| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
These methods aren't available until Ruby 1.8.6 (Dir.mktmpdir) and Ruby 1.8.7
(Object#tap).
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This class was previously using a cached_attr for its 'localhost' attribute,
representing the Puppet::SSL::Host entry corresponding to the cert in
Puppet[:certname]. We now no longer expire this attribute. This has the effect
that a change to certname during the lifetime of an agent will not be reflected
in the certificate it uses. If this behavior is desired, it will need to be
reimplemented another way.
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
|
| |
|
|
|
|
|
|
|
| |
Allowing the singleton_instance value to be expirable is unnecessary, because
there will never be a need for a different CA instance in the lifetime of a
master. Additionally, the master never expired its cache anyway. This was only
using the cacher so it could be expired for tests, so it can safely be removed.
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Our SSL inventory was able to find the serial number of a certificate by name,
but was incapable of living up to the contract it offered, that it would
actually report when a certificate was missing.
Now it returns `nil`, which is the same case as "no inventory", if the
certificate was not found, rather than accidentally returning the entire
inventory data as raw strings.
Reviewed-By: Pieter van de Bruggen <pieter@puppetlabs.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Alternate names, if present, are specified in the subjectAltName extension of
the certificate. The values are in the form:
"DNS:alternate_name1, DNS:alternate_name2"
This helper will retrieve the value of the subjectAltName extension and extract
the alternate names, returning and empty list if the extension is absent. This
will make it easier to access the entire list of possible names for a
certificate, rather than just the common name; this is helpful for generating
more detailed SSL error messages.
Paired-With: Jacob Helwig <jacob@puppetlabs.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit introduces a new Indirector terminus, certificate_status,
which allows for signing, revoking, listing, and cleaning
SSL certificates over HTTP via REST. Documentation for these new
features can be found in our REST API documentation on the docs site:
http://docs.puppetlabs.com/guides/rest_api.html
This documentation has not been updated as of the writing of this
commit, but will be very soon. Puppet::SSL::Host is now fully integrated
into the Indirector.
Paired-with:Matt Robinson, Jacob Helwig, Jesse Wolfe, Richard Crowley,
Luke Kanies
|
| |
|
|
|
|
|
|
|
|
|
| |
This change replaces calls to <model object>.save with calls to <model
class>.indirection.save(<model object>). This makes the use of the
indirector explicit rather than implicit so that it will be easier to
search for all indirector call sites using grep. This is an
intermediate refactor on the way towards allowing indirector calls to
be explicitly routed to multiple termini.
This patch affects production code.
|
| |
|
|
|
|
|
|
| |
Autosigning was previously accomplished by overriding
CertificateRequest#save. This meant that it wouldn't work if
certificate requests were saved via a direct call to Indirection#save.
Changed it to use the indirector :extend mechanism, which works no
matter how the save is invoked.
|
| |
|
|
|
|
| |
Replaced uses of the find, search, destroy, and expire methods on
model classes with direct calls to the indirection objects. Also
removed the old methods that delegated to the indirection object.
|
| |
|
|
|
|
|
|
| |
Having a root ca_name that matches the fqdn of the puppet master would
cause certificate lookup problems on some clients, resulting in failed SSL
negotiation.
Signed-off-by: Jacob Helwig <jacob@puppetlabs.com>
|
| |
|
|
| |
Added the require.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replaced 106806 occurances of ^( +)(.*$) with
The ruby community almost universally (i.e. everyone but Luke, Markus, and the other eleven people
who learned ruby in the 1900s) uses two-space indentation.
