Jira (FACT-3193) Delete facter-ng code/tests
Title: Message Title Josh Cooper updated an issue Facter / FACT-3193 Delete facter-ng code/tests Change By: Josh Cooper Fix Version/s: FACT 4.4.2 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.483283.1679449136000.8852.1686598800037%40Atlassian.JIRA.
Jira (FACT-3193) Delete facter-ng code/tests
Title: Message Title Josh Cooper assigned an issue to Josh Cooper Facter / FACT-3193 Delete facter-ng code/tests Change By: Josh Cooper Assignee: Josh Cooper Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.483283.1679449136000.8853.1686598800086%40Atlassian.JIRA.
Jira (FACT-3193) Delete facter-ng code/tests
Title: Message Title Josh Cooper updated an issue Facter / FACT-3193 Delete facter-ng code/tests Change By: Josh Cooper Epic Link: PUP PA - 11660 5411 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.483283.1679449136000.8850.1686598740038%40Atlassian.JIRA.
Jira (FACT-3193) Delete facter-ng code/tests
Title: Message Title Josh Cooper updated an issue Facter / FACT-3193 Delete facter-ng code/tests Change By: Josh Cooper Sprint: Phoenix 2023-06-21 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.483283.1679449136000.8851.1686598740101%40Atlassian.JIRA.
Jira (FACT-1902) Confirm Facter 4 validates that external/custom/executable facts output proper UTF-8
Title: Message Title
Josh Cooper updated an issue
Facter / FACT-1902
Confirm Facter 4 validates that external/custom/executable facts output proper UTF-8
Change By:
Josh Cooper
Modern versions of Puppet require that the data they serialize to JSON is proper UTF-8. Since facter collects data from different external sources, it's possible for facter data to be incorrectly encoded. Examples include: * String contains a valid UTF-16LE byte sequence, but the string's "encoding" method returns UTF-8 (Windows Registry) * String contains binary data, but "encoding" returns UTF-8 (EC2 userdata) * String contains the start of a valid multibyte UTF-8 sequnce, e.g. ("\xc3\x28") * String contains embedded nulls. Strictly speaking the "\u" code point is valid and is encoded as a single null byte, but it is surprising and can't be stored in Postgres. * String was generated by a child process based on the active code page (Windows CP1252), but the output is interpreted as UTF-8Facter's normalization should ensure: * All fact data contains valid UTF-8 data * If the string data is not valid, the invalid byte sequence an error should be replaced with logged stating the unicode replacement character, so custom or external fact that it is valid caused the issue. The fact should be omitted from the fact collection sent to the server and the agent run should continue * Same for embedded null values (different ticket) * A warning should be generated specifying the fact key -or value- with invalid data
Add Comment
This
Jira (PUP-11846) The --no-preprocess_deferred option breaks deferring of Sensitive file content
Title: Message Title Josh Cooper updated an issue Puppet / PUP-11846 The --no-preprocess_deferred option breaks deferring of Sensitive file content Change By: Josh Cooper Story Points: 3 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.485142.1683044961000.220.1686801840101%40Atlassian.JIRA.
Jira (PUP-11853) When "sleeping" agent raise "attempt to read body out of block (IOError)"
Title: Message Title Josh Cooper updated an issue Puppet / PUP-11853 When "sleeping" agent raise "attempt to read body out of block (IOError)" Change By: Josh Cooper Story Points: 2 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.479243.1674046176000.219.1686801840038%40Atlassian.JIRA.
Jira (PUP-11856) Update agent state machine to renew client cert
Title: Message Title
Josh Cooper updated an issue
Puppet / PUP-11856
Update agent state machine to renew client cert
Change By:
Josh Cooper
The agent's state machine is responsible for loading CA certs, CRLs, private keys and client certs. Along the way, it may need to download the CA certs, submit a CSR, etc. Each of those steps is represented by an SSL state:If the agent successfully loads its client cert in [ https://github.com/puppetlabs/puppet/blob/ad7d75b08dfff5e308fde199407d84308d74e538/lib/puppet/ssl/state_machine.rb#L181-L186 ] ANDIf the client cert's expiration date (notAfter) is within the expiration window : {{Time.now >= (notAfter - hostcert_refresh_interval)}} THENtransition to a new state "NeedRenewedCert" passing along the [next_ctx|https://github.com/puppetlabs/puppet/blob/ad7d75b08dfff5e308fde199407d84308d74e538/lib/puppet/ssl/state_machine.rb#L183] containing the loaded client cert.The NeedRenewedCert state's "next_state" method should submit a REST request to the new CA endpoint to renew its client cert using the newly added method in [ https://github.com/puppetlabs/puppet/blob/main/lib/puppet/http/service/ca.rb ] . The state must pass the "ssl_context" containing the "client cert to be renewed" to the HTTP client, so that it's sent as part of the TLS handshake.If the request is successful, the client MUST verify the RENEWED client cert is valid before committing it to disk (calling {{ {} @cert_provider.save_client_cert(Puppet[:certname], cert) { }} } . See how this is done here for newly provisioned agents: [ https://github.com/puppetlabs/puppet/blob/ad7d75b08dfff5e308fde199407d84308d74e538/lib/puppet/ssl/state_machine.rb#L250-L254 ] . The "create_context" method will either return a valid "ssl_context" or raise.If an "ssl_context" is returned, then the NeedRenewedCert state should return a "Done" state containing the new ssl_context, like [ https://github.com/puppetlabs/puppet/blob/ad7d75b08dfff5e308fde199407d84308d74e538/lib/puppet/ssl/state_machine.rb#LL256C1-L257C1 ] If an exception is raised, the "NeedRenewedCert" state should 404 - log an info message that autorenewal is disabled on the sever 4xx/5xx - log a warningAND return a "Done" state containing the ORIGINAL ssl_context/client certAdd unit tests in [ https://github.com/puppetlabs/puppet/blob/ad7d75b08dfff5e308fde199407d84308d74e538/spec/unit/ssl/state_machine_spec.rb ] In NeedKey tests:* Verify it returns NeedRenewedCert if the current time plus the renewal interval is greater than cert's "notAfter" time, similar to [ https://github.com/puppetlabs/puppet/blob/ad7d75b08dfff5e308fde199407d84308d74e538/spec/unit/ssl/state_machine_spec.rb#L601-L607 ] * Verify it returns Done if the current time plus the renewal interval is less than or equal to the cert's "notAfter" time.In NeedRenewedCert tests:* If successful, verify it returns a Done state with the renewed client cert, e.g.{noformat} st = state.next_stateexpect(st).to
Jira (PUP-11871) crl refresh spec test overwrites the crl fixture
Title: Message Title Josh Cooper updated an issue Puppet / PUP-11871 crl refresh spec test overwrites the crl fixture Change By: Josh Cooper Fix Version/s: PUP 8.2.0 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.481513.1676478593000.212.1686801180041%40Atlassian.JIRA.
