| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\
| |
| |
| |
| |
| |
| |
| | |
* 2.7.x:
Deprecate RestAuthConfig#allowed? in favor of #check_authorization
Fix #6026 - security file should support inline comments
Fix #5010 - Allow leading whitespace in auth.conf
Fix #5777 - rule interpolation broke auth.conf CIDR rules
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
#allowed? was a poorly named method since it isn't actually a predicate
method. Instead of returning a boolean, this methods throws an
exception when the access is denied (in order to keep the full context
of what ACE triggered the deny).
Given that #allowed? was overriding the behavior from AuthConfig, we
leave a version of #allowed? in place that will issue a deprecation
warning before delegating to #check_authorization. Once support for
XML-RPC agents is removed from the master, we will be able to remove
this delegation, since there should no longer be a reason for a
distinction between AuthConfig and RestAuthConfig.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
Signed-off-by: Jacob Helwig <jacob@puppetlabs.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Auth.conf, namespaceauth.conf and fileserver.conf were not supporting
trailing inlined comments.
Also this commit fixes some indentation and error management.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| | |
| |
| |
| |
| |
| |
| | |
The regex used to detect ACE is too lax and would allow trailing
spaces to sneak in, which in turn would confuse the ACE parser.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Due to the interpolation performed to support regex back-references,
various type of rules (mainly IP CIDR notations and wildcard hosts)
were not working anymore.
This patch adds an auth.conf integration test that covers most
of the various rules types.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Ruby does not support creating symlinks on Windows (though Windows does
support them), and since the tidy spec test is designed to reproduce a
specific bug (as opposed to testing symlink functionality on Windows) it
has been disabled.
Ruby on Windows also does not support File.chmod, so the inspect spec
test has been disabled. The general issue of File.chmod on Windows is
something I know needs to be investigated.
Also disabled the cron spec test as this functionality will not be
supported on Windows (instead there will be task manager support).
Re-enable the autoload spec tests as those now pass on Windows (this is
probably due to the cacher changes recently made).
The inventory ssl spec is not supported on Windows and so is disabled.
However, while researching the failure, it was due to
Time.now.strftime("%Z") returning "Pacific Daylight Time" on Windows,
instead of "PDT" like it does on other platforms. As a result, the split
method was sometimes splitting in the wrong place.
As far as I can tell, the inventory code is only called from the CA (to
keep track of serial numbers for certs that it has issued). But it's
something to watch out for on Windows when calling strftime.
Webrick, fileserver and CA functionality are not supported on Windows so
these spec tests are disabled.
Also fix path issue with catalog spec.
Also several spec tests were creating tempfiles manually and calling
system("rm -rf ..."), these have been replaced with
PuppetSpec::Files.tmpdir.
Reviewed-by: Jacob Helwig <jacob@puppetlabs.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We have removed every usage of cached_attr in which the attribute needs to be
manually expired. Thus, the only meaningful behavior provided by
Puppet::Util::Cacher is expiration based on TTLs. This commit reworks the
cacher to only support that behavior.
Rather than accepting an options hash, of which :ttl is the only available
option, cached_attr now requires a second argument, which is the TTL.
TTLs are now used to compute expirations, which are stored and used for
expiring values. Previously, we stored a timestamp and used it and the TTL to
determine whether the attribute was expired. This had the potentially
undesirable side effect that the lifetime of a cached attribute could be
extended after its insertion by modifying the TTL setting for the cache. Now,
the lifetime of an attribute is determined when it is set, and is thereafter
immutable, aside from deliberately re-setting the expiration for that
particular attribute.
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By running:
rspec spec --tag ~@fails_on_ruby_1.9.2
We can now just run the specs that pass under Ruby 1.9. Obviously in
the long term we want to have all the specs passing, but until then we
need notification when we regress. From now on new code will be
required to pass under Ruby 1.9, and Jenkins will give us email
notification if it doesn't or if we break something that was already
working.
Reviewed-by: Daniel Pittman <daniel@puppetlabs.com>
|
| |
|
|
|
|
|
| |
We now use a shebang of: #!/usr/bin/env rspec
This enables the direct execution of spec tests again, which was lost earlier
during the transition to more directly using the rspec2 runtime environment.
|
| |
|
|
|
|
|
|
|
|
|
| |
rspec2 automatically sets a bunch of load-path stuff we were by hand, so we
can just stop. As a side-effect we can now avoid a whole pile of stupid things
to try and include the spec_helper.rb file...
...and then we can stop protecting spec_helper from evaluating twice, since we
now require it with a consistent name. Yay.
