RubyGems - puppet - Versions diffs - 2.7.6 → 2.7.8 - Mend

puppet 2.7.6 → 2.7.8

Potentially problematic release.

This version of puppet might be problematic. Click here for more details.

Files changed (206) hide show

data/CHANGELOG +168 -0
data/conf/auth.conf +5 -4
data/conf/redhat/puppet.spec +16 -1
data/conf/solaris/pkginfo +2 -2
data/conf/suse/puppet.spec +9 -3
data/ext/upload_facts.rb +120 -0
data/install.rb +11 -16
data/lib/puppet.rb +1 -1
data/lib/puppet/application/agent.rb +0 -3
data/lib/puppet/application/apply.rb +0 -3
data/lib/puppet/application/queue.rb +21 -1
data/lib/puppet/defaults.rb +6 -4
data/lib/puppet/face/file/store.rb +1 -1
data/lib/puppet/feature/base.rb +2 -1
data/lib/puppet/file_bucket/dipper.rb +3 -2
data/lib/puppet/file_serving/content.rb +1 -1
data/lib/puppet/file_serving/metadata.rb +5 -2
data/lib/puppet/indirector/facts/inventory_service.rb +20 -0
data/lib/puppet/indirector/file_bucket_file/file.rb +3 -2
data/lib/puppet/indirector/report/processor.rb +1 -1
data/lib/puppet/network/handler/filebucket.rb +2 -0
data/lib/puppet/network/handler/fileserver.rb +1 -1
data/lib/puppet/network/handler/master.rb +1 -0
data/lib/puppet/network/handler/report.rb +2 -0
data/lib/puppet/network/handler/runner.rb +1 -0
data/lib/puppet/network/handler/status.rb +2 -0
data/lib/puppet/network/http/mongrel/rest.rb +8 -1
data/lib/puppet/network/http_server.rb +3 -0
data/lib/puppet/network/http_server/mongrel.rb +129 -0
data/lib/puppet/network/rest_authconfig.rb +12 -4
data/lib/puppet/parameter.rb +18 -0
data/lib/puppet/parser/compiler.rb +1 -1
data/lib/puppet/parser/grammar.ra +1 -1
data/lib/puppet/parser/parser.rb +360 -350
data/lib/puppet/property.rb +3 -3
data/lib/puppet/provider/augeas/augeas.rb +1 -1
data/lib/puppet/provider/exec/windows.rb +6 -7
data/lib/puppet/provider/file/windows.rb +9 -2
data/lib/puppet/provider/group/aix.rb +8 -8
data/lib/puppet/provider/group/groupadd.rb +1 -3
data/lib/puppet/provider/group/ldap.rb +8 -10
data/lib/puppet/provider/group/windows_adsi.rb +8 -2
data/lib/puppet/provider/package/aix.rb +1 -1
data/lib/puppet/provider/package/macports.rb +3 -3
data/lib/puppet/provider/package/msi.rb +12 -5
data/lib/puppet/provider/package/nim.rb +1 -1
data/lib/puppet/provider/package/pkgdmg.rb +3 -3
data/lib/puppet/provider/package/ports.rb +1 -1
data/lib/puppet/provider/scheduled_task/win32_taskscheduler.rb +560 -0
data/lib/puppet/provider/service/base.rb +2 -2
data/lib/puppet/provider/service/bsd.rb +4 -3
data/lib/puppet/provider/service/daemontools.rb +25 -25
data/lib/puppet/provider/service/debian.rb +6 -4
data/lib/puppet/provider/service/freebsd.rb +1 -1
data/lib/puppet/provider/service/gentoo.rb +4 -3
data/lib/puppet/provider/service/init.rb +3 -8
data/lib/puppet/provider/service/launchd.rb +129 -96
data/lib/puppet/provider/service/redhat.rb +2 -3
data/lib/puppet/provider/service/runit.rb +20 -20
data/lib/puppet/provider/service/smf.rb +8 -7
data/lib/puppet/provider/service/src.rb +5 -6
data/lib/puppet/provider/service/systemd.rb +1 -1
data/lib/puppet/provider/service/upstart.rb +3 -5
data/lib/puppet/provider/service/windows.rb +7 -7
data/lib/puppet/provider/sshkey/parsed.rb +2 -3
data/lib/puppet/provider/user/aix.rb +21 -21
