| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* 2.7.x: (25 commits)
(#4411) Explain that runinterval = 0 does not mean "never run"
Maint: Fix missing option text in puppet agent and arrange options alphabetically
(#8302) Improve documentation of exec providers
(#7853) Clarify and complete docs for the tagmail report processor
Maint: Mention that audit metaparameter will accept "all"
Maint: Adjust wording for file type's content parameter
Maint: Fix poor documentation for versioncmp function.
maint: Fix case sensitive require
maint: Add inspect app options to help
maint: Fix inspect help
Increment lib/puppet.rb VERSION string
Updated CHANGELOG for 2.7.3rc1
(#4762) Ensure that clients on the moon can successfully connect.
Add document outlining preferred contribution methods
Add document outlining preferred contribution methods
Add document outlining preferred contribution methods
Revert "Merge branch 'vcsrepo'"
Revert "Merge branch 'vcsrepo'"
Updating CHANGELOG for 2.7.2rc3
(#8704) Give better errors for invalid fileserver.conf
...
Manually Resolved Conflicts:
lib/puppet/parser/functions/versioncmp.rb
spec/integration/node/facts_spec.rb
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously, we only allowed Puppet Clients at a maximum distance of somewhere
between 7,494 and 14,988 kilometers from the master, depending on the variance
in local conditions.
While this gave us good data security against hostile clients connecting from
the dark side of the moon, real world testing shows the moon folks are likely
to just take over a local staging host and attack that way.
So, instead, allow clients sufficient time they should be comfortable able to
connect to a master from the moon. We still refuse clients further out, like
Mars, since it seems unlikely that Puppet management over that distance should
work.
We advise the manned Mars expedition to deploy a local Puppet Master to manage
infrastructure in their base, and to watch out for the martians.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If you tried to just put an allow or deny line in the fileserver.conf
without a mount point, you got a really confusing error message:
lib/puppet/network/handler/fileserver.rb:285:in `readconfig': undefined method `info' for nil:NilClass (NoMethodError)
Now instead we give an error saying no mount point was specified.
Reviewed-by: Josh Cooper <josh@puppetlabs.com>
|
| |\|
| |
| |
| |
| |
| |
| |
| | |
* 2.7.x:
Deprecate RestAuthConfig#allowed? in favor of #check_authorization
Fix #6026 - security file should support inline comments
Fix #5010 - Allow leading whitespace in auth.conf
Fix #5777 - rule interpolation broke auth.conf CIDR rules
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
#allowed? was a poorly named method since it isn't actually a predicate
method. Instead of returning a boolean, this methods throws an
exception when the access is denied (in order to keep the full context
of what ACE triggered the deny).
Given that #allowed? was overriding the behavior from AuthConfig, we
leave a version of #allowed? in place that will issue a deprecation
warning before delegating to #check_authorization. Once support for
XML-RPC agents is removed from the master, we will be able to remove
this delegation, since there should no longer be a reason for a
distinction between AuthConfig and RestAuthConfig.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
Signed-off-by: Jacob Helwig <jacob@puppetlabs.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Auth.conf, namespaceauth.conf and fileserver.conf were not supporting
trailing inlined comments.
Also this commit fixes some indentation and error management.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| | |
| |
| |
| |
| |
| |
| | |
The regex used to detect ACE is too lax and would allow trailing
spaces to sneak in, which in turn would confuse the ACE parser.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| | |
| |
| |
| |
| |
| |
| | |
The use of Puppet::Util::Cacher in this module was removed previously, and this
stray, unnecessary require was left around.
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
|
| |/
|
|
|
|
|
|
|
|
|
| |
Keep alive has been disabled since 2008, and seems to have caused problems when
it was enabled before then. Since there doesn't seem to be any push to get it
working again, just remove it to simplify this code.
This also allows us to entirely remove the usage of Puppet::Util::Cacher from
HttpPool.
Paired-With: Jacob Helwig <jacob@puppetlabs.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When hosting multiple applications (especially with different security levels),
you may not want to allow every client to read all the files required for
every other client. Currently it is possible to do this when your host and
domain names reasonably reflect that grouping, ex: hostXYZ.someapp.domain.com.
