puppet 2.7.5 → 2.7.6

data/lib/puppet/ssl/host.rb

@@ -34,6 +34,10 @@ class Puppet::SSL::Host
     @localhost
   end
 
+  def self.reset
+    @localhost = nil
+  end
+
   # This is the constant that people will use to mark that a given host is
   # a certificate authority.
   def self.ca_name
@@ -152,11 +156,24 @@ class Puppet::SSL::Host
     @certificate_request ||= CertificateRequest.indirection.find(name)
   end
 
+  def this_csr_is_for_the_current_host
+    name == Puppet[:certname].downcase
+  end
+
   # Our certificate request requires the key but that's all.
-  def generate_certificate_request
+  def generate_certificate_request(options = {})
     generate_key unless key
+
+    # If this is for the current machine...
+    if this_csr_is_for_the_current_host
+      # ...add our configured dns_alt_names
+      if Puppet[:dns_alt_names] and Puppet[:dns_alt_names] != ''
+        options[:dns_alt_names] ||= Puppet[:dns_alt_names]
+      end
+    end
+
     @certificate_request = CertificateRequest.new(name)
-    @certificate_request.generate(key.content)
+    @certificate_request.generate(key.content, options)
     begin
       CertificateRequest.indirection.save(@certificate_request)
     rescue
@@ -199,7 +216,7 @@ class Puppet::SSL::Host
     # should use it to sign our request; else, just try to read
     # the cert.
     if ! certificate and ca = Puppet::SSL::CertificateAuthority.instance
-      ca.sign(self.name)
+      ca.sign(self.name, true)
     end
   end
 

data/lib/puppet/type/file.rb

@@ -3,10 +3,11 @@ require 'cgi'
 require 'etc'
 require 'uri'
 require 'fileutils'
+require 'enumerator'
+require 'pathname'
 require 'puppet/network/handler'
 require 'puppet/util/diff'
 require 'puppet/util/checksums'
-require 'puppet/network/client'
 require 'puppet/util/backups'
 
 Puppet::Type.newtype(:file) do
@@ -35,8 +36,7 @@ Puppet::Type.newtype(:file) do
     isnamevar
 
     validate do |value|
-      # accept various path syntaxes: lone slash, posix, win32, unc
-      unless (Puppet.features.posix? and value =~ /^\//) or (value =~ /^[A-Za-z]:\// or value =~ /^\/\/[^\/]+\/[^\/]+/)
+      unless Puppet::Util.absolute_path?(value)
         fail Puppet::Error, "File paths must be fully qualified, not '#{value}'"
       end
     end
@@ -44,20 +44,8 @@ Puppet::Type.newtype(:file) do
     # convert the current path in an index into the collection and the last
     # path name. The aim is to use less storage for all common paths in a hierarchy
     munge do |value|
-      # We need to save off, and remove the volume designator in the
-      # path if it is there, since File.split does not handle paths
-      # with volume designators properly, except when run on Windows.
-      # Since we are potentially compiling a catalog for a Windows
-      # machine on a non-Windows master, we need to handle this
-      # ourselves.
-      optional_volume_designator = value.match(/^([a-z]:)[\/\\].*/i)
-      value_without_designator   = value.sub(/^(?:[a-z]:)?(.*)/i, '\1')
-
-      path, name = ::File.split(value_without_designator.gsub(/\/+/,'/'))
-
-      if optional_volume_designator
-        path = optional_volume_designator[1] + path
-      end
+      # We know the value is absolute, so expanding it will just standardize it.
+      path, name = ::File.split(::File.expand_path value)
 
       { :index => Puppet::FileCollection.collection.index(path), :name => name }
     end
@@ -65,12 +53,8 @@ Puppet::Type.newtype(:file) do
     # and the reverse
     unmunge do |value|
       basedir = Puppet::FileCollection.collection.path(value[:index])
-      # a lone slash as :name indicates a root dir on windows
-      if value[:name] == '/'
-        basedir
-      else
-        ::File.join( basedir, value[:name] )
-      end
+
+      ::File.expand_path ::File.join( basedir, value[:name] )
     end
   end
 
