RubyGems - puppet - Versions diffs - 0.24.9 → 0.25.0 - Mend

puppet 0.24.9 → 0.25.0

Potentially problematic release.

This version of puppet might be problematic. Click here for more details.

Files changed (910) hide show

data/CHANGELOG +18680 -1241
data/CHANGELOG.old +1705 -0
data/LICENSE +2 -2
data/README +1 -1
data/README.queueing +126 -0
data/README.rst +4 -4
data/Rakefile +62 -216
data/bin/filebucket +6 -117
data/bin/pi +50 -0
data/bin/puppet +7 -188
data/bin/puppetdoc +7 -198
data/bin/ralsh +4 -191
data/conf/auth.conf +94 -0
data/conf/gentoo/init.d/puppetmaster +30 -30
data/conf/osx/PackageInfo.plist +30 -30
data/conf/osx/createpackage.sh +23 -18
data/conf/osx/preflight +8 -0
data/conf/puppet-queue.conf +10 -0
data/conf/redhat/client.init +52 -41
data/conf/redhat/logrotate +1 -0
data/conf/redhat/puppet.spec +74 -36
data/conf/redhat/rundir-perms.patch +28 -0
data/conf/redhat/server.init +48 -43
data/conf/redhat/server.sysconfig +4 -4
data/conf/solaris/smf/puppetd.xml +53 -53
data/conf/solaris/smf/puppetmasterd.xml +53 -53
data/conf/solaris/smf/svc-puppetd +4 -4
data/conf/solaris/smf/svc-puppetmasterd +3 -3
data/conf/suse/client.init +4 -4
data/conf/suse/puppet.spec +14 -14
data/conf/suse/server.init +17 -17
data/examples/etc/init.d/sleeper +8 -8
data/examples/mac_dscl.pp +2 -2
data/examples/mac_dscl_revert.pp +1 -1
data/examples/mcx_dock_default.pp +108 -108
data/examples/mcx_dock_full.pp +108 -108
data/examples/mcx_nogroup.pp +108 -108
data/examples/modules/sample-module/lib/puppet/parser/functions/hostname_to_dn.rb +5 -5
data/examples/modules/sample-module/manifests/init.pp +2 -2
data/examples/relationships +1 -1
data/ext/autotest/config +6 -6
data/ext/bin/sleeper +12 -12
data/ext/dbfix.sql +21 -21
data/ext/emacs/puppet-mode.el +42 -41
data/ext/extlookup.rb +183 -0
data/ext/ldap/puppet.schema +2 -1
data/ext/logcheck/puppet +1 -1
data/ext/module_puppet +7 -7
data/ext/nagios/check_puppet.rb +83 -83
data/ext/nagios/naggen +302 -0
data/ext/puppet-test +61 -18
data/ext/puppetlisten/puppetlisten.rb +76 -0
data/ext/puppetlisten/puppetrun.rb +39 -0
data/ext/puppetstoredconfigclean.rb +29 -29
data/ext/rack/README +73 -0
data/ext/rack/files/apache2.conf +38 -0
data/ext/rack/files/config.ru +18 -0
data/ext/rack/manifest.pp +59 -0
data/ext/vim/syntax/puppet.vim +54 -35
data/install.rb +37 -26
data/lib/puppet.rb +15 -227
data/lib/puppet/agent.rb +134 -0
data/lib/puppet/agent/locker.rb +42 -0
data/lib/puppet/agent/runner.rb +65 -0
data/lib/puppet/application.rb +313 -0
data/lib/puppet/application/filebucket.rb +87 -0
data/lib/puppet/application/pi.rb +214 -0
data/lib/puppet/application/puppet.rb +177 -0
data/lib/puppet/application/puppetca.rb +71 -0
data/lib/puppet/application/puppetd.rb +256 -0
data/lib/puppet/application/puppetdoc.rb +222 -0
data/lib/puppet/application/puppetmasterd.rb +168 -0
data/lib/puppet/application/puppetqd.rb +96 -0
data/lib/puppet/application/puppetrun.rb +219 -0
data/lib/puppet/application/ralsh.rb +168 -0
data/lib/puppet/configurer.rb +177 -0
data/lib/puppet/configurer/downloader.rb +79 -0
data/lib/puppet/configurer/fact_handler.rb +68 -0
data/lib/puppet/configurer/plugin_handler.rb +26 -0
data/lib/puppet/daemon.rb +78 -28
data/lib/puppet/defaults.rb +239 -166
data/lib/puppet/dsl.rb +7 -7
data/lib/puppet/external/dot.rb +271 -271
data/lib/puppet/external/event-loop/better-definers.rb +298 -298
data/lib/puppet/external/event-loop/event-loop.rb +274 -274
data/lib/puppet/external/event-loop/signal-system.rb +163 -163
data/lib/puppet/external/lock.rb +1 -1
data/lib/puppet/external/nagios.rb +20 -20
data/lib/puppet/external/nagios/base.rb +3 -3
data/lib/puppet/external/nagios/grammar.ry +185 -0
data/lib/puppet/external/nagios/makefile +9 -0
data/lib/puppet/external/nagios/parser.rb +1 -1
data/lib/puppet/feature/json.rb +2 -0
data/lib/puppet/feature/rack.rb +24 -0
data/lib/puppet/feature/rails.rb +23 -33
data/lib/puppet/feature/rubygems.rb +6 -0
data/lib/puppet/feature/stomp.rb +6 -0
data/lib/puppet/file_serving/{file_base.rb → base.rb} +10 -9
data/lib/puppet/file_serving/configuration.rb +61 -61
data/lib/puppet/file_serving/configuration/parser.rb +24 -29
data/lib/puppet/file_serving/content.rb +26 -11
data/lib/puppet/file_serving/fileset.rb +54 -19
data/lib/puppet/file_serving/indirection_hooks.rb +12 -24
data/lib/puppet/file_serving/metadata.rb +8 -8
data/lib/puppet/file_serving/mount.rb +9 -151
data/lib/puppet/file_serving/mount/file.rb +126 -0
data/lib/puppet/file_serving/mount/modules.rb +25 -0
data/lib/puppet/file_serving/mount/plugins.rb +27 -0
data/lib/puppet/file_serving/terminus_helper.rb +9 -4
data/lib/puppet/indirector.rb +6 -4
data/lib/puppet/indirector/active_record.rb +28 -0
data/lib/puppet/indirector/catalog/active_record.rb +36 -0
data/lib/puppet/indirector/catalog/compiler.rb +50 -24
data/lib/puppet/indirector/catalog/queue.rb +5 -0
data/lib/puppet/indirector/catalog/rest.rb +6 -0
data/lib/puppet/indirector/catalog/yaml.rb +2 -4
data/lib/puppet/indirector/certificate/ca.rb +9 -0
data/lib/puppet/indirector/certificate/file.rb +9 -0
data/lib/puppet/indirector/certificate/rest.rb +9 -0
data/lib/puppet/indirector/certificate_request/ca.rb +14 -0
data/lib/puppet/indirector/certificate_request/file.rb +8 -0
data/lib/puppet/indirector/certificate_request/rest.rb +9 -0
data/lib/puppet/indirector/certificate_revocation_list/ca.rb +8 -0
data/lib/puppet/indirector/certificate_revocation_list/file.rb +8 -0
data/lib/puppet/indirector/certificate_revocation_list/rest.rb +9 -0
data/lib/puppet/indirector/direct_file_server.rb +4 -8
data/lib/puppet/indirector/exec.rb +2 -6
data/lib/puppet/indirector/facts/active_record.rb +36 -0
data/lib/puppet/indirector/facts/facter.rb +30 -22
data/lib/puppet/indirector/facts/rest.rb +6 -0
data/lib/puppet/indirector/file.rb +1 -0
data/lib/puppet/indirector/file_content/rest.rb +0 -1
data/lib/puppet/indirector/file_metadata/file.rb +2 -2
data/lib/puppet/indirector/file_metadata/rest.rb +0 -1
data/lib/puppet/indirector/file_server.rb +31 -18
data/lib/puppet/indirector/indirection.rb +46 -33
data/lib/puppet/indirector/key/ca.rb +12 -0
data/lib/puppet/indirector/key/file.rb +42 -0
data/lib/puppet/indirector/node/active_record.rb +13 -0
data/lib/puppet/indirector/node/ldap.rb +1 -1
data/lib/puppet/indirector/queue.rb +83 -0
data/lib/puppet/indirector/report/processor.rb +1 -1
data/lib/puppet/indirector/report/rest.rb +7 -0
data/lib/puppet/indirector/request.rb +158 -15
data/lib/puppet/indirector/rest.rb +74 -36
data/lib/puppet/indirector/runner/rest.rb +7 -0
data/lib/puppet/indirector/ssl_file.rb +174 -0
data/lib/puppet/indirector/terminus.rb +4 -4
data/lib/puppet/indirector/yaml.rb +1 -1
data/lib/puppet/metatype/manager.rb +3 -3
data/lib/puppet/module.rb +99 -124
data/lib/puppet/network/authconfig.rb +57 -42
data/lib/puppet/network/authstore.rb +58 -10
data/lib/puppet/network/client.rb +0 -2
data/lib/puppet/network/client/ca.rb +1 -1
data/lib/puppet/network/client/dipper.rb +7 -2
data/lib/puppet/network/format.rb +123 -0
data/lib/puppet/network/format_handler.rb +156 -0
data/lib/puppet/network/formats.rb +123 -0
data/lib/puppet/network/handler/filebucket.rb +1 -1
data/lib/puppet/network/handler/fileserver.rb +43 -35
data/lib/puppet/network/handler/master.rb +4 -4
data/lib/puppet/network/handler/report.rb +1 -1
data/lib/puppet/network/handler/resource.rb +16 -20
data/lib/puppet/network/handler/runner.rb +9 -42
data/lib/puppet/network/http.rb +4 -4
data/lib/puppet/network/http/api.rb +4 -0
data/lib/puppet/network/http/api/v1.rb +65 -0
data/lib/puppet/network/http/handler.rb +163 -56
data/lib/puppet/network/http/mongrel.rb +19 -15
data/lib/puppet/network/http/mongrel/rest.rb +35 -17
data/lib/puppet/network/http/rack.rb +62 -0
data/lib/puppet/network/http/rack/httphandler.rb +34 -0
data/lib/puppet/network/http/rack/rest.rb +79 -0
data/lib/puppet/network/http/rack/xmlrpc.rb +65 -0
data/lib/puppet/network/http/webrick.rb +89 -16
data/lib/puppet/network/http/webrick/rest.rb +24 -11
data/lib/puppet/network/http_pool.rb +28 -29
data/lib/puppet/network/http_server/mongrel.rb +8 -10
data/lib/puppet/network/http_server/webrick.rb +1 -3
data/lib/puppet/network/rest_authconfig.rb +89 -0
data/lib/puppet/network/rest_authorization.rb +25 -0
data/lib/puppet/network/rights.rb +230 -27
data/lib/puppet/network/server.rb +133 -31
data/lib/puppet/network/xmlrpc/client.rb +5 -5
data/lib/puppet/network/xmlrpc/webrick_servlet.rb +6 -6
data/lib/puppet/node.rb +28 -21
data/lib/puppet/node/environment.rb +48 -0
data/lib/puppet/node/facts.rb +21 -0
data/lib/puppet/parameter.rb +291 -219
data/lib/puppet/parser/ast.rb +1 -0
data/lib/puppet/parser/ast/astarray.rb +5 -1
data/lib/puppet/parser/ast/boolean_operator.rb +3 -3
data/lib/puppet/parser/ast/caseopt.rb +10 -0
data/lib/puppet/parser/ast/casestatement.rb +12 -27
data/lib/puppet/parser/ast/collection.rb +31 -0
data/lib/puppet/parser/ast/collexpr.rb +18 -11
data/lib/puppet/parser/ast/comparison_operator.rb +1 -1
data/lib/puppet/parser/ast/definition.rb +6 -2
data/lib/puppet/parser/ast/function.rb +7 -2
data/lib/puppet/parser/ast/ifstatement.rb +11 -6
data/lib/puppet/parser/ast/leaf.rb +106 -3
data/lib/puppet/parser/ast/match_operator.rb +31 -0
data/lib/puppet/parser/ast/node.rb +10 -6
data/lib/puppet/parser/ast/resource_defaults.rb +2 -2
data/lib/puppet/parser/ast/resource_override.rb +1 -1
data/lib/puppet/parser/ast/resource_reference.rb +11 -3
data/lib/puppet/parser/ast/selector.rb +14 -32
data/lib/puppet/parser/ast/vardef.rb +1 -1
data/lib/puppet/parser/collector.rb +67 -15
data/lib/puppet/parser/compiler.rb +21 -53
