puppet 2.7.6 → 2.7.8

data/lib/puppet/type/file.rb

@@ -25,7 +25,9 @@ Puppet::Type.newtype(:file) do
     Puppet Labs and we can hopefully work with you to develop a
     native resource to support what you are doing.
 
-    **Autorequires:** If Puppet is managing the user or group that owns a file, the file resource will autorequire them. If Puppet is managing any parent directories of a file, the file resource will autorequire them."
+    **Autorequires:** If Puppet is managing the user or group that owns a
+    file, the file resource will autorequire them. If Puppet is managing any
+    parent directories of a file, the file resource will autorequire them."
 
   def self.title_patterns
     [ [ /^(.*?)\/*\Z/m, [ [ :path, lambda{|x| x} ] ] ] ]
@@ -45,7 +47,7 @@ Puppet::Type.newtype(:file) do
     # path name. The aim is to use less storage for all common paths in a hierarchy
     munge do |value|
       # We know the value is absolute, so expanding it will just standardize it.
-      path, name = ::File.split(::File.expand_path value)
+      path, name = ::File.split(::File.expand_path(value))
 
       { :index => Puppet::FileCollection.collection.index(path), :name => name }
     end
@@ -54,7 +56,7 @@ Puppet::Type.newtype(:file) do
     unmunge do |value|
       basedir = Puppet::FileCollection.collection.path(value[:index])
 
-      ::File.expand_path ::File.join( basedir, value[:name] )
+      ::File.join( basedir, value[:name] )
     end
   end
 
@@ -221,8 +223,8 @@ Puppet::Type.newtype(:file) do
       `follow` will copy the target file instead of the link, `manage`
       will copy the link itself, and `ignore` will just pass it by.
       When not copying, `manage` and `ignore` behave equivalently
-      (because you cannot really ignore links entirely during local recursion), and `follow` will manage the file to which the
-      link points."
+      (because you cannot really ignore links entirely during local
+      recursion), and `follow` will manage the file to which the link points."
 
     newvalues(:follow, :manage)
 
@@ -259,7 +261,7 @@ Puppet::Type.newtype(:file) do
 
   # Autorequire the nearest ancestor directory found in the catalog.
   autorequire(:file) do
-    path = Pathname(self[:path])
+    path = Pathname.new(self[:path])
     if !path.root?
       # Start at our parent, to avoid autorequiring ourself
       parents = path.parent.enum_for(:ascend)
@@ -304,6 +306,8 @@ Puppet::Type.newtype(:file) do
     end
 
     self.warning "Possible error: recurselimit is set but not recurse, no recursion will happen" if !self[:recurse] and self[:recurselimit]
+
+    provider.validate if provider.respond_to?(:validate)
   end
 
   def self.[](path)
@@ -384,6 +388,12 @@ Puppet::Type.newtype(:file) do
     #end
   end
 
+  def ancestors
+    ancestors = Pathname.new(self[:path]).enum_for(:ascend).map(&:to_s)
+    ancestors.delete(self[:path])
+    ancestors
+  end
+
   def flush
     # We want to make sure we retrieve metadata anew on each transaction.
     @parameters.each do |name, param|
@@ -721,7 +731,7 @@ Puppet::Type.newtype(:file) do
     umask = mode ? 000 : 022
     mode_int = mode ? mode.to_i(8) : nil
 
-    content_checksum = Puppet::Util.withumask(umask) { ::File.open(path, 'w', mode_int ) { |f| write_content(f) } }
+    content_checksum = Puppet::Util.withumask(umask) { ::File.open(path, 'wb', mode_int ) { |f| write_content(f) } }
 
     # And put our new file in place
     if use_temporary_file # This is only not true when our file is empty.

data/lib/puppet/type/file/content.rb

@@ -104,7 +104,7 @@ module Puppet
 
       if ! result and Puppet[:show_diff]
         write_temporarily do |path|
-          print diff(@resource[:path], path)
+          notice "\n" + diff(@resource[:path], path)
         end
       end
       result
@@ -192,7 +192,7 @@ module Puppet
     end
 
     def chunk_file_from_disk(source_or_content)
-      File.open(source_or_content.full_path, "r") do |src|
+      File.open(source_or_content.full_path, "rb") do |src|
         while chunk = src.read(8192)
           yield chunk
         end

data/lib/puppet/type/file/ensure.rb

@@ -1,29 +1,32 @@
 module Puppet
   Puppet::Type.type(:file).ensurable do
     require 'etc'
-    desc "Whether to create files that don't currently exist.
+    desc <<-EOT
+      Whether to create files that don't currently exist.
       Possible values are *absent*, *present*, *file*, and *directory*.
       Specifying `present` will match any form of file existence, and
       if the file is missing will create an empty file. Specifying
-      `absent` will delete the file (and directory if recurse => true).
+      `absent` will delete the file (and directory if `recurse => true`).
 
