| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This adds a general validation method to check that only valid instances can
be passed into the indirector. Since access control is based on the URI but
many operations directly use the serialized instance passed in, it was
possible to bypass restrictions by passing in a custom object. Specifically it
was possible to cause the puppet kick indirection to execute arbitrary code by
passing in an instance of the wrong class. This validates that the instance is
of the correct type and that the name matches the key that was used to
authorize the request.
|
|
Without this patch Ruby 1.9 is still complaining loudly about trying to
parse the spec files. The previous attempt to clean up this problem in
edc3ddf works for Ruby 1.8 but not 1.9.
I'd prefer to remove the shebang lines entirely, but doing so will cause
encoding errors in Ruby 1.9. This patch strives for a happy middle
ground of convincing Ruby it is actually working with Ruby while not
confusing it to think it should exec() to rspec.
This patch is the result of the following command run against the source
tree:
find spec -type f -print0 | \
xargs -0 perl -pl -i -e 's,^\#\!\s?/(.*)rspec,\#! /usr/bin/env ruby,'
|
|
* 2.7.x: (26 commits)
Extract host validation in store report processor
Use cross-platform absolute paths in file_serving tests
(#15221) Create /etc/puppet/modules directory for puppet module tool
(Maint:) Fix bad doc strings for two settings ("wether")
Try again to avoid circular dependency in file indirections
Remove useless tests for Envelope
Clear deprecation warnings between tests
Avoid circular requirement in FileMetadata indirection
(Maint) Document common Windows issues
Update CHANGELOG lib/puppet.rb conf/redhat/puppet.spec for 2.7.18
Maint: Note in docs that the file type's "replace" attribute defaults to true
Reject directory traversal in store report processor
Tighten permissions on classfile, resourcefile, lastrunfile, and lastrunreport.
Use "inspect" when listing certificates
Don't allow the creation of SSL objects with invalid certnames
Validate CSR CN and provided certname before signing
Add specs for selector terminuses of file_{content,metadata}
Fix whitespace inside parentheses
Use head method to determine if file is in file bucket
Always use the local file_bucket on master
...
Conflicts:
CHANGELOG
conf/redhat/puppet.spec
lib/puppet.rb
lib/puppet/application/master.rb
lib/puppet/defaults.rb
lib/puppet/file_serving/terminus_selector.rb
lib/puppet/reports/store.rb
lib/puppet/test/test_helper.rb
spec/integration/file_serving/content_spec.rb
spec/integration/file_serving/metadata_spec.rb
spec/shared_behaviours/file_serving.rb
spec/unit/file_serving/terminus_selector_spec.rb
spec/unit/network/handler/ca_spec.rb
test/ral/manager/attributes.rb
|
|
Without this patch some spec files are using `ruby -S rspec` and others
are using `rspec`.
We should standardize on a single form of the interpreter used for spec
files.
`ruby -S rspec` is the best choice because it correctly informs editors
such as Vim with Syntastic that the file is a Ruby file rather than an
Rspec file.
|
|
|
|
Many tests were previously tagged as 'fails_on_windows' and excluded
from Jenkins, because we did not have user, group, etc providers
on Windows. Now that these providers have been implemented, these
tests have been re-enabled (by removing the rspec exclude filter).
|
|
We have removed every usage of cached_attr in which the attribute needs to be
manually expired. Thus, the only meaningful behavior provided by
Puppet::Util::Cacher is expiration based on TTLs. This commit reworks the
cacher to only support that behavior.
Rather than accepting an options hash, of which :ttl is the only available
option, cached_attr now requires a second argument, which is the TTL.
TTLs are now used to compute expirations, which are stored and used for
expiring values. Previously, we stored a timestamp and used it and the TTL to
determine whether the attribute was expired. This had the potentially
undesirable side effect that the lifetime of a cached attribute could be
extended after its insertion by modifying the TTL setting for the cache. Now,
the lifetime of an attribute is determined when it is set, and is thereafter
immutable, aside from deliberately re-setting the expiration for that
particular attribute.
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
(cherry picked from commit d198fedf65e472b384666fc9ae3bef487852068a)
Conflicts:
spec/integration/node/facts_spec.rb
spec/unit/node_spec.rb
|
|
Many spec tests fail on Windows because there are no default
providers implemented for Windows yet. Several others are
failing due to Puppet::Util::Cacher not working correctly,
so for now the tests that are known to fail are marked with
:fails_on_windows => true. To skip these tests, you can run:
rspec --tag ~fails_on_windows spec
Reviewed-by: Jacob Helwig <jacob@puppetlabs.com>
(cherry picked from commit 255c5b4663bd389d2c87a2d39ec350034421a6f0)
Conflicts:
spec/unit/resource/catalog_spec.rb
|
|
For a while Luke, and other authors, injected a created tag, copyright
statement, and "All rights reserved" into every new file they added to the
Puppet project.
This isn't really true, and we have a global license covering the code, so
we have now stripped out all those old tags.
