puppet 0.24.1 → 0.24.2

data/lib/puppet/type/exec.rb

@@ -211,10 +211,7 @@ module Puppet
                 log the output when the command reports an error.  Values are
                 **true**, *false*, *on_failure*, and any legal log level."
 
-            values = [:true, :false, :on_failure]
-            # And all of the log levels
-            Puppet::Util::Log.eachlevel { |level| values << level }
-            newvalues(*values)
+            newvalues(:true, :false, :on_failure)
         end
 
         newparam(:refresh) do
@@ -229,6 +226,15 @@ module Puppet
         end
 
         newparam(:env) do
+            desc "This parameter is deprecated. Use 'environment' instead."
+
+            munge do |value|
+                warning "'env' is deprecated on exec; use 'environment' instead."
+                resource[:environment] = value
+            end
+        end
+
+        newparam(:environment) do
             desc "Any additional environment variables you want to set for a
                 command.  Note that if you use this to set PATH, it will override
                 the ``path`` attribute.  Multiple environment variables should be
@@ -279,7 +285,7 @@ module Puppet
                     # Rebuild the database, but only when the file changes
                     exec { newaliases:
                         path => [\"/usr/bin\", \"/usr/sbin\"],
-                        subscribe => file[\"/etc/aliases\"],
+                        subscribe => File[\"/etc/aliases\"],
                         refreshonly => true
                     }
                 
@@ -554,32 +560,32 @@ module Puppet
             begin
                 # Do our chdir
                 Dir.chdir(dir) do
-                    env = {}
+                    environment = {}
 
                     if self[:path]
-                        env[:PATH] = self[:path].join(":")
+                        environment[:PATH] = self[:path].join(":")
                     end
 
-                    if envlist = self[:env]
+                    if envlist = self[:environment]
                         envlist = [envlist] unless envlist.is_a? Array
                         envlist.each do |setting|
                             if setting =~ /^(\w+)=((.|\n)+)$/
                                 name = $1
                                 value = $2
-                                if env.include? name
+                                if environment.include? name
                                     warning(
                                     "Overriding environment setting '%s' with '%s'" %
                                         [name, value]
                                     )
                                 end
-                                env[name] = value
+                                environment[name] = value
                             else
-                                warning "Cannot understand env setting %s" % setting.inspect
+                                warning "Cannot understand environment setting %s" % setting.inspect
                             end
                         end
                     end
 
-                    withenv env do
+                    withenv environment do
                         Timeout::timeout(self[:timeout]) do
                             output, status = Puppet::Util::SUIDManager.run_and_capture(
                                 [command], self[:user], self[:group]

data/lib/puppet/type/{pfile.rb → file.rb}

@@ -5,10 +5,12 @@ require 'uri'
 require 'fileutils'
 require 'puppet/network/handler'
 require 'puppet/util/diff'
+require 'puppet/util/checksums'
 
 module Puppet
     newtype(:file) do
         include Puppet::Util::MethodHelper
+        include Puppet::Util::Checksums
         @doc = "Manages local files, including setting ownership and
             permissions, creation of both files and directories, and
             retrieving entire files from remote servers.  As Puppet matures, it
@@ -173,11 +175,9 @@ module Puppet
                 recursion), and ``follow`` will manage the file to which the
                 link points."
 
-            newvalues(:follow, :manage, :ignore)
+            newvalues(:follow, :manage)
 
-            # :ignore and :manage behave equivalently on local files,
-            # but don't copy remote links
-            defaultto :ignore
+            defaultto :manage
         end
 
         newparam(:purge, :boolean => true) do
@@ -460,7 +460,9 @@ module Puppet
             super
 
             # Get rid of any duplicate slashes, and remove any trailing slashes.
-            @title = @title.gsub(/\/+/, "/").sub(/\/$/, "")
+            @title = @title.gsub(/\/+/, "/")
+            
+            @title.sub!(/\/$/, "") unless @title == "/"
 