However, if you have a more flat naming convention, it is difficult to write
these ACLs. This patch adds support for matching hostnames with regular
expressions, thus extending the ACLs to allow:
path /file_content/secrets/appserver
allow /appserver[0-9]+.example.com$/
path /file_content/secrets/otherservice
allow /^(test-)crazy[0-9]+.pattern.(com|net)$/
Signed-off-by: Josh Cooper <josh@puppetlabs.com>
Reviewed-by: Jacob Helwig <jacob@puppetlabs.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
instance_methods in Ruby 1.8.7 returns an array of strings, but returns
an array of symbols in 1.9.2. This manifested itself when running the
tests because in 1.9.2 we were trying to call sub on a sybmol. The
original proposed solution was to monkey patch symbols to have a sub
method, but this didn't deal with the real issue of need to check
whether a method was defined, and actually made it worse.
Turns out that checking for the presence of a method in an array that
may contain symbols and may contain strings is better done by just
calling method_defined? instead.
This patch addresses all the places ack turned up the code doing this
include? check instead of directly calling method_defined?.
Thanks to Alex Sharp ajsharp@gmail.com for pointing out the Ruby 1.9
problems and working toward a solution.
Reviewed-by: Nick Lewis <nick@puppetlabs.com>
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| | |
By default, it is useful to permit an individual node to query
information about itself, and there is no good reason to reject
this by default.
Paired-With: Nick Lewis
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This adds a console rendering format to the Network FormatHandler subsystem;
it provides the same human-friendly textual rendering as the Faces application
did, except it uses JSON rather than PP as the fall-back rendering mode.
This paves the path for unification of all formatting into the same subsystem,
rather than the half-measures we used to have.
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
|
| |/
|
|
|
|
|
|
|
| |
The environment returned by uri2indirection used to be a
Puppet::Node::Environment. When this changed to simply being the
string of the environment name, this broke assumptions made in other
areas of the code.
Paired-with: Nick Lewis <nick@puppetlabs.com>
|
| |
|
|
|
|
|
|
|
| |
HEAD request support was implemented in 2.6.x, and the internal API in the HTTP
handler changed in 2.7.x. So when the branches were merged together, HEAD
requests ended up using the wrong API without any visible merge conflicts or
spec failures. This fixes them to use the correct API.
Reviewed-By: Matt Robinson
|
| |
|
|
|
|
|
|
|
| |
POST with a singular indirection is turned into a find in the indirector.
When making a large find request from a REST terminus, POST is used, and for
small requests, GET is used for backward compatibility.
Paired-With: Jesse Wolfe
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
For details of why we're moving please see:
https://groups.google.com/d/topic/puppet-users/NuspYhMpE5o/discussion
Removed explicit GPL licenses where appropriate
Replaced selected GPL licenses with Apache 2.0
Replaced LICENSE with Apache 2.0
Updated README
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit introduces a new Indirector terminus, certificate_status,
which allows for signing, revoking, listing, and cleaning
SSL certificates over HTTP via REST. Documentation for these new
features can be found in our REST API documentation on the docs site:
http://docs.puppetlabs.com/guides/rest_api.html
This documentation has not been updated as of the writing of this
commit, but will be very soon. Puppet::SSL::Host is now fully integrated
into the Indirector.
Paired-with:Matt Robinson, Jacob Helwig, Jesse Wolfe, Richard Crowley,
Luke Kanies
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* 2.6.x: (36 commits)
Updated CHANGELOG for 2.6.7rc1
(#5073) Download plugins even if you're filtering on tags
Fix #5610: Prevent unnecessary RAL lookups
Revert "Merge branch 'ticket/2.6.x/5605' of git://github.com/stschulte/puppet into 2.6.next"
(#6723) Fix withenv environment restoration bug
(#6689) Remove extraneous include of Puppet::Util in InventoryActiveRecord
Remove extra trailing whitespace from lib/puppet/resource.rb
(#5428) More fully "stub" Puppet::Resource::Reference for use with storedconfigs
(#6707) Fix typo in rest_authconfig.rb
(#6689) Make inventory_active_record terminus search quickly
(#5392) Give a better error when realizing a non-existant resource
(#2645) Adding a less-stubby test to verify the "system" attribute's behavior
Update CHANGELOG for 2.6.6
maint: Remove serialization of InventoryFact values
maint: Rename InventoryHost to InventoryNode
Fixed #2645 - Added support for creating system users
maint: Remove spec run noise
maint:Refactor of mount provider integration tests
(#6338) Support searching on metadata in InventoryActiveRecord terminus
(#6338) Implement search for InventoryActiveRecord facts terminus
...
