Skip to content

Commit 4b76eb7

Browse files
chambersmpchambersmp
committed
refine port validation to user ports 1024-49151
1 parent 2f017f4 commit 4b76eb7

File tree

11 files changed

+85
-85
lines changed

11 files changed

+85
-85
lines changed

manifests/database/postgresql.pp

Lines changed: 19 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -71,25 +71,25 @@
7171
# PostgreSQL password authentication method, either `md5` or `scram-sha-256`
7272
#
7373
class puppetdb::database::postgresql (
74-
Stdlib::Host $listen_addresses = $puppetdb::params::database_host,
75-
Stdlib::Host $puppetdb_server = $puppetdb::params::puppetdb_server,
76-
String[1] $database_name = $puppetdb::params::database_name,
77-
String[1] $database_username = $puppetdb::params::database_username,
78-
Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password,
79-
Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $database_port = $puppetdb::params::database_port,
80-
Boolean $manage_database = $puppetdb::params::manage_database,
81-
Boolean $manage_server = $puppetdb::params::manage_dbserver,
82-
Boolean $manage_package_repo = $puppetdb::params::manage_pg_repo,
83-
String[2,3] $postgres_version = $puppetdb::params::postgres_version,
84-
Boolean $postgresql_ssl_on = $puppetdb::params::postgresql_ssl_on,
85-
Stdlib::Absolutepath $postgresql_ssl_key_path = $puppetdb::params::postgresql_ssl_key_path,
86-
Stdlib::Absolutepath $postgresql_ssl_cert_path = $puppetdb::params::postgresql_ssl_cert_path,
87-
Stdlib::Absolutepath $postgresql_ssl_ca_cert_path = $puppetdb::params::postgresql_ssl_ca_cert_path,
88-
String[1] $read_database_username = $puppetdb::params::read_database_username,
89-
Variant[String[1], Sensitive[String[1]]] $read_database_password = $puppetdb::params::read_database_password,
90-
Optional[Stdlib::Host] $read_database_host = $puppetdb::params::read_database_host,
91-
Boolean $password_sensitive = false,
92-
Postgresql::Pg_password_encryption $password_encryption = $puppetdb::params::password_encryption,
74+
Stdlib::Host $listen_addresses = $puppetdb::params::database_host,
75+
Stdlib::Host $puppetdb_server = $puppetdb::params::puppetdb_server,
76+
String[1] $database_name = $puppetdb::params::database_name,
77+
String[1] $database_username = $puppetdb::params::database_username,
78+
Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password,
79+
Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $database_port = $puppetdb::params::database_port,
80+
Boolean $manage_database = $puppetdb::params::manage_database,
81+
Boolean $manage_server = $puppetdb::params::manage_dbserver,
82+
Boolean $manage_package_repo = $puppetdb::params::manage_pg_repo,
83+
String[2,3] $postgres_version = $puppetdb::params::postgres_version,
84+
Boolean $postgresql_ssl_on = $puppetdb::params::postgresql_ssl_on,
85+
Stdlib::Absolutepath $postgresql_ssl_key_path = $puppetdb::params::postgresql_ssl_key_path,
86+
Stdlib::Absolutepath $postgresql_ssl_cert_path = $puppetdb::params::postgresql_ssl_cert_path,
87+
Stdlib::Absolutepath $postgresql_ssl_ca_cert_path = $puppetdb::params::postgresql_ssl_ca_cert_path,
88+
String[1] $read_database_username = $puppetdb::params::read_database_username,
89+
Variant[String[1], Sensitive[String[1]]] $read_database_password = $puppetdb::params::read_database_password,
90+
Optional[Stdlib::Host] $read_database_host = $puppetdb::params::read_database_host,
91+
Boolean $password_sensitive = false,
92+
Postgresql::Pg_password_encryption $password_encryption = $puppetdb::params::password_encryption,
9393
) inherits puppetdb::params {
9494
$port = case $database_port.is_a(String) {
9595
true: { scanf($database_port, '%i')[0] }