Jira (PUP-11849) CRL authorityKeyIdentifier is not printed in puppet8
Title: Message Title Josh Cooper updated an issue Puppet / PUP-11849 CRL authorityKeyIdentifier is not printed in puppet8 Change By: Josh Cooper Fix Version/s: PUP 8.2.0 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.485441.1683744464000.213.1686801180090%40Atlassian.JIRA.
Jira (PUP-11846) The --no-preprocess_deferred option breaks deferring of Sensitive file content
Title: Message Title Josh Cooper updated an issue Puppet / PUP-11846 The --no-preprocess_deferred option breaks deferring of Sensitive file content Change By: Josh Cooper Fix Version/s: PUP 7.26.0 Fix Version/s: PUP 8.2.0 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.485142.1683044961000.214.1686801240035%40Atlassian.JIRA.
Jira (PUP-11853) When "sleeping" agent raise "attempt to read body out of block (IOError)"
Title: Message Title
Josh Cooper updated an issue
Puppet / PUP-11853
When "sleeping" agent raise "attempt to read body out of block (IOError)"
Change By:
Josh Cooper
Acceptance Criteria:
{quote}Enumeration of requirements to consider the defect addressed.{quote}
Add Comment
This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8)
--
You received this message because you are subscribed to the Google Groups "Puppet Bugs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.479243.1674046176000.216.1686801660037%40Atlassian.JIRA.
Jira (PUP-11853) When "sleeping" agent raise "attempt to read body out of block (IOError)"
Title: Message Title Josh Cooper updated an issue Puppet / PUP-11853 When "sleeping" agent raise "attempt to read body out of block (IOError)" Change By: Josh Cooper Fix Version/s: PUP 7.26.0 Fix Version/s: PUP 8.2.0 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.479243.1674046176000.217.1686801660085%40Atlassian.JIRA.
Jira (PUP-11871) crl refresh spec test overwrites the crl fixture
Title: Message Title Josh Cooper assigned an issue to Josh Cooper Puppet / PUP-11871 crl refresh spec test overwrites the crl fixture Change By: Josh Cooper Assignee: Josh Cooper Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.481513.1676478593000.233.1686806160113%40Atlassian.JIRA.
Jira (PUP-11849) CRL authorityKeyIdentifier is not printed in puppet8
Title: Message Title Josh Cooper assigned an issue to Josh Cooper Puppet / PUP-11849 CRL authorityKeyIdentifier is not printed in puppet8 Change By: Josh Cooper Assignee: Josh Cooper Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.485441.1683744464000.232.1686806160049%40Atlassian.JIRA.
Jira (PUP-11895) puppet ssl clean clears local private key / certificate
Title: Message Title Josh Cooper moved an issue Puppet / PUP-11895 puppet ssl clean clears local private key / certificate Change By: Josh Cooper Key: PA PUP - 5615 11895 Project: Puppet Agent Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.486830.1686654922000.9302.1686687360022%40Atlassian.JIRA.
Jira (FACT-1902) Confirm Facter 4 validates that external/custom/executable facts output proper UTF-8
Title: Message Title Josh Cooper assigned an issue to Aria Li Facter / FACT-1902 Confirm Facter 4 validates that external/custom/executable facts output proper UTF-8 Change By: Josh Cooper Assignee: Josh Cooper Aria Li Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.290197.1546471789000.9271.1686683400028%40Atlassian.JIRA.
Jira (PUP-11894) Namespacing ruby providers and types
Title: Message Title
Josh Cooper updated an issue
Puppet / PUP-11894
Namespacing ruby providers and types
Change By:
Josh Cooper
Acceptance Criteria:
{quote}Enumeration of requirements to consider the story ticket done.{quote}
Add Comment
This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8)
--
You received this message because you are subscribed to the Google Groups "Puppet Bugs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.486836.1686661996000.9292.1686686940233%40Atlassian.JIRA.
Jira (PUP-11894) Namespacing ruby providers and types
Title: Message Title Josh Cooper updated an issue Puppet / PUP-11894 Namespacing ruby providers and types Change By: Josh Cooper Team: Comply EMEA Phoenix Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.486836.1686661996000.9291.1686686940187%40Atlassian.JIRA.
Jira (PUP-11894) Namespacing ruby providers and types
Title: Message Title Josh Cooper commented on PUP-11894 Re: Namespacing ruby providers and types Slack conversation about this https://puppetcommunity.slack.com/archives/C0W298S9G/p1686660913918429 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.486836.1686661996000.9285.1686686880023%40Atlassian.JIRA.
Jira (PUP-11894) Namespacing ruby providers and types
Title: Message Title Josh Cooper commented on PUP-11894 Re: Namespacing ruby providers and types Markus Zilch implementing this feature would require changes throughout the agent and server. For example, we currently flatten types & providers from different modules into a single lib/puppet/type directory structure (see PUP-3922). Also types are loaded on the server and it's not possible to have multiple definitions of the same ruby class (we don't have this issue with 4x functions because of the way we load them into ruby). Could you provide some more details around what problem you're running into? I agree that if we were implementing this from scratch, then namespacing types/providers would be great, but it would require a lot of work to make that happen. Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.486836.1686661996000.9301.1686687300057%40Atlassian.JIRA.
Jira (PUP-11854) Add agent renew REST implementation
Title: Message Title
Josh Cooper updated an issue
Puppet / PUP-11854
Add agent renew REST implementation
Change By:
Josh Cooper
Add a new method to Puppet::HTTP::Services::CA to renew a client certificate, see https://github.com/puppetlabs/puppet/blob/main/lib/puppet/http/service/ca.rbSee the API details in PE-35563, for example, it should POST the request.The method should accept:* ssl_context (required): the current ssl context to use when making the request, including the client cert that needs to be renewed* name is not required since the REST API doesn't accept one (/puppet-ca/v1/certificate_renewal)If the passed in ssl_context does not contain a client cert it should raise ArgumentError The method should set {{Accept: text/plain}} since the expected response body contains PEM. If the request is successful, the method should return a renewed {{OpenSSL::X509::Certificate}}If the request is not successful, then raise {{Puppet::HTTP::ResponseError}}Add unit tests to spec/unit/http/services/ca_spec.rb to exercise the API. For example, this is where we test the CSR submission code: https://github.com/puppetlabs/puppet/blob/ad7d75b08dfff5e308fde199407d84308d74e538/spec/unit/http/service/ca_spec.rb#L159-L197Test the different HTTP statuses (200, 403, etc) see the API details mentioned above. Unsuccessful requests should raise the appropriate ResponseError exception. This is an example curl command to test the server:{noformat}curl -sk -X POST -H Accept: text/plain --key /etc/puppetlabs/puppet/ssl/private_keys/$(puppet config print hostprivkey) --cert $(puppet config print hostcert) https://$(puppet config print server):8140/puppet-ca/v1/certificate_renewal{noformat}
Add Comment
Jira (PUP-11854) Add agent renew REST implementation
Title: Message Title
Josh Cooper updated an issue
Puppet / PUP-11854
Add agent renew REST implementation
Change By:
Josh Cooper
Add a new method to Puppet::HTTP::Services::CA to renew a client certificate, see https://github.com/puppetlabs/puppet/blob/main/lib/puppet/http/service/ca.rbSee the API details in PE-35563, for example, it should POST the request.The method should accept:* ssl_context (required): the current ssl context to use when making the request, including the client cert that needs to be renewed* name is not required since the REST API doesn't accept one (/puppet-ca/v1/certificate_renewal)If the passed in ssl_context does not contain a client cert it should raise ArgumentErrorThe method should set {{Accept: text/plain}} since the expected response body contains PEM.If the request is successful, the method should return a renewed {{OpenSSL::X509::Certificate}}If the request is not successful, then raise {{Puppet::HTTP::ResponseError}}Add unit tests to spec/unit/http/services/ca_spec.rb to exercise the API. For example, this is where we test the CSR submission code: https://github.com/puppetlabs/puppet/blob/ad7d75b08dfff5e308fde199407d84308d74e538/spec/unit/http/service/ca_spec.rb#L159-L197Test the different HTTP statuses (200, 403, etc) see the API details mentioned above. Unsuccessful requests should raise the appropriate ResponseError exception.This is an example curl command to test the server:{noformat}curl -sk -X POST -H Accept: text/plain --key /etc/puppetlabs/puppet/ssl/private_keys/ $(puppet config print hostprivkey) --cert $(puppet config print hostcert) https://$(puppet config print server):8140/puppet-ca/v1/certificate_renewal{noformat}
Add Comment
Jira (FACT-3188) Error on on Solaris non-global zone after upgrading to PE2021.7.2
Title: Message Title Josh Cooper updated an issue Facter / FACT-3188 Error on on Solaris non-global zone after upgrading to PE2021.7.2 Change By: Josh Cooper Sprint: Phoenix 2023-06-21 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.481890.1677480699000.4062.1685637240050%40Atlassian.JIRA.
