puppet 2.6.12 → 2.6.13

data/lib/puppet/type/file/source.rb

@@ -154,7 +154,7 @@ module Puppet
           fail detail, "Could not retrieve file metadata for #{source}: #{detail}"
         end
       end
-      fail "Could not retrieve information from source(s) #{value.join(", ")}" unless result
+      fail "Could not retrieve information from environment #{Puppet[:environment]} source(s) #{value.join(", ")}" unless result
       result
     end
 

data/lib/puppet/type/user.rb

@@ -165,6 +165,14 @@ module Puppet
           return "changed password"
         end
       end
+
+      def is_to_s( currentvalue )
+        return '[old password hash redacted]'
+      end
+      def should_to_s( newvalue )
+        return '[new password hash redacted]'
+      end
+
     end
 
     newproperty(:password_min_age, :required_features => :manages_password_age) do

data/lib/puppet/util.rb

@@ -29,7 +29,6 @@ module Util
     end
   end
 
-  
   def self.synchronize_on(x,type)
     sync_object,users = 0,1
     begin
@@ -47,35 +46,24 @@ module Util
   # Change the process to a different user
   def self.chuser
     if group = Puppet[:group]
-      group = self.gid(group)
-      raise Puppet::Error, "No such group #{Puppet[:group]}" unless group
-      unless Puppet::Util::SUIDManager.gid == group
-        begin
-          Puppet::Util::SUIDManager.egid = group
-          Puppet::Util::SUIDManager.gid = group
-        rescue => detail
-          Puppet.warning "could not change to group #{group.inspect}: #{detail}"
-          $stderr.puts "could not change to group #{group.inspect}"
-
-          # Don't exit on failed group changes, since it's
-          # not fatal
-          #exit(74)
-        end
+      begin
+        Puppet::Util::SUIDManager.change_group(group, true)
+      rescue => detail
+        Puppet.warning "could not change to group #{group.inspect}: #{detail}"
+        $stderr.puts "could not change to group #{group.inspect}"
+
+        # Don't exit on failed group changes, since it's
+        # not fatal
+        #exit(74)
       end
     end
 
     if user = Puppet[:user]
-      user = self.uid(user)
-      raise Puppet::Error, "No such user #{Puppet[:user]}" unless user
-      unless Puppet::Util::SUIDManager.uid == user
-        begin
-          Puppet::Util::SUIDManager.initgroups(user)
-          Puppet::Util::SUIDManager.uid = user
-          Puppet::Util::SUIDManager.euid = user
-        rescue => detail
-          $stderr.puts "Could not change to user #{user}: #{detail}"
-          exit(74)
-        end
+      begin
+        Puppet::Util::SUIDManager.change_user(user, true)
+      rescue => detail
+        $stderr.puts "Could not change to user #{user}: #{detail}"
+        exit(74)
       end
     end
   end
@@ -90,18 +78,14 @@ module Util
         if useself
 
           Puppet::Util::Log.create(
-
             :level => level,
             :source => self,
-
             :message => args
           )
         else
 
           Puppet::Util::Log.create(
-
             :level => level,
-
             :message => args
           )
         end
@@ -262,9 +246,6 @@ module Util
       Puppet.debug "Executing '#{str}'"
     end
 
-    arguments[:uid] = Puppet::Util::SUIDManager.convert_xid(:uid, arguments[:uid]) if arguments[:uid]
-    arguments[:gid] = Puppet::Util::SUIDManager.convert_xid(:gid, arguments[:gid]) if arguments[:gid]
-
     if execution_stub = Puppet::Util::ExecutionStub.current_value
       return execution_stub.call(command, arguments)
     end
@@ -306,14 +287,8 @@ module Util
           $stderr.reopen(error_file)
 