-      Anything other than those values will create a symlink. In the interest of readability and clarity, you should use `ensure => link` and explicitly specify a
-      target; however, if a `target` attribute isn't provided, the value of the `ensure`
-      attribute will be used as the symlink target:
+      Anything other than those values will create a symlink. In the interest
+      of readability and clarity, you should use `ensure => link` and
+      explicitly specify a target; however, if a `target` attribute isn't
+      provided, the value of the `ensure` attribute will be used as the
+      symlink target. The following two declarations are equivalent:
 
           # (Useful on Solaris)
-          # Less maintainable: 
-          file { \"/etc/inetd.conf\":
-            ensure => \"/etc/inet/inetd.conf\",
+
+          # Less maintainable:
+          file { "/etc/inetd.conf":
+            ensure => "/etc/inet/inetd.conf",
           }
 
           # More maintainable:
-          file { \"/etc/inetd.conf\":
+          file { "/etc/inetd.conf":
             ensure => link,
-            target => \"/etc/inet/inetd.conf\",
+            target => "/etc/inet/inetd.conf",
           }
-      
-      These two declarations are equivalent."
+    EOT
 
     # Most 'ensure' properties have a default, but with files we, um, don't.
     nodefault

data/lib/puppet/type/file/mode.rb

@@ -15,7 +15,7 @@ module Puppet
       world-readable by setting e.g.:
 
           file { '/some/dir':
-            mode => 644,
+            mode    => 644,
             recurse => true,
           }
 
@@ -29,20 +29,25 @@ module Puppet
     end
 
     munge do |should|
-      dirmask(should)
+      if should.is_a?(String)
+        should.to_i(8).to_s(8)
+      else
+        should.to_s(8)
+      end
     end
 
     # If we're a directory, we need to be executable for all cases
     # that are readable.  This should probably be selectable, but eh.
     def dirmask(value)
-      value = value.to_i(8) unless value.is_a? Integer
       if FileTest.directory?(resource[:path])
+        value = value.to_i(8)
         value |= 0100 if value & 0400 != 0
         value |= 010 if value & 040 != 0
         value |= 01 if value & 04 != 0
+        value = value.to_s(8)
       end
 
-      value.to_s(8)
+      value
     end
 
     # If we're not following links and we're a link, then we just turn
@@ -55,6 +60,26 @@ module Puppet
         return super(currentvalue)
       end
     end
+
+    # Ideally, dirmask'ing could be done at munge time, but we don't know if 'ensure'
+    # will eventually be a directory or something else. And unfortunately, that logic
+    # depends on the ensure, source, and target properties. So rather than duplicate
+    # that logic, and get it wrong, we do dirmask during retrieve, after 'ensure' has
+    # been synced.
+    def retrieve
+      if @resource.stat
+        @should &&= @should.collect { |s| self.dirmask(s) }
+      end
+
+      super
+    end
+
+    def should_to_s(should_value)
+      should_value.rjust(4,"0")
+    end
+
+    def is_to_s(currentvalue)
+      currentvalue.rjust(4,"0")
+    end
   end
 end
-

data/lib/puppet/type/file/source.rb

@@ -12,7 +12,8 @@ module Puppet
     include Puppet::Util::Diff
 
     attr_accessor :source, :local
-    desc "Copy a file over the current file.  Uses `checksum` to
+    desc <<-EOT
+      Copy a file over the current file.  Uses `checksum` to
       determine when a file should be copied.  Valid values are either
       fully qualified paths to files, or URIs.  Currently supported URI
       types are *puppet* and *file*.
@@ -23,8 +24,8 @@ module Puppet
       sytems.  For instance:
 
           class sendmail {
-            file { \"/etc/mail/sendmail.cf\":
-              source => \"puppet://server/modules/module_name/sendmail.cf\"
+            file { "/etc/mail/sendmail.cf":
+              source => "puppet://server/modules/module_name/sendmail.cf"
             }
           }
 
@@ -42,18 +43,18 @@ module Puppet
       on the local host, whereas `agent` will connect to the
       puppet server that it received the manifest from.
 