@@ -275,17 +259,12 @@ Puppet::Type.newtype(:file) do
 
   # Autorequire the nearest ancestor directory found in the catalog.
   autorequire(:file) do
-    basedir = ::File.dirname(self[:path])
-    if basedir != self[:path]
-      parents = []
-      until basedir == parents.last
-        parents << basedir
-        basedir = ::File.dirname(basedir)
-      end
-      # The filename of the first ancestor found, or nil
-      parents.find { |dir| catalog.resource(:file, dir) }
-    else
-      nil
+    path = Pathname(self[:path])
+    if !path.root?
+      # Start at our parent, to avoid autorequiring ourself
+      parents = path.parent.enum_for(:ascend)
+      found = parents.find { |p| catalog.resource(:file, p.to_s) }
+      found and found.to_s
     end
   end
 
@@ -632,6 +611,7 @@ Puppet::Type.newtype(:file) do
         FileUtils.rmtree(self[:path])
       else
         notice "Not removing directory; use 'force' to override"
+        return
       end
     when "link", "file"
       debug "Removing existing #{s.ftype} for replacement with #{should}"
@@ -640,6 +620,7 @@ Puppet::Type.newtype(:file) do
       self.fail "Could not back up files of type #{s.ftype}"
     end
     @stat = :needs_stat
+    true
   end
 
   def retrieve

data/lib/puppet/type/file/group.rb

@@ -3,111 +3,31 @@ require 'puppet/util/posix'
 # Manage file group ownership.
 module Puppet
   Puppet::Type.type(:file).newproperty(:group) do
-    include Puppet::Util::POSIX
-
-    require 'etc'
     desc "Which group should own the file.  Argument can be either group
       name or group ID."
-    @event = :file_changed
 
     validate do |group|
       raise(Puppet::Error, "Invalid group name '#{group.inspect}'") unless group and group != ""
     end
 
-    def id2name(id)
-      return id.to_s if id.is_a?(Symbol)
-      return nil if id > Puppet[:maximum_uid].to_i
-      begin
-        group = Etc.getgrgid(id)
-      rescue ArgumentError
-        return nil
-      end
-      if group.gid == ""
-        return nil
-      else
-        return group.name
-      end
-    end
-
-    # We want to print names, not numbers
-    def is_to_s(currentvalue)
-      if currentvalue.is_a? Integer
-        id2name(currentvalue) || currentvalue
-      else
-        return currentvalue.to_s
-      end
-    end
-
-    def should_to_s(newvalue = @should)
-      if newvalue.is_a? Integer
-        id2name(newvalue) || newvalue
-      else
-        return newvalue.to_s
-      end
-    end
-
     def insync?(current)
-      @should.each do |value|
-        if value =~ /^\d+$/
-          gid = Integer(value)
-        elsif value.is_a?(String)
-          fail "Could not find group #{value}" unless gid = gid(value)
-        else
-          gid = value
-        end
-
-        return true if gid == current
+      # We don't want to validate/munge groups until we actually start to
+      # evaluate this property, because they might be added during the catalog
+      # apply.
+      @should.map! do |val|
+        provider.name2gid(val) or raise "Could not find group #{val}"
       end
-      false
-    end
-
-    def retrieve
-      return :absent unless stat = resource.stat
 
-      currentvalue = stat.gid
-
-      # On OS X, files that are owned by -2 get returned as really
-      # large GIDs instead of negative ones.  This isn't a Ruby bug,
-      # it's an OS X bug, since it shows up in perl, too.
-      if currentvalue > Puppet[:maximum_uid].to_i
-        self.warning "Apparently using negative GID (#{currentvalue}) on a platform that does not consistently handle them"
-        currentvalue = :silly
-      end
-
-      currentvalue
+      @should.include?(current)
     end
 
-    # Determine if the group is valid, and if so, return the GID
-    def validgroup?(value)
-      Integer(value) rescue gid(value) || false
+    # We want to print names, not numbers
+    def is_to_s(currentvalue)
+      provider.gid2name(currentvalue) || currentvalue
     end
 