           3.upto(256){|fd| IO::new(fd).close rescue nil}
-          if arguments[:gid]
-            Process.egid = arguments[:gid]
-            Process.gid = arguments[:gid] unless @@os == "Darwin"
-          end
-          if arguments[:uid]
-            Process.euid = arguments[:uid]
-            Process.uid = arguments[:uid] unless @@os == "Darwin"
-          end
+          Puppet::Util::SUIDManager.change_group(arguments[:gid], true) if arguments[:gid]
+          Puppet::Util::SUIDManager.change_user(arguments[:uid], true) if arguments[:uid]
           ENV['LANG'] = ENV['LC_ALL'] = ENV['LC_MESSAGES'] = ENV['LANGUAGE'] = 'C'
           if command.is_a?(Array)
             Kernel.exec(*command)

data/lib/puppet/util/settings.rb

@@ -726,7 +726,7 @@ if @config.include?(:run_mode)
     end
 
     Puppet::Util::SUIDManager.asuser(*chown) do
-      mode = obj.mode || 0640
+      mode = obj.mode ? obj.mode.to_i : 0640
       args << "w" if args.empty?
 
       args << mode

data/lib/puppet/util/suidmanager.rb

@@ -36,12 +36,6 @@ module Puppet::Util::SUIDManager
   end
   module_function :groups=
 
-  if Facter['kernel'].value == 'Darwin'
-    # Cannot change real UID on Darwin so we set euid
-    alias :uid :euid
-    alias :gid :egid
-  end
-
   def self.root?
     Process.uid == 0
   end
@@ -50,23 +44,63 @@ module Puppet::Util::SUIDManager
   def asuser(new_uid=nil, new_gid=nil)
     return yield if Puppet.features.microsoft_windows? or !root?
 
-    # We set both because some programs like to drop privs, i.e. bash.
-    old_uid, old_gid = self.uid, self.gid
     old_euid, old_egid = self.euid, self.egid
-    old_groups = self.groups
     begin
-      self.egid = convert_xid :gid, new_gid if new_gid
-      self.initgroups(convert_xid(:uid, new_uid)) if new_uid
-      self.euid = convert_xid :uid, new_uid if new_uid
+      change_group(new_gid) if new_gid
+      change_user(new_uid) if new_uid
 
       yield
     ensure
-      self.euid, self.egid = old_euid, old_egid
-      self.groups = old_groups
+      change_group(old_egid)
+      change_user(old_euid)
     end
   end
   module_function :asuser
 
+  def change_group(group, permanently=false)
+    gid = convert_xid(:gid, group)
+    raise Puppet::Error, "No such group #{group}" unless gid
+
+    if permanently
+      begin
+        Process::GID.change_privilege(gid)
+      rescue NotImplementedError
+        Process.egid = gid
+        Process.gid  = gid
+      end
+    else
+      Process.egid = gid
+    end
+  end
+  module_function :change_group
+
+  def change_user(user, permanently=false)
+    uid = convert_xid(:uid, user)
+    raise Puppet::Error, "No such user #{user}" unless uid
+
+    if permanently
+      begin
+        Process::UID.change_privilege(uid)
+      rescue NotImplementedError
+        # If changing uid, we must be root. So initgroups first here.
+        initgroups(uid)
+        Process.euid = uid
+        Process.uid  = uid
+      end
+    else
+      # If we're already root, initgroups before changing euid. If we're not,
+      # change euid (to root) first.
+      if Process.euid == 0
+        initgroups(uid)
+        Process.euid = uid
+      else
+        Process.euid = uid
+        initgroups(uid)
+      end
+    end
+  end
+  module_function :change_user
+
   # Make sure the passed argument is a number.
   def convert_xid(type, id)
     map = {:gid => :group, :uid => :user}

data/spec/unit/application/inspect_spec.rb

@@ -13,6 +13,11 @@ describe Puppet::Application::Inspect do
 
   before :each do
     @inspect = Puppet::Application[:inspect]
+    @inspect.preinit
+  end
+
+  it "should operate in agent run_mode" do
+    @inspect.class.run_mode.name.should == :agent
   end
 
