puppet 0.25.1 → 0.25.2

data/lib/puppet/ssl/certificate.rb

@@ -28,7 +28,8 @@ class Puppet::SSL::Certificate < Puppet::SSL::Base
     end
 
     def expiration
-        return nil unless content
-        return content.not_after
+        # Our expiration is either that of the cache or the content, whichever comes first
+        cache_expiration = @expiration
+        [(content and content.not_after), cache_expiration].compact.sort.first
     end
 end

data/lib/puppet/ssl/host.rb

@@ -94,12 +94,7 @@ class Puppet::SSL::Host
 
     # Remove all traces of a given host
     def self.destroy(name)
-        [Key, Certificate, CertificateRequest].inject(false) do |result, klass|
-            if klass.destroy(name)
-                result = true
-            end
-            result
-        end
+        [Key, Certificate, CertificateRequest].collect { |part| part.destroy(name) }.any? { |x| x }
     end
 
     # Search for more than one host, optionally only specifying
@@ -107,12 +102,7 @@ class Puppet::SSL::Host
     # This just allows our non-indirected class to have one of
     # indirection methods.
     def self.search(options = {})
-        classes = [Key, CertificateRequest, Certificate]
-        if klass = options[:for]
-            classlist = [klass].flatten
-        else
-            classlist = [Key, CertificateRequest, Certificate]
-        end
+        classlist = [options[:for] || [Key, CertificateRequest, Certificate]].flatten
 
         # Collect the results from each class, flatten them, collect all of the names, make the name list unique,
         # then create a Host instance for each one.
@@ -127,8 +117,7 @@ class Puppet::SSL::Host
     end
 
     def key
-        return nil unless @key ||= Key.find(name)
-        @key
+        @key ||= Key.find(name)
     end
 
     # This is the private key; we can create it from scratch
@@ -146,8 +135,7 @@ class Puppet::SSL::Host
     end
 
     def certificate_request
-        return nil unless @certificate_request ||= CertificateRequest.find(name)
-        @certificate_request
+        @certificate_request ||= CertificateRequest.find(name)
     end
 
     # Our certificate request requires the key but that's all.
@@ -166,26 +154,19 @@ class Puppet::SSL::Host
     end
 
     def certificate
-        unless @certificate
-            generate_key unless key
-
+        @certificate ||= (
             # get the CA cert first, since it's required for the normal cert
             # to be of any use.
-            return nil unless Certificate.find("ca") unless ca?
-            return nil unless @certificate = Certificate.find(name)
-
-            unless certificate_matches_key?
-                raise Puppet::Error, "Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key"
+            if not (key or generate_key) or not (ca? or Certificate.find("ca")) or not (cert = Certificate.find(name)) or cert.expired?
+                nil
+            elsif not cert.content.check_private_key(key.content)
+                Certificate.expire(name)
+                Puppet.warning "Retrieved certificate does not match private key"
+                nil
+            else
+                cert
             end
-        end
-        @certificate
-    end
-
-    def certificate_matches_key?
-        return false unless key
-        return false unless certificate
-
-        return certificate.content.check_private_key(key.content)
+            )
     end
 
     # Generate all necessary parts of our ssl host.

data/lib/puppet/sslcertificates.rb

@@ -2,11 +2,7 @@
 
 require 'puppet'
 
-begin
-    require 'openssl'
-rescue LoadError
-    raise Puppet::Error, "You must have the Ruby openssl library installed"
-end
+raise Puppet::Error, "You must have the Ruby openssl library installed" unless Puppet.features.openssl?
 
 module Puppet::SSLCertificates
     #def self.mkcert(type, name, dnsnames, ttl, issuercert, issuername, serial, publickey)

data/lib/puppet/sslcertificates/ca.rb

@@ -134,7 +134,7 @@ class Puppet::SSLCertificates::CA
 
     # List certificates waiting to be signed.  This returns a list of hostnames, not actual
     # files -- the names can be converted to full paths with host2csrfile.
-    def list
+    def list(dummy_argument=:work_arround_for_ruby_GC_bug)
         return Dir.entries(Puppet[:csrdir]).find_all { |file|
             file =~ /\.pem$/
         }.collect { |file|
@@ -144,7 +144,7 @@ class Puppet::SSLCertificates::CA
 