This merge includes essentially reverting #4904's change to the mount
type since tests that came in from 2.6.x specified different
behavior and what's correct is not clear to me. I've reopened #4904 and
added it to our backlog, and talked to Nigel about the RFC that's
currently out on the puppet-users mailing list for a bigger refactor of
how the mount provider works.
Manually Resolved Conflicts:
spec/spec_helper.rb
spec/unit/indirector/queue_spec.rb
|
| | |
| |
| |
| | |
"Where" -> "were." Capitalize "ACL."
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This was a particularly nasty merge, so rather than hold up merges into
next any longer, I'm going to push this merge with a few outstanding
problems. The tests that were failing in the following areas have been
marked pending, and will be addressed separately, immediately following
this push.
TODO:
Verify that brice's rdoc change is still valid: tests to show that line
numbers from class, define and node get into the ast
Fix mount parsed_spec spec/unit/provider/mount/parsed_spec.rb
* 2.6.next: (85 commits)
(#5148) Fix failing spec due to timezone
(#5148) Add support for PSON to facts
(#6338) Remove inventory indirection, and move to facts indirection
(#6445) Fix inline docs: puppet agent does not accept --mkusers
Update CHANGELOG and version for 2.6.6rc1
(#6541) Fix content with checksum truncation bug
(#6418) Recursive files shouldn't be audited
(#6541) maint: whitespace cleanup on the file integration spec
(#6541) Fix content with checksum truncation bug
(#5466) Write specs for output of puppet resource
(#5466) Monkey patch Symbol so that you can sort them
(#5466) Fixed puppet resource bug with trailing ,
Update CHANGELOG for 2.6.5
(#4922) Don't truncate remotely-sourced files on 404
(#6338) Remove unused version control tags
Maint: Align tabs in a code block in the Augeas type.
(#6509) Inline docs: Fix erroneous code block in directoryservice provider for computer type
Maint: Rewrite comments about symlinks to reflect best practice.
(#6509) Inline docs: Fix broken lists in Launchd provider.
(#6509) Inline docs: Fix broken code blocks in zpool type
...
Manually Resolved Conflicts:
lib/puppet/application/inspect.rb
lib/puppet/defaults.rb
lib/puppet/file_bucket/dipper.rb
lib/puppet/network/http/handler.rb
lib/puppet/node/facts.rb
lib/puppet/parser/parser.rb
lib/puppet/parser/parser_support.rb
lib/puppet/util/command_line/puppet
lib/puppet/util/command_line/puppetd
lib/puppet/util/command_line/puppetmasterd
lib/puppet/util/monkey_patches.rb
lib/puppet/util/rdoc/parser.rb
spec/unit/application/agent_spec.rb
spec/unit/file_bucket/file_spec.rb
spec/unit/indirector/file_bucket_file/file_spec.rb
spec/unit/network/http/handler_spec.rb
spec/unit/parser/parser_spec.rb
spec/unit/provider/mount/parsed_spec.rb
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We had a combination of bad logic, and bad testing, and a nasty behaviour of
Mocha <= 0.9.10 that would result in a false pass for one of our tests.
This not only falsely passed, but hid an infinite loop retrying decompression
on an invalid data stream; it could be triggered by anything that sent an HTTP
request with an invalid compressed body, resulting in a livelock.
Paired-with: Jesse Wolfe <jesse@puppetlabs.com>
Signed-off-by: Daniel Pittman <daniel@puppetlabs.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Added support for adding "_search" to the end of any indirection to
'pluralize' it, and added tests to check this functionality and to test
hidden side effect of plurality method unpluralizing indirections.