-      See the [fileserver configuration documentation](http://docs.puppetlabs.com/guides/file_serving.html) for information on how to configure
-      and use file services within Puppet.
+      See the [fileserver configuration documentation](http://docs.puppetlabs.com/guides/file_serving.html)
+      for information on how to configure and use file services within Puppet.
 
       If you specify multiple file sources for a file, then the first
       source that exists will be used.  This allows you to specify
       what amount to search paths for files:
 
-          file { \"/path/to/my/file\":
+          file { "/path/to/my/file":
             source => [
-              \"/modules/nfs/files/file.$host\",
-              \"/modules/nfs/files/file.$operatingsystem\",
-              \"/modules/nfs/files/file\"
+              "/modules/nfs/files/file.$host",
+              "/modules/nfs/files/file.$operatingsystem",
+              "/modules/nfs/files/file"
             ]
           }
 
@@ -61,7 +62,7 @@ module Puppet
 
       You cannot currently copy links using this mechanism; set `links`
       to `follow` if any remote sources are links.
-      "
+    EOT
 
     validate do |sources|
       sources = [sources] unless sources.is_a?(Array)

data/lib/puppet/type/file/target.rb

@@ -2,7 +2,7 @@ module Puppet
   Puppet::Type.type(:file).newproperty(:target) do
     desc "The target for creating a link.  Currently, symlinks are the
       only type supported.
-      
+
       You can make relative links:
 
           # (Useful on Solaris)
@@ -10,7 +10,7 @@ module Puppet
             ensure => link,
             target => \"inet/inetd.conf\",
           }
-    
+
       You can also make recursive symlinks, which will create a
       directory structure that maps to the target directory,
       with directories corresponding to each directory

data/lib/puppet/type/filebucket.rb

@@ -42,7 +42,7 @@ module Puppet
         specified then *path* is checked. If it is set, then the
         bucket is local.  Otherwise the puppetmaster server specified
         in the config or at the commandline is used.
-        
+
         Due to a known issue, you currently must set the `path` attribute to
         false if you wish to specify a `server` attribute."
       defaultto { Puppet[:server] }

data/lib/puppet/type/group.rb

@@ -89,10 +89,9 @@ module Puppet
     end
 
     newparam(:name) do
-      desc "The group name.  While naming limitations vary by
-        system, it is advisable to keep the name to the degenerate
-        limitations, which is a maximum of 8 characters beginning with
-        a letter."
+      desc "The group name. While naming limitations vary by operating system,
+        it is advisable to restrict names to the lowest common denominator,
+        which is a maximum of 8 characters beginning with a letter."
       isnamevar
     end
 
@@ -110,7 +109,7 @@ module Puppet
     end
 
     newproperty(:attributes, :parent => Puppet::Property::KeyValue, :required_features => :manages_aix_lam) do
-      desc "Specify group AIX attributes in an array of keyvalue pairs"
+      desc "Specify group AIX attributes in an array of `key=value` pairs."
 
       def membership
         :attribute_membership

data/lib/puppet/type/host.rb

@@ -36,7 +36,7 @@ module Puppet
     end
 
     newproperty(:comment) do
-      desc "A comment that will be attached to the line with a # character"
+      desc "A comment that will be attached to the line with a # character."
     end
 
     newproperty(:target) do

data/lib/puppet/type/interface.rb

@@ -7,7 +7,7 @@ require 'puppet/util/network_device/ipcalc'
 Puppet::Type.newtype(:interface) do
 
     @doc = "This represents a router or switch interface. It is possible to manage
-    interface mode (access or trunking, native vlan and encapsulation), 
+    interface mode (access or trunking, native vlan and encapsulation) and
     switchport characteristics (speed, duplex)."
 
     apply_to_device
@@ -22,11 +22,11 @@ Puppet::Type.newtype(:interface) do
     end
 
     newparam(:name) do
-      desc "Interface name"
+      desc "The interface's name."
     end
 
     newparam(:device_url) do
-      desc "Url to connect to a router or switch."
+      desc "The URL at which the router or switch can be reached."
     end
 
     newproperty(:description) do
@@ -73,14 +73,17 @@ Puppet::Type.newtype(:interface) do
     newproperty(:ipaddress, :array_matching => :all) do
       include Puppet::Util::NetworkDevice::IPCalc
 
