| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Previously, when puppet initiated SSL connections, e.g. puppet agent,
puppet module, etc, it could downgrade to SSLv3.
This commit ensures puppet will not downgrade to SSLv3 by setting the
`OpenSSL::SSL::OP_NO_SSLv3` bit. However, unlike SSLv2, we cannot remove
SSLv3 ciphersuites, since they are the same ones used in TLSv1. From the
openssl ciphers man page, "The TLSv1.0 ciphers are flagged with SSLv3".
[1] https://www.openssl.org/docs/ssl/SSL_CIPHER_get_name.html
|
|
The test of behavior when a module directory is specified as part of an
environment but is missing on disk was hidden inside another test. This
splits it out and calls out that the behavior is that the directory is
simply ignored.
|
|
When a previous commit changed from get() to get!() the agent stopped
being able to use an environment that is available on the master, but
not available locally. I had misread the code and missed a trailing
`&&`. This caused me to think that the environment lookup in this case
was required, where in fact it is still optional.
This changes the structure of the code to make it much clearer that the
environment is optional, changes from get!() to get(), and adds some
tests around these code paths.
|
|
Ruby 2.0 x86 on windows does not observe the 'TZ' environment variable, so the
test would generate a Time object whose `#zone` was 'Eur', but had timezone
offset based on the current timezone.
C:\work\puppet>ruby --version
ruby 2.0.0p481 (2014-05-08) [i386-mingw32]
C:\work\puppet>irb
irb(main):001:0> ENV['TZ'] = 'Europe/London'
=> "Europe/London"
irb(main):002:0> tm = Time.local(2012, "dec", 11, 15, 59, 2)
=> 2012-12-11 15:59:02 -0800
irb(main):003:0> tm.zone
=> "Eur"
irb(main):004:0> tm.gmt_offset
=> -28800
Ironically, ruby 1.9 and 2.0 x64 do the correct thing:
C:\Windows\system32>ruby --version
ruby 2.0.0p481 (2014-05-08) [x64-mingw32]
C:\Windows\system32>irb
irb(main):001:0> ENV['TZ'] = 'Europe/London'
=> "Europe/London"
irb(main):002:0> tm = Time.local(2012, "dec", 11, 15, 59, 2)
=> 2012-12-11 15:59:02 +0000
irb(main):003:0> tm.gmt_offset
=> 0
irb(main):004:0> tm.zone
=> "Eur"
This commit modifies the test so that we expect failure on windows 1.8 and
2.0 x86, otherwise, we expect the test to pass on other ruby platforms.
Reviewed-by: Josh Partlow <joshua.partlow@puppetlabs.com>
|
|
Before this commit, when checking the puppet version on a PE build,
several characters; '(', ')' and '.'; caused problems with the regex.
This commit Regexp.escape-s them.
|
|
cprice404/feature/master/PUP-3032-setting-to-cache-feature-load-failures
(PUP-3032) Add setting to always cache `feature` load attempts
|
|
cprice404/bug/master/PUP-3030-server-side-tempfiles
(PUP-3030) More explicit handling of tempfiles on the server
|
|
- win32-eventlog gem upgraded from 0.5.3 to 0.6.1 as part of
https://github.com/puppetlabs/puppet/commit/ac8d4e257f69beaf87489b2e2a57f8aaab512edc
- win32-eventlog gem 0.6.1 doesn't yet include the patch necessary to
properly load it on 2003 from:
https://github.com/djberg96/win32-eventlog/commit/4692e2a67ae8dc794981928d6e6488b775a6689a
- Therefore, mark these eventlog tests as pending on 2003 until the
0.6.2 gem ships and the Gemfile can be updated
- These guards will be removed as part of PUP-3061
|
|
Since the new implementation of Puppet::FileSystem::Tempfile is
not trying to manage the deletion of files created through it,
the name was misleading. This commit simply changes the name
to Uniquefile to try to make it a bit more obvious that it is
not responsible for deleting the files.
|
|
This commit ports Puppet::Util::Execution over to use our
alternate implementation of Tempfile. This will allow
us to have more explicit control over the life cycle of
these files on the server.
|
|
This commit adds a new setting, :always_cache_features, which affects
how we cache attempts to load Puppet 'features'. If false, then
calls to `Puppet.features.<feature>?` will always attempt to load the
feature (which can be an expensive operation) unless it has already been
loaded successfully. This makes it possible for a single agent run to,
e.g., install a package that provides the underlying capabilities for
a feature, and then later load that feature during the same run (even if
the feature had been tested earlier and had not been available).
