puppet 0.24.4 → 0.24.5

data/lib/puppet/indirector/file.rb

@@ -2,26 +2,28 @@ require 'puppet/indirector/terminus'
 
 # An empty terminus type, meant to just return empty objects.
 class Puppet::Indirector::File < Puppet::Indirector::Terminus
-    def destroy(file)
+    # Remove files on disk.
+    def destroy(request)
         if respond_to?(:path)
-            path = path(file.name)
+            path = path(request.key)
         else
-            path = file.path
+            path = request.key
         end
-        raise Puppet::Error.new("File %s does not exist; cannot destroy" % [file]) unless File.exist?(path)
+        raise Puppet::Error.new("File %s does not exist; cannot destroy" % [request.key]) unless File.exist?(path)
 
         begin
             File.unlink(path)
         rescue => detail
-            raise Puppet::Error, "Could not remove %s: %s" % [file, detail]
+            raise Puppet::Error, "Could not remove %s: %s" % [request.key, detail]
         end
     end
 
-    def find(name)
+    # Return a model instance for a given file on disk.
+    def find(request)
         if respond_to?(:path)
-            path = path(name)
+            path = path(request.key)
         else
-            path = name
+            path = request.key
         end
 
         return nil unless File.exist?(path)
@@ -35,20 +37,21 @@ class Puppet::Indirector::File < Puppet::Indirector::Terminus
         return model.new(content)
     end
 
-    def save(file)
+    # Save a new file to disk.
+    def save(request)
         if respond_to?(:path)
-            path = path(file.name)
+            path = path(request.key)
         else
-            path = file.path
+            path = request.key
         end
         dir = File.dirname(path)
 
-        raise Puppet::Error.new("Cannot save %s; parent directory %s does not exist" % [file, dir]) unless File.directory?(dir)
+        raise Puppet::Error.new("Cannot save %s; parent directory %s does not exist" % [request.key, dir]) unless File.directory?(dir)
 
         begin
-            File.open(path, "w") { |f| f.print file.content }
+            File.open(path, "w") { |f| f.print request.instance.content }
         rescue => detail
-            raise Puppet::Error, "Could not write %s: %s" % [file, detail]
+            raise Puppet::Error, "Could not write %s: %s" % [request.key, detail]
         end
     end
 end

data/lib/puppet/indirector/file_metadata/file.rb

@@ -9,14 +9,14 @@ require 'puppet/indirector/direct_file_server'
 class Puppet::Indirector::FileMetadata::File < Puppet::Indirector::DirectFileServer
     desc "Retrieve file metadata directly from the local filesystem."
 
-    def find(key, options = {})
+    def find(request)
         return unless data = super
         data.collect_attributes
 
         return data
     end
 
-    def search(key, options = {})
+    def search(request)
         return unless result = super
 
         result.each { |instance| instance.collect_attributes }

data/lib/puppet/indirector/file_server.rb

@@ -14,28 +14,28 @@ class Puppet::Indirector::FileServer < Puppet::Indirector::Terminus
     include Puppet::FileServing::TerminusHelper
 
     # Is the client authorized to perform this action?
-    def authorized?(method, key, options = {})
-        return false unless [:find, :search].include?(method)
+    def authorized?(request)
+        return false unless [:find, :search].include?(request.method)
 
-        uri = key2uri(key)
+        uri = key2uri(request.key)
 
-        configuration.authorized?(uri.path, :node => options[:node], :ipaddress => options[:ipaddress])
+        configuration.authorized?(uri.path, :node => request.node, :ipaddress => request.ip)
     end
 
     # Find our key using the fileserver.
-    def find(key, options = {})
-        return nil unless path = find_path(key, options)
-        result =  model.new(key, :path => path)
-        result.links = options[:links] if options[:links]
+    def find(request)
+        return nil unless path = find_path(request)
+        result =  model.new(request.key, :path => path)
+        result.links = request.options[:links] if request.options[:links]
         return result
     end
 
     # Search for files.  This returns an array rather than a single
     # file.
-    def search(key, options = {})
-        return nil unless path = find_path(key, options)
+    def search(request)
+        return nil unless path = find_path(request)
 