Jira (FACT-3198) Fact keys and values should not contain embedded null bytes
Title: Message Title Josh Cooper updated an issue Facter / FACT-3198 Fact keys and values should not contain embedded null bytes Change By: Josh Cooper Sprint: Phoenix 2023-06-21 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.484502.1681845533000.4063.1685637240113%40Atlassian.JIRA.
Jira (PUP-10639) Refresh cached Puppet CA on Puppet client
Title: Message Title Josh Cooper updated an issue Puppet / PUP-10639 Refresh cached Puppet CA on Puppet client Change By: Josh Cooper Summary: renew Refresh cached Puppet CA on Puppet client Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.369858.1597923633000.4088.1685639460025%40Atlassian.JIRA.
Jira (PUP-11854) Add agent renew REST implementation
Title: Message Title Josh Cooper updated an issue Puppet / PUP-11854 Add agent renew REST implementation Change By: Josh Cooper Story Points: 3 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.485826.1684431563000.4107.1685640960034%40Atlassian.JIRA.
Jira (PUP-11854) Add agent renew REST implementation
Title: Message Title
Josh Cooper updated an issue
Puppet / PUP-11854
Add agent renew REST implementation
Change By:
Josh Cooper
Add a new method to Puppet::HTTP::Services::CA to renew a client certificate, see https://github.com/puppetlabs/puppet/blob/main/lib/puppet/http/service/ca.rbSee the API details in PE-35563, for example, it should POST the request.The method should accept:* name (required) : this is the name of the client whose cert is being renewed, typically Puppet[:certname]* ssl_context (required) : the current ssl context to use when making the request, including the client cert that needs to be renewedIf the passed in ssl_context does not contain a client cert it should raise ArgumentErrorIf the request is successful, the method should return a renewed {{OpenSSL::X509::Certificate}}If the request is not successful, then raise {{Puppet::HTTP::ResponseError}}Add unit tests to spec/unit/http/services/ca_spec.rb to exercise the API. For example, this is where we test the CSR submission code: https://github.com/puppetlabs/puppet/blob/ad7d75b08dfff5e308fde199407d84308d74e538/spec/unit/http/service/ca_spec.rb#L159-L197Test the different HTTP statuses (200, 403, etc) see the API details mentioned above. Unsuccessful requests should raise the appropriate ResponseError exception.
Add Comment
This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8)
Jira (PUP-11856) Update agent state machine to renew client cert
Title: Message Title Josh Cooper updated an issue Puppet / PUP-11856 Update agent state machine to renew client cert Change By: Josh Cooper Story Points: 5 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.485829.1684435039000.4127.1685641560047%40Atlassian.JIRA.
Jira (PUP-11854) Add agent renew REST implementation
Title: Message Title Josh Cooper updated an issue Puppet / PUP-11854 Add agent renew REST implementation Change By: Josh Cooper Sprint: Phoenix 2023-06-21 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.485826.1684431563000.4060.1685637120105%40Atlassian.JIRA.
Jira (PUP-11855) Add puppet setting to configure renewal interval
Title: Message Title Josh Cooper updated an issue Puppet / PUP-11855 Add puppet setting to configure renewal interval Change By: Josh Cooper Sprint: Phoenix 2023-06-21 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.485827.1684431623000.4059.1685637120050%40Atlassian.JIRA.
Jira (PUP-11856) Update agent state machine to renew client cert
Title: Message Title Josh Cooper updated an issue Puppet / PUP-11856 Update agent state machine to renew client cert Change By: Josh Cooper Sprint: Phoenix 2023-06-21 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.485829.1684435039000.4061.1685637120153%40Atlassian.JIRA.
Jira (PUP-11788) certname with .pp in the middle doesn't pick up its own manifest
Title: Message Title Josh Cooper updated an issue Puppet / PUP-11788 certname with .pp in the middle doesn't pick up its own manifest Change By: Josh Cooper Sprint: Phoenix 2023-06-21 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.483518.167966097.4074.1685637600044%40Atlassian.JIRA.
Jira (PUP-11788) certname with .pp in the middle doesn't pick up its own manifest
Title: Message Title Josh Cooper updated an issue Puppet / PUP-11788 certname with .pp in the middle doesn't pick up its own manifest Change By: Josh Cooper Fix Version/s: PUP 8.2.0 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.483518.167966097.4076.1685637600137%40Atlassian.JIRA.
Jira (PUP-11788) certname with .pp in the middle doesn't pick up its own manifest
Title: Message Title Josh Cooper updated an issue Puppet / PUP-11788 certname with .pp in the middle doesn't pick up its own manifest Change By: Josh Cooper Fix Version/s: PUP 7.26.0 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.483518.167966097.4075.1685637600089%40Atlassian.JIRA.