If this setting is set to true, then features will only be checked once,
and if they are not available, the negative result is cached and returned
for all subsequent attempts to load the feature. This behavior is almost
always appropriate for the server, and can result in a significant performance
improvement for features that are checked frequently.
|
|
Maint/master/update rspec
|
|
- Previously removed in 9449105658cf9789b94cdae096fd904b92828fb8 as
part of https://github.com/puppetlabs/puppet/pull/2846
- Win32-eventlog is Windows x64 / Ruby 2 compatible, and therefore
these tests can be re-enabled
|
|
From RSpec:
DEPRECATION: `expect { }.not_to raise_error(SpecificErrorClass, message)` is deprecated. Use `expect { }.not_to raise_error` (with no args) instead.
This commit removes all args from `.to_not raise_error` expectations.
|
|
We use mocha for stubbing and mocking; requiring the rspec mocks as well
will break things in RSpec 2.14.
|
|
|
|
* ticket/master/PUP2889-eventlog:
(PUP-2889) Remove dependency on win32-eventlog constants
|
|
Previously, executing bundle exec rspec spec/unit/util/execution_spec.rb
would fail on windows with an rspec error:
unexpected invocation: nil.==(/error message/)
The issue first appears in commit f41800a. I believe because before
f41800a, facter would evaluate the certname fact, executing `hostname.exe`
prior to executing the rspec example. As a result $CHILD_STATUS was never
nil when the test executed.
But starting in f41800a, $CHILD_STATUS may be nil as can be seen by the
rspec output:
expected exactly once, invoked once: nil.==(0)
Since the object we are trying to set an expectation on is global and
sometimes doesn't exist, this commit creates a private method for stubbing
and setting expectations on the $CHILD_STATUS.exitstatus
|
|
Previously, the tests would fail on ruby2, because under ruby 2 we are using
a newer win32-eventlog gem, whose constants are in a different namespace than
the version of the gem we are using for ruby 1.9.
This commit marks the tests as conditionally pending when running under Windows
and ruby2. The tests will be re-enabled when PUP-2889 is implemented.
|
|
Previously, we were referencing win32-eventlog constants. However, version
0.6.0 introduced a backwards incompatible change by renaming the event
type constants[1]. As result, we can't simply upgrade to the latest ffi
gem.
This commit defines the constants in puppet, and removes our dependence on
the gem. It also adds eventlog specs, in particular to ensure that
Puppet.features.eventlog? is always true on windows.
[1] https://github.com/djberg96/win32-eventlog/commit/99aeb4d854306a6db699550884f189cbd3c8928a
|
|
Previously, we were verifying that stdout and stderr were wrapped in WideIO
objects in ruby 1.9. However, this doesn't work in CI, because jenkins
redirects stdout and stderr.
This commit simplifies the test to not be as environmentally sensitive. It
just verifies that the WideConsole and WideIO classes have been defined in
ruby 1.x, and not defined in 2.x.
|
|
This provides a more deterministic set of specs that determine whether we have
wrapped $stderr/$stdout or not based on ruby version.
|
|
(PUP-2869) Puppet should support HTTP proxy authentication
|
|
Some of this work was done with PUP-2777 (support bundler workflow). That limits
win32console down to being installed/depended upon only for ruby 1.x. This builds
on top of that to only setup functions for colorizing output when using Ruby 1.x
on Windows.
|
|
Without this patch it is not possible to use the Puppet Module
Tool (PMT) with an authenticated proxy.
Many enterprises utilise the services of authenticated proxies for
Internet access. Current code is able to utilise a proxy, but does
not consider credentials for authenticated proxies.
