RubyGems - puppet - Versions diffs - 2.7.6 → 2.7.8 - Mend

puppet 2.7.6 → 2.7.8

Potentially problematic release.

This version of puppet might be problematic. Click here for more details.

Files changed (206) hide show

data/CHANGELOG +168 -0
data/conf/auth.conf +5 -4
data/conf/redhat/puppet.spec +16 -1
data/conf/solaris/pkginfo +2 -2
data/conf/suse/puppet.spec +9 -3
data/ext/upload_facts.rb +120 -0
data/install.rb +11 -16
data/lib/puppet.rb +1 -1
data/lib/puppet/application/agent.rb +0 -3
data/lib/puppet/application/apply.rb +0 -3
data/lib/puppet/application/queue.rb +21 -1
data/lib/puppet/defaults.rb +6 -4
data/lib/puppet/face/file/store.rb +1 -1
data/lib/puppet/feature/base.rb +2 -1
data/lib/puppet/file_bucket/dipper.rb +3 -2
data/lib/puppet/file_serving/content.rb +1 -1
data/lib/puppet/file_serving/metadata.rb +5 -2
data/lib/puppet/indirector/facts/inventory_service.rb +20 -0
data/lib/puppet/indirector/file_bucket_file/file.rb +3 -2
data/lib/puppet/indirector/report/processor.rb +1 -1
data/lib/puppet/network/handler/filebucket.rb +2 -0
data/lib/puppet/network/handler/fileserver.rb +1 -1
data/lib/puppet/network/handler/master.rb +1 -0
data/lib/puppet/network/handler/report.rb +2 -0
data/lib/puppet/network/handler/runner.rb +1 -0
data/lib/puppet/network/handler/status.rb +2 -0
data/lib/puppet/network/http/mongrel/rest.rb +8 -1
data/lib/puppet/network/http_server.rb +3 -0
data/lib/puppet/network/http_server/mongrel.rb +129 -0
data/lib/puppet/network/rest_authconfig.rb +12 -4
data/lib/puppet/parameter.rb +18 -0
data/lib/puppet/parser/compiler.rb +1 -1
data/lib/puppet/parser/grammar.ra +1 -1
data/lib/puppet/parser/parser.rb +360 -350
data/lib/puppet/property.rb +3 -3
data/lib/puppet/provider/augeas/augeas.rb +1 -1
data/lib/puppet/provider/exec/windows.rb +6 -7
data/lib/puppet/provider/file/windows.rb +9 -2
data/lib/puppet/provider/group/aix.rb +8 -8
data/lib/puppet/provider/group/groupadd.rb +1 -3
data/lib/puppet/provider/group/ldap.rb +8 -10
data/lib/puppet/provider/group/windows_adsi.rb +8 -2
data/lib/puppet/provider/package/aix.rb +1 -1
data/lib/puppet/provider/package/macports.rb +3 -3
data/lib/puppet/provider/package/msi.rb +12 -5
data/lib/puppet/provider/package/nim.rb +1 -1
data/lib/puppet/provider/package/pkgdmg.rb +3 -3
data/lib/puppet/provider/package/ports.rb +1 -1
data/lib/puppet/provider/scheduled_task/win32_taskscheduler.rb +560 -0
data/lib/puppet/provider/service/base.rb +2 -2
data/lib/puppet/provider/service/bsd.rb +4 -3
data/lib/puppet/provider/service/daemontools.rb +25 -25
data/lib/puppet/provider/service/debian.rb +6 -4
data/lib/puppet/provider/service/freebsd.rb +1 -1
data/lib/puppet/provider/service/gentoo.rb +4 -3
data/lib/puppet/provider/service/init.rb +3 -8
data/lib/puppet/provider/service/launchd.rb +129 -96
data/lib/puppet/provider/service/redhat.rb +2 -3
data/lib/puppet/provider/service/runit.rb +20 -20
data/lib/puppet/provider/service/smf.rb +8 -7
data/lib/puppet/provider/service/src.rb +5 -6
data/lib/puppet/provider/service/systemd.rb +1 -1
data/lib/puppet/provider/service/upstart.rb +3 -5
data/lib/puppet/provider/service/windows.rb +7 -7
data/lib/puppet/provider/sshkey/parsed.rb +2 -3
data/lib/puppet/provider/user/aix.rb +21 -21