Jira (PUP-11856) Update agent state machine to renew client cert
Title: Message Title
Josh Cooper updated an issue
Puppet / PUP-11856
Update agent state machine to renew client cert
Change By:
Josh Cooper
The agent's state machine is responsible for loading CA certs, CRLs, private keys and client certs. Along the way, it may need to download the CA certs, submit a CSR, etc. Each of those steps is represented by an SSL state:If the agent successfully loads its client cert in https://github.com/puppetlabs/puppet/blob/ad7d75b08dfff5e308fde199407d84308d74e538/lib/puppet/ssl/state_machine.rb#L181-L186ANDIf the client cert's expiration date (notAfter) is within the expiration windowTHENtransition to a new state "NeedRenewedCert" passing along the [next_ctx|https://github.com/puppetlabs/puppet/blob/ad7d75b08dfff5e308fde199407d84308d74e538/lib/puppet/ssl/state_machine.rb#L183] containing the loaded client cert.The NeedRenewedCert state's "next_state" method should submit a REST request to the new CA endpoint to renew its client cert using the newly added method in https://github.com/puppetlabs/puppet/blob/main/lib/puppet/http/service/ca.rb. The state must pass the "ssl_context" containing the "client cert to be renewed" to the HTTP client, so that it's sent as part of the TLS handshake.If the request is successful, the client MUST verify the RENEWED client cert is valid before committing it to disk (calling {{@cert_provider . save_client_cert(Puppet[:certname], cert)}}. See how this is done here for newly provisioned agents: https://github.com/puppetlabs/puppet/blob/ad7d75b08dfff5e308fde199407d84308d74e538/lib/puppet/ssl/state_machine.rb#L250-L254. The "create_context" method will either return a valid "ssl_context" or raise.If an "ssl_context" is returned, then the NeedRenewedCert state should return a "Done" state containing the new ssl_context, like https://github.com/puppetlabs/puppet/blob/ad7d75b08dfff5e308fde199407d84308d74e538/lib/puppet/ssl/state_machine.rb#LL256C1-L257C1If an exception is raised, the "NeedRenewedCert" state should 404 - log an info message that autorenewal is disabled on the sever 4xx/5xx - log a warningAND return a "Done" state containing the ORIGINAL ssl_context/client certAdd unit tests in https://github.com/puppetlabs/puppet/blob/ad7d75b08dfff5e308fde199407d84308d74e538/spec/unit/ssl/state_machine_spec.rbIn NeedKey tests:* Verify it returns NeedRenewedCert if the current time plus the renewal interval is greater than cert's "notAfter" time, similar to https://github.com/puppetlabs/puppet/blob/ad7d75b08dfff5e308fde199407d84308d74e538/spec/unit/ssl/state_machine_spec.rb#L601-L607* Verify it returns Done if the current time plus the renewal interval is less than or equal to the cert's "notAfter" time.In NeedRenewedCert tests:* If successful, verify it returns a Done state with the renewed client cert, e.g.{noformat}st = state.next_stateexpect(st).to be_an_instance_of(Puppet::SSL::StateMachine::Done)expect(st.ssl_context[:client_cert]).to eq(NEW CERT){noformat}* If not successful, verify it returns a Done state with the old client
Jira (PUP-11855) Add puppet setting to configure renewal interval
Title: Message Title Josh Cooper updated an issue Puppet / PUP-11855 Add puppet setting to configure renewal interval Change By: Josh Cooper Story Points: 2 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.485827.1684431623000.4101.1685640420128%40Atlassian.JIRA.
Jira (PUP-11854) Add agent renew REST implementation
Title: Message Title
Josh Cooper updated an issue
Puppet / PUP-11854
Add agent renew REST implementation
Change By:
Josh Cooper
Add a new method to Puppet::HTTP::Services::CA to renew a client certificate, see https://github.com/puppetlabs/puppet/blob/main/lib/puppet/http/service/ca.rbSee the API details in PE-35563, for example, it should POST the request.The method should accept:* name (required): this is the name of the client whose cert is being renewed, typically Puppet[:certname]* ssl_context (required): the current ssl context to use when making the request, including the client cert that needs to be renewed * name is not required since the REST API doesn't accept one (/puppet-ca/v1/certificate_renewal) If the passed in ssl_context does not contain a client cert it should raise ArgumentErrorIf the request is successful, the method should return a renewed {{OpenSSL::X509::Certificate}}If the request is not successful, then raise {{Puppet::HTTP::ResponseError}}Add unit tests to spec/unit/http/services/ca_spec.rb to exercise the API. For example, this is where we test the CSR submission code: https://github.com/puppetlabs/puppet/blob/ad7d75b08dfff5e308fde199407d84308d74e538/spec/unit/http/service/ca_spec.rb#L159-L197Test the different HTTP statuses (200, 403, etc) see the API details mentioned above. Unsuccessful requests should raise the appropriate ResponseError exception.
Add Comment
This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8)
Jira (FACT-3198) Fact keys and values should not contain embedded null bytes
Title: Message Title Josh Cooper updated an issue Facter / FACT-3198 Fact keys and values should not contain embedded null bytes Change By: Josh Cooper Fix Version/s: FACT 4.4.1 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.484502.1681845533000.4073.1685637540022%40Atlassian.JIRA.
Jira (FACT-3198) Fact keys and values should not contain embedded null bytes
Title: Message Title Josh Cooper updated an issue Facter / FACT-3198 Fact keys and values should not contain embedded null bytes Change By: Josh Cooper Story Points: 3 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.484502.1681845533000.4130.1685642160028%40Atlassian.JIRA.
Jira (PUP-11855) Add puppet setting to configure renewal interval
Title: Message Title Josh Cooper updated an issue Puppet / PUP-11855 Add puppet setting to configure renewal interval Change By: Josh Cooper Create new puppet setting, TBD, to specify when to attempt client cert renewal relative to its expiration date, e.g. N weeks prior. See PE-35564 for specifics. Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.485827.1684431623000.4089.1685639580042%40Atlassian.JIRA.
Jira (PUP-11855) Add puppet setting to configure renewal interval
Title: Message Title Josh Cooper updated an issue Puppet / PUP-11855 Add puppet setting to configure renewal interval Change By: Josh Cooper Create new puppet setting, TBD, to specify when to attempt client cert renewal relative to its expiration date, e.g. N weeks prior. The setting should be of type "duration"It should be on by default.It should be possible to disable the renewal behavior by setting the value to "0"It's default value should be TBD See PE-35564 for specifics general requirements . Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.485827.1684431623000.4098.1685640360034%40Atlassian.JIRA.
Jira (PUP-11855) Add puppet setting to configure renewal interval
Title: Message Title Josh Cooper updated an issue Puppet / PUP-11855 Add puppet setting to configure renewal interval Change By: Josh Cooper Create new puppet setting, TBD, to specify when to attempt client cert renewal relative to its expiration date, e.g. N weeks prior.The setting should be of type "duration"It should be on off by default . (since puppetserver will be off by default in FOSS) It should be possible to disable the renewal behavior by setting the value to "0"It's default value should be TBDSee PE-35564 for general requirements. Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.485827.1684431623000.4103.1685640780053%40Atlassian.JIRA.
Jira (PUP-11788) certname with .pp in the middle doesn't pick up its own manifest
Title: Message Title Josh Cooper updated an issue Puppet / PUP-11788 certname with .pp in the middle doesn't pick up its own manifest Change By: Josh Cooper Story Points: 3 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.483518.167966097.4132.1685642280036%40Atlassian.JIRA.