data/lib/puppet/parser/files.rb +92 -0
data/lib/puppet/parser/functions.rb +3 -3
data/lib/puppet/parser/functions/defined.rb +3 -3
data/lib/puppet/parser/functions/fqdn_rand.rb +3 -3
data/lib/puppet/parser/functions/inline_template.rb +4 -4
data/lib/puppet/parser/functions/regsubst.rb +37 -35
data/lib/puppet/parser/functions/require.rb +34 -0
data/lib/puppet/parser/functions/shellquote.rb +41 -0
data/lib/puppet/parser/functions/split.rb +29 -0
data/lib/puppet/parser/functions/sprintf.rb +6 -6
data/lib/puppet/parser/functions/template.rb +4 -4
data/lib/puppet/parser/functions/versioncmp.rb +22 -1
data/lib/puppet/parser/grammar.ra +812 -0
data/lib/puppet/parser/interpreter.rb +4 -4
data/lib/puppet/parser/lexer.rb +44 -15
data/lib/puppet/parser/loaded_code.rb +115 -0
data/lib/puppet/parser/makefile +8 -0
data/lib/puppet/parser/parser.rb +1080 -928
data/lib/puppet/parser/parser_support.rb +118 -96
data/lib/puppet/parser/resource.rb +56 -126
data/lib/puppet/parser/resource/param.rb +2 -76
data/lib/puppet/parser/resource/reference.rb +15 -8
data/lib/puppet/parser/scope.rb +68 -35
data/lib/puppet/parser/templatewrapper.rb +8 -8
data/lib/puppet/parser/yaml_trimmer.rb +11 -0
data/lib/puppet/property.rb +69 -124
data/lib/puppet/property/list.rb +3 -3
data/lib/puppet/provider.rb +5 -5
data/lib/puppet/provider/augeas/augeas.rb +119 -118
data/lib/puppet/provider/computer/computer.rb +3 -3
data/lib/puppet/provider/confine/variable.rb +1 -1
data/lib/puppet/provider/cron/crontab.rb +8 -7
data/lib/puppet/provider/group/directoryservice.rb +2 -2
data/lib/puppet/provider/group/groupadd.rb +1 -1
data/lib/puppet/provider/group/ldap.rb +3 -3
data/lib/puppet/provider/group/pw.rb +1 -1
data/lib/puppet/provider/host/parsed.rb +3 -3
data/lib/puppet/provider/ldap.rb +1 -3
data/lib/puppet/provider/macauthorization/macauthorization.rb +62 -55
data/lib/puppet/provider/mailalias/aliases.rb +9 -1
data/lib/puppet/provider/maillist/mailman.rb +8 -4
data/lib/puppet/provider/mcx/mcxcontent.rb +11 -11
data/lib/puppet/provider/mount/parsed.rb +2 -2
data/lib/puppet/provider/nameservice.rb +6 -6
data/lib/puppet/provider/nameservice/directoryservice.rb +83 -87
data/lib/puppet/provider/package/appdmg.rb +10 -9
data/lib/puppet/provider/package/apple.rb +1 -3
data/lib/puppet/provider/package/apt.rb +5 -5
data/lib/puppet/provider/package/aptitude.rb +1 -1
data/lib/puppet/provider/package/aptrpm.rb +1 -1
data/lib/puppet/provider/package/darwinport.rb +1 -1
data/lib/puppet/provider/package/dpkg.rb +2 -2
data/lib/puppet/provider/package/fink.rb +6 -6
data/lib/puppet/provider/package/freebsd.rb +1 -1
data/lib/puppet/provider/package/gem.rb +2 -2
data/lib/puppet/provider/package/hpux.rb +5 -5
data/lib/puppet/provider/package/pkgdmg.rb +30 -22
data/lib/puppet/provider/package/portage.rb +1 -1
data/lib/puppet/provider/package/ports.rb +1 -1
data/lib/puppet/provider/package/rpm.rb +5 -5
data/lib/puppet/provider/package/rug.rb +1 -1
data/lib/puppet/provider/package/sun.rb +7 -7
data/lib/puppet/provider/package/up2date.rb +1 -1
data/lib/puppet/provider/package/yum.rb +2 -2
data/lib/puppet/provider/package/yumhelper.py +2 -2
data/lib/puppet/provider/port/parsed.rb +1 -1
data/lib/puppet/provider/selmodule/semodule.rb +3 -3
data/lib/puppet/provider/service/base.rb +21 -12
data/lib/puppet/provider/service/daemontools.rb +86 -49
data/lib/puppet/provider/service/debian.rb +20 -12
data/lib/puppet/provider/service/freebsd.rb +5 -5
data/lib/puppet/provider/service/gentoo.rb +2 -2
data/lib/puppet/provider/service/init.rb +21 -33
data/lib/puppet/provider/service/launchd.rb +120 -48
data/lib/puppet/provider/service/redhat.rb +12 -21
data/lib/puppet/provider/service/runit.rb +19 -9
data/lib/puppet/provider/service/smf.rb +49 -34
data/lib/puppet/provider/ssh_authorized_key/parsed.rb +34 -0
data/lib/puppet/provider/sshkey/parsed.rb +2 -2
data/lib/puppet/provider/user/directoryservice.rb +12 -29
data/lib/puppet/provider/user/hpux.rb +3 -3
data/lib/puppet/provider/user/ldap.rb +2 -2
data/lib/puppet/provider/zfs/solaris.rb +1 -1
data/lib/puppet/provider/zone/solaris.rb +4 -4
data/lib/puppet/provider/zpool/solaris.rb +3 -3
data/lib/puppet/rails.rb +9 -9
data/lib/puppet/rails/benchmark.rb +69 -0
data/lib/puppet/rails/database/001_add_created_at_to_all_tables.rb +5 -5
data/lib/puppet/rails/database/002_remove_duplicated_index_on_all_tables.rb +2 -2
data/lib/puppet/rails/database/003_add_environment_to_host.rb +1 -1
data/lib/puppet/rails/database/schema.rb +8 -8
data/lib/puppet/rails/fact_value.rb +1 -1
data/lib/puppet/rails/host.rb +211 -93
data/lib/puppet/rails/param_name.rb +5 -1
data/lib/puppet/rails/param_value.rb +29 -2
data/lib/puppet/rails/puppet_tag.rb +5 -0
data/lib/puppet/rails/resource.rb +120 -20
data/lib/puppet/rails/resource_tag.rb +1 -1
data/lib/puppet/rails/source_file.rb +1 -1
data/lib/puppet/reference/configuration.rb +14 -14
data/lib/puppet/reference/function.rb +1 -1
data/lib/puppet/reference/metaparameter.rb +48 -0
data/lib/puppet/reference/providers.rb +6 -6
data/lib/puppet/reference/type.rb +1 -37
data/lib/puppet/relationship.rb +57 -30
data/lib/puppet/reports/rrdgraph.rb +4 -4
data/lib/puppet/reports/store.rb +3 -3
data/lib/puppet/reports/tagmail.rb +15 -15
data/lib/puppet/resource.rb +265 -0
data/lib/puppet/{node → resource}/catalog.rb +188 -112
data/lib/puppet/{resource_reference.rb → resource/reference.rb} +46 -24
data/lib/puppet/simple_graph.rb +165 -27
data/lib/puppet/ssl.rb +7 -0
data/lib/puppet/ssl/base.rb +62 -0
data/lib/puppet/ssl/certificate.rb +34 -0
data/lib/puppet/ssl/certificate_authority.rb +298 -0
data/lib/puppet/ssl/certificate_authority/interface.rb +118 -0
data/lib/puppet/ssl/certificate_factory.rb +145 -0
data/lib/puppet/ssl/certificate_request.rb +51 -0
data/lib/puppet/ssl/certificate_revocation_list.rb +86 -0
data/lib/puppet/ssl/host.rb +271 -0
data/lib/puppet/ssl/inventory.rb +52 -0
data/lib/puppet/ssl/key.rb +56 -0
data/lib/puppet/sslcertificates.rb +6 -6
data/lib/puppet/sslcertificates/ca.rb +15 -15
data/lib/puppet/sslcertificates/certificate.rb +4 -4
data/lib/puppet/sslcertificates/inventory.rb +3 -3
data/lib/puppet/transaction.rb +113 -139
data/lib/puppet/transaction/change.rb +6 -6
data/lib/puppet/transaction/event.rb +1 -1
data/lib/puppet/transaction/report.rb +7 -1
data/lib/puppet/transportable.rb +28 -28
data/lib/puppet/type.rb +263 -688
data/lib/puppet/type/augeas.rb +3 -2
data/lib/puppet/type/component.rb +28 -95
data/lib/puppet/type/computer.rb +10 -10
data/lib/puppet/type/cron.rb +19 -14
data/lib/puppet/type/exec.rb +21 -20
data/lib/puppet/type/file.rb +306 -633
data/lib/puppet/type/file/checksum.rb +10 -11
data/lib/puppet/type/file/content.rb +83 -22
data/lib/puppet/type/file/ensure.rb +15 -9
data/lib/puppet/type/file/group.rb +7 -1
data/lib/puppet/type/file/mode.rb +1 -1
data/lib/puppet/type/file/owner.rb +9 -3
data/lib/puppet/type/file/selcontext.rb +4 -4
data/lib/puppet/type/file/source.rb +78 -179
data/lib/puppet/type/file/target.rb +3 -3
data/lib/puppet/type/file/type.rb +2 -2
data/lib/puppet/type/filebucket.rb +33 -54
data/lib/puppet/type/group.rb +8 -8
data/lib/puppet/type/host.rb +7 -7
data/lib/puppet/type/k5login.rb +2 -2
data/lib/puppet/type/macauthorization.rb +77 -52
data/lib/puppet/type/mailalias.rb +2 -2
data/lib/puppet/type/maillist.rb +2 -2
data/lib/puppet/type/mcx.rb +3 -3
data/lib/puppet/type/mount.rb +16 -11
data/lib/puppet/type/notify.rb +4 -4
data/lib/puppet/type/package.rb +6 -28
data/lib/puppet/type/port.rb +1 -1
data/lib/puppet/type/resources.rb +19 -19
data/lib/puppet/type/schedule.rb +18 -20
data/lib/puppet/type/selmodule.rb +1 -1
data/lib/puppet/type/service.rb +11 -7
data/lib/puppet/type/ssh_authorized_key.rb +26 -9
data/lib/puppet/type/sshkey.rb +2 -2
data/lib/puppet/type/tidy.rb +285 -289
data/lib/puppet/type/user.rb +9 -7
data/lib/puppet/type/yumrepo.rb +17 -16
data/lib/puppet/type/zone.rb +8 -7
data/lib/puppet/util.rb +11 -36
data/lib/puppet/util/autoload.rb +31 -19
data/lib/puppet/util/autoload/file_cache.rb +115 -0
data/lib/puppet/util/backups.rb +86 -0
data/lib/puppet/util/cacher.rb +135 -0
data/lib/puppet/util/checksums.rb +11 -1
data/lib/puppet/util/classgen.rb +1 -1
data/lib/puppet/util/config_store.rb +2 -2
data/lib/puppet/util/constant_inflector.rb +1 -1
data/lib/puppet/util/diff.rb +2 -2
data/lib/puppet/util/docs.rb +9 -3
data/lib/puppet/util/execution.rb +1 -1
data/lib/puppet/util/feature.rb +27 -20
data/lib/puppet/util/fileparsing.rb +3 -3
data/lib/puppet/util/filetype.rb +8 -6
data/lib/puppet/util/graph.rb +5 -5
data/lib/puppet/util/inifile.rb +5 -5
data/lib/puppet/util/json.rb +13 -0
data/lib/puppet/util/ldap/connection.rb +2 -2
data/lib/puppet/util/log.rb +48 -31
data/lib/puppet/util/metric.rb +4 -4
data/lib/puppet/util/monkey_patches.rb +43 -0
data/lib/puppet/util/nagios_maker.rb +1 -1
data/lib/puppet/util/package.rb +4 -4
data/lib/puppet/util/pidlock.rb +59 -59
data/lib/puppet/util/posix.rb +13 -52
data/lib/puppet/util/provider_features.rb +3 -3
data/lib/puppet/util/queue.rb +96 -0
data/lib/puppet/util/queue/stomp.rb +47 -0
data/lib/puppet/util/rails/cache_accumulator.rb +65 -0
data/lib/puppet/util/rails/collection_merger.rb +0 -39
data/lib/puppet/util/rails/reference_serializer.rb +17 -3
data/lib/puppet/util/rdoc.rb +1 -0
data/lib/puppet/util/rdoc/code_objects.rb +5 -1
data/lib/puppet/util/rdoc/generators/puppet_generator.rb +5 -5
data/lib/puppet/util/rdoc/generators/template/puppet/puppet.rb +13 -13
data/lib/puppet/util/rdoc/parser.rb +28 -32
data/lib/puppet/util/reference.rb +29 -8
data/lib/puppet/util/resource_template.rb +1 -1