data/lib/puppet/provider/user/hpux.rb +3 -1
data/lib/puppet/provider/user/ldap.rb +7 -7
data/lib/puppet/provider/user/user_role_add.rb +10 -6
data/lib/puppet/provider/user/useradd.rb +3 -1
data/lib/puppet/provider/user/windows_adsi.rb +4 -3
data/lib/puppet/rb_tree_map.rb +388 -0
data/lib/puppet/reference/configuration.rb +7 -7
data/lib/puppet/reference/indirection.rb +5 -6
data/lib/puppet/reference/metaparameter.rb +3 -1
data/lib/puppet/reference/network.rb +8 -8
data/lib/puppet/reference/providers.rb +17 -21
data/lib/puppet/reference/type.rb +12 -9
data/lib/puppet/resource.rb +2 -5
data/lib/puppet/resource/catalog.rb +1 -1
data/lib/puppet/ssl/certificate_request.rb +70 -0
data/lib/puppet/ssl/host.rb +6 -0
data/lib/puppet/transaction.rb +158 -55
data/lib/puppet/transaction/event_manager.rb +1 -1
data/lib/puppet/type.rb +60 -30
data/lib/puppet/type/augeas.rb +83 -49
data/lib/puppet/type/computer.rb +1 -1
data/lib/puppet/type/cron.rb +11 -11
data/lib/puppet/type/exec.rb +28 -21
data/lib/puppet/type/file.rb +17 -7
data/lib/puppet/type/file/content.rb +2 -2
data/lib/puppet/type/file/ensure.rb +15 -12
data/lib/puppet/type/file/mode.rb +30 -5
data/lib/puppet/type/file/source.rb +11 -10
data/lib/puppet/type/file/target.rb +2 -2
data/lib/puppet/type/filebucket.rb +1 -1
data/lib/puppet/type/group.rb +4 -5
data/lib/puppet/type/host.rb +1 -1
data/lib/puppet/type/interface.rb +13 -10
data/lib/puppet/type/k5login.rb +6 -6
data/lib/puppet/type/macauthorization.rb +37 -36
data/lib/puppet/type/maillist.rb +2 -2
data/lib/puppet/type/mcx.rb +6 -6
data/lib/puppet/type/mount.rb +3 -2
data/lib/puppet/type/notify.rb +1 -1
data/lib/puppet/type/package.rb +24 -23
data/lib/puppet/type/router.rb +4 -1
data/lib/puppet/type/schedule.rb +52 -44
data/lib/puppet/type/scheduled_task.rb +222 -0
data/lib/puppet/type/selmodule.rb +10 -6
data/lib/puppet/type/service.rb +11 -11
data/lib/puppet/type/ssh_authorized_key.rb +2 -5
data/lib/puppet/type/sshkey.rb +1 -1
data/lib/puppet/type/stage.rb +1 -1
data/lib/puppet/type/tidy.rb +10 -8
data/lib/puppet/type/user.rb +61 -53
data/lib/puppet/type/vlan.rb +4 -4
data/lib/puppet/type/whit.rb +6 -2
data/lib/puppet/type/yumrepo.rb +33 -31
data/lib/puppet/type/zfs.rb +34 -32
data/lib/puppet/type/zone.rb +21 -19
data/lib/puppet/type/zpool.rb +3 -3
data/lib/puppet/util.rb +24 -6
data/lib/puppet/util/adsi.rb +12 -7
data/lib/puppet/util/checksums.rb +1 -1
data/lib/puppet/util/diff.rb +1 -1
data/lib/puppet/util/nagios_maker.rb +2 -2
data/lib/puppet/util/reference.rb +16 -17
data/lib/puppet/util/settings/file_setting.rb +14 -2
data/lib/puppet/util/windows/security.rb +96 -32
data/spec/integration/file_serving/terminus_helper_spec.rb +1 -1
data/spec/integration/indirector/direct_file_server_spec.rb +9 -15
data/spec/integration/indirector/file_content/file_server_spec.rb +1 -1
data/spec/integration/indirector/file_metadata/file_server_spec.rb +1 -1
data/spec/integration/provider/package_spec.rb +4 -0
data/spec/integration/provider/service/init_spec.rb +8 -2
data/spec/integration/reference/providers_spec.rb +1 -1
data/spec/integration/ssl/certificate_request_spec.rb +1 -2
data/spec/integration/ssl/certificate_revocation_list_spec.rb +1 -2