             # Clean out as many references to any file paths as possible.
             # This was the source of many, many bugs.
@@ -640,7 +642,6 @@ module Puppet
                     # :file.
                     return nil unless child = catalog.create_implicit_resource(self.class.name, args)
                 rescue => detail
-                    puts detail.backtrace
                     self.notice "Cannot manage: %s" % [detail]
                     return nil
                 end
@@ -648,7 +649,7 @@ module Puppet
 
             # LAK:FIXME This shouldn't be necessary, but as long as we're
             # modeling the relationship graph specifically, it is.
-            catalog.relationship_graph.add_edge! self, child
+            catalog.relationship_graph.add_edge self, child
 
             return child
         end
@@ -767,11 +768,8 @@ module Puppet
             begin
                 File.unlink(newfile)
             rescue => detail
-                if Puppet[:trace]
-                    puts detail.backtrace
-                end
-                self.err "Could not remove old backup: %s" %
-                    detail
+                puts detail.backtrace if Puppet[:trace]
+                self.err "Could not remove old backup: %s" % detail
                 return false
             end
         end
@@ -781,9 +779,7 @@ module Puppet
         def remove_existing(should)
             return unless s = stat(true)
 
-            unless handlebackup
-                self.fail "Could not back up; will not replace"
-            end
+            self.fail "Could not back up; will not replace" unless handlebackup
 
             unless should.to_s == "link"
                 return if s.ftype.to_s == should.to_s 
@@ -792,8 +788,7 @@ module Puppet
             case s.ftype
             when "directory":
                 if self[:force] == :true
-                    debug "Removing existing directory for replacement with %s" %
-                        should
+                    debug "Removing existing directory for replacement with %s" % should
                     FileUtils.rmtree(self[:path])
                 else
                     notice "Not removing directory; use 'force' to override"
@@ -977,7 +972,7 @@ module Puppet
         end
 
         def uri2obj(source)
-            sourceobj = FileSource.new
+            sourceobj = Puppet::Type::File::FileSource.new
             path = nil
             unless source
                 devfail "Got a nil source"
@@ -1033,54 +1028,38 @@ module Puppet
             return [sourceobj, path.sub(/\/\//, '/')]
         end
 
-        # Write out the file.  We open the file correctly, with all of the
-        # uid and mode and such, and then yield the file handle for actual
-        # writing.
-        def write(property, usetmp = true)
-            mode = self.should(:mode)
+        # Write out the file.  Requires the content to be written,
+        # the property name for logging, and the checksum for validation.
+        def write(content, property, checksum = nil)
+            if validate = validate_checksum?
+                # Use the appropriate checksum type -- md5, md5lite, etc.
+                sumtype = property(:checksum).checktype
+                checksum ||= "{#{sumtype}}" + property(:checksum).send(sumtype, content)
+            end
 
             remove_existing(:file)
 
-            # The temporary file
-            path = nil
-            if usetmp
-                path = self[:path] + ".puppettmp"
-            else
-                path = self[:path]
-            end
-
-            # As the correct user and group
-            write_if_writable(File.dirname(path)) do
-                f = nil
-                # Open our file with the correct modes
-                if mode
-                    Puppet::Util.withumask(000) do
-                        f = File.open(path,
-                            File::CREAT|File::WRONLY|File::TRUNC, mode)
-                    end
-                else
-                    f = File.open(path, File::CREAT|File::WRONLY|File::TRUNC)
-                end
+            use_temporary_file = (content.length != 0)
+            path = self[:path]
+            path += ".puppettmp" if use_temporary_file
 
-                # Yield it
-                yield f
+            mode = self.should(:mode) # might be nil
+            umask = mode ? 000 : 022
 
-                f.flush
-                f.close
+            Puppet::Util.withumask(umask) do
+                File.open(path, File::CREAT|File::WRONLY|File::TRUNC, mode) { |f| f.print content }
             end
 
