puppet 2.7.19 → 2.7.20.rc1

data/lib/puppet/provider/service/windows.rb

@@ -1,8 +1,6 @@
 # Windows Service Control Manager (SCM) provider
 
-require 'win32/service' if Puppet.features.microsoft_windows?
-
-Puppet::Type.type(:service).provide :windows do
+Puppet::Type.type(:service).provide :windows, :parent => :service do
 
   desc <<-EOT
     Support for Windows Service Control Manager (SCM). This provider can
@@ -86,11 +84,6 @@ Puppet::Type.type(:service).provide :windows do
     raise Puppet::Error.new("Cannot stop #{@resource[:name]}, error was: #{detail}" )
   end
 
-  def restart
-    self.stop
-    self.start
-  end
-
   def status
     w32ss = Win32::Service.status( @resource[:name] )
     raise Puppet::Error.new("Win32 service query of #{@resource[:name]} failed" ) unless( !w32ss.nil? && w32ss.instance_of?( Struct::ServiceStatus ) )

data/lib/puppet/provider/user/user_role_add.rb

@@ -173,7 +173,8 @@ Puppet::Type.type(:user).provide :user_role_add, :parent => :useradd, :source =>
   end
 
   def password_max_age
-    shadow_entry ? shadow_entry[4] : :absent
+    return :absent unless shadow_entry
+    shadow_entry[4] || -1
   end
 
   # Read in /etc/shadow, find the line for our used and rewrite it with the

data/lib/puppet/provider/user/useradd.rb

@@ -21,7 +21,8 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
     value !~ /\s/
   end
 
-  has_features :manages_homedir, :allows_duplicates, :manages_expiry, :system_users
+  has_features :manages_homedir, :allows_duplicates, :manages_expiry
+  has_features :system_users unless %w{HP-UX Solaris}.include? Facter.value(:operatingsystem)
 
   has_features :manages_passwords, :manages_password_age if Puppet.features.libshadow?
 
@@ -33,7 +34,7 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
     cmd = []
     if @resource.managehome?
       cmd << "-m"
-    elsif %w{Fedora RedHat CentOS OEL OVS}.include?(Facter.value("operatingsystem"))
+    elsif %w{Fedora RedHat CentOS OEL OVS}.include?(Facter.value(:operatingsystem))
       cmd << "-M"
     end
     cmd
@@ -49,7 +50,11 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
   end
 
   def check_system_users
-    @resource.system? ? ["-r"] : []
+    if self.class.system_users? and resource.system?
+      ["-r"]
+    else
+      []
+    end
   end
 
   def add_properties

data/lib/puppet/provider/user/windows_adsi.rb

@@ -28,6 +28,10 @@ Puppet::Type.type(:user).provide :windows_adsi do
     [:comment, :home, :groups].each do |prop|
       send("#{prop}=", @resource[prop]) if @resource[prop]
     end
+
+    if @resource.managehome?
+      Puppet::Util::Windows::User.load_profile(@resource[:name], @resource[:password])
+    end
   end
 
   def exists?
@@ -35,7 +39,14 @@ Puppet::Type.type(:user).provide :windows_adsi do
   end
 
   def delete
+    # lookup sid before we delete account
+    sid = uid if @resource.managehome?
+
     Puppet::Util::ADSI::User.delete(@resource[:name])
+
+    if sid
+      Puppet::Util::ADSI::UserProfile.delete(sid)
+    end
   end
 
   # Only flush if we created or modified a user, not deleted
@@ -68,7 +79,7 @@ Puppet::Type.type(:user).provide :windows_adsi do
   end
 
   def uid
-    Puppet::Util::ADSI.sid_for_account(@resource[:name])
+    Puppet::Util::Windows::Security.name_to_sid(@resource[:name])
   end
 
   def uid=(value)

data/lib/puppet/provider/zone/solaris.rb

@@ -19,7 +19,7 @@ Puppet::Type.type(:zone).provide(:solaris) do
     # Configured but not installed zones do not have IDs
     properties.delete(:id) if properties[:id] == "-"
 