data/lib/puppet/provider/user/hpux.rb +3 -1
data/lib/puppet/provider/user/ldap.rb +7 -7
data/lib/puppet/provider/user/user_role_add.rb +10 -6
data/lib/puppet/provider/user/useradd.rb +3 -1
data/lib/puppet/provider/user/windows_adsi.rb +4 -3
data/lib/puppet/rb_tree_map.rb +388 -0
data/lib/puppet/reference/configuration.rb +7 -7
data/lib/puppet/reference/indirection.rb +5 -6
data/lib/puppet/reference/metaparameter.rb +3 -1
data/lib/puppet/reference/network.rb +8 -8
data/lib/puppet/reference/providers.rb +17 -21
data/lib/puppet/reference/type.rb +12 -9
data/lib/puppet/resource.rb +2 -5
data/lib/puppet/resource/catalog.rb +1 -1
data/lib/puppet/ssl/certificate_request.rb +70 -0
data/lib/puppet/ssl/host.rb +6 -0
data/lib/puppet/transaction.rb +158 -55
data/lib/puppet/transaction/event_manager.rb +1 -1
data/lib/puppet/type.rb +60 -30
data/lib/puppet/type/augeas.rb +83 -49
data/lib/puppet/type/computer.rb +1 -1
data/lib/puppet/type/cron.rb +11 -11
data/lib/puppet/type/exec.rb +28 -21
data/lib/puppet/type/file.rb +17 -7
data/lib/puppet/type/file/content.rb +2 -2
data/lib/puppet/type/file/ensure.rb +15 -12
data/lib/puppet/type/file/mode.rb +30 -5
data/lib/puppet/type/file/source.rb +11 -10
data/lib/puppet/type/file/target.rb +2 -2
data/lib/puppet/type/filebucket.rb +1 -1
data/lib/puppet/type/group.rb +4 -5
data/lib/puppet/type/host.rb +1 -1
data/lib/puppet/type/interface.rb +13 -10
data/lib/puppet/type/k5login.rb +6 -6
data/lib/puppet/type/macauthorization.rb +37 -36
data/lib/puppet/type/maillist.rb +2 -2
data/lib/puppet/type/mcx.rb +6 -6
data/lib/puppet/type/mount.rb +3 -2
data/lib/puppet/type/notify.rb +1 -1
data/lib/puppet/type/package.rb +24 -23
data/lib/puppet/type/router.rb +4 -1
data/lib/puppet/type/schedule.rb +52 -44
data/lib/puppet/type/scheduled_task.rb +222 -0
data/lib/puppet/type/selmodule.rb +10 -6
data/lib/puppet/type/service.rb +11 -11
data/lib/puppet/type/ssh_authorized_key.rb +2 -5
data/lib/puppet/type/sshkey.rb +1 -1
data/lib/puppet/type/stage.rb +1 -1
data/lib/puppet/type/tidy.rb +10 -8
data/lib/puppet/type/user.rb +61 -53
data/lib/puppet/type/vlan.rb +4 -4
data/lib/puppet/type/whit.rb +6 -2
data/lib/puppet/type/yumrepo.rb +33 -31
data/lib/puppet/type/zfs.rb +34 -32
data/lib/puppet/type/zone.rb +21 -19
data/lib/puppet/type/zpool.rb +3 -3
data/lib/puppet/util.rb +24 -6
data/lib/puppet/util/adsi.rb +12 -7
data/lib/puppet/util/checksums.rb +1 -1
data/lib/puppet/util/diff.rb +1 -1
data/lib/puppet/util/nagios_maker.rb +2 -2
data/lib/puppet/util/reference.rb +16 -17
data/lib/puppet/util/settings/file_setting.rb +14 -2
data/lib/puppet/util/windows/security.rb +96 -32
data/spec/integration/file_serving/terminus_helper_spec.rb +1 -1
data/spec/integration/indirector/direct_file_server_spec.rb +9 -15
data/spec/integration/indirector/file_content/file_server_spec.rb +1 -1
data/spec/integration/indirector/file_metadata/file_server_spec.rb +1 -1
data/spec/integration/provider/package_spec.rb +4 -0
data/spec/integration/provider/service/init_spec.rb +8 -2
data/spec/integration/reference/providers_spec.rb +1 -1
data/spec/integration/ssl/certificate_request_spec.rb +1 -2
data/spec/integration/ssl/certificate_revocation_list_spec.rb +1 -2