data/spec/integration/ssl/host_spec.rb +1 -2
data/spec/integration/transaction_spec.rb +25 -17
data/spec/integration/type/exec_spec.rb +77 -0
data/spec/integration/type/file_spec.rb +322 -2
data/spec/integration/util/windows/security_spec.rb +393 -230
data/spec/integration/util_spec.rb +16 -0
data/spec/lib/puppet_spec/files.rb +3 -7
data/spec/unit/application/apply_spec.rb +0 -9
data/spec/unit/application/inspect_spec.rb +1 -0
data/spec/unit/configurer/downloader_spec.rb +3 -3
data/spec/unit/face/certificate_spec.rb +6 -2
data/spec/unit/file_bucket/dipper_spec.rb +67 -10
data/spec/unit/file_bucket/file_spec.rb +22 -28
data/spec/unit/file_serving/content_spec.rb +1 -1
data/spec/unit/file_serving/metadata_spec.rb +30 -3
data/spec/unit/indirector/facts/inventory_service_spec.rb +22 -0
data/spec/unit/indirector/file_bucket_file/file_spec.rb +21 -24
data/spec/unit/indirector/node/store_configs_spec.rb +1 -0
data/spec/unit/indirector/resource/ral_spec.rb +1 -1
data/spec/unit/indirector/resource_type/parser_spec.rb +2 -2
data/spec/unit/indirector/rest_spec.rb +1 -1
data/spec/unit/network/handler/ca_spec.rb +1 -1
data/spec/unit/network/http/mongrel/rest_spec.rb +54 -25
data/spec/unit/parameter_spec.rb +36 -0
data/spec/unit/parser/parser_spec.rb +4 -0
data/spec/unit/property_spec.rb +2 -2
data/spec/unit/provider/exec/windows_spec.rb +2 -8
data/spec/unit/provider/file/posix_spec.rb +6 -0
data/spec/unit/provider/file/windows_spec.rb +18 -0
data/spec/unit/provider/group/windows_adsi_spec.rb +22 -6
data/spec/unit/provider/mount/parsed_spec.rb +1 -1
data/spec/unit/provider/package/msi_spec.rb +2 -2
data/spec/unit/provider/scheduled_task/win32_taskscheduler_spec.rb +1571 -0
data/spec/unit/provider/service/launchd_spec.rb +143 -130
data/spec/unit/provider/ssh_authorized_key/parsed_spec.rb +5 -0
data/spec/unit/provider/user/user_role_add_spec.rb +39 -9
data/spec/unit/provider/user/useradd_spec.rb +1 -1
data/spec/unit/provider/user/windows_adsi_spec.rb +8 -1
data/spec/unit/rb_tree_map_spec.rb +572 -0
data/spec/unit/resource/catalog_spec.rb +1 -1
data/spec/unit/simple_graph_spec.rb +9 -9
data/spec/unit/ssl/host_spec.rb +60 -12
data/spec/unit/transaction/report_spec.rb +3 -3
data/spec/unit/transaction_spec.rb +394 -11
data/spec/unit/type/exec_spec.rb +35 -15
data/spec/unit/type/file/content_spec.rb +11 -10
data/spec/unit/type/file/mode_spec.rb +73 -19
data/spec/unit/type/file/source_spec.rb +1 -1
data/spec/unit/type/file_spec.rb +15 -0
data/spec/unit/type/group_spec.rb +1 -1
data/spec/unit/type/mount_spec.rb +5 -5
data/spec/unit/type/resources_spec.rb +3 -3
data/spec/unit/type/scheduled_task_spec.rb +102 -0
data/spec/unit/type/ssh_authorized_key_spec.rb +2 -3
data/spec/unit/type/user_spec.rb +2 -1
data/spec/unit/type_spec.rb +48 -4
data/spec/unit/util/adsi_spec.rb +18 -7
data/spec/unit/util/checksums_spec.rb +20 -2
data/spec/unit/util/execution_stub_spec.rb +10 -5
data/spec/unit/util/logging_spec.rb +6 -6
data/spec/unit/util/rdoc/parser_spec.rb +1 -1
data/spec/unit/util/reference_spec.rb +29 -0
data/spec/unit/util/settings/file_setting_spec.rb +8 -2
data/spec/unit/util_spec.rb +115 -0
data/test/other/transactions.rb +5 -11
data/test/ral/type/exec.rb +1 -1
metadata +24 -11

