| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
OpenSSL::Digest.hexdigest is not available on older ruby versions.
This patch accesses directly to the digest instead (which hopefully
support hexdigest).
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch adds several things:
* certificate fingerprinting in --list mode
* a puppetca action called "--fingerprint" to display fingerprints
of given certificates (or all including CSR)
* a --fingerprint puppetd option to display client certificates
* each time a CSR is generated, its fingerprint is displayed in the log
It is also possible to use --digest in puppetca and puppetd to specify a specific digest
algorithm.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| | |
| |
| |
| | |
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| | |
| |
| |
| |
| |
| | |
This reverts commit a9fb82b0026e75a670fec553b17de3b0f091c2a5.
An older branch was pulled
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This refactors how reports, catalogs, configurers, and transactions
are all related - the Configurer class manages the report, both
creating and sending it, so the transaction is now just responsible
for adding data to it. I'm still a bit uncomfortable of the coupling
between transactions, the report, and configurer, but it's better than
it was.
This also fixes #2944 and #2973.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Selinux modules files also ends in ".pp".
Puppetdoc tries to parse them as if they are regular puppet files and
then fails.
This patch makes sure puppetdoc tells RDoc to exclude parsing .pp
files in the modules files section.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
When the definition/hostclass/node AST types were removed, the
parentclass method was renamed to 'parent'.
This patch fixes the incorrect rdoc usage (and some deeper
integration test so that it won't happen again).
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch adds two things:
* certificate fingerprinting in --list mode
* a puppetca action called "--fingerprint" to display fingerprints
of given certificates
It is also possible to use --digest to specify a specific digest
algorithm.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
As the ticket says:
"the certificates would still be valid even if cleaned,
therefore, it makes more sense revoke them instead."
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |\|
| |
| |
| |
| |
| | |
Conflicts:
lib/puppet/ssl/host.rb
spec/spec_helper.rb
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This family of errors could appear because Puppet parses every line in
fstab into resources, even lines that are not specifically managed by
Puppet, and fstab files are much more permissive than Puppet in what
constitutes a valid mount.
This change makes several fields optional that were previously mandatory.
Also, it ignores lines in fstab that have fewer than the required number
of parameters.
Includes a more readable regex than the previous patch.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| | |
Merged the "freebsd_special" pattern into the other crontab records,
since its definition was incomplete
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
The 'service' type was testing to see if init script directories exist
too early, causing failures if you expected to be able to create those
directories via puppet.
This patch moves that logic into the 'init' provider.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The fix for #2994 had been refined to only checksum links when @links was set
to :follow to make the tests pass, but this caused partial reintroduction of
the original issue since information about the source (the real file vs.
followed link distinction) isn't available client side and thus there are
paths on which @links winds up :managed when it had originally been :followed.
In these cases the checksum is needed but not produced.
Consequently, this patch relaxes the condition, and always tries to produce a
checksum, with a rescue guard to gracefully handle cases where this is not
possible (e.g. broken links).
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
There was an intermittent bug in Puppet::Parser::Resource::Reference,
during initialization, and object could sometimes have its title set
before its type is set. This prevented the title from going through
type-specific canonicalization.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The first patch for #2994, to which this is an extension, exposed
the fact that checksums were not being included in the metadata
for followed links; checksums are needed for managing the contents
of files that are represented on the server as links (links => follow).
This patch adds checksums for followed links and tests to confirm that
it works as expected.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We don't actually rely on iconv's UTF-8 support, so its absence
shouldn't cause the PSON feature to fail on system (e.g. HPUX)
where it isn't fully implemented.
This change exposed a dependency on library load order that was causing
Puppet::Util::Log to raise an error. I've removed the dependency of
Puppet::Type from Puppet::Util::Log.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The core bug here was a regression introduced by my IPv6 patch.
Wildcarded domains are stored as ["com","reductivelabs","*"] but
the code in question was assuming it was in normal order.
Added tests to prevet recurrence.
Signed-off-by: Markus Roberts <Markus@reality.com>
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
This logic had a bug where it would not insert data if it had just been
deleted.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
modifying the filesystem tab should write the mount to disk when :flush is called
I found this doing idempotency tests (#2879), but there are apparently
other ways for external state to leak into this test, as reported by
James.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Markus Roberts <Markus@reality.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Some tests in this file were leaking a global setting, some other tests
depended on those changes, and some tests were incompatible with that
setting.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| | |
| |
| |
| |
| |
| | |
As suggested in the ticket, set :reconnect to true. Our in-house Rails
experts suggest that this is unlikely to cause any problems.
The setting is silently ignored before Rails 2.3
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This is basically the fix suggested on the ticket, cleaned up and
ruby-ized, with tests. The only functional modification is leaving
the default on entry2hash as --no-fqdn to preserve 0.25.1 behaviour
as the default.