3 Examples:
The code:
end
# Tell getopt which arguments are valid
def test_get_getopt_args
element = Setting.new :name => "foo", :desc => "anything", :settings => Puppet::Util::Settings.new
assert_equal([["--foo", GetoptLong::REQUIRED_ARGUMENT]], element.getopt_args, "Did not produce appropriate getopt args")
becomes:
end
# Tell getopt which arguments are valid
def test_get_getopt_args
element = Setting.new :name => "foo", :desc => "anything", :settings => Puppet::Util::Settings.new
assert_equal([["--foo", GetoptLong::REQUIRED_ARGUMENT]], element.getopt_args, "Did not produce appropriate getopt args")
The code:
assert_equal(str, val)
assert_instance_of(Float, result)
end
# Now test it with a passed object
becomes:
assert_equal(str, val)
assert_instance_of(Float, result)
end
# Now test it with a passed object
The code:
end
assert_nothing_raised do
klass[:Yay] = "boo"
klass["Cool"] = :yayness
end
becomes:
end
assert_nothing_raised do
klass[:Yay] = "boo"
klass["Cool"] = :yayness
end
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Replaced 704 occurances of (.*)\b([a-z_]+)\(\) with \1\2
3 Examples:
The code:
ctx = OpenSSL::SSL::SSLContext.new()
becomes:
ctx = OpenSSL::SSL::SSLContext.new
The code:
skip()
becomes:
skip
The code:
path = tempfile()
becomes:
path = tempfile
* Replaced 31 occurances of ^( *)end *#.* with \1end
3 Examples:
The code:
becomes:
The code:
end # Dir.foreach
becomes:
end
The code:
end # def
becomes:
end
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replaced 33 occurances of
([$@]?\w+)( +[|&+-]{0,2}= .+)
\1
end
with
3 Examples:
The code:
@sync ||= Sync.new
@sync
end
becomes:
@sync ||= Sync.new
end
The code:
str += "\n"
str
end
becomes:
str += "\n"
end
The code:
@indirection = Puppet::Indirector::Indirection.new(self, indirection, options)
@indirection
end
becomes:
@indirection = Puppet::Indirector::Indirection.new(self, indirection, options)
end
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replaced 55 occurances of
([$@]?\w+) += +(.*) +(if +\1.nil\?|if +! *\1|unless +\1|unless +defined\?\(\1\))$
with
\1 ||= \2
3 Examples:
The code:
@sync
becomes:
@sync
The code:
becomes:
The code:
if @yydebug
becomes:
if @yydebug
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Replaced 53 occurances of
defined\?\((.+?)\) (?:and|&&) \1( |$)
with
\1\2
In code like:
unless defined? @foo and @foo and bar("baz")
"defined? @foo and @foo" can safely be replaced with "@foo":
unless @foo and bar("baz")
Because:
* Both evaluate to false/nil when @foo is not defined
* Both evaluate to @foo when @foo is defined
3 Examples:
The code:
@sync = Sync.new unless defined?(@sync) and @sync
becomes:
@sync = Sync.new unless @sync
The code:
unless defined?(@content) and @content
becomes:
unless @content
The code:
raise(ArgumentError, "Already handling indirection for #{@indirection.name}; cannot also handle #{indirection}") if defined?(@indirection) and @indirection
becomes:
raise(ArgumentError, "Already handling indirection for #{@indirection.name}; cannot also handle #{indirection}") if @indirection
* Replaced 2 occurances of
defined\?\((.+?)\) (?:and|&&) ! *\1.nil\?
with
!\1.nil?
In code like:
while defined? @foo and ! @foo.nil? ...
"defined? @foo and ! @foo.nil?" can safely be replaced with "! @foo.nil?":
while ! @foo.nil? ...
Because:
* Both evaluate to false/nil when @foo is not defined
* Both evaluate to "! @foo.nil?" when @foo is defined
2 Examples:
The code:
!!(defined?(@value) and ! @value.nil?)
becomes:
!!(!@value.nil?)
The code:
self.init unless defined?(@@state) and ! @@state.nil?
becomes:
self.init unless !@@state.nil?