     # List signed certificates.  This returns a list of hostnames, not actual
     # files -- the names can be converted to full paths with host2csrfile.
-    def list_signed
+    def list_signed(dummy_argument=:work_arround_for_ruby_GC_bug)
         return Dir.entries(Puppet[:signeddir]).find_all { |file|
             file =~ /\.pem$/
         }.collect { |file|
@@ -278,12 +278,13 @@ class Puppet::SSLCertificates::CA
         host = thing2name(csr)
 
         csrfile = host2csrfile(host)
-        if File.exists?(csrfile)
-            raise Puppet::Error, "Certificate request for %s already exists" % host
-        end
+        raise Puppet::Error, "Certificate request for #{host} already exists" if File.exists?(csrfile)
+        Puppet.settings.writesub(:csrdir, csrfile) { |f| f.print csr.to_pem }
 
-        Puppet.settings.writesub(:csrdir, csrfile) do |f|
-            f.print csr.to_pem
+        certfile = host2certfile(host)
+        if File.exists?(certfile)
+            Puppet.notice "Removing previously signed certificate #{certfile} for #{host}"
+            Puppet::SSLCertificates::Inventory::rebuild
         end
     end
 

data/lib/puppet/transaction.rb

@@ -2,6 +2,7 @@
 # and performs them
 
 require 'puppet'
+require 'puppet/util/tagging'
 
 module Puppet
 class Transaction
@@ -18,6 +19,7 @@ class Transaction
     attr_reader :events
 
     include Puppet::Util
+    include Puppet::Util::Tagging
 
     # Add some additional times for reporting
     def addtimes(hash)
@@ -353,6 +355,7 @@ class Transaction
         made = [made] unless made.is_a?(Array)
         made.uniq.find_all do |res|
             begin
+                res.tag(*resource.tags)
                 @catalog.add_resource(res) do |r|
                     r.finish
                     make_parent_child_relationship(resource, [r])
@@ -601,26 +604,26 @@ class Transaction
     # The tags we should be checking.
     def tags
         unless defined? @tags
-            tags = Puppet[:tags]
-            if tags.nil? or tags == ""
-                @tags = []
-            else
-                @tags = tags.split(/\s*,\s*/)
-            end
+            self.tags = Puppet[:tags]
         end
 
-        @tags
+        super
     end
 
-    def tags=(tags)
-        tags = [tags] unless tags.is_a?(Array)
-        @tags = tags
+    def handle_qualified_tags( qualified )
+        # The default behavior of Puppet::Util::Tagging is
+        # to split qualified tags into parts. That would cause
+        # qualified tags to match too broadly here.
+        return
     end
 
     # Is this resource tagged appropriately?
     def missing_tags?(resource)
-        return false if self.ignore_tags? or tags.empty?
-        return true unless resource.tagged?(tags)
+        not appropriately_tagged?(resource)
+    end
+
+    def appropriately_tagged?(resource)
+        self.ignore_tags? or tags.empty? or resource.tagged?(*tags)
     end
 
     # Are there any edges that target this resource?

data/lib/puppet/type.rb

@@ -210,8 +210,8 @@ class Type
     end
 
     # Find the namevar
-    def self.namevar
-        unless defined? @namevar
+    def self.namevar_parameter
+        @namevar_parameter ||= (
             params = @parameters.find_all { |param|
                 param.isnamevar? or param.name == :name
             }
@@ -219,12 +219,19 @@ class Type
             if params.length > 1
                 raise Puppet::DevError, "Found multiple namevars for %s" % self.name
             elsif params.length == 1
-                @namevar = params[0].name
+                params.first
             else
                 raise Puppet::DevError, "No namevar for %s" % self.name
             end
-        end
-        @namevar
+        )
+    end
+
+    def self.namevar
+        @namevar ||= namevar_parameter.name
+    end
+
+    def self.canonicalize_ref(s)
+        namevar_parameter.canonicalize(s)
     end
 
     # Create a new parameter.  Requires a block and a name, stores it in the

data/lib/puppet/type/file.rb

@@ -31,7 +31,7 @@ module Puppet
 
             validate do |value|
                 unless value =~ /^#{File::SEPARATOR}/
-                    raise Puppet::Error, "File paths must be fully qualified, not '%s'" % value
+                    fail Puppet::Error,"File paths must be fully qualified, not '#{value}'"
                 end
             end
 
