Previously, the test was invoking the Catalog.indirection.find method
but passing in a Node instance. This used to "work" in 2.7.x, because
the compiler terminus only looked at `request.key`, in this case the
node name, and ignored the `request.instance`.
The test appears to verify that we can compile a node with the specified
facts. But the test doesn't verify that the facts are in the returned
catalog (they're not). So in reality, this test is passing when it
shouldn't.
To pass a Node instance through to the compiler, you need to use the
`use_node` option, e.g. :use_node => node.to_yaml. To pass facts, use
the use the `facts` option, e.g. :facts => facts.to_yaml.
Since the test passes in a Node instance, the node is cached instead of
the compiled catalog, which is one of the issues described in
CVE-2013-1652.
This commit changes the test to pass in the node.name, and it ensures we
can compile a catalog for it.
The symbolize change caused two tests for the behavior around invalid
inputs to start failing. Looking at the tests, they are testing code
that would never reasonably be called with these kinds of values since
there are only a few places that call the methods being tested and those
use hard coded values. The fix here is to remove the tests that were
failing.
This was the only meaningful test in that file, and helps ensure that the
Puppet version number is sane.
Signed-off-by: Daniel Pittman <daniel@puppetlabs.com>
Conflicts:
spec/integration/defaults_spec.rb
spec/unit/puppet_spec.rb
Signed-off-by: Daniel Pittman <daniel@puppetlabs.com>
This commit removes the version test method in
default.rb, which is the sudo-equivalent of e30d6ef
in the 3.x branch. AFAICT this method is not called
anywhere in puppet, and since we've started using
RC versions it won't work as-is if called.
Signed-off-by: Moses Mendoza <moses@puppetlabs.com>
This test is setting modulepath, and then testing that it can find
modules from the modulepath. However, the recent change to module find
causing it to read from the cached list of modules requires the cache be
cleared after changing the modulepath in order for the modules to be
found.
Also, the structure of the test changed a bit because we have to put the
modules on disk, THEN refresh the cache, THEN we can find them, rather
than putting them on disk and immediately finding them.
Without this patch some files exist in the tree that don't have trailing
newlines. This is annoying because perl -pli.bak -e will automatically
add a newline to every file it modifies in place. The files that
actually have modifications by the global search and replace need to be
separated from the files that only have newlines added.
This patch simply adds newlines to everything if they don't exist on the
last line.
Yes, the PNG's are perfectly fine with a trailing newline as well.
* daniel-pittman/refactor/2.7.x/4862-remove-the-event-loop-library:
(#4862) Finally remove the event-loop library.
(#4862) define_method is not a public method in Ruby.
(#4862) `returning` is not a standard Ruby method.
(#4862) Stop using EventLoop in the Puppet daemon.
The recent changes to support backwards compatibility with 2.7.10
and 2.7.11 introduced a very minor change in behavior with regards
to when a stale lockfile gets cleaned up. Fixed this test to
recognize the change.
This reverts commit 86a806f595, reversing
changes made to ac81771a9c.
See tickets #3757, #12844, #4836, #11057. These changes were deemed to
be breaking public APIs, and thus are being reverted from 2.7.x. They'll
be reintroduced in 3.x.
(The changes in question were relating to how puppet agent creates /
manages its lockfiles.)
Conflicts:
lib/puppet/util/pidlock.rb
spec/unit/agent_spec.rb
spec/unit/util/pidlock_spec.rb
Now that all the consumers of the event-loop abstraction have been removed,
delete the obsolete code from Puppet.
Signed-off-by: Daniel Pittman <daniel@puppetlabs.com>
The CA key length was lower than it should be - 1024 bits is no longer secure
enough for real world use. This raises both client and CA certs to use 4096
bit keys. Those are slow, but effective for long term security.
People who know enough to decide that the trade-off of speed vs limited window
of security can still totally reduce the size of the key without much trouble,
but we default to being more cautious.
This also pegs the key lengths low in testing, since building a 4K key is
awful slow if you want to do it time and time again over the course of dozens
of tests.
Signed-off-by: Daniel Pittman <daniel@puppetlabs.com>
Previously, if we chose to use an unsuitable provider, we would not
prefetch it because it wasn't suitable at the beginning of the run. Now,
we lazily prefetch, waiting until the first resource of a particular provider is evaluated.
If the provider we are prefetching is also the default provider for its type,
we also find resources of that type with no specified provider, and assign them
the default provider. This allows us to avoid prefetching the same provider
twice (once for resources explicitly using it, and once for resources
implicitly using it because it's the default).