             # And put our new file in place
-            if usetmp
+            if use_temporary_file # This is only not true when our file is empty.
                 begin
+                    fail_if_checksum_is_wrong(path, checksum) if validate
                     File.rename(path, self[:path])
                 rescue => detail
-                    self.err "Could not rename tmp %s for replacing: %s" %
-                        [self[:path], detail]
+                    self.err "Could not rename tmp %s for replacing: %s" % [self[:path], detail]
                 ensure
                     # Make sure the created file gets removed
-                    if FileTest.exists?(path)
-                        File.unlink(path)
-                    end
+                    File.unlink(path) if FileTest.exists?(path)
                 end
             end
 
@@ -1088,32 +1067,35 @@ module Puppet
             property_fix
 
             # And then update our checksum, so the next run doesn't find it.
-            # FIXME This is extra work, because it's going to read the whole
-            # file back in again.
-            self.setchecksum
-            
+            self.setchecksum(checksum)
         end
-        
-        # Run the block as the specified user if the dir is writeable, else
-        # run it as root (or the current user).
-        def write_if_writable(dir)
-            yield
-            # We're getting different behaviors from different versions of ruby, so...
-            # asroot = true
-            # Puppet::Util::SUIDManager.asuser(asuser(), self.should(:group)) do
-            #     if FileTest.writable?(dir)
-            #         asroot = false
-            #         yield
-            #     end
-            # end
-            # 
-            # if asroot
-            #     yield
-            # end
+
+        # Should we validate the checksum of the file we're writing?
+        def validate_checksum?
+            if sumparam = @parameters[:checksum]
+                return sumparam.checktype.to_s !~ /time/
+            else
+                return false
+            end
         end
 
         private
 
+        # Make sure the file we wrote out is what we think it is.
+        def fail_if_checksum_is_wrong(path, checksum)
+            if checksum =~ /^\{(\w+)\}.+/
+                sumtype = $1
+            else
+                # This shouldn't happen, but if it happens to, it's nicer
+                # to just use a default sumtype than fail.
+                sumtype = "md5"
+            end
+            newsum = property(:checksum).getsum(sumtype, path)
+            return if newsum == checksum
+
+            self.fail "File written to disk did not match checksum; discarding changes (%s vs %s)" % [checksum, newsum]
+        end
+
         # Override the parent method, because we don't want to generate changes
         # when the file is missing and there is no 'ensure' state.
         def propertychanges(currentvalues)
@@ -1150,20 +1132,20 @@ module Puppet
 
     # the filesource class can't include the path, because the path
     # changes for every file instance
-    class FileSource
+    class ::Puppet::Type::File::FileSource
         attr_accessor :mount, :root, :server, :local
     end
 
     # We put all of the properties in separate files, because there are so many
     # of them.  The order these are loaded is important, because it determines
     # the order they are in the property lit.
-    require 'puppet/type/pfile/checksum'
-    require 'puppet/type/pfile/content'     # can create the file
-    require 'puppet/type/pfile/source'      # can create the file
-    require 'puppet/type/pfile/target'      # creates a different type of file
-    require 'puppet/type/pfile/ensure'      # can create the file
-    require 'puppet/type/pfile/owner'
-    require 'puppet/type/pfile/group'
-    require 'puppet/type/pfile/mode'
-    require 'puppet/type/pfile/type'
+    require 'puppet/type/file/checksum'
+    require 'puppet/type/file/content'     # can create the file
+    require 'puppet/type/file/source'      # can create the file
+    require 'puppet/type/file/target'      # creates a different type of file
+    require 'puppet/type/file/ensure'      # can create the file
+    require 'puppet/type/file/owner'
+    require 'puppet/type/file/group'
+    require 'puppet/type/file/mode'
+    require 'puppet/type/file/type'
 end