data/lib/puppet/util/selinux.rb +12 -6
data/lib/puppet/util/settings.rb +203 -578
data/lib/puppet/util/settings/boolean_setting.rb +33 -0
data/lib/puppet/util/settings/file_setting.rb +119 -0
data/lib/puppet/util/settings/setting.rb +110 -0
data/lib/puppet/util/subclass_loader.rb +1 -1
data/lib/puppet/util/suidmanager.rb +2 -2
data/lib/puppet/util/tagging.rb +1 -1
data/lib/puppet/util/warnings.rb +17 -9
data/man/man8/filebucket.8 +2 -2
data/man/man8/pi.8 +2 -2
data/man/man8/puppet.8 +3 -4
data/man/man8/puppet.conf.8 +63 -63
data/man/man8/puppetca.8 +2 -2
data/man/man8/puppetd.8 +2 -2
data/man/man8/puppetdoc.8 +2 -2
data/man/man8/puppetmasterd.8 +2 -2
data/man/man8/puppetrun.8 +2 -2
data/man/man8/ralsh.8 +3 -3
data/sbin/puppetca +102 -0
data/sbin/puppetd +159 -0
data/sbin/puppetmasterd +66 -0
data/sbin/puppetqd +53 -0
data/sbin/puppetrun +130 -0
data/spec/Rakefile +2 -2
data/spec/integration/application/puppet.rb +33 -0
data/spec/integration/bin/puppetmasterd.rb +110 -0
data/spec/integration/configurer.rb +18 -0
data/spec/integration/defaults.rb +158 -7
data/spec/integration/file_serving/content.rb +2 -0
data/spec/integration/file_serving/fileset.rb +14 -0
data/spec/integration/file_serving/metadata.rb +2 -0
data/spec/integration/file_serving/terminus_helper.rb +22 -0
data/spec/integration/indirector/catalog/compiler.rb +67 -0
data/spec/integration/indirector/catalog/queue.rb +61 -0
data/spec/integration/indirector/certificate/rest.rb +69 -0
data/spec/integration/indirector/certificate_request/rest.rb +89 -0
data/spec/integration/indirector/certificate_revocation_list/rest.rb +77 -0
data/spec/integration/indirector/direct_file_server.rb +16 -23
data/spec/integration/indirector/file_content/file_server.rb +75 -0
data/spec/integration/indirector/report/rest.rb +95 -0
data/spec/integration/indirector/rest.rb +207 -147
data/spec/integration/network/client.rb +19 -0
data/spec/integration/network/formats.rb +110 -0
data/spec/integration/network/handler.rb +25 -0
data/spec/integration/network/server/mongrel.rb +26 -8
data/spec/integration/network/server/webrick.rb +49 -11
data/spec/integration/node/environment.rb +58 -0
data/spec/integration/node/facts.rb +4 -2
data/spec/integration/parser/compiler.rb +29 -0
data/spec/integration/parser/functions/require.rb +67 -0
data/spec/integration/provider/mailalias/aliases.rb +25 -0
data/spec/integration/{node → resource}/catalog.rb +17 -10
data/spec/integration/ssl/certificate_authority.rb +135 -0
data/spec/integration/ssl/certificate_request.rb +59 -0
data/spec/integration/ssl/certificate_revocation_list.rb +42 -0
data/spec/integration/ssl/host.rb +90 -0
data/spec/integration/transaction.rb +66 -0
data/spec/integration/transaction/report.rb +2 -5
data/spec/integration/type.rb +22 -0
data/spec/integration/type/file.rb +458 -0
data/spec/integration/type/package.rb +1 -1
data/spec/integration/type/tidy.rb +27 -0
data/spec/integration/util/autoload.rb +114 -0
data/spec/integration/util/feature.rb +54 -0
data/spec/integration/util/file_locking.rb +2 -1
data/spec/integration/util/settings.rb +27 -0
data/spec/lib/puppet_spec/files.rb +9 -0
data/spec/monkey_patches/add_confine_and_runnable_to_rspec_dsl.rb +1 -0
data/spec/monkey_patches/alias_should_to_must.rb +1 -0
data/spec/shared_behaviours/file_server_terminus.rb +14 -11
data/spec/shared_behaviours/file_serving.rb +13 -17
data/spec/spec_helper.rb +22 -5
data/spec/unit/agent.rb +259 -0
data/spec/unit/agent/locker.rb +100 -0
data/spec/unit/agent/runner.rb +118 -0
data/spec/unit/application.rb +420 -0
data/spec/unit/application/filebucket.rb +220 -0
data/spec/unit/application/pi.rb +84 -0
data/spec/unit/application/puppet.rb +404 -0
data/spec/unit/application/puppetca.rb +142 -0
data/spec/unit/application/puppetd.rb +502 -0
data/spec/unit/application/puppetdoc.rb +345 -0
data/spec/unit/application/puppetmasterd.rb +456 -0
data/spec/unit/application/puppetqd.rb +186 -0
data/spec/unit/application/puppetrun.rb +279 -0
data/spec/unit/application/ralsh.rb +237 -0
data/spec/unit/configurer.rb +232 -0
data/spec/unit/configurer/downloader.rb +188 -0
data/spec/unit/configurer/fact_handler.rb +150 -0
data/spec/unit/configurer/plugin_handler.rb +112 -0
data/spec/unit/daemon.rb +287 -0
data/spec/unit/file_serving/{file_base.rb → base.rb} +39 -31
data/spec/unit/file_serving/configuration.rb +104 -93
data/spec/unit/file_serving/configuration/parser.rb +64 -18
data/spec/unit/file_serving/content.rb +65 -26
data/spec/unit/file_serving/fileset.rb +116 -14
data/spec/unit/file_serving/indirection_hooks.rb +34 -95
data/spec/unit/file_serving/metadata.rb +27 -40
data/spec/unit/file_serving/mount.rb +7 -118
data/spec/unit/file_serving/mount/file.rb +188 -0
data/spec/unit/file_serving/mount/modules.rb +63 -0
data/spec/unit/file_serving/mount/plugins.rb +61 -0
data/spec/unit/file_serving/terminus_helper.rb +39 -27
data/spec/unit/indirector.rb +6 -1
data/spec/unit/indirector/active_record.rb +76 -0
data/spec/unit/indirector/catalog/active_record.rb +122 -0
data/spec/unit/indirector/catalog/compiler.rb +222 -118
data/spec/unit/indirector/catalog/queue.rb +20 -0
data/spec/unit/indirector/catalog/rest.rb +11 -0
data/spec/unit/indirector/catalog/yaml.rb +6 -6
data/spec/unit/indirector/certificate/ca.rb +28 -0
data/spec/unit/indirector/certificate/file.rb +28 -0
data/spec/unit/indirector/certificate/rest.rb +23 -0
data/spec/unit/indirector/certificate_request/ca.rb +19 -0
data/spec/unit/indirector/certificate_request/file.rb +19 -0
data/spec/unit/indirector/certificate_request/rest.rb +23 -0
data/spec/unit/indirector/certificate_revocation_list/ca.rb +21 -0
data/spec/unit/indirector/certificate_revocation_list/file.rb +20 -0
data/spec/unit/indirector/certificate_revocation_list/rest.rb +23 -0
data/spec/unit/indirector/direct_file_server.rb +3 -8
data/spec/unit/indirector/exec.rb +6 -1
data/spec/unit/indirector/facts/active_record.rb +104 -0
data/spec/unit/indirector/facts/facter.rb +53 -12
data/spec/unit/indirector/facts/rest.rb +11 -0
data/spec/unit/indirector/file.rb +8 -1
data/spec/unit/indirector/file_metadata/file.rb +5 -5
data/spec/unit/indirector/file_server.rb +181 -98
data/spec/unit/indirector/indirection.rb +102 -38
data/spec/unit/indirector/key/ca.rb +28 -0
data/spec/unit/indirector/key/file.rb +104 -0
data/spec/unit/indirector/node/active_record.rb +34 -0
data/spec/unit/indirector/node/ldap.rb +1 -1
data/spec/unit/indirector/node/rest.rb +2 -2
data/spec/unit/indirector/queue.rb +123 -0
data/spec/unit/indirector/report/rest.rb +28 -0
data/spec/unit/indirector/request.rb +221 -0
data/spec/unit/indirector/rest.rb +343 -334
data/spec/unit/indirector/runner/rest.rb +11 -0
data/spec/unit/indirector/ssl_file.rb +280 -0
data/spec/unit/module.rb +180 -180
data/spec/unit/network/authconfig.rb +292 -0
data/spec/unit/network/authstore.rb +94 -0
data/spec/unit/network/client.rb +2 -2
data/spec/unit/network/client/dipper.rb +16 -0
data/spec/unit/network/format.rb +191 -0
data/spec/unit/network/format_handler.rb +306 -0
data/spec/unit/network/formats.rb +249 -0
data/spec/unit/network/handler/fileserver.rb +2 -5
data/spec/unit/network/http.rb +3 -3
data/spec/unit/network/http/api/v1.rb +122 -0
data/spec/unit/network/http/handler.rb +448 -0
data/spec/unit/network/http/mongrel.rb +46 -32
data/spec/unit/network/http/mongrel/rest.rb +174 -319
data/spec/unit/network/http/rack.rb +102 -0
data/spec/unit/network/http/rack/rest.rb +199 -0
data/spec/unit/network/http/rack/xmlrpc.rb +157 -0
data/spec/unit/network/http/webrick.rb +249 -37
data/spec/unit/network/http/webrick/rest.rb +113 -279
data/spec/unit/network/http_pool.rb +86 -110
data/spec/unit/network/rest_authconfig.rb +146 -0
data/spec/unit/network/rest_authorization.rb +43 -0
data/spec/unit/network/rights.rb +519 -0
data/spec/unit/network/server.rb +475 -257
data/spec/unit/node.rb +43 -10
data/spec/unit/node/environment.rb +143 -9
data/spec/unit/node/facts.rb +77 -24
data/spec/unit/other/selinux.rb +85 -0
data/spec/unit/other/transbucket.rb +29 -13
data/spec/unit/other/transobject.rb +35 -15
data/spec/unit/parameter.rb +378 -5
data/spec/unit/parser/ast.rb +1 -1
data/spec/unit/parser/ast/arithmetic_operator.rb +17 -17
data/spec/unit/parser/ast/astarray.rb +16 -10
data/spec/unit/parser/ast/boolean_operator.rb +2 -2
data/spec/unit/parser/ast/casestatement.rb +143 -0
data/spec/unit/parser/ast/collection.rb +63 -0
data/spec/unit/parser/ast/collexpr.rb +31 -8
data/spec/unit/parser/ast/comparison_operator.rb +9 -9
data/spec/unit/parser/ast/definition.rb +18 -0
data/spec/unit/parser/ast/function.rb +6 -0
data/spec/unit/parser/ast/ifstatement.rb +75 -0
data/spec/unit/parser/ast/leaf.rb +261 -0
data/spec/unit/parser/ast/match_operator.rb +50 -0
data/spec/unit/parser/ast/minus.rb +1 -1
data/spec/unit/parser/ast/node.rb +20 -0
data/spec/unit/parser/ast/not.rb +1 -1
data/spec/unit/parser/ast/resource_override.rb +5 -5
data/spec/unit/parser/ast/resource_reference.rb +11 -5
data/spec/unit/parser/ast/selector.rb +156 -0
data/spec/unit/parser/ast/vardef.rb +11 -11
data/spec/unit/parser/collector.rb +167 -48
data/spec/unit/parser/compiler.rb +128 -104
data/spec/unit/parser/files.rb +190 -0
data/spec/unit/parser/functions/inline_template.rb +0 -0
data/spec/unit/parser/functions/regsubst.rb +42 -42
data/spec/unit/parser/functions/require.rb +36 -0
data/spec/unit/parser/functions/shellquote.rb +92 -0
data/spec/unit/parser/functions/split.rb +51 -0
data/spec/unit/parser/functions/sprintf.rb +11 -11
data/spec/unit/parser/functions/template.rb +0 -0
data/spec/unit/parser/functions/versioncmp.rb +2 -2