data/lib/puppet/reference/configuration.rb CHANGED

@@ -10,19 +10,19 @@ config = Puppet::Util::Reference.newreference(:configuration, :depth => 1, :doc
   }.each do |name, object|
     # Make each name an anchor
     header = name.to_s
-    str += h(header, 3)
+    str << markdown_header(header, 3)
     # Print the doc string itself
     begin
-      str += object.desc.gsub(/\n/, " ")
+      str << object.desc.gsub(/\n/, " ")
     rescue => detail
       puts detail.backtrace
       puts detail
     end
-    str += "\n\n"
+    str << "\n\n"
     # Now print the data about the item.
-    str += ""
+    str << ""
     val = object.default
     if name.to_s == "vardir"
       val = "/var/lib/puppet"
@@ -31,11 +31,11 @@ config = Puppet::Util::Reference.newreference(:configuration, :depth => 1, :doc
     end
     # Leave out the section information; it was apparently confusing people.
-    #str += "- **Section**: #{object.section}\n"
+    #str << "- **Section**: #{object.section}\n"
     unless val == ""
-      str += "- *Default*: #{val}\n"
+      str << "- *Default*: #{val}\n"
     end
-    str += "\n"
+    str << "\n"
   end
   return str

data/lib/puppet/reference/indirection.rb CHANGED

@@ -8,16 +8,15 @@ reference = Puppet::Util::Reference.newreference :indirection, :doc => "Indirect
   Puppet::Indirector::Indirection.instances.sort { |a,b| a.to_s <=> b.to_s }.each do |indirection|
     ind = Puppet::Indirector::Indirection.instance(indirection)
     name = indirection.to_s.capitalize
-    text += "## " + indirection.to_s + "\n\n"
+    text << "## " + indirection.to_s + "\n\n"
-    text += ind.doc + "\n\n"
+    text << ind.doc + "\n\n"
     Puppet::Indirector::Terminus.terminus_classes(ind.name).sort { |a,b| a.to_s <=> b.to_s }.each do |terminus|
-      text += "### " + terminus.to_s + "\n\n"
+      terminus_name = terminus.to_s
       term_class = Puppet::Indirector::Terminus.terminus_class(ind.name, terminus)
-      text += Puppet::Util::Docs.scrub(term_class.doc) + "\n\n"
+      terminus_doc = Puppet::Util::Docs.scrub(term_class.doc)
+      text << markdown_definitionlist(terminus_name, terminus_doc)
     end
   end

data/lib/puppet/reference/metaparameter.rb CHANGED

@@ -29,7 +29,9 @@ in your manifest, including defined components.
     params.sort { |a,b|
       a.to_s <=> b.to_s
     }.each { |param|
-      str += paramwrap(param.to_s, scrub(Puppet::Type.metaparamdoc(param)), :level => 3)
+      str << markdown_header(param.to_s, 3)
+      str << scrub(Puppet::Type.metaparamdoc(param))
+      str << "\n\n"
     }
   rescue => detail
     puts detail.backtrace

data/lib/puppet/reference/network.rb CHANGED

@@ -9,14 +9,14 @@ network = Puppet::Util::Reference.newreference :network, :depth => 2, :doc => "A
     interface = handler.interface
-    ret += h(name, 2)
-    ret += scrub(handler.doc)
-    ret += "\n\n"
-    ret += option(:prefix, interface.prefix)
-    ret += option(:side, handler.side.to_s.capitalize)
-    ret += option(:methods, interface.methods.collect { |ary| ary[0] }.join(", ") )
-    ret += "\n\n"
+    ret << markdown_header(name, 2)
+    ret << scrub(handler.doc)
+    ret << "\n\n"
+    ret << option(:prefix, interface.prefix)
+    ret << option(:side, handler.side.to_s.capitalize)
+    ret << option(:methods, interface.methods.collect { |ary| ary[0] }.join(", ") )
+    ret << "\n\n"
   end
   ret

data/lib/puppet/reference/providers.rb CHANGED

@@ -17,16 +17,16 @@ providers = Puppet::Util::Reference.newreference :providers, :title => "Provider
   ["Ruby Version", "Puppet Version", "Operating System", "Operating System Release"].each do |label|
     name = label.gsub(/\s+/, '')
     value = Facter.value(name)
-    ret += option(label, value)
+    ret << option(label, value)
   end
-  ret += "\n"
+  ret << "\n"
   count = 1
   # Produce output for each type.
   types.each do |type|
     features = type.features
-    ret += "\n" # add a trailing newline
+    ret << "\n" # add a trailing newline
     # Now build up a table of provider suitability.
     headers = %w{Provider Suitable?} + features.collect { |f| f.to_s }.sort
@@ -35,11 +35,7 @@ providers = Puppet::Util::Reference.newreference :providers, :title => "Provider
     functional = false
     notes = []
-    begin
-      default = type.defaultprovider.name
-    rescue Puppet::DevError
-      default = "none"
-    end
+    default = type.defaultprovider ? type.defaultprovider.name : 'none'
     type.providers.sort { |a,b| a.to_s <=> b.to_s }.each do |pname|
       data = []
       table_data[pname] = data
@@ -61,21 +57,21 @@ providers = Puppet::Util::Reference.newreference :providers, :title => "Provider
         missing.each do |test, values|
           case test
           when :exists
-            details += "  - Missing files #{values.join(", ")}\n"
+            details << "  - Missing files #{values.join(", ")}\n"
           when :variable
             values.each do |name, facts|
               if Puppet.settings.valid?(name)
-                details += "  - Setting #{name} (currently #{Puppet.settings.value(name).inspect}) not in list #{facts.join(", ")}\n"
+                details << "  - Setting #{name} (currently #{Puppet.settings.value(name).inspect}) not in list #{facts.join(", ")}\n"
               else
-                details += "  - Fact #{name} (currently #{Facter.value(name).inspect}) not in list #{facts.join(", ")}\n"
+                details << "  - Fact #{name} (currently #{Facter.value(name).inspect}) not in list #{facts.join(", ")}\n"
               end
             end
           when :true
-            details += "  - Got #{values} true tests that should have been false\n"
+            details << "  - Got #{values} true tests that should have been false\n"
           when :false
-            details += "  - Got #{values} false tests that should have been true\n"
+            details << "  - Got #{values} false tests that should have been true\n"
           when :feature
-            details += "  - Missing features #{values.collect { |f| f.to_s }.join(",")}\n"
+            details << "  - Missing features #{values.collect { |f| f.to_s }.join(",")}\n"
           end
         end
         notes << details
@@ -93,20 +89,20 @@ providers = Puppet::Util::Reference.newreference :providers, :title => "Provider
       end
     end
-    ret += h(type.name.to_s + "_", 2)
+    ret << markdown_header(type.name.to_s + "_", 2)
-    ret += "[#{type.name}](#{"http://docs.puppetlabs.com/references/stable/type.html##{type.name}"})\n\n"
-    ret += option("Default provider", default)
-    ret += doctable(headers, table_data)
+    ret << "[#{type.name}](#{"http://docs.puppetlabs.com/references/stable/type.html##{type.name}"})\n\n"
+    ret << option("Default provider", default)
+    ret << doctable(headers, table_data)
     notes.each do |note|
-      ret += note + "\n"
+      ret << note + "\n"
     end
-    ret += "\n"
+    ret << "\n"
   end
-  ret += "\n"
+  ret << "\n"
   ret
 end

