puppet 0.24.9 → 0.25.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- data/CHANGELOG +18680 -1241
- data/CHANGELOG.old +1705 -0
- data/LICENSE +2 -2
- data/README +1 -1
- data/README.queueing +126 -0
- data/README.rst +4 -4
- data/Rakefile +62 -216
- data/bin/filebucket +6 -117
- data/bin/pi +50 -0
- data/bin/puppet +7 -188
- data/bin/puppetdoc +7 -198
- data/bin/ralsh +4 -191
- data/conf/auth.conf +94 -0
- data/conf/gentoo/init.d/puppetmaster +30 -30
- data/conf/osx/PackageInfo.plist +30 -30
- data/conf/osx/createpackage.sh +23 -18
- data/conf/osx/preflight +8 -0
- data/conf/puppet-queue.conf +10 -0
- data/conf/redhat/client.init +52 -41
- data/conf/redhat/logrotate +1 -0
- data/conf/redhat/puppet.spec +74 -36
- data/conf/redhat/rundir-perms.patch +28 -0
- data/conf/redhat/server.init +48 -43
- data/conf/redhat/server.sysconfig +4 -4
- data/conf/solaris/smf/puppetd.xml +53 -53
- data/conf/solaris/smf/puppetmasterd.xml +53 -53
- data/conf/solaris/smf/svc-puppetd +4 -4
- data/conf/solaris/smf/svc-puppetmasterd +3 -3
- data/conf/suse/client.init +4 -4
- data/conf/suse/puppet.spec +14 -14
- data/conf/suse/server.init +17 -17
- data/examples/etc/init.d/sleeper +8 -8
- data/examples/mac_dscl.pp +2 -2
- data/examples/mac_dscl_revert.pp +1 -1
- data/examples/mcx_dock_default.pp +108 -108
- data/examples/mcx_dock_full.pp +108 -108
- data/examples/mcx_nogroup.pp +108 -108
- data/examples/modules/sample-module/lib/puppet/parser/functions/hostname_to_dn.rb +5 -5
- data/examples/modules/sample-module/manifests/init.pp +2 -2
- data/examples/relationships +1 -1
- data/ext/autotest/config +6 -6
- data/ext/bin/sleeper +12 -12
- data/ext/dbfix.sql +21 -21
- data/ext/emacs/puppet-mode.el +42 -41
- data/ext/extlookup.rb +183 -0
- data/ext/ldap/puppet.schema +2 -1
- data/ext/logcheck/puppet +1 -1
- data/ext/module_puppet +7 -7
- data/ext/nagios/check_puppet.rb +83 -83
- data/ext/nagios/naggen +302 -0
- data/ext/puppet-test +61 -18
- data/ext/puppetlisten/puppetlisten.rb +76 -0
- data/ext/puppetlisten/puppetrun.rb +39 -0
- data/ext/puppetstoredconfigclean.rb +29 -29
- data/ext/rack/README +73 -0
- data/ext/rack/files/apache2.conf +38 -0
- data/ext/rack/files/config.ru +18 -0
- data/ext/rack/manifest.pp +59 -0
- data/ext/vim/syntax/puppet.vim +54 -35
- data/install.rb +37 -26
- data/lib/puppet.rb +15 -227
- data/lib/puppet/agent.rb +134 -0
- data/lib/puppet/agent/locker.rb +42 -0
- data/lib/puppet/agent/runner.rb +65 -0
- data/lib/puppet/application.rb +313 -0
- data/lib/puppet/application/filebucket.rb +87 -0
- data/lib/puppet/application/pi.rb +214 -0
- data/lib/puppet/application/puppet.rb +177 -0
- data/lib/puppet/application/puppetca.rb +71 -0
- data/lib/puppet/application/puppetd.rb +256 -0
- data/lib/puppet/application/puppetdoc.rb +222 -0
- data/lib/puppet/application/puppetmasterd.rb +168 -0
- data/lib/puppet/application/puppetqd.rb +96 -0
- data/lib/puppet/application/puppetrun.rb +219 -0
- data/lib/puppet/application/ralsh.rb +168 -0
- data/lib/puppet/configurer.rb +177 -0
- data/lib/puppet/configurer/downloader.rb +79 -0
- data/lib/puppet/configurer/fact_handler.rb +68 -0
- data/lib/puppet/configurer/plugin_handler.rb +26 -0
- data/lib/puppet/daemon.rb +78 -28
- data/lib/puppet/defaults.rb +239 -166
- data/lib/puppet/dsl.rb +7 -7
- data/lib/puppet/external/dot.rb +271 -271
- data/lib/puppet/external/event-loop/better-definers.rb +298 -298
- data/lib/puppet/external/event-loop/event-loop.rb +274 -274
- data/lib/puppet/external/event-loop/signal-system.rb +163 -163
- data/lib/puppet/external/lock.rb +1 -1
- data/lib/puppet/external/nagios.rb +20 -20
- data/lib/puppet/external/nagios/base.rb +3 -3
- data/lib/puppet/external/nagios/grammar.ry +185 -0
- data/lib/puppet/external/nagios/makefile +9 -0
- data/lib/puppet/external/nagios/parser.rb +1 -1
- data/lib/puppet/feature/json.rb +2 -0
- data/lib/puppet/feature/rack.rb +24 -0
- data/lib/puppet/feature/rails.rb +23 -33
- data/lib/puppet/feature/rubygems.rb +6 -0
- data/lib/puppet/feature/stomp.rb +6 -0
- data/lib/puppet/file_serving/{file_base.rb → base.rb} +10 -9
- data/lib/puppet/file_serving/configuration.rb +61 -61
- data/lib/puppet/file_serving/configuration/parser.rb +24 -29
- data/lib/puppet/file_serving/content.rb +26 -11
- data/lib/puppet/file_serving/fileset.rb +54 -19
- data/lib/puppet/file_serving/indirection_hooks.rb +12 -24
- data/lib/puppet/file_serving/metadata.rb +8 -8
- data/lib/puppet/file_serving/mount.rb +9 -151
- data/lib/puppet/file_serving/mount/file.rb +126 -0
- data/lib/puppet/file_serving/mount/modules.rb +25 -0
- data/lib/puppet/file_serving/mount/plugins.rb +27 -0
- data/lib/puppet/file_serving/terminus_helper.rb +9 -4
- data/lib/puppet/indirector.rb +6 -4
- data/lib/puppet/indirector/active_record.rb +28 -0
- data/lib/puppet/indirector/catalog/active_record.rb +36 -0
- data/lib/puppet/indirector/catalog/compiler.rb +50 -24
- data/lib/puppet/indirector/catalog/queue.rb +5 -0
- data/lib/puppet/indirector/catalog/rest.rb +6 -0
- data/lib/puppet/indirector/catalog/yaml.rb +2 -4
- data/lib/puppet/indirector/certificate/ca.rb +9 -0
- data/lib/puppet/indirector/certificate/file.rb +9 -0
- data/lib/puppet/indirector/certificate/rest.rb +9 -0
- data/lib/puppet/indirector/certificate_request/ca.rb +14 -0
- data/lib/puppet/indirector/certificate_request/file.rb +8 -0
- data/lib/puppet/indirector/certificate_request/rest.rb +9 -0
- data/lib/puppet/indirector/certificate_revocation_list/ca.rb +8 -0
- data/lib/puppet/indirector/certificate_revocation_list/file.rb +8 -0
- data/lib/puppet/indirector/certificate_revocation_list/rest.rb +9 -0
- data/lib/puppet/indirector/direct_file_server.rb +4 -8
- data/lib/puppet/indirector/exec.rb +2 -6
- data/lib/puppet/indirector/facts/active_record.rb +36 -0
- data/lib/puppet/indirector/facts/facter.rb +30 -22
- data/lib/puppet/indirector/facts/rest.rb +6 -0
- data/lib/puppet/indirector/file.rb +1 -0
- data/lib/puppet/indirector/file_content/rest.rb +0 -1
- data/lib/puppet/indirector/file_metadata/file.rb +2 -2
- data/lib/puppet/indirector/file_metadata/rest.rb +0 -1
- data/lib/puppet/indirector/file_server.rb +31 -18
- data/lib/puppet/indirector/indirection.rb +46 -33
- data/lib/puppet/indirector/key/ca.rb +12 -0
- data/lib/puppet/indirector/key/file.rb +42 -0
- data/lib/puppet/indirector/node/active_record.rb +13 -0
- data/lib/puppet/indirector/node/ldap.rb +1 -1
- data/lib/puppet/indirector/queue.rb +83 -0
- data/lib/puppet/indirector/report/processor.rb +1 -1
- data/lib/puppet/indirector/report/rest.rb +7 -0
- data/lib/puppet/indirector/request.rb +158 -15
- data/lib/puppet/indirector/rest.rb +74 -36
- data/lib/puppet/indirector/runner/rest.rb +7 -0
- data/lib/puppet/indirector/ssl_file.rb +174 -0
- data/lib/puppet/indirector/terminus.rb +4 -4
- data/lib/puppet/indirector/yaml.rb +1 -1
- data/lib/puppet/metatype/manager.rb +3 -3
- data/lib/puppet/module.rb +99 -124
- data/lib/puppet/network/authconfig.rb +57 -42
- data/lib/puppet/network/authstore.rb +58 -10
- data/lib/puppet/network/client.rb +0 -2
- data/lib/puppet/network/client/ca.rb +1 -1
- data/lib/puppet/network/client/dipper.rb +7 -2
- data/lib/puppet/network/format.rb +123 -0
- data/lib/puppet/network/format_handler.rb +156 -0
- data/lib/puppet/network/formats.rb +123 -0
- data/lib/puppet/network/handler/filebucket.rb +1 -1
- data/lib/puppet/network/handler/fileserver.rb +43 -35
- data/lib/puppet/network/handler/master.rb +4 -4
- data/lib/puppet/network/handler/report.rb +1 -1
- data/lib/puppet/network/handler/resource.rb +16 -20
- data/lib/puppet/network/handler/runner.rb +9 -42
- data/lib/puppet/network/http.rb +4 -4
- data/lib/puppet/network/http/api.rb +4 -0
- data/lib/puppet/network/http/api/v1.rb +65 -0
- data/lib/puppet/network/http/handler.rb +163 -56
- data/lib/puppet/network/http/mongrel.rb +19 -15
- data/lib/puppet/network/http/mongrel/rest.rb +35 -17
- data/lib/puppet/network/http/rack.rb +62 -0
- data/lib/puppet/network/http/rack/httphandler.rb +34 -0
- data/lib/puppet/network/http/rack/rest.rb +79 -0
- data/lib/puppet/network/http/rack/xmlrpc.rb +65 -0
- data/lib/puppet/network/http/webrick.rb +89 -16
- data/lib/puppet/network/http/webrick/rest.rb +24 -11
- data/lib/puppet/network/http_pool.rb +28 -29
- data/lib/puppet/network/http_server/mongrel.rb +8 -10
- data/lib/puppet/network/http_server/webrick.rb +1 -3
- data/lib/puppet/network/rest_authconfig.rb +89 -0
- data/lib/puppet/network/rest_authorization.rb +25 -0
- data/lib/puppet/network/rights.rb +230 -27
- data/lib/puppet/network/server.rb +133 -31
- data/lib/puppet/network/xmlrpc/client.rb +5 -5