data/spec/unit/parser/interpreter.rb +16 -7
data/spec/unit/parser/lexer.rb +72 -12
data/spec/unit/parser/loaded_code.rb +198 -0
data/spec/unit/parser/parser.rb +215 -28
data/spec/unit/parser/resource.rb +131 -22
data/spec/unit/parser/scope.rb +207 -12
data/spec/unit/parser/templatewrapper.rb +8 -3
data/spec/unit/property.rb +270 -16
data/spec/unit/property/list.rb +12 -6
data/spec/unit/provider.rb +31 -0
data/spec/unit/provider/augeas/augeas.rb +61 -33
data/spec/unit/provider/macauthorization.rb +29 -29
data/spec/unit/provider/mcx/mcxcontent.rb +4 -4
data/spec/unit/provider/mount/parsed.rb +5 -8
data/spec/unit/provider/naginator.rb +0 -0
data/spec/unit/provider/package/apt.rb +6 -6
data/spec/unit/provider/package/pkgdmg.rb +73 -0
data/spec/unit/provider/selboolean.rb +1 -1
data/spec/unit/provider/selmodule.rb +2 -2
data/spec/unit/provider/service/daemontools.rb +40 -15
data/spec/unit/provider/service/debian.rb +89 -0
data/spec/unit/provider/service/init.rb +106 -0
data/spec/unit/provider/service/launchd.rb +71 -13
data/spec/unit/provider/service/redhat.rb +94 -0
data/spec/unit/provider/service/runit.rb +14 -2
data/spec/unit/provider/ssh_authorized_key/parsed.rb +66 -2
data/spec/unit/provider/user/ldap.rb +1 -1
data/spec/unit/provider/user/user_role_add.rb +1 -1
data/spec/unit/provider/zfs/solaris.rb +18 -6
data/spec/unit/provider/zone/solaris.rb +1 -1
data/spec/unit/rails.rb +16 -22
data/spec/unit/rails/host.rb +163 -0
data/spec/unit/rails/param_value.rb +49 -0
data/spec/unit/rails/resource.rb +87 -0
data/spec/unit/relationship.rb +141 -29
data/spec/unit/resource.rb +504 -0
data/spec/unit/resource/catalog.rb +1061 -0
data/spec/unit/resource/reference.rb +111 -0
data/spec/unit/simple_graph.rb +448 -191
data/spec/unit/ssl/certificate.rb +124 -0
data/spec/unit/ssl/certificate_authority.rb +741 -0
data/spec/unit/ssl/certificate_authority/interface.rb +269 -0
data/spec/unit/ssl/certificate_factory.rb +107 -0
data/spec/unit/ssl/certificate_request.rb +193 -0
data/spec/unit/ssl/certificate_revocation_list.rb +180 -0
data/spec/unit/ssl/host.rb +704 -0
data/spec/unit/ssl/inventory.rb +180 -0
data/spec/unit/ssl/key.rb +198 -0
data/spec/unit/transaction.rb +65 -2
data/spec/unit/transaction/change.rb +1 -1
data/spec/unit/transaction/report.rb +1 -1
data/spec/unit/type.rb +361 -8
data/spec/unit/type/augeas.rb +30 -37
data/spec/unit/type/component.rb +63 -0
data/spec/unit/type/computer.rb +17 -21
data/spec/unit/type/exec.rb +27 -2
data/spec/unit/type/file.rb +704 -83
data/spec/unit/type/file/content.rb +253 -15
data/spec/unit/type/file/ensure.rb +65 -2
data/spec/unit/type/file/group.rb +5 -0
data/spec/unit/type/file/owner.rb +5 -0
data/spec/unit/type/file/selinux.rb +12 -16
data/spec/unit/type/file/source.rb +264 -0
data/spec/unit/type/filebucket.rb +74 -0
data/spec/unit/type/group.rb +1 -5
data/spec/unit/type/macauthorization.rb +59 -26
data/spec/unit/type/mcx.rb +8 -16
data/spec/unit/type/mount.rb +8 -16
data/spec/unit/type/noop_metaparam.rb +0 -2
data/spec/unit/type/package.rb +13 -23
data/spec/unit/type/resources.rb +4 -7
data/spec/unit/type/schedule.rb +1 -7
data/spec/unit/type/selboolean.rb +4 -6
data/spec/unit/type/service.rb +23 -33
data/spec/unit/type/ssh_authorized_key.rb +25 -14
data/spec/unit/type/tidy.rb +329 -21
data/spec/unit/type/user.rb +18 -10
data/spec/unit/type/zfs.rb +6 -6
data/spec/unit/util/autoload.rb +94 -3
data/spec/unit/util/autoload/file_cache.rb +183 -0
data/spec/unit/util/backups.rb +159 -0
data/spec/unit/util/cache_accumulator.rb +69 -0
data/spec/unit/util/cacher.rb +185 -0
data/spec/unit/util/checksums.rb +9 -1
data/spec/unit/util/feature.rb +72 -0
data/spec/unit/util/filetype.rb +1 -11
data/spec/unit/util/json.rb +21 -0
data/spec/unit/util/log.rb +45 -0
data/spec/unit/util/package.rb +2 -2
data/spec/unit/util/queue.rb +88 -0
data/spec/unit/util/queue/stomp.rb +140 -0
data/spec/unit/util/reference_serializer.rb +52 -0
data/spec/unit/util/selinux.rb +5 -3
data/spec/unit/util/settings.rb +413 -264
data/spec/unit/util/settings/file_setting.rb +223 -0
data/spec/unit/util/storage.rb +11 -11
data/spec/unit/util/warnings.rb +21 -17
data/test/Rakefile +6 -5
data/test/certmgr/ca.rb +5 -5
data/test/certmgr/certmgr.rb +4 -4
data/test/data/providers/cron/crontab.allthree +2 -2
data/test/data/providers/cron/crontab.envNcomment +1 -1
data/test/data/providers/cron/crontab.envNname +1 -1
data/test/data/providers/cron/crontab.multirecords +1 -1
data/test/data/providers/cron/crontab_collections.yaml +14 -14
data/test/data/providers/cron/crontab_multiple_with_env.yaml +6 -6
data/test/data/providers/cron/crontab_sample_records.yaml +102 -102
data/test/data/providers/mailalias/aliases/test1 +28 -0
data/test/data/providers/package/testpackages.yaml +6 -6
data/test/data/reports/1.yaml +17 -17
data/test/data/reports/tagmail_passers.conf +2 -2
data/test/data/snippets/append.pp +5 -5
data/test/data/snippets/casestatement.pp +9 -2
data/test/data/snippets/classincludes.pp +1 -1
data/test/data/snippets/collection_override.pp +8 -0
data/test/data/snippets/fqparents.pp +2 -2
data/test/data/snippets/ifexpression.pp +12 -0
data/test/data/snippets/multilinecomments.pp +5 -1
data/test/data/snippets/selectorvalues.pp +7 -0
data/test/data/types/hosts/1 +1 -1
data/test/data/types/hosts/2 +3 -3
data/test/data/types/hosts/solaris +2 -2
data/test/data/types/mount/freebsd.fstab +7 -7
data/test/data/types/mount/solaris.fstab +10 -10
data/test/data/types/port/1 +472 -472
data/test/data/types/port/darwin +4347 -4347
data/test/language/ast.rb +3 -2
data/test/language/ast/casestatement.rb +12 -12
data/test/language/ast/resource.rb +4 -4
data/test/language/ast/resource_reference.rb +5 -5
data/test/language/ast/selector.rb +11 -11
data/test/language/ast/variable.rb +4 -4
data/test/language/functions.rb +16 -16
data/test/language/parser.rb +89 -111
data/test/language/resource.rb +3 -88
data/test/language/scope.rb +14 -55
data/test/language/snippets.rb +31 -31
data/test/lib/puppettest.rb +12 -12
data/test/lib/puppettest/certificates.rb +2 -2
data/test/lib/puppettest/exetest.rb +0 -1
data/test/lib/puppettest/fakes.rb +1 -1
data/test/lib/puppettest/parsertesting.rb +9 -4
data/test/lib/puppettest/railstesting.rb +3 -3
data/test/lib/puppettest/servertest.rb +1 -1
data/test/lib/puppettest/support/assertions.rb +2 -2
data/test/lib/puppettest/support/collection.rb +1 -1
data/test/lib/puppettest/support/resources.rb +7 -7
data/test/lib/puppettest/support/utils.rb +10 -16
data/test/lib/puppettest/testcase.rb +2 -1
data/test/network/authconfig.rb +1 -1
data/test/network/authorization.rb +1 -1
data/test/network/authstore.rb +57 -14
data/test/network/client/ca.rb +1 -0
data/test/network/client/resource.rb +12 -50
data/test/network/client_request.rb +1 -1
data/test/network/handler/bucket.rb +2 -2
data/test/network/handler/fileserver.rb +17 -21
data/test/network/handler/master.rb +5 -5
data/test/network/handler/report.rb +3 -3
data/test/network/handler/resource.rb +29 -75
data/test/network/handler/runner.rb +8 -58
data/test/network/rights.rb +1 -1
data/test/network/server/mongrel_test.rb +15 -1
data/test/network/server/webrick.rb +0 -36
data/test/network/xmlrpc/webrick_servlet.rb +5 -5
data/test/other/dsl.rb +3 -3
data/test/other/events.rb +15 -15
data/test/other/puppet.rb +2 -32
data/test/other/relationships.rb +21 -148
data/test/other/report.rb +20 -23
data/test/other/transactions.rb +110 -298
data/test/puppet/defaults.rb +1 -1
data/test/puppet/tc_suidmanager.rb +1 -1
data/test/rails/railsparameter.rb +4 -4
data/test/ral/manager/attributes.rb +12 -68
data/test/ral/manager/instances.rb +3 -19
data/test/ral/manager/manager.rb +7 -7
data/test/ral/manager/provider.rb +7 -7
data/test/ral/manager/type.rb +54 -349
data/test/ral/providers/cron/crontab.rb +14 -14
data/test/ral/providers/group.rb +5 -6
data/test/ral/providers/host/parsed.rb +3 -3
data/test/ral/providers/mailalias/aliases.rb +4 -4
data/test/ral/providers/package.rb +3 -3
data/test/ral/providers/package/aptitude.rb +55 -55
data/test/ral/providers/package/aptrpm.rb +7 -7
data/test/ral/providers/parsedfile.rb +10 -14
data/test/ral/providers/port/parsed.rb +6 -6
data/test/ral/providers/provider.rb +10 -10
data/test/ral/providers/service/base.rb +32 -32
data/test/ral/providers/sshkey/parsed.rb +14 -14
data/test/ral/providers/user.rb +16 -17
data/test/ral/providers/user/useradd.rb +19 -22
data/test/ral/type/cron.rb +21 -28
data/test/ral/type/exec.rb +57 -60
data/test/ral/type/file.rb +88 -862
data/test/ral/type/file/target.rb +21 -70
data/test/ral/type/fileignoresource.rb +37 -44
data/test/ral/type/filesources.rb +43 -473
data/test/ral/type/group.rb +6 -7
data/test/ral/type/host.rb +14 -30
data/test/ral/type/mailalias.rb +3 -3
data/test/ral/type/port.rb +5 -5
data/test/ral/type/resources.rb +37 -37
data/test/ral/type/service.rb +3 -3
data/test/ral/type/sshkey.rb +34 -39
data/test/ral/type/user.rb +15 -14
data/test/ral/type/yumrepo.rb +18 -17
data/test/ral/type/zone.rb +4 -6
data/test/test +9 -9
data/test/util/fileparsing.rb +10 -10
data/test/util/inifile.rb +6 -6
data/test/util/instance_loader.rb +1 -1
data/test/util/log.rb +2 -2
data/test/util/metrics.rb +1 -6
data/test/util/package.rb +1 -1
data/test/util/pidlock.rb +116 -116
data/test/util/settings.rb +40 -429
data/test/util/storage.rb +5 -5
data/test/util/subclass_loader.rb +0 -7
data/test/util/utiltest.rb +10 -29
metadata +1369 -941
data/bin/puppetca +0 -363
data/bin/puppetd +0 -439
data/bin/puppetmasterd +0 -289
data/bin/puppetrun +0 -369
data/conf/redhat/lsb-config.patch +0 -51
data/conf/redhat/no-chuser-0.15.1.patch +0 -38