   describe "during setup" do

data/spec/unit/application/resource_spec.rb

@@ -230,4 +230,29 @@ describe Puppet::Application::Resource do
 
     end
   end
+
+  describe "when handling file type" do
+    before :each do
+      Facter.stubs(:loadfacts)
+      @resource.preinit
+    end
+
+    it "should raise an exception if no file specified" do
+      @resource.command_line.stubs(:args).returns(['file'])
+
+      lambda { @resource.main }.should raise_error(RuntimeError, /Listing all file instances is not supported/)
+    end
+
+    it "should output a file resource when given a file path" do
+      res = Puppet::Type.type(:file).new(:path => "/etc").to_resource
+      Puppet::Resource.expects(:find).returns(res)
+
+      @resource.command_line.stubs(:args).returns(['file', '/etc'])
+      @resource.expects(:puts).with do |args|
+        args.should =~ /file \{ '\/etc'/m
+      end
+
+      @resource.main
+    end
+  end
 end

data/spec/unit/configurer_spec.rb

@@ -90,6 +90,11 @@ describe Puppet::Configurer do
       Puppet::Util::Log.stubs(:close)
     end
 
+    after :all do
+      Puppet::Node::Facts.indirection.reset_terminus_class
+      Puppet::Resource::Catalog.indirection.reset_terminus_class
+    end
+
     it "should prepare for the run" do
       @agent.expects(:prepare)
 

data/spec/unit/indirector/facts/inventory_service_spec.rb

@@ -0,0 +1,22 @@
+#!/usr/bin/env rspec
+require 'spec_helper'
+
+require 'puppet/indirector/facts/inventory_service'
+
+describe Puppet::Node::Facts::InventoryService do
+  it "should suppress failures and warn when saving facts" do
+    facts = Puppet::Node::Facts.new('foo')
+    request = Puppet::Indirector::Request.new(:facts, :save, facts)
+
+    Net::HTTP.any_instance.stubs(:put).raises(Errno::ECONNREFUSED)
+
+    Puppet.expects(:warning).with do |msg|
+      msg =~ /Could not upload facts for foo to inventory service/
+    end
+
+    expect {
+      subject.save(request)
+    }.should_not raise_error
+  end
+end
+

data/spec/unit/indirector/report/processor_spec.rb

@@ -25,9 +25,11 @@ describe Puppet::Transaction::Report::Processor, " when saving a report" do
 
   it "should not process the report if reports are set to 'none'" do
     Puppet::Reports.expects(:report).never
-    Puppet.settings.expects(:value).with(:reports).returns("none")
+    Puppet[:reports] = 'none'
 
-    request = stub 'request', :instance => mock("report")
+    request = Puppet::Indirector::Request.new(:indirection_name, :head, "key")
+    report = Puppet::Transaction::Report.new('apply')
+    request.instance = report
 
     @reporter.save(request)
   end
@@ -40,14 +42,14 @@ end
 
 describe Puppet::Transaction::Report::Processor, " when processing a report" do
   before do
-    Puppet.settings.stubs(:value).with(:reports).returns("one")
+    Puppet[:reports] = "one"
     Puppet.settings.stubs(:use)
     @reporter = Puppet::Transaction::Report::Processor.new
 
     @report_type = mock 'one'
     @dup_report = mock 'dupe report'
     @dup_report.stubs(:process)
-    @report = mock 'report'
+    @report = Puppet::Transaction::Report.new('apply')
     @report.expects(:dup).returns(@dup_report)
 
     @request = stub 'request', :instance => @report
@@ -74,7 +76,7 @@ describe Puppet::Transaction::Report::Processor, " when processing a report" do
   end
 
   it "should not raise exceptions" do
-    Puppet.settings.stubs(:value).with(:trace).returns(false)
+    Puppet[:trace] = false
     @dup_report.expects(:process).raises(ArgumentError)
     proc { @reporter.save(@request) }.should_not raise_error
   end

data/spec/unit/resource/catalog_spec.rb

@@ -507,7 +507,7 @@ describe Puppet::Resource::Catalog, "when compiling" do
       lambda { @catalog.alias(@one, "other") }.should_not raise_error
     end
 