Paired-With:Paul Berry <paul@puppetlabs.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Ruby 1.8.6 (but not later versions) warn about requiring parenthesis on some
function calls; having one of those in our network rights checking means that
we emit ... quite a few of these, and annoy anything that tracks our logs.
By using the more standard form of raise we can avoid the warning entirely,
and keep consistent code style across the file.
Reviewed-By: Paul Berry <paul@puppetlabs.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This REST interface returns a list of nodes that match a fact query.
Fact queries can use (in)equality testing as a string comparison, and >,
<, >=, <= numerical comparisons. Multiple tests can be done as AND
comparisons, not OR.
The fact queries need to be prefixed by facts, and the comparisons other
than equality are specified with a .comparison_type after the fact name.
This will be better explained in the REST documentation on the website.
Searches that don't match anything now return empty array instead of a
404 error.
Conflicts:
spec/spec_helper.rb
|
| | |
| |
| |
| |
| |
| |
| | |
This patch significantly speeds up reading the body of HTTP requests
from Rack.
Reviewed-by: Markus Roberts <markus@puppetlabs.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We had a combination of bad logic, and bad testing, and a nasty behaviour of
Mocha <= 0.9.10 that would result in a false pass for one of our tests.
This not only falsely passed, but hid an infinite loop retrying decompression
on an invalid data stream; it could be triggered by anything that sent an HTTP
request with an invalid compressed body, resulting in a livelock.
Paired-with: Jesse Wolfe <jesse@puppetlabs.com>
Signed-off-by: Daniel Pittman <daniel@puppetlabs.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
into next"
This reverts commit 448a439f5abc3d51accececb678e9c5f547f7615, reversing
changes made to 06939c51a3f675137b53fac8a521132a4c9cfcbe.
As per discussion in http://projects.puppetlabs.com/issues/5691#note-5
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Here is an attempt to cover with process name probes some of the longest
parts of a puppet agent or master.
Currently:
* node compilation
* individual resource evaluation
* some configurer parts
* individual network requests
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |\ \ \
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* 2.6.x: (21 commits)
(#5900) Include ResourceStatus#failed in serialized reports
(#5882) Added error-handling for bucketing files in puppet inspect
(#5882) Added error-handling to puppet inspect when auditing
(#5171) Made "puppet inspect" upload audited files to a file bucket
Prep for #5171: Added a missing require to inspect application.
Locked Puppet license to GPLv2
(#5838) Support paths as part of file bucket requests.
(#5838) Improve the quality of file bucket specs.
(#5838) Make file bucket dipper efficient when saving a file that already exists
(#5838) Implemented the "head" method for FileBucketFile::File terminus.
(#5838) Reworked file dipper spec to perform less stubbing.
(#5838) Added support for HEAD requests to the indirector.
(#5838) Refactored error handling logic into find_in_cache.
(#5838) Refactored Puppet::Network::Rights#fail_on_deny
maint: Remove unused Rakefile in spec directory
(#5171) Made filebucket able to perform diffs
(#5710) Removed unnecessary calls to insync?
Prep for fixing #5710: Refactor stub provider in resource harness spec
Maint: test partial resource failure
maint: Inspect reports should have audited = true on events
...
Manually Resolved Conflicts:
lib/puppet/file_bucket/dipper.rb
lib/puppet/indirector.rb
lib/puppet/network/rest_authconfig.rb
spec/unit/file_bucket/dipper_spec.rb
spec/unit/file_bucket/file_spec.rb
spec/unit/indirector_spec.rb
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Added the ability for the indirector to handle REST HEAD requests.
These are done using a new indirector method, head(), which should
return true if find() would return a result and false if find() would
return nil.
Access control for the head method is the union of that for the find
and save methods. That is, if either find or save is allowed, then
head is allowed. This is necessary so that users will not have to
change their authconfig to take advantage of the new feature.
Paired-with: Jesse Wolfe <jesse@puppetlabs.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Changed into a method that returns the exception to raised rather than
raising it.