data/lib/puppet/type/file/checksum.rb

@@ -0,0 +1,271 @@
+require 'puppet/util/checksums'
+
+# Keep a copy of the file checksums, and notify when they change.  This
+# property never actually modifies the system, it only notices when the system
+# changes on its own.
+Puppet::Type.type(:file).newproperty(:checksum) do
+    include Puppet::Util::Checksums
+
+    desc "How to check whether a file has changed.  This state is used internally
+        for file copying, but it can also be used to monitor files somewhat
+        like Tripwire without managing the file contents in any way.  You can
+        specify that a file's checksum should be monitored and then subscribe to
+        the file from another object and receive events to signify
+        checksum changes, for instance."
+
+    @event = :file_changed
+
+    @unmanaged = true
+
+    @validtypes = %w{md5 md5lite timestamp mtime time}
+
+    def self.validtype?(type)
+        @validtypes.include?(type)
+    end
+
+    @validtypes.each do |ctype|
+        newvalue(ctype) do
+            handlesum()
+        end
+    end
+
+    str = @validtypes.join("|")
+
+    # This is here because Puppet sets this internally, using
+    # {md5}......
+    newvalue(/^\{#{str}\}/) do
+        handlesum()
+    end
+
+    newvalue(:nosum) do
+        # nothing
+        :nochange
+    end
+
+    # If they pass us a sum type, behave normally, but if they pass
+    # us a sum type + sum, stick the sum in the cache.
+    munge do |value|
+        if value =~ /^\{(\w+)\}(.+)$/
+            type = symbolize($1)
+            sum = $2
+            cache(type, sum)
+            return type
+        else
+            if FileTest.directory?(@resource[:path])
+                return :time
+            else
+                return symbolize(value)
+            end
+        end
+    end
+
+    # Store the checksum in the data cache, or retrieve it if only the
+    # sum type is provided.
+    def cache(type, sum = nil)
+        unless type
+            raise ArgumentError, "A type must be specified to cache a checksum"
+        end
+        type = symbolize(type)
+        unless state = @resource.cached(:checksums) 
+            self.debug "Initializing checksum hash"
+            state = {}
+            @resource.cache(:checksums, state)
+        end
+
+        if sum
+            unless sum =~ /\{\w+\}/
+                sum = "{%s}%s" % [type, sum]
+            end
+            state[type] = sum
+        else
+            return state[type]
+        end
+    end
+
+    # Because source and content and whomever else need to set the checksum
+    # and do the updating, we provide a simple mechanism for doing so.
+    def checksum=(value)
+        munge(@should)
+        self.updatesum(value)
+    end
+
+    def checktype
+        self.should || :md5
+    end
+
+    # Checksums need to invert how changes are printed.
+    def change_to_s(currentvalue, newvalue)
+        begin
+            if currentvalue == :absent
+                return "defined '%s' as '%s'" %
+                    [self.name, self.currentsum]
+            elsif newvalue == :absent
+                return "undefined %s from '%s'" %
+                    [self.name, self.is_to_s(currentvalue)]
+            else
+                if defined? @cached and @cached
+                    return "%s changed '%s' to '%s'" %
+                        [self.name, @cached, self.is_to_s(currentvalue)]
+                else
+                    return "%s changed '%s' to '%s'" %
+                        [self.name, self.currentsum, self.is_to_s(currentvalue)]
+                end
+            end
+        rescue Puppet::Error, Puppet::DevError
+            raise
+        rescue => detail
+            raise Puppet::DevError, "Could not convert change %s to string: %s" %
+                [self.name, detail]
+        end
+    end
+
+    def currentsum
+        cache(checktype())
+    end
+
+    # Retrieve the cached sum
+    def getcachedsum
+        hash = nil
+        unless hash = @resource.cached(:checksums) 
+            hash = {}
+            @resource.cache(:checksums, hash)
+        end
+
+        sumtype = self.should
+
+        if hash.include?(sumtype)
+            #self.notice "Found checksum %s for %s" %
+            #    [hash[sumtype] ,@resource[:path]]
+            sum = hash[sumtype]