data/spec/integration/ssl/host_spec.rb +1 -2
data/spec/integration/transaction_spec.rb +25 -17
data/spec/integration/type/exec_spec.rb +77 -0
data/spec/integration/type/file_spec.rb +322 -2
data/spec/integration/util/windows/security_spec.rb +393 -230
data/spec/integration/util_spec.rb +16 -0
data/spec/lib/puppet_spec/files.rb +3 -7
data/spec/unit/application/apply_spec.rb +0 -9
data/spec/unit/application/inspect_spec.rb +1 -0
data/spec/unit/configurer/downloader_spec.rb +3 -3
data/spec/unit/face/certificate_spec.rb +6 -2
data/spec/unit/file_bucket/dipper_spec.rb +67 -10
data/spec/unit/file_bucket/file_spec.rb +22 -28
data/spec/unit/file_serving/content_spec.rb +1 -1
data/spec/unit/file_serving/metadata_spec.rb +30 -3
data/spec/unit/indirector/facts/inventory_service_spec.rb +22 -0
data/spec/unit/indirector/file_bucket_file/file_spec.rb +21 -24
data/spec/unit/indirector/node/store_configs_spec.rb +1 -0
data/spec/unit/indirector/resource/ral_spec.rb +1 -1
data/spec/unit/indirector/resource_type/parser_spec.rb +2 -2
data/spec/unit/indirector/rest_spec.rb +1 -1
data/spec/unit/network/handler/ca_spec.rb +1 -1
data/spec/unit/network/http/mongrel/rest_spec.rb +54 -25
data/spec/unit/parameter_spec.rb +36 -0
data/spec/unit/parser/parser_spec.rb +4 -0
data/spec/unit/property_spec.rb +2 -2
data/spec/unit/provider/exec/windows_spec.rb +2 -8
data/spec/unit/provider/file/posix_spec.rb +6 -0
data/spec/unit/provider/file/windows_spec.rb +18 -0
data/spec/unit/provider/group/windows_adsi_spec.rb +22 -6
data/spec/unit/provider/mount/parsed_spec.rb +1 -1
data/spec/unit/provider/package/msi_spec.rb +2 -2
data/spec/unit/provider/scheduled_task/win32_taskscheduler_spec.rb +1571 -0
data/spec/unit/provider/service/launchd_spec.rb +143 -130
data/spec/unit/provider/ssh_authorized_key/parsed_spec.rb +5 -0
data/spec/unit/provider/user/user_role_add_spec.rb +39 -9
data/spec/unit/provider/user/useradd_spec.rb +1 -1
data/spec/unit/provider/user/windows_adsi_spec.rb +8 -1
data/spec/unit/rb_tree_map_spec.rb +572 -0
data/spec/unit/resource/catalog_spec.rb +1 -1
data/spec/unit/simple_graph_spec.rb +9 -9
data/spec/unit/ssl/host_spec.rb +60 -12
data/spec/unit/transaction/report_spec.rb +3 -3
data/spec/unit/transaction_spec.rb +394 -11
data/spec/unit/type/exec_spec.rb +35 -15
data/spec/unit/type/file/content_spec.rb +11 -10
data/spec/unit/type/file/mode_spec.rb +73 -19
data/spec/unit/type/file/source_spec.rb +1 -1
data/spec/unit/type/file_spec.rb +15 -0
data/spec/unit/type/group_spec.rb +1 -1
data/spec/unit/type/mount_spec.rb +5 -5
data/spec/unit/type/resources_spec.rb +3 -3
data/spec/unit/type/scheduled_task_spec.rb +102 -0
data/spec/unit/type/ssh_authorized_key_spec.rb +2 -3
data/spec/unit/type/user_spec.rb +2 -1
data/spec/unit/type_spec.rb +48 -4
data/spec/unit/util/adsi_spec.rb +18 -7
data/spec/unit/util/checksums_spec.rb +20 -2
data/spec/unit/util/execution_stub_spec.rb +10 -5
data/spec/unit/util/logging_spec.rb +6 -6
data/spec/unit/util/rdoc/parser_spec.rb +1 -1
data/spec/unit/util/reference_spec.rb +29 -0
data/spec/unit/util/settings/file_setting_spec.rb +8 -2
data/spec/unit/util_spec.rb +115 -0
data/test/other/transactions.rb +5 -11
data/test/ral/type/exec.rb +1 -1
metadata +24 -11

