| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Added the require.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replaced 106806 occurances of ^( +)(.*$) with
The ruby community almost universally (i.e. everyone but Luke, Markus, and the other eleven people
who learned ruby in the 1900s) uses two-space indentation.
3 Examples:
The code:
end
# Tell getopt which arguments are valid
def test_get_getopt_args
element = Setting.new :name => "foo", :desc => "anything", :settings => Puppet::Util::Settings.new
assert_equal([["--foo", GetoptLong::REQUIRED_ARGUMENT]], element.getopt_args, "Did not produce appropriate getopt args")
becomes:
end
# Tell getopt which arguments are valid
def test_get_getopt_args
element = Setting.new :name => "foo", :desc => "anything", :settings => Puppet::Util::Settings.new
assert_equal([["--foo", GetoptLong::REQUIRED_ARGUMENT]], element.getopt_args, "Did not produce appropriate getopt args")
The code:
assert_equal(str, val)
assert_instance_of(Float, result)
end
# Now test it with a passed object
becomes:
assert_equal(str, val)
assert_instance_of(Float, result)
end
# Now test it with a passed object
The code:
end
assert_nothing_raised do
klass[:Yay] = "boo"
klass["Cool"] = :yayness
end
becomes:
end
assert_nothing_raised do
klass[:Yay] = "boo"
klass["Cool"] = :yayness
end
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Replaced 704 occurances of (.*)\b([a-z_]+)\(\) with \1\2
3 Examples:
The code:
ctx = OpenSSL::SSL::SSLContext.new()
becomes:
ctx = OpenSSL::SSL::SSLContext.new
The code:
skip()
becomes:
skip
The code:
path = tempfile()
becomes:
path = tempfile
* Replaced 31 occurances of ^( *)end *#.* with \1end
3 Examples:
The code:
becomes:
The code:
end # Dir.foreach
becomes:
end
The code:
end # def
becomes:
end
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replaced 33 occurances of
([$@]?\w+)( +[|&+-]{0,2}= .+)
\1
end
with
3 Examples:
The code:
@sync ||= Sync.new
@sync
end
becomes:
@sync ||= Sync.new
end
The code:
str += "\n"
str
end
becomes:
str += "\n"
end
The code:
@indirection = Puppet::Indirector::Indirection.new(self, indirection, options)
@indirection
end
becomes:
@indirection = Puppet::Indirector::Indirection.new(self, indirection, options)
end
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replaced 55 occurances of
([$@]?\w+) += +(.*) +(if +\1.nil\?|if +! *\1|unless +\1|unless +defined\?\(\1\))$
with
\1 ||= \2
3 Examples:
The code:
@sync
becomes:
@sync
The code:
becomes:
The code:
if @yydebug
becomes:
if @yydebug
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Replaced 53 occurances of
defined\?\((.+?)\) (?:and|&&) \1( |$)
with
\1\2
In code like:
unless defined? @foo and @foo and bar("baz")
"defined? @foo and @foo" can safely be replaced with "@foo":
unless @foo and bar("baz")
Because:
* Both evaluate to false/nil when @foo is not defined
* Both evaluate to @foo when @foo is defined
3 Examples:
The code:
@sync = Sync.new unless defined?(@sync) and @sync
becomes:
@sync = Sync.new unless @sync
The code:
unless defined?(@content) and @content
becomes:
unless @content
The code:
raise(ArgumentError, "Already handling indirection for #{@indirection.name}; cannot also handle #{indirection}") if defined?(@indirection) and @indirection
becomes:
raise(ArgumentError, "Already handling indirection for #{@indirection.name}; cannot also handle #{indirection}") if @indirection
* Replaced 2 occurances of
defined\?\((.+?)\) (?:and|&&) ! *\1.nil\?
with
!\1.nil?
In code like:
while defined? @foo and ! @foo.nil? ...
"defined? @foo and ! @foo.nil?" can safely be replaced with "! @foo.nil?":
while ! @foo.nil? ...
Because:
* Both evaluate to false/nil when @foo is not defined
* Both evaluate to "! @foo.nil?" when @foo is defined
2 Examples:
The code:
!!(defined?(@value) and ! @value.nil?)
becomes:
!!(!@value.nil?)
The code:
self.init unless defined?(@@state) and ! @@state.nil?
becomes:
self.init unless !@@state.nil?