manifests/init.pp

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -347,11 +347,11 @@
347347
#
348348
class puppetdb (
349349
Stdlib::Host $listen_address = $puppetdb::params::listen_address,
350-
Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $listen_port = $puppetdb::params::listen_port,
350+
Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $listen_port = $puppetdb::params::listen_port,
351351
Boolean $disable_cleartext = $puppetdb::params::disable_cleartext,
352352
Boolean $open_listen_port = $puppetdb::params::open_listen_port,
353353
Stdlib::Host $ssl_listen_address = $puppetdb::params::ssl_listen_address,
354-
Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $ssl_listen_port = $puppetdb::params::ssl_listen_port,
354+
Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $ssl_listen_port = $puppetdb::params::ssl_listen_port,
355355
Boolean $disable_ssl = $puppetdb::params::disable_ssl,
356356
Optional[Boolean] $open_ssl_listen_port = $puppetdb::params::open_ssl_listen_port,
357357
Stdlib::Absolutepath $ssl_dir = $puppetdb::params::ssl_dir,
@@ -377,7 +377,7 @@
377377
Boolean $manage_package_repo = $puppetdb::params::manage_pg_repo,
378378
String[2,3] $postgres_version = $puppetdb::params::postgres_version,
379379
Stdlib::Host $database_host = $puppetdb::params::database_host,
380-
Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $database_port = $puppetdb::params::database_port,
380+
Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $database_port = $puppetdb::params::database_port,
381381
String[1] $database_username = $puppetdb::params::database_username,
382382
Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password,
383383
String[1] $database_name = $puppetdb::params::database_name,
@@ -400,7 +400,7 @@
400400
String[1] $puppetdb_group = $puppetdb::params::puppetdb_group,
401401
Stdlib::Host $puppetdb_server = $puppetdb::params::puppetdb_server,
402402
Optional[Stdlib::Host] $read_database_host = $puppetdb::params::read_database_host,
403-
Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $read_database_port = $puppetdb::params::read_database_port,
403+
Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $read_database_port = $puppetdb::params::read_database_port,
404404
String[1] $read_database_username = $puppetdb::params::read_database_username,
405405
Variant[String[1], Sensitive[String[1]]] $read_database_password = $puppetdb::params::read_database_password,
406406
String[1] $read_database_name = $puppetdb::params::read_database_name,

manifests/master/config.pp

Lines changed: 20 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -90,35 +90,35 @@
9090
# files (other than `puppet.conf`).
9191
#
9292
class puppetdb::master::config (
93-
Stdlib::Host $puppetdb_server = fact('networking.fqdn'),
94-
Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $puppetdb_port = defined(Class['puppetdb']) ? {
93+
Stdlib::Host $puppetdb_server = fact('networking.fqdn'),
94+
Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $puppetdb_port = defined(Class['puppetdb']) ? {
9595
true => $puppetdb::disable_ssl ? {
9696
true => 8080,
9797
default => 8081,
9898
},
9999
default => 8081,
100100
},
101-
Boolean $puppetdb_disable_ssl = defined(Class['puppetdb']) ? {
101+
Boolean $puppetdb_disable_ssl = defined(Class['puppetdb']) ? {
102102
true => $puppetdb::disable_ssl,
103103
default => false,
104104
},
105-
Boolean $masterless = $puppetdb::params::masterless,
106-
Boolean $puppetdb_soft_write_failure = false,
107-
Boolean $manage_routes = true,
108-
Boolean $manage_storeconfigs = true,
109-
Boolean $enable_storeconfigs = true,
110-
Boolean $manage_report_processor = false,
111-
Boolean $manage_config = true,
112-
Boolean $create_puppet_service_resource = true,
113-
Boolean $strict_validation = true,
114-
Boolean $enable_reports = false,
115-
Stdlib::Absolutepath $puppet_confdir = $puppetdb::params::puppet_confdir,
116-
Stdlib::Absolutepath $puppet_conf = $puppetdb::params::puppet_conf,
117-
String[1] $terminus_package = $puppetdb::params::terminus_package,
118-
String[1] $puppet_service_name = $puppetdb::params::puppet_service_name,
119-
Integer $puppetdb_startup_timeout = $puppetdb::params::puppetdb_startup_timeout,
120-
String[1] $test_url = $puppetdb::params::test_url,
121-
Boolean $restart_puppet = true,
105+
Boolean $masterless = $puppetdb::params::masterless,
106+
Boolean $puppetdb_soft_write_failure = false,
107+
Boolean $manage_routes = true,
108+
Boolean $manage_storeconfigs = true,
109+
Boolean $enable_storeconfigs = true,
110+
Boolean $manage_report_processor = false,
111+
Boolean $manage_config = true,
112+
Boolean $create_puppet_service_resource = true,
113+
Boolean $strict_validation = true,
114+
Boolean $enable_reports = false,
115+
Stdlib::Absolutepath $puppet_confdir = $puppetdb::params::puppet_confdir,
116+
Stdlib::Absolutepath $puppet_conf = $puppetdb::params::puppet_conf,
117+
String[1] $terminus_package = $puppetdb::params::terminus_package,
118+
String[1] $puppet_service_name = $puppetdb::params::puppet_service_name,
119+
Integer $puppetdb_startup_timeout = $puppetdb::params::puppetdb_startup_timeout,
120+
String[1] $test_url = $puppetdb::params::test_url,
121+
Boolean $restart_puppet = true,
122122
) inherits puppetdb::params {
123123
# **WARNING**: Ugly hack to work around a yum bug with metadata parsing. This
124124
# should not be copied, replicated or even looked at. In short, never rename