-    # Normal users will only be able to manage certain groups.  Right now,
-    # we'll just let it fail, but we should probably set things up so
-    # that users get warned if they try to change to an unacceptable group.
-    def sync
-      # Set our method appropriately, depending on links.
-      if resource[:links] == :manage
-        method = :lchown
-      else
-        method = :chown
-      end
-
-      gid = nil
-      @should.each do |group|
-        break if gid = validgroup?(group)
-      end
-
-      raise Puppet::Error, "Could not find group(s) #{@should.join(",")}" unless gid
-
-      begin
-        # set owner to nil so it's ignored
-        File.send(method, nil, gid, resource[:path])
-      rescue => detail
-        error = Puppet::Error.new( "failed to chgrp #{resource[:path]} to #{gid}: #{detail.message}")
-        raise error
-      end
-      :file_changed
+    def should_to_s(newvalue)
+      provider.gid2name(newvalue) || newvalue
     end
   end
 end

data/lib/puppet/type/file/mode.rb

@@ -3,7 +3,6 @@
 # specifying the full mode.
 module Puppet
   Puppet::Type.type(:file).newproperty(:mode) do
-    require 'etc'
     desc "Mode the file should be.  Currently relatively limited:
       you must specify the exact mode the file should be.
 
@@ -23,33 +22,31 @@ module Puppet
       In this case all of the files underneath `/some/dir` will have
       mode 644, and all of the directories will have mode 755."
 
-    @event = :file_changed
+    validate do |value|
+      if value.is_a?(String) and value !~ /^[0-7]+$/
+        raise Puppet::Error, "File modes can only be octal numbers, not #{should.inspect}"
+      end
+    end
 
     munge do |should|
-      if should.is_a?(String)
-        unless should =~ /^[0-7]+$/
-          raise Puppet::Error, "File modes can only be octal numbers, not #{should.inspect}"
-        end
-        should.to_i(8).to_s(8)
-      else
-        should.to_s(8)
-      end
+      dirmask(should)
     end
 
     # If we're a directory, we need to be executable for all cases
     # that are readable.  This should probably be selectable, but eh.
     def dirmask(value)
-      if FileTest.directory?(@resource[:path])
-        value = value.to_i(8)
+      value = value.to_i(8) unless value.is_a? Integer
+      if FileTest.directory?(resource[:path])
         value |= 0100 if value & 0400 != 0
         value |= 010 if value & 040 != 0
         value |= 01 if value & 04 != 0
-        value = value.to_s(8)
       end
 
-      value
+      value.to_s(8)
     end
 
+    # If we're not following links and we're a link, then we just turn
+    # off mode management entirely.
     def insync?(currentvalue)
       if stat = @resource.stat and stat.ftype == "link" and @resource[:links] != :follow
         self.debug "Not managing symlink mode"
@@ -58,33 +55,6 @@ module Puppet
         return super(currentvalue)
       end
     end
-
-    def retrieve
-      # If we're not following links and we're a link, then we just turn
-      # off mode management entirely.
-
-      if stat = @resource.stat
-        unless defined?(@fixed)
-          @should &&= @should.collect { |s| self.dirmask(s) }
-        end
-        return (stat.mode & 007777).to_s(8)
-      else
-        return :absent
-      end
-    end
-
-    def sync
-      mode = self.should
-
-      begin
-        File.chmod(mode.to_i(8), @resource[:path])
-      rescue => detail
-        error = Puppet::Error.new("failed to chmod #{@resource[:path]}: #{detail.message}")
-        error.set_backtrace detail.backtrace
-        raise error
-      end
-      :file_changed
-    end
   end
 end
 

data/lib/puppet/type/file/owner.rb

@@ -1,51 +1,35 @@
 module Puppet
   Puppet::Type.type(:file).newproperty(:owner) do
+    include Puppet::Util::Warnings
 
     desc "To whom the file should belong.  Argument can be user name or
       user ID."
-    @event = :file_changed
 
     def insync?(current)
-      provider.is_owner_insync?(current, @should)
-    end
+      # We don't want to validate/munge users until we actually start to
+      # evaluate this property, because they might be added during the catalog
+      # apply.
+      @should.map! do |val|
+        provider.name2uid(val) or raise "Could not find user #{val}"
+      end
 