-    it "should create aliases for resources isomorphic resources whose names do not match their titles" do
+    it "should create aliases for isomorphic resources whose names do not match their titles" do
       resource = Puppet::Type::File.new(:title => "testing", :path => @basepath+"/something")
 
       @catalog.add_resource(resource)
@@ -515,7 +515,7 @@ describe Puppet::Resource::Catalog, "when compiling" do
       @catalog.resource(:file, @basepath+"/something").should equal(resource)
     end
 
-    it "should not create aliases for resources non-isomorphic resources whose names do not match their titles" do
+    it "should not create aliases for non-isomorphic resources whose names do not match their titles" do
       resource = Puppet::Type.type(:exec).new(:title => "testing", :command => "echo", :path => %w{/bin /usr/bin /usr/local/bin})
 
       @catalog.add_resource(resource)
@@ -531,11 +531,6 @@ describe Puppet::Resource::Catalog, "when compiling" do
       @catalog.resource("notify", "other").should equal(@one)
     end
 
-    it "should ignore conflicting aliases that point to the aliased resource" do
-      @catalog.alias(@one, "other")
-      lambda { @catalog.alias(@one, "other") }.should_not raise_error
-    end
-
     it "should fail to add an alias if the aliased name already exists" do
       @catalog.add_resource @one
       proc { @catalog.alias @two, "one" }.should raise_error(ArgumentError)
@@ -589,6 +584,58 @@ describe Puppet::Resource::Catalog, "when compiling" do
       @catalog.create_resource :file, args
       @catalog.resource("File[/yay]").should equal(resource)
     end
+
+    describe "when adding resources with multiple namevars" do
+      before :each do
+        Puppet::Type.newtype(:multiple) do
+          newparam(:color, :namevar => true)
+          newparam(:designation, :namevar => true)
+
+          def self.title_patterns
+            [ [
+                /^(\w+) (\w+)$/,
+                [
+                  [:color,  lambda{|x| x}],
+                  [:designation, lambda{|x| x}]
+                ]
+            ] ]
+          end
+        end
+      end
+
+      it "should add an alias using the uniqueness key" do
+        @resource = Puppet::Type.type(:multiple).new(:title => "some resource", :color => "red", :designation => "5")
+
+        @catalog.add_resource(@resource)
+        @catalog.resource(:multiple, "some resource").must == @resource
+        @catalog.resource("Multiple[some resource]").must == @resource
+        @catalog.resource("Multiple[red 5]").must == @resource
+      end
+
+      it "should conflict with a resource with the same uniqueness key" do
+        @resource = Puppet::Type.type(:multiple).new(:title => "some resource", :color => "red", :designation => "5")
+        @other    = Puppet::Type.type(:multiple).new(:title => "another resource", :color => "red", :designation => "5")
+
+        @catalog.add_resource(@resource)
+        expect { @catalog.add_resource(@other) }.to raise_error(ArgumentError, /Cannot alias Multiple\[another resource\] to \["red", "5"\].*resource \["Multiple", "red", "5"\] already defined/)
+      end
+
+      it "should conflict when its uniqueness key matches another resource's title" do
+        @resource = Puppet::Type.type(:file).new(:title => "/tmp/foo")
+        @other    = Puppet::Type.type(:file).new(:title => "another file", :path => "/tmp/foo")
+
+        @catalog.add_resource(@resource)
+        expect { @catalog.add_resource(@other) }.to raise_error(ArgumentError, /Cannot alias File\[another file\] to \["\/tmp\/foo"\].*resource \["File", "\/tmp\/foo"\] already defined/)
+      end
+
+      it "should conflict when its uniqueness key matches the uniqueness key derived from another resource's title" do
+        @resource = Puppet::Type.type(:multiple).new(:title => "red leader")
+        @other    = Puppet::Type.type(:multiple).new(:title => "another resource", :color => "red", :designation => "leader")
+
+        @catalog.add_resource(@resource)
+        expect { @catalog.add_resource(@other) }.to raise_error(ArgumentError, /Cannot alias Multiple\[another resource\] to \["red", "leader"\].*resource \["Multiple", "red", "leader"\] already defined/)
+      end
+    end
   end
 