Reviewed-By: Pieter van de Bruggen <pieter@puppetlabs.com>
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
Rakefile
lib/puppet/resource/type_collection.rb
lib/puppet/simple_graph.rb
lib/puppet/transaction.rb
lib/puppet/transaction/report.rb
lib/puppet/util/metric.rb
spec/integration/indirector/report/rest_spec.rb
spec/spec_specs/runnable_spec.rb
spec/unit/configurer_spec.rb
spec/unit/indirector_spec.rb
spec/unit/transaction/change_spec.rb
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
The biggest change is that we no longer need to monkey patch rspec to
get confine behavior. Describe blocks can now be conditional like
confine used to be. "describe" blocks with "shared => true" are now
"shared_examples_for".
Paired-With: Nick Lewis
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Doing a require to a relative path can cause files to be required more
than once when they're required from different relative paths. If you
expand the path fully, this won't happen. Ruby 1.9 also requires that
you use expand_path when doing these requires.
Paired-with: Jesse Wolfe
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If you ran two tests in the following order:
spec spec/integration/network/server/webrick_spec.rb spec/unit/ssl/certificate_request_spec.rb
You got the following test failure:
Cannot save me; parent directory /dev/null/ssl/certificate_requests does not exist
Paired-with: Paul Berry
|
| |/
|
|
|
|
| |
Replaced uses of the find, search, destroy, and expire methods on
model classes with direct calls to the indirection objects. This
change affects tests only.
|
| |
|
|
|
|
|
| |
These specs 'use' some settings which create directories belonging
to the 'service' user/group. If the default service group doesn't
exist, these fail. This patch explicitly sets the service group to
the gid of the process, which is known to be accessible by the user.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replaced 106806 occurances of ^( +)(.*$) with
The ruby community almost universally (i.e. everyone but Luke, Markus, and the other eleven people
who learned ruby in the 1900s) uses two-space indentation.
3 Examples:
The code:
end
# Tell getopt which arguments are valid
def test_get_getopt_args
element = Setting.new :name => "foo", :desc => "anything", :settings => Puppet::Util::Settings.new
assert_equal([["--foo", GetoptLong::REQUIRED_ARGUMENT]], element.getopt_args, "Did not produce appropriate getopt args")
becomes:
end
# Tell getopt which arguments are valid
def test_get_getopt_args
element = Setting.new :name => "foo", :desc => "anything", :settings => Puppet::Util::Settings.new
assert_equal([["--foo", GetoptLong::REQUIRED_ARGUMENT]], element.getopt_args, "Did not produce appropriate getopt args")
The code:
assert_equal(str, val)
assert_instance_of(Float, result)
end
# Now test it with a passed object
becomes:
assert_equal(str, val)
assert_instance_of(Float, result)
end
# Now test it with a passed object
The code:
end
assert_nothing_raised do
klass[:Yay] = "boo"
klass["Cool"] = :yayness
end
becomes:
end
assert_nothing_raised do
klass[:Yay] = "boo"
klass["Cool"] = :yayness
end
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Replaced 83 occurances of
(.*)" *[+] *([$@]?[\w_0-9.:]+?)(.to_s\b)?(?! *[*(%\w_0-9.:{\[])
with
\1#{\2}"
3 Examples:
The code:
puts "PUPPET " + status + ": " + process + ", " + state
becomes:
puts "PUPPET " + status + ": " + process + ", #{state}"
The code:
puts "PUPPET " + status + ": #{process}" + ", #{state}"
becomes:
puts "PUPPET #{status}" + ": #{process}" + ", #{state}"
The code:
}.compact.join( "\n" ) + "\n" + t + "]\n"
becomes:
}.compact.join( "\n" ) + "\n#{t}" + "]\n"
* Replaced 21 occurances of (.*)" *[+] *" with \1
3 Examples:
The code:
puts "PUPPET #{status}" + ": #{process}" + ", #{state}"
becomes:
puts "PUPPET #{status}" + ": #{process}, #{state}"
The code:
puts "PUPPET #{status}" + ": #{process}, #{state}"
becomes:
puts "PUPPET #{status}: #{process}, #{state}"
The code:
res = self.class.name + ": #{@name}" + "\n"
becomes:
res = self.class.name + ": #{@name}\n"
* Don't use string concatenation to split lines unless they would be very long.
Replaced 11 occurances of
(.*)(['"]) *[+]
*(['"])(.*)
with
3 Examples:
The code:
o.define_head "The check_puppet Nagios plug-in checks that specified " +
"Puppet process is running and the state file is no " +
becomes:
o.define_head "The check_puppet Nagios plug-in checks that specified Puppet process is running and the state file is no " +
The code:
o.separator "Mandatory arguments to long options are mandatory for " +
"short options too."
becomes:
o.separator "Mandatory arguments to long options are mandatory for short options too."