Jira (FACT-3205) Transient failure in integration testing around 'write_to_file' method
Title: Message Title
Josh Cooper commented on FACT-3205
Re: Transient failure in integration testing around 'write_to_file' method
Also happening in CI https://github.com/puppetlabs/facter/actions/runs/5135872309/jobs/9241862743
Failures:
1) Facter .fact with external facts with array as value does not use non negative index
Failure/Error: File.open(file, 'w') { |f| f.print to_write }
Errno::ENOENT:
No such file or directory - /tmp/external_facts20230531-1859-rbh4rj/VXQQPGXR_os_fact.yaml
# ./spec_integration/facter_spec.rb:13:in `write_to_file'
# ./spec_integration/facter_spec.rb:810:in `block in '
Finished in 3 minutes 43 seconds (files took 25.16 seconds to load)
133 examples, 1 failure
Jira (PUP-11855) Add puppet setting to configure renewal interval
Title: Message Title Josh Cooper updated an issue Puppet / PUP-11855 Add puppet setting to configure renewal interval Change By: Josh Cooper Sprint: Phoenix 2023-06-07 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.485827.1684431623000.1780.1684947180055%40Atlassian.JIRA.
Jira (PUP-11854) Add agent renew REST implementation
Title: Message Title Josh Cooper updated an issue Puppet / PUP-11854 Add agent renew REST implementation Change By: Josh Cooper Sprint: Phoenix 2023-06-07 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.485826.1684431563000.1781.1684947180118%40Atlassian.JIRA.
Jira (PUP-11815) Default system provider to systemd with Amazon Linux 2023
Title: Message Title Josh Cooper updated an issue Puppet / PUP-11815 Default system provider to systemd with Amazon Linux 2023 Change By: Josh Cooper Epic Link: PA-5566 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.484145.1680874387000.1733.1684942260048%40Atlassian.JIRA.
Jira (PUP-11853) When "sleeping" agent raise "attempt to read body out of block (IOError)"
Title: Message Title Josh Cooper updated an issue Puppet / PUP-11853 When "sleeping" agent raise "attempt to read body out of block (IOError)" Change By: Josh Cooper Priority: Normal High Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.479243.1674046176000.1784.1684947300027%40Atlassian.JIRA.
Jira (FACT-3167) Networking facts on AIX incomplete if network device is in down state
Title: Message Title Josh Cooper updated an issue Facter / FACT-3167 Networking facts on AIX incomplete if network device is in down state Change By: Josh Cooper Story Points: 2 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.475613.1669219052000.1826.1684947661597%40Atlassian.JIRA.
Jira (FACT-3167) Networking facts on AIX incomplete if network device is in down state
Title: Message Title Josh Cooper updated an issue Facter / FACT-3167 Networking facts on AIX incomplete if network device is in down state Change By: Josh Cooper Sprint: Phoenix 2023-06-07 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.475613.1669219052000.1825.1684947661551%40Atlassian.JIRA.
Jira (FACT-3089) Processor ISA fact on Linux reports wrong data if the string contains a period
Title: Message Title Josh Cooper updated an issue Facter / FACT-3089 Processor ISA fact on Linux reports wrong data if the string contains a period Change By: Josh Cooper Sprint: Phoenix 2023-06-07 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.421525.1635492732000.1789.1684947480189%40Atlassian.JIRA.
Jira (PUP-11854) Add agent renew REST implementation
Title: Message Title Josh Cooper updated an issue Puppet / PUP-11854 Add agent renew REST implementation Change By: Josh Cooper Sprint: Phoenix 2023-06-07 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.485826.1684431563000.1783.1684947240077%40Atlassian.JIRA.
Jira (PUP-11855) Add puppet setting to configure renewal interval
Title: Message Title Josh Cooper updated an issue Puppet / PUP-11855 Add puppet setting to configure renewal interval Change By: Josh Cooper Sprint: Phoenix 2023-06-07 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.485827.1684431623000.1782.1684947240032%40Atlassian.JIRA.
Jira (FACT-1902) Confirm Facter 4 validates that external/custom/executable facts output proper UTF-8
Title: Message Title
Josh Cooper updated an issue
Facter / FACT-1902
Confirm Facter 4 validates that external/custom/executable facts output proper UTF-8
Change By:
Josh Cooper
Modern versions of Puppet require that the data they serialize to JSON is proper UTF-8. Since facter collects data from different external sources, it's possible for facter data to be incorrectly encoded. Examples include: * String contains a valid UTF-16LE byte sequence, but the string's "encoding" method returns UTF-8 (Windows Registry) * String contains binary data, but "encoding" returns UTF-8 (EC2 userdata) * String contains the start of a valid multibyte UTF-8 sequnce, e.g. ("\xc3\x28") * String contains embedded nulls. Strictly speaking the "\u" code point is valid and is encoded as a single null byte, but it is surprising and can't be stored in Postgres. * String was generated by a child process based on the active code page (Windows CP1252), but the output is interpreted as UTF-8Facter's normalization should ensure: * All fact data contains valid UTF-8 data * If the string data is not valid, the invalid byte sequence should be replaced with the unicode replacement character, so that it is valid * Same for embedded null values (different ticket) * A warning should be generated specifying the fact key -or value- with invalid data
Add Comment
This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8)
Jira (FACT-1902) Confirm Facter 4 validates that external/custom/executable facts output proper UTF-8
Title: Message Title
Josh Cooper updated an issue
Facter / FACT-1902
Confirm Facter 4 validates that external/custom/executable facts output proper UTF-8
Change By:
Josh Cooper
Modern versions of Puppet require that the data they serialize to JSON is proper UTF-8. Since facter collects data from different external sources, it's possible for facter data to be incorrectly encoded. Examples include: * String contains a valid UTF-16LE byte sequence, but the string's "encoding" method returns UTF-8 (Windows Registry) * String contains binary data, but "encoding" returns UTF-8 (EC2 userdata) * String contains the start of a valid multibyte UTF-8 sequnce, e.g. ("\xc3\x28") * String contains embedded nulls. Strictly speaking the "\u" code point is valid and is encoded as a single null byte, but it is surprising and can't be stored in Postgres. * String was generated by a child process based on the active code page (Windows CP1252), but the output is interpreted as UTF-8Facter's normalization should ensure: * All fact data contains valid UTF-8 data * If the string data is not valid, the invalid byte sequence should be replaced with the unicode replacement character, so that it is valid * Same for embedded null values * A warning should be generated specifying the fact key - or value - with invalid data
Add Comment
This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8)
Jira (FACT-3136) gce.project.attributes.sshKeys is a string instead of an array
Title: Message Title Josh Cooper updated an issue Facter / FACT-3136 gce.project.attributes.sshKeys is a string instead of an array Change By: Josh Cooper Release Notes: Bug Fix Release Notes Summary: Facter 4 now correctly returns the value of the gce.project.attributes.sshKeys fact as an array of strings as it did in Facter 3. Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.454867.1657650158000.6596.168627333%40Atlassian.JIRA.