   describe "when applying" do

data/spec/unit/ssl/host_spec.rb

@@ -82,8 +82,6 @@ describe Puppet::SSL::Host do
 
   context "with dns_alt_names" do
     before :each do
-      Puppet[:dns_alt_names] = 'one, two'
-
       @key = stub('key content')
       key = stub('key', :generate => true, :save => true, :content => @key)
       Puppet::SSL::Key.stubs(:new).returns key
@@ -92,17 +90,68 @@ describe Puppet::SSL::Host do
       Puppet::SSL::CertificateRequest.stubs(:new).returns @cr
     end
 
-    it "should not include subjectAltName if not the local node" do
-      @cr.expects(:generate).with(@key, {})
+    describe "explicitly specified" do
+      before :each do
+        Puppet[:dns_alt_names] = 'one, two'
+      end
+
+      it "should not include subjectAltName if not the local node" do
+        @cr.expects(:generate).with(@key, {})
 
-      Puppet::SSL::Host.new('not-the-' + Puppet[:certname]).generate
+        Puppet::SSL::Host.new('not-the-' + Puppet[:certname]).generate
+      end
+
+      it "should include subjectAltName if I am a CA" do
+        @cr.expects(:generate).
+          with(@key, { :dns_alt_names => Puppet[:dns_alt_names] })
+
+        Puppet::SSL::Host.localhost
+      end
     end
 
-    it "should include subjectAltName if I am a CA" do
-      @cr.expects(:generate).
-        with(@key, { :dns_alt_names => Puppet[:dns_alt_names] })
+    describe "implicitly defaulted" do
+      let(:ca) { stub('ca', :sign => nil) }
 
-      Puppet::SSL::Host.localhost
+      before :each do
+        Puppet[:dns_alt_names] = ''
+
+        Puppet::SSL::CertificateAuthority.stubs(:instance).returns ca
+      end
+
+      it "should not include defaults if we're not the CA" do
+        Puppet::SSL::CertificateAuthority.stubs(:ca?).returns false
+
+        @cr.expects(:generate).with(@key, {})
+
+        Puppet::SSL::Host.localhost
+      end
+
+      it "should not include defaults if not the local node" do
+        Puppet::SSL::CertificateAuthority.stubs(:ca?).returns true
+
+        @cr.expects(:generate).with(@key, {})
+
+        Puppet::SSL::Host.new('not-the-' + Puppet[:certname]).generate
+      end
+
+      it "should not include defaults if we can't resolve our fqdn" do
+        Puppet::SSL::CertificateAuthority.stubs(:ca?).returns true
+        Facter.stubs(:value).with(:fqdn).returns nil
+
+        @cr.expects(:generate).with(@key, {})
+
+        Puppet::SSL::Host.localhost
+      end
+
+      it "should provide defaults if we're bootstrapping the local master" do
+        Puppet::SSL::CertificateAuthority.stubs(:ca?).returns true
+        Facter.stubs(:value).with(:fqdn).returns 'web.foo.com'
+        Facter.stubs(:value).with(:domain).returns 'foo.com'
+
+        @cr.expects(:generate).with(@key, {:dns_alt_names => "puppet, web.foo.com, puppet.foo.com"})
+
+        Puppet::SSL::Host.localhost
+      end
     end
   end