We now exit early if #eval_generate does not produce any resources.
This has the impact of not adding a completed_ whit for the resource,
which is not necessary without any children.
We also now return true if #eval_generate created resources, and false
if it did not. This allows callers to reason about whether the graph
actually changed.
Now that `dns_alt_names` applies to local CSR generation, there is no need
for a special configuration option only applied to a master certificate.
Eliminating that option allows us to simplify the overall model, and provide
more uniform access to the `subjectAltName` setting when required.
Documentation about the option is also updated.
Signed-off-by: Daniel Pittman <daniel@puppetlabs.com>
In order to remove the legacy SSLCertificates code, we first need to
rework the one place it's still being used, which is the CA handler.
Now, this handler essentially just defers to the Puppet::SSL classes.
Signed-off-by: Daniel Pittman <daniel@puppetlabs.com>
We no longer use the xmlrpc client in 2.6, so this is dead code. Because
it depends on the legacy SSLCertificates code, which is also going away,
this code needs to be removed. We leave the server code for backward
compatibility with older clients.
Signed-off-by: Daniel Pittman <daniel@puppetlabs.com>
As part of the update to SSL the behaviour of the `certdnsnames` options
changed sufficiently that it would be terribly confusing to retain it.
Instead, modify the setting to warn that it is ignored, and add a new setting
to set the default subjectAltName value for bootstrapping a master
certificate.
This retains the one really useful part of the feature, without the risk that
someone will accidentally use the old name and receive a nasty surprise.
It should also draw more attention to formerly insecure configurations.
Signed-off-by: Daniel Pittman <daniel@puppetlabs.com>
Patch applied from Jeremy Thornhill. This allows whitespace to appear before
cron variables. Previously, whitespace before cron variables would trigger a
parse failure, and the crontab, except for the puppet managed portion, would
get removed. This addresses that issue. It also includes a test for this issue,
added into the tests directory, which seems to be where the crontab tests live.
Signed-off-by: Matthaus Litteken <matthaus@puppetlabs.com>
The primary change in this commit is fixing the support for Windows in
Puppet::Util.execute. However, properly testing this commit required
significant refactoring (which was long overdue for this old code) for
testability.
The functionality for executing on posix and windows was extracted into
platform-specific methods, execute_posix and execute_windows. These
methods are self-contained and will both return the PID of the child
process, which the caller then waits on before reading and returning the
output of the command.
We have removed every usage of cached_attr in which the attribute needs to be
manually expired. Thus, the only meaningful behavior provided by
Puppet::Util::Cacher is expiration based on TTLs. This commit reworks the
cacher to only support that behavior.
Rather than accepting an options hash, of which :ttl is the only available
option, cached_attr now requires a second argument, which is the TTL.
TTLs are now used to compute expirations, which are stored and used for
expiring values. Previously, we stored a timestamp and used it and the TTL to
determine whether the attribute was expired. This had the potentially
undesirable side effect that the lifetime of a cached attribute could be
extended after its insertion by modifying the TTL setting for the cache. Now,
the lifetime of an attribute is determined when it is set, and is thereafter
immutable, aside from deliberately re-setting the expiration for that
particular attribute.
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
(cherry picked from commit d198fedf65)
Conflicts:
spec/integration/node/facts_spec.rb
spec/unit/node_spec.rb
This class was previously using a cached_attr for its 'localhost' attribute,
representing the Puppet::SSL::Host entry corresponding to the cert in
Puppet[:certname]. We now no longer expire this attribute. This has the effect
that a change to certname during the lifetime of an agent will not be reflected
in the certificate it uses. If this behavior is desired, it will need to be
reimplemented another way.
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
(cherry picked from commit 7048b4c4d8)
Keep alive has been disabled since 2008, and seems to have caused problems when
it was enabled before then. Since there doesn't seem to be any push to get it
working again, just remove it to simplify this code.
This also allows us to entirely remove the usage of Puppet::Util::Cacher from
HttpPool.
Paired-With: Jacob Helwig <jacob@puppetlabs.com>
(cherry picked from commit 185a666018)
For a while Luke, and other authors, injected a created tag, copyright
statement, and "All rights reserved" into every new file they added to the
Puppet project.
This isn't really true, and we have a global license covering the code, so
we have now stripped out all those old tags.
