Age | Commit message (Collapse) | Author |
|
Add a function to validate an x509 RSA key pair
|
|
Put the tests using a valid certificate fixture together and put tests
using a valid key fixture together.
|
|
Test a valid certificate and valid key that have had 48 characters
removed from their middle, to simulate a malformed certificate and key.
Suggested by @DavidS in https://github.com/puppetlabs/puppetlabs-stdlib/pull/552
|
|
Add a function to validate an x509 RSA certificate and key pair, as
commonly used for TLS certificates.
The rationale behind this is that we store our TLS certificates and
private keys in Hiera YAML files, and poor indentation or formatting in
the YAML file could cause a valid certificate to be considered invalid.
Will cause the Puppet run to fail if:
- an invalid certificate is detected
- an invalid RSA key is detected
- the certificate does not match the key, i.e. the certificate
has not been signed by the supplied key
The test certificates I've used in the spec tests were generated using
the Go standard library:
$ go run $GOROOT/src/crypto/tls/generate_cert.go -host localhost
Example output:
==> cache-1.router: Error: Not a valid RSA key: Neither PUB key nor PRIV key:: nested asn1 error at /var/govuk/puppet/modules/nginx/manifests/config/ssl.pp:30 on node cache-1.router.dev.gov.uk
|
|
Add clamp function
|
|
Clamp keeps value within the range.
Employ of soft() makes the whole thing is independant of order.
|
|
adds new parser called is_absolute_path
|
|
PE 3.x emits a puppetversion fact in the format "3.x.x (Puppet Enterprise 3.x.x)". This fact causes an error when invoked on PE 3.x: Could not retrieve fact='package_provider', resolution='<anonymous>': Malformed version number string 3.8.1 (Puppet Enterprise 3.8.1
This fix has been tested on PE 3.8.2 and should work for PE 3.3, 3.7, and 3.8.
Original-fix-by: Alex Harden <aharden@gmail.com>
|
|
This ensures that the test passes independently of changes to rubygems.
|
|
* is_absolute_path returns boolean true if the given path
is absolute, returns false otherwise.
* works for windows and unix
|
|
seeded_rand is needed for repeatable randomness across nodes in a cluster
|
|
Add validator for any IP address
|
|
Provide a validator for IP addresses, regardless they are IPv4 or IPv6,
and its documentation.
|
|
The -C (capital C) flag to lsuser is incorrect. It should be -c
(lowercase).
this commit updates the aix root_home fact to use `lsuser -c`, rather
than `lsuser -C`.
|
|
add functionality to bool2str function
|
|
|
|
Add a quick check to ensure puppetversion value is not nil and supporting test.
|
|
Some modules or module versions don't have a metadata.json file, but we
might still want to use the load_module_metadata function on them. The
lack of a file can still give us important information. For example, it
might tell us that the version of the module installed is "very old"
even if we can't read the version number directly. This patch adds a
parameter to let the user specify if an empty file is acceptable. To
preserve backwards compatibility it does not change the current default
behavior, which is to raise an error if metadata.json does not exist.
|
|
`rake spec` only finds test files that end in _spec.rb, so this test
was not being run. Correct the path name so that the test runs
properly.
|
|
Add package_provider fact
|
|
|
|
|
|
This adds a package_provider fact for situations where we need to be
able to know the client's package provider in a simple way. Situations
such as: package { 'name': install_options => [] } As those tend to be
package provider specific options.
|
|
Add a service_provider fact
|
|
|
|
Maintain the old behavior in the case where the optional second
parameter isn't passed. Also, adding arity is backwards incompatible since
stdlib still supports 2.7, so remove that.
|
|
|
|
(MODULES-2561) add is_a function
|
|
[MODULES-2462] Improve parseyaml function
|
|
The data type system is very hard to understand. Many people don't
understand why
type_of([1,2,3]) == Array
will fail, but
type_of([1,2,3]) <= Array
passes. This does a simpler validation that doesn't rely on explicit
data types. Instead, use
$foo = [1,2,3]
if $foo.is_a(Array) {
notify { 'This is an array': }
}
This is based on code by Ben Ford <ben.ford@puppetlabs.com>.
* Added acceptance tests
* Added dispatch
* Improved unit tests
* Added docs to README
|
|
* previously the str2bool function did not accept 'TRUE' as a bool
type. This causes the function to now accept TRUE, FALSE strings
as a boolean type in order to be converted to a proper boolean.
* This would also cause Y,N, YES, NO to be accepted as boolean types
as well.
|
|
|
|
Add a new function "try_get_value"
|
|
* Extracts a value from a deeply-nested data structure
* Returns default if a value could not be extracted
|
|
Squashed, and amended test for comment lines.
|
|
Squashed, improved docs, updated error handling and unit tests by David S.
|
|
* Add default value support
Second argument will be returned if yaml cannot be parsed
instead of false value
* Update tests
|
|
|
|
Add spec tests to test the new functionality:
*Case for 3 arrays.
*Case for 4 arrays.
Modify README to note new functionality.
This is for issue MODULE-2456, follow the precedent of MODULE-444.
This change allows union to be much more useful, unioning many arrays
in one line rather than in n lines. Additionally, as this is only added
functionality, and does not affect the 2 array case that all modules
currently using array are using, it should not affect any existing
modules utilizing union.
This is now useful, for example, for merging many arrays of resources
(eg: packages.) to generate just one list with no duplicates, to avoid
duplicate resource declarations.
|
|
This returns the default provider Puppet will choose to manage services
on this system by instantiating a dummy service resource type and
returning the provider chosen.
Co-Authored-By: Simon Fraser University <asa188@sfu.ca>
|
|
|
|
[MODULES-2370] allow `match` parameter to influence `ensure => absent` behavior.
|
|
|
|
|
|
|
|
|
|
Split the `destroy` method of the file_type::ruby provider into two
private methods: `handle_destroy_line` which is the same as the previous
`destroy` method, and `handle_destroy_with_match` which will destroy any
line which matches the `match` parameter, raising an error if multiple
lines match and the `multiple` parameter is not `true`. This new
behavior is only used if the new boolean parameter `match_for_absence`
is `true` (it defaults to `false`).
|
|
Puppet's boolean parameter type is only available in Puppet 3.3 and
higher, so change file_type's new "replace" parameter to a regular
parameter with true and false as possible values. This matches the
existing "multiple" parameter.
|
|
Add load_metadata_json function
|
|
This function loads the metadata.json into a puppet variable. This enables a number of neat things such as:
* Which version of the module am I using? 2.x? 3.x?
* Which author of the module am I using? puppetlabs? example42?
|