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replaced 583 occurances of
(DEF)
(LINES)
return (.*)
end
with
3 Examples:
The code:
def consolidate_failures(failed)
filters = Hash.new { |h,k| h[k] = [] }
failed.each do |spec, failed_trace|
if f = test_files_for(failed).find { |f| failed_trace =~ Regexp.new(f) }
filters[f] << spec
break
end
end
return filters
end
becomes:
def consolidate_failures(failed)
filters = Hash.new { |h,k| h[k] = [] }
failed.each do |spec, failed_trace|
if f = test_files_for(failed).find { |f| failed_trace =~ Regexp.new(f) }
filters[f] << spec
break
end
end
filters
end
The code:
def retrieve
return_value = super
return_value = return_value[0] if return_value && return_value.is_a?(Array)
return return_value
end
becomes:
def retrieve
return_value = super
return_value = return_value[0] if return_value && return_value.is_a?(Array)
return_value
end
The code:
def fake_fstab
os = Facter['operatingsystem']
if os == "Solaris"
name = "solaris.fstab"
elsif os == "FreeBSD"
name = "freebsd.fstab"
else
# Catchall for other fstabs
name = "linux.fstab"
end
oldpath = @provider_class.default_target
return fakefile(File::join("data/types/mount", name))
end
becomes:
def fake_fstab
os = Facter['operatingsystem']
if os == "Solaris"
name = "solaris.fstab"
elsif os == "FreeBSD"
name = "freebsd.fstab"
else
# Catchall for other fstabs
name = "linux.fstab"
end
oldpath = @provider_class.default_target
fakefile(File::join("data/types/mount", name))
end
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Replaced 2 occurances of
def (.*)
begin
(.*) = Integer\((.*)\)
return \2
rescue ArgumentError
\2 = nil
end
if \2 = (.*)
return \2
else
return false
end
end
with
2 Examples:
The code:
def validuser?(value)
begin
number = Integer(value)
return number
rescue ArgumentError
number = nil
end
if number = uid(value)
return number
else
return false
end
end
becomes:
def validuser?(value)
Integer(value) rescue uid(value) || false
end
The code:
def validgroup?(value)
begin
number = Integer(value)
return number
rescue ArgumentError
number = nil
end
if number = gid(value)
return number
else
return false
end
end
becomes:
def validgroup?(value)
Integer(value) rescue gid(value) || false
end
* Replaced 28 occurances of
return (.*?) if (.*)
return (.*)
with
3 Examples:
The code:
return send(options[:mode]) if [:rdoc, :trac, :markdown].include?(options[:mode])
return other
becomes:
return[:rdoc, :trac, :markdown].include?(options[:mode]) ? send(options[:mode]) : other
The code:
return true if known_resource_types.definition(name)
return false
becomes:
return(known_resource_types.definition(name) ? true : false)
The code:
return :rest if request.protocol == 'https'
return Puppet::FileBucket::File.indirection.terminus_class
becomes:
return(request.protocol == 'https' ? :rest : Puppet::FileBucket::File.indirection.terminus_class)
* Replaced no occurances of
return (.*?) unless (.*)
return (.*)
with
* Replaced 7 occurances of
if (.*)
(.*[^:])false
else
\2true
end
with
3 Examples:
The code:
if RUBY_PLATFORM == "i386-mswin32"
InstallOptions.ri = false
else
InstallOptions.ri = true
end
becomes:
InstallOptions.ri = RUBY_PLATFORM != "i386-mswin32"
The code:
if options[:references].length > 1
with_contents = false
else
with_contents = true
end
becomes:
with_contents = options[:references].length <= 1
The code:
if value == false or value == "" or value == :undef
return false
else
return true
end
becomes:
return (value != false and value != "" and value != :undef)
* Replaced 19 occurances of
if (.*)
(.*[^:])true
else
\2false
end
with
3 Examples:
The code:
if Puppet::Util::Log.level == :debug