-        path2instances(key, path, options)
+        path2instances(request, path)
     end
 
     private
@@ -46,10 +46,10 @@ class Puppet::Indirector::FileServer < Puppet::Indirector::Terminus
     end
 
     # Find our path; used by :find and :search.
-    def find_path(key, options)
-        uri = key2uri(key)
+    def find_path(request)
+        uri = key2uri(request.key)
 
-        return nil unless path = configuration.file_path(uri.path, :node => options[:node])
+        return nil unless path = configuration.file_path(uri.path, :node => request.node)
 
         return path
     end

data/lib/puppet/indirector/indirection.rb

@@ -1,4 +1,6 @@
 require 'puppet/util/docs'
+require 'puppet/indirector/envelope'
+require 'puppet/indirector/request'
 
 # The class that connects functional classes with their different collection
 # back-ends.  Each indirection has a set of associated terminus classes,
@@ -28,8 +30,7 @@ class Puppet::Indirector::Indirection
     # Find an indirected model by name.  This is provided so that Terminus classes
     # can specifically hook up with the indirections they are associated with.
     def self.model(name)
-        match = @@indirections.find { |i| i.name == name }
-        return nil unless match
+        return nil unless match = @@indirections.find { |i| i.name == name }
         match.model
     end
     
@@ -65,6 +66,25 @@ class Puppet::Indirector::Indirection
         @@indirections.delete(self) if @@indirections.include?(self)
     end
 
+    # Set the time-to-live for instances created through this indirection.
+    def ttl=(value)
+        raise ArgumentError, "Indirection TTL must be an integer" unless value.is_a?(Fixnum)
+        @ttl = value
+    end
+
+    # Default to the runinterval for the ttl.
+    def ttl
+        unless defined?(@ttl)
+            @ttl = Puppet[:runinterval].to_i
+        end
+        @ttl
+    end
+
+    # Calculate the expiration date for a returned instance.
+    def expiration
+        Time.now + ttl
+    end
+
     # Generate the full doc string.
     def doc
         text = ""
@@ -106,6 +126,11 @@ class Puppet::Indirector::Indirection
         end
     end
 
+    # Set up our request object.
+    def request(method, key, arguments = nil)
+        Puppet::Indirector::Request.new(self.name, method, key, arguments)
+    end
+
     # Return the singleton terminus for this indirection.
     def terminus(terminus_name = nil)
         # Get the name of the terminus.
@@ -147,83 +172,123 @@ class Puppet::Indirector::Indirection
         end
     end
 
-    def find(key, *args)
-        # Select the appropriate terminus if there's a hook
-        # for doing so.  This allows the caller to pass in some kind
-        # of URI that the indirection can use for routing to the appropriate
-        # terminus.
-        if respond_to?(:select_terminus)
-            terminus_name = select_terminus(key, *args)
-        else
-            terminus_name = terminus_class
-        end
+    # Expire a cached object, if one is cached.  Note that we don't actually
+    # remove it, we expire it and write it back out to disk.  This way people
+    # can still use the expired object if they want.
+    def expire(key, *args)
+        request = request(:expire, key, *args)
+
+        return nil unless cache?
+
+        return nil unless instance = cache.find(request(:find, key, *args))
 
-        check_authorization(:find, terminus_name, ([key] + args))
+        Puppet.info "Expiring the %s cache of %s" % [self.name, instance.name]
+
+        # Set an expiration date in the past
+        instance.expiration = Time.now - 60
+
+        cache.save(request(:save, instance, *args))
+    end
+
+    # Search for an instance in the appropriate terminus, caching the
+    # results if caching is configured..
+    def find(key, *args)
+        request = request(:find, key, *args)
+        terminus = prepare(request)
 
         # See if our instance is in the cache and up to date.
-        if cache? and cache.has_most_recent?(key, terminus(terminus_name).version(key))
-            Puppet.debug "Using cached %s %s" % [self.name, key]
-            return cache.find(key, *args)
+        if cache? and cached = cache.find(request)
+            if cached.expired?
+                Puppet.info "Not using expired %s for %s from cache; expired at %s" % [self.name, request.key, cached.expiration]
+            else
+                Puppet.debug "Using cached %s for %s" % [self.name, request.key]
+                return cached
+            end
         end
 