data/conf/redhat/no-lockdir.patch +0 -13
data/examples/mac_netinfo.pp +0 -5
data/ext/passenger/README +0 -63
data/ext/passenger/apache2.conf +0 -29
data/ext/passenger/config.ru +0 -40
data/lib/puppet/config_stores/rest.rb +0 -60
data/lib/puppet/executables/client/certhandler.rb +0 -82
data/lib/puppet/indirector/file_content/modules.rb +0 -11
data/lib/puppet/indirector/file_metadata/modules.rb +0 -17
data/lib/puppet/indirector/module_files.rb +0 -82
data/lib/puppet/indirector/ssl_rsa.rb +0 -5
data/lib/puppet/indirector/ssl_rsa/file.rb +0 -33
data/lib/puppet/network/client/master.rb +0 -524
data/lib/puppet/network/http_server/rack.rb +0 -148
data/lib/puppet/pgraph.rb +0 -121
data/lib/puppet/provider/group/netinfo.rb +0 -15
data/lib/puppet/provider/host/netinfo.rb +0 -19
data/lib/puppet/provider/mount/netinfo.rb +0 -37
data/lib/puppet/provider/nameservice/netinfo.rb +0 -224
data/lib/puppet/provider/user/netinfo.rb +0 -111
data/lib/puppet/util/fact_store.rb +0 -59
data/lib/puppet/util/uri_helper.rb +0 -22
data/spec/integration/file_serving/configuration.rb +0 -43
data/spec/integration/indirector/module_files.rb +0 -57
data/spec/unit/executables/client/certhandler.rb +0 -135
data/spec/unit/indirector/file_content/modules.rb +0 -18
data/spec/unit/indirector/file_metadata/modules.rb +0 -42
data/spec/unit/indirector/module_files.rb +0 -259
data/spec/unit/indirector/ssl_rsa/file.rb +0 -121
data/spec/unit/network/client/master.rb +0 -442
data/spec/unit/node/catalog.rb +0 -865
data/spec/unit/other/pgraph.rb +0 -210
data/spec/unit/resource_reference.rb +0 -73
data/spec/unit/util/uri_helper.rb +0 -41
data/test/data/snippets/ifexpression.rb +0 -6
data/test/executables/filebucket.rb +0 -51
data/test/executables/puppetbin.rb +0 -104
data/test/executables/puppetca.rb +0 -115
data/test/executables/puppetd.rb +0 -55
data/test/executables/puppetmasterd.rb +0 -147
data/test/network/client/client.rb +0 -195
data/test/network/client/master.rb +0 -490
data/test/network/daemon.rb +0 -70
data/test/network/handler/handler.rb +0 -63
data/test/other/overrides.rb +0 -107
data/test/puppet/conffiles.rb +0 -107
data/test/rails/ast.rb +0 -73
data/test/rails/configuration.rb +0 -71
data/test/rails/host.rb +0 -154
data/test/rails/railsresource.rb +0 -251
data/test/ral/providers/host/netinfo.rb +0 -56
data/test/ral/providers/mount/netinfo.rb +0 -79
data/test/ral/type/basic.rb +0 -85
data/test/ral/type/filebucket.rb +0 -157
data/test/ral/type/parameter.rb +0 -174
data/test/ral/type/property.rb +0 -388
data/test/ral/type/tidy.rb +0 -291
data/test/util/autoload.rb +0 -145
data/test/util/features.rb +0 -95

data/spec/unit/network/http_pool.rb CHANGED

@@ -6,105 +6,21 @@
 require File.dirname(__FILE__) + '/../../spec_helper'
 require 'puppet/network/http_pool'
-describe Puppet::Network::HttpPool, " when adding certificate information to http instances" do
-    before do
-        @http = mock 'http'
-        [:cert_store=, :verify_mode=, :ca_file=, :cert=, :key=].each { |m| @http.stubs(m) }
-        @store = stub 'store'
-        [:add_file,:purpose=].each { |m| @store.stubs(m) }
+describe Puppet::Network::HttpPool do
+    after do
+        Puppet::Util::Cacher.expire
+        Puppet::Network::HttpPool.clear_http_instances
+        Puppet::Network::HttpPool.instance_variable_set("@ssl_host", nil)
     end
     it "should have keep-alive disabled" do
         Puppet::Network::HttpPool::HTTP_KEEP_ALIVE.should be_false
     end
-    it "should do nothing if no certificate is available" do
-        Puppet::Network::HttpPool.expects(:read_cert).returns(false)
-        @http.expects(:cert=).never
-        Puppet::Network::HttpPool.cert_setup(@http)
-    end
-    it "should add a certificate store" do
-        Puppet::Network::HttpPool.stubs(:read_cert).returns(true)
-        Puppet::Network::HttpPool.stubs(:key).returns(:mykey)
-        OpenSSL::X509::Store.expects(:new).returns(@store)
-        @http.expects(:cert_store=).with(@store)
-        Puppet::Network::HttpPool.cert_setup(@http)
-    end
-    it "should add the local CA cert to the certificate store" do
-        Puppet::Network::HttpPool.stubs(:read_cert).returns(true)
-        OpenSSL::X509::Store.expects(:new).returns(@store)
-        Puppet.settings.stubs(:value).with(:localcacert).returns("/some/file")
-        Puppet.settings.stubs(:value).with(:localcacert).returns("/some/file")
-        @store.expects(:add_file).with("/some/file")
-        Puppet::Network::HttpPool.stubs(:key).returns(:whatever)
-        Puppet::Network::HttpPool.cert_setup(@http)
-    end
-    it "should set the purpose of the cert store to OpenSSL::X509::PURPOSE_SSL_CLIENT" do
-        Puppet::Network::HttpPool.stubs(:read_cert).returns(true)
-        Puppet::Network::HttpPool.stubs(:key).returns(:mykey)
-        OpenSSL::X509::Store.expects(:new).returns(@store)
-        @store.expects(:purpose=).with(OpenSSL::X509::PURPOSE_SSL_CLIENT)
-        Puppet::Network::HttpPool.cert_setup(@http)
-    end
-    it "should add the client certificate" do
-        Puppet::Network::HttpPool.stubs(:read_cert).returns(true)
-        Puppet::Network::HttpPool.stubs(:cert).returns(:mycert)
-        Puppet::Network::HttpPool.stubs(:key).returns(:mykey)
-        OpenSSL::X509::Store.expects(:new).returns(@store)
-        @http.expects(:cert=).with(:mycert)
-        Puppet::Network::HttpPool.cert_setup(@http)
-    end
-    it "should add the client key" do
-        Puppet::Network::HttpPool.stubs(:read_cert).returns(true)
-        Puppet::Network::HttpPool.stubs(:key).returns(:mykey)
-        OpenSSL::X509::Store.expects(:new).returns(@store)
-        @http.expects(:key=).with(:mykey)
-        Puppet::Network::HttpPool.cert_setup(@http)
-    end
-    it "should set the verify mode to OpenSSL::SSL::VERIFY_PEER" do
-        Puppet::Network::HttpPool.stubs(:read_cert).returns(true)
-        Puppet::Network::HttpPool.stubs(:key).returns(:mykey)
-        OpenSSL::X509::Store.expects(:new).returns(@store)
-        @http.expects(:verify_mode=).with(OpenSSL::SSL::VERIFY_PEER)
-        Puppet::Network::HttpPool.cert_setup(@http)
-    end
-    it "should set the ca file" do
-        Puppet::Network::HttpPool.stubs(:read_cert).returns(true)
-        Puppet.settings.stubs(:value).with(:localcacert).returns("/some/file")
-        OpenSSL::X509::Store.expects(:new).returns(@store)
-        @http.expects(:ca_file=).with("/some/file")
-        Puppet::Network::HttpPool.stubs(:key).returns(:whatever)
-        Puppet::Network::HttpPool.cert_setup(@http)
-    end
-    it "should set up certificate information when creating http instances" do
-        Puppet::Network::HttpPool.expects(:cert_setup).with { |i| i.is_a?(Net::HTTP) }
-        Puppet::Network::HttpPool.http_instance("one", "two")
-    end
-    after do
-        Puppet::Network::HttpPool.clear_http_instances
+    it "should use the global SSL::Host instance to get its certificate information" do
+        host = mock 'host'
+        Puppet::SSL::Host.expects(:localhost).with().returns host
+        Puppet::Network::HttpPool.ssl_host.should equal(host)
     end
     describe "when managing http instances" do
@@ -115,7 +31,7 @@ describe Puppet::Network::HttpPool, " when adding certificate information to htt
         end
         before do
-            # All of hte cert stuff is tested elsewhere
+            # All of the cert stuff is tested elsewhere
             Puppet::Network::HttpPool.stubs(:cert_setup)
         end
@@ -150,7 +66,7 @@ describe Puppet::Network::HttpPool, " when adding certificate information to htt
             Puppet::Network::HttpPool.http_instance("me", 54321).open_timeout.should == 120
         end
-        describe "when http keep-alive is enabled" do
+        describe "and http keep-alive is enabled" do
             before do
                 Puppet::Network::HttpPool.stubs(:keep_alive?).returns true
             end
@@ -201,7 +117,7 @@ describe Puppet::Network::HttpPool, " when adding certificate information to htt
             end
         end
-        describe "when http keep-alive is disabled" do
+        describe "and http keep-alive is disabled" do
             before do
                 Puppet::Network::HttpPool.stubs(:keep_alive?).returns false
             end
@@ -213,26 +129,86 @@ describe Puppet::Network::HttpPool, " when adding certificate information to htt
             end
         end
-        # We mostly have to do this for testing, since in real life people
-        # won't change certs within a single process.
-        it "should remove its loaded certificate when clearing the cache" do
-            Puppet::Network::HttpPool.instance_variable_set("@cert", :yay)
+        after do
             Puppet::Network::HttpPool.clear_http_instances
-            # Can't use the accessor, because it will read the cert in
-            Puppet::Network::HttpPool.instance_variable_get("@cert").should be_nil
         end
+    end
-        # We mostly have to do this for testing, since in real life people
-        # won't change certs within a single process.
-        it "should remove its loaded key when clearing the cache" do
-            Puppet::Network::HttpPool.instance_variable_set("@key", :yay)
-            Puppet::Network::HttpPool.clear_http_instances
-            # Can't use the accessor, because it will read the cert in
-            Puppet::Network::HttpPool.instance_variable_get("@key").should be_nil
+    describe "when adding certificate information to http instances" do
+        before do
+            @http = mock 'http'