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replaced 583 occurances of
(DEF)
(LINES)
return (.*)
end
with
3 Examples:
The code:
def consolidate_failures(failed)
filters = Hash.new { |h,k| h[k] = [] }
failed.each do |spec, failed_trace|
if f = test_files_for(failed).find { |f| failed_trace =~ Regexp.new(f) }
filters[f] << spec
break
end
end
return filters
end
becomes:
def consolidate_failures(failed)
filters = Hash.new { |h,k| h[k] = [] }
failed.each do |spec, failed_trace|
if f = test_files_for(failed).find { |f| failed_trace =~ Regexp.new(f) }
filters[f] << spec
break
end
end
filters
end
The code:
def retrieve
return_value = super
return_value = return_value[0] if return_value && return_value.is_a?(Array)
return return_value
end
becomes:
def retrieve
return_value = super
return_value = return_value[0] if return_value && return_value.is_a?(Array)
return_value
end
The code:
def fake_fstab
os = Facter['operatingsystem']
if os == "Solaris"
name = "solaris.fstab"
elsif os == "FreeBSD"
name = "freebsd.fstab"
else
# Catchall for other fstabs
name = "linux.fstab"
end
oldpath = @provider_class.default_target
return fakefile(File::join("data/types/mount", name))
end
becomes:
def fake_fstab
os = Facter['operatingsystem']
if os == "Solaris"
name = "solaris.fstab"
elsif os == "FreeBSD"
name = "freebsd.fstab"
else
# Catchall for other fstabs
name = "linux.fstab"
end
oldpath = @provider_class.default_target
fakefile(File::join("data/types/mount", name))
end
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Replaced 2 occurances of
def (.*)
begin
(.*) = Integer\((.*)\)
return \2
rescue ArgumentError
\2 = nil
end
if \2 = (.*)
return \2
else
return false
end
end
with
2 Examples:
The code:
def validuser?(value)
begin
number = Integer(value)
return number
rescue ArgumentError
number = nil
end
if number = uid(value)
return number
else
return false
end
end
becomes:
def validuser?(value)
Integer(value) rescue uid(value) || false
end
The code:
def validgroup?(value)
begin
number = Integer(value)
return number
rescue ArgumentError
number = nil
end
if number = gid(value)
return number
else
return false
end
end
becomes:
def validgroup?(value)
Integer(value) rescue gid(value) || false
end
* Replaced 28 occurances of
return (.*?) if (.*)
return (.*)
with
3 Examples:
The code:
return send(options[:mode]) if [:rdoc, :trac, :markdown].include?(options[:mode])
return other
becomes:
return[:rdoc, :trac, :markdown].include?(options[:mode]) ? send(options[:mode]) : other
The code:
return true if known_resource_types.definition(name)
return false
becomes:
return(known_resource_types.definition(name) ? true : false)
The code:
return :rest if request.protocol == 'https'
return Puppet::FileBucket::File.indirection.terminus_class
becomes:
return(request.protocol == 'https' ? :rest : Puppet::FileBucket::File.indirection.terminus_class)
* Replaced no occurances of
return (.*?) unless (.*)
return (.*)
with
* Replaced 7 occurances of
if (.*)
(.*[^:])false
else
\2true
end
with
3 Examples:
The code:
if RUBY_PLATFORM == "i386-mswin32"
InstallOptions.ri = false
else
InstallOptions.ri = true
end
becomes:
InstallOptions.ri = RUBY_PLATFORM != "i386-mswin32"
The code:
if options[:references].length > 1
with_contents = false
else
with_contents = true
end
becomes:
with_contents = options[:references].length <= 1
The code:
if value == false or value == "" or value == :undef
return false
else
return true
end
becomes:
return (value != false and value != "" and value != :undef)
* Replaced 19 occurances of
if (.*)
(.*[^:])true
else
\2false
end
with
3 Examples:
The code:
if Puppet::Util::Log.level == :debug