- data/lib/puppet/network/xmlrpc/webrick_servlet.rb +6 -6
- data/lib/puppet/node.rb +28 -21
- data/lib/puppet/node/environment.rb +48 -0
- data/lib/puppet/node/facts.rb +21 -0
- data/lib/puppet/parameter.rb +291 -219
- data/lib/puppet/parser/ast.rb +1 -0
- data/lib/puppet/parser/ast/astarray.rb +5 -1
- data/lib/puppet/parser/ast/boolean_operator.rb +3 -3
- data/lib/puppet/parser/ast/caseopt.rb +10 -0
- data/lib/puppet/parser/ast/casestatement.rb +12 -27
- data/lib/puppet/parser/ast/collection.rb +31 -0
- data/lib/puppet/parser/ast/collexpr.rb +18 -11
- data/lib/puppet/parser/ast/comparison_operator.rb +1 -1
- data/lib/puppet/parser/ast/definition.rb +6 -2
- data/lib/puppet/parser/ast/function.rb +7 -2
- data/lib/puppet/parser/ast/ifstatement.rb +11 -6
- data/lib/puppet/parser/ast/leaf.rb +106 -3
- data/lib/puppet/parser/ast/match_operator.rb +31 -0
- data/lib/puppet/parser/ast/node.rb +10 -6
- data/lib/puppet/parser/ast/resource_defaults.rb +2 -2
- data/lib/puppet/parser/ast/resource_override.rb +1 -1
- data/lib/puppet/parser/ast/resource_reference.rb +11 -3
- data/lib/puppet/parser/ast/selector.rb +14 -32
- data/lib/puppet/parser/ast/vardef.rb +1 -1
- data/lib/puppet/parser/collector.rb +67 -15
- data/lib/puppet/parser/compiler.rb +21 -53
- data/lib/puppet/parser/files.rb +92 -0
- data/lib/puppet/parser/functions.rb +3 -3
- data/lib/puppet/parser/functions/defined.rb +3 -3
- data/lib/puppet/parser/functions/fqdn_rand.rb +3 -3
- data/lib/puppet/parser/functions/inline_template.rb +4 -4
- data/lib/puppet/parser/functions/regsubst.rb +37 -35
- data/lib/puppet/parser/functions/require.rb +34 -0
- data/lib/puppet/parser/functions/shellquote.rb +41 -0
- data/lib/puppet/parser/functions/split.rb +29 -0
- data/lib/puppet/parser/functions/sprintf.rb +6 -6
- data/lib/puppet/parser/functions/template.rb +4 -4
- data/lib/puppet/parser/functions/versioncmp.rb +22 -1
- data/lib/puppet/parser/grammar.ra +812 -0
- data/lib/puppet/parser/interpreter.rb +4 -4
- data/lib/puppet/parser/lexer.rb +44 -15
- data/lib/puppet/parser/loaded_code.rb +115 -0
- data/lib/puppet/parser/makefile +8 -0
- data/lib/puppet/parser/parser.rb +1080 -928
- data/lib/puppet/parser/parser_support.rb +118 -96
- data/lib/puppet/parser/resource.rb +56 -126
- data/lib/puppet/parser/resource/param.rb +2 -76
- data/lib/puppet/parser/resource/reference.rb +15 -8
- data/lib/puppet/parser/scope.rb +68 -35
- data/lib/puppet/parser/templatewrapper.rb +8 -8
- data/lib/puppet/parser/yaml_trimmer.rb +11 -0
- data/lib/puppet/property.rb +69 -124
- data/lib/puppet/property/list.rb +3 -3
- data/lib/puppet/provider.rb +5 -5
- data/lib/puppet/provider/augeas/augeas.rb +119 -118
- data/lib/puppet/provider/computer/computer.rb +3 -3
- data/lib/puppet/provider/confine/variable.rb +1 -1
- data/lib/puppet/provider/cron/crontab.rb +8 -7
- data/lib/puppet/provider/group/directoryservice.rb +2 -2
- data/lib/puppet/provider/group/groupadd.rb +1 -1
- data/lib/puppet/provider/group/ldap.rb +3 -3
- data/lib/puppet/provider/group/pw.rb +1 -1
- data/lib/puppet/provider/host/parsed.rb +3 -3
- data/lib/puppet/provider/ldap.rb +1 -3
- data/lib/puppet/provider/macauthorization/macauthorization.rb +62 -55
- data/lib/puppet/provider/mailalias/aliases.rb +9 -1
- data/lib/puppet/provider/maillist/mailman.rb +8 -4
- data/lib/puppet/provider/mcx/mcxcontent.rb +11 -11
- data/lib/puppet/provider/mount/parsed.rb +2 -2
- data/lib/puppet/provider/nameservice.rb +6 -6
- data/lib/puppet/provider/nameservice/directoryservice.rb +83 -87
- data/lib/puppet/provider/package/appdmg.rb +10 -9
- data/lib/puppet/provider/package/apple.rb +1 -3
- data/lib/puppet/provider/package/apt.rb +5 -5
- data/lib/puppet/provider/package/aptitude.rb +1 -1
- data/lib/puppet/provider/package/aptrpm.rb +1 -1
- data/lib/puppet/provider/package/darwinport.rb +1 -1
- data/lib/puppet/provider/package/dpkg.rb +2 -2
- data/lib/puppet/provider/package/fink.rb +6 -6
- data/lib/puppet/provider/package/freebsd.rb +1 -1
- data/lib/puppet/provider/package/gem.rb +2 -2
- data/lib/puppet/provider/package/hpux.rb +5 -5
- data/lib/puppet/provider/package/pkgdmg.rb +30 -22
- data/lib/puppet/provider/package/portage.rb +1 -1
- data/lib/puppet/provider/package/ports.rb +1 -1
- data/lib/puppet/provider/package/rpm.rb +5 -5
- data/lib/puppet/provider/package/rug.rb +1 -1
- data/lib/puppet/provider/package/sun.rb +7 -7
- data/lib/puppet/provider/package/up2date.rb +1 -1
- data/lib/puppet/provider/package/yum.rb +2 -2
- data/lib/puppet/provider/package/yumhelper.py +2 -2
- data/lib/puppet/provider/port/parsed.rb +1 -1
- data/lib/puppet/provider/selmodule/semodule.rb +3 -3
- data/lib/puppet/provider/service/base.rb +21 -12
- data/lib/puppet/provider/service/daemontools.rb +86 -49
- data/lib/puppet/provider/service/debian.rb +20 -12
- data/lib/puppet/provider/service/freebsd.rb +5 -5
- data/lib/puppet/provider/service/gentoo.rb +2 -2
- data/lib/puppet/provider/service/init.rb +21 -33
- data/lib/puppet/provider/service/launchd.rb +120 -48
- data/lib/puppet/provider/service/redhat.rb +12 -21
- data/lib/puppet/provider/service/runit.rb +19 -9
- data/lib/puppet/provider/service/smf.rb +49 -34
- data/lib/puppet/provider/ssh_authorized_key/parsed.rb +34 -0
- data/lib/puppet/provider/sshkey/parsed.rb +2 -2
- data/lib/puppet/provider/user/directoryservice.rb +12 -29
- data/lib/puppet/provider/user/hpux.rb +3 -3
- data/lib/puppet/provider/user/ldap.rb +2 -2
- data/lib/puppet/provider/zfs/solaris.rb +1 -1
- data/lib/puppet/provider/zone/solaris.rb +4 -4
- data/lib/puppet/provider/zpool/solaris.rb +3 -3
- data/lib/puppet/rails.rb +9 -9
- data/lib/puppet/rails/benchmark.rb +69 -0
- data/lib/puppet/rails/database/001_add_created_at_to_all_tables.rb +5 -5
- data/lib/puppet/rails/database/002_remove_duplicated_index_on_all_tables.rb +2 -2
- data/lib/puppet/rails/database/003_add_environment_to_host.rb +1 -1
- data/lib/puppet/rails/database/schema.rb +8 -8
- data/lib/puppet/rails/fact_value.rb +1 -1
- data/lib/puppet/rails/host.rb +211 -93
- data/lib/puppet/rails/param_name.rb +5 -1
- data/lib/puppet/rails/param_value.rb +29 -2
- data/lib/puppet/rails/puppet_tag.rb +5 -0
- data/lib/puppet/rails/resource.rb +120 -20
- data/lib/puppet/rails/resource_tag.rb +1 -1
- data/lib/puppet/rails/source_file.rb +1 -1
- data/lib/puppet/reference/configuration.rb +14 -14
- data/lib/puppet/reference/function.rb +1 -1
- data/lib/puppet/reference/metaparameter.rb +48 -0
- data/lib/puppet/reference/providers.rb +6 -6
- data/lib/puppet/reference/type.rb +1 -37
- data/lib/puppet/relationship.rb +57 -30
- data/lib/puppet/reports/rrdgraph.rb +4 -4
- data/lib/puppet/reports/store.rb +3 -3
- data/lib/puppet/reports/tagmail.rb +15 -15
- data/lib/puppet/resource.rb +265 -0
- data/lib/puppet/{node → resource}/catalog.rb +188 -112
- data/lib/puppet/{resource_reference.rb → resource/reference.rb} +46 -24
- data/lib/puppet/simple_graph.rb +165 -27
- data/lib/puppet/ssl.rb +7 -0
- data/lib/puppet/ssl/base.rb +62 -0
- data/lib/puppet/ssl/certificate.rb +34 -0
- data/lib/puppet/ssl/certificate_authority.rb +298 -0
- data/lib/puppet/ssl/certificate_authority/interface.rb +118 -0
- data/lib/puppet/ssl/certificate_factory.rb +145 -0
- data/lib/puppet/ssl/certificate_request.rb +51 -0
- data/lib/puppet/ssl/certificate_revocation_list.rb +86 -0
- data/lib/puppet/ssl/host.rb +271 -0
- data/lib/puppet/ssl/inventory.rb +52 -0
- data/lib/puppet/ssl/key.rb +56 -0
- data/lib/puppet/sslcertificates.rb +6 -6
- data/lib/puppet/sslcertificates/ca.rb +15 -15
- data/lib/puppet/sslcertificates/certificate.rb +4 -4
- data/lib/puppet/sslcertificates/inventory.rb +3 -3
- data/lib/puppet/transaction.rb +113 -139
- data/lib/puppet/transaction/change.rb +6 -6
- data/lib/puppet/transaction/event.rb +1 -1
- data/lib/puppet/transaction/report.rb +7 -1
- data/lib/puppet/transportable.rb +28 -28
- data/lib/puppet/type.rb +263 -688
- data/lib/puppet/type/augeas.rb +3 -2
- data/lib/puppet/type/component.rb +28 -95
- data/lib/puppet/type/computer.rb +10 -10
- data/lib/puppet/type/cron.rb +19 -14
- data/lib/puppet/type/exec.rb +21 -20
- data/lib/puppet/type/file.rb +306 -633
- data/lib/puppet/type/file/checksum.rb +10 -11
- data/lib/puppet/type/file/content.rb +83 -22
- data/lib/puppet/type/file/ensure.rb +15 -9
- data/lib/puppet/type/file/group.rb +7 -1
- data/lib/puppet/type/file/mode.rb +1 -1
- data/lib/puppet/type/file/owner.rb +9 -3
- data/lib/puppet/type/file/selcontext.rb +4 -4
- data/lib/puppet/type/file/source.rb +78 -179
- data/lib/puppet/type/file/target.rb +3 -3
- data/lib/puppet/type/file/type.rb +2 -2
