puppet 2.7.19 → 2.7.20.rc1

data/lib/puppet/face/module/uninstall.rb

@@ -8,7 +8,7 @@ Puppet::Face.define(:module, '1.0.0') do
 
     returns "Hash of module objects representing uninstalled modules and related errors."
 
-    examples <<-EOT
+    examples <<-'EOT'
       Uninstall a module:
 
       $ puppet module uninstall puppetlabs-ssh

data/lib/puppet/face/node/clean.rb

@@ -1,27 +1,32 @@
 Puppet::Face.define(:node, '0.0.1') do
   action(:clean) do
     option "--[no-]unexport" do
-      summary "Unexport exported resources"
+      summary "Whether to remove this node's exported resources from other nodes"
     end
 
-    summary "Clean up everything a puppetmaster knows about a node"
+    summary "Clean up everything a puppetmaster knows about a node."
     arguments "<host1> [<host2> ...]"
-    description <<-EOT
-      This includes
-
-       * Signed certificates ($vardir/ssl/ca/signed/node.domain.pem)
-       * Cached facts ($vardir/yaml/facts/node.domain.yaml)
-       * Cached node stuff ($vardir/yaml/node/node.domain.yaml)
-       * Reports ($vardir/reports/node.domain)
-       * Stored configs: it can either remove all data from an host in your
-       storedconfig database, or with --unexport turn every exported resource
-       supporting ensure to absent so that any other host checking out their
-       config can remove those exported configurations.
-
-      This will unexport exported resources of a
-      host, so that consumers of these resources can remove the exported
-      resources and we will safely remove the node from our
-      infrastructure.
+    description <<-'EOT'
+      Clean up everything a puppet master knows about a node, including certificates
+      and storeconfigs data.
+      
+      The full list of info cleaned by this action is:
+
+      <Signed certificates> - ($vardir/ssl/ca/signed/node.domain.pem)
+      
+      <Cached facts> - ($vardir/yaml/facts/node.domain.yaml)
+      
+      <Cached node objects> - ($vardir/yaml/node/node.domain.yaml)
+      
+      <Reports> - ($vardir/reports/node.domain)
+      
+      <Stored configs> - (in database) The clean action can either remove all
+      data from a host in your storeconfigs database, or, with the
+      <--unexport> option, turn every exported resource supporting ensure to
+      absent so that any other host that collected those resources can remove
+      them. Without unexporting, a removed node's exported resources become
+      unmanaged by Puppet, and may linger as cruft unless you are purging
+      that resource type.
     EOT
 
     when_invoked do |*args|

data/lib/puppet/face/parser.rb

@@ -24,13 +24,22 @@ Puppet::Face.define(:parser, '0.0.1') do
       Validate two arbitrary manifest files:
 
       $ puppet parser validate init.pp vhost.pp
+
+      Validate from STDIN:
+
+      $ cat init.pp | puppet parser validate
     EOT
     when_invoked do |*args|
       args.pop
       files = args
       if files.empty?
-        files << Puppet[:manifest]
-        Puppet.notice "No manifest specified. Validating the default manifest #{Puppet[:manifest]}"
+        if not STDIN.tty?
+          Puppet[:code] = STDIN.read
+          Puppet::Node::Environment.new(Puppet[:environment]).known_resource_types.clear
+        else
+           files << Puppet[:manifest]
+           Puppet.notice "No manifest specified. Validating the default manifest #{Puppet[:manifest]}"
+        end
       end
       files.each do |file|
         Puppet[:manifest] = file