return true
else
return false
end
becomes:
return Puppet::Util::Log.level == :debug
The code:
if satisfies?(*features)
return true
else
return false
end
becomes:
return !!satisfies?(*features)
The code:
if self.class.parsed_auth_db.has_key?(resource[:name])
return true
else
return false
end
becomes:
return !!self.class.parsed_auth_db.has_key?(resource[:name])
* Replaced 1 occurance of
if ([a-z_]) = (.*)
(.*[^:])\1
else
\3(.*)
end
with
1 Example:
The code:
if c = self.send(@subclassname, method)
return c
else
return nil
end
becomes:
return self.send(@subclassname, method) || nil
* Replaced 2 occurances of
if (.*)
(.*[^:])\1
else
\2false
end
with
2 Examples:
The code:
if hash[:Local]
@local = hash[:Local]
else
@local = false
end
becomes:
@local = hash[:Local]
The code:
if hash[:Local]
@local = hash[:Local]
else
@local = false
end
becomes:
@local = hash[:Local]
* Replaced 10 occurances of
if (.*)
(.*[^:])(.*)
else
\2false
end
with
3 Examples:
The code:
if defined?(@isnamevar)
return @isnamevar
else
return false
end
becomes:
return defined?(@isnamevar) && @isnamevar
The code:
if defined?(@required)
return @required
else
return false
end
becomes:
return defined?(@required) && @required
The code:
if number = uid(value)
return number
else
return false
end
becomes:
return (number = uid(value)) && number
* Replaced no occurances of
if (.*)
(.*[^:])nil
else
\2(true)
end
with
* Replaced no occurances of
if (.*)
(.*[^:])true
else
\2nil
end
with
* Replaced no occurances of
if (.*)
(.*[^:])\1
else
\2nil
end
with
* Replaced 23 occurances of
if (.*)
(.*[^:])(.*)
else
\2nil
end
with
3 Examples:
The code:
if node = Puppet::Node.find(hostname)
env = node.environment
else
env = nil
end
becomes:
env = (node = Puppet::Node.find(hostname)) ? node.environment : nil
The code:
if mod = Puppet::Node::Environment.new(env).module(module_name) and mod.files?
return @mounts[MODULES].copy(mod.name, mod.file_directory)
else
return nil
end
becomes:
return (mod = Puppet::Node::Environment.new(env).module(module_name) and mod.files?) ? @mounts[MODULES].copy(mod.name, mod.file_directory) : nil
The code:
if hash.include?(:CA) and hash[:CA]
@ca = Puppet::SSLCertificates::CA.new()
else
@ca = nil
end
becomes:
@ca = (hash.include?(:CA) and hash[:CA]) ? Puppet::SSLCertificates::CA.new() : nil
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Replaced 6 occurances of (while .*?) *do$ with
The do is unneeded in the block header form and causes problems
with the block-to-one-line transformation.
3 Examples:
The code:
while line = f.gets do
becomes:
while line = f.gets
The code:
while line = shadow.gets do
becomes:
while line = shadow.gets
The code:
while wrapper = zeros.pop do
becomes:
while wrapper = zeros.pop
* Replaced 19 occurances of ((if|unless) .*?) *then$ with
The then is unneeded in the block header form and causes problems
with the block-to-one-line transformation.
3 Examples:
The code:
if f = test_files_for(failed).find { |f| failed_trace =~ Regexp.new(f) } then
becomes:
if f = test_files_for(failed).find { |f| failed_trace =~ Regexp.new(f) }
The code:
unless defined?(@spec_command) then
becomes:
unless defined?(@spec_command)
The code:
if c == ?\n then
becomes:
if c == ?\n
* Replaced 758 occurances of
((?:if|unless|while|until) .*)
(.*)
end
with
The one-line form is preferable provided:
* The condition is not used to assign a variable
* The body line is not already modified
* The resulting line is not too long
3 Examples:
The code:
if Puppet.features.libshadow?
has_feature :manages_passwords
end
becomes:
has_feature :manages_passwords if Puppet.features.libshadow?