- data/lib/puppet/type/filebucket.rb +33 -54
- data/lib/puppet/type/group.rb +8 -8
- data/lib/puppet/type/host.rb +7 -7
- data/lib/puppet/type/k5login.rb +2 -2
- data/lib/puppet/type/macauthorization.rb +77 -52
- data/lib/puppet/type/mailalias.rb +2 -2
- data/lib/puppet/type/maillist.rb +2 -2
- data/lib/puppet/type/mcx.rb +3 -3
- data/lib/puppet/type/mount.rb +16 -11
- data/lib/puppet/type/notify.rb +4 -4
- data/lib/puppet/type/package.rb +6 -28
- data/lib/puppet/type/port.rb +1 -1
- data/lib/puppet/type/resources.rb +19 -19
- data/lib/puppet/type/schedule.rb +18 -20
- data/lib/puppet/type/selmodule.rb +1 -1
- data/lib/puppet/type/service.rb +11 -7
- data/lib/puppet/type/ssh_authorized_key.rb +26 -9
- data/lib/puppet/type/sshkey.rb +2 -2
- data/lib/puppet/type/tidy.rb +285 -289
- data/lib/puppet/type/user.rb +9 -7
- data/lib/puppet/type/yumrepo.rb +17 -16
- data/lib/puppet/type/zone.rb +8 -7
- data/lib/puppet/util.rb +11 -36
- data/lib/puppet/util/autoload.rb +31 -19
- data/lib/puppet/util/autoload/file_cache.rb +115 -0
- data/lib/puppet/util/backups.rb +86 -0
- data/lib/puppet/util/cacher.rb +135 -0
- data/lib/puppet/util/checksums.rb +11 -1
- data/lib/puppet/util/classgen.rb +1 -1
- data/lib/puppet/util/config_store.rb +2 -2
- data/lib/puppet/util/constant_inflector.rb +1 -1
- data/lib/puppet/util/diff.rb +2 -2
- data/lib/puppet/util/docs.rb +9 -3
- data/lib/puppet/util/execution.rb +1 -1
- data/lib/puppet/util/feature.rb +27 -20
- data/lib/puppet/util/fileparsing.rb +3 -3
- data/lib/puppet/util/filetype.rb +8 -6
- data/lib/puppet/util/graph.rb +5 -5
- data/lib/puppet/util/inifile.rb +5 -5
- data/lib/puppet/util/json.rb +13 -0
- data/lib/puppet/util/ldap/connection.rb +2 -2
- data/lib/puppet/util/log.rb +48 -31
- data/lib/puppet/util/metric.rb +4 -4
- data/lib/puppet/util/monkey_patches.rb +43 -0
- data/lib/puppet/util/nagios_maker.rb +1 -1
- data/lib/puppet/util/package.rb +4 -4
- data/lib/puppet/util/pidlock.rb +59 -59
- data/lib/puppet/util/posix.rb +13 -52
- data/lib/puppet/util/provider_features.rb +3 -3
- data/lib/puppet/util/queue.rb +96 -0
- data/lib/puppet/util/queue/stomp.rb +47 -0
- data/lib/puppet/util/rails/cache_accumulator.rb +65 -0
- data/lib/puppet/util/rails/collection_merger.rb +0 -39
- data/lib/puppet/util/rails/reference_serializer.rb +17 -3
- data/lib/puppet/util/rdoc.rb +1 -0
- data/lib/puppet/util/rdoc/code_objects.rb +5 -1
- data/lib/puppet/util/rdoc/generators/puppet_generator.rb +5 -5
- data/lib/puppet/util/rdoc/generators/template/puppet/puppet.rb +13 -13
- data/lib/puppet/util/rdoc/parser.rb +28 -32
- data/lib/puppet/util/reference.rb +29 -8
- data/lib/puppet/util/resource_template.rb +1 -1
- data/lib/puppet/util/selinux.rb +12 -6
- data/lib/puppet/util/settings.rb +203 -578
- data/lib/puppet/util/settings/boolean_setting.rb +33 -0
- data/lib/puppet/util/settings/file_setting.rb +119 -0
- data/lib/puppet/util/settings/setting.rb +110 -0
- data/lib/puppet/util/subclass_loader.rb +1 -1
- data/lib/puppet/util/suidmanager.rb +2 -2
- data/lib/puppet/util/tagging.rb +1 -1
- data/lib/puppet/util/warnings.rb +17 -9
- data/man/man8/filebucket.8 +2 -2
- data/man/man8/pi.8 +2 -2
- data/man/man8/puppet.8 +3 -4
- data/man/man8/puppet.conf.8 +63 -63
- data/man/man8/puppetca.8 +2 -2
- data/man/man8/puppetd.8 +2 -2
- data/man/man8/puppetdoc.8 +2 -2
- data/man/man8/puppetmasterd.8 +2 -2
- data/man/man8/puppetrun.8 +2 -2
- data/man/man8/ralsh.8 +3 -3
- data/sbin/puppetca +102 -0
- data/sbin/puppetd +159 -0
- data/sbin/puppetmasterd +66 -0
- data/sbin/puppetqd +53 -0
- data/sbin/puppetrun +130 -0
- data/spec/Rakefile +2 -2
- data/spec/integration/application/puppet.rb +33 -0
- data/spec/integration/bin/puppetmasterd.rb +110 -0
- data/spec/integration/configurer.rb +18 -0
- data/spec/integration/defaults.rb +158 -7
- data/spec/integration/file_serving/content.rb +2 -0
- data/spec/integration/file_serving/fileset.rb +14 -0
- data/spec/integration/file_serving/metadata.rb +2 -0
- data/spec/integration/file_serving/terminus_helper.rb +22 -0
- data/spec/integration/indirector/catalog/compiler.rb +67 -0
- data/spec/integration/indirector/catalog/queue.rb +61 -0
- data/spec/integration/indirector/certificate/rest.rb +69 -0
- data/spec/integration/indirector/certificate_request/rest.rb +89 -0
- data/spec/integration/indirector/certificate_revocation_list/rest.rb +77 -0
- data/spec/integration/indirector/direct_file_server.rb +16 -23
- data/spec/integration/indirector/file_content/file_server.rb +75 -0
- data/spec/integration/indirector/report/rest.rb +95 -0
- data/spec/integration/indirector/rest.rb +207 -147
- data/spec/integration/network/client.rb +19 -0
- data/spec/integration/network/formats.rb +110 -0
- data/spec/integration/network/handler.rb +25 -0
- data/spec/integration/network/server/mongrel.rb +26 -8
- data/spec/integration/network/server/webrick.rb +49 -11
- data/spec/integration/node/environment.rb +58 -0
- data/spec/integration/node/facts.rb +4 -2
- data/spec/integration/parser/compiler.rb +29 -0
- data/spec/integration/parser/functions/require.rb +67 -0
- data/spec/integration/provider/mailalias/aliases.rb +25 -0
- data/spec/integration/{node → resource}/catalog.rb +17 -10
- data/spec/integration/ssl/certificate_authority.rb +135 -0
- data/spec/integration/ssl/certificate_request.rb +59 -0
- data/spec/integration/ssl/certificate_revocation_list.rb +42 -0
- data/spec/integration/ssl/host.rb +90 -0
- data/spec/integration/transaction.rb +66 -0
- data/spec/integration/transaction/report.rb +2 -5
- data/spec/integration/type.rb +22 -0
- data/spec/integration/type/file.rb +458 -0
- data/spec/integration/type/package.rb +1 -1
- data/spec/integration/type/tidy.rb +27 -0
- data/spec/integration/util/autoload.rb +114 -0
- data/spec/integration/util/feature.rb +54 -0
- data/spec/integration/util/file_locking.rb +2 -1
- data/spec/integration/util/settings.rb +27 -0
- data/spec/lib/puppet_spec/files.rb +9 -0
- data/spec/monkey_patches/add_confine_and_runnable_to_rspec_dsl.rb +1 -0
- data/spec/monkey_patches/alias_should_to_must.rb +1 -0
- data/spec/shared_behaviours/file_server_terminus.rb +14 -11
- data/spec/shared_behaviours/file_serving.rb +13 -17
- data/spec/spec_helper.rb +22 -5
- data/spec/unit/agent.rb +259 -0
- data/spec/unit/agent/locker.rb +100 -0
- data/spec/unit/agent/runner.rb +118 -0
- data/spec/unit/application.rb +420 -0
- data/spec/unit/application/filebucket.rb +220 -0
- data/spec/unit/application/pi.rb +84 -0
- data/spec/unit/application/puppet.rb +404 -0
- data/spec/unit/application/puppetca.rb +142 -0
- data/spec/unit/application/puppetd.rb +502 -0
- data/spec/unit/application/puppetdoc.rb +345 -0
- data/spec/unit/application/puppetmasterd.rb +456 -0
- data/spec/unit/application/puppetqd.rb +186 -0
- data/spec/unit/application/puppetrun.rb +279 -0
- data/spec/unit/application/ralsh.rb +237 -0
- data/spec/unit/configurer.rb +232 -0
- data/spec/unit/configurer/downloader.rb +188 -0
- data/spec/unit/configurer/fact_handler.rb +150 -0
- data/spec/unit/configurer/plugin_handler.rb +112 -0
- data/spec/unit/daemon.rb +287 -0
- data/spec/unit/file_serving/{file_base.rb → base.rb} +39 -31
- data/spec/unit/file_serving/configuration.rb +104 -93
- data/spec/unit/file_serving/configuration/parser.rb +64 -18
- data/spec/unit/file_serving/content.rb +65 -26
- data/spec/unit/file_serving/fileset.rb +116 -14
- data/spec/unit/file_serving/indirection_hooks.rb +34 -95
- data/spec/unit/file_serving/metadata.rb +27 -40
- data/spec/unit/file_serving/mount.rb +7 -118
- data/spec/unit/file_serving/mount/file.rb +188 -0
- data/spec/unit/file_serving/mount/modules.rb +63 -0
- data/spec/unit/file_serving/mount/plugins.rb +61 -0
- data/spec/unit/file_serving/terminus_helper.rb +39 -27
- data/spec/unit/indirector.rb +6 -1
- data/spec/unit/indirector/active_record.rb +76 -0
- data/spec/unit/indirector/catalog/active_record.rb +122 -0
- data/spec/unit/indirector/catalog/compiler.rb +222 -118
- data/spec/unit/indirector/catalog/queue.rb +20 -0
- data/spec/unit/indirector/catalog/rest.rb +11 -0
- data/spec/unit/indirector/catalog/yaml.rb +6 -6
- data/spec/unit/indirector/certificate/ca.rb +28 -0
- data/spec/unit/indirector/certificate/file.rb +28 -0
- data/spec/unit/indirector/certificate/rest.rb +23 -0
- data/spec/unit/indirector/certificate_request/ca.rb +19 -0
- data/spec/unit/indirector/certificate_request/file.rb +19 -0
- data/spec/unit/indirector/certificate_request/rest.rb +23 -0
- data/spec/unit/indirector/certificate_revocation_list/ca.rb +21 -0
- data/spec/unit/indirector/certificate_revocation_list/file.rb +20 -0