data/lib/puppet/file_collection.rb

@@ -1,30 +1,19 @@
-# A simple way to turn file names into singletons,
-# so we don't have tons of copies of each file path around.
+# This was a simple way to turn file names into singletons,
+#
+# The theory was, like:
+# 1. Turn filenames into singletons.
+# 2. ????
+# 3. Huge memory savings!
+#
+# In practice it used several MB more memory overall, and it cost more CPU
+# time, and it added complexity to the code.  Which was awesome.
+#
+# So, I gutted it.  It doesn't do anything any more, but we retain the
+# external form that people included so that they don't explode so much.
+#
+# This should be removed from the system after a graceful deprecation period,
+# probably about the time that a version of Puppet containing this change is
+# the last supported version. --daniel 2012-07-17
 class Puppet::FileCollection
   require 'puppet/file_collection/lookup'
-
-  def self.collection
-    @collection
-  end
-
-  def initialize
-    @paths = []
-    @inverse = {}
-  end
-
-  def index(path)
-    if i = @inverse[path]
-      return i
-    else
-      @paths << path
-      i = @inverse[path] = @paths.length - 1
-      return i
-    end
-  end
-
-  def path(index)
-    @paths[index]
-  end
-
-  @collection = self.new
 end

data/lib/puppet/file_collection/lookup.rb

@@ -1,20 +1,10 @@
 require 'puppet/file_collection'
 
-# A simple module for looking up file paths and indexes
-# in a file collection.
 module Puppet::FileCollection::Lookup
-  attr_accessor :line, :file_index
-
-  def file_collection
-    Puppet::FileCollection.collection
-  end
-
-  def file=(path)
-    @file_index = file_collection.index(path)
-  end
-
-  def file
-    return nil unless file_index
-    file_collection.path(file_index)
-  end
+  # Yeah, this is all the external interface that was added to the folks who
+  # included this really was.  Thankfully.
+  #
+  # See the comments in `puppet/file_collection.rb` for the annotated version,
+  # or just port your code away from this by adding the accessors on your own.
+  attr_accessor :line, :file
 end

data/lib/puppet/file_serving/base.rb

@@ -19,10 +19,10 @@ class Puppet::FileServing::Base
   # Return the full path to our file.  Fails if there's no path set.
   def full_path(dummy_argument=:work_arround_for_ruby_GC_bug)
     (if relative_path.nil? or relative_path == "" or relative_path == "."
-      path
-    else
-      File.join(path, relative_path)
-    end).gsub(%r{/+}, "/")
+       path
+     else
+       File.join(path, relative_path)
+     end).gsub(%r{//+}, "/")
   end
 
   def initialize(path, options = {})

data/lib/puppet/indirector/catalog/static_compiler.rb

@@ -113,9 +113,7 @@ class Puppet::Resource::Catalog::StaticCompiler < Puppet::Indirector::Code
 
   def remove_existing_resources(children, catalog)
     existing_names = catalog.resources.collect { |r| r.to_s }
-
     both = (existing_names & children.keys).inject({}) { |hash, name| hash[name] = true; hash }
-    
     both.each { |name| children.delete(name) }
   end
 
@@ -130,8 +128,9 @@ class Puppet::Resource::Catalog::StaticCompiler < Puppet::Indirector::Code
       Puppet.info "Content for '#{resource[:source]}' already exists"
     else
       Puppet.info "Storing content for source '#{resource[:source]}'"
-      content = Puppet::FileServing::Content.find(resource[:source])
-      Puppet::FileBucket::File.new(content.content).save
+      content = Puppet::FileServing::Content.indirection.find(resource[:source])
+      file = Puppet::FileBucket::File.new(content.content)
+      Puppet::FileBucket::File.indirection.save(file)
     end
   end
 end

data/lib/puppet/indirector/certificate/disabled_ca.rb

@@ -0,0 +1,22 @@
+require 'puppet/indirector/code'
+require 'puppet/ssl/certificate'
+
+class Puppet::SSL::Certificate::DisabledCa < Puppet::Indirector::Code
+  desc "Manage SSL certificates on disk, but reject any remote access
+to the SSL data store.  Used when a master has an explicitly disabled
+CA to prevent clients getting confusing 'success' behaviour."
+
+  def initialize
+    @file = Puppet::SSL::Certificate.indirection.terminus(:file)
+  end
+
+  [:find, :head, :search, :save, :destroy].each do |name|
+    define_method(name) do |request|
+      if request.remote?
+        raise Puppet::Error, "this master is not a CA"
+      else
+        @file.send(name, request)
+      end
+    end
+  end
+end