data/lib/puppet/application/agent.rb CHANGED

@@ -423,9 +423,6 @@ Copyright (c) 2011 Puppet Labs, LLC Licensed under the Apache 2.0 License
     exit(Puppet.settings.print_configs ? 0 : 1) if Puppet.settings.print_configs?
-    # If noop is set, then also enable diffs
-    Puppet[:show_diff] = true if Puppet[:noop]
     args[:Server] = Puppet[:server]
     if options[:fqdn]
       args[:FQDN] = options[:fqdn]

data/lib/puppet/application/apply.rb CHANGED

@@ -231,9 +231,6 @@ Copyright (c) 2011 Puppet Labs, LLC Licensed under the Apache 2.0 License
   def setup
     exit(Puppet.settings.print_configs ? 0 : 1) if Puppet.settings.print_configs?
-    # If noop is set, then also enable diffs
-    Puppet[:show_diff] = true if Puppet[:noop]
     Puppet::Util::Log.newdestination(:console) unless options[:logset]
     client = nil
     server = nil

data/lib/puppet/application/queue.rb CHANGED

@@ -10,7 +10,6 @@ class Puppet::Application::Queue < Puppet::Application
     require 'puppet/daemon'
     @daemon = Puppet::Daemon.new
     @daemon.argv = ARGV.dup
-    Puppet::Util::Log.newdestination(:console)
     # Do an initial trap, so that cancels don't get a stack trace.
@@ -109,6 +108,26 @@ Copyright (c) 2011 Puppet Labs, LLC Licensed under the Apache 2.0 License
     HELP
   end
+  option("--logdest DEST", "-l DEST") do |arg|
+    begin
+      Puppet::Util::Log.newdestination(arg)
+      options[:setdest] = true
+    rescue => detail
+      puts detail.backtrace if Puppet[:debug]
+      $stderr.puts detail.to_s
+    end
+  end
+  option("--logdest DEST", "-l DEST") do |arg|
+    begin
+      Puppet::Util::Log.newdestination(arg)
+      options[:setdest] = true
+    rescue => detail
+      puts detail.backtrace if Puppet[:debug]
+      $stderr.puts detail.to_s
+    end
+  end
   def main
     require 'puppet/indirector/catalog/queue' # provides Puppet::Indirector::Queue.subscribe
     Puppet.notice "Starting puppetqd #{Puppet.version}"
@@ -139,6 +158,7 @@ Copyright (c) 2011 Puppet Labs, LLC Licensed under the Apache 2.0 License
         Puppet::Util::Log.level = :info
       end
     end
+    Puppet::Util::Log.newdestination(:syslog) unless options[:setdest]
   end
   def setup