- data/spec/unit/indirector/certificate_revocation_list/rest.rb +23 -0
- data/spec/unit/indirector/direct_file_server.rb +3 -8
- data/spec/unit/indirector/exec.rb +6 -1
- data/spec/unit/indirector/facts/active_record.rb +104 -0
- data/spec/unit/indirector/facts/facter.rb +53 -12
- data/spec/unit/indirector/facts/rest.rb +11 -0
- data/spec/unit/indirector/file.rb +8 -1
- data/spec/unit/indirector/file_metadata/file.rb +5 -5
- data/spec/unit/indirector/file_server.rb +181 -98
- data/spec/unit/indirector/indirection.rb +102 -38
- data/spec/unit/indirector/key/ca.rb +28 -0
- data/spec/unit/indirector/key/file.rb +104 -0
- data/spec/unit/indirector/node/active_record.rb +34 -0
- data/spec/unit/indirector/node/ldap.rb +1 -1
- data/spec/unit/indirector/node/rest.rb +2 -2
- data/spec/unit/indirector/queue.rb +123 -0
- data/spec/unit/indirector/report/rest.rb +28 -0
- data/spec/unit/indirector/request.rb +221 -0
- data/spec/unit/indirector/rest.rb +343 -334
- data/spec/unit/indirector/runner/rest.rb +11 -0
- data/spec/unit/indirector/ssl_file.rb +280 -0
- data/spec/unit/module.rb +180 -180
- data/spec/unit/network/authconfig.rb +292 -0
- data/spec/unit/network/authstore.rb +94 -0
- data/spec/unit/network/client.rb +2 -2
- data/spec/unit/network/client/dipper.rb +16 -0
- data/spec/unit/network/format.rb +191 -0
- data/spec/unit/network/format_handler.rb +306 -0
- data/spec/unit/network/formats.rb +249 -0
- data/spec/unit/network/handler/fileserver.rb +2 -5
- data/spec/unit/network/http.rb +3 -3
- data/spec/unit/network/http/api/v1.rb +122 -0
- data/spec/unit/network/http/handler.rb +448 -0
- data/spec/unit/network/http/mongrel.rb +46 -32
- data/spec/unit/network/http/mongrel/rest.rb +174 -319
- data/spec/unit/network/http/rack.rb +102 -0
- data/spec/unit/network/http/rack/rest.rb +199 -0
- data/spec/unit/network/http/rack/xmlrpc.rb +157 -0
- data/spec/unit/network/http/webrick.rb +249 -37
- data/spec/unit/network/http/webrick/rest.rb +113 -279
- data/spec/unit/network/http_pool.rb +86 -110
- data/spec/unit/network/rest_authconfig.rb +146 -0
- data/spec/unit/network/rest_authorization.rb +43 -0
- data/spec/unit/network/rights.rb +519 -0
- data/spec/unit/network/server.rb +475 -257
- data/spec/unit/node.rb +43 -10
- data/spec/unit/node/environment.rb +143 -9
- data/spec/unit/node/facts.rb +77 -24
- data/spec/unit/other/selinux.rb +85 -0
- data/spec/unit/other/transbucket.rb +29 -13
- data/spec/unit/other/transobject.rb +35 -15
- data/spec/unit/parameter.rb +378 -5
- data/spec/unit/parser/ast.rb +1 -1
- data/spec/unit/parser/ast/arithmetic_operator.rb +17 -17
- data/spec/unit/parser/ast/astarray.rb +16 -10
- data/spec/unit/parser/ast/boolean_operator.rb +2 -2
- data/spec/unit/parser/ast/casestatement.rb +143 -0
- data/spec/unit/parser/ast/collection.rb +63 -0
- data/spec/unit/parser/ast/collexpr.rb +31 -8
- data/spec/unit/parser/ast/comparison_operator.rb +9 -9
- data/spec/unit/parser/ast/definition.rb +18 -0
- data/spec/unit/parser/ast/function.rb +6 -0
- data/spec/unit/parser/ast/ifstatement.rb +75 -0
- data/spec/unit/parser/ast/leaf.rb +261 -0
- data/spec/unit/parser/ast/match_operator.rb +50 -0
- data/spec/unit/parser/ast/minus.rb +1 -1
- data/spec/unit/parser/ast/node.rb +20 -0
- data/spec/unit/parser/ast/not.rb +1 -1
- data/spec/unit/parser/ast/resource_override.rb +5 -5
- data/spec/unit/parser/ast/resource_reference.rb +11 -5
- data/spec/unit/parser/ast/selector.rb +156 -0
- data/spec/unit/parser/ast/vardef.rb +11 -11
- data/spec/unit/parser/collector.rb +167 -48
- data/spec/unit/parser/compiler.rb +128 -104
- data/spec/unit/parser/files.rb +190 -0
- data/spec/unit/parser/functions/inline_template.rb +0 -0
- data/spec/unit/parser/functions/regsubst.rb +42 -42
- data/spec/unit/parser/functions/require.rb +36 -0
- data/spec/unit/parser/functions/shellquote.rb +92 -0
- data/spec/unit/parser/functions/split.rb +51 -0
- data/spec/unit/parser/functions/sprintf.rb +11 -11
- data/spec/unit/parser/functions/template.rb +0 -0
- data/spec/unit/parser/functions/versioncmp.rb +2 -2
- data/spec/unit/parser/interpreter.rb +16 -7
- data/spec/unit/parser/lexer.rb +72 -12
- data/spec/unit/parser/loaded_code.rb +198 -0
- data/spec/unit/parser/parser.rb +215 -28
- data/spec/unit/parser/resource.rb +131 -22
- data/spec/unit/parser/scope.rb +207 -12
- data/spec/unit/parser/templatewrapper.rb +8 -3
- data/spec/unit/property.rb +270 -16
- data/spec/unit/property/list.rb +12 -6
- data/spec/unit/provider.rb +31 -0
- data/spec/unit/provider/augeas/augeas.rb +61 -33
- data/spec/unit/provider/macauthorization.rb +29 -29
- data/spec/unit/provider/mcx/mcxcontent.rb +4 -4
- data/spec/unit/provider/mount/parsed.rb +5 -8
- data/spec/unit/provider/naginator.rb +0 -0
- data/spec/unit/provider/package/apt.rb +6 -6
- data/spec/unit/provider/package/pkgdmg.rb +73 -0
- data/spec/unit/provider/selboolean.rb +1 -1
- data/spec/unit/provider/selmodule.rb +2 -2
- data/spec/unit/provider/service/daemontools.rb +40 -15
- data/spec/unit/provider/service/debian.rb +89 -0
- data/spec/unit/provider/service/init.rb +106 -0
- data/spec/unit/provider/service/launchd.rb +71 -13
- data/spec/unit/provider/service/redhat.rb +94 -0
- data/spec/unit/provider/service/runit.rb +14 -2
- data/spec/unit/provider/ssh_authorized_key/parsed.rb +66 -2
- data/spec/unit/provider/user/ldap.rb +1 -1
- data/spec/unit/provider/user/user_role_add.rb +1 -1
- data/spec/unit/provider/zfs/solaris.rb +18 -6
- data/spec/unit/provider/zone/solaris.rb +1 -1
- data/spec/unit/rails.rb +16 -22
- data/spec/unit/rails/host.rb +163 -0
- data/spec/unit/rails/param_value.rb +49 -0
- data/spec/unit/rails/resource.rb +87 -0
- data/spec/unit/relationship.rb +141 -29
- data/spec/unit/resource.rb +504 -0
- data/spec/unit/resource/catalog.rb +1061 -0
- data/spec/unit/resource/reference.rb +111 -0
- data/spec/unit/simple_graph.rb +448 -191
- data/spec/unit/ssl/certificate.rb +124 -0
- data/spec/unit/ssl/certificate_authority.rb +741 -0
- data/spec/unit/ssl/certificate_authority/interface.rb +269 -0
- data/spec/unit/ssl/certificate_factory.rb +107 -0
- data/spec/unit/ssl/certificate_request.rb +193 -0
- data/spec/unit/ssl/certificate_revocation_list.rb +180 -0
- data/spec/unit/ssl/host.rb +704 -0
- data/spec/unit/ssl/inventory.rb +180 -0
- data/spec/unit/ssl/key.rb +198 -0
- data/spec/unit/transaction.rb +65 -2
- data/spec/unit/transaction/change.rb +1 -1
- data/spec/unit/transaction/report.rb +1 -1
- data/spec/unit/type.rb +361 -8
- data/spec/unit/type/augeas.rb +30 -37
- data/spec/unit/type/component.rb +63 -0
- data/spec/unit/type/computer.rb +17 -21
- data/spec/unit/type/exec.rb +27 -2
- data/spec/unit/type/file.rb +704 -83
- data/spec/unit/type/file/content.rb +253 -15
- data/spec/unit/type/file/ensure.rb +65 -2
- data/spec/unit/type/file/group.rb +5 -0
- data/spec/unit/type/file/owner.rb +5 -0
- data/spec/unit/type/file/selinux.rb +12 -16
- data/spec/unit/type/file/source.rb +264 -0
- data/spec/unit/type/filebucket.rb +74 -0
- data/spec/unit/type/group.rb +1 -5
- data/spec/unit/type/macauthorization.rb +59 -26
- data/spec/unit/type/mcx.rb +8 -16
- data/spec/unit/type/mount.rb +8 -16
- data/spec/unit/type/noop_metaparam.rb +0 -2
- data/spec/unit/type/package.rb +13 -23
- data/spec/unit/type/resources.rb +4 -7
- data/spec/unit/type/schedule.rb +1 -7
- data/spec/unit/type/selboolean.rb +4 -6
- data/spec/unit/type/service.rb +23 -33
- data/spec/unit/type/ssh_authorized_key.rb +25 -14
- data/spec/unit/type/tidy.rb +329 -21
- data/spec/unit/type/user.rb +18 -10
- data/spec/unit/type/zfs.rb +6 -6
- data/spec/unit/util/autoload.rb +94 -3
- data/spec/unit/util/autoload/file_cache.rb +183 -0
- data/spec/unit/util/backups.rb +159 -0
- data/spec/unit/util/cache_accumulator.rb +69 -0
- data/spec/unit/util/cacher.rb +185 -0
- data/spec/unit/util/checksums.rb +9 -1
- data/spec/unit/util/feature.rb +72 -0
- data/spec/unit/util/filetype.rb +1 -11
- data/spec/unit/util/json.rb +21 -0
- data/spec/unit/util/log.rb +45 -0
- data/spec/unit/util/package.rb +2 -2
- data/spec/unit/util/queue.rb +88 -0
- data/spec/unit/util/queue/stomp.rb +140 -0
- data/spec/unit/util/reference_serializer.rb +52 -0
- data/spec/unit/util/selinux.rb +5 -3
- data/spec/unit/util/settings.rb +413 -264
- data/spec/unit/util/settings/file_setting.rb +223 -0
- data/spec/unit/util/storage.rb +11 -11
- data/spec/unit/util/warnings.rb +21 -17
- data/test/Rakefile +6 -5
- data/test/certmgr/ca.rb +5 -5
- data/test/certmgr/certmgr.rb +4 -4
- data/test/data/providers/cron/crontab.allthree +2 -2
- data/test/data/providers/cron/crontab.envNcomment +1 -1