data/lib/puppet/reference/type.rb CHANGED

@@ -23,7 +23,7 @@ type = Puppet::Util::Reference.newreference :type, :doc => "All Puppet resource
       file { "/etc/passwd":
         owner => root,
         group => root,
-        mode => 644
+        mode  => 644
       }
   `/etc/passwd` is considered the title of the file object (used for things like
@@ -54,19 +54,19 @@ type = Puppet::Util::Reference.newreference :type, :doc => "All Puppet resource
       a.to_s <=> b.to_s
     }.each { |name,type|
-      str += "
+      str << "
 ----------------
 "
-  str += h(name, 3)
-  str += scrub(type.doc) + "\n\n"
+  str << markdown_header(name, 3)
+  str << scrub(type.doc) + "\n\n"
   # Handle the feature docs.
   if featuredocs = type.featuredocs
-    str += h("Features", 4)
-    str += featuredocs
+    str << markdown_header("Features", 4)
+    str << featuredocs
     end
     docs = {}
@@ -92,7 +92,7 @@ type = Puppet::Util::Reference.newreference :type, :doc => "All Puppet resource
       docs[sname]  = tmp
     }
-    str += h("Parameters", 4) + "\n"
+    str << markdown_header("Parameters", 4) + "\n"
     type.parameters.sort { |a,b|
       a.to_s <=> b.to_s
     }.each { |name,param|
@@ -104,9 +104,12 @@ type = Puppet::Util::Reference.newreference :type, :doc => "All Puppet resource
     docs.sort { |a, b|
       a[0].to_s <=> b[0].to_s
     }.each { |name, doc|
-      str += paramwrap(name, doc, :namevar => additional_key_attributes.include?(name))
+      if additional_key_attributes.include?(name)
+        doc = "(**Namevar:** If omitted, this parameter's value defaults to the resource's title.)\n\n" + doc
+      end
+      str << markdown_definitionlist(name, doc)
     }
-    str += "\n"
+    str << "\n"
   }
   str

data/lib/puppet/resource.rb CHANGED

@@ -1,6 +1,7 @@
 require 'puppet'
 require 'puppet/util/tagging'
 require 'puppet/util/pson'
+require 'puppet/parameter'
 # The simplest resource class.  Eventually it will function as the
 # base class for all resource-like behaviour.
@@ -264,11 +265,7 @@ class Puppet::Resource
     attributes = attr.collect { |k|
       v = parameters[k]
-      if v.is_a? Array
-        "  %-#{attr_max}s => %s,\n" % [ k, "[\'#{v.join("', '")}\']" ]
-      else
-        "  %-#{attr_max}s => %s,\n" % [ k, "\'#{v}\'" ]
-      end
+      "  %-#{attr_max}s => %s,\n" % [k, Puppet::Parameter.format_value_for_display(v)]
     }.join
     "%s { '%s':\n%s}" % [self.type.to_s.downcase, self.title, attributes]

data/lib/puppet/resource/catalog.rb CHANGED

@@ -361,7 +361,7 @@ class Puppet::Resource::Catalog < Puppet::SimpleGraph
     #
     # These two hashes comprise the aforementioned attention to the possible
     #   case of containers that contain / depend on other containers; they map
-    #   containers to their sentinals but pass other verticies through.  Thus we
+    #   containers to their sentinels but pass other verticies through.  Thus we
     #   can "do the right thing" for references to other verticies that may or
     #   may not be containers.
     #