data/lib/puppet/defaults.rb CHANGED

@@ -109,8 +109,9 @@ module Puppet
     },
     :diff_args => ["-u", "Which arguments to pass to the diff command when printing differences between files."],
     :diff => ["diff", "Which diff command to use when printing differences between files."],
-    :show_diff => [false, "Whether to print a contextual diff when files are being replaced.  The diff
-      is printed on stdout, so this option is meaningless unless you are running Puppet interactively.
+    :show_diff => [false, "Whether to log and report a contextual diff when files are being replaced.  This causes
+      partial file contents to pass through Puppet's normal logging and reporting system, so this setting should be
+      used with caution if you are sending Puppet's reports to an insecure destination.
       This feature currently requires the `diff/lcs` Ruby library."],
     :daemonize => {
       :default => (Puppet.features.microsoft_windows? ? false : true),
@@ -135,7 +136,8 @@ module Puppet
       :desc => "The node facts terminus.",
       :hook => proc do |value|
         require 'puppet/node/facts'
-        if value.to_s == "rest"
+        # Cache to YAML if we're uploading facts away
+        if %w[rest inventory_service].include? value.to_s
           Puppet::Node::Facts.indirection.cache_class = :yaml
         end
       end
@@ -617,7 +619,7 @@ EOT
       it with the `--no-client` option."],
     :listen => [false, "Whether puppet agent should listen for
       connections.  If this is true, then puppet agent will accept incoming
-      REST API requests, subject to the default ACLs and the ACLs set in
+      REST API requests, subject to the default ACLs and the ACLs set in
       the `rest_authconfig` file. Puppet agent can respond usefully to
       requests on the `run`, `facts`, `certificate`, and `resource` endpoints."],
     :ca_server => ["$server", "The server to use for certificate

data/lib/puppet/face/file/store.rb CHANGED

@@ -11,7 +11,7 @@ Puppet::Face.define(:file, '0.0.1') do
     EOT
     when_invoked do |path, options|
-      file = Puppet::FileBucket::File.new(File.read(path))
+      file = Puppet::FileBucket::File.new(Puppet::Util.binread(path))
       Puppet::FileBucket::File.indirection.terminus_class = :file
       Puppet::FileBucket::File.indirection.save file

data/lib/puppet/feature/base.rb CHANGED

@@ -22,9 +22,10 @@ Puppet.features.add(:microsoft_windows) do
     require 'win32/service'
     require 'win32ole'
     require 'win32/api'
+    require 'win32/taskscheduler'
     true
   rescue LoadError => err
-    warn "Cannot run on Microsoft Windows without the sys-admin, win32-process, win32-dir & win32-service gems: #{err}" unless Puppet.features.posix?
+    warn "Cannot run on Microsoft Windows without the sys-admin, win32-process, win32-dir, win32-service and win32-taskscheduler gems: #{err}" unless Puppet.features.posix?
   end
 end

data/lib/puppet/file_bucket/dipper.rb CHANGED

@@ -31,7 +31,7 @@ class Puppet::FileBucket::Dipper
   # Back up a file to our bucket
   def backup(file)
     raise(ArgumentError, "File #{file} does not exist") unless ::File.exist?(file)
-    contents = ::File.read(file)
+    contents = Puppet::Util.binread(file)
     begin
       file_bucket_file = Puppet::FileBucket::File.new(contents, :bucket_path => @local_path)
       files_original_path = absolutize_path(file)
@@ -64,7 +64,7 @@ class Puppet::FileBucket::Dipper
   def restore(file,sum)
     restore = true
     if FileTest.exists?(file)
-      cursum = Digest::MD5.hexdigest(::File.read(file))
+      cursum = Digest::MD5.hexdigest(Puppet::Util.binread(file))
       # if the checksum has changed...
       # this might be extra effort
@@ -83,6 +83,7 @@ class Puppet::FileBucket::Dipper
           ::File.chmod(changed | 0200, file)
         end
         ::File.open(file, ::File::WRONLY|::File::TRUNC|::File::CREAT) { |of|
+          of.binmode
           of.print(newcontents)
         }
         ::File.chmod(changed, file) if changed

data/lib/puppet/file_serving/content.rb CHANGED

@@ -41,6 +41,6 @@ class Puppet::FileServing::Content < Puppet::FileServing::Base
   end
   def to_raw
-    File.new(full_path, "r")
+    File.new(full_path, "rb")
   end
 end

data/lib/puppet/file_serving/metadata.rb CHANGED

@@ -59,9 +59,12 @@ class Puppet::FileServing::Metadata < Puppet::FileServing::Base
       @path = path
     end
-    [:owner, :group, :mode].each do |method|
+    { :owner => 'S-1-5-32-544',
+      :group => 'S-1-0-0',
+      :mode => 0644
+    }.each do |method, default_value|
       define_method method do
-        Puppet::Util::Windows::Security.send("get_#{method}", @path)
+        Puppet::Util::Windows::Security.send("get_#{method}", @path) || default_value
       end
     end
   end