Paired-with: Jesse Wolfe <jesse@puppetlabs.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It is now possible to ask the filebucket to diff two files using a URL
of the form:
https://puppet/production/file_bucket_file/md5/{first file hash}?diff_with={second file hash}
The returned diff is a string, the output of the "diff" command.
Paired-with: Paul Berry <paul@puppetlabs.com>
|
| |\| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* 2.6.x:
(#5304) Use internal_name rather than real_name for maillist provider
Updated CHANGELOG and version for 2.6.4
Revert "(#5304) Use internal_name rather than real_name for maillist provider"
Disable remote ralsh by default
(#5424) Ship auth.conf as part of installing from source
(#5304) Use internal_name rather than real_name for maillist provider
Renamed Reductive to Puppet
Manually Resolved Conflicts:
lib/puppet/provider/maillist/mailman.rb
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Changed the default auth.conf so that accesses to "/resource" are no
longer allowed. This means that to use "puppet resource -H" you will
need to configure the target machine to enable access to the
"/resource" URLs.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This change replaces calls to <model object>.save with calls to <model
class>.indirection.save(<model object>). This makes the use of the
indirector explicit rather than implicit so that it will be easier to
search for all indirector call sites using grep. This is an
intermediate refactor on the way towards allowing indirector calls to
be explicitly routed to multiple termini.
This patch affects production code.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In commit 71ecad9904c8c48c023e90e5fbea5b26b180c9cf we removed the
delegation from model class to indirection for the "find", "search",
"destroy", and "expire" methods. When we did this we neglected to
modify http handler code to call the indirector directly. This patch
makes the appropriate changes to http handler code.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Replaced uses of the find, search, destroy, and expire methods on
model classes with direct calls to the indirection objects. Also
removed the old methods that delegated to the indirection object.
|
| |\| |
| |/
|/|
| |
| |
| | |
Resolved conflicts manually:
spec/integration/indirector/bucket_file/rest_spec.rb
spec/integration/indirector/certificate_revocation_list/rest_spec.rb
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The Puppet::Util.sync method was not thread safe and also leaked memory. I'm
not certain, but I believe the first is ironic and the second is merely a bug.
This patch addresses the problem by 1) refactoring so the sync objects
are never returned (and thus no one can cache a reference to one) 2) adding
reference counting 3) deleting them when they are no longer needed 4) doing
the thread safty dance.
It wasn't the first (or even second) solution considered, but it's the one
that I was able to make work in a way that I'm convinced is correct. Its
main advantage is that it puts all the tricky bits in one place.
|
| | |
| |
| |
| |
| |
| |
| | |
Standardize how we create tmpdirs by using the puppet function instead
of Dir.tmpdir.
Paired-with: Paul Berry <paul@puppetlabs.com>
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
This is a maintenance refactor to reduce the dependencies between the
rest API and the implementation of the Indirector. The HTTP Handler code
was creating temporary Request objects that were not actually being
passed to the Indirector.
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This REST interface returns a list of nodes that match a fact query.
Fact queries can use (in)equality testing as a string comparison, and >,
<, >=, <= numerical comparisons. Multiple tests can be done as AND
comparisons, not OR.
The fact queries need to be prefixed by facts, and the comparisons other
than equality are specified with a .comparison_type after the fact name.
This will be better explained in the REST documentation on the website.
Searches that don't match anything now return empty array instead of a
404 error.
|
| |
|
|
|
|
| |
The debugging information added in commit b7e2580ab49ecdb67fc9b522829c005fc3750fbe
was not thread safe and, as it turns out, not as useful as had been hoped. This
commit reverts it.
|
| |
|
|
| |
Added a missing require to webrick/rest.rb.
|
| |
|
|
|
|
| |
Rather than just creating a handler for the base mime-type (e.g. "text/yaml") we
create some synonyms where appropriate (e.g. "text/x-yaml", "application/yaml",
etc.)
|
| |
|
|
|
|
|
|
|
| |
When streaming a file through rack, we set the Content-Length header
to be the size of the transmitted file.
This size is an int, and recent passenger versions only support string
values.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