+            [:cert_store=, :verify_mode=, :ca_file=, :cert=, :key=].each { |m| @http.stubs(m) }
+            @store = stub 'store'
+            @cert = stub 'cert', :content => "real_cert"
+            @key = stub 'key', :content => "real_key"
+            @host = stub 'host', :certificate => @cert, :key => @key, :ssl_store => @store
+            Puppet[:confdir] = "/sometthing/else"
+            Puppet.settings.stubs(:value).returns "/some/file"
+            Puppet.settings.stubs(:value).with(:hostcert).returns "/host/cert"
+            Puppet.settings.stubs(:value).with(:localcacert).returns "/local/ca/cert"
+            FileTest.stubs(:exist?).with("/host/cert").returns true
+            FileTest.stubs(:exist?).with("/local/ca/cert").returns true
+            Puppet::Network::HttpPool.stubs(:ssl_host).returns @host
         end
         after do
-            Puppet::Network::HttpPool.clear_http_instances
+            Puppet.settings.clear
+        end
+        it "should do nothing if no host certificate is on disk" do
+            FileTest.expects(:exist?).with("/host/cert").returns false
+            @http.expects(:cert=).never
+            Puppet::Network::HttpPool.cert_setup(@http)
+        end
+        it "should do nothing if no local certificate is on disk" do
+            FileTest.expects(:exist?).with("/local/ca/cert").returns false
+            @http.expects(:cert=).never
+            Puppet::Network::HttpPool.cert_setup(@http)
+        end
+        it "should add a certificate store from the ssl host" do
+            @http.expects(:cert_store=).with(@store)
+            Puppet::Network::HttpPool.cert_setup(@http)
+        end
+        it "should add the client certificate" do
+            @http.expects(:cert=).with("real_cert")
+            Puppet::Network::HttpPool.cert_setup(@http)
+        end
+        it "should add the client key" do
+            @http.expects(:key=).with("real_key")
+            Puppet::Network::HttpPool.cert_setup(@http)
+        end
+        it "should set the verify mode to OpenSSL::SSL::VERIFY_PEER" do
+            @http.expects(:verify_mode=).with(OpenSSL::SSL::VERIFY_PEER)
+            Puppet::Network::HttpPool.cert_setup(@http)
+        end
+        it "should set the ca file" do
+            Puppet.settings.stubs(:value).returns "/some/file"
+            FileTest.stubs(:exist?).with(Puppet[:hostcert]).returns true
+            Puppet.settings.stubs(:value).with(:localcacert).returns "/ca/cert/file"
+            FileTest.stubs(:exist?).with("/ca/cert/file").returns true
+            @http.expects(:ca_file=).with("/ca/cert/file")
+            Puppet::Network::HttpPool.cert_setup(@http)
+        end
+        it "should set up certificate information when creating http instances" do
+            Puppet::Network::HttpPool.expects(:cert_setup).with { |i| i.is_a?(Net::HTTP) }
+            Puppet::Network::HttpPool.http_instance("one", "two")
         end
     end
 end

data/spec/unit/network/rest_authconfig.rb ADDED

@@ -0,0 +1,146 @@
+#!/usr/bin/env ruby
+require File.dirname(__FILE__) + '/../../spec_helper'
+require 'puppet/network/rest_authconfig'
+describe Puppet::Network::RestAuthConfig do
+    DEFAULT_ACL = [
+        { :acl => "~ ^\/catalog\/([^\/]+)$", :method => :find, :allow => '$1', :authenticated => true },
+        # this one will allow all file access, and thus delegate
+        # to fileserver.conf
+        { :acl => "/file" },
+        { :acl => "/certificate_revocation_list/ca", :method => :find, :authenticated => true },
+        { :acl => "/report", :method => :save, :authenticated => true },
+        { :acl => "/certificate/ca", :method => :find, :authenticated => false },
+        { :acl => "/certificate/", :method => :find, :authenticated => false },
+        { :acl => "/certificate_request", :method => [:find, :save], :authenticated => false },
+    ]
+    before :each do
+        FileTest.stubs(:exists?).returns(true)
+        File.stubs(:stat).returns(stub('stat', :ctime => :now))
+        Time.stubs(:now).returns :now
+        @authconfig = Puppet::Network::RestAuthConfig.new("dummy", false)
+        @authconfig.stubs(:read)
+        @acl = stub_everything 'rights'
+        @authconfig.rights = @acl
+        @request = stub 'request', :indirection_name => "path", :key => "to/resource", :ip => "127.0.0.1",
+                                   :node => "me", :method => :save, :environment => :env, :authenticated => true
+    end
+    it "should use the puppet default rest authorization file" do
+        Puppet.expects(:[]).with(:rest_authconfig).returns("dummy")
+        Puppet::Network::RestAuthConfig.new(nil, false)
+    end
+    it "should read the config file when needed" do
+        @authconfig.expects(:read)
+        @authconfig.allowed?(@request)
+    end
+    it "should ask for authorization to the ACL subsystem" do
+        @acl.expects(:fail_on_deny).with("/path/to/resource", :node => "me", :ip => "127.0.0.1", :method => :save, :environment => :env, :authenticated => true)
+        @authconfig.allowed?(@request)
+    end
+    describe "when defining an acl with mk_acl" do
+        it "should create a new right for each default acl" do
+            @acl.expects(:newright).with(:path)
+            @authconfig.mk_acl(:acl => :path)
+        end
+        it "should allow everyone for each default right" do
+            @acl.expects(:allow).with(:path, "*")
+            @authconfig.mk_acl(:acl => :path)
+        end
+        it "should restrict the ACL to a method" do
+            @acl.expects(:restrict_method).with(:path, :method)
+            @authconfig.mk_acl(:acl => :path, :method => :method)
+        end
+        it "should restrict the ACL to a specific authentication state" do
+            @acl.expects(:restrict_authenticated).with(:path, :authentication)
+            @authconfig.mk_acl(:acl => :path, :authenticated => :authentication)
+        end
+    end
+    describe "when parsing the configuration file" do
+        it "should check for missing ACL after reading the authconfig file" do
+            File.stubs(:open)
+            @authconfig.expects(:insert_default_acl)
+            @authconfig.parse()
+        end
+    end
+    DEFAULT_ACL.each do |acl|
+        it "should insert #{acl} if not present" do
+            @authconfig.rights.stubs(:[]).returns(true)
+            @authconfig.rights.stubs(:[]).with(acl[:acl]).returns(nil)
+            @authconfig.expects(:mk_acl).with { |h| h[:acl] == acl[:acl] }
+            @authconfig.insert_default_acl
+        end
+        it "should not insert #{acl} if present" do
+            @authconfig.rights.stubs(:[]).returns(true)
+            @authconfig.rights.stubs(:[]).with(acl).returns(true)
+            @authconfig.expects(:mk_acl).never
+            @authconfig.insert_default_acl
+        end
+    end
+    it "should create default ACL entries if no file have been read" do
+        Puppet::Network::RestAuthConfig.any_instance.stubs(:exists?).returns(false)
+        Puppet::Network::RestAuthConfig.any_instance.expects(:insert_default_acl)
+        Puppet::Network::RestAuthConfig.main
+    end
+    describe "when adding default ACLs" do
+       DEFAULT_ACL.each do |acl|
+            it "should create a default right for #{acl[:acl]}" do
+                @authconfig.stubs(:mk_acl)
+                @authconfig.expects(:mk_acl).with(acl)
+                @authconfig.insert_default_acl
+            end
+        end
+        it "should log at info loglevel" do
+            Puppet.expects(:info).at_least_once
+            @authconfig.insert_default_acl
+        end
+        it "should create a last catch-all deny all rule" do
+            @authconfig.stubs(:mk_acl)
+            @acl.expects(:newright).with("/")
+            @authconfig.insert_default_acl
+        end
+        it "should create a last catch-all deny all rule for any authenticated request state" do
+            @authconfig.stubs(:mk_acl)
+            @acl.stubs(:newright).with("/")
+            @acl.expects(:restrict_authenticated).with("/", :any)
+            @authconfig.insert_default_acl
+        end
+    end
+end

data/spec/unit/network/rest_authorization.rb ADDED

@@ -0,0 +1,43 @@
+#!/usr/bin/env ruby
+require File.dirname(__FILE__) + '/../../spec_helper'
+require 'puppet/network/rest_authorization'
+class RestAuthorized
+    include Puppet::Network::RestAuthorization
+end
+describe Puppet::Network::RestAuthorization do
+    before :each do
+        @auth = RestAuthorized.new
+        @authconig = stub 'authconfig'
+        @auth.stubs(:authconfig).returns(@authconfig)
+        @request = stub_everything 'request'
+        @request.stubs(:method).returns(:find)
+        @request.stubs(:node).returns("node")
+        @request.stubs(:ip).returns("ip")
+    end
+    describe "when testing request authorization" do
+        it "should delegate to the current rest authconfig" do
+            @authconfig.expects(:allowed?).with(@request).returns(true)
+            @auth.check_authorization(@request)
+        end
+        it "should raise an AuthorizationError if authconfig raises an AuthorizationError" do
+            @authconfig.expects(:allowed?).with(@request).raises(Puppet::Network::AuthorizationError.new("forbidden"))
+            lambda { @auth.check_authorization(@request) }.should raise_error(Puppet::Network::AuthorizationError)
+        end
+        it "should not raise an AuthorizationError if request is allowed" do
+            @authconfig.expects(:allowed?).with(@request).returns(true)