data/lib/puppet/ssl/certificate_request.rb CHANGED

@@ -146,4 +146,74 @@ class Puppet::SSL::CertificateRequest < Puppet::SSL::Base
       sort.
       uniq
   end
+  # Return the set of extensions requested on this CSR, in a form designed to
+  # be useful to Ruby: a hash.  Which, not coincidentally, you can pass
+  # successfully to the OpenSSL constructor later, if you want.
+  def request_extensions
+    raise Puppet::Error, "CSR needs content to extract fields" unless @content
+    # Prefer the standard extReq, but accept the Microsoft specific version as
+    # a fallback, if the standard version isn't found.
+    ext = @content.attributes.find {|x| x.oid == "extReq" } or
+      @content.attributes.find {|x| x.oid == "msExtReq" }
+    return [] unless ext
+    # Assert the structure and extract the names into an array of arrays.
+    unless ext.value.is_a? OpenSSL::ASN1::Set
+      raise Puppet::Error, "In #{ext.oid}, expected Set but found #{ext.value.class}"
+    end
+    unless ext.value.value.is_a? Array
+      raise Puppet::Error, "In #{ext.oid}, expected Set[Array] but found #{ext.value.value.class}"
+    end
+    unless ext.value.value.length == 1
+      raise Puppet::Error, "In #{ext.oid}, expected Set[Array[...]], but found #{ext.value.value.length} items in the array"
+    end
+    san = ext.value.value.first
+    unless san.is_a? OpenSSL::ASN1::Sequence
+      raise Puppet::Error, "In #{ext.oid}, expected Set[Array[Sequence[...]]], but found #{san.class}"
+    end
+    san = san.value
+    # OK, now san should be the array of items, validate that...
+    index = -1
+    san.map do |name|
+      index += 1
+      unless name.is_a? OpenSSL::ASN1::Sequence
+        raise Puppet::Error, "In #{ext.oid}, expected request extension record #{index} to be a Sequence, but found #{name.class}"
+      end
+      name = name.value
+      # OK, turn that into an extension, to unpack the content.  Lovely that
+      # we have to swap the order of arguments to the underlying method, or
+      # perhaps that the ASN.1 representation chose to pack them in a
+      # strange order where the optional component comes *earlier* than the
+      # fixed component in the sequence.
+      case name.length
+      when 2
+        ev = OpenSSL::X509::Extension.new(name[0].value, name[1].value)
+        { "oid" => ev.oid, "value" => ev.value }
+      when 3
+        ev = OpenSSL::X509::Extension.new(name[0].value, name[2].value, name[1].value)
+        { "oid" => ev.oid, "value" => ev.value, "critical" => ev.critical? }
+      else
+        raise Puppet::Error, "In #{ext.oid}, expected extension record #{index} to have two or three items, but found #{name.length}"
+      end
+    end.flatten
+  end
+  def subject_alt_names
+    @subject_alt_names ||= request_extensions.
+      select {|x| x["oid"] = "subjectAltName" }.
+      map {|x| x["value"].split(/\s*,\s*/) }.
+      flatten.
+      sort.
+      uniq
+  end
 end

data/lib/puppet/ssl/host.rb CHANGED

@@ -160,6 +160,10 @@ class Puppet::SSL::Host
     name == Puppet[:certname].downcase
   end
+  def this_csr_is_for_the_current_host
+    name == Puppet[:certname].downcase
+  end
   # Our certificate request requires the key but that's all.
   def generate_certificate_request(options = {})
     generate_key unless key
@@ -169,6 +173,8 @@ class Puppet::SSL::Host
       # ...add our configured dns_alt_names
       if Puppet[:dns_alt_names] and Puppet[:dns_alt_names] != ''
         options[:dns_alt_names] ||= Puppet[:dns_alt_names]
+      elsif Puppet::SSL::CertificateAuthority.ca? and fqdn = Facter.value(:fqdn) and domain = Facter.value(:domain)
+        options[:dns_alt_names] = "puppet, #{fqdn}, puppet.#{domain}"
       end
     end