-    properties[:ensure] = symbolize(properties[:ensure])
+    properties[:ensure] = properties[:ensure].intern
 
     properties
   end

data/lib/puppet/rails/inventory_node.rb

@@ -4,23 +4,36 @@ class Puppet::Rails::InventoryNode < ::ActiveRecord::Base
   has_many :facts, :class_name => "Puppet::Rails::InventoryFact", :foreign_key => :node_id, :dependent => :delete_all
 
   if Puppet::Util.activerecord_version < 3.0
-    # For backward compatibility, add the newer name to older implementations.
-    ActiveRecord::NamedScope::ClassMethods.module_eval { alias :scope :named_scope }
-  end
+    # For backward compatibility, use the old named_scope with pre 3.0 activerecord
+    named_scope :has_fact_with_value, lambda { |name,value|
+      {
+        :conditions => ["inventory_facts.name = ? AND inventory_facts.value = ?", name, value.to_s],
+        :joins => :facts
+      }
+    }
 
-  scope :has_fact_with_value, lambda { |name,value|
-    {
-      :conditions => ["inventory_facts.name = ? AND inventory_facts.value = ?", name, value.to_s],
-      :joins => :facts
+    named_scope :has_fact_without_value, lambda { |name,value|
+      {
+        :conditions => ["inventory_facts.name = ? AND inventory_facts.value != ?", name, value.to_s],
+        :joins => :facts
+      }
+    }
+  else
+    # Use scope for activerecord >= 3.0
+    scope :has_fact_with_value, lambda { |name,value|
+      {
+        :conditions => ["inventory_facts.name = ? AND inventory_facts.value = ?", name, value.to_s],
+        :joins => :facts
+      }
     }
-  }
 
-  scope :has_fact_without_value, lambda { |name,value|
-    {
-      :conditions => ["inventory_facts.name = ? AND inventory_facts.value != ?", name, value.to_s],
-      :joins => :facts
+    scope :has_fact_without_value, lambda { |name,value|
+      {
+        :conditions => ["inventory_facts.name = ? AND inventory_facts.value != ?", name, value.to_s],
+        :joins => :facts
+      }
     }
-  }
+  end
 
   def facts_to_hash
     facts.inject({}) do |fact_hash,fact|

data/lib/puppet/reports.rb

@@ -14,7 +14,7 @@ class Puppet::Reports
 
   # Add a new report type.
   def self.register_report(name, options = {}, &block)
-    name = symbolize(name)
+    name = name.intern
 
     mod = genmodule(name, :extend => Puppet::Util::Docs, :hash => instance_hash(:report), :block => block)
 

data/lib/puppet/resource.rb

@@ -431,14 +431,29 @@ class Puppet::Resource
     if type.respond_to? :title_patterns
       type.title_patterns.each { |regexp, symbols_and_lambdas|
         if captures = regexp.match(title.to_s)
-          symbols_and_lambdas.zip(captures[1..-1]).each { |symbol_and_lambda,capture|
-            sym, lam = symbol_and_lambda
-            #self[sym] = lam.call(capture)
-            h[sym] = lam.call(capture)
-          }
+          symbols_and_lambdas.zip(captures[1..-1]).each do |symbol_and_lambda,capture|
+            symbol, proc = symbol_and_lambda
+            # Many types pass "identity" as the proc; we might as well give
+            # them a shortcut to delivering that without the extra cost.
+            #
+            # Especially because the global type defines title_patterns and
+            # uses the identity patterns.
+            #
+            # This was worth about 8MB of memory allocation saved in my
+            # testing, so is worth the complexity for the API.
+            if proc then
+              h[symbol] = proc.call(capture)
+            else
+              h[symbol] = capture
+            end
+          end
           return h
         end
       }
+      # If we've gotten this far, then none of the provided title patterns
+      # matched. Since there's no way to determine the title then the
+      # resource should fail here.
+      raise Puppet::Error, "No set of title patterns matched the title \"#{title}\"."
     else
       return { :name => title.to_s }
     end