-      desc "IP Address of this interface (it might not be possible to set an interface IP address 
-      it depends on the interface type and device type).
+      desc "IP Address of this interface. Note that it might not be possible to set
+      an interface IP address; it depends on the interface type and device type.
+
       Valid format of ip addresses are:
-       * IPV4, like 127.0.0.1
-       * IPV4/prefixlength like 127.0.1.1/24
-       * IPV6/prefixlength like FE80::21A:2FFF:FE30:ECF0/128
-       * an optional suffix for IPV6 addresses from this list: eui-64, link-local
-      It is also possible to use an array of values. 
+
+      * IPV4, like 127.0.0.1
+      * IPV4/prefixlength like 127.0.1.1/24
+      * IPV6/prefixlength like FE80::21A:2FFF:FE30:ECF0/128
+      * an optional suffix for IPV6 addresses from this list: `eui-64`, `link-local`
+
+      It is also possible to supply an array of values.
       "
 
       validate do |values|

data/lib/puppet/type/k5login.rb

@@ -2,31 +2,31 @@
 
 Puppet::Type.newtype(:k5login) do
   @doc = "Manage the `.k5login` file for a user.  Specify the full path to
-    the `.k5login` file as the name and an array of principals as the
-    property principals."
+    the `.k5login` file as the name, and an array of principals as the
+    `principals` attribute."
 
   ensurable
 
   # Principals that should exist in the file
   newproperty(:principals, :array_matching => :all) do
-    desc "The principals present in the `.k5login` file."
+    desc "The principals present in the `.k5login` file. This should be specified as an array."
   end
 
   # The path/name of the k5login file
   newparam(:path) do
     isnamevar
-    desc "The path to the file to manage.  Must be fully qualified."
+    desc "The path to the `.k5login` file to manage.  Must be fully qualified."
 
     validate do |value|
       unless value =~ /^#{File::SEPARATOR}/
-        raise Puppet::Error, "File paths must be fully qualified"
+        raise Puppet::Error, "File paths must be fully qualified."
       end
     end
   end
 
   # To manage the mode of the file
   newproperty(:mode) do
-    desc "Manage the k5login file's mode"
+    desc "The desired permissions mode of the `.k5login` file. Defaults to `644`."
     defaultto { "644" }
   end
 

data/lib/puppet/type/macauthorization.rb

@@ -1,7 +1,12 @@
 Puppet::Type.newtype(:macauthorization) do
 
-  @doc = "Manage the Mac OS X authorization database.
-    See the [Apple developer site](http://developer.apple.com/documentation/Security/Conceptual/Security_Overview/Security_Services/chapter_4_section_5.html) for more information.
+  @doc = "Manage the Mac OS X authorization database. See the
+    [Apple developer site](http://developer.apple.com/documentation/Security/Conceptual/Security_Overview/Security_Services/chapter_4_section_5.html)
+    for more information.
+
+    Note that authorization store directives with hyphens in their names have
+    been renamed to use underscores, as Puppet does not react well to hyphens
+    in identifiers.
 
     **Autorequires:** If Puppet is managing the `/etc/authorization` file, each
     macauthorization resource will autorequire it."
@@ -31,7 +36,7 @@ Puppet::Type.newtype(:macauthorization) do
 
   newparam(:name) do
     desc "The name of the right or rule to be managed.
-    Corresponds to 'key' in Authorization Services. The key is the name
+    Corresponds to `key` in Authorization Services. The key is the name
     of a rule. A key uses the same naming conventions as a right. The
     Security Server uses a rule's key to match the rule with a right.
     Wildcard keys end with a '.'. The generic rule has an empty key value.
@@ -41,8 +46,8 @@ Puppet::Type.newtype(:macauthorization) do
   end
 
   newproperty(:auth_type) do
-    desc "type - can be a 'right' or a 'rule'. 'comment' has not yet been
-    implemented."
+    desc "Type --- this can be a `right` or a `rule`. The `comment` type has
+    not yet been implemented."
 
     newvalue(:right)
     newvalue(:rule)
@@ -50,11 +55,10 @@ Puppet::Type.newtype(:macauthorization) do
   end
 
   newproperty(:allow_root, :boolean => true) do
-    desc "Corresponds to 'allow-root' in the authorization store, renamed
-    due to hyphens being problematic. Specifies whether a right should be
-    allowed automatically if the requesting process is running with
-    uid == 0.  AuthorizationServices defaults this attribute to false if
-    not specified"
+    desc "Corresponds to `allow-root` in the authorization store. Specifies
+    whether a right should be allowed automatically if the requesting process
+    is running with `uid == 0`.  AuthorizationServices defaults this attribute
+    to false if not specified."
 