data/lib/puppet/indirector/facts/inventory_service.rb ADDED

@@ -0,0 +1,20 @@
+require 'puppet/node/facts'
+require 'puppet/indirector/rest'
+class Puppet::Node::Facts::InventoryService < Puppet::Indirector::REST
+  desc "Find and save facts about nodes using a remote inventory service."
+  use_server_setting(:inventory_server)
+  use_port_setting(:inventory_port)
+  # We don't want failing to upload to the inventory service to cause any
+  # failures, so we just suppress them and warn.
+  def save(request)
+    begin
+      super
+      true
+    rescue => e
+      Puppet.warning "Could not upload facts for #{request.key} to inventory service: #{e.to_s}"
+      false
+    end
+  end
+end

data/lib/puppet/indirector/file_bucket_file/file.rb CHANGED

@@ -27,7 +27,7 @@ module Puppet::FileBucketFile
         raise "could not find diff_with #{request.options[:diff_with]}" unless ::File.exists?(file2_path)
         return `diff #{file_path.inspect} #{file2_path.inspect}`
       else
-        contents = ::File.read file_path
+        contents = Puppet::Util.binread(file_path)
         Puppet.info "FileBucket read #{checksum}"
         model.new(contents)
       end
@@ -83,6 +83,7 @@ module Puppet::FileBucketFile
         # Write the file to disk.
         Puppet::Util.withumask(0007) do
           ::File.open(filename, ::File::WRONLY|::File::CREAT, 0440) do |of|
+            of.binmode
             of.print bucket_file.contents
           end
           ::File.open(paths_path, ::File::WRONLY|::File::CREAT, 0640) do |of|
@@ -121,7 +122,7 @@ module Puppet::FileBucketFile
     # If conflict_check is enabled, verify that the passed text is
     # the same as the text in our file.
     def verify_identical_file!(bucket_file)
-      disk_contents = ::File.read(path_for(bucket_file.bucket_path, bucket_file.checksum_data, 'contents'))
+      disk_contents = Puppet::Util.binread(path_for(bucket_file.bucket_path, bucket_file.checksum_data, 'contents'))
       # If the contents don't match, then we've found a conflict.
       # Unlikely, but quite bad.

data/lib/puppet/indirector/report/processor.rb CHANGED

@@ -26,7 +26,7 @@ class Puppet::Transaction::Report::Processor < Puppet::Indirector::Code
   # LAK:NOTE This isn't necessarily the best design, but it's backward
   # compatible and that's good enough for now.
   def process(report)
-    Puppet.debug "Recieved report to process from #{report.host}"
+    Puppet.debug "Received report to process from #{report.host}"
     processors do |mod|
       Puppet.debug "Processing report from #{report.host} with processor #{mod}"
       # We have to use a dup because we're including a module in the

data/lib/puppet/network/handler/filebucket.rb CHANGED

@@ -1,6 +1,8 @@
 require 'fileutils'
 require 'digest/md5'
 require 'puppet/external/base64'
+require 'puppet/network/handler'
+require 'xmlrpc/server'
 class Puppet::Network::Handler # :nodoc:
   # Accept files and store them by md5 sum, returning the md5 sum back

data/lib/puppet/network/handler/fileserver.rb CHANGED

@@ -4,7 +4,7 @@ require 'webrick/httpstatus'
 require 'cgi'
 require 'delegate'
 require 'sync'
-require 'xmlrpc/server'
+require 'puppet/network/handler'
 require 'puppet/network/handler'
 require 'puppet/network/xmlrpc/server'

data/lib/puppet/network/handler/master.rb CHANGED

@@ -2,6 +2,7 @@ require 'openssl'
 require 'puppet'
 require 'xmlrpc/server'
 require 'yaml'
+require 'puppet/network/handler'
 class Puppet::Network::Handler
   class MasterError < Puppet::Error; end

data/lib/puppet/network/handler/report.rb CHANGED

@@ -1,5 +1,7 @@
 require 'puppet/util/instance_loader'
 require 'puppet/reports'
+require 'puppet/network/handler'
+require 'xmlrpc/server'
 # A simple server for triggering a new run on a Puppet client.
 class Puppet::Network::Handler

data/lib/puppet/network/handler/runner.rb CHANGED

@@ -1,5 +1,6 @@
 require 'puppet/run'
 require 'puppet/network/handler'
+require 'xmlrpc/server'
 class Puppet::Network::Handler
   class MissingMasterError < RuntimeError; end # Cannot find the master client

data/lib/puppet/network/handler/status.rb CHANGED

@@ -1,3 +1,5 @@
+require 'puppet/network/handler'
+require 'xmlrpc/server'
 class Puppet::Network::Handler
   class Status < Handler
     desc "A simple interface for testing Puppet connectivity."