The code:
unless (defined?(@current_pool) and @current_pool)
@current_pool = process_zpool_data(get_pool_data)
end
becomes:
@current_pool = process_zpool_data(get_pool_data) unless (defined?(@current_pool) and @current_pool)
The code:
if Puppet[:trace]
puts detail.backtrace
end
becomes:
puts detail.backtrace if Puppet[:trace]
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Replaced 83 occurances of
(.*)" *[+] *([$@]?[\w_0-9.:]+?)(.to_s\b)?(?! *[*(%\w_0-9.:{\[])
with
\1#{\2}"
3 Examples:
The code:
puts "PUPPET " + status + ": " + process + ", " + state
becomes:
puts "PUPPET " + status + ": " + process + ", #{state}"
The code:
puts "PUPPET " + status + ": #{process}" + ", #{state}"
becomes:
puts "PUPPET #{status}" + ": #{process}" + ", #{state}"
The code:
}.compact.join( "\n" ) + "\n" + t + "]\n"
becomes:
}.compact.join( "\n" ) + "\n#{t}" + "]\n"
* Replaced 21 occurances of (.*)" *[+] *" with \1
3 Examples:
The code:
puts "PUPPET #{status}" + ": #{process}" + ", #{state}"
becomes:
puts "PUPPET #{status}" + ": #{process}, #{state}"
The code:
puts "PUPPET #{status}" + ": #{process}, #{state}"
becomes:
puts "PUPPET #{status}: #{process}, #{state}"
The code:
res = self.class.name + ": #{@name}" + "\n"
becomes:
res = self.class.name + ": #{@name}\n"
* Don't use string concatenation to split lines unless they would be very long.
Replaced 11 occurances of
(.*)(['"]) *[+]
*(['"])(.*)
with
3 Examples:
The code:
o.define_head "The check_puppet Nagios plug-in checks that specified " +
"Puppet process is running and the state file is no " +
becomes:
o.define_head "The check_puppet Nagios plug-in checks that specified Puppet process is running and the state file is no " +
The code:
o.separator "Mandatory arguments to long options are mandatory for " +
"short options too."
becomes:
o.separator "Mandatory arguments to long options are mandatory for short options too."
The code:
o.define_head "The check_puppet Nagios plug-in checks that specified Puppet process is running and the state file is no " +
"older than specified interval."
becomes:
o.define_head "The check_puppet Nagios plug-in checks that specified Puppet process is running and the state file is no older than specified interval."
* Replaced no occurances of do (.*?) end with {\1}
* Replaced 1488 occurances of
"([^"\n]*%s[^"\n]*)" *% *(.+?)(?=$| *\b(do|if|while|until|unless|#)\b)
with
20 Examples:
The code:
args[0].split(/\./).map do |s| "dc=%s"%[s] end.join(",")
becomes:
args[0].split(/\./).map do |s| "dc=#{s}" end.join(",")
The code:
puts "%s" % Puppet.version
becomes:
puts "#{Puppet.version}"
The code:
raise "Could not find information for %s" % node
becomes:
raise "Could not find information for #{node}"
The code:
raise Puppet::Error, "Cannot create %s: basedir %s is a file" % [dir, File.join(path)]
becomes:
raise Puppet::Error, "Cannot create #{dir}: basedir #{File.join(path)} is a file"
The code:
Puppet.err "Could not run %s: %s" % [client_class, detail]
becomes:
Puppet.err "Could not run #{client_class}: #{detail}"
The code:
raise "Could not find handler for %s" % arg
becomes:
raise "Could not find handler for #{arg}"
The code:
Puppet.err "Will not start without authorization file %s" % Puppet[:authconfig]
becomes:
Puppet.err "Will not start without authorization file #{Puppet[:authconfig]}"
The code:
raise Puppet::Error, "Could not deserialize catalog from pson: %s" % detail
becomes:
raise Puppet::Error, "Could not deserialize catalog from pson: #{detail}"
The code:
raise "Could not find facts for %s" % Puppet[:certname]
becomes:
raise "Could not find facts for #{Puppet[:certname]}"
The code:
raise ArgumentError, "%s is not readable" % path
becomes:
raise ArgumentError, "#{path} is not readable"
The code:
raise ArgumentError, "Invalid handler %s" % name
becomes:
raise ArgumentError, "Invalid handler #{name}"
The code:
debug "Executing '%s' in zone %s with '%s'" % [command, @resource[:name], str]
becomes:
debug "Executing '#{command}' in zone #{@resource[:name]} with '#{str}'"
The code:
raise Puppet::Error, "unknown cert type '%s'" % hash[:type]
becomes:
raise Puppet::Error, "unknown cert type '#{hash[:type]}'"
The code:
Puppet.info "Creating a new certificate request for %s" % Puppet[:certname]
becomes:
Puppet.info "Creating a new certificate request for #{Puppet[:certname]}"
The code:
"Cannot create alias %s: object already exists" % [name]
becomes:
"Cannot create alias #{name}: object already exists"
The code:
return "replacing from source %s with contents %s" % [metadata.source, metadata.checksum]
becomes:
return "replacing from source #{metadata.source} with contents #{metadata.checksum}"
The code:
it "should have a %s parameter" % param do
becomes:
it "should have a #{param} parameter" do
The code:
describe "when registring '%s' messages" % log do
becomes:
describe "when registring '#{log}' messages" do
The code:
paths = %w{a b c d e f g h}.collect { |l| "/tmp/iteration%stest" % l }
becomes:
paths = %w{a b c d e f g h}.collect { |l| "/tmp/iteration#{l}test" }
The code:
assert_raise(Puppet::Error, "Check '%s' did not fail on false" % check) do
becomes:
assert_raise(Puppet::Error, "Check '#{check}' did not fail on false") do
|
| |
|
|
|
|
|
|
| |
Mode is a terribly overused word. Files use it, puppetdoc uses it, and
certs use it, and those are just the places that I happened to
stumble upon. It makes reading code very confusing and finding things
in code difficult. I know namespacing allows us to reuse words for
method and variable names, but that doesn't mean we should.