     newvalue(:true)
     newvalue(:false)
@@ -65,8 +69,7 @@ Puppet::Type.newtype(:macauthorization) do
   end
 
   newproperty(:authenticate_user, :boolean => true) do
-    desc "Corresponds to 'authenticate-user' in the authorization store,
-    renamed due to hyphens being problematic."
+    desc "Corresponds to `authenticate-user` in the authorization store."
 
     newvalue(:true)
     newvalue(:false)
@@ -77,8 +80,8 @@ Puppet::Type.newtype(:macauthorization) do
   end
 
   newproperty(:auth_class) do
-    desc "Corresponds to 'class' in the authorization store, renamed due
-    to 'class' being a reserved word."
+    desc "Corresponds to `class` in the authorization store; renamed due
+    to 'class' being a reserved word in Puppet."
 
     newvalue(:user)
     newvalue(:'evaluate-mechanisms')
@@ -88,20 +91,20 @@ Puppet::Type.newtype(:macauthorization) do
   end
 
   newproperty(:comment) do
-    desc "The 'comment' attribute for authorization resources."
+    desc "The `comment` attribute for authorization resources."
   end
 
   newproperty(:group) do
-    desc "The user must authenticate as a member of this group. This
-    attribute can be set to any one group."
+    desc "A group which the user must authenticate as a member of. This
+    must be a single group."
   end
 
   newproperty(:k_of_n) do
-    desc "k-of-n describes how large a subset of rule mechanisms must
-    succeed for successful authentication. If there are 'n' mechanisms,
-    then 'k' (the integer value of this parameter) mechanisms must succeed.
-    The most common setting for this parameter is '1'. If k-of-n is not
-    set, then 'n-of-n' mechanisms must succeed."
+    desc "How large a subset of rule mechanisms must succeed for successful
+    authentication. If there are 'n' mechanisms, then 'k' (the integer value
+    of this parameter) mechanisms must succeed. The most common setting for
+    this parameter is `1`. If `k-of-n` is not set, then every mechanism ---
+    that is, 'n-of-n' --- must succeed."
 
     munge do |value|
       @resource.munge_integer(value)
@@ -109,7 +112,7 @@ Puppet::Type.newtype(:macauthorization) do
   end
 
   newproperty(:mechanisms, :array_matching => :all) do
-    desc "an array of suitable mechanisms."
+    desc "An array of suitable mechanisms."
   end
 
   newproperty(:rule, :array_matching => :all) do
@@ -117,9 +120,8 @@ Puppet::Type.newtype(:macauthorization) do
   end
 
   newproperty(:session_owner, :boolean => true) do
-    desc "Corresponds to 'session-owner' in the authorization store,
-    renamed due to hyphens being problematic.  Whether the session owner
-    automatically matches this rule or right."
+    desc "Whether the session owner automatically matches this rule or right.
+    Corresponds to `session-owner` in the authorization store."
 
     newvalue(:true)
     newvalue(:false)
@@ -130,11 +132,11 @@ Puppet::Type.newtype(:macauthorization) do
   end
 
   newproperty(:shared, :boolean => true) do
-    desc "If this is set to true, then the Security Server marks the
-    credentials used to gain this right as shared. The Security Server
-    may use any shared credentials to authorize this right. For maximum
-    security, set sharing to false so credentials stored by the Security
-    Server for one application may not be used by another application."
+    desc "Whether the Security Server should mark the credentials used to gain
+    this right as shared. The Security Server may use any shared credentials
+    to authorize this right. For maximum security, set sharing to false so
+    credentials stored by the Security Server for one application may not be
+    used by another application."
 
     newvalue(:true)
     newvalue(:false)
@@ -145,11 +147,10 @@ Puppet::Type.newtype(:macauthorization) do
   end
 
   newproperty(:timeout) do
-    desc "The credential used by this rule expires in the specified
-    number of seconds. For maximum security where the user must
-    authenticate every time, set the timeout to 0. For minimum security,
-    remove the timeout attribute so the user authenticates only once per
-    session."
+    desc "The number of seconds in which the credential used by this rule will
+    expire. For maximum security where the user must authenticate every time,
+    set the timeout to 0. For minimum security, remove the timeout attribute
+    so the user authenticates only once per session."
 
     munge do |value|
       @resource.munge_integer(value)