- data/test/data/providers/cron/crontab.envNname +1 -1
- data/test/data/providers/cron/crontab.multirecords +1 -1
- data/test/data/providers/cron/crontab_collections.yaml +14 -14
- data/test/data/providers/cron/crontab_multiple_with_env.yaml +6 -6
- data/test/data/providers/cron/crontab_sample_records.yaml +102 -102
- data/test/data/providers/mailalias/aliases/test1 +28 -0
- data/test/data/providers/package/testpackages.yaml +6 -6
- data/test/data/reports/1.yaml +17 -17
- data/test/data/reports/tagmail_passers.conf +2 -2
- data/test/data/snippets/append.pp +5 -5
- data/test/data/snippets/casestatement.pp +9 -2
- data/test/data/snippets/classincludes.pp +1 -1
- data/test/data/snippets/collection_override.pp +8 -0
- data/test/data/snippets/fqparents.pp +2 -2
- data/test/data/snippets/ifexpression.pp +12 -0
- data/test/data/snippets/multilinecomments.pp +5 -1
- data/test/data/snippets/selectorvalues.pp +7 -0
- data/test/data/types/hosts/1 +1 -1
- data/test/data/types/hosts/2 +3 -3
- data/test/data/types/hosts/solaris +2 -2
- data/test/data/types/mount/freebsd.fstab +7 -7
- data/test/data/types/mount/solaris.fstab +10 -10
- data/test/data/types/port/1 +472 -472
- data/test/data/types/port/darwin +4347 -4347
- data/test/language/ast.rb +3 -2
- data/test/language/ast/casestatement.rb +12 -12
- data/test/language/ast/resource.rb +4 -4
- data/test/language/ast/resource_reference.rb +5 -5
- data/test/language/ast/selector.rb +11 -11
- data/test/language/ast/variable.rb +4 -4
- data/test/language/functions.rb +16 -16
- data/test/language/parser.rb +89 -111
- data/test/language/resource.rb +3 -88
- data/test/language/scope.rb +14 -55
- data/test/language/snippets.rb +31 -31
- data/test/lib/puppettest.rb +12 -12
- data/test/lib/puppettest/certificates.rb +2 -2
- data/test/lib/puppettest/exetest.rb +0 -1
- data/test/lib/puppettest/fakes.rb +1 -1
- data/test/lib/puppettest/parsertesting.rb +9 -4
- data/test/lib/puppettest/railstesting.rb +3 -3
- data/test/lib/puppettest/servertest.rb +1 -1
- data/test/lib/puppettest/support/assertions.rb +2 -2
- data/test/lib/puppettest/support/collection.rb +1 -1
- data/test/lib/puppettest/support/resources.rb +7 -7
- data/test/lib/puppettest/support/utils.rb +10 -16
- data/test/lib/puppettest/testcase.rb +2 -1
- data/test/network/authconfig.rb +1 -1
- data/test/network/authorization.rb +1 -1
- data/test/network/authstore.rb +57 -14
- data/test/network/client/ca.rb +1 -0
- data/test/network/client/resource.rb +12 -50
- data/test/network/client_request.rb +1 -1
- data/test/network/handler/bucket.rb +2 -2
- data/test/network/handler/fileserver.rb +17 -21
- data/test/network/handler/master.rb +5 -5
- data/test/network/handler/report.rb +3 -3
- data/test/network/handler/resource.rb +29 -75
- data/test/network/handler/runner.rb +8 -58
- data/test/network/rights.rb +1 -1
- data/test/network/server/mongrel_test.rb +15 -1
- data/test/network/server/webrick.rb +0 -36
- data/test/network/xmlrpc/webrick_servlet.rb +5 -5
- data/test/other/dsl.rb +3 -3
- data/test/other/events.rb +15 -15
- data/test/other/puppet.rb +2 -32
- data/test/other/relationships.rb +21 -148
- data/test/other/report.rb +20 -23
- data/test/other/transactions.rb +110 -298
- data/test/puppet/defaults.rb +1 -1
- data/test/puppet/tc_suidmanager.rb +1 -1
- data/test/rails/railsparameter.rb +4 -4
- data/test/ral/manager/attributes.rb +12 -68
- data/test/ral/manager/instances.rb +3 -19
- data/test/ral/manager/manager.rb +7 -7
- data/test/ral/manager/provider.rb +7 -7
- data/test/ral/manager/type.rb +54 -349
- data/test/ral/providers/cron/crontab.rb +14 -14
- data/test/ral/providers/group.rb +5 -6
- data/test/ral/providers/host/parsed.rb +3 -3
- data/test/ral/providers/mailalias/aliases.rb +4 -4
- data/test/ral/providers/package.rb +3 -3
- data/test/ral/providers/package/aptitude.rb +55 -55
- data/test/ral/providers/package/aptrpm.rb +7 -7
- data/test/ral/providers/parsedfile.rb +10 -14
- data/test/ral/providers/port/parsed.rb +6 -6
- data/test/ral/providers/provider.rb +10 -10
- data/test/ral/providers/service/base.rb +32 -32
- data/test/ral/providers/sshkey/parsed.rb +14 -14
- data/test/ral/providers/user.rb +16 -17
- data/test/ral/providers/user/useradd.rb +19 -22
- data/test/ral/type/cron.rb +21 -28
- data/test/ral/type/exec.rb +57 -60
- data/test/ral/type/file.rb +88 -862
- data/test/ral/type/file/target.rb +21 -70
- data/test/ral/type/fileignoresource.rb +37 -44
- data/test/ral/type/filesources.rb +43 -473
- data/test/ral/type/group.rb +6 -7
- data/test/ral/type/host.rb +14 -30
- data/test/ral/type/mailalias.rb +3 -3
- data/test/ral/type/port.rb +5 -5
- data/test/ral/type/resources.rb +37 -37
- data/test/ral/type/service.rb +3 -3
- data/test/ral/type/sshkey.rb +34 -39
- data/test/ral/type/user.rb +15 -14
- data/test/ral/type/yumrepo.rb +18 -17
- data/test/ral/type/zone.rb +4 -6
- data/test/test +9 -9
- data/test/util/fileparsing.rb +10 -10
- data/test/util/inifile.rb +6 -6
- data/test/util/instance_loader.rb +1 -1
- data/test/util/log.rb +2 -2
- data/test/util/metrics.rb +1 -6
- data/test/util/package.rb +1 -1
- data/test/util/pidlock.rb +116 -116
- data/test/util/settings.rb +40 -429
- data/test/util/storage.rb +5 -5
- data/test/util/subclass_loader.rb +0 -7
- data/test/util/utiltest.rb +10 -29
- metadata +1369 -941
- data/bin/puppetca +0 -363
- data/bin/puppetd +0 -439
- data/bin/puppetmasterd +0 -289
- data/bin/puppetrun +0 -369
- data/conf/redhat/lsb-config.patch +0 -51
- data/conf/redhat/no-chuser-0.15.1.patch +0 -38
- data/conf/redhat/no-lockdir.patch +0 -13
- data/examples/mac_netinfo.pp +0 -5
- data/ext/passenger/README +0 -63
- data/ext/passenger/apache2.conf +0 -29
- data/ext/passenger/config.ru +0 -40
- data/lib/puppet/config_stores/rest.rb +0 -60
- data/lib/puppet/executables/client/certhandler.rb +0 -82
- data/lib/puppet/indirector/file_content/modules.rb +0 -11
- data/lib/puppet/indirector/file_metadata/modules.rb +0 -17
- data/lib/puppet/indirector/module_files.rb +0 -82
- data/lib/puppet/indirector/ssl_rsa.rb +0 -5
- data/lib/puppet/indirector/ssl_rsa/file.rb +0 -33
- data/lib/puppet/network/client/master.rb +0 -524
- data/lib/puppet/network/http_server/rack.rb +0 -148
- data/lib/puppet/pgraph.rb +0 -121
- data/lib/puppet/provider/group/netinfo.rb +0 -15
- data/lib/puppet/provider/host/netinfo.rb +0 -19
- data/lib/puppet/provider/mount/netinfo.rb +0 -37
- data/lib/puppet/provider/nameservice/netinfo.rb +0 -224
- data/lib/puppet/provider/user/netinfo.rb +0 -111
- data/lib/puppet/util/fact_store.rb +0 -59
- data/lib/puppet/util/uri_helper.rb +0 -22
- data/spec/integration/file_serving/configuration.rb +0 -43
- data/spec/integration/indirector/module_files.rb +0 -57
- data/spec/unit/executables/client/certhandler.rb +0 -135
- data/spec/unit/indirector/file_content/modules.rb +0 -18
- data/spec/unit/indirector/file_metadata/modules.rb +0 -42
- data/spec/unit/indirector/module_files.rb +0 -259
- data/spec/unit/indirector/ssl_rsa/file.rb +0 -121
- data/spec/unit/network/client/master.rb +0 -442
- data/spec/unit/node/catalog.rb +0 -865
- data/spec/unit/other/pgraph.rb +0 -210
- data/spec/unit/resource_reference.rb +0 -73
- data/spec/unit/util/uri_helper.rb +0 -41
- data/test/data/snippets/ifexpression.rb +0 -6
- data/test/executables/filebucket.rb +0 -51
- data/test/executables/puppetbin.rb +0 -104
- data/test/executables/puppetca.rb +0 -115
- data/test/executables/puppetd.rb +0 -55
- data/test/executables/puppetmasterd.rb +0 -147
- data/test/network/client/client.rb +0 -195
- data/test/network/client/master.rb +0 -490
- data/test/network/daemon.rb +0 -70
- data/test/network/handler/handler.rb +0 -63
- data/test/other/overrides.rb +0 -107
- data/test/puppet/conffiles.rb +0 -107
- data/test/rails/ast.rb +0 -73
- data/test/rails/configuration.rb +0 -71
- data/test/rails/host.rb +0 -154
- data/test/rails/railsresource.rb +0 -251
- data/test/ral/providers/host/netinfo.rb +0 -56
- data/test/ral/providers/mount/netinfo.rb +0 -79
- data/test/ral/type/basic.rb +0 -85
- data/test/ral/type/filebucket.rb +0 -157
- data/test/ral/type/parameter.rb +0 -174
- data/test/ral/type/property.rb +0 -388
- data/test/ral/type/tidy.rb +0 -291
- data/test/util/autoload.rb +0 -145
- data/test/util/features.rb +0 -95
@@ -1,4 +1,5 @@
|
|
1
1
|
require 'puppet/network/http/handler'
|
2
|
+
require 'resolv'
|
2
3
|
|
3
4
|
class Puppet::Network::HTTP::WEBrickREST < WEBrick::HTTPServlet::AbstractServlet
|
4
5
|
|
@@ -10,9 +11,10 @@ class Puppet::Network::HTTP::WEBrickREST < WEBrick::HTTPServlet::AbstractServlet
|
|
10
11
|
initialize_for_puppet(:server => server, :handler => handler)