@@ -46,6 +46,12 @@ module Puppet
             unmunge do |value|
                 File.join( Puppet::FileCollection.collection.path(value[:index]), value[:name] )
             end
+ 
+            to_canonicalize do |s|
+                # Get rid of any duplicate slashes, and remove any trailing slashes unless 
+                # the title is just a slash, in which case leave it.
+                s.gsub(/\/+/, "/").sub(/(.)\/$/,'\1')
+            end
         end
 
         newparam(:backup) do
@@ -120,10 +126,10 @@ module Puppet
             munge do |value|
                 newval = super(value)
                 case newval
-                when :true, :inf: true
-                when :false: false
-                when :remote: :remote
-                when Integer, Fixnum, Bignum:
+                when :true, :inf; true
+                when :false; false
+                when :remote; :remote
+                when Integer, Fixnum, Bignum
                     self.warning "Setting recursion depth with the recurse parameter is now deprecated, please use recurselimit"
 
                     # recurse == 0 means no recursion
@@ -131,7 +137,7 @@ module Puppet
 
                     resource[:recurselimit] = value
                     true
-                when /^\d+$/:
+                when /^\d+$/
                     self.warning "Setting recursion depth with the recurse parameter is now deprecated, please use recurselimit"
                     value = Integer(value)
 
@@ -141,7 +147,7 @@ module Puppet
                     resource[:recurselimit] = value
                     true
                 else
-                    raise ArgumentError, "Invalid recurse value %s" % value.inspect
+                    self.fail "Invalid recurse value #{value.inspect}"
                 end
             end
         end
@@ -154,10 +160,10 @@ module Puppet
             munge do |value|
                 newval = super(value)
                 case newval
-                when Integer, Fixnum, Bignum: value
-                when /^\d+$/: Integer(value)
+                when Integer, Fixnum, Bignum; value
+                when /^\d+$/; Integer(value)
                 else
-                    raise ArgumentError, "Invalid recurselimit value %s" % value.inspect
+                    self.fail "Invalid recurselimit value #{value.inspect}"
                 end
             end
         end
@@ -399,11 +405,7 @@ module Puppet
 
             super
 
-            # Get rid of any duplicate slashes, and remove any trailing slashes.
-            @title = @title.gsub(/\/+/, "/")
-
-            @title.sub!(/\/$/, "") unless @title == "/"
-
+            @title = self.class.canonicalize_ref(@title)
             @stat = nil
         end
 
@@ -494,26 +496,18 @@ module Puppet
         # not likely to have many actual conflicts, which is good, because
         # this is a pretty inefficient implementation.
         def remove_less_specific_files(files)
-            # We sort the paths so we can short-circuit some tests.
-            mypath = self[:path]
-            other_paths = catalog.vertices.find_all do |r|
-                r.is_a?(self.class) and r[:path][0..(mypath.length - 1)] == mypath
-            end.collect { |r| r[:path] }.sort { |a, b| a.length <=> b.length } - [self[:path]]
+            mypath = self[:path].split(File::Separator)
+            other_paths = catalog.vertices.
+              select  { |r| r.is_a?(self.class) and r[:path] != self[:path] }.
+              collect { |r| r[:path].split(File::Separator) }.
+              select  { |p| p[0,mypath.length]  == mypath }
 
             return files if other_paths.empty?
 
-            remove = []
-            files.each do |file|
-                path = file[:path]
-                other_paths.each do |p|
-                    if path[0..(p.length - 1)] == p
-                        remove << file
-                        break
-                    end
-                end
-            end
-
-            files - remove
+            files.reject { |file|
+                path = file[:path].split(File::Separator)
+                other_paths.any? { |p| path[0,p.length] == p }
+                }
         end
 
         # A simple method for determining whether we should be recursing.

data/lib/puppet/type/file/content.rb

@@ -96,7 +96,7 @@ module Puppet
             return true if ! @resource.replace?
 