data/lib/puppet/resource/status.rb

@@ -66,7 +66,7 @@ module Puppet
       end
 
       def to_yaml_properties
-        (YAML_ATTRIBUTES & instance_variables).sort
+        YAML_ATTRIBUTES & instance_variables
       end
 
       private

data/lib/puppet/ssl/certificate_authority.rb

@@ -231,6 +231,8 @@ class Puppet::SSL::CertificateAuthority
 
     if cert = Puppet::SSL::Certificate.indirection.find(name)
       serial = cert.content.serial
+    elsif name =~ /^0x[0-9A-Fa-f]+$/
+      serial = name.hex
     elsif ! serial = inventory.serial(name)
       raise ArgumentError, "Could not find a serial number for #{name}"
     end

data/lib/puppet/ssl/host.rb

@@ -54,7 +54,7 @@ class Puppet::SSL::Host
     CertificateRequest.indirection.terminus_class = terminus
     CertificateRevocationList.indirection.terminus_class = terminus
 
-    host_map = {:ca => :file, :file => nil, :rest => :rest}
+    host_map = {:ca => :file, :disabled_ca => nil, :file => nil, :rest => :rest}
     if term = host_map[terminus]
       self.indirection.terminus_class = term
     else
@@ -94,7 +94,7 @@ class Puppet::SSL::Host
     # We are the CA, so we don't have read/write access to the normal certificates.
     :only => [:ca],
     # We have no CA, so we just look in the local file store.
-    :none => [:file]
+    :none => [:disabled_ca]
   }
 
   # Specify how we expect to interact with our certificate authority.
@@ -276,14 +276,39 @@ ERROR_STRING
     pson_hash[:state] = my_state
     pson_hash[:desired_state] = desired_state if desired_state
 
-    if my_state == 'requested'
-      pson_hash[:fingerprint] = certificate_request.fingerprint
-    else
-      pson_hash[:fingerprint] = my_cert.fingerprint
+    thing_to_use = (my_state == 'requested') ? certificate_request : my_cert
+
+    # this is for backwards-compatibility
+    # we should deprecate it and transition people to using
+    # pson[:fingerprints][:default]
+    # It appears that we have no internal consumers of this api
+    # --jeffweiss 30 aug 2012
+    pson_hash[:fingerprint] = thing_to_use.fingerprint
+    
+    # The above fingerprint doesn't tell us what message digest algorithm was used
+    # No problem, except that the default is changing between 2.7 and 3.0. Also, as
+    # we move to FIPS 140-2 compliance, MD5 is no longer allowed (and, gasp, will
+    # segfault in rubies older than 1.9.3)
+    # So, when we add the newer fingerprints, we're explicit about the hashing
+    # algorithm used.
+    # --jeffweiss 31 july 2012
+    pson_hash[:fingerprints] = {}
+    pson_hash[:fingerprints][:default] = thing_to_use.fingerprint
+    
+    suitable_message_digest_algorithms.each do |md| 
+      pson_hash[:fingerprints][md] = thing_to_use.fingerprint md
     end
+    pson_hash[:dns_alt_names] = thing_to_use.subject_alt_names
 
     pson_hash.to_pson(*args)
   end
+  
+  # eventually we'll probably want to move this somewhere else or make it
+  # configurable
+  # --jeffweiss 29 aug 2012
+  def suitable_message_digest_algorithms
+    [:SHA1, :SHA256, :SHA512]
+  end
 
   # Attempt to retrieve a cert, if we don't already have one.
   def wait_for_cert(time)

data/lib/puppet/test/test_helper.rb

@@ -79,6 +79,9 @@ module Puppet::Test
       Puppet[:req_bits]  = 512
       Puppet[:keylength] = 512
 
+      Puppet::Node::Environment.clear
+      Puppet::Parser::Functions.reset
+
       Puppet.clear_deprecation_warnings
     end
 
@@ -87,7 +90,6 @@ module Puppet::Test
     def self.after_each_test()
       clear_settings_after_each()
 