+            lambda { @auth.check_authorization(@request) }.should_not raise_error(Puppet::Network::AuthorizationError)
+        end
+    end
+end

data/spec/unit/network/rights.rb ADDED

@@ -0,0 +1,519 @@
+#!/usr/bin/env ruby
+require File.dirname(__FILE__) + '/../../spec_helper'
+require 'puppet/network/rights'
+describe Puppet::Network::Rights do
+    before do
+        @right = Puppet::Network::Rights.new
+    end
+    [:allow, :deny, :restrict_method, :restrict_environment, :restrict_authenticated].each do |m|
+        it "should have a #{m} method" do
+            @right.should respond_to(m)
+        end
+        describe "when using #{m}" do
+            it "should delegate to the correct acl" do
+                acl = stub 'acl'
+                @right.stubs(:[]).returns(acl)
+                acl.expects(m).with("me")
+                @right.send(m, 'thisacl', "me")
+            end
+        end
+    end
+    it "should throw an error if type can't be determined" do
+        lambda { @right.newright("name") }.should raise_error
+    end
+    describe "when creating new namespace ACLs" do
+        it "should throw an error if the ACL already exists" do
+            @right.newright("[name]")
+            lambda { @right.newright("[name]") }.should raise_error
+        end
+        it "should create a new ACL with the correct name" do
+            @right.newright("[name]")
+            @right["name"].key.should == :name
+        end
+        it "should create an ACL of type Puppet::Network::AuthStore" do
+            @right.newright("[name]")
+            @right["name"].should be_a_kind_of(Puppet::Network::AuthStore)
+        end
+    end
+    describe "when creating new path ACLs" do
+        it "should not throw an error if the ACL already exists" do
+            @right.newright("/name")
+            lambda { @right.newright("/name")}.should_not raise_error
+        end
+        it "should throw an error if the acl uri path is not absolute" do
+            lambda { @right.newright("name")}.should raise_error
+        end
+        it "should create a new ACL with the correct path" do
+            @right.newright("/name")
+            @right["/name"].should_not be_nil
+        end
+        it "should create an ACL of type Puppet::Network::AuthStore" do
+            @right.newright("/name")
+            @right["/name"].should be_a_kind_of(Puppet::Network::AuthStore)
+        end
+    end
+    describe "when creating new regex ACLs" do
+        it "should not throw an error if the ACL already exists" do
+            @right.newright("~ .rb$")
+            lambda { @right.newright("~ .rb$")}.should_not raise_error
+        end
+        it "should create a new ACL with the correct regex" do
+            @right.newright("~ .rb$")
+            @right.include?(".rb$").should_not be_nil
+        end
+        it "should be able to lookup the regex" do
+            @right.newright("~ .rb$")
+            @right[".rb$"].should_not be_nil
+        end
+        it "should be able to lookup the regex by its full name" do
+            @right.newright("~ .rb$")
+            @right["~ .rb$"].should_not be_nil
+        end
+        it "should create an ACL of type Puppet::Network::AuthStore" do
+            @right.newright("~ .rb$").should be_a_kind_of(Puppet::Network::AuthStore)
+        end
+    end
+    describe "when checking ACLs existence" do
+        it "should return false if there are no matching rights" do
+            @right.include?("name").should be_false
+        end
+        it "should return true if a namespace rights exist" do
+            @right.newright("[name]")
+            @right.include?("name").should be_true
+        end
+        it "should return false if no matching namespace rights exist" do
+            @right.newright("[name]")
+            @right.include?("notname").should be_false
+        end
+        it "should return true if a path right exists" do
+            @right.newright("/name")
+            @right.include?("/name").should be_true
+        end
+        it "should return false if no matching path rights exist" do
+            @right.newright("/name")
+            @right.include?("/differentname").should be_false
+        end
+        it "should return true if a regex right exists" do
+            @right.newright("~ .rb$")
+            @right.include?(".rb$").should be_true
+        end
+        it "should return false if no matching path rights exist" do
+            @right.newright("~ .rb$")
+            @right.include?(".pp$").should be_false
+        end
+    end
+    describe "when checking if right is allowed" do
+        before :each do
+            @right.stubs(:right).returns(nil)
+            @pathacl = stub 'pathacl', :acl_type => :regex, :"<=>" => 1, :line => 0, :file => 'dummy'
+            Puppet::Network::Rights::Right.stubs(:new).returns(@pathacl)
+        end
+        it "should delegate to fail_on_deny" do
+            @right.expects(:fail_on_deny).with("namespace", :node => "host.domain.com", :ip => "127.0.0.1")
+            @right.allowed?("namespace", "host.domain.com", "127.0.0.1")
+        end
+        it "should return true if fail_on_deny doesn't fail" do
+            @right.stubs(:fail_on_deny)
+            @right.allowed?("namespace", :args).should be_true
+        end
+        it "should return false if fail_on_deny raises an AuthorizationError" do
+            @right.stubs(:fail_on_deny).raises(Puppet::Network::AuthorizationError.new("forbidden"))
+            @right.allowed?("namespace", :args1, :args2).should be_false
+        end
+        it "should first check namespace rights" do
+            acl = stub 'acl', :acl_type => :name, :key => :namespace
+            Puppet::Network::Rights::Right.stubs(:new).returns(acl)
+            @right.newright("[namespace]")
+            acl.expects(:match?).returns(true)
+            acl.expects(:allowed?).with { |node,ip,h| node == "node" and ip == "ip" }.returns(true)
+            @right.fail_on_deny("namespace", { :node => "node", :ip => "ip" } )
+        end
+        it "should then check for path rights if no namespace match" do
+            acl = stub 'nmacl', :acl_type => :name, :key => :namespace, :"<=>" => -1, :line => 0, :file => 'dummy'
+            acl.stubs(:match?).returns(false)
+            Puppet::Network::Rights::Right.stubs(:new).with("[namespace]").returns(acl)
+            @right.newright("[namespace]")
+            @right.newright("/path/to/there", 0, nil)
+            @pathacl.stubs(:match?).returns(true)
+            acl.expects(:allowed?).never
+            @pathacl.expects(:allowed?).returns(true)
+            @right.fail_on_deny("/path/to/there", {})
+        end
+        it "should pass the match? return to allowed?" do
+            @right.newright("/path/to/there")
+            @pathacl.expects(:match?).returns(:match)
+            @pathacl.expects(:allowed?).with { |node,ip,h| h[:match] == :match }.returns(true)
+            @right.fail_on_deny("/path/to/there", {})
+        end
+        describe "with namespace acls" do
+            it "should raise an error if this namespace right doesn't exist" do
+                lambda{ @right.fail_on_deny("namespace") }.should raise_error
+            end
+        end
+        describe "with path acls" do
+            before :each do
+                @long_acl = stub 'longpathacl', :name => "/path/to/there", :acl_type => :regex, :line => 0, :file => 'dummy'
+                Puppet::Network::Rights::Right.stubs(:new).with("/path/to/there", 0, nil).returns(@long_acl)
+                @short_acl = stub 'shortpathacl', :name => "/path/to", :acl_type => :regex, :line => 0, :file => 'dummy'
+                Puppet::Network::Rights::Right.stubs(:new).with("/path/to", 0, nil).returns(@short_acl)
+                @long_acl.stubs(:"<=>").with(@short_acl).returns(0)
+                @short_acl.stubs(:"<=>").with(@long_acl).returns(0)
+            end
+            it "should select the first match" do
+                @right.newright("/path/to/there", 0)
+                @right.newright("/path/to", 0)
+                @long_acl.stubs(:match?).returns(true)
+                @short_acl.stubs(:match?).returns(true)
+                @long_acl.expects(:allowed?).returns(true)
+                @short_acl.expects(:allowed?).never
+                @right.fail_on_deny("/path/to/there/and/there", {})
+            end
+            it "should select the first match that doesn't return :dunno" do
+                @right.newright("/path/to/there", 0, nil)
+                @right.newright("/path/to", 0, nil)
+                @long_acl.stubs(:match?).returns(true)
+                @short_acl.stubs(:match?).returns(true)
+                @long_acl.expects(:allowed?).returns(:dunno)
+                @short_acl.expects(:allowed?).returns(true)
+                @right.fail_on_deny("/path/to/there/and/there", {})
+            end
+            it "should not select an ACL that doesn't match" do
+                @right.newright("/path/to/there", 0)
+                @right.newright("/path/to", 0)
+                @long_acl.stubs(:match?).returns(false)
+                @short_acl.stubs(:match?).returns(true)
+                @long_acl.expects(:allowed?).never
+                @short_acl.expects(:allowed?).returns(true)
+                @right.fail_on_deny("/path/to/there/and/there", {})
+            end
+            it "should not raise an AuthorizationError if allowed" do
+                @right.newright("/path/to/there", 0)
+                @long_acl.stubs(:match?).returns(true)