         # Otherwise, return the result from the terminus, caching if appropriate.
-        if result = terminus(terminus_name).find(key, *args)
-            result.version ||= Time.now.utc
+        if result = terminus.find(request)
+            result.expiration ||= self.expiration
             if cache?
-                Puppet.info "Caching %s %s" % [self.name, key]
-                cache.save(result, *args)
+                Puppet.info "Caching %s for %s" % [self.name, request.key]
+                cache.save request(:save, result, *args)
             end
 
-            terminus(terminus_name).post_find(result) if terminus(terminus_name).respond_to?(:post_find)
-
             return result
         end
-    end
-
-    def destroy(*args)
-        check_authorization(:destroy, terminus_class, args)
 
-        terminus.destroy(*args)
+        return nil
     end
 
-    def search(*args)
-        check_authorization(:search, terminus_class, args)
+    # Remove something via the terminus.
+    def destroy(key, *args)
+        request = request(:destroy, key, *args)
+        terminus = prepare(request)
 
-        result = terminus.search(*args)
+        result = terminus.destroy(request)
 
-        terminus().post_search(result) if terminus().respond_to?(:post_search)
+        if cache? and cached = cache.find(request(:find, key, *args))
+            # Reuse the existing request, since it's equivalent.
+            cache.destroy(request)
+        end
 
         result
     end
 
-    # these become instance methods 
-    def save(instance, *args)
-        check_authorization(:save, terminus_class, ([instance] + args))
+    # Search for more than one instance.  Should always return an array.
+    def search(key, *args)
+        request = request(:search, key, *args)
+        terminus = prepare(request)
 
-        instance.version ||= Time.now.utc
-        dest = cache? ? cache : terminus
-        return if dest.has_most_recent?(instance.name, instance.version)
-        Puppet.info "Caching %s %s" % [self.name, instance.name] if cache?
-        cache.save(instance, *args) if cache?
-        terminus.save(instance, *args)
+        if result = terminus.search(request)
+            raise Puppet::DevError, "Search results from terminus %s are not an array" % terminus.name unless result.is_a?(Array)
+            result.each do |instance|
+                instance.expiration ||= self.expiration
+            end
+            return result
+        end
     end
 
-    def version(*args)
-        terminus.version(*args)
+    # Save the instance in the appropriate terminus.  This method is
+    # normally an instance method on the indirected class.
+    def save(instance, *args)
+        request = request(:save, instance, *args)
+        terminus = prepare(request)
+
+        # If caching is enabled, save our document there
+        cache.save(request) if cache?
+        terminus.save(request)
     end
 
     private
 
     # Check authorization if there's a hook available; fail if there is one
     # and it returns false.
-    def check_authorization(method, terminus_name, arguments)
-        # Don't check authorization if there's no node.
-        # LAK:FIXME This is a hack and is quite possibly not the design we want.
-        return unless arguments[-1].is_a?(Hash) and arguments[-1][:node]
+    def check_authorization(request, terminus)
+        # At this point, we're assuming authorization makes no sense without
+        # client information.
+        return unless request.node
+
+        # This is only to authorize via a terminus-specific authorization hook.
+        return unless terminus.respond_to?(:authorized?)
+
+        unless terminus.authorized?(request)
+            raise ArgumentError, "Not authorized to call %s on %s with %s" % [request.method, request.key, request.options.inspect]
+        end
+    end
 
-        if terminus(terminus_name).respond_to?(:authorized?) and ! terminus(terminus_name).authorized?(method, *arguments)
-            raise ArgumentError, "Not authorized to call %s with %s" % [method, arguments[0]]
+    # Setup a request, pick the appropriate terminus, check the request's authorization, and return it.
+    def prepare(request)
+        # Pick our terminus.
+        if respond_to?(:select_terminus)
+            terminus_name = select_terminus(request)
+        else
+            terminus_name = terminus_class
         end
+
+        check_authorization(request, terminus(terminus_name))
+
+        return terminus(terminus_name)
     end
 
