef552c6376fd55b723aa699ceefd
+  metadata.gz: 33d0c2bbf4e4efae9ed5ee88619f47bfbd850b24b0e7fff02bf7e6a106d40d18
+  data.tar.gz: 70542df4956703b70b73ab3aa8e5cb4ef8c007925fb47dc1e2197d762e1a3269
 SHA512:
-  metadata.gz: 82c62889b706bad66349d5efd8469969b919d8d90741c57c12827eccdedf2de80597ea923509c66de6d6f317da365d860705d556441ce817167d323ad6e80325
-  data.tar.gz: 72cca87e22e38e8c6b2b7975d4920057f5364c7a9499bcf30553894b9285468a0cb1d3fd93aace8974a889a0e0a0ed35f348d902139a07d0f588957e61f479f4
+  metadata.gz: 399ef8c2fecd89f42db48d848685f61ac9efaffa1039a8e726b4c1b60dda3d82c996c4fff2cec8d315a35bcf5643a46233ae0647a5f79e2f730055e41b404e6f
+  data.tar.gz: 342d56b051591b0fbf2211e3f75dd7249ff934f087f1ad2b0005cbdc4dbb0d5d6228e22b248ab22d9a4bb90dd21026daa0ac7fc363937652b5887fe971b29079

data/README.md CHANGED

@@ -79,8 +79,8 @@ To test your changes on a VM:
 1. Copy the gem to your VM: `scp puppetserver-ca-<version>.gem <your-vm>:.`
 1. Install puppetserver (FOSS) by installing the relevant release package and then installing the puppetserver package. For example:
     ```
-    $ wget http://nightlies.puppet.com/yum/puppet6-nightly-release-el-7.noarch.rpm
-    $ rpm -i puppet6-nightly-release-el-7.noarch.rpm
+    $ wget http://nightlies.puppet.com/yum/puppet-nightly-release-el-7.noarch.rpm
+    $ rpm -i puppet-nightly-release-el-7.noarch.rpm
     $ yum update
     $ yum install -y puppetserver
     ```

data/lib/puppetserver/ca/action/enable.rb CHANGED

@@ -45,7 +45,7 @@ BANNER
           end
           puppet = Config::Puppet.new(config_path)
-          puppet.load({}, @logger)
+          puppet.load(logger: @logger)
           settings = puppet.settings
           return 1 if Errors.handle_with_usage(@logger, puppet.errors)

data/lib/puppetserver/ca/action/generate.rb CHANGED

@@ -126,7 +126,7 @@ BANNER
           # Load, resolve, and validate puppet config settings
           settings_overrides = {}
           puppet = Config::Puppet.new(config_path)
-          puppet.load(settings_overrides, @logger)
+          puppet.load(cli_overrides: settings_overrides, logger: @logger)
           return 1 if Errors.handle_with_usage(@logger, puppet.errors)
           # We don't want generate to respect the alt names setting, since it is usually

data/lib/puppetserver/ca/action/import.rb CHANGED

@@ -56,7 +56,7 @@ BANNER
           settings_overrides[:dns_alt_names] = input['subject-alt-names'] unless input['subject-alt-names'].empty?
           puppet = Config::Puppet.new(config_path)
-          puppet.load(settings_overrides, @logger)
+          puppet.load(cli_overrides: settings_overrides, logger: @logger)
           return 1 if Errors.handle_with_usage(@logger, puppet.errors)
           # Load most secure signing digest we can for cers/crl/csr signing.

data/lib/puppetserver/ca/action/migrate.rb CHANGED

@@ -1,22 +1,23 @@
 require 'puppetserver/ca/utils/cli_parsing'
 require 'puppetserver/ca/utils/file_system'
 require 'puppetserver/ca/utils/http_client'
+require 'puppetserver/ca/utils/config'
 module Puppetserver
   module Ca
     module Action
       class Migrate
         include Puppetserver::Ca::Utils
-        PUPPETSERVER_CA_DIR = '/etc/puppetlabs/puppetserver/ca'
+        PUPPETSERVER_CA_DIR = Puppetserver::Ca::Utils::Config.new_default_cadir
-        SUMMARY = "Migrate the existing CA directory to /etc/puppetlabs/puppetserver/ca"
+        SUMMARY = "Migrate the existing CA directory to #{PUPPETSERVER_CA_DIR}"
         BANNER = <<-BANNER
 Usage:
   puppetserver ca migrate [--help]
   puppetserver ca migrate [--config PATH]
 Description:
-  Migrate an existing CA directory to /etc/puppetlabs/puppetserver/ca. This is for
+  Migrate an existing CA directory to #{PUPPETSERVER_CA_DIR}. This is for
   upgrading from Puppet Platform 6.x to Puppet 7. Use the currently configured
   puppet.conf file in your installation, or supply one using the `--config` flag.
 Options:
@@ -29,7 +30,7 @@ BANNER
         def run(input)
           config_path = input['config']
           puppet = Config::Puppet.new(config_path)
-          puppet.load({}, @logger)
+          puppet.load(logger: @logger, ca_dir_warn: false)
           return 1 if HttpClient.check_server_online(puppet.settings, @logger)
           errors = FileSystem.check_for_existing_files(PUPPETSERVER_CA_DIR)
@@ -65,7 +66,7 @@ SUCCESS_MESSAGE
         def migrate(old_cadir, new_cadir=PUPPETSERVER_CA_DIR)
           FileUtils.mv(old_cadir, new_cadir)
-          FileUtils.symlink(new_cadir, old_cadir)
+          FileSystem.forcibly_symlink(new_cadir, old_cadir)
         end
         def parse(args)

data/lib/puppetserver/ca/action/setup.rb CHANGED

@@ -56,7 +56,7 @@ BANNER
           settings_overrides[:dns_alt_names] = input['subject-alt-names'] unless input['subject-alt-names'].empty?
           puppet = Config::Puppet.new(config_path)
-          puppet.load(settings_overrides, @logger)
+          puppet.load(cli_overrides: settings_overrides, logger: @logger)
           return 1 if Errors.handle_with_usage(@logger, puppet.errors)
           # Load most secure signing digest we can for cers/crl/csr signing.