data/lib/puppet/indirector/certificate_request/disabled_ca.rb

@@ -0,0 +1,22 @@
+require 'puppet/indirector/code'
+require 'puppet/ssl/certificate_request'
+
+class Puppet::SSL::CertificateRequest::DisabledCa < Puppet::Indirector::Code
+  desc "Manage SSL certificate requests on disk, but reject any remote access
+to the SSL data store. Used when a master has an explicitly disabled CA to
+prevent clients getting confusing 'success' behaviour."
+
+  def initialize
+    @file = Puppet::SSL::CertificateRequest.indirection.terminus(:file)
+  end
+
+  [:find, :head, :search, :save, :destroy].each do |name|
+    define_method(name) do |request|
+      if request.remote?
+        raise Puppet::Error, "this master is not a CA"
+      else
+        @file.send(name, request)
+      end
+    end
+  end
+end

data/lib/puppet/indirector/certificate_revocation_list/disabled_ca.rb

@@ -0,0 +1,22 @@
+require 'puppet/indirector/code'
+require 'puppet/ssl/certificate_revocation_list'
+
+class Puppet::SSL::CertificateRevocationList::DisabledCa < Puppet::Indirector::Code
+  desc "Manage SSL certificate revocation lists, but reject any remote access
+to the SSL data store. Used when a master has an explicitly disabled CA to
+prevent clients getting confusing 'success' behaviour."
+
+  def initialize
+    @file = Puppet::SSL::CertificateRevocationList.indirection.terminus(:file)
+  end
+
+  [:find, :head, :search, :save, :destroy].each do |name|
+    define_method(name) do |request|
+      if request.remote?
+        raise Puppet::Error, "this master is not a CA"
+      else
+        @file.send(name, request)
+      end
+    end
+  end
+end

data/lib/puppet/indirector/face.rb

@@ -50,11 +50,11 @@ class Puppet::Indirector::Face < Puppet::Face
 
   option "--extra HASH" do
     summary "Extra arguments to pass to the indirection request"
-    description <<-end
+    description <<-EOT
       A terminus can take additional arguments to refine the operation, which
       are passed as an arbitrary hash to the back-end.  Anything passed as
       the extra value is just send direct to the back-end.
-    end
+    EOT
     default_to do Hash.new end
   end
 

data/lib/puppet/indirector/key/disabled_ca.rb

@@ -0,0 +1,22 @@
+require 'puppet/indirector/code'
+require 'puppet/ssl/key'
+
+class Puppet::SSL::Key::DisabledCa < Puppet::Indirector::Code
+  desc "Manage the CA private key, but reject any remote access
+to the SSL data store. Used when a master has an explicitly disabled CA to
+prevent clients getting confusing 'success' behaviour."
+
+  def initialize
+    @file = Puppet::SSL::Key.indirection.terminus(:file)
+  end
+
+  [:find, :head, :search, :save, :destroy].each do |name|
+    define_method(name) do |request|
+      if request.remote?
+        raise Puppet::Error, "this master is not a CA"
+      else
+        @file.send(name, request)
+      end
+    end
+  end
+end

data/lib/puppet/indirector/node/exec.rb

@@ -41,7 +41,19 @@ class Puppet::Node::Exec < Puppet::Indirector::Exec
 
   # Translate the yaml string into Ruby objects.
   def translate(name, output)
-      YAML.load(output).inject({}) { |hash, data| hash[symbolize(data[0])] = data[1]; hash }
+    YAML.load(output).inject({}) do |hash, data|
+      case data[0]
+      when String
+        hash[data[0].intern] = data[1]
+      when Symbol
+        hash[data[0]] = data[1]
+      else
+        raise Puppet::Error, "key is a #{data[0].class}, not a string or symbol"
+      end
+
+      hash
+    end
+
   rescue => detail
       raise Puppet::Error, "Could not load external node results for #{name}: #{detail}"
   end

data/lib/puppet/indirector/request.rb

@@ -150,6 +150,10 @@ class Puppet::Indirector::Request
     return(uri ? uri : "/#{indirection_name}/#{key}")
   end
 