Signed-off-by: Daniel Pittman <daniel@puppetlabs.com>
|
|
We now use a shebang of: #!/usr/bin/env rspec
This enables the direct execution of spec tests again, which was lost earlier
during the transition to more directly using the rspec2 runtime environment.
|
|
rspec2 automatically sets a bunch of load-path stuff we were by hand, so we
can just stop. As a side-effect we can now avoid a whole pile of stupid things
to try and include the spec_helper.rb file...
...and then we can stop protecting spec_helper from evaluating twice, since we
now require it with a consistent name. Yay.
Reviewed-By: Pieter van de Bruggen <pieter@puppetlabs.com>
|
|
Doing a require to a relative path can cause files to be required more
than once when they're required from different relative paths. If you
expand the path fully, this won't happen. Ruby 1.9 also requires that
you use expand_path when doing these requires.
Paired-with: Jesse Wolfe
|
|
Replaced 106806 occurances of ^( +)(.*$) with
The ruby community almost universally (i.e. everyone but Luke, Markus, and the other eleven people
who learned ruby in the 1900s) uses two-space indentation.
3 Examples:
The code:
end
# Tell getopt which arguments are valid
def test_get_getopt_args
element = Setting.new :name => "foo", :desc => "anything", :settings => Puppet::Util::Settings.new
assert_equal([["--foo", GetoptLong::REQUIRED_ARGUMENT]], element.getopt_args, "Did not produce appropriate getopt args")
becomes:
end
# Tell getopt which arguments are valid
def test_get_getopt_args
element = Setting.new :name => "foo", :desc => "anything", :settings => Puppet::Util::Settings.new
assert_equal([["--foo", GetoptLong::REQUIRED_ARGUMENT]], element.getopt_args, "Did not produce appropriate getopt args")
The code:
assert_equal(str, val)
assert_instance_of(Float, result)
end
# Now test it with a passed object
becomes:
assert_equal(str, val)
assert_instance_of(Float, result)
end
# Now test it with a passed object
The code:
end
assert_nothing_raised do
klass[:Yay] = "boo"
klass["Cool"] = :yayness
end
becomes:
end
assert_nothing_raised do
klass[:Yay] = "boo"
klass["Cool"] = :yayness
end
|
|
Some spec files like active_record.rb had names that would confuse the
load path and get loaded instead of the intended implentation when the
spec was run from the same directory as the file.
Author: Matt Robinson <matt@puppetlabs.com>
Date: Fri Jun 11 15:29:33 2010 -0700
|
|
other tests
Due to some heavy mocking, this code was failing to load a dependency.
If the `require` happens earlier, then the test passes.
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>
|
|
This switches away from the use of terminii for
each type of fileserving - it goes back to the traditional
fileserving method, and is much cleaner and simpler
as a result.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
|
Signed-off-by: Luke Kanies <luke@madstop.com>
|
|
It was throwing exceptions if you tried to use it on a file
instead of a directory.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
|
Previously, they retained some concept of the URI used to
find them, and this uri was the primary key
for the FileServing instances. This key was unfortunately
completely useless, as evidenced by the fact that it was never
used except to test that it worked.
I've modified the FileServing instances (through modifying
the Base class) to use their local path as their key, and they
no longer care about the URI at all.
This commit is mostly about fixing the code that interacts with
the instances to use this new API.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
|
Also fixing some integration tests that were failing
because of the change to the terminus selection code
for file serving.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
|
This fits in with the fact that the indirection requests split URIs
and set the request key to an unqualified path rather than
a fully-qualified path.
The whole system is unqualified end-to-end, now, except when you're
specifically asking for a full, local file name.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
|
Conflicts:
test/ral/type/filesources.rb
|
|
This looks like a much larger commit than it is -- it doesn't change
any behaviour at all, it just adds some integration tests (which expose
the problem) and then switches from an ad-hoc api to a request-based api.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
|
This provides a single, global bit for determining whether
a given piece of cached data is still valid.
|
|
fileserver.conf actually exists.
|
|
after the test.
|
|
use it, and added integration tests at the most important
hook points.
This provides the final class structure for all of these classes,
but a lot of the class names are pretty bad, so I'm planning on
going through all of them (especially the file_server stuff) and
renaming.
The functionality is all here for finding files, though (finally).
Once the classes are renamed, I'll be adding searching ability
(which will enable the recursive file copies) and then adding
the link management and enabling ignoring files.
|
|
addition to Rest): A local terminus that just uses direct file paths,
and a mounts terminus that uses the file server to figure out what
the path should be.
It looks like it also makes sense to split the 'mounts' terminus further,
so there is a 'modules' terminus used to look files up in the terminus.
I've added some integration tests to verify that everything is
hooked together correctly.
Lastly, I added a directory for shared behaviours. There's a ton of
duplication in this setup, because the Content and Metadata classes
behave almost but not quite identically across the board.
|