data/lib/puppet/network/http/mongrel/rest.rb CHANGED

@@ -28,6 +28,8 @@ class Puppet::Network::HTTP::MongrelREST < Mongrel::HttpHandler
   # testing purposes.
   def params(request)
     params = Mongrel::HttpRequest.query_parse(request.params["QUERY_STRING"])
+    params.merge!(Mongrel::HttpRequest.query_parse(body(request))) if http_method(request).upcase == 'POST'
     params = decode_params(params)
     params.merge(client_info(request))
   end
@@ -41,7 +43,12 @@ class Puppet::Network::HTTP::MongrelREST < Mongrel::HttpHandler
   # return the request body
   def body(request)
-    request.body.read
+    body = request.body.read
+    # We rewind the body, since read on a StringIO is destructive, and
+    # subsequent reads will return an empty string.
+    request.body.rewind
+    body
   end
   def set_content_type(response, format)

data/lib/puppet/network/http_server.rb ADDED

@@ -0,0 +1,3 @@
+# Just a stub, so we can correctly scope other classes.
+module Puppet::Network::HTTPServer # :nodoc:
+end

data/lib/puppet/network/http_server/mongrel.rb ADDED

@@ -0,0 +1,129 @@
+#!/usr/bin/env ruby
+# File:       06-11-14-mongrel_xmlrpc.rb
+# Author:     Manuel Holtgrewe <purestorm at ggnore.net>
+#
+# Copyright (c) 2006 Manuel Holtgrewe, 2007 Luke Kanies
+#
+# This file is based heavily on a file retrieved from
+# http://ttt.ggnore.net/2006/11/15/xmlrpc-with-mongrel-and-ruby-off-rails/
+require 'rubygems'
+require 'mongrel'
+require 'xmlrpc/server'
+require 'puppet/network/xmlrpc/server'
+require 'puppet/network/http_server'
+require 'puppet/network/client_request'
+require 'puppet/network/handler'
+require 'resolv'
+# This handler can be hooked into Mongrel to accept HTTP requests. After
+# checking whether the request itself is sane, the handler forwards it
+# to an internal instance of XMLRPC::BasicServer to process it.
+#
+# You can access the server by calling the Handler's "xmlrpc_server"
+# attribute accessor method and add XMLRPC handlers there. For example:
+#
+# <pre>
+# handler = XmlRpcHandler.new
+# handler.xmlrpc_server.add_handler("my.add") { |a, b| a.to_i + b.to_i }
+# </pre>
+module Puppet::Network
+  class HTTPServer::Mongrel < ::Mongrel::HttpHandler
+    attr_reader :xmlrpc_server
+    def initialize(handlers)
+      if Puppet[:debug]
+        $mongrel_debug_client = true
+        Puppet.debug 'Mongrel client debugging enabled. [$mongrel_debug_client = true].'
+      end
+      # Create a new instance of BasicServer. We are supposed to subclass it
+      # but that does not make sense since we would not introduce any new
+      # behaviour and we have to subclass Mongrel::HttpHandler so our handler
+      # works for Mongrel.
+      @xmlrpc_server = Puppet::Network::XMLRPCServer.new
+      handlers.each do |name|
+        unless handler = Puppet::Network::Handler.handler(name)
+          raise ArgumentError, "Invalid handler #{name}"
+        end
+        @xmlrpc_server.add_handler(handler.interface, handler.new({}))
+      end
+    end
+    # This method produces the same results as XMLRPC::CGIServer.serve
+    # from Ruby's stdlib XMLRPC implementation.
+    def process(request, response)
+      # Make sure this has been a POST as required for XMLRPC.
+      request_method = request.params[Mongrel::Const::REQUEST_METHOD] || Mongrel::Const::GET
+      if request_method != "POST"
+        response.start(405) { |head, out| out.write("Method Not Allowed") }
+        return
+      end
+      # Make sure the user has sent text/xml data.
+      request_mime = request.params["CONTENT_TYPE"] || "text/plain"
+      if parse_content_type(request_mime).first != "text/xml"
+        response.start(400) { |head, out| out.write("Bad Request") }
+        return
+      end
+      # Make sure there is data in the body at all.
+      length = request.params[Mongrel::Const::CONTENT_LENGTH].to_i
+      if length <= 0
+        response.start(411) { |head, out| out.write("Length Required") }
+        return
+      end
+      # Check the body to be valid.
+      if request.body.nil? or request.body.size != length
+        response.start(400) { |head, out| out.write("Bad Request") }
+        return
+      end
+      info = client_info(request)
+      # All checks above passed through
+      response.start(200) do |head, out|
+        head["Content-Type"] = "text/xml; charset=utf-8"
+        begin
+          out.write(@xmlrpc_server.process(request.body, info))
+        rescue => detail
+          puts detail.backtrace
+          raise
+        end
+      end
+    end
+    private
+    def client_info(request)
+      params = request.params
+      ip = params["HTTP_X_FORWARDED_FOR"] ? params["HTTP_X_FORWARDED_FOR"].split(',').last.strip : params["REMOTE_ADDR"]
+      # JJM #906 The following dn.match regular expression is forgiving
+      # enough to match the two Distinguished Name string contents
+      # coming from Apache, Pound or other reverse SSL proxies.
+      if dn = params[Puppet[:ssl_client_header]] and dn_matchdata = dn.match(/^.*?CN\s*=\s*(.*)/)
+        client = dn_matchdata[1].to_str
+        valid = (params[Puppet[:ssl_client_verify_header]] == 'SUCCESS')
+      else
+        begin
+          client = Resolv.getname(ip)
+        rescue => detail
+          Puppet.err "Could not resolve #{ip}: #{detail}"
+          client = "unknown"
+        end
+        valid = false
+      end
+      info = Puppet::Network::ClientRequest.new(client, ip, valid)
+      info
+    end
+    # Taken from XMLRPC::ParseContentType
+    def parse_content_type(str)
+      a, *b = str.split(";")
+      return a.strip, *b
+    end
+  end
+end