This patch uses the credentials from either the environment settings
for HTTP_PROXY or http_proxy, or the corresponding values in the
puppet.conf file. The patch allows for http_proxy_user and
http_proxy_password to supplement the current http_proxy_host and
http_proxy_port variables within the puppet.conf.
|
|
- Somehow there were still some remaining constants referencing
Windows:: which is part of windows-pr gem. Most are already
defined locally as of the code being ported to FFI. Ensure that we
use our internal constant definitions rather than those from gem:
Puppet::Util::Windows::AccessControlEntry::CONTAINER_INHERIT_ACE
Puppet::Util::Windows::AccessControlEntry::OBJECT_INHERIT_ACE
Puppet::Util::Windows::AccessControlEntry::INHERIT_ONLY_ACE
Puppet::Util::Windows::File::STANDARD_RIGHTS_ALL
Puppet::Util::Windows::File::SPECIFIC_RIGHTS_ALL
Puppet::Util::Windows::File::FILE_ALL_ACCESS
Puppet::Util::Windows::File::FILE_GENERIC_READ
Puppet::Util::Windows::File::FILE_GENERIC_EXECUTE
- Add new constants to Puppet::Util::Windows::Error
ERROR_FILE_NOT_FOUND
ERROR_ACCESS_DENIED
|
|
Previously, puppet relied on win32-security version 0.1.4, which raised
Win32::Security::SID::Error when it failed to resolve a name into a SID.
Newer FFI versions of win32-security raise SystemCallError instead,
which is a StandardError subclass. When trying to run the puppet agent
against newer versions of the library, puppet reports:
Uninitialized constant Win32::Security::SID::Error
This commit changes the rescue to capture SystemCallError instead. This
exception is defined in ruby 1.8.7 and up.
|
|
It appears that on Windows, the precision of the Time object is
not fine enough to guarantee that we'd get a non-zero value
for the empty code blocks that we were timing in our tests.
This commit simply adds a 10ms sleep to the tests to ensure that
that enough time will have passed for us to be able to make
an assertion that the elapsed time was greater than zero.
|
|
cprice404/feature/master/PUP-2750-support-hierarchical-profile-data
(PUP-2750) Add hierarchical metric ids to profiler
|
|
This commit modifies the signature of the
`Puppet::Util::Profiler.profile` method to accept a new argument,
which is basically a "metric id". The argument takes the form
of an array of strings/symbols, allowing us to group specific sets of
profiling data into hierarchies and report aggregate profiling
statistics at any level of the hierarchy.
It also adds a new profiler, `Aggregate`, which extends the
existing `WallClock` profiler. The new profiler tracks the
aggregate timing data based on the metric id hierarchy,
and logs a message containing the aggregate data
at the end of the run.
|
|
- SID methods can really standalone on their own, and
should for the sake of sanity / code maintenance. Adjust all
callsites (including specs) accordingly.
- Make SID methods into static module_functions since they're
already stateless
|
|
* ticket/master/PUP-2738-FFI-Memory-Issues:
(PUP-2738) Windows::File use FFI::Pointer helper
(PUP-2738) Move CloseHandle -> FFI::WIN32
(PUP-2738) Windows utils appropriate return values
(PUP-2738) Use block form of FFI::MemoryPointer
(PUP-2738) Puppet::Util::Windows::Process FFI clean
(PUP-2738) Puppet::Util::Windows::File FFI cleanup
(PUP-2738) open_symlink should wide_string once
(PUP-2738) Puppet::Util::Windows::User refactor
(PUP-2738) FFI from_string_to_wide_string block
(PUP-2738) FFI::Pointer#read_win32_local_pointer
|
|
- CloseHandle is an API used frequently, so move it to a shared
definition inside FFI::WIN32. Remove extraneous definitions and
update call sites.
|
|
- MemoryPointer from_string_to_wide_string previously allocated a
new MemoryPointer instance but didn't force callers to scope / free
it. This allowed the Ruby runtime to clean it up on GC, but we
prefer to force callers to use a block form, to clean up the
unmanaged memory when the variable is no longer needed. Refactor
the method to yield the ptr.
- Since the ptr is no longer valid after the block yields, return nil
from the method
|
|
Puppet.deprecation_warning constructs an internal stack trace and is
mostly useful for internal deprecation notices as opposed to notices of
deprecation in Puppet manifests. Because of this, a regular warning was
being used in its place for the node inheritance deprecation. But this
would bypass limits on deprecation warnings and the ability to suppress
deprecation warnings added in PUP-2650.