return true
else
return false
end
becomes:
return Puppet::Util::Log.level == :debug
The code:
if satisfies?(*features)
return true
else
return false
end
becomes:
return !!satisfies?(*features)
The code:
if self.class.parsed_auth_db.has_key?(resource[:name])
return true
else
return false
end
becomes:
return !!self.class.parsed_auth_db.has_key?(resource[:name])
* Replaced 1 occurance of
if ([a-z_]) = (.*)
(.*[^:])\1
else
\3(.*)
end
with
1 Example:
The code:
if c = self.send(@subclassname, method)
return c
else
return nil
end
becomes:
return self.send(@subclassname, method) || nil
* Replaced 2 occurances of
if (.*)
(.*[^:])\1
else
\2false
end
with
2 Examples:
The code:
if hash[:Local]
@local = hash[:Local]
else
@local = false
end
becomes:
@local = hash[:Local]
The code:
if hash[:Local]
@local = hash[:Local]
else
@local = false
end
becomes:
@local = hash[:Local]
* Replaced 10 occurances of
if (.*)
(.*[^:])(.*)
else
\2false
end
with
3 Examples:
The code:
if defined?(@isnamevar)
return @isnamevar
else
return false
end
becomes:
return defined?(@isnamevar) && @isnamevar
The code:
if defined?(@required)
return @required
else
return false
end
becomes:
return defined?(@required) && @required
The code:
if number = uid(value)
return number
else
return false
end
becomes:
return (number = uid(value)) && number
* Replaced no occurances of
if (.*)
(.*[^:])nil
else
\2(true)
end
with
* Replaced no occurances of
if (.*)
(.*[^:])true
else
\2nil
end
with
* Replaced no occurances of
if (.*)
(.*[^:])\1
else
\2nil
end
with
* Replaced 23 occurances of
if (.*)
(.*[^:])(.*)
else
\2nil
end
with
3 Examples:
The code:
if node = Puppet::Node.find(hostname)
env = node.environment
else
env = nil
end
becomes:
env = (node = Puppet::Node.find(hostname)) ? node.environment : nil
The code:
if mod = Puppet::Node::Environment.new(env).module(module_name) and mod.files?
return @mounts[MODULES].copy(mod.name, mod.file_directory)
else
return nil
end
becomes:
return (mod = Puppet::Node::Environment.new(env).module(module_name) and mod.files?) ? @mounts[MODULES].copy(mod.name, mod.file_directory) : nil
The code:
if hash.include?(:CA) and hash[:CA]
@ca = Puppet::SSLCertificates::CA.new()
else
@ca = nil
end
becomes:
@ca = (hash.include?(:CA) and hash[:CA]) ? Puppet::SSLCertificates::CA.new() : nil
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Replaced 6 occurances of (while .*?) *do$ with
The do is unneeded in the block header form and causes problems
with the block-to-one-line transformation.
3 Examples:
The code:
while line = f.gets do
becomes:
while line = f.gets
The code:
while line = shadow.gets do
becomes:
while line = shadow.gets
The code:
while wrapper = zeros.pop do
becomes:
while wrapper = zeros.pop
* Replaced 19 occurances of ((if|unless) .*?) *then$ with
The then is unneeded in the block header form and causes problems
with the block-to-one-line transformation.
3 Examples:
The code:
if f = test_files_for(failed).find { |f| failed_trace =~ Regexp.new(f) } then
becomes:
if f = test_files_for(failed).find { |f| failed_trace =~ Regexp.new(f) }
The code:
unless defined?(@spec_command) then
becomes:
unless defined?(@spec_command)
The code:
if c == ?\n then
becomes:
if c == ?\n
* Replaced 758 occurances of
((?:if|unless|while|until) .*)
(.*)
end
with
The one-line form is preferable provided:
* The condition is not used to assign a variable
* The body line is not already modified
* The resulting line is not too long
3 Examples:
The code:
if Puppet.features.libshadow?
has_feature :manages_passwords
end
becomes:
has_feature :manages_passwords if Puppet.features.libshadow?