Jira (PUP-11869) Retry failed CA & CRL refreshes sooner than the next interval
Title: Message Title Josh Cooper updated an issue Puppet / PUP-11869 Retry failed CA & CRL refreshes sooner than the next interval Change By: Josh Cooper Sprint: Phoenix 2023-06-21 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.486486.1686076476000.5305.1686092820032%40Atlassian.JIRA.
Jira (PUP-11869) Retry failed CA & CRL refreshes sooner than the next interval
Title: Message Title Josh Cooper updated an issue Puppet / PUP-11869 Retry failed CA & CRL refreshes sooner than the next interval Change By: Josh Cooper Fix Version/s: PUP 8.2.0 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.486486.1686076476000.5306.1686092820094%40Atlassian.JIRA.
Jira (PUP-11869) Retry failed CA & CRL refreshes sooner than the next interval
Title: Message Title Josh Cooper updated an issue Puppet / PUP-11869 Retry failed CA & CRL refreshes sooner than the next interval Change By: Josh Cooper Story Points: 1 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.486486.1686076476000.5279.1686088080037%40Atlassian.JIRA.
Jira (PUP-11849) CRL authorityKeyIdentifier is not printed in puppet8
Title: Message Title Josh Cooper updated an issue Puppet / PUP-11849 CRL authorityKeyIdentifier is not printed in puppet8 Change By: Josh Cooper Story Points: 1 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.485441.1683744464000.5281.1686088320028%40Atlassian.JIRA.
Jira (PUP-11871) crl refresh spec test overwrites the crl fixture
Title: Message Title Josh Cooper moved an issue Puppet / PUP-11871 crl refresh spec test overwrites the crl fixture Change By: Josh Cooper Key: PA PUP - 4944 11871 Project: Puppet Agent Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.481513.1676478593000.5296.1686090420042%40Atlassian.JIRA.
Jira (FACT-1902) Confirm Facter 4 validates that external/custom/executable facts output proper UTF-8
Title: Message Title Josh Cooper updated an issue Facter / FACT-1902 Confirm Facter 4 validates that external/custom/executable facts output proper UTF-8 Change By: Josh Cooper Fix Version/s: FACT 4.4.1 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.290197.1546471789000.5280.1686088200030%40Atlassian.JIRA.
Jira (FACT-3188) Error on on Solaris non-global zone after upgrading to PE2021.7.2
Title: Message Title Josh Cooper updated an issue Facter / FACT-3188 Error on on Solaris non-global zone after upgrading to PE2021.7.2 Change By: Josh Cooper Sprint: Phoenix 2023-06-21 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.481890.1677480699000.5307.1686092940032%40Atlassian.JIRA.
Jira (PUP-11869) Retry failed CA & CRL refreshes sooner than the next interval
Title: Message Title Josh Cooper created an issue Puppet / PUP-11869 Retry failed CA & CRL refreshes sooner than the next interval Issue Type: Improvement Assignee: Unassigned Created: 2023/06/06 11:34 AM Priority: Normal Reporter: Josh Cooper If a CRL refresh fails, then the agent won't try again until another crl_refresh_interval has elapsed. This was intentionally done during the initial implementation so that we didn't overload puppetserver in the event of failed refreshes. But now that the code has been proven and we have confirmation that conditional GET requests for the CRL are don't have a significant performance impact, we want to be more robust in the event of transient network issues. If the agent fails to refresh the CRL, then it should continue retrying the next time it runs, and continue retrying until it succeeds. This is also an issue for CA refresh (see PUP-10639) Add Comment
Jira (FACT-3207) Don't rescue NoMethodError
Title: Message Title
Josh Cooper updated an issue
Facter / FACT-3207
Don't rescue NoMethodError
Change By:
Josh Cooper
The base resolver rescues NoMethodError, which hides bugs in resolvers. For example, if I disable the rescue, exposing it exposes a bug in the dmi resolver:{noformat}$ bundle exec facter --debug[2023-06-06 08:07:21.541262 ] DEBUG Facter::Resolvers::Linux::DmiBios - Resolving fact product_serial, but got undefined method `encode' for nil:NilClass .encode('UTF-8', invalid: :replace) ^^^ at /home/josh/work/facter/lib/facter/resolvers/dmi.rb:39:in `read_facts' {noformat}
Add Comment
This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8)
--
You received this message because you are subscribed to the Google Groups "Puppet Bugs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com.
To view this discussion on the web visit
Jira (FACT-3207) Don't rescue NoMethodError
Title: Message Title
Josh Cooper created an issue
Facter / FACT-3207
Don't rescue NoMethodError
Issue Type:
Bug
Assignee:
Unassigned
Created:
2023/06/06 8:10 AM
Priority:
Normal
Reporter:
Josh Cooper
The base resolver rescues NoMethodError, which hides bugs in resolvers. For example, if I disable the rescue, exposing a bug in the dmi resolver:
$ bundle exec facter --debug
[2023-06-06 08:07:21.541262 ] DEBUG Facter::Resolvers::Linux::DmiBios - Resolving fact product_serial, but got undefined method `encode' for nil:NilClass
.encode('UTF-8', invalid: :replace)
^^^ at /home/josh/work/facter/lib/facter/resolvers/dmi.rb:39:in `read_facts'
Jira (PUP-11849) CRL authorityKeyIdentifier is not printed in puppet8
Title: Message Title Josh Cooper updated an issue Puppet / PUP-11849 CRL authorityKeyIdentifier is not printed in puppet8 Change By: Josh Cooper Sprint: Phoenix 2023-06-21 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.485441.1683744464000.5755.1686154440094%40Atlassian.JIRA.
Jira (PUP-11871) crl refresh spec test overwrites the crl fixture
Title: Message Title Josh Cooper updated an issue Puppet / PUP-11871 crl refresh spec test overwrites the crl fixture Change By: Josh Cooper Sprint: Phoenix 2023-06-21 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.481513.1676478593000.5754.1686154440047%40Atlassian.JIRA.
Jira (PUP-11846) The --no-preprocess_deferred option breaks deferring of Sensitive file content
Title: Message Title Josh Cooper updated an issue Puppet / PUP-11846 The --no-preprocess_deferred option breaks deferring of Sensitive file content Change By: Josh Cooper Epic Link: PA-5411 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.485142.1683044961000.5823.1686156120045%40Atlassian.JIRA.
Jira (PUP-11846) The --no-preprocess_deferred option breaks deferring of Sensitive file content
Title: Message Title Josh Cooper updated an issue Puppet / PUP-11846 The --no-preprocess_deferred option breaks deferring of Sensitive file content Change By: Josh Cooper Team: Phoenix Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.485142.1683044961000.5824.1686156120113%40Atlassian.JIRA.
Jira (PUP-11846) The --no-preprocess_deferred option breaks deferring of Sensitive file content
Title: Message Title Josh Cooper updated an issue Puppet / PUP-11846 The --no-preprocess_deferred option breaks deferring of Sensitive file content Change By: Josh Cooper Priority: Major High Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.485142.1683044961000.5869.1686157560141%40Atlassian.JIRA.