The code:
o.define_head "The check_puppet Nagios plug-in checks that specified Puppet process is running and the state file is no " +
"older than specified interval."
becomes:
o.define_head "The check_puppet Nagios plug-in checks that specified Puppet process is running and the state file is no older than specified interval."
* Replaced no occurances of do (.*?) end with {\1}
* Replaced 1488 occurances of
"([^"\n]*%s[^"\n]*)" *% *(.+?)(?=$| *\b(do|if|while|until|unless|#)\b)
with
20 Examples:
The code:
args[0].split(/\./).map do |s| "dc=%s"%[s] end.join(",")
becomes:
args[0].split(/\./).map do |s| "dc=#{s}" end.join(",")
The code:
puts "%s" % Puppet.version
becomes:
puts "#{Puppet.version}"
The code:
raise "Could not find information for %s" % node
becomes:
raise "Could not find information for #{node}"
The code:
raise Puppet::Error, "Cannot create %s: basedir %s is a file" % [dir, File.join(path)]
becomes:
raise Puppet::Error, "Cannot create #{dir}: basedir #{File.join(path)} is a file"
The code:
Puppet.err "Could not run %s: %s" % [client_class, detail]
becomes:
Puppet.err "Could not run #{client_class}: #{detail}"
The code:
raise "Could not find handler for %s" % arg
becomes:
raise "Could not find handler for #{arg}"
The code:
Puppet.err "Will not start without authorization file %s" % Puppet[:authconfig]
becomes:
Puppet.err "Will not start without authorization file #{Puppet[:authconfig]}"
The code:
raise Puppet::Error, "Could not deserialize catalog from pson: %s" % detail
becomes:
raise Puppet::Error, "Could not deserialize catalog from pson: #{detail}"
The code:
raise "Could not find facts for %s" % Puppet[:certname]
becomes:
raise "Could not find facts for #{Puppet[:certname]}"
The code:
raise ArgumentError, "%s is not readable" % path
becomes:
raise ArgumentError, "#{path} is not readable"
The code:
raise ArgumentError, "Invalid handler %s" % name
becomes:
raise ArgumentError, "Invalid handler #{name}"
The code:
debug "Executing '%s' in zone %s with '%s'" % [command, @resource[:name], str]
becomes:
debug "Executing '#{command}' in zone #{@resource[:name]} with '#{str}'"
The code:
raise Puppet::Error, "unknown cert type '%s'" % hash[:type]
becomes:
raise Puppet::Error, "unknown cert type '#{hash[:type]}'"
The code:
Puppet.info "Creating a new certificate request for %s" % Puppet[:certname]
becomes:
Puppet.info "Creating a new certificate request for #{Puppet[:certname]}"
The code:
"Cannot create alias %s: object already exists" % [name]
becomes:
"Cannot create alias #{name}: object already exists"
The code:
return "replacing from source %s with contents %s" % [metadata.source, metadata.checksum]
becomes:
return "replacing from source #{metadata.source} with contents #{metadata.checksum}"
The code:
it "should have a %s parameter" % param do
becomes:
it "should have a #{param} parameter" do
The code:
describe "when registring '%s' messages" % log do
becomes:
describe "when registring '#{log}' messages" do
The code:
paths = %w{a b c d e f g h}.collect { |l| "/tmp/iteration%stest" % l }
becomes:
paths = %w{a b c d e f g h}.collect { |l| "/tmp/iteration#{l}test" }
The code:
assert_raise(Puppet::Error, "Check '%s' did not fail on false" % check) do
becomes:
assert_raise(Puppet::Error, "Check '#{check}' did not fail on false") do
|
| |
|
|
|
|
| |
This patch prevents specs from opening IP ports to the world.
Some specs had to be adjusted to unset this setting so they could test
the non-spec default value.
|
| |
|
|
|
|
|
|
|
| |
Some spec files like active_record.rb had names that would confuse the
load path and get loaded instead of the intended implentation when the
spec was run from the same directory as the file.
Author: Matt Robinson <matt@puppetlabs.com>
Date: Fri Jun 11 15:29:33 2010 -0700
|
| |
|
|
|
|
|
| |
The XMLRPC interface for RAL resources was broken, and has been
completely replaced by the REST interface.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
FileBucket Files have been reimplemented as an indirector terminus so that
they can be transmitted over REST.
The old Network::Client.dipper has been replaced with a compatibility later
in FileBucket::Dipper that uses the indirector to access filebucket termini.
Slightly revised patch:
* No longer allows nil contents in FileBucket outside of initialization
* Uses File.exist? instead of the deprecated File.exists?
* Tweaks JSON serialization and de-serialization to include "path"
Deferred issues:
* Feature #3371 "FileBucket should not keep files in memory".