|
11
12
|
end
|
12
13
|
|
13
|
-
#
|
14
|
+
# Retrieve the request parameters, including authentication information.
|
14
15
|
def params(request)
|
15
16
|
result = request.query
|
17
|
+
result = decode_params(result)
|
16
18
|
result.merge(client_information(request))
|
17
19
|
end
|
18
20
|
|
@@ -21,29 +23,38 @@ class Puppet::Network::HTTP::WEBrickREST < WEBrick::HTTPServlet::AbstractServlet
|
|
21
23
|
process(request, response)
|
22
24
|
end
|
23
25
|
|
24
|
-
|
26
|
+
def accept_header(request)
|
27
|
+
request["accept"]
|
28
|
+
end
|
29
|
+
|
30
|
+
def content_type_header(request)
|
31
|
+
request["content-type"]
|
32
|
+
end
|
25
33
|
|
26
34
|
def http_method(request)
|
27
35
|
request.request_method
|
28
36
|
end
|
29
37
|
|
30
38
|
def path(request)
|
31
|
-
|
32
|
-
x = '/' + request.path.split('/')[1]
|
33
|
-
end
|
34
|
-
|
35
|
-
def request_key(request)
|
36
|
-
# LAK:NOTE See http://snurl.com/21zf8 [groups_google_com]
|
37
|
-
x = request.path.split('/')[2]
|
39
|
+
request.path
|
38
40
|
end
|
39
41
|
|
40
42
|
def body(request)
|
41
43
|
request.body
|
42
44
|
end
|
43
45
|
|
44
|
-
|
46
|
+
# Set the specified format as the content type of the response.
|
47
|
+
def set_content_type(response, format)
|
48
|
+
response["content-type"] = format_to_mime(format)
|
49
|
+
end
|
50
|
+
|
51
|
+
def set_response(response, result, status = 200)
|
45
52
|
response.status = status
|
46
|
-
|
53
|
+
if status >= 200 and status < 300
|
54
|
+
response.body = result
|
55
|
+
else
|
56
|
+
response.reason_phrase = result
|
57
|
+
end
|
47
58
|
end
|
48
59
|
|
49
60
|
# Retrieve node/cert/ip information from the request object.
|
@@ -60,6 +71,8 @@ class Puppet::Network::HTTP::WEBrickREST < WEBrick::HTTPServlet::AbstractServlet
|
|
60
71
|
if cert = request.client_cert and nameary = cert.subject.to_a.find { |ary| ary[0] == "CN" }
|
61
72
|
result[:node] = nameary[1]
|
62
73
|
result[:authenticated] = true
|
74
|
+
else
|
75
|
+
result[:node] = resolve_node(result)
|
63
76
|
end
|
64
77
|
|
65
78
|
result
|
@@ -1,11 +1,24 @@
|
|
1
|
-
require 'puppet/
|
1
|
+
require 'puppet/ssl/host'
|
2
2
|
require 'net/https'
|
3
|
+
require 'puppet/util/cacher'
|
3
4
|
|
4
|
-
module Puppet::Network
|
5
|
-
end
|
5
|
+
module Puppet::Network; end
|
6
6
|
|
7
7
|
# Manage Net::HTTP instances for keep-alive.
|
8
8
|
module Puppet::Network::HttpPool
|
9
|
+
class << self
|
10
|
+
include Puppet::Util::Cacher
|
11
|
+
|
12
|
+
private
|
13
|
+
|
14
|
+
cached_attr(:http_cache) { Hash.new }
|
15
|
+
end
|
16
|
+
|
17
|
+
# Use the global localhost instance.
|
18
|
+
def self.ssl_host
|
19
|
+
Puppet::SSL::Host.localhost
|
20
|
+
end
|
21
|
+
|
9
22
|
# 2008/03/23
|
10
23
|
# LAK:WARNING: Enabling this has a high propability of
|
11
24
|
# causing corrupt files and who knows what else. See #1010.
|
@@ -15,18 +28,12 @@ module Puppet::Network::HttpPool
|
|
15
28
|
HTTP_KEEP_ALIVE
|
16
29
|
end
|
17
30
|
|
18
|
-
# This handles reading in the key and such-like.
|
19
|
-
extend Puppet::SSLCertificates::Support
|
20
|
-
@http_cache = {}
|
21
|
-
|
22
31
|
# Clear our http cache, closing all connections.
|
23
32
|
def self.clear_http_instances
|
24
|
-
|
33
|
+
http_cache.each do |name, connection|
|
25
34
|
connection.finish if connection.started?
|
26
35
|
end
|
27
|
-
|
28
|
-
@cert = nil
|
29
|
-
@key = nil
|
36
|
+
Puppet::Util::Cacher.expire
|
30
37
|
end
|
31
38
|
|
32
39
|
# Make sure we set the driver up when we read the cert in.
|
@@ -44,20 +51,16 @@ module Puppet::Network::HttpPool
|
|
44
51
|
# Use cert information from a Puppet client to set up the http object.
|
45
52
|
def self.cert_setup(http)
|
46
53
|
# Just no-op if we don't have certs.
|
47
|
-
return false unless
|
48
|
-
|
49
|
-
store = OpenSSL::X509::Store.new
|
50
|
-
store.add_file Puppet[:localcacert]
|
51
|
-
store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT
|
54
|
+
return false unless FileTest.exist?(Puppet[:hostcert]) and FileTest.exist?(Puppet[:localcacert])
|
52
55
|
|
53
|
-
http.cert_store =
|
56
|
+
http.cert_store = ssl_host.ssl_store
|
54
57
|
http.ca_file = Puppet[:localcacert]
|
55
|
-
http.cert =
|
58
|
+
http.cert = ssl_host.certificate.content
|
56
59
|
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
57
|
-
http.key =
|
60
|
+
http.key = ssl_host.key.content
|
58
61
|
end
|
59
62
|
|
60
|
-
# Retrieve a cached http instance
|
63
|
+
# Retrieve a cached http instance if caching is enabled, else return
|
61
64
|
# a new one.
|
62
65
|
def self.http_instance(host, port, reset = false)
|
63
66
|
# We overwrite the uninitialized @http here with a cached one.
|
@@ -66,11 +69,11 @@ module Puppet::Network::HttpPool
|
|
66
69
|
# Return our cached instance if we've got a cache, as long as we're not
|
67
70
|
# resetting the instance.
|
68
71
|
if keep_alive?
|
69
|
-
return
|
72
|
+
return http_cache[key] if ! reset and http_cache[key]
|
70
73
|
|
71
74
|
# Clean up old connections if we have them.
|
72
|
-
if http =
|
73
|
-
|
75
|
+
if http = http_cache[key]
|
76
|
+
http_cache.delete(key)
|
74
77
|
http.finish if http.started?
|
75
78
|
end
|
76
79
|
end
|
@@ -92,15 +95,11 @@ module Puppet::Network::HttpPool
|
|
92
95
|
http.read_timeout = Puppet[:configtimeout]
|
93
96
|
http.open_timeout = Puppet[:configtimeout]
|
94
97
|
# JJM Configurable fix for #896.
|
95
|
-
|
96
|
-
http.enable_post_connection_check = true
|
97
|
-
else
|
98
|
-
http.enable_post_connection_check = false
|
99
|
-
end
|
98
|
+
http.enable_post_connection_check = Puppet[:http_enable_post_connection_check]
|
100
99
|
|
101
100
|
cert_setup(http)
|
102
101
|
|
103
|
-
|
102
|
+
http_cache[key] = http if keep_alive?