The code:
unless (defined?(@current_pool) and @current_pool)
@current_pool = process_zpool_data(get_pool_data)
end
becomes:
@current_pool = process_zpool_data(get_pool_data) unless (defined?(@current_pool) and @current_pool)
The code:
if Puppet[:trace]
puts detail.backtrace
end
becomes:
puts detail.backtrace if Puppet[:trace]
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Replaced 83 occurances of
(.*)" *[+] *([$@]?[\w_0-9.:]+?)(.to_s\b)?(?! *[*(%\w_0-9.:{\[])
with
\1#{\2}"
3 Examples:
The code:
puts "PUPPET " + status + ": " + process + ", " + state
becomes:
puts "PUPPET " + status + ": " + process + ", #{state}"
The code:
puts "PUPPET " + status + ": #{process}" + ", #{state}"
becomes:
puts "PUPPET #{status}" + ": #{process}" + ", #{state}"
The code:
}.compact.join( "\n" ) + "\n" + t + "]\n"
becomes:
}.compact.join( "\n" ) + "\n#{t}" + "]\n"
* Replaced 21 occurances of (.*)" *[+] *" with \1
3 Examples:
The code:
puts "PUPPET #{status}" + ": #{process}" + ", #{state}"
becomes:
puts "PUPPET #{status}" + ": #{process}, #{state}"
The code:
puts "PUPPET #{status}" + ": #{process}, #{state}"
becomes:
puts "PUPPET #{status}: #{process}, #{state}"
The code:
res = self.class.name + ": #{@name}" + "\n"
becomes:
res = self.class.name + ": #{@name}\n"
* Don't use string concatenation to split lines unless they would be very long.
Replaced 11 occurances of
(.*)(['"]) *[+]
*(['"])(.*)
with
3 Examples:
The code:
o.define_head "The check_puppet Nagios plug-in checks that specified " +
"Puppet process is running and the state file is no " +
becomes:
o.define_head "The check_puppet Nagios plug-in checks that specified Puppet process is running and the state file is no " +
The code:
o.separator "Mandatory arguments to long options are mandatory for " +
"short options too."
becomes:
o.separator "Mandatory arguments to long options are mandatory for short options too."
The code:
o.define_head "The check_puppet Nagios plug-in checks that specified Puppet process is running and the state file is no " +
"older than specified interval."
becomes:
o.define_head "The check_puppet Nagios plug-in checks that specified Puppet process is running and the state file is no older than specified interval."
* Replaced no occurances of do (.*?) end with {\1}
* Replaced 1488 occurances of
"([^"\n]*%s[^"\n]*)" *% *(.+?)(?=$| *\b(do|if|while|until|unless|#)\b)
with
20 Examples:
The code:
args[0].split(/\./).map do |s| "dc=%s"%[s] end.join(",")
becomes:
args[0].split(/\./).map do |s| "dc=#{s}" end.join(",")
The code:
puts "%s" % Puppet.version
becomes:
puts "#{Puppet.version}"
The code:
raise "Could not find information for %s" % node
becomes:
raise "Could not find information for #{node}"
The code:
raise Puppet::Error, "Cannot create %s: basedir %s is a file" % [dir, File.join(path)]
becomes:
raise Puppet::Error, "Cannot create #{dir}: basedir #{File.join(path)} is a file"
The code:
Puppet.err "Could not run %s: %s" % [client_class, detail]
becomes:
Puppet.err "Could not run #{client_class}: #{detail}"
The code:
raise "Could not find handler for %s" % arg
becomes:
raise "Could not find handler for #{arg}"
The code:
Puppet.err "Will not start without authorization file %s" % Puppet[:authconfig]
becomes:
Puppet.err "Will not start without authorization file #{Puppet[:authconfig]}"
The code:
raise Puppet::Error, "Could not deserialize catalog from pson: %s" % detail
becomes:
raise Puppet::Error, "Could not deserialize catalog from pson: #{detail}"
The code:
raise "Could not find facts for %s" % Puppet[:certname]
becomes:
raise "Could not find facts for #{Puppet[:certname]}"
The code:
raise ArgumentError, "%s is not readable" % path
becomes:
raise ArgumentError, "#{path} is not readable"
The code:
raise ArgumentError, "Invalid handler %s" % name
becomes:
raise ArgumentError, "Invalid handler #{name}"
The code:
debug "Executing '%s' in zone %s with '%s'" % [command, @resource[:name], str]
becomes:
debug "Executing '#{command}' in zone #{@resource[:name]} with '#{str}'"
The code:
raise Puppet::Error, "unknown cert type '%s'" % hash[:type]
