| Age | Commit message (Collapse) | Author |
|---|
|
Add a function to validate an x509 RSA certificate and key pair, as
commonly used for TLS certificates.
The rationale behind this is that we store our TLS certificates and
private keys in Hiera YAML files, and poor indentation or formatting in
the YAML file could cause a valid certificate to be considered invalid.
Will cause the Puppet run to fail if:
- an invalid certificate is detected
- an invalid RSA key is detected
- the certificate does not match the key, i.e. the certificate
has not been signed by the supplied key
The test certificates I've used in the spec tests were generated using
the Go standard library:
$ go run $GOROOT/src/crypto/tls/generate_cert.go -host localhost
Example output:
==> cache-1.router: Error: Not a valid RSA key: Neither PUB key nor PRIV key:: nested asn1 error at /var/govuk/puppet/modules/nginx/manifests/config/ssl.pp:30 on node cache-1.router.dev.gov.uk
|
|
add functionality to bool2str function
|
|
|
|
Some modules or module versions don't have a metadata.json file, but we
might still want to use the load_module_metadata function on them. The
lack of a file can still give us important information. For example, it
might tell us that the version of the module installed is "very old"
even if we can't read the version number directly. This patch adds a
parameter to let the user specify if an empty file is acceptable. To
preserve backwards compatibility it does not change the current default
behavior, which is to raise an error if metadata.json does not exist.
|
|
|
|
Maintain the old behavior in the case where the optional second
parameter isn't passed. Also, adding arity is backwards incompatible since
stdlib still supports 2.7, so remove that.
|
|
|
|
|
|
[MODULES-2462] Improve parseyaml function
|
|
* previously the str2bool function did not accept 'TRUE' as a bool
type. This causes the function to now accept TRUE, FALSE strings
as a boolean type in order to be converted to a proper boolean.
* This would also cause Y,N, YES, NO to be accepted as boolean types
as well.
|
|
Add a new function "try_get_value"
|
|
* Extracts a value from a deeply-nested data structure
* Returns default if a value could not be extracted
|
|
Squashed, improved docs, updated error handling and unit tests by David S.
|
|
* Add default value support
Second argument will be returned if yaml cannot be parsed
instead of false value
* Update tests
|
|
Add spec tests to test the new functionality:
*Case for 3 arrays.
*Case for 4 arrays.
Modify README to note new functionality.
This is for issue MODULE-2456, follow the precedent of MODULE-444.
This change allows union to be much more useful, unioning many arrays
in one line rather than in n lines. Additionally, as this is only added
functionality, and does not affect the 2 array case that all modules
currently using array are using, it should not affect any existing
modules utilizing union.
This is now useful, for example, for merging many arrays of resources
(eg: packages.) to generate just one list with no duplicates, to avoid
duplicate resource declarations.
|
|
|
|
Add load_metadata_json function
|
|
This function loads the metadata.json into a puppet variable. This enables a number of neat things such as:
* Which version of the module am I using? 2.x? 3.x?
* Which author of the module am I using? puppetlabs? example42?
|
|
|
|
|
|
The documentation example shows an incorrect response when using the
function, this PR corrects the example to agree with what the function
actually does.
|
|
Add validate_slength's optional 3rd arg to README
|
|
|
|
facter (2.x) only provides facts without interface suffix for
* ipaddress
* netmask
'macaddress' and 'network' facts will always have the related interface
name appended. in turns lookupvar throws errors when strict_variables is
enabled.
|
|
|
|
The time() function takes an argument of a timezone, and always returns
time in epoch format. The epoch format is the number of seconds that
have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap
seconds. This means that it is universally the same regardless of
timezones.
I don't know what the timezone argument is supposed to do, and it is not
documented. So lets just make 1.8.7 work like > 1.8.7
|
|
|
|
Previously, the random number generator was seeded with the array or
string to be rotated in addition to any values specifically provided for
seeding. This behavior is potentially insecure in that it allows an
attacker who can modify the source data to choose the post-shuffle
order.
|
|
Tests in the new style produces the following documentation output:
abs
should not eq nil
should run abs() and raise an Puppet::ParseError
should run abs(-34) and return 34
should run abs("-34") and return 34
should run abs(34) and return 34
should run abs("34") and return 34
|
|
let the computer do the counting and repetition and case
|
|
Without this patch, Ruby 1.8's Hash#to_s behaviour causes [{1=>2}] to be
treated as "12" when validating values.
|
|
Without this, the global seed is reseeded on every use
of fqdn_rotate, which is a waste. Older rubies might even use a
time-base seed which adversly impacts the quality of the RNG.
|
|
|
|
Restore removed functionality to range()
|
|
|
|
This reverts commit 063c58a992c1b5441b7e7b2a2e4886531035bb25, which
actually removed non-dead code. Specifically, it removed the ability to
make calls such as `range('2..3')`, `range('2...3')`, and
`range('2-3')`.
cf. https://github.com/puppetlabs/puppetlabs-stdlib/pull/443#commitcomment-11055565
|
|
The previous change to this function broke it on JRuby before 1.7.17 by
attempting to use a variable that wasn't defined (`salt`). To fix this,
define `salt` ahead of time and use that instead of building the salt
later.
cf. https://github.com/puppetlabs/puppetlabs-stdlib/pull/443#discussion_r29718588
|
|
|
|
Since a ParseError is always thrown for zero arguments, the if and all
dependent code can be removed.
|
|
|
|
|
|
Check if file exists before loading with loadyaml. If not, return nil
|
|
(MODULES-1715) Add FQDN-based random string generator
|
|
|
|
|
|
See RFC 1123, Section 2.1
http://tools.ietf.org/html/rfc1123#section-2
|
|
Assert private
|
|
|
|
Dirname typecheck
|
|
As mentioned in #270, private is a reserved keyword in the future parser
which is to be released with Puppet 4. As it stands, this function is
not useable with the future parser so it needs to renamed.
This is a breaking change.
|