|
104
103
|
|
105
104
|
return http
|
106
105
|
end
|
@@ -3,7 +3,7 @@
|
|
3
3
|
# Author: Manuel Holtgrewe <purestorm at ggnore.net>
|
4
4
|
#
|
5
5
|
# Copyright (c) 2006 Manuel Holtgrewe, 2007 Luke Kanies
|
6
|
-
#
|
6
|
+
#
|
7
7
|
# Permission is hereby granted, free of charge, to any person obtaining
|
8
8
|
# a copy of this software and associated documentation files (the
|
9
9
|
# "Software"), to deal in the Software without restriction, including
|
@@ -11,10 +11,10 @@
|
|
11
11
|
# distribute, sublicense, and/or sell copies of the Software, and to
|
12
12
|
# permit persons to whom the Software is furnished to do so, subject to
|
13
13
|
# the following conditions:
|
14
|
-
#
|
14
|
+
#
|
15
15
|
# The above copyright notice and this permission notice shall be
|
16
16
|
# included in all copies or substantial portions of the Software.
|
17
|
-
#
|
17
|
+
#
|
18
18
|
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
19
19
|
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
20
20
|
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
@@ -34,7 +34,6 @@ require 'puppet/network/xmlrpc/server'
|
|
34
34
|
require 'puppet/network/http_server'
|
35
35
|
require 'puppet/network/client_request'
|
36
36
|
require 'puppet/network/handler'
|
37
|
-
require 'puppet/daemon'
|
38
37
|
|
39
38
|
require 'resolv'
|
40
39
|
|
@@ -51,7 +50,6 @@ require 'resolv'
|
|
51
50
|
# </pre>
|
52
51
|
module Puppet::Network
|
53
52
|
class HTTPServer::Mongrel < ::Mongrel::HttpHandler
|
54
|
-
include Puppet::Daemon
|
55
53
|
attr_reader :xmlrpc_server
|
56
54
|
|
57
55
|
def initialize(handlers)
|
@@ -64,11 +62,11 @@ module Puppet::Network
|
|
64
62
|
# behaviour and we have to subclass Mongrel::HttpHandler so our handler
|
65
63
|
# works for Mongrel.
|
66
64
|
@xmlrpc_server = Puppet::Network::XMLRPCServer.new
|
67
|
-
handlers.each do |name
|
65
|
+
handlers.each do |name|
|
68
66
|
unless handler = Puppet::Network::Handler.handler(name)
|
69
67
|
raise ArgumentError, "Invalid handler %s" % name
|
70
68
|
end
|
71
|
-
@xmlrpc_server.add_handler(handler.interface, handler.new(
|
69
|
+
@xmlrpc_server.add_handler(handler.interface, handler.new({}))
|
72
70
|
end
|
73
71
|
end
|
74
72
|
|
@@ -115,12 +113,12 @@ module Puppet::Network
|
|
115
113
|
end
|
116
114
|
end
|
117
115
|
end
|
118
|
-
|
116
|
+
|
119
117
|
private
|
120
118
|
|
121
119
|
def client_info(request)
|
122
120
|
params = request.params
|
123
|
-
ip = params["REMOTE_ADDR"]
|
121
|
+
ip = params["HTTP_X_FORWARDED_FOR"] ? params["HTTP_X_FORWARDED_FOR"].split(',').last.strip : params["REMOTE_ADDR"]
|
124
122
|
# JJM #906 The following dn.match regular expression is forgiving
|
125
123
|
# enough to match the two Distinguished Name string contents
|
126
124
|
# coming from Apache, Pound or other reverse SSL proxies.
|
@@ -146,7 +144,7 @@ module Puppet::Network
|
|
146
144
|
def parse_content_type(str)
|
147
145
|
a, *b = str.split(";")
|
148
146
|
return a.strip, *b
|
149
|
-
end
|
147
|
+
end
|
150
148
|
end
|
151
149
|
end
|
152
150
|
|
@@ -1,5 +1,4 @@
|
|
1
1
|
require 'puppet'
|
2
|
-
require 'puppet/daemon'
|
3
2
|
require 'webrick'
|
4
3
|
require 'webrick/https'
|
5
4
|
require 'fcntl'
|
@@ -16,11 +15,10 @@ module Puppet
|
|
16
15
|
# The old-school, pure ruby webrick server, which is the default serving
|
17
16
|
# mechanism.
|
18
17
|
class HTTPServer::WEBrick < WEBrick::HTTPServer
|
19
|
-
include Puppet::Daemon
|
20
18
|
include Puppet::SSLCertificates::Support
|
21
19
|
|
22
20
|
# Read the CA cert and CRL and populate an OpenSSL::X509::Store
|
23
|
-
# with them, with flags appropriate for checking client
|
21
|
+
# with them, with flags appropriate for checking client
|
24
22
|
# certificates for revocation
|
25
23
|
def x509store
|
26
24
|
if Puppet[:cacrl] == 'false'
|
@@ -0,0 +1,89 @@
|
|
1
|
+
require 'puppet/network/authconfig'
|
2
|
+
|
3
|
+
module Puppet
|
4
|
+
class Network::RestAuthConfig < Network::AuthConfig
|
5
|
+
|
6
|
+
attr_accessor :rights
|
7
|
+
|
8
|
+
DEFAULT_ACL = [
|
9
|
+
{ :acl => "~ ^\/catalog\/([^\/]+)$", :method => :find, :allow => '$1', :authenticated => true },
|
10
|
+
# this one will allow all file access, and thus delegate
|
11
|
+
# to fileserver.conf
|
12
|
+
{ :acl => "/file" },
|
13
|
+
{ :acl => "/certificate_revocation_list/ca", :method => :find, :authenticated => true },
|
14
|
+
{ :acl => "/report", :method => :save, :authenticated => true },
|
15
|
+
{ :acl => "/certificate/ca", :method => :find, :authenticated => false },
|
16
|
+
{ :acl => "/certificate/", :method => :find, :authenticated => false },
|
17
|
+
{ :acl => "/certificate_request", :method => [:find, :save], :authenticated => false },
|
18
|
+
]
|
19
|
+
|
20
|
+
def self.main
|
21
|
+
add_acl = @main.nil?
|
22
|
+
super
|
23
|
+
@main.insert_default_acl if add_acl and !@main.exists?
|
24
|
+
@main
|
25
|
+
end
|
26
|
+
|
27
|
+
# check wether this request is allowed in our ACL
|
28
|
+
# raise an Puppet::Network::AuthorizedError if the request
|
29
|
+
# is denied.
|
30
|
+
def allowed?(request)
|
31
|
+
read()
|
32
|
+
|
33
|
+
# we're splitting the request in part because
|
34
|
+
# fail_on_deny could as well be called in the XMLRPC context
|
35
|
+
# with a ClientRequest.
|
36
|
+
@rights.fail_on_deny(build_uri(request),
|
37
|
+
:node => request.node,
|
38
|
+
:ip => request.ip,
|
39
|
+
:method => request.method,
|
40
|
+
:environment => request.environment,
|
41
|
+
:authenticated => request.authenticated)
|
42
|
+
end
|
43
|
+
|
44
|
+
def initialize(file = nil, parsenow = true)
|
45
|
+
super(file || Puppet[:rest_authconfig], parsenow)
|
46
|
+
|
47
|
+
# if we didn't read a file (ie it doesn't exist)
|
48
|
+
# make sure we can create some default rights
|
49
|
+
@rights ||= Puppet::Network::Rights.new
|
50
|
+
end
|
51
|
+
|
52
|
+
def parse()
|
53
|
+
super()
|
54
|
+
insert_default_acl
|
55
|
+
end
|
56
|
+
|
57
|
+
# force regular ACLs to be present
|
58
|
+
def insert_default_acl
|
59
|
+
DEFAULT_ACL.each do |acl|
|
60
|
+
unless rights[acl[:acl]]
|
61
|
+
Puppet.info "Inserting default '#{acl[:acl]}'(%s) acl because %s" % [acl[:authenticated] ? "auth" : "non-auth" , ( !exists? ? "#{Puppet[:rest_authconfig]} doesn't exist" : "none where found in '#{@file}'")]
|
62
|
+
mk_acl(acl)
|
63
|
+
end
|
64
|
+
end
|
65
|
+
# queue an empty (ie deny all) right for every other path
|
66
|
+
# actually this is not strictly necessary as the rights system
|
67
|
+
# denies not explicitely allowed paths
|
68
|
+
unless rights["/"]
|
69
|
+
rights.newright("/")
|
70
|
+
rights.restrict_authenticated("/", :any)
|
71
|
+
end
|
72
|
+
end
|
73
|
+
|
74
|
+
def mk_acl(acl)
|
75
|
+
@rights.newright(acl[:acl])
|
76
|
+
@rights.allow(acl[:acl], acl[:allow] || "*")
|
77
|
+
|
78
|
+
if method = acl[:method]
|
79
|
+
method = [method] unless method.is_a?(Array)
|
80
|
+
method.each { |m| @rights.restrict_method(acl[:acl], m) }
|
81
|
+
end
|
82
|
+
@rights.restrict_authenticated(acl[:acl], acl[:authenticated]) unless acl[:authenticated].nil?
|
83
|
+
end
|
84
|
+
|
85
|
+
def build_uri(request)
|
86
|
+
"/#{request.indirection_name}/#{request.key}"
|
87
|
+
end
|
88
|
+
end
|
89
|
+
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
require 'puppet/network/client_request'
|
2
|
+
require 'puppet/network/rest_authconfig'
|
3
|
+
|
4
|
+
module Puppet::Network
|
5
|
+
|
6
|
+
module RestAuthorization
|
7
|
+
|
8
|
+
|
9
|
+
# Create our config object if necessary. If there's no configuration file
|
10
|
+
# we install our defaults
|
11
|
+
def authconfig
|
12
|
+
unless defined? @authconfig
|
13
|
+
@authconfig = Puppet::Network::RestAuthConfig.main
|
14
|
+
end
|
15
|
+
|
16
|
+
@authconfig
|
17
|
+
end
|
18
|
+
|
19
|
+
# Verify that our client has access.
|
20
|
+
def check_authorization(request)
|
21
|
+
authconfig.allowed?(request)
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
@@ -1,15 +1,22 @@
|
|
1
|
-
require 'ipaddr'
|
2
1
|
require 'puppet/network/authstore'
|
2
|
+
require 'puppet/error'