This commit adds a puppet_deprecation_warning() which shares code now
with deprecation_warning, and which traces to the file and line of the
node's context. The AST::Node inheritance warning uses this method now.
|
|
* pr/2758:
(maint) Stop using ambiguous Manager name
(PUP-2747) Add support for multiple profilers
|
|
Manager is not a very good name for a class. What does it manage? What
does it mean to manage that? How does it manage? Who manages the
manager? This renames the Profiler::Manager class to just
Profiler::AroundProfiler because it modifies profilers to work so that
they automatically go around a block. This is then the interface exposed
by the Puppet::Util::Profiler singleton.
|
|
This commit makes a slight modification to the profiling system,
such that we can register multiple profilers at the same time.
This allows callers to register their own profiler without
worrying about collisions with profilers that might have
been registered by other parts of the code.
|
|
(PUP-2622) Use non-zero exit codes for unknown subcommands.
|
|
- FFI GetACP
- Remove requirement on gem windows-pr by removing 'windows/national'
- Moved require for windows/registry into windows platform specific
- Added module definition to satisfy MSI/Windows Package
|
|
Conflicts:
lib/puppet/defaults.rb
|
|
This commit adds a new setting that allows users to disable different
classes of warnings. Right now the only supported type of warning that
can be disabled is 'deprecations'.
|
|
* upstream/stable:
(maint) Remove failure for empty generated tags
(maint) Update test to use resource matcher
(maint) Add sitemoduledir to env env tests
(PUP-2689) Make AST Resource check tags against "inherited" tags
(maint) Remove unused Puppet::Parser::AST::Tag class
|
|
Commit 0436eb1e0997a6f19ea734923a1b82625a4034f8 added an extra failure
condition for any generated tags that end up being empty strings. This
was to get it to handle that the same way that it handles a simple empty
string tag. However, this could break any installations that generate
"::" separated tags that could create 4 ":" in a row ("a::::b"), and it
also doesn't address enough of the odd tagging behavior to make it worth
it. This commit reverts that change and adds some more tests to cover
some more of the ways in which setting tags behaves.
|
|
Previously, if users execute 'puppet foo', an error message is displayed
about unknown subcommand 'foo', but puppet still exits with a zero exit
code indicating success.
Additionally, if users execute 'puppet --option <valid_subcommand>',
puppet silently ignores the option, prints a message, and exits with a
zero exit code. As a result, a user accidentally transposed a valid
option for a subcommand with the subcommand itself in an automated context
and puppet did not report a failure.
This commit fixes both conditions by exiting with 1 from the nil and unknown
subcommands where appropriate. It also prints error messages using the same
colorized output we use for usual puppet errors.
|
|
This overrides the tagged? method in AST Resource to also search
for tags in its containing resource. These tags will be set when
the resource is finalized (just before serialization on transformation
to external format).
If this is not done, resources will have a different tag set when
a search is made for the node itself (exported or virtual) vs. searching
external resources.
This also correct minor problems with passing an array (which could
result in an array being set as a tag).
It was also possible for empty tags to be set if a string tag contained
multiple :: in sequence, or if ending with ::. Now an error is raised
for these conditions (just like for empty segments generated by using a
sequence of commas (which was on a different code path).
|
|
* ticket/master/PUP-1070-cleanup-invalid-lockfiles:
(PUP-1070) cleanup empty/invalid lockfiles
|
|
Currently lockfiles won't be cleaned up automatically if they're empty or contain
non numeric characters.
This commit solves this by verifying that the content of the lockfile
contains a number or otherwise return nil which will result in deleting
the pidfile.
|
|
- Replace WriteConsole / WriteConsoleOutputCharacter calls with FFI
equivalents
- Remove string_encode function as it's no longer necessary and the
test that was using it
|
|
- Convert ADSI GetComputerName to FFI
- Add missing error handling for GetComputerName Win32 function
- Add test that verifies GetComputerName returns a non-empty string
- Add FFI MemoryPointer aliases for dwords
Conflicts:
spec/unit/util/windows/adsi_spec.rb
|