Signed-off-by: Daniel Pittman <daniel@puppetlabs.com>
* 2.6.x:
Reset indirector state after configurer tests.
(#8770) Don't fail to set supplementary groups when changing user to root
(#8770) Always fully drop privileges when changing user
(#8662) Migrate suidmanager test case to rspec
(#8740) Do not enumerate files in the root directory.
(#3553) Explain that cron resources require time attributes
Conflicts:
lib/puppet/application/resource.rb
test/puppet/tc_suidmanager.rb
We're trying to move away from the legacy Test::Unit tests, and toward rspec
specs, so rewrite this file as specs.
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
While looking through code related to dealing with teardown on class
state variables we found some code that was never called in the unit
tests.
Paired-with: Josh Cooper <josh@puppetlabs.com>
The usestring parameter to lookupvar was objectionable for several reasons;
first, it performed a function orthogonal to the main purpose of the method,
second its default was the least common value, and third it was causing other
code to work for reasons that were not obvious (extlookup).
This refactor breaks the value-transforming function out into a seperate
method which allows the user to specify the value to be used in lieu of :undef
and removes the parameter. The function, Scope#undef_as(default,exp) is
written so that it can be used in user code (templates, functions, etc.) if
needed.
This refactor will introduce a user-visible behaviour change in the case where
users were counting on lookupvar to return "" for undefined variables. The
best solution is to have them use undef_as, replacing:
lookupvar('myvar')
with
undef_as('',lookupvar('myvar'))
(with the option to specify another default value if desired). If this is too
objectionable, we could rename the existing lookupvar as raw_lookupvar and
define
def lookupvar(v)
undef_as('',raw_lookupvar(v))
end
to restore the present behaviour.
This commit removes the last remaining use of topsort (in SimpleGraph#splice!) by
fixing #5200 in a way that is compatible with graph fontiers. Instead of replacing
containers with many-to-many relationships, we now replace them with a pair of
sentinals (whits) that bracket them.
Thus a graph consisting of two containers, each containing ten resources, and a
dependency between the containers, which would have gone from 21 edges to 100
edges will instead have only 43, and a graph consisting of two containers (e.g.
stages) each containing a similar graph, which would have gone from 45 edges to
400 will only go to 95.
This change had minor consequences on many parts of the system and required lots
of small changes for consistancy, but the core of it is in Catelog#splice! (which
replaces SimpleGraph#splice!) and Transaction#eval_generate. Everything else is
just adjustments to the fact that some one-step edges are now two-step edges and
tests, event propagation, etc. need to reflect that.
Paired-with: Jesse Wolfe
In 2.6.x, this was upgraded from "info" to "warning". This change for
Statler escalates the warning to an exception which will abort the
compile. This makes compiling fail consistently when you try to use an
undefined class from any of: node classifiers, the class keyword, and the
include function.
Paired-with: Jacob Helwig <jacob@puppetlabs.com>
* 2.6.next:
Fixed#6562 - Minor kick documentation fix
(#6658) Propagate ENC connection errors to the agent
(#4884) Remove typo from spec test
(#4884) Modify tests to pass on non-OS X systems
(#4884) Revise new exec tests, add a few more
(#4884) Add an shell provider for execs
(#4884) Fix Test::Unit exec tests
(#4884) Break the exec type out to have a posix provider
(#4884) Add consistent path validation and behavior
(#4884) Add expand_path to requiring the spec_helper
(#4884) Autorequire shared behaviors and method to silence warnings
(#4884) Fix whitespace
(#4884) Get rid of open3 require since it wasn't being used
(#5814) Improved cron type specs
(#5814) cron_spec shouldn't depend on cron provider
Manually Resolved Conflicts:
lib/puppet/util/command_line/puppetrun
spec/spec_helper.rb
spec/unit/type/exec_spec.rb
spec/unit/type_spec.rb
test/ral/type/exec.rb
Mostly this is whitespace cleanup, but other than that it's changing a
couple method names and calling run on the new exec providers instead of
the types.
We started moving these tests into spec, but they weren't very self
contained so were hard to map over cleanly. For now leaving them since
they serve as a more integration level set of tests.
Paired-with: Max Martin
This was a particularly nasty merge, so rather than hold up merges into
next any longer, I'm going to push this merge with a few outstanding
problems. The tests that were failing in the following areas have been
marked pending, and will be addressed separately, immediately following
this push.