+                @long_acl.stubs(:allowed?).returns(true)
+                lambda { @right.fail_on_deny("/path/to/there/and/there", {}) }.should_not raise_error(Puppet::Network::AuthorizationError)
+            end
+            it "should raise an AuthorizationError if the match is denied" do
+                @right.newright("/path/to/there", 0, nil)
+                @long_acl.stubs(:match?).returns(true)
+                @long_acl.stubs(:allowed?).returns(false)
+                lambda{ @right.fail_on_deny("/path/to/there", {}) }.should raise_error(Puppet::Network::AuthorizationError)
+            end
+            it "should raise an AuthorizationError if no path match" do
+                lambda { @right.fail_on_deny("/nomatch", {}) }.should raise_error(Puppet::Network::AuthorizationError)
+            end
+        end
+        describe "with regex acls" do
+            before :each do
+                @regex_acl1 = stub 'regex_acl1', :name => "/files/(.*)/myfile", :acl_type => :regex, :line => 0, :file => 'dummy'
+                Puppet::Network::Rights::Right.stubs(:new).with("~ /files/(.*)/myfile", 0, nil).returns(@regex_acl1)
+                @regex_acl2 = stub 'regex_acl2', :name => "/files/(.*)/myfile/", :acl_type => :regex, :line => 0, :file => 'dummy'
+                Puppet::Network::Rights::Right.stubs(:new).with("~ /files/(.*)/myfile/", 0, nil).returns(@regex_acl2)
+                @regex_acl1.stubs(:"<=>").with(@regex_acl2).returns(0)
+                @regex_acl2.stubs(:"<=>").with(@regex_acl1).returns(0)
+            end
+            it "should select the first match" do
+                @right.newright("~ /files/(.*)/myfile", 0)
+                @right.newright("~ /files/(.*)/myfile/", 0)
+                @regex_acl1.stubs(:match?).returns(true)
+                @regex_acl2.stubs(:match?).returns(true)
+                @regex_acl1.expects(:allowed?).returns(true)
+                @regex_acl2.expects(:allowed?).never
+                @right.fail_on_deny("/files/repository/myfile/other", {})
+            end
+            it "should select the first match that doesn't return :dunno" do
+                @right.newright("~ /files/(.*)/myfile", 0)
+                @right.newright("~ /files/(.*)/myfile/", 0)
+                @regex_acl1.stubs(:match?).returns(true)
+                @regex_acl2.stubs(:match?).returns(true)
+                @regex_acl1.expects(:allowed?).returns(:dunno)
+                @regex_acl2.expects(:allowed?).returns(true)
+                @right.fail_on_deny("/files/repository/myfile/other", {})
+            end
+            it "should not select an ACL that doesn't match" do
+                @right.newright("~ /files/(.*)/myfile", 0)
+                @right.newright("~ /files/(.*)/myfile/", 0)
+                @regex_acl1.stubs(:match?).returns(false)
+                @regex_acl2.stubs(:match?).returns(true)
+                @regex_acl1.expects(:allowed?).never
+                @regex_acl2.expects(:allowed?).returns(true)
+                @right.fail_on_deny("/files/repository/myfile/other", {})
+            end
+            it "should not raise an AuthorizationError if allowed" do
+                @right.newright("~ /files/(.*)/myfile", 0)
+                @regex_acl1.stubs(:match?).returns(true)
+                @regex_acl1.stubs(:allowed?).returns(true)
+                lambda { @right.fail_on_deny("/files/repository/myfile/other", {}) }.should_not raise_error(Puppet::Network::AuthorizationError)
+            end
+            it "should raise an error if no regex acl match" do
+                lambda{ @right.fail_on_deny("/path", {}) }.should raise_error(Puppet::Network::AuthorizationError)
+            end
+            it "should raise an AuthorizedError on deny" do
+                lambda { @right.fail_on_deny("/path", {}) }.should raise_error(Puppet::Network::AuthorizationError)
+            end
+        end
+    end
+    describe Puppet::Network::Rights::Right do
+        before :each do
+            @acl = Puppet::Network::Rights::Right.new("/path",0, nil)
+        end
+        describe "with path" do
+            it "should say it's a regex ACL" do
+                @acl.acl_type.should == :regex
+            end
+            it "should match up to its path length" do
+                @acl.match?("/path/that/works").should_not be_nil
+            end
+            it "should match up to its path length" do
+                @acl.match?("/paththatalsoworks").should_not be_nil
+            end
+            it "should return nil if no match" do
+                @acl.match?("/notpath").should be_nil
+            end
+        end
+        describe "with regex" do
+            before :each do
+                @acl = Puppet::Network::Rights::Right.new("~ .rb$",0, nil)
+            end
+            it "should say it's a regex ACL" do
+                @acl.acl_type.should == :regex
+            end
+            it "should match as a regex" do
+                @acl.match?("this shoud work.rb").should_not be_nil
+            end
+            it "should return nil if no match" do
+                @acl.match?("do not match").should be_nil
+            end
+        end
+        it "should allow all rest methods by default" do
+            @acl.methods.should == Puppet::Network::Rights::Right::ALL
+        end
+        it "should allow only authenticated request by default" do
+            @acl.authentication.should be_true
+        end
+        it "should allow modification of the methods filters" do
+            @acl.restrict_method(:save)
+            @acl.methods.should == [:save]
+        end
+        it "should stack methods filters" do
+            @acl.restrict_method(:save)
+            @acl.restrict_method(:destroy)
+            @acl.methods.should == [:save, :destroy]
+        end
+        it "should raise an error if the method is already filtered" do
+            @acl.restrict_method(:save)
+            lambda { @acl.restrict_method(:save) }.should raise_error
+        end
+        it "should allow setting an environment filters" do
+            Puppet::Node::Environment.stubs(:new).with(:environment).returns(:env)
+            @acl.restrict_environment(:environment)
+            @acl.environment.should == [:env]
+        end
+        ["on", "yes", "true", true].each do |auth|
+            it "should allow filtering on authenticated requests with '#{auth}'" do
+                @acl.restrict_authenticated(auth)
+                @acl.authentication.should be_true
+            end
+        end
+        ["off", "no", "false", false].each do |auth|
+            it "should allow filtering on unauthenticated requests with '#{auth}'" do
+                @acl.restrict_authenticated(auth)
+                @acl.authentication.should be_false
+            end
+        end
+        ["all", "any", :all, :any].each do |auth|
+            it "should not use request authenticated state filtering with '#{auth}'" do
+                @acl.restrict_authenticated(auth)
+                @acl.authentication.should be_nil
+            end
+        end
+        describe "when checking right authorization" do
+            it "should return :dunno if this right is not restricted to the given method" do
+                @acl.restrict_method(:destroy)
+                @acl.allowed?("me","127.0.0.1", { :method => :save } ).should == :dunno
+            end
+            it "should return allow/deny if this right is restricted to the given method" do
+                @acl.restrict_method(:save)
+                @acl.allow("127.0.0.1")
+                @acl.allowed?("me","127.0.0.1", { :method => :save }).should be_true
+            end
+            it "should return :dunno if this right is not restricted to the given environment" do
+                Puppet::Node::Environment.stubs(:new).returns(:production)
+                @acl.restrict_environment(:production)
+                @acl.allowed?("me","127.0.0.1", { :method => :save, :environment => :development }).should == :dunno
+            end
+            it "should return :dunno if this right is not restricted to the given request authentication state" do
+                @acl.restrict_authenticated(true)
+                @acl.allowed?("me","127.0.0.1", { :method => :save, :authenticated => false }).should == :dunno
+            end
+            it "should return allow/deny if this right is restricted to the given request authentication state" do
+                @acl.restrict_authenticated(false)
+                @acl.allow("127.0.0.1")
+                @acl.allowed?("me","127.0.0.1", { :authenticated => false }).should be_true
+            end
+            it "should interpolate allow/deny patterns with the given match" do
+                @acl.expects(:interpolate).with(:match)
+                @acl.allowed?("me","127.0.0.1", { :method => :save, :match => :match, :authenticated => true })
+            end
+            it "should reset interpolation after the match" do
+                @acl.expects(:reset_interpolation)
+                @acl.allowed?("me","127.0.0.1", { :method => :save, :match => :match, :authenticated => true })
+            end
+            # mocha doesn't allow testing super...
+            # it "should delegate to the AuthStore for the result" do
+            #     @acl.method(:save)
+            #
+            #     @acl.expects(:allowed?).with("me","127.0.0.1")
+            #
+            #     @acl.allowed?("me","127.0.0.1", :save)
+            # end
+        end
+    end
+end