|
| | |
|
| |
|
|
|
|
|
| |
Use a predicate function on the Mode object instead of comparing with
the executable name everywhere
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| |
|
|
|
|
|
| |
Update documentation strings everywhere to use single-executable
notation rather than the old executable names.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Because environments have to declare their mode before puppet tries to
load defaults.rb, it reduces the complexity considerably to have
application classes to load their lib dependencies at the last possible
moment.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| |
|
|
| |
Adds a --signed option to the --list feature that only displays signed certificates
|
| | |
|
| |
|
|
|
|
|
|
| |
Signed-off-by: Luke Kanies <luke@puppetlabs.com>
Conflicts:
lib/puppet/ssl/host.rb
|
| |
|
|
| |
Thanks to Jasper Lievisse Adriaanse for the fix.
|
| |
|
|
|
|
|
|
|
|
| |
This patch reverts the semantically significant parts of #2890 due to the
issues discussed on #3360 (security concerns when used with autosign,
inconsistency between REST & XMLRPC semantics) but leaves the semantically
neutral changes (code cleanup, added tests) in place.
This patch is intended for 0.25.x, but may also be applied as a step in the
resolution of #3450 (refactored #2890, add "remove_certs" flag) in Rolwf.
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
lib/puppet/agent.rb
lib/puppet/application/puppet.rb
lib/puppet/configurer.rb
man/man5/puppet.conf.5
spec/integration/defaults.rb
spec/unit/configurer.rb
|
| | |
| |
| |
| |
| |
| |
| | |
In my patch for #3088 I made a erroneous assumption about the ruby exception
hierarchy and thus missed the fact that Timeout::error descends from both
SignalError and Interrupt. This is a partial reversion of the patch for #3088
to let these through so that more useful error messages can be produced.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Changing rescues from the default to Exception (to catch errors that don't
descend from StandardError) had the unintended consequence of catching (and
suppressing) SystemExit.
This patch restores the behavior of by reraising the exception.
Of the other exceptions that fall through the same crack (NoMemoryError,
SignalException, LoadError, Interrupt, NotImplementedError, and ScriptError)
this patch also reraises NoMemoryError, SignalException, and Interrupt in the
same way and leaves the rest captured.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
OpenSSL::Digest.hexdigest is not available on older ruby versions.
This patch accesses directly to the digest instead (which hopefully
support hexdigest).
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch adds several things:
* certificate fingerprinting in --list mode
* a puppetca action called "--fingerprint" to display fingerprints
of given certificates (or all including CSR)
* a --fingerprint puppetd option to display client certificates
* each time a CSR is generated, its fingerprint is displayed in the log
It is also possible to use --digest in puppetca and puppetd to specify a specific digest
algorithm.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| | |
| |
| |
| |
| |
| | |
This reverts commit a9fb82b0026e75a670fec553b17de3b0f091c2a5.
An older branch was pulled
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch adds two things:
* certificate fingerprinting in --list mode
* a puppetca action called "--fingerprint" to display fingerprints
of given certificates
It is also possible to use --digest to specify a specific digest
algorithm.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |\|
| |
| |
| |
| |
| | |
Conflicts:
lib/puppet/ssl/host.rb
spec/spec_helper.rb
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch implements the two-part suggestion from the ticket;
1) a client that receives a certificate that doesn't match its current
private key does not accept, store or use the certificate--instead it
removes any locally cached copies and acts as if the certificate had
never been found.