becomes:
raise Puppet::Error, "unknown cert type '#{hash[:type]}'"
The code:
Puppet.info "Creating a new certificate request for %s" % Puppet[:certname]
becomes:
Puppet.info "Creating a new certificate request for #{Puppet[:certname]}"
The code:
"Cannot create alias %s: object already exists" % [name]
becomes:
"Cannot create alias #{name}: object already exists"
The code:
return "replacing from source %s with contents %s" % [metadata.source, metadata.checksum]
becomes:
return "replacing from source #{metadata.source} with contents #{metadata.checksum}"
The code:
it "should have a %s parameter" % param do
becomes:
it "should have a #{param} parameter" do
The code:
describe "when registring '%s' messages" % log do
becomes:
describe "when registring '#{log}' messages" do
The code:
paths = %w{a b c d e f g h}.collect { |l| "/tmp/iteration%stest" % l }
becomes:
paths = %w{a b c d e f g h}.collect { |l| "/tmp/iteration#{l}test" }
The code:
assert_raise(Puppet::Error, "Check '%s' did not fail on false" % check) do
becomes:
assert_raise(Puppet::Error, "Check '#{check}' did not fail on false") do
|
| |
|
|
|
|
|
|
| |
Mode is a terribly overused word. Files use it, puppetdoc uses it, and
certs use it, and those are just the places that I happened to
stumble upon. It makes reading code very confusing and finding things
in code difficult. I know namespacing allows us to reuse words for
method and variable names, but that doesn't mean we should.
|
| | |
|
| |
|
|
|
|
|
| |
Use a predicate function on the Mode object instead of comparing with
the executable name everywhere
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| |
|
|
|
|
|
| |
Update documentation strings everywhere to use single-executable
notation rather than the old executable names.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Because environments have to declare their mode before puppet tries to
load defaults.rb, it reduces the complexity considerably to have
application classes to load their lib dependencies at the last possible
moment.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| |
|
|
| |
Adds a --signed option to the --list feature that only displays signed certificates
|
| | |
|
| |
|
|
|
|
|
|
| |
Signed-off-by: Luke Kanies <luke@puppetlabs.com>
Conflicts:
lib/puppet/ssl/host.rb
|
| |
|
|
| |
Thanks to Jasper Lievisse Adriaanse for the fix.
|
| |
|
|
|
|
|
|
|
|
| |
This patch reverts the semantically significant parts of #2890 due to the
issues discussed on #3360 (security concerns when used with autosign,
inconsistency between REST & XMLRPC semantics) but leaves the semantically
neutral changes (code cleanup, added tests) in place.
This patch is intended for 0.25.x, but may also be applied as a step in the
resolution of #3450 (refactored #2890, add "remove_certs" flag) in Rolwf.
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
lib/puppet/agent.rb
lib/puppet/application/puppet.rb
lib/puppet/configurer.rb
man/man5/puppet.conf.5
spec/integration/defaults.rb
spec/unit/configurer.rb
|
| | |
| |
| |
| |
| |
| |
| | |
In my patch for #3088 I made a erroneous assumption about the ruby exception
hierarchy and thus missed the fact that Timeout::error descends from both
SignalError and Interrupt. This is a partial reversion of the patch for #3088
to let these through so that more useful error messages can be produced.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Changing rescues from the default to Exception (to catch errors that don't
descend from StandardError) had the unintended consequence of catching (and
suppressing) SystemExit.
This patch restores the behavior of by reraising the exception.
Of the other exceptions that fall through the same crack (NoMemoryError,
SignalException, LoadError, Interrupt, NotImplementedError, and ScriptError)
this patch also reraises NoMemoryError, SignalException, and Interrupt in the
same way and leaves the rest captured.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
OpenSSL::Digest.hexdigest is not available on older ruby versions.