Signed- ff-by: Markus Roberts <Markus@reality.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This appears to be regression introduced by threading changes. The fix was
to rearrange things to keep the old behaviour (don't clear the settings
until you know the config file parses) and the new (don't nest calls to
synchronize) by:
1. Splitting clear into two parts--clear, which works as before, and
unsafe_clear which it calls and which expects synchronization to be
handled externally.
2. Rearranging the code to recover the previous calling order
3. Trapping syntax errors and turning them into logged messages and a
no-op effect.
4. Fixing reparse to not wrap a call to this code with a synchronize.
5. Tests.
Signed-off-by: Markus Roberts <Markus@reality.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This spec wasn't cleaing up after itself, and raised several exceptions
when trying to register the same queue type again.
Part of the #2879 test idempotency suite.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| | |
An Autoload spec was depending on files having not yet been autoloaded.
Detected as part of #2879.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This makes the SELinux library marginally more robust by dealing
consistently with a missing proc/mounts, and also resoves the test
failures in a way that allows meaningful test runs on non-SELinux
systems.
Signed-off-by: Markus Roberts <Markus@reality.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch implements the two-part suggestion from the ticket;
1) a client that receives a certificate that doesn't match its current
private key does not accept, store or use the certificate--instead it
removes any locally cached copies and acts as if the certificate had
never been found.
2) a puppetmaster that receives a csr from a client for whom it already
has a signed certificate now honors the request and considers it to
supercede any previously signed certificates.
In order to make the cache expiration work as expected, I changed a few
assumptions in the caching system:
* The expiration of a cached certificate is the earlier of the envelope
expiration and the certificate's expiration, as opposed to just overriding
the cache value
* Telling the cache to expire an item now removes it from the cache if
possible, rather than just setting an expiration date in the past and
hoping that somebody notices.
Signed-off-by: Markus Roberts <Markus@reality.com>
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The problem was that the setup for the tests was expecting the defaultprovider
for Selboolean and Selmodule to be called, rather than stubbing it. This
worked as long as no other spec which initializes the providers was run before
it.
The fix here (stubbing rather than expecting) is minimal but not ideal; if
there were some other provider for these types it could result in a test
indetermenacy (different results depending on which provider) but I'm not
seeing an easy way to address that.
Signed-off-by: Markus Roberts <Markus@reality.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This removes some of the IPv4 centricism from authstore's handling
of IP addresses. It isn't full IPv6 support (and doesn't even fully
handle all the cases within its limited scope, as ruby's IPAddr
library does not work with hybrid addresses), but it should simplify
adding IPv6 support when the time comes.
|
| | |
| |
| |
| |
| |
| | |
Specs didn't reflect some recent changes.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| | |
The fix for #2661 changed the behavior of Puppet::SSL::Host enough to
confuse these mocks.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Some test names change arbitrarily since they were interpolating
hashes instead of strings.
This patch replaces, for example:
- should insert methodfindacl/certificate_revocation_list/caauthenticatedtrue if not present
with:
- should insert /certificate_revocation_list/ca if not present
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Disables the b64_zlib_yaml format if zlib cannot be loaded.
I've added a --no-zlib to make it possible to test this on a single
machine, but it might also be useful if someone finds themselves failing
to connect to a server that doesn't have zlib installed.
FactHandler' format is still hard-coded to YAML rather than using
facts.class.default_format
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
other tests
Puppet[:libdir] is nil due to stubbing, causing an exception in autoload.
Depending on the order of loaded libs, sometimes this exception is
logged using Kernel#warn, but sometimes it's logged using Puppet.err
Only Kernel#warn writes to the terminal during unit testing!
|
| | |
| |
| |
| |
| |
| |
| | |
1) Improve test so it doesn't fail if an autoload happens.
2) Improve test so it doesn't show a warning.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| | |
| |
| |
| |
| | |
Fixing #2877 introduced some spec failures, by using more of the webrick
API than was mocked here.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
spec/unit/util/ldap/connection.rb
the ldap/connection spec creates a mock LDAP class that causes `require 'ldap'`
to explode. If `require 'ldap'` happens first, then we're OK.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| | |
| |
| |
| |
| |
| | |
@puppetmasterd.options[:node] leaks from test to test
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add a flag "manage_internal_file_permissions" which is enabled by
default. Disabling this flag prevents Puppet from managing the owner,
group, or mode of files created from Puppet::Util::Settings::FileSetting
I think this is a wide enough net to follow Luke's suggestion of
"disable management of everything", and it certainly satisfies the
requests I'm aware of, but if I've missed anything, let me know.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Puppet was mis-parsing sshkey aliases when the last alias is an empty
string.
This is due to the counter-intuitive behavior of Ruby's String#split.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
| | | |
|