|
3
|
+
|
4
|
+
module Puppet::Network
|
5
|
+
|
6
|
+
# this exception is thrown when a request is not authenticated
|
7
|
+
class AuthorizationError < Puppet::Error; end
|
3
8
|
|
4
9
|
# Define a set of rights and who has access to them.
|
5
|
-
|
10
|
+
# There are two types of rights:
|
11
|
+
# * named rights (ie a common string)
|
12
|
+
# * path based rights (which are matched on a longest prefix basis)
|
13
|
+
class Rights
|
14
|
+
|
6
15
|
# We basically just proxy directly to our rights. Each Right stores
|
7
16
|
# its own auth abilities.
|
8
|
-
[:allow, :
|
17
|
+
[:allow, :deny, :restrict_method, :restrict_environment, :restrict_authenticated].each do |method|
|
9
18
|
define_method(method) do |name, *args|
|
10
|
-
|
11
|
-
|
12
|
-
if obj = right(name)
|
19
|
+
if obj = self[name]
|
13
20
|
obj.send(method, *args)
|
14
21
|
else
|
15
22
|
raise ArgumentError, "Unknown right '%s'" % name
|
@@ -17,45 +24,139 @@ class Puppet::Network::Rights < Hash
|
|
17
24
|
end
|
18
25
|
end
|
19
26
|
|
20
|
-
|
21
|
-
|
22
|
-
|
27
|
+
# Check that name is allowed or not
|
28
|
+
def allowed?(name, *args)
|
29
|
+
begin
|
30
|
+
fail_on_deny(name, :node => args[0], :ip => args[1])
|
31
|
+
rescue AuthorizationError
|
32
|
+
return false
|
33
|
+
rescue ArgumentError
|
34
|
+
# the namespace contract says we should raise this error
|
35
|
+
# if we didn't find the right acl
|
36
|
+
raise
|
37
|
+
end
|
38
|
+
return true
|
23
39
|
end
|
24
40
|
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
41
|
+
def fail_on_deny(name, args = {})
|
42
|
+
res = :nomatch
|
43
|
+
right = @rights.find do |acl|
|
44
|
+
found = false
|
45
|
+
# an acl can return :dunno, which means "I'm not qualified to answer your question,
|
46
|
+
# please ask someone else". This is used when for instance an acl matches, but not for the
|
47
|
+
# current rest method, where we might think some other acl might be more specific.
|
48
|
+
if match = acl.match?(name)
|
49
|
+
args[:match] = match
|
50
|
+
if (res = acl.allowed?(args[:node], args[:ip], args)) != :dunno
|
51
|
+
# return early if we're allowed
|
52
|
+
return if res
|
53
|
+
# we matched, select this acl
|
54
|
+
found = true
|
55
|
+
end
|
56
|
+
end
|
57
|
+
found
|
58
|
+
end
|
59
|
+
|
60
|
+
# if we end here, then that means we either didn't match
|
61
|
+
# or failed, in any case will throw an error to the outside world
|
62
|
+
if name =~ /^\// or right
|
63
|
+
# we're a patch ACL, let's fail
|
64
|
+
msg = "%s access to %s [%s]" % [ (args[:node].nil? ? args[:ip] : "#{args[:node]}(#{args[:ip]})"), name, args[:method] ]
|
65
|
+
|
66
|
+
msg += " authenticated " if args[:authenticated]
|
67
|
+
|
68
|
+
error = AuthorizationError.new("Forbidden request: " + msg)
|
69
|
+
if right
|
70
|
+
error.file = right.file
|
71
|
+
error.line = right.line
|
72
|
+
end
|
73
|
+
Puppet.warning("Denying access: " + error.to_s)
|
31
74
|
else
|
32
|
-
|
75
|
+
# there were no rights allowing/denying name
|
76
|
+
# if name is not a path, let's throw
|
77
|
+
error = ArgumentError.new "Unknown namespace right '%s'" % name
|
33
78
|
end
|
79
|
+
raise error
|
80
|
+
end
|
81
|
+
|
82
|
+
def initialize()
|
83
|
+
@rights = []
|
84
|
+
end
|
85
|
+
|
86
|
+
def [](name)
|
87
|
+
@rights.find { |acl| acl == name }
|
88
|
+
end
|
89
|
+
|
90
|
+
def include?(name)
|
91
|
+
@rights.include?(name)
|
92
|
+
end
|
93
|
+
|
94
|
+
def each
|
95
|
+
@rights.each { |r| yield r.name,r }
|
96
|
+
end
|
97
|
+
|
98
|
+
# Define a new right to which access can be provided.
|
99
|
+
def newright(name, line=nil, file=nil)
|
100
|
+
add_right( Right.new(name, line, file) )
|
34
101
|
end
|
35
102
|
|
36
103
|
private
|
37
104
|
|
105
|
+
def add_right(right)
|
106
|
+
if right.acl_type == :name and include?(right.key)
|
107
|
+
raise ArgumentError, "Right '%s' already exists"
|
108
|
+
end
|
109
|
+
@rights << right
|
110
|
+
sort_rights
|
111
|
+
right
|
112
|
+
end
|
113
|
+
|
114
|
+
def sort_rights
|
115
|
+
@rights.sort!
|
116
|
+
end
|
117
|
+
|
38
118
|
# Retrieve a right by name.
|
39
119
|
def right(name)
|
40
|
-
name = name.intern if name.is_a? String
|
41
120
|
self[name]
|
42
121
|
end
|
43
122
|
|
44
123
|
# A right.
|
45
124
|
class Right < Puppet::Network::AuthStore
|
46
|
-
|
125
|
+
include Puppet::FileCollection::Lookup
|
47
126
|
|
48
|
-
|
127
|
+
attr_accessor :name, :key, :acl_type
|
128
|
+
attr_accessor :methods, :environment, :authentication
|
49
129
|
|
50
|
-
|
51
|
-
name.to_s[0..0]
|
52
|
-
end
|
130
|
+
ALL = [:save, :destroy, :find, :search]
|
53
131
|
|
54
|
-
|
132
|
+
Puppet::Util.logmethods(self, true)
|
133
|
+
|
134
|
+
def initialize(name, line, file)
|
135
|
+
@methods = []
|
136
|
+
@environment = []
|
137
|
+
@authentication = true # defaults to authenticated
|
55
138
|
@name = name
|
56
|
-
@
|
57
|
-
|
58
|
-
|
139
|
+
@line = line || 0
|
140
|
+
@file = file
|
141
|
+
|
142
|
+
case name
|
143
|
+
when Symbol
|
144
|
+
@acl_type = :name
|
145
|
+
@key = name
|
146
|
+
when /^\[(.+)\]$/
|
147
|
+
@acl_type = :name
|
148
|
+
@key = $1.intern if name.is_a?(String)
|
149
|
+
when /^\//
|
150
|
+
@acl_type = :regex
|
151
|
+
@key = Regexp.new("^" + Regexp.escape(name))
|
152
|
+
@methods = ALL
|
153
|
+
when /^~/ # this is a regex
|
154
|
+
@acl_type = :regex
|
155
|
+
@name = name.gsub(/^~\s+/,'')
|
156
|
+
@key = Regexp.new(@name)
|
157
|
+
@methods = ALL
|
158
|
+
else
|
159
|
+
raise ArgumentError, "Unknown right type '%s'" % name
|
59
160
|
end
|
60
161
|
super()
|
61
162
|
end
|
@@ -68,6 +169,108 @@ class Puppet::Network::Rights < Hash
|
|
68
169
|
def valid?
|
69
170
|
true
|
70
171
|
end
|
172
|
+
|
173
|
+
def regex?
|
174
|
+
acl_type == :regex
|
175
|
+
end
|
176
|
+
|
177
|
+
# does this right is allowed for this triplet?
|
178
|
+
# if this right is too restrictive (ie we don't match this access method)
|
179
|
+
# then return :dunno so that upper layers have a chance to try another right
|
180
|
+
# tailored to the given method
|
181
|
+
def allowed?(name, ip, args = {})
|
182
|
+
return :dunno if acl_type == :regex and not @methods.include?(args[:method])
|
183
|
+
return :dunno if acl_type == :regex and @environment.size > 0 and not @environment.include?(args[:environment])
|
184
|
+
return :dunno if acl_type == :regex and not @authentication.nil? and args[:authenticated] != @authentication
|
185
|
+
|
186
|
+
begin
|
187
|
+
# make sure any capture are replaced if needed
|
188
|
+
interpolate(args[:match]) if acl_type == :regex and args[:match]
|
189
|
+
res = super(name,ip)
|
190
|
+
ensure
|
191
|
+
reset_interpolation if acl_type == :regex
|
192
|
+
end
|
193
|
+
res
|
194
|
+
end
|
195
|
+
|
196
|
+
# restrict this right to some method only
|
197
|
+
def restrict_method(m)
|
198
|
+
m = m.intern if m.is_a?(String)
|
199
|
+
|
200
|
+
unless ALL.include?(m)
|
201
|
+
raise ArgumentError, "'%s' is not an allowed value for method directive" % m
|
202
|
+
end
|
203
|
+
|
204
|
+
# if we were allowing all methods, then starts from scratch
|
205
|
+
if @methods === ALL
|
206
|
+
@methods = []
|
207
|
+
end
|
208
|
+
|
209
|
+
if @methods.include?(m)
|
210
|
+
raise ArgumentError, "'%s' is already in the '%s' ACL" % [m, name]
|
211
|
+
end
|
212
|
+
|
213
|
+
@methods << m
|
214
|
+
end
|
215
|
+
|
216
|
+
def restrict_environment(env)
|
217
|
+
env = Puppet::Node::Environment.new(env)
|
218
|
+
if @environment.include?(env)
|
219
|
+
raise ArgumentError, "'%s' is already in the '%s' ACL" % [env, name]
|
220
|
+
end
|
221
|
+
|
222
|
+
@environment << env
|
223
|
+
end
|
224
|
+
|
225
|
+
def restrict_authenticated(authentication)
|
226
|
+
case authentication
|
227
|
+
when "yes", "on", "true", true
|
228
|
+
authentication = true
|
229
|
+
when "no", "off", "false", false
|
230
|
+
authentication = false
|
231
|
+
when "all","any", :all, :any
|
232
|
+
authentication = nil
|
233
|
+
else
|
234
|
+
raise ArgumentError, "'%s' incorrect authenticated value: %s" % [name, authentication]
|
235
|
+
end
|
236
|
+
@authentication = authentication
|
237
|
+
end
|
238
|
+
|
239
|
+
def match?(key)
|
240
|
+
# if we are a namespace compare directly
|
241
|
+
return self.key == namespace_to_key(key) if acl_type == :name
|
242
|
+
|
243
|
+
# otherwise match with the regex
|
244
|
+
return self.key.match(key)
|
245
|
+
end
|
246
|
+
|
247
|
+
def namespace_to_key(key)
|
248
|
+
key = key.intern if key.is_a?(String)
|
249
|
+
key
|
250
|
+
end
|
251
|
+
|
252
|
+
# this is where all the magic happens.
|
253
|
+
# we're sorting the rights array with this scheme:
|
254
|
+
# * namespace rights are all in front
|
255
|
+
# * regex path rights are then all queued in file order
|
256
|
+
def <=>(rhs)
|
257
|
+
# move namespace rights at front
|
258
|
+
if self.acl_type != rhs.acl_type
|
259
|
+
return self.acl_type == :name ? -1 : 1
|
260
|
+
end
|
261
|
+
|
262
|
+
# sort by creation order (ie first match appearing in the file will win)
|
263
|
+
# that is don't sort, in which case the sort algorithm will order in the
|
264
|
+
# natural array order (ie the creation order)
|
265
|
+
return 0
|
266
|
+
end
|
267
|
+
|
268
|
+
def ==(name)
|
269
|
+
return self.key == namespace_to_key(name) if acl_type == :name
|
270
|
+
return self.name == name.gsub(/^~\s+/,'')
|
271
|
+
end
|
272
|
+
|
71
273
|
end
|
72
|
-
end
|
73
274
|
|
275
|
+
end
|
276
|
+
end
|