manifests/master/puppetdb_conf.pp

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -2,14 +2,14 @@
22
#
33
# @api private
44
class puppetdb::master::puppetdb_conf (
5-
Stdlib::Host $server = 'localhost',
6-
Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $port = '8081',
7-
Boolean $soft_write_failure = $puppetdb::disable_ssl ? {
5+
Stdlib::Host $server = 'localhost',
6+
Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $port = '8081',
7+
Stdlib::Absolutepath $puppet_confdir = $puppetdb::params::puppet_confdir,
8+
Boolean $soft_write_failure = $puppetdb::disable_ssl ? {
89
true => true,
910
default => false,
1011
},
11-
Stdlib::Absolutepath $puppet_confdir = $puppetdb::params::puppet_confdir,
12-
Boolean $legacy_terminus = $puppetdb::params::terminus_package ? {
12+
Boolean $legacy_terminus = $puppetdb::params::terminus_package ? {
1313
/(puppetdb-terminus)/ => true,
1414
default => false,
1515
},

manifests/server.pp

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -312,11 +312,11 @@
312312
#
313313
class puppetdb::server (
314314
Stdlib::Host $listen_address = $puppetdb::params::listen_address,
315-
Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $listen_port = $puppetdb::params::listen_port,
315+
Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $listen_port = $puppetdb::params::listen_port,
316316
Boolean $disable_cleartext = $puppetdb::params::disable_cleartext,
317317
Boolean $open_listen_port = $puppetdb::params::open_listen_port,
318318
Stdlib::Host $ssl_listen_address = $puppetdb::params::ssl_listen_address,
319-
Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $ssl_listen_port = $puppetdb::params::ssl_listen_port,
319+
Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $ssl_listen_port = $puppetdb::params::ssl_listen_port,
320320
Boolean $disable_ssl = $puppetdb::params::disable_ssl,
321321
Optional[Boolean] $open_ssl_listen_port = $puppetdb::params::open_ssl_listen_port,
322322
Stdlib::Absolutepath $ssl_dir = $puppetdb::params::ssl_dir,
@@ -334,7 +334,7 @@
334334
Optional $cipher_suites = $puppetdb::params::cipher_suites,
335335
Boolean $migrate = $puppetdb::params::migrate,
336336
Stdlib::Host $database_host = $puppetdb::params::database_host,
337-
Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $database_port = $puppetdb::params::database_port,
337+
Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $database_port = $puppetdb::params::database_port,
338338
String[1] $database_username = $puppetdb::params::database_username,
339339
Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password,
340340
String[1] $database_name = $puppetdb::params::database_name,
@@ -355,7 +355,7 @@
355355
String[1] $puppetdb_user = $puppetdb::params::puppetdb_user,
356356
String[1] $puppetdb_group = $puppetdb::params::puppetdb_group,
357357
Optional[Stdlib::Host] $read_database_host = $puppetdb::params::read_database_host,
358-
Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $read_database_port = $puppetdb::params::read_database_port,
358+
Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $read_database_port = $puppetdb::params::read_database_port,
359359
String[1] $read_database_username = $puppetdb::params::read_database_username,
360360
Variant[String[1], Sensitive[String[1]]] $read_database_password = $puppetdb::params::read_database_password,
361361
String[1] $read_database_name = $puppetdb::params::read_database_name,

manifests/server/database.pp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
# @api private
44
class puppetdb::server::database (
55
Stdlib::Host $database_host = $puppetdb::params::database_host,
6-
Variant[Stdlib::Port::Unprivileged, Pattern[/\A[0-9]+\Z/]] $database_port = $puppetdb::params::database_port,
6+
Variant[Stdlib::Port::User, Pattern[/\A[0-9]+\Z/]] $database_port = $puppetdb::params::database_port,
77
String[1] $database_username = $puppetdb::params::database_username,
88
Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password,
99
String[1] $database_name = $puppetdb::params::database_name,

0 commit comments

Comments
 (0)