data/lib/puppet/network/rest_authconfig.rb CHANGED

@@ -14,9 +14,11 @@ module Puppet
       { :acl => "/file" },
       { :acl => "/certificate_revocation_list/ca", :method => :find, :authenticated => true },
       { :acl => "/report", :method => :save, :authenticated => true },
-      { :acl => "/certificate/ca", :method => :find, :authenticated => false },
-      { :acl => "/certificate/", :method => :find, :authenticated => false },
-      { :acl => "/certificate_request", :method => [:find, :save], :authenticated => false },
+      # These allow `auth any`, because if you can do them anonymously you
+      # should probably also be able to do them when trusted.
+      { :acl => "/certificate/ca", :method => :find, :authenticated => :any },
+      { :acl => "/certificate/", :method => :find, :authenticated => :any },
+      { :acl => "/certificate_request", :method => [:find, :save], :authenticated => :any },
       { :acl => "/status", :method => [:find], :authenticated => true },
     ]
@@ -65,9 +67,15 @@ module Puppet
     # force regular ACLs to be present
     def insert_default_acl
+      if exists? then
+        reason = "none were found in '#{@file}'"
+      else
+        reason = "#{Puppet[:rest_authconfig]} doesn't exist"
+      end
       DEFAULT_ACL.each do |acl|
         unless rights[acl[:acl]]
-          Puppet.info "Inserting default '#{acl[:acl]}'(#{acl[:authenticated] ? "auth" : "non-auth"}) ACL because #{( !exists? ? "#{Puppet[:rest_authconfig]} doesn't exist" : "none were found in '#{@file}'")}"
+          Puppet.info "Inserting default '#{acl[:acl]}' (auth #{acl[:authenticated]}) ACL because #{reason}"
           mk_acl(acl)
         end
       end