-      Puppet::Node::Environment.clear
       Puppet::Util::Storage.clear
       Puppet::Util::ExecutionStub.reset
 

data/lib/puppet/transaction/event.rb

@@ -48,7 +48,7 @@ class Puppet::Transaction::Event
   end
 
   def to_yaml_properties
-    (YAML_ATTRIBUTES.map {|ya| ya.to_s} & instance_variables.map{|iv| iv.to_s}).sort
+    YAML_ATTRIBUTES & instance_variables
   end
 
   private

data/lib/puppet/transaction/report.rb

@@ -76,7 +76,7 @@ class Puppet::Transaction::Report
     @host = Puppet[:node_name_value]
     @time = Time.now
     @kind = kind
-    @report_format = 2
+    @report_format = 3
     @puppet_version = Puppet.version
     @configuration_version = configuration_version
     @environment = environment
@@ -141,7 +141,7 @@ class Puppet::Transaction::Report
   end
 
   def to_yaml_properties
-    (instance_variables - ["@external_times"]).sort
+    (instance_variables - ["@external_times"])
   end
 
   private

data/lib/puppet/type.rb

@@ -9,7 +9,6 @@ require 'puppet/metatype/manager'
 require 'puppet/util/errors'
 require 'puppet/util/log_paths'
 require 'puppet/util/logging'
-require 'puppet/file_collection/lookup'
 require 'puppet/util/tagging'
 
 # see the bottom of the file for the rest of the inclusions
@@ -20,7 +19,6 @@ class Type
   include Puppet::Util::Errors
   include Puppet::Util::LogPaths
   include Puppet::Util::Logging
-  include Puppet::FileCollection::Lookup
   include Puppet::Util::Tagging
 
   ###############################
@@ -56,14 +54,16 @@ class Type
 
   # Retrieve an attribute alias, if there is one.
   def self.attr_alias(param)
-    @attr_aliases[symbolize(param)]
+    # Intern again, because this might be called by someone who doesn't
+    # understand the calling convention and all.
+    @attr_aliases[param.intern]
   end
 
   # Create an alias to an existing attribute.  This will cause the aliased
   # attribute to be valid when setting and retrieving values on the instance.
   def self.set_attr_alias(hash)
     hash.each do |new, old|
-      @attr_aliases[symbolize(new)] = symbolize(old)
+      @attr_aliases[new.intern] = old.intern
     end
   end
 
@@ -165,12 +165,14 @@ class Type
 
   # Is the parameter in question a meta-parameter?
   def self.metaparam?(param)
-    @@metaparamhash.include?(symbolize(param))
+    @@metaparamhash.include?(param.intern)
   end
 
   # Find the metaparameter class associated with a given metaparameter name.
+  # Must accept a `nil` name, and return nil.
   def self.metaparamclass(name)
-    @@metaparamhash[symbolize(name)]
+    return nil if name.nil?
+    @@metaparamhash[name.intern]
   end
 
   def self.metaparams
@@ -186,17 +188,15 @@ class Type
   def self.newmetaparam(name, options = {}, &block)
     @@metaparams ||= []
     @@metaparamhash ||= {}
-    name = symbolize(name)
+    name = name.intern
 
-
-      param = genclass(
-        name,
+    param = genclass(
+      name,
       :parent => options[:parent] || Puppet::Parameter,
       :prefix => "MetaParam",
       :hash => @@metaparamhash,
       :array => @@metaparams,
       :attributes => options[:attributes],
-
       &block
     )
 
@@ -219,15 +219,15 @@ class Type
   end
 
   def self.key_attributes
-    key_attribute_parameters.collect { |p| p.name }
+    # This is a cache miss around 0.05 percent of the time. --daniel 2012-07-17
+    @key_attributes_cache ||= key_attribute_parameters.collect { |p| p.name }
   end
 
   def self.title_patterns
     case key_attributes.length
     when 0; []
     when 1;
-      identity = lambda {|x| x}
-      [ [ /(.*)/m, [ [key_attributes.first, identity ] ] ] ]
+      [ [ /(.*)/m, [ [key_attributes.first] ] ] ]
     else
       raise Puppet::DevError,"you must specify title patterns when there are two or more key attributes"
     end
@@ -274,7 +274,7 @@ class Type
   # * <tt>:retrieve</tt>: The method to call on the provider or @parent object (if
   #   the provider is not set) to retrieve the current value.
   def self.newproperty(name, options = {}, &block)
-    name = symbolize(name)
+    name = name.intern
 