data/lib/puppet/transaction.rb CHANGED

@@ -92,7 +92,7 @@ class Puppet::Transaction
   # collects all of the changes, executes them, and responds to any
   # necessary events.
   def evaluate
-    prepare
+    add_dynamically_generated_resources
     Puppet.info "Applying configuration version '#{catalog.version}'" if catalog.version
@@ -145,15 +145,18 @@ class Puppet::Transaction
   end
   def eval_generate(resource)
+    return false unless resource.respond_to?(:eval_generate)
     raise Puppet::DevError,"Depthfirst resources are not supported by eval_generate" if resource.depthfirst?
     begin
-      made = resource.eval_generate.uniq.reverse
+      made = resource.eval_generate.uniq
+      return false if made.empty?
+      made = Hash[made.map(&:name).zip(made)]
     rescue => detail
       puts detail.backtrace if Puppet[:trace]
       resource.err "Failed to generate additional resources using 'eval_generate: #{detail}"
-      return
+      return false
     end
-    made.each do |res|
+    made.values.each do |res|
       begin
         res.tag(*resource.tags)
         @catalog.add_resource(res)
@@ -162,17 +165,34 @@ class Puppet::Transaction
         res.info "Duplicate generated resource; skipping"
       end
     end
-    sentinal = Puppet::Type::Whit.new(:name => "completed_#{resource.title}", :catalog => resource.catalog)
+    sentinel = Puppet::Type.type(:whit).new(:name => "completed_#{resource.title}", :catalog => resource.catalog)
+    # The completed whit is now the thing that represents the resource is done
     relationship_graph.adjacent(resource,:direction => :out,:type => :edges).each { |e|
-      add_conditional_directed_dependency(sentinal, e.target, e.label)
+      # But children run as part of the resource, not after it
+      next if made[e.target.name]
+      add_conditional_directed_dependency(sentinel, e.target, e.label)
       relationship_graph.remove_edge! e
     }
     default_label = Puppet::Resource::Catalog::Default_label
-    made.each do |res|
-      add_conditional_directed_dependency(made.find { |r| r != res && r.name == res.name[0,r.name.length]} || resource, res)
-      add_conditional_directed_dependency(res, sentinal, default_label)
+    made.values.each do |res|
+      # Depend on the nearest ancestor we generated, falling back to the
+      # resource if we have none
+      parent_name = res.ancestors.find { |a| made[a] and made[a] != res }
+      parent = made[parent_name] || resource
+      add_conditional_directed_dependency(parent, res)
+      # This resource isn't 'completed' until each child has run
+      add_conditional_directed_dependency(res, sentinel, default_label)
     end
-    add_conditional_directed_dependency(resource, sentinal, default_label)
+    # This edge allows the resource's events to propagate, though it isn't
+    # strictly necessary for ordering purposes
+    add_conditional_directed_dependency(resource, sentinel, default_label)
+    true
   end
   # A general method for recursively generating new resources from a
@@ -200,9 +220,7 @@ class Puppet::Transaction
     end
   end
-  # Collect any dynamically generated resources.  This method is called
-  # before the transaction starts.
-  def xgenerate
+  def add_dynamically_generated_resources
     @catalog.vertices.each { |resource| generate_additional_resources(resource) }
   end
@@ -221,41 +239,56 @@ class Puppet::Transaction
     @event_manager = Puppet::Transaction::EventManager.new(self)
     @resource_harness = Puppet::Transaction::ResourceHarness.new(self)
+    @prefetched_providers = Hash.new { |h,k| h[k] = {} }
   end
-  # Prefetch any providers that support it.  We don't support prefetching
-  # types, just providers.
-  def prefetch
-    prefetchers = {}
-    @catalog.vertices.each do |resource|
-      if provider = resource.provider and provider.class.respond_to?(:prefetch)
-        prefetchers[provider.class] ||= {}
-        prefetchers[provider.class][resource.name] = resource
-      end
-    end
+  def resources_by_provider(type_name, provider_name)
+    unless @resources_by_provider
+      @resources_by_provider = Hash.new { |h, k| h[k] = Hash.new { |h, k| h[k] = {} } }
-    # Now call prefetch, passing in the resources so that the provider instances can be replaced.
-    prefetchers.each do |provider, resources|
-      Puppet.debug "Prefetching #{provider.name} resources for #{provider.resource_type.name}"
-      begin
-        provider.prefetch(resources)
-      rescue => detail
-        puts detail.backtrace if Puppet[:trace]
-        Puppet.err "Could not prefetch #{provider.resource_type.name} provider '#{provider.name}': #{detail}"
+      @catalog.vertices.each do |resource|
+        if resource.class.attrclass(:provider)
+          prov = resource.provider && resource.provider.class.name
+          @resources_by_provider[resource.type][prov][resource.name] = resource
+        end
       end
     end
+    @resources_by_provider[type_name][provider_name] || {}
   end
-  # Prepare to evaluate the resources in a transaction.
-  def prepare
-    # Now add any dynamically generated resources
-    xgenerate
+  def prefetch_if_necessary(resource)
+    provider_class = resource.provider.class
+    return unless provider_class.respond_to?(:prefetch) and !prefetched_providers[resource.type][provider_class.name]
-    # Then prefetch.  It's important that we generate and then prefetch,
-    # so that any generated resources also get prefetched.
-    prefetch
+    resources = resources_by_provider(resource.type, provider_class.name)
+    if provider_class == resource.class.defaultprovider