This patch accesses directly to the digest instead (which hopefully
support hexdigest).
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch adds several things:
* certificate fingerprinting in --list mode
* a puppetca action called "--fingerprint" to display fingerprints
of given certificates (or all including CSR)
* a --fingerprint puppetd option to display client certificates
* each time a CSR is generated, its fingerprint is displayed in the log
It is also possible to use --digest in puppetca and puppetd to specify a specific digest
algorithm.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| | |
| |
| |
| |
| |
| | |
This reverts commit a9fb82b0026e75a670fec553b17de3b0f091c2a5.
An older branch was pulled
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch adds two things:
* certificate fingerprinting in --list mode
* a puppetca action called "--fingerprint" to display fingerprints
of given certificates
It is also possible to use --digest to specify a specific digest
algorithm.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |\|
| |
| |
| |
| |
| | |
Conflicts:
lib/puppet/ssl/host.rb
spec/spec_helper.rb
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch implements the two-part suggestion from the ticket;
1) a client that receives a certificate that doesn't match its current
private key does not accept, store or use the certificate--instead it
removes any locally cached copies and acts as if the certificate had
never been found.
2) a puppetmaster that receives a csr from a client for whom it already
has a signed certificate now honors the request and considers it to
supercede any previously signed certificates.
In order to make the cache expiration work as expected, I changed a few
assumptions in the caching system:
* The expiration of a cached certificate is the earlier of the envelope
expiration and the certificate's expiration, as opposed to just overriding
the cache value
* Telling the cache to expire an item now removes it from the cache if
possible, rather than just setting an expiration date in the past and
hoping that somebody notices.
Signed-off-by: Markus Roberts <Markus@reality.com>
|
| |\|
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
lib/puppet/agent.rb
lib/puppet/application/puppetd.rb
lib/puppet/parser/ast/leaf.rb
lib/puppet/util/rdoc/parser.rb
|
| | |
| |
| |
| |
| |
| | |
This was deprecated in commit 1cfb0215 and was keeping puppetd from starting in listen mode.
Signed-off-by: John A. Barbuto <jbarbuto@corp.sourceforge.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If setup code for a process depends on network connectivity
it needs to be protected with a rescue clause as much as the
main body of the process.
Further, Timeout exceptions aren't under StandardError and thus
aren't caught by an un-typed rescue clause. This doesn't matter
if we've morphed the exception, but will cause the program to
fail if we haven't.
There are many places where these concerns _might_ cause a problem
but in most cases they never will in practice; this patch addesses
the two cases where I have been able to confirm that it actually
can cause the client daemon to exit and two more where I suspect
(but can not prove) that it could.
I'd be willing to push this patch as it stands, as it at least
fixes demonstrable problems. A more general solution would be
nice.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This allows one to specify the name to use in the
CA certificate. It defaults to the :certname,
but for those stuck using mod_ssl it can be changed.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |/
|
|
| |
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
| |
This patch does two things:
* it enhance puppetca to list revoked certificates (prefixed by -)
* it fixes the ca crl verification which was broken
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| | |
|
| |
|
|
| |
requires certificate serial number to be strictly positive.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The problem was that the server had a certificate
for the client. Initially the client just didn't have a
key, because it assumed that if it had a certificate then
it had a key. Upon fixing it to create the key, the key then
did not match the found certificate.
This commit fixes both of those: The key is always found
before the certificate, and when the certificate is found
it's verified against the private key and an exception
is thrown if they don't match.
It's always a failure, so this just makes the failure
more informative.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
| |
This is important because puppetmasterd changes its configurations
a couple of times, and we need to disable any previously-created
caches.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
If the SSL Host couldn't save a CSR or key, it would still
keep them in memory; this meant that, for instance, a CSR
that couldn't be saved to the server was never resent.
This commit removes in-memory instances that couldn't be saved,
thus forcing regeneration.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
