| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
| |
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
| |
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
opaque strings
This patch removes the limitation of allow/deny which were
only matching ip addresses or hostname (or pattern of).
It makes sure any kind of string can be matched (by strict
equality) while still keeping the old behaviour.
Opaque strings can only contains: alphanumeric characters, -
_ and @.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Mongrel puppet code uses REMOTE_ADDR to set the ip address which will
be use to authenticate the client access.
Since mongrel is always used in a proxy mode with Puppet, REMOTE_ADDR
is always the address of the proxy (usually 127.0.0.1), which defeats
the purpose.
With this changeset, the mongrel code now uses the X-Forwarded-For
HTTP header value if it is passed over the REMOTE_ADDR.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The idea is to have allow/deny authorization directives
that are dynamic: their evaluation is deferred until
we perform the authorization checking in allowed?.
This is done to allow replacing backreferences in allow/deny
directives by parameters of the match that selected this right.
For instance, it is possible to:
allow $1.$2
And using Right::interpolate() with the result of a regex match
using 2 captures, will evaluate $1.$2 to those captures.
For instance, if we captured [host, reductivelabs.com], then the
allow directive is replaced by:
allow host.reductivelabs.com
It is then safe to call allowed?, after which we can reset the
interpolation.
This interpolation is thread-safe.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
authconfig regex support
|
| |
|
|
| |
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
| |
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
| |
semicolons
|
| |
|
|
|
|
|
|
| |
Most of these were just obsolete tests that have
been sitting around and broke with recent internal
changes.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
| |
Most of these were small changes, like moved methods.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
| |
This will eventually be used by puppetrun, but
for now is just called by the old-school Runner handler.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This replaces the short-lived EventManager class, all of
the service- and timer-related code in puppet.rb, and moves
code from agent.rb, server.rb, and other places into one
class responsible for starting, stopping, pids, and more.
The Daemon module is no longer in existence, so it's been
removed from the classes that were using it.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
| |
Made minor changes, including removing the parent class.
The functionality hasn't changed yet -- that comes in later patches --
but all but a couple of the older tests pass.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
| |
Most of these are straightforward changes to the tests,
but a couple required small refactorings (e.g., References
can now be created with Puppet::Type instances, and they
know how to extract the type/title from them).
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
| |
This method is no longer necessary; you can use the
normal 'new' class method.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
| |
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
| |
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
| |
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
bin/puppetca
lib/puppet/type/group.rb
lib/puppet/type/tidy.rb
lib/puppet/util/settings.rb
Also edited the following files so tests will pass:
lib/puppet/type/component.rb
spec/unit/ssl/certificate_request.rb
spec/unit/type/computer.rb
spec/unit/type/mcx.rb
spec/unit/type/resources.rb
spec/unit/util/settings.rb
spec/unit/util/storage.rb
test/ral/type/zone.rb
|
| | | |
|
| | |
| |
| |
| | |
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| | |
| |
| |
| | |
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
since that method is deprecated.
Conflicts:
CHANGELOG
bin/puppetca
lib/puppet/file_serving/fileset.rb
lib/puppet/network/xmlrpc/client.rb
lib/puppet/type/file/selcontext.rb
spec/unit/file_serving/metadata.rb
spec/unit/type/file.rb
|
| | |
| |
| |
| | |
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| | |
| |
| |
| |
| |
| | |
The test was expecting the current time, albeit as an integer.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
Note that it still fails -- it's just a more reasonable failure.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |\|
| |
| |
| |
| |
| | |
Conflicts:
test/ral/type/filesources.rb
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
with 'yaml' still being the default but 'marshal' being an option.
This is because testing has shown drastic performance differences
between the two, with up to 70% of compile time being spent
in YAML code. Use the 'catalog_format' setting to choose your format,
and the setting must be set on the client.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
CHANGELOG
spec/unit/node/catalog.rb
spec/unit/type/package.rb
spec/unit/type/schedule.rb
spec/unit/type/service.rb
spec/unit/util/settings.rb
|
| | |
| |
| |
| | |
as long as you're using Facter 1.5.
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Also added the fixes to make the certhandler tests pass
even when certs exist; I'll deal with the conflict later.
Conflicts:
CHANGELOG
bin/puppetd
lib/puppet/network/http/handler.rb
lib/puppet/network/http/mongrel/rest.rb
spec/integration/indirector/rest.rb
spec/integration/network/server/mongrel.rb
spec/integration/network/server/webrick.rb
spec/unit/network/http/webrick.rb
|
| | |\ |
|
| | | | |
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The Master handler previously provided the support for the :node_name
setting, and that functionality has now been moved into the Node
class. At the same time, the names to search through have been
changed somewhat: Previously, the certificate name and the
hostname were both used for searching, but now, the cert name
is always searched first (unless node_name == facter), but only
the Facter hostname, domain, and fqdn are used otherwise. We no
longer split the cert name, only the hostname/domain/fqdn.
In the general case, this provides no behaviour change, because
people's hostname is the same as their certname. This only
results in a change in behaviour if you specify a certificate
name that is a normal node name, and you want to look that node
up by something other than the full name in the certificate.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| | |
| |
| |
| | |
I had clearly only run spec/ since this work.
|
| | |
| |
| |
| |
| |
| |
| | |
The HttpPool module now removes its cached ssl_host instance
when clearing its cache. This is really only useful
for testing, but it correctly causes the pool to use
new certificates when they're available.
|
| |\| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
compile node configurations, rather than using the Configuration
handler, which was never used directly. I removed the Configuration
handler as a result.
Modified the 'master' handler (responsible for sending configurations
to clients) to always return Time.now as its compile date, so
configurations will always get recompiled.
|
| | |
| |
| |
| |
| |
| | |
the catalog. The client will now always recompile, assuming it
can reach the server. It will still use the cached config if
there's a failure.
|
| | |
| |
| |
| | |
a result of the move to no global resources.
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
lib/puppet/node/catalog.rb
lib/puppet/type/pfile.rb
lib/puppet/type/pfilebucket.rb
lib/puppet/util/filetype.rb
spec/unit/node/catalog.rb
spec/unit/other/transbucket.rb
spec/unit/ral/provider/mount/parsed.rb
spec/unit/ral/types/file.rb
spec/unit/ral/types/interface.rb
spec/unit/ral/types/mount.rb
spec/unit/ral/types/package.rb
spec/unit/ral/types/schedule.rb
spec/unit/ral/types/service.rb
test/language/compile.rb
test/language/lexer.rb
test/language/snippets.rb
test/lib/puppettest.rb
test/ral/types/basic.rb
test/ral/types/cron.rb
test/ral/types/exec.rb
test/ral/types/file.rb
test/ral/types/file/target.rb
test/ral/types/filebucket.rb
test/ral/types/fileignoresource.rb
test/ral/types/filesources.rb
test/ral/types/group.rb
test/ral/types/host.rb
test/ral/types/parameter.rb
test/ral/types/sshkey.rb
test/ral/types/tidy.rb
test/ral/types/user.rb
test/ral/types/yumrepo.rb
|
| | | |
|
| | |
| |
| |
| | |
388cf7c3df7ce26e953949ed6fe63d76cbbb3691 to resolve #1137; also, add tests which detect the problem.
|
| | | |
|
| | |
| |
| |
| | |
When :node_name="cert" is specified the 'hostname' fact should be set to the SSL certificate common name instead of the results from facter. I've extended this to also set 'domain' and 'fqdn' since that makes a lot of sense to me. This fixes a regression introduced in SVN#1673
|
| | |
| |
| |
| | |
thus breaking some of them.
|