* Feature #3372 "Replace FileBucket Dipper with more idiomatic calls"
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bundeling and renaming the pure ruby json library to addresses a
number of cross version serliaization bugs (#2615, et al).
This patch adds a subset of the files from the json_pure gem to
lib/puppet/external/pson (renamed to avoid conflicts with rails) so
that we will always have a known-good erialization format available.
The pure ruby json gem as distibuted defers to the compiled version
if it is installed. This is problematic in some circumstances so the
files that have been brought over have been modified to always and
only use the bundled version.
It's a large patch, so here's a breakdown of the change categories:
The majority of the lines are only marginally interesting:
* The json lib itself (in lib/puppet/external/pson) make up the bulk
of the lines.
* Renaming of json to pson make up the second largest group.
Somewhat more interesting are the following, which can be located by
searching the diffs for the indicated strings:
* Adjusting tests to reflect the changes
* Changing the encoding/decoding behavior so that nested structures
(e.g. resources) don't serialize as escaped strings. This should
make it much easier to process the results with external tools, if
needed. Search for "to_pson" and "to_pson_data_hash"
* Cleaning up the envelope/metadata
* Now provides a document_type (as opposed to a ruby class name) by
using a symple registration scheme instead of constant lookup
(search for "document_type")
* Added an api_version (search for "api_version")
* Added a hash for document metadata (search for "metadata")
* Removing the yaml monkeypatch and instead disabling yaml serialization
on ruby 1.8.1 in favor of pson (search for "yaml")
* Cleaning up the json/rails feature interaction (they're now totally
independent) (search for "feature")
|
| |
|
|
| |
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| | |
|
| |
|
|
| |
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
| |
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
| |
Also making some log messages more informative.
|
| | |
|
| |
|
|
| |
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
| |
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
| |
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
| |
The string format no longer provides any support methods,
which means that I had to create to_multiple_s and from_multiple_s
methods on the SSL classes. I created them in the base class
and tested them just in the cert class.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Also added the fixes to make the certhandler tests pass
even when certs exist; I'll deal with the conflict later.
Conflicts:
CHANGELOG
bin/puppetd
lib/puppet/network/http/handler.rb
lib/puppet/network/http/mongrel/rest.rb
spec/integration/indirector/rest.rb
spec/integration/network/server/mongrel.rb
spec/integration/network/server/webrick.rb
spec/unit/network/http/webrick.rb
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| | |
This provides a single, global bit for determining whether
a given piece of cached data is still valid.
|
| | |
| |
| |
| |
| |
| | |
The server is actually serving REST, but the client can't use
it until we resolve the format and security issues that REST
hasn't yet tackled.
|
| | |
| |
| |
| | |
SSL code.
|
| | | |
|
| | |
| |
| |
| |
| | |
This provides the backward compatibility for webrick,
and only Mongrel is left.
|
| | |
| |
| |
| |
| | |
Now I just need to get xmlrpc working alongside REST in
both mongrel and webrick.
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
It previously was a subclass of Host, but this should make it
easier to separate between the thing doing the signing and the
thing managing the necessary files.
|
| |/
|
|
| |
from my partial support for ssl in webrick.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
REST-related code. Two specs are failing related to how Mongrel is initialized for REST; will fix those shortly.
REST indirector now supports find, with deserialization. Network code in indirector now. Will still need to un-hardwire address/port for outbound connections. Will still need to urlencode path parameters.
Code for search, destroy, update is coming, should be similar to find.
Reworked how the Handler module is used. Needed to be included, rather than inherited. Needed to sidestep initializers for actual web servers (webrick, mongrel), needed to be possible to have handler-including class be used as a class (aka servlet) instead of as an instance.
Webrick handler registration is now abstracted to "above" the servlet.
Provided a #model method to use instead of @model in handler module. This allows neutering during testing.
Brought class_for_protocol up into http/webrick class as a (tested) class method.
Integration tests for rest indirection. Split server integration tests into mongrel and webrick tests.
Got Node/REST working properly wrt the crazy-ass autoloader thing.
We're now actually passing traffic w/ webrick, fwiw.
|
|
|
and stoppable via Puppet::Network::Server.
Added a network/server integration spec, testing startup, shutdown, reachability, and collision of webrick and mongrel servers in the new network code.
Converted Puppet::Network::HTTP::Handler class to a module, as mongrel Handler should be subclassed; converting subclasses to include the module instead.
Mongrel will actually stop if you .stop it, graceful_shutdown didn't seem quite so reliable.
Webrick requires running in its own Thread to avoid hanging the entire process; this requires introduction of a Mutex to make things safe.
We're only supporting the REST protocol. Made this explicit.
Fixed http server setup args, w/ specs, ah the glory of integration testing.
|