+  def remote?
+    self.node or self.ip
+  end
+
   private
 
   def set_attributes(options)

data/lib/puppet/metatype/manager.rb

@@ -38,8 +38,8 @@ module Manager
     end
 
     # First make sure we don't have a method sitting around
-    name = symbolize(name)
-    newmethod = "new#{name.to_s}"
+    name = name.intern
+    newmethod = "new#{name}"
 
     # Used for method manipulation.
     selfobj = singleton_class
@@ -108,17 +108,24 @@ module Manager
   def type(name)
     @types ||= {}
 
-    name = name.to_s.downcase.to_sym
+    # We are overwhelmingly symbols here, which usually match, so it is worth
+    # having this special-case to return quickly.  Like, 25K to 300 symbols to
+    # strings in this method. --daniel 2012-07-17
+    return @types[name] if @types[name]
 
-    if t = @types[name]
-      return t
-    else
-      if typeloader.load(name)
-        Puppet.warning "Loaded puppet/type/#{name} but no class was created" unless @types.include? name
-      end
+    # Try mangling the name, if it is a string.
+    if name.is_a? String
+      name = name.downcase.intern
+      return @types[name] if @types[name]
+    end
 
-      return @types[name]
+    # Try loading the type.
+    if typeloader.load(name, Puppet::Node::Environment.current)
+      Puppet.warning "Loaded puppet/type/#{name} but no class was created" unless @types.include? name
     end
+
+    # ...and I guess that is that, eh.
+    return @types[name]
   end
 
   # Create a loader for Puppet types.

data/lib/puppet/network/authstore.rb

@@ -179,7 +179,7 @@ module Puppet
 
       # Set the declaration type.  Either :allow or :deny.
       def type=(type)
-        type = symbolize(type)
+        type = type.intern
         raise ArgumentError, "Invalid declaration type #{type}" unless [:allow, :deny].include?(type)
         @type = type
       end

data/lib/puppet/network/rights.rb

@@ -131,10 +131,9 @@ class Rights
 
   # A right.
   class Right < Puppet::Network::AuthStore
-    include Puppet::FileCollection::Lookup
-
     attr_accessor :name, :key, :acl_type
     attr_accessor :methods, :environment, :authentication
+    attr_accessor :line, :file
 
     ALL = [:save, :destroy, :find, :search]
 

data/lib/puppet/node/environment.rb

@@ -57,6 +57,7 @@ class Puppet::Node::Environment
 
   def self.clear
     @seen.clear
+    Thread.current[:environment] = nil
   end
 
   attr_reader :name

data/lib/puppet/parameter/value.rb

@@ -53,11 +53,17 @@ class Puppet::Parameter::Value
   # A standard way of converting all of our values, so we're always
   # comparing apples to apples.
   def convert(value)
-    if value == ''
-      # We can't intern an empty string, yay.
+    case value
+    when Symbol, ''             # can't intern an empty string
       value
+    when String
+      value.intern
+    when true
+      :true
+    when false
+      :false
     else
-      value.to_s.to_sym
+      value.to_s.intern
     end
   end
 end

data/lib/puppet/parser/ast.rb

@@ -2,7 +2,6 @@
 
 require 'puppet'
 require 'puppet/util/autoload'
-require 'puppet/file_collection/lookup'
 
 # The base class for all of the objects that make up the parse trees.
 # Handles things like file name, line #, and also does the initialization
@@ -11,13 +10,11 @@ class Puppet::Parser::AST
   # Do this so I don't have to type the full path in all of the subclasses
   AST = Puppet::Parser::AST
 
-  include Puppet::FileCollection::Lookup
-
   include Puppet::Util::Errors
   include Puppet::Util::MethodHelper
   include Puppet::Util::Docs
 
-  attr_accessor :parent, :scope
+  attr_accessor :parent, :scope, :file, :line
 
   def inspect
     "( #{self.class} #{self.to_s} #{@children.inspect} )"