Jira (PUP-11846) The --no-preprocess_deferred option breaks deferring of Sensitive file content
Title: Message Title Josh Cooper updated an issue Puppet / PUP-11846 The --no-preprocess_deferred option breaks deferring of Sensitive file content Change By: Josh Cooper Priority: Normal Major Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.485142.1683044961000.5867.1686157560047%40Atlassian.JIRA.
Jira (PUP-11868) New default strict=error breaks all deprecation warnings
Title: Message Title Josh Cooper updated an issue Puppet / PUP-11868 New default strict=error breaks all deprecation warnings Change By: Josh Cooper Priority: Normal High Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.486431.1685855267000.5868.1686157560093%40Atlassian.JIRA.
Jira (PUP-11856) Update agent state machine to renew client cert
Title: Message Title Josh Cooper updated an issue Puppet / PUP-11856 Update agent state machine to renew client cert Change By: Josh Cooper Sprint: Phoenix 2023-06-21 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.485829.1684435039000.5866.1686157500031%40Atlassian.JIRA.
Jira (FACT-3187) Facter fails on mountpoints fact on Solaris 10 with non-global zones which have NFS mounts
Title: Message Title Josh Cooper updated an issue Facter / FACT-3187 Facter fails on mountpoints fact on Solaris 10 with non-global zones which have NFS mounts Change By: Josh Cooper Sprint: Phoenix 2023-06-07 , Phoenix 2023-06-21 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.481548.1676518094000.5920.1686159060024%40Atlassian.JIRA.
Jira (PUP-11849) CRL authorityKeyIdentifier is not printed in puppet8
Title: Message Title Josh Cooper updated an issue Puppet / PUP-11849 CRL authorityKeyIdentifier is not printed in puppet8 Change By: Josh Cooper Sprint: Phoenix 2023-06-21 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.485441.1683744464000.5927.1686159660097%40Atlassian.JIRA.
Jira (PUP-11871) crl refresh spec test overwrites the crl fixture
Title: Message Title Josh Cooper updated an issue Puppet / PUP-11871 crl refresh spec test overwrites the crl fixture Change By: Josh Cooper Sprint: Phoenix 2023-06-21 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.481513.1676478593000.5926.1686159660033%40Atlassian.JIRA.
Jira (FACT-3188) Error on on Solaris non-global zone after upgrading to PE2021.7.2
Title: Message Title Josh Cooper updated an issue Facter / FACT-3188 Error on on Solaris non-global zone after upgrading to PE2021.7.2 Change By: Josh Cooper Fix Version/s: FACT 4.4.1 Fix Version/s: FACT 4.4.2 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.481890.1677480699000.5946.1686160440109%40Atlassian.JIRA.
Jira (FACT-3187) Facter fails on mountpoints fact on Solaris 10 with non-global zones which have NFS mounts
Title: Message Title Josh Cooper updated an issue Facter / FACT-3187 Facter fails on mountpoints fact on Solaris 10 with non-global zones which have NFS mounts Change By: Josh Cooper Fix Version/s: FACT 4.4.1 Fix Version/s: FACT 4.4.2 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.481548.1676518094000.5945.1686160440044%40Atlassian.JIRA.
Jira (PUP-11865) Remove strict* settings
Title: Message Title Josh Cooper created an issue Puppet / PUP-11865 Remove strict* settings Issue Type: Task Assignee: Unassigned Created: 2023/05/23 11:40 AM Priority: Normal Reporter: Josh Cooper In Puppet 8, we changed the default values for strict and strict_variables. During the 8.x lifetime, we should deprecate the old behaviors in PUP-11864. In Puppet 9, those settings should be removed. Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8)
Jira (PUP-477) Implement Strict Numbers
Title: Message Title Josh Cooper commented on PUP-477 Re: Implement Strict Numbers Henrik Lindberg yes makes sense, I filed https://tickets.puppetlabs.com/browse/PUP-11864 and https://tickets.puppetlabs.com/browse/PUP-11865. Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.16072.1380731456000.1451.1684867320024%40Atlassian.JIRA.
Jira (PUP-11864) Deprecate strict* settings
Title: Message Title Josh Cooper created an issue Puppet / PUP-11864 Deprecate strict* settings Issue Type: Task Assignee: Unassigned Created: 2023/05/23 11:38 AM Priority: Normal Reporter: Josh Cooper In Puppet 8, we changed the default values for strict and strict_variables. During the 8.x lifetime, we should deprecate the old behaviors (try to disable strict). A separate ticket will be filed to remove the settings in Puppet 9. Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8)
Jira (FACT-3196) Facter on Solaris 10 seems to leak file descriptors, causing puppet run failures
Title: Message Title Josh Cooper updated an issue Facter / FACT-3196 Facter on Solaris 10 seems to leak file descriptors, causing puppet run failures Change By: Josh Cooper Release Notes: Bug Fix Release Notes Summary: Facter no longer leaks file descriptors when attempting to resolve network interfaces Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.483921.168066443.6735.1686332880044%40Atlassian.JIRA.
Jira (PUP-11855) Add puppet setting to configure renewal interval
Title: Message Title Josh Cooper updated an issue Puppet / PUP-11855 Add puppet setting to configure renewal interval Change By: Josh Cooper Create a new puppet setting, TBD "hostcert_renewal_interval" , to specify when to attempt client cert renewal relative prior to its expiration date . The setting name should start with "hostcert_*" , e because "hostcert" is the setting for the client cert . g. N weeks prior. The setting should be of type "duration"It should be off ON by default (since puppetserver . Puppetserver support will be off by default in FOSS ) , but that way only a server config change will be needed. It should be possible to disable the renewal behavior by setting the value to "0"It's default value should be TBD 30 days. See PE-35564 for general requirements. Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop
Jira (PUP-10639) Refresh cached Puppet CA on Puppet client
Title: Message Title Josh Cooper updated an issue Puppet / PUP-10639 Refresh cached Puppet CA on Puppet client Change By: Josh Cooper Release Notes: Enhancement Release Notes Summary: puppet agents will now attempt to refresh their CA certificate(s) once per day. The frequency is controlled by a new setting Puppet setting "ca_refresh_interval". Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.369858.1597923633000.6708.1686328260044%40Atlassian.JIRA.
Jira (PUP-11776) 11. Update Public-facing Puppet docs to remove macOS 10.15 (x86_64)
Title: Message Title Josh Cooper updated an issue Puppet / PUP-11776 11. Update Public-facing Puppet docs to remove macOS 10.15 (x86_64) Change By: Josh Cooper Update Public-facing Puppet docs with removal of this platform . This platform was never added to puppet 8.0.0, so it's only being removed from the puppet7 stream. Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.482334.167821728.3006.1685466420322%40Atlassian.JIRA.