2) a puppetmaster that receives a csr from a client for whom it already
has a signed certificate now honors the request and considers it to
supercede any previously signed certificates.
In order to make the cache expiration work as expected, I changed a few
assumptions in the caching system:
* The expiration of a cached certificate is the earlier of the envelope
expiration and the certificate's expiration, as opposed to just overriding
the cache value
* Telling the cache to expire an item now removes it from the cache if
possible, rather than just setting an expiration date in the past and
hoping that somebody notices.
Signed-off-by: Markus Roberts <Markus@reality.com>
|
| |\|
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
lib/puppet/agent.rb
lib/puppet/application/puppetd.rb
lib/puppet/parser/ast/leaf.rb
lib/puppet/util/rdoc/parser.rb
|
| | |
| |
| |
| |
| |
| | |
This was deprecated in commit 1cfb0215 and was keeping puppetd from starting in listen mode.
Signed-off-by: John A. Barbuto <jbarbuto@corp.sourceforge.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If setup code for a process depends on network connectivity
it needs to be protected with a rescue clause as much as the
main body of the process.
Further, Timeout exceptions aren't under StandardError and thus
aren't caught by an un-typed rescue clause. This doesn't matter
if we've morphed the exception, but will cause the program to
fail if we haven't.
There are many places where these concerns _might_ cause a problem
but in most cases they never will in practice; this patch addesses
the two cases where I have been able to confirm that it actually
can cause the client daemon to exit and two more where I suspect
(but can not prove) that it could.
I'd be willing to push this patch as it stands, as it at least
fixes demonstrable problems. A more general solution would be
nice.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This allows one to specify the name to use in the
CA certificate. It defaults to the :certname,
but for those stuck using mod_ssl it can be changed.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |/
|
|
| |
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
| |
This patch does two things:
* it enhance puppetca to list revoked certificates (prefixed by -)
* it fixes the ca crl verification which was broken
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| | |
|
| |
|
|
| |
requires certificate serial number to be strictly positive.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The problem was that the server had a certificate
for the client. Initially the client just didn't have a
key, because it assumed that if it had a certificate then
it had a key. Upon fixing it to create the key, the key then
did not match the found certificate.
This commit fixes both of those: The key is always found
before the certificate, and when the certificate is found
it's verified against the private key and an exception
is thrown if they don't match.
It's always a failure, so this just makes the failure
more informative.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
| |
This is important because puppetmasterd changes its configurations
a couple of times, and we need to disable any previously-created
caches.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
If the SSL Host couldn't save a CSR or key, it would still
keep them in memory; this meant that, for instance, a CSR
that couldn't be saved to the server was never resent.
This commit removes in-memory instances that couldn't be saved,
thus forcing regeneration.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
|
| |
The main aspect of this solution is to create a site-wide
Puppet::SSL::Host instance to cache ssl key and certificate,
so that by the time we've switched UIDs, we've got the key and
cert in memory. Then webrick just uses that, rather than creating
a new Host instance.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously you could dynamically use cached values, but the new interface
requires a single static declaration of the attribute:
cached_attr(:myattr) { my_init_code() }
This is cleaner, because it makes it easy to turn the code into an init method
and generally makes the whole thing easier to think about.
Most of this commit is going through the different classes that already using the
Caching engine.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
We have to have a CA cert first, because the host will
start using the client cert as soon as it's available,
but it's not functional without a CA cert.
Also removing extra stupid stuff from wait_for_cert --
the connection is now always recycled, which is much simpler.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
| |
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
| |
This happens when called over REST.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
| |
The string format no longer provides any support methods,
which means that I had to create to_multiple_s and from_multiple_s
methods on the SSL classes. I created them in the base class
and tested them just in the cert class.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
| |
It now works the way puppetd needs it to, rather
than the way I thought it would need to work.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
| |
All of the format work is done, they all
support plaintext successfully, and I've got
integration tests that demonstrate that it
actually works.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
| |
We were creating a new SSL store every time, which
caused problems during testing -- it created
an infinite loop when trying to create the
store while looking up the CRL.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
| |
None of them actually support yaml or marshal by default,
and plaintext is easiest anyway.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