data/lib/puppetserver/ca/config/puppet.rb CHANGED

@@ -25,7 +25,7 @@ module Puppetserver
         def self.parse(config_path, logger)
           instance = new(config_path)
-          instance.load({}, logger)
+          instance.load(logger: logger)
           return instance
         end
@@ -54,20 +54,23 @@ module Puppetserver
           user_specific_puppet_confdir + '/puppet.conf'
         end
-        def load(cli_overrides = {}, logger)
+        def load(cli_overrides: {}, logger:, ca_dir_warn: true)
           if explicitly_given_config_file_or_default_config_exists?
             results = parse_text(File.read(@config_path))
           end
           results ||= {}
           results[:main] ||= {}
+          # The [master] config section is deprecated
+          # We now favor [server], but support both for backwards compatibility
           results[:master] ||= {}
+          results[:server] ||= {}
           results[:agent] ||= {}
-          overrides = results[:agent].merge(results[:main]).merge(results[:master])
+          overrides = results[:agent].merge(results[:main]).merge(results[:master]).merge(results[:server])
           overrides.merge!(cli_overrides)
-          @settings = resolve_settings(overrides, logger).freeze
+          @settings = resolve_settings(overrides, logger, ca_dir_warn: ca_dir_warn).freeze
         end
         def default_certname
@@ -84,7 +87,7 @@ module Puppetserver
         # Resolve settings from default values, with any overrides for the
         # specific settings or their dependent settings (ssldir, cadir) taken into account.
-        def resolve_settings(overrides = {}, logger)
+        def resolve_settings(overrides = {}, logger, ca_dir_warn: true)
           unresolved_setting = /\$[a-z_]+/
           # Returning the key for unknown keys (rather than nil) is required to
@@ -145,7 +148,8 @@ module Puppetserver
           cadir = find_cadir(overrides.fetch(:cadir, false),
                              settings[:confdir],
                              settings[:ssldir],
-                             logger)
+                             logger,
+                             ca_dir_warn)
           settings[:cadir] = substitutions['$cadir'] = cadir
@@ -212,7 +216,7 @@ module Puppetserver
        private
-        def find_cadir(configured_cadir, confdir, ssldir, logger)
+        def find_cadir(configured_cadir, confdir, ssldir, logger, ca_dir_warn)
           warning = 'The cadir is currently configured to be inside the ' +
             '%{ssldir} directory. This config setting and the directory ' +
             'location will not be used in a future version of puppet. ' +
@@ -221,7 +225,7 @@ module Puppetserver
             'Use `puppetserver ca migrate --help` for more info.'
           if configured_cadir
-            if configured_cadir.start_with?(ssldir)
+            if ca_dir_warn && configured_cadir.start_with?(ssldir)
               logger.warn(warning % {ssldir: ssldir})
             end
             configured_cadir
@@ -230,7 +234,7 @@ module Puppetserver
             old_cadir = Puppetserver::Ca::Utils::Config.old_default_cadir(confdir)
             new_cadir = Puppetserver::Ca::Utils::Config.new_default_cadir(confdir)
             if File.exist?(old_cadir) && !File.symlink?(old_cadir)
-              logger.warn(warning % {ssldir: ssldir})
+              logger.warn(warning % {ssldir: ssldir}) if ca_dir_warn
               old_cadir
             else
               new_cadir

data/lib/puppetserver/ca/utils/file_system.rb CHANGED

@@ -53,6 +53,14 @@ module Puppetserver
         def self.forcibly_symlink(source, link_target)
           FileUtils.remove_dir(link_target, true)
           FileUtils.symlink(source, link_target)
+          # Ensure the symlink has the same ownership as the source.
+          # This requires using `FileUtils.chown` rather than `File.chown`, as
+          # the latter will update the ownership of the source rather than the
+          # link itself.
+          # Symlink permissions are ignored in favor of the source's permissions,
+          # so we don't have to change those.
+          source_info = File.stat(source)
+          FileUtils.chown(source_info.uid, source_info.gid, link_target)
         end
         def initialize

data/lib/puppetserver/ca/utils/http_client.rb CHANGED

@@ -174,7 +174,7 @@ module Puppetserver
             self.new(settings, with_client_cert: false).with_connection(status_url) do |conn|
               result = conn.get
               if result.body == "running"
-                logger.err "CA service is running. Please stop it before attempting to run this command."
+                logger.err "Puppetserver service is running. Please stop it before attempting to run this command."
                 true
               else
                 false

data/lib/puppetserver/ca/version.rb CHANGED

@@ -1,5 +1,5 @@
 module Puppetserver
   module Ca
-    VERSION = "2.0.0"
+    VERSION = "2.0.1"
   end
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: puppetserver-ca
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 2.0.1
 platform: ruby
 authors:
 - Puppet, Inc.
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2020-11-05 00:00:00.000000000 Z
+date: 2020-12-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: facter