+
+            unless sum =~ /^\{\w+\}/
+                sum = "{%s}%s" % [sumtype, sum]
+            end
+            return sum
+        elsif hash.empty?
+            #self.notice "Could not find sum of type %s" % sumtype
+            return :nosum
+        else
+            #self.notice "Found checksum for %s but not of type %s" %
+            #    [@resource[:path],sumtype]
+            return :nosum
+        end
+    end
+
+    # Calculate the sum from disk.
+    def getsum(checktype, file = nil)
+        sum = ""
+
+        checktype = :mtime if checktype == :timestamp
+        checktype = :ctime if checktype == :time
+
+        file ||= @resource[:path]
+
+        return nil unless FileTest.exist?(file)
+
+        if ! FileTest.file?(file)
+            checktype = :mtime
+        end
+        method = checktype.to_s + "_file"
+
+        self.fail("Invalid checksum type %s" % checktype) unless respond_to?(method)
+
+        return "{%s}%s" % [checktype, send(method, file)]
+    end
+
+    # At this point, we don't actually modify the system, we modify
+    # the stored state to reflect the current state, and then kick
+    # off an event to mark any changes.
+    def handlesum
+        currentvalue = self.retrieve
+        if currentvalue.nil?
+            raise Puppet::Error, "Checksum state for %s is somehow nil" %
+                @resource.title
+        end
+
+        if self.insync?(currentvalue)
+            self.debug "Checksum is already in sync"
+            return nil
+        end
+        # If we still can't retrieve a checksum, it means that
+        # the file still doesn't exist
+        if currentvalue == :absent
+            # if they're copying, then we won't worry about the file
+            # not existing yet
+            unless @resource.property(:source)
+                self.warning("File %s does not exist -- cannot checksum" % @resource[:path])
+            end
+            return nil
+        end
+        
+        # If the sums are different, then return an event.
+        if self.updatesum(currentvalue)
+            return :file_changed
+        else
+            return nil
+        end
+    end
+
+    def insync?(currentvalue)
+        @should = [checktype()]
+        if cache(checktype())
+            return currentvalue == currentsum()
+        else
+            # If there's no cached sum, then we don't want to generate
+            # an event.
+            return true
+        end
+    end
+    
+    # Even though they can specify multiple checksums, the insync?
+    # mechanism can really only test against one, so we'll just retrieve
+    # the first specified sum type.
+    def retrieve(usecache = false)
+        # When the 'source' is retrieving, it passes "true" here so
+        # that we aren't reading the file twice in quick succession, yo.
+        currentvalue = currentsum()
+        return currentvalue if usecache and currentvalue
+
+        stat = nil
+        return :absent unless stat = @resource.stat
+
+        if stat.ftype == "link" and @resource[:links] != :follow
+            self.debug "Not checksumming symlink"
+            # @resource.delete(:checksum)
+            return currentvalue
+        end
+
+        # Just use the first allowed check type
+        currentvalue = getsum(checktype())
+
+        # If there is no sum defined, then store the current value
+        # into the cache, so that we're not marked as being
+        # out of sync.  We don't want to generate an event the first
+        # time we get a sum.
+        self.updatesum(currentvalue) unless cache(checktype())
+        
+        # @resource.debug "checksum state is %s" % self.is
+        return currentvalue
+    end
+
+    # Store the new sum to the state db.
+    def updatesum(newvalue)
+        result = false
+
+        # if we're replacing, vs. updating
+        if sum = cache(checktype())
+            return false if newvalue == sum
+
+            self.debug "Replacing %s checksum %s with %s" % [@resource.title, sum, newvalue]
+            result = true
+        else
+            @resource.debug "Creating checksum %s" % newvalue
+            result = false
+        end
+
+        # Cache the sum so the log message can be right if possible.
+        @cached = sum
+        cache(checktype(), newvalue)
+        return result
+    end
+end