     # Create a new terminus instance.

data/lib/puppet/indirector/ldap.rb

@@ -1,19 +1,15 @@
 require 'puppet/indirector/terminus'
+require 'puppet/util/ldap/connection'
 
 class Puppet::Indirector::Ldap < Puppet::Indirector::Terminus
     # Perform our ldap search and process the result.
-    def find(name)
-        # We have to use 'yield' here because the LDAP::Entry objects
-        # get destroyed outside the scope of the search, strangely.
-        ldapsearch(name) { |entry| return process(name, entry) }
-
-        # Return nil if we haven't found something.
-        return nil
+    def find(request)
+        return ldapsearch(search_filter(request.key)) { |entry| return process(entry) } || nil
     end
 
     # Process the found entry.  We assume that we don't just want the
     # ldap object.
-    def process(name, entry)
+    def process(entry)
         raise Puppet::DevError, "The 'process' method has not been overridden for the LDAP terminus for %s" % self.name
     end
 
@@ -33,14 +29,14 @@ class Puppet::Indirector::Ldap < Puppet::Indirector::Terminus
 
     # Find the ldap node, return the class list and parent node specially,
     # and everything else in a parameter hash.
-    def ldapsearch(node)
+    def ldapsearch(filter)
         raise ArgumentError.new("You must pass a block to ldapsearch") unless block_given?
 
         found = false
         count = 0
 
         begin
-            connection.search(search_base, 2, search_filter(node), search_attributes) do |entry|
+            connection.search(search_base, 2, filter, search_attributes) do |entry|
                 found = true
                 yield entry
             end
@@ -52,15 +48,15 @@ class Puppet::Indirector::Ldap < Puppet::Indirector::Terminus
                 Puppet.warning "Retrying LDAP connection"
                 retry
             else
-                raise Puppet::Error, "LDAP Search failed: %s" % detail
+                error = Puppet::Error.new("LDAP Search failed")
+                error.set_backtrace(detail.backtrace)
+                raise error
             end
         end
 
         return found
     end
 
-    private
-
     # Create an ldap connection.
     def connection
         unless defined? @connection and @connection
@@ -68,19 +64,11 @@ class Puppet::Indirector::Ldap < Puppet::Indirector::Terminus
                 raise Puppet::Error, "Could not set up LDAP Connection: Missing ruby/ldap libraries"
             end
             begin
-                if Puppet[:ldapssl]
-                    @connection = LDAP::SSLConn.new(Puppet[:ldapserver], Puppet[:ldapport])
-                elsif Puppet[:ldaptls]
-                    @connection = LDAP::SSLConn.new(
-                        Puppet[:ldapserver], Puppet[:ldapport], true
-                    )
-                else
-                    @connection = LDAP::Conn.new(Puppet[:ldapserver], Puppet[:ldapport])
-                end
-                @connection.set_option(LDAP::LDAP_OPT_PROTOCOL_VERSION, 3)
-                @connection.set_option(LDAP::LDAP_OPT_REFERRALS, LDAP::LDAP_OPT_ON)
-                @connection.simple_bind(Puppet[:ldapuser], Puppet[:ldappassword])
+                conn = Puppet::Util::Ldap::Connection.instance
+                conn.start
+                @connection = conn.connection
             rescue => detail
+                puts detail.backtrace if Puppet[:trace]
                 raise Puppet::Error, "Could not connect to LDAP: %s" % detail
             end
         end

data/lib/puppet/indirector/memory.rb

@@ -6,16 +6,16 @@ class Puppet::Indirector::Memory < Puppet::Indirector::Terminus
         @instances = {}
     end
 
-    def destroy(instance)
-        raise ArgumentError.new("Could not find %s to destroy" % instance) unless @instances.include?(instance.name)
-        @instances.delete(instance.name)
+    def destroy(request)
+        raise ArgumentError.new("Could not find %s to destroy" % request.key) unless @instances.include?(request.key)
+        @instances.delete(request.key)
     end
 
-    def find(name)
-        @instances[name]
+    def find(request)
+        @instances[request.key]
     end
 
-    def save(instance)
-        @instances[instance.name] = instance
+    def save(request)
+        @instances[request.key] = request.instance
     end
 end