+      providerless_resources = resources_by_provider(resource.type, nil)
+      providerless_resources.values.each {|res| res.provider = provider_class.name}
+      resources.merge! providerless_resources
+    end
+    prefetch(provider_class, resources)
   end
+  attr_reader :prefetched_providers
+  # Prefetch any providers that support it, yo.  We don't support prefetching
+  # types, just providers.
+  def prefetch(provider_class, resources)
+    type_name = provider_class.resource_type.name
+    return if @prefetched_providers[type_name][provider_class.name]
+    Puppet.debug "Prefetching #{provider_class.name} resources for #{type_name}"
+    begin
+      provider_class.prefetch(resources)
+    rescue => detail
+      puts detail.backtrace if Puppet[:trace]
+      Puppet.err "Could not prefetch #{type_name} provider '#{provider_class.name}': #{detail}"
+    end
+    @prefetched_providers[type_name][provider_class.name] = true
+  end
   # We want to monitor changes in the relationship graph of our
   # catalog but this is complicated by the fact that the catalog
@@ -273,46 +306,116 @@ class Puppet::Transaction
   # except via the Transaction#relationship_graph
   class Relationship_graph_wrapper
-    attr_reader :real_graph,:transaction,:ready,:generated,:done,:unguessable_deterministic_key
+    require 'puppet/rb_tree_map'
+    attr_reader :real_graph,:transaction,:ready,:generated,:done,:blockers,:unguessable_deterministic_key
     def initialize(real_graph,transaction)
       @real_graph = real_graph
       @transaction = transaction
-      @ready = {}
+      @ready = Puppet::RbTreeMap.new
       @generated = {}
       @done = {}
-      @unguessable_deterministic_key = Hash.new { |h,k| h[k] = Digest::SHA1.hexdigest("NaCl, MgSO4 (salts) and then #{k.title}") }
-      vertices.each { |v| check_if_now_ready(v) }
+      @blockers = {}
+      @unguessable_deterministic_key = Hash.new { |h,k| h[k] = Digest::SHA1.hexdigest("NaCl, MgSO4 (salts) and then #{k.ref}") }
+      @providerless_types = []
+      vertices.each do |v|
+        blockers[v] = direct_dependencies_of(v).length
+        enqueue(v) if blockers[v] == 0
+      end
     end
     def method_missing(*args,&block)
       real_graph.send(*args,&block)
     end
     def add_vertex(v)
       real_graph.add_vertex(v)
-      check_if_now_ready(v) # ?????????????????????????????????????????
     end
     def add_edge(f,t,label=nil)
-      ready.delete(t)
+      key = unguessable_deterministic_key[t]
+      ready.delete(key)
       real_graph.add_edge(f,t,label)
     end
-    def check_if_now_ready(r)
-      ready[r] = true if direct_dependencies_of(r).all? { |r2| done[r2] }
+    # Decrement the blocker count for the resource by 1. If the number of
+    # blockers is unknown, count them and THEN decrement by 1.
+    def unblock(resource)
+      blockers[resource] ||= direct_dependencies_of(resource).select { |r2| !done[r2] }.length
+      if blockers[resource] > 0
+        blockers[resource] -= 1
+      else
+        resource.warning "appears to have a negative number of dependencies"
+      end
+      blockers[resource] <= 0
+    end
+    def enqueue(*resources)
+      resources.each do |resource|
+        key = unguessable_deterministic_key[resource]
+        ready[key] = resource
+      end
+    end
+    def finish(resource)
+      direct_dependents_of(resource).each do |v|
+        enqueue(v) if unblock(v)
+      end
+      done[resource] = true
     end
     def next_resource
-      ready.keys.sort_by { |r0| unguessable_deterministic_key[r0] }.first
+      ready.delete_min
     end
     def traverse(&block)
       real_graph.report_cycles_in_graph
-      while (r = next_resource) && !transaction.stop_processing?
-        if !generated[r] && r.respond_to?(:eval_generate)
-          transaction.eval_generate(r)
-          generated[r] = true
+      deferred_resources = []
+      while (resource = next_resource) && !transaction.stop_processing?
+        if resource.suitable?
+          made_progress = true
+          transaction.prefetch_if_necessary(resource)
+          # If we generated resources, we don't know what they are now
+          # blocking, so we opt to recompute it, rather than try to track every
+          # change that would affect the number.
+          blockers.clear if transaction.eval_generate(resource)
+          yield resource
+          finish(resource)
         else
-          ready.delete(r)
-          yield r
-          done[r] = true
-          direct_dependents_of(r).each { |v| check_if_now_ready(v) }
+          deferred_resources << resource
+        end
+        if ready.empty? and deferred_resources.any?
+          if made_progress
+            enqueue(*deferred_resources)
+          else
+            fail_unsuitable_resources(deferred_resources)
+          end
+          made_progress = false
+          deferred_resources = []
         end
       end
+      # Just once per type. No need to punish the user.
+      @providerless_types.uniq.each do |type|
+        Puppet.err "Could not find a suitable provider for #{type}"
+      end
+    end
+    def fail_unsuitable_resources(resources)
+      resources.each do |resource|
+        # We don't automatically assign unsuitable providers, so if there
+        # is one, it must have been selected by the user.
+        if resource.provider
+          resource.err "Provider #{resource.provider.class.name} is not functional on this host"
+        else
+          @providerless_types << resource.type
+        end
+        transaction.resource_status(resource).failed = true
+        finish(resource)
+      end
     end
   end