| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | | |/ |
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
These providers use posixAccount and posixGroup.
This is a collapsed merge, fwiw.
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Indentation of multiple nested blocks was broken; the closing braces
of all the outer blocks were put into column 0 because finding the
block indentation failed. Do normal indentation if finding a block
indentation fails, but more importantly, be smarter about searching
backwards to find the beginning of the current block, taking balanced
braces into account.
There is probably some less-ugly and more Emacs-native way of doing
this.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
More correctly handle multiple resources in a block, such as:
type {
"name":
attr => foo,
oattr => bar;
"other":
attr => baz;
}
Handle continued arguments in parentheses, such as define or realize
arguments. Try to be a bit more robust about indenting in general.
Add the remaining Puppet language keywords (I think) and improve the
handling of type references at the top level. Remove the hack for
continued include lines and fix it properly.
Remove more non-Puppet code left over from the mode this one was
based on. Use a more straightforward method of setting up the font-lock
keywords and do it the same way for both XEmacs and Emacs since I think
they can both handle the current method (and other modes agree).
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Replace count-matches with a puppet-count-matches function that does
the same as the Emacs 22 count-matches. The Emacs 21 count-matches
is different and not useful for our purposes.
|
| | | |
| | |
| | |
| | | |
The -o flag is now only used when the uid is being changed.
|
| | |\ \ |
|
| | | | | |
|
| | | |/ |
|
| | | |
| | |
| | |
| | | |
This is related to #1215.
|
| | |/ |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
some doco fixes
|
| | |
| |
| |
| |
| | |
It was trying to use arguments but they were never actually
set.
|
| | |
| |
| |
| |
| | |
This provides a single, global bit for determining whether
a given piece of cached data is still valid.
|
| | |
| |
| |
| |
| |
| |
| | |
I keep having issues with integration tests keeping
cached values around, and this module should hopefully
give us a single place to invalidate all caches, thus
making testing this much easier.
|
| | |
| |
| |
| |
| |
| |
| | |
The HttpPool module now removes its cached ssl_host instance
when clearing its cache. This is really only useful
for testing, but it correctly causes the pool to use
new certificates when they're available.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously, you had to configure whether you wanted the CRL or not,
which resulted in errors all the time when it was configured but
unavailable.
Now, Puppet will always create and try to use it, but you won't
get failures if it's unavailable.
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
The server is actually serving REST, but the client can't use
it until we resolve the format and security issues that REST
hasn't yet tackled.
|
| | |
| |
| |
| | |
class.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
We can't have the HttpPool class use the Indirector to see
if it has a cert available, because it might be being used to
try to download one, which would cause it to make an http instance,
which would cause it to... Well, you get the idea.
Adding and fixing a few other tests I ran into on the way.
|
| | | |
|
| | |
| |
| |
| |
| | |
Now the CSR class triggers autosigning when any CSR is
saved, if it's running on a CA host.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
...as far as I can tell. The client, however, is broken,
since it used the old http_pool/ssl_support stuff, which
no longer works.
I have to port puppetd over to using the new ssl stuff,
then I'll at least be able to verify that the master can
still speak xmlrpc.
|
| | |
| |
| |
| |
| |
| |
| | |
I don't think the whole thing is done, but at least the
basic flows are in place. Now it's just a question of
doing real-world tests and fleshing out the unit tests
as necessary.
|
| | |
| |
| |
| | |
SSL code.
|
| | |
| |
| |
| | |
This requires less setup and configuration on the part of the user.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This makes is so that if you, for instance, reset the vardir,
then the next time an initialization call is made, we reuse
any previously used sections, thus (hopefully) correctly
creating any newly needed directories.
This is mostly helpful during testing.
|
| | |
| |
| |
| | |
defaults section, rather than the puppetd section.
|
| | |
| |
| |
| |
| | |
It uses an instance of SSL::Host for getting its certificate
and ssl store.
|
| | |
| |
| |
| | |
These were still writing to ~.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
responsibilities to the SSL::Host class.
I was previously saving invalid CRLs unless they'd had a revocation
done in them; this commit fixes them so that they're always valid.
Also, I've added to SSL::Host the ability to generate a valid
SSL Store, suitable for validation. This is now used by
Webrick and can be used by the http clients, too.
This should have been two commits, but I'm kind of down the
rabbit hole ATM.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
appropriate.
It uses the CA singleton method to determine
whether it's on valid CA host, and if so, uses
the CA instance to sign its generated CSR.
|
| | |
| |
| |
| |
| |
| |
| | |
I realized that it never made sense to have a CA
that didn't know how to initialize itself, so we
now have a singleton method for the CA, and it also
automatically initializes itself.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
The code is much cleaner, and it seems to be mostly
functional, but we have to pick a strategy for signing
the host's certificate on first startup. Also, I haven't
actually done end-to-end testing yet, which needs the certs
working first.
|
| | | |
|
| | |
| |
| |
| |
| | |
This provides the backward compatibility for webrick,
and only Mongrel is left.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This provides the interface for configuring backward compatibility
in the new-style server code. It requires a completely different
configuration step, in that REST and xmlrpc handlers are configured
separately, rather than using the same handler names, but this was
considered less evil than having a large abstraction layer for specifying
how the handlers are related.
|
| | |
| |
| |
| |
| | |
Now I just need to get xmlrpc working alongside REST in
both mongrel and webrick.
|
| | | |
|