             if self.should
-                return super
+                result = super
             elsif source = resource.parameter(:source)
                 fail "Got a remote source with no checksum" unless source.checksum
                 result = (is == source.checksum)
@@ -114,14 +114,14 @@ module Puppet
 
         def retrieve
             return :absent unless stat = @resource.stat
-
+            ftype = stat.ftype
             # Don't even try to manage the content on directories or links
-            return nil if stat.ftype == "directory"
+            return nil if ["directory","link"].include? ftype or checksum_type.nil?
 
             begin
-                return "{#{checksum_type}}" + send(checksum_type.to_s + "_file", resource[:path]).to_s
+                "{#{checksum_type}}" + send(checksum_type.to_s + "_file", resource[:path]).to_s
             rescue => detail
-                raise Puppet::Error, "Could not read %s: %s" % [@resource.title, detail]
+                raise Puppet::Error, "Could not read #{ftype} #{@resource.title}: #{detail}"
             end
         end
 

data/lib/puppet/type/file/ensure.rb

@@ -80,13 +80,9 @@ module Puppet
 
 
         newvalue(:link) do
-            if property = @resource.property(:target)
-                property.retrieve
-
-                return property.mklink
-            else
-                self.fail "Cannot create a symlink without a target"
-            end
+            fail "Cannot create a symlink without a target" unless property = resource.property(:target)
+            property.retrieve
+            property.mklink
         end
 
         # Symlinks.
@@ -97,16 +93,9 @@ module Puppet
 
         munge do |value|
             value = super(value)
-
-            # It doesn't make sense to try to manage links unless, well,
-            # we're managing links.
-            resource[:links] = :manage if value == :link
-            return value if value.is_a? Symbol
-
-            @resource[:target] = value
-            resource[:links] = :manage
-
-            return :link
+            value,resource[:target] = :link,value unless value.is_a? Symbol
+            resource[:links] = :manage if value == :link and resource[:links] != :follow
+            value 
         end
 
         def change_to_s(currentvalue, newvalue)

data/lib/puppet/type/file/mode.rb

@@ -5,7 +5,24 @@ module Puppet
     Puppet::Type.type(:file).newproperty(:mode) do
         require 'etc'
         desc "Mode the file should be.  Currently relatively limited:
-            you must specify the exact mode the file should be."
+            you must specify the exact mode the file should be.
+ 
+            Note that when you set the mode of a directory, Puppet always
+            sets the search/traverse (1) bit anywhere the read (4) bit is set. 
+            This is almost always what you want: read allows you to list the
+            entries in a directory, and search/traverse allows you to access 
+            (read/write/execute) those entries.)  Because of this feature, you 
+            can recursively make a directory and all of the files in it 
+            world-readable by setting e.g.::
+
+                file { '/some/dir':
+                  mode => 644,
+                  recurse => true,
+                }
+
+            In this case all of the files underneath ``/some/dir`` will have 
+            mode 644, and all of the directories will have mode 755."
+
         @event = :file_changed
 
         # Our modes are octal, so make sure they print correctly.  Other

data/lib/puppet/type/file/source.rb

@@ -93,11 +93,7 @@ module Puppet
         end
 
         def checksum
-            if metadata
-                metadata.checksum
-            else
-                nil
-            end
+            metadata && metadata.checksum
         end
 
         # Look up (if necessary) and return remote content.
@@ -119,16 +115,20 @@ module Puppet
             [:owner, :mode, :group, :checksum].each do |param|
                 next if param == :owner and Puppet::Util::SUIDManager.uid != 0
                 next if param == :checksum and metadata.ftype == "directory"
-                unless value = @resource[param] and value != :absent
-                    @resource[param] = metadata.send(param)
+                unless value = resource[param] and value != :absent
+                    resource[param] = metadata.send(param)
                 end
             end
 
-            # Set the 'ensure' value, unless we're trying to delete the file.
-            @resource[:ensure] = metadata.ftype unless @resource[:ensure] == :absent
-
-            if metadata.ftype == "link"
-                @resource[:target] = metadata.destination
+            if resource[:ensure] == :absent 
+                # We know all we need to
+            elsif metadata.ftype != "link"
+                resource[:ensure] = metadata.ftype
+            elsif @resource[:links] == :follow
+                resource[:ensure] = :present
+            else
+                resource[:ensure] = "link"
+                resource[:target] = metadata.destination
             end
         end