TODO:
Verify that brice's rdoc change is still valid: tests to show that line
numbers from class, define and node get into the ast
Fix mount parsed_spec spec/unit/provider/mount/parsed_spec.rb
* 2.6.next: (85 commits)
(#5148) Fix failing spec due to timezone
(#5148) Add support for PSON to facts
(#6338) Remove inventory indirection, and move to facts indirection
(#6445) Fix inline docs: puppet agent does not accept --mkusers
Update CHANGELOG and version for 2.6.6rc1
(#6541) Fix content with checksum truncation bug
(#6418) Recursive files shouldn't be audited
(#6541) maint: whitespace cleanup on the file integration spec
(#6541) Fix content with checksum truncation bug
(#5466) Write specs for output of puppet resource
(#5466) Monkey patch Symbol so that you can sort them
(#5466) Fixed puppet resource bug with trailing ,
Update CHANGELOG for 2.6.5
(#4922) Don't truncate remotely-sourced files on 404
(#6338) Remove unused version control tags
Maint: Align tabs in a code block in the Augeas type.
(#6509) Inline docs: Fix erroneous code block in directoryservice provider for computer type
Maint: Rewrite comments about symlinks to reflect best practice.
(#6509) Inline docs: Fix broken lists in Launchd provider.
(#6509) Inline docs: Fix broken code blocks in zpool type
...
Manually Resolved Conflicts:
lib/puppet/application/inspect.rb
lib/puppet/defaults.rb
lib/puppet/file_bucket/dipper.rb
lib/puppet/network/http/handler.rb
lib/puppet/node/facts.rb
lib/puppet/parser/parser.rb
lib/puppet/parser/parser_support.rb
lib/puppet/util/command_line/puppet
lib/puppet/util/command_line/puppetd
lib/puppet/util/command_line/puppetmasterd
lib/puppet/util/monkey_patches.rb
lib/puppet/util/rdoc/parser.rb
spec/unit/application/agent_spec.rb
spec/unit/file_bucket/file_spec.rb
spec/unit/indirector/file_bucket_file/file_spec.rb
spec/unit/network/http/handler_spec.rb
spec/unit/parser/parser_spec.rb
spec/unit/provider/mount/parsed_spec.rb
We deprecated this back in 0.24, so we can eliminate it in the next release.
We ran through our deprecation period full of constant complaints to the
users. Now we just fail.
* ticket/2.6.next/4914:
Revert "(#6309) Ensure the correct device is mounted when managing mounts"
(#4914) Improved stubbing in mount/parsed_spec tests.
(#4914) Improved parsed_spec for mount
(#4914) Remove mount specs
(#4914) Specs for mounted? match new behaviour
(#4914) Add specs for modified mount provider
(#4914) Add specs for modified mount type
(#4914) Update property blocks
(#4914) Query property_hash for mountstate
(#4914) Prefetch mountstate
(#4914) Join lines for better readability
* ticket/2.6.x/4914:
(#4914) Improved stubbing in mount/parsed_spec tests.
(#4914) Improved parsed_spec for mount
(#4914) Remove mount specs
(#4914) Specs for mounted? match new behaviour
(#4914) Add specs for modified mount provider
(#4914) Add specs for modified mount type
(#4914) Update property blocks
(#4914) Query property_hash for mountstate
(#4914) Prefetch mountstate
(#4914) Join lines for better readability
Conflicts:
lib/puppet/provider/mount.rb
lib/puppet/provider/mount/parsed.rb
spec/unit/provider/mount/parsed_spec.rb
spec/unit/provider/mount_spec.rb
spec/unit/type/mount_spec.rb
Due to changes in the spec_helper, some of the specs that use puppettest were
failing when run individually. In the future, it would be nice to remove
puppettest from the specs entirely, as it's old, crufty, and only used for a
couple of things.
Paired-With: Matt Robinson
The test in question (test_parse_line) was nondeterministic because it
was relying on the sort order of a Hash whose keys were symbols. When
the sort order caused a blank line to appear at the end of the file
under test, the blank line was elided by the crontab parser, causing a
failure.
Modified the test to execute in a deterministic order that doesn't
place the blank line at the end.
Josh Cooper
Andrew Parker
Daniel Pittman
Moses Mendoza
Patrick Carlisle
Franz Pletz
Nick Lewis
Jeff McCune
cprice
Brice Figureau
Matt Robinson
Matthaus Litteken
Jacob Helwig
Markus Roberts
James Turnbull
Jesse Wolfe
Max Martin
Daniel Pittman
Paul Berry
Stefan Schulte