Jira (PUP-11777) 11. Update Public-facing Puppet docs to remove Red Hat 7 (aarch64)
Title: Message Title Josh Cooper updated an issue Puppet / PUP-11777 11. Update Public-facing Puppet docs to remove Red Hat 7 (aarch64) Change By: Josh Cooper Update Public-facing Puppet docs with removal of this platform . This platform was never added to puppet 8.0.0, so it's only being removed from the puppet7 stream. h4. Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.482362.1678217514000.3011.1685466720095%40Atlassian.JIRA.
Jira (PUP-11866) Puppet-resource_api bug with ruby 3.2 and integer munging
Title: Message Title Josh Cooper commented on PUP-11866 Re: Puppet-resource_api bug with ruby 3.2 and integer munging Need to update https://github.com/puppetlabs/puppet-resource_api/blob/edbf55a7bd39ab1fe7426d6610a630b07753bcc3/.github/workflows/rspec_tests.yaml#L18-L20 to include Ruby 3.2 also Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.486182.1684958721000.3185.1685477400021%40Atlassian.JIRA.
Jira (PUP-11788) certname with .pp in the middle doesn't pick up its own manifest
Title: Message Title Josh Cooper assigned an issue to Tony Vu Puppet / PUP-11788 certname with .pp in the middle doesn't pick up its own manifest Change By: Josh Cooper Assignee: Michael Hashizume Tony Vu Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.483518.167966097.9173.1686672420036%40Atlassian.JIRA.
Jira (FACT-1902) Confirm Facter 4 validates that external/custom/executable facts output proper UTF-8
Title: Message Title Josh Cooper assigned an issue to Josh Cooper Facter / FACT-1902 Confirm Facter 4 validates that external/custom/executable facts output proper UTF-8 Change By: Josh Cooper Assignee: Aria Li Josh Cooper Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.290197.1546471789000.9174.1686672420102%40Atlassian.JIRA.
Jira (PUP-11854) Add agent renew REST implementation
Title: Message Title
Josh Cooper updated an issue
Puppet / PUP-11854
Add agent renew REST implementation
Change By:
Josh Cooper
Add a new method to Puppet::HTTP::Services::CA to renew a client certificate, see [ https://github.com/puppetlabs/puppet/blob/main/lib/puppet/http/service/ca.rb ] See the API details in PE-35563, for example, it should POST the request.The method should accept:* ssl_context (required): the current ssl context to use when making the request, including the client cert that needs to be renewed* name is not required since the REST API doesn't accept one (/puppet-ca/v1/certificate_renewal)If the passed in ssl_context does not contain a client cert it should raise ArgumentErrorThe method should set {{Accept: text/plain}} since the expected response body contains PEM.If the request is successful, the method should return a renewed {{OpenSSL::X509::Certificate}}If the request is not successful, then raise {{Puppet::HTTP::ResponseError}}Add unit tests to spec/unit/http/services/ca_spec.rb to exercise the API. For example, this is where we test the CSR submission code: [ https://github.com/puppetlabs/puppet/blob/ad7d75b08dfff5e308fde199407d84308d74e538/spec/unit/http/service/ca_spec.rb#L159-L197 ] Test the different HTTP statuses (200, 403, etc) see the API details mentioned above. Unsuccessful requests should raise the appropriate ResponseError exception.This is an example curl command to test the server: {noformat} curl -sk -X POST -H ' Accept: text/plain ' --key $(puppet config print hostprivkey) --cert $(puppet config print hostcert) https://$(puppet config print server):8140/puppet-ca/v1/certificate_renewal{noformat}
Add Comment
Jira (PUP-11774) Adding lots of hosts on Windows results in "permission denied" errors for some of them
Title: Message Title Josh Cooper commented on PUP-11774 Re: Adding lots of hosts on Windows results in "permission denied" errors for some of them Dirk Heinrichs we can't reproduce this error. Export and collecting hosts entries with multiple windows agents works as expected for me: C:\ProgramData\PuppetLabs>puppet agent -t Info: Using environment 'production' Info: Retrieving pluginfacts Info: Retrieving plugin Info: Loading facts Info: Caching catalog for veteran-click.delivery.puppetlabs.net Info: Applying configuration version '1686689540' Notice: /Stage[main]/Hosts/Host[veteran-click.delivery.puppetlabs.net]/ensure: created Info: Computing checksum on file C:/Windows/System32/drivers/etc/hosts Notice: /Stage[main]/Hosts/Host[hotter-maximum.delivery.puppetlabs.net]/ensure: created Notice: Applied catalog in 0.07 seconds There is a bug in
Jira (PUP-8241) Update contributor documents
Title: Message Title Josh Cooper updated an issue Puppet / PUP-8241 Update contributor documents Change By: Josh Cooper Epic Link: PE-36273 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.226193.1513039221000.622.1686874200127%40Atlassian.JIRA.
Jira (PUP-11853) When "sleeping" agent raise "attempt to read body out of block (IOError)"
Title: Message Title Josh Cooper commented on PUP-11853 Re: When "sleeping" agent raise "attempt to read body out of block (IOError)" The problem is here: https://github.com/puppetlabs/puppet/blob/6b400f35193e5d6871fd679d6ad49776d1cb6072/lib/puppet/http/client.rb#L380-L404 Note we finish/close the http connection and then later call drain on the response, which tries to fully read the http response. Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.479243.1674046176000.541.1686851220030%40Atlassian.JIRA.
Jira (PUP-11856) Update agent state machine to renew client cert
Title: Message Title Josh Cooper updated an issue Puppet / PUP-11856 Update agent state machine to renew client cert Change By: Josh Cooper Sprint: Phoenix 2023-07-05 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.485829.1684435039000.471.1686847320059%40Atlassian.JIRA.
Jira (PUP-11849) CRL authorityKeyIdentifier is not printed in puppet8
Title: Message Title Josh Cooper updated an issue Puppet / PUP-11849 CRL authorityKeyIdentifier is not printed in puppet8 Change By: Josh Cooper Sprint: Phoenix 2023-07-05 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.485441.1683744464000.473.1686847320153%40Atlassian.JIRA.
Jira (PUP-11871) crl refresh spec test overwrites the crl fixture
Title: Message Title Josh Cooper updated an issue Puppet / PUP-11871 crl refresh spec test overwrites the crl fixture Change By: Josh Cooper Sprint: Phoenix 2023-07-05 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.481513.1676478593000.472.1686847320106%40Atlassian.JIRA.
Jira (PUP-11896) Send auto-renew attribute in CSR
Title: Message Title Josh Cooper created an issue Puppet / PUP-11896 Send auto-renew attribute in CSR Issue Type: Improvement Assignee: Unassigned Created: 2023/06/15 10:02 AM Fix Versions: PUP 8.2.0 Priority: Normal Reporter: Josh Cooper The agent should send an auto-renew attribute in CSR. See PE-35695 for details. Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8)
Jira (PUP-11896) Send auto-renew attribute in CSR
Title: Message Title Josh Cooper updated an issue Puppet / PUP-11896 Send auto-renew attribute in CSR Change By: Josh Cooper Sprint: Phoenix 2023-07-05 Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.487050.1686848565000.507.1686848700031%40Atlassian.JIRA.
