- Make the SSL test case less fragile by checking the exception type and not the text - Handle changes introduced in the SSL API in a way that should cover ruby 1.8.6 - 1.9.3 - Update vendored systemu to the latest to avoid RbConfig warnings printed to STDERR
…haracters To be certain we never attempt to read/write files we shouldn't for example in naive registration plugins the framework now ensures that callerids and identities can only be /\w\.\-/ There's a new method valid_callerid? on the security base class so if there's some weird and wonderful need a security plugin could override this check but generally the current setting should be left alone as is.
…call reset Improve test isolation by allowing mock STDERR and STDOUT in the client
…call reset - Always call reset when :json or :hosts is given - Add test coverage for the discover method
- Add :number, :integer and :float types to the DDL. - When the rpc application gets one of these on the CLI it will try to convert the string from the CLI to the right type - Provide test coverage for the ddl class - Fix various bugs found while writing tests - Improve some wording etc in DDL errors
…mit_targets When limit_targets is specified to the RPC client and the limit method is set to :first then short circuit the discovery process early realizing a significant speed up. We did this by adding a limit option to the Client#discover method and passing in the value when appropriate from the RPC::Client#discover wrapper In order to make this usable from the CLI the options parser now handles pure numeric arguments as integer
…arge host lists Previously when :auto was given to the call_agent it would do discover and then force direct_requests off. If discover was called before and an array was supplied this would effectively overrule that setting and so cause a broadcast to be done when it was not supposed to be done. Now we don't force that since discover will do the right thing and force direct requests if it feels thats whats needed
Track :ttl and :msgtime in the AES and SSL plugins Previously the :body property of the request was simply serialized and encrypted or signed. This was expanded to force that the :body is a hash, inside this hash we store the :ttl and :msgtime of the main request Later on the servers when receiving the request we decrypt/validate and then verify that the :ttl and :msgtime properties are what was encrypted against, this way we can effectively avoid people tampering with these properties and detect any such tampering. In both cases this change is backward incompatible and security is enforced by default. Both plugins have a setting that would make them only warn on recieving bad/old data and not actually deny those requests.
Update the default shipped username, password and middleware locations to be in line with the activemq packages from puppetlabs.com
…stats and reoprt it Add a TTL failed stat to the RunnerStats and keep track of ttl failures in the M::Message object. Update the rpcutil agent, ddl and inventory application to give access to the new statistic
Allow the Message object to be of type :direct_request which would force direct requests Change identity filters to be and and not or since that makes more sense for identities. But also if we're sending messages with many identities attached we'd only want to match if ours is anywhere in the list, an and based selection would always fail. If identities are provided on the CLI then we use those and avoid discovery. The RPC::Client#discover function can now be passed a list of hosts in either string, array or JSON formats. It will extract from this data discovery data and use that instead of the old discovery methods. In this use case it will force direct_addressing mode. The rpc application can now take JSON on STDIN and will use the above capabilities to fill in discovery data
As messages are now possibly sent to queues and can hang around the middleware for a very long time we need to support a TTL. Nodes that go off-line between discovery and request being sent may come back a month later and find these old messages sitting there and then take the actions which would not be desirable. Requests will now get a default TTL of 60 seconds and during validation of a message any messages older than this will not validate. The various security plugins will accept a TTL when encoding the messages and default to 60 if not given, similarly the Message object will default to 60 TTL. As a side effect security plugins now need a TTL when encoding requests which means we now need to upgrade all security plugins in use when going to a version running this version. Future tickets will allow the TTL to be set per message.
Improve the documentation for the registration_collective configuration by adding hints about what versions support this and how older ones behave
The default classesfile location was set to a location that Puppet never defaulted to. It was missing the state part of the path, and the more modern classesfile location in puppet also has lib in the path. This is now the default.
The authorized_by helper creates a method called authorization_hook and loads up a class from disk that provides the implimentation as a plugin. We used to only create 1 instance of a agent so this only happened once but recently we started creating new instances of the agent on each request which means this steps gets done many times. This change avoids creating the hook if it's already defined thus avoiding the undesired disk loads
DDL files can declare a input data item can be boolean which means we would like to validate that on the agent side. The validators had no boolean validation so this adds one. Also do a small bit of test maintenance to avoid spurious failures
Tweak the justification of multi line text results so it all lines up nicely