-    # We want to print names, not numbers
-    def is_to_s(currentvalue)
-      provider.id2name(currentvalue) || currentvalue
-    end
+      return true if @should.include?(current)
 
-    def should_to_s(newvalue = @should)
-      case newvalue
-      when Symbol
-        newvalue.to_s
-      when Integer
-        provider.id2name(newvalue) || newvalue
-      when String
-        newvalue
-      else
-        raise Puppet::DevError, "Invalid uid type #{newvalue.class}(#{newvalue})"
+      unless Puppet.features.root?
+        warnonce "Cannot manage ownership unless running as root"
+        return true
       end
+
+      false
     end
 
-    def retrieve
-      if self.should
-        @should = @should.collect do |val|
-          unless val.is_a?(Integer)
-            if tmp = provider.validuser?(val)
-              val = tmp
-            else
-              raise "Could not find user #{val}"
-            end
-          else
-            val
-          end
-        end
-      end
-      provider.retrieve(@resource)
+    # We want to print names, not numbers
+    def is_to_s(currentvalue)
+      provider.uid2name(currentvalue) || currentvalue
     end
 
-    def sync
-      provider.sync(resource[:path], resource[:links], @should)
+    def should_to_s(newvalue)
+      provider.uid2name(newvalue) || newvalue
     end
   end
 end

data/lib/puppet/type/file/source.rb

@@ -66,19 +66,33 @@ module Puppet
     validate do |sources|
       sources = [sources] unless sources.is_a?(Array)
       sources.each do |source|
+        next if Puppet::Util.absolute_path?(source)
+
         begin
           uri = URI.parse(URI.escape(source))
         rescue => detail
           self.fail "Could not understand source #{source}: #{detail}"
         end
 
-        self.fail "Cannot use URLs of type '#{uri.scheme}' as source for fileserving" unless uri.scheme.nil? or %w{file puppet}.include?(uri.scheme) or (Puppet.features.microsoft_windows? and uri.scheme =~ /^[a-z]$/i)
+        self.fail "Cannot use relative URLs '#{source}'" unless uri.absolute?
+        self.fail "Cannot use opaque URLs '#{source}'" unless uri.hierarchical?
+        self.fail "Cannot use URLs of type '#{uri.scheme}' as source for fileserving" unless %w{file puppet}.include?(uri.scheme)
       end
     end
 
+    SEPARATOR_REGEX = [Regexp.escape(File::SEPARATOR.to_s), Regexp.escape(File::ALT_SEPARATOR.to_s)].join
+
     munge do |sources|
       sources = [sources] unless sources.is_a?(Array)
-      sources.collect { |source| source.sub(/\/$/, '') }
+      sources.map do |source|
+        source = source.sub(/[#{SEPARATOR_REGEX}]+$/, '')
+
+        if Puppet::Util.absolute_path?(source)
+          URI.unescape(Puppet::Util.path_to_uri(source).to_s)
+        else
+          source
+        end
+      end
     end
 
     def change_to_s(currentvalue, newvalue)
@@ -162,11 +176,11 @@ module Puppet
     end
 
     def local?
-      found? and uri and (uri.scheme || "file") == "file"
+      found? and scheme == "file"
     end
 
     def full_path
-      URI.unescape(uri.path) if found? and uri
+      Puppet::Util.uri_to_path(uri) if found?
     end
 
     def server
@@ -176,12 +190,13 @@ module Puppet
     def port
       (uri and uri.port) or Puppet.settings[:masterport]
     end
-
     private
 
-    def uri
-      return nil if metadata.source =~ /^[a-z]:[\/\\]/i # Abspath for Windows
+    def scheme
+      (uri and uri.scheme)
+    end
 
+    def uri
       @uri ||= URI.parse(URI.escape(metadata.source))
     end
   end