     # This is here for types that might still have the old method of defining
     # a parent class.
@@ -337,7 +337,7 @@ class Type
   end
 
   def self.validattr?(name)
-    name = symbolize(name)
+    name = name.intern
     return true if name == :name
     @validattrs ||= {}
 
@@ -350,7 +350,7 @@ class Type
 
   # does the name reflect a valid property?
   def self.validproperty?(name)
-    name = symbolize(name)
+    name = name.intern
     @validproperties.include?(name) && @validproperties[name]
   end
 
@@ -374,7 +374,7 @@ class Type
 
   # Return either the attribute alias or the attribute.
   def attr_alias(name)
-    name = symbolize(name)
+    name = name.intern
     if synonym = self.class.attr_alias(name)
       return synonym
     else
@@ -448,7 +448,7 @@ class Type
         # make sure the parameter doesn't have any errors
         property.value = value
       rescue => detail
-        error = Puppet::Error.new("Parameter #{name} failed: #{detail}")
+        error = Puppet::Error.new("Parameter #{name} failed on #{ref}: #{detail}")
         error.set_backtrace(detail.backtrace)
         raise error
       end
@@ -460,7 +460,7 @@ class Type
   # remove a property from the object; useful in testing or in cleanup
   # when an error has been encountered
   def delete(attr)
-    attr = symbolize(attr)
+    attr = attr.intern
     if @parameters.has_key?(attr)
       @parameters.delete(attr)
     else
@@ -531,7 +531,7 @@ class Type
   # LAK:NOTE(20081028) Since the 'parameter' method is now a superset of this method,
   # this one should probably go away at some point.
   def property(name)
-    (obj = @parameters[symbolize(name)] and obj.is_a?(Puppet::Property)) ? obj : nil
+    (obj = @parameters[name.intern] and obj.is_a?(Puppet::Property)) ? obj : nil
   end
 
   # For any parameters or properties that have defaults and have not yet been
@@ -1432,7 +1432,7 @@ class Type
 
   # Retrieve a provider by name.
   def self.provider(name)
-    name = Puppet::Util.symbolize(name)
+    name = name.intern
 
     # If we don't have it yet, try loading it.
     @providerloader.load(name) unless provider_hash.has_key?(name)
@@ -1445,7 +1445,7 @@ class Type
   end
 
   def self.validprovider?(name)
-    name = Puppet::Util.symbolize(name)
+    name = name.intern
 
     (provider_hash.has_key?(name) && provider_hash[name].suitable?)
   end
@@ -1453,7 +1453,7 @@ class Type
   # Create a new provider of a type.  This method must be called
   # directly on the type that it's implementing.
   def self.provide(name, options = {}, &block)
-    name = Puppet::Util.symbolize(name)
+    name = name.intern
 
     if unprovide(name)
       Puppet.debug "Reloading #{name} #{self.name} provider"
@@ -1742,6 +1742,9 @@ class Type
     #@validate = block
   end
 
+  # Origin information.
+  attr_accessor :file, :line
+
   # The catalog that this resource is stored in.
   attr_accessor :catalog
 
@@ -1880,7 +1883,9 @@ class Type
 
   # Return the "type[name]" style reference.
   def ref
-    "#{self.class.name.to_s.capitalize}[#{self.title}]"
+    # memoizing this is worthwhile ~ 3 percent of calls are the "first time
+    # around" in an average run of Puppet. --daniel 2012-07-17
+    @ref ||= "#{self.class.name.to_s.capitalize}[#{self.title}]"
   end
 
   def self_refresh?