puppet 2.7.6 → 2.7.8
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- data/CHANGELOG +168 -0
- data/conf/auth.conf +5 -4
- data/conf/redhat/puppet.spec +16 -1
- data/conf/solaris/pkginfo +2 -2
- data/conf/suse/puppet.spec +9 -3
- data/ext/upload_facts.rb +120 -0
- data/install.rb +11 -16
- data/lib/puppet.rb +1 -1
- data/lib/puppet/application/agent.rb +0 -3
- data/lib/puppet/application/apply.rb +0 -3
- data/lib/puppet/application/queue.rb +21 -1
- data/lib/puppet/defaults.rb +6 -4
- data/lib/puppet/face/file/store.rb +1 -1
- data/lib/puppet/feature/base.rb +2 -1
- data/lib/puppet/file_bucket/dipper.rb +3 -2
- data/lib/puppet/file_serving/content.rb +1 -1
- data/lib/puppet/file_serving/metadata.rb +5 -2
- data/lib/puppet/indirector/facts/inventory_service.rb +20 -0
- data/lib/puppet/indirector/file_bucket_file/file.rb +3 -2
- data/lib/puppet/indirector/report/processor.rb +1 -1
- data/lib/puppet/network/handler/filebucket.rb +2 -0
- data/lib/puppet/network/handler/fileserver.rb +1 -1
- data/lib/puppet/network/handler/master.rb +1 -0
- data/lib/puppet/network/handler/report.rb +2 -0
- data/lib/puppet/network/handler/runner.rb +1 -0
- data/lib/puppet/network/handler/status.rb +2 -0
- data/lib/puppet/network/http/mongrel/rest.rb +8 -1
- data/lib/puppet/network/http_server.rb +3 -0
- data/lib/puppet/network/http_server/mongrel.rb +129 -0
- data/lib/puppet/network/rest_authconfig.rb +12 -4
- data/lib/puppet/parameter.rb +18 -0
- data/lib/puppet/parser/compiler.rb +1 -1
- data/lib/puppet/parser/grammar.ra +1 -1
- data/lib/puppet/parser/parser.rb +360 -350
- data/lib/puppet/property.rb +3 -3
- data/lib/puppet/provider/augeas/augeas.rb +1 -1
- data/lib/puppet/provider/exec/windows.rb +6 -7
- data/lib/puppet/provider/file/windows.rb +9 -2
- data/lib/puppet/provider/group/aix.rb +8 -8
- data/lib/puppet/provider/group/groupadd.rb +1 -3
- data/lib/puppet/provider/group/ldap.rb +8 -10
- data/lib/puppet/provider/group/windows_adsi.rb +8 -2
- data/lib/puppet/provider/package/aix.rb +1 -1
- data/lib/puppet/provider/package/macports.rb +3 -3
- data/lib/puppet/provider/package/msi.rb +12 -5
- data/lib/puppet/provider/package/nim.rb +1 -1
- data/lib/puppet/provider/package/pkgdmg.rb +3 -3
- data/lib/puppet/provider/package/ports.rb +1 -1
- data/lib/puppet/provider/scheduled_task/win32_taskscheduler.rb +560 -0
- data/lib/puppet/provider/service/base.rb +2 -2
- data/lib/puppet/provider/service/bsd.rb +4 -3
- data/lib/puppet/provider/service/daemontools.rb +25 -25
- data/lib/puppet/provider/service/debian.rb +6 -4
- data/lib/puppet/provider/service/freebsd.rb +1 -1
- data/lib/puppet/provider/service/gentoo.rb +4 -3
- data/lib/puppet/provider/service/init.rb +3 -8
- data/lib/puppet/provider/service/launchd.rb +129 -96
- data/lib/puppet/provider/service/redhat.rb +2 -3
- data/lib/puppet/provider/service/runit.rb +20 -20
- data/lib/puppet/provider/service/smf.rb +8 -7
- data/lib/puppet/provider/service/src.rb +5 -6
- data/lib/puppet/provider/service/systemd.rb +1 -1
- data/lib/puppet/provider/service/upstart.rb +3 -5
- data/lib/puppet/provider/service/windows.rb +7 -7
- data/lib/puppet/provider/sshkey/parsed.rb +2 -3
- data/lib/puppet/provider/user/aix.rb +21 -21
- data/lib/puppet/provider/user/hpux.rb +3 -1
- data/lib/puppet/provider/user/ldap.rb +7 -7
- data/lib/puppet/provider/user/user_role_add.rb +10 -6
- data/lib/puppet/provider/user/useradd.rb +3 -1
- data/lib/puppet/provider/user/windows_adsi.rb +4 -3
- data/lib/puppet/rb_tree_map.rb +388 -0
- data/lib/puppet/reference/configuration.rb +7 -7
- data/lib/puppet/reference/indirection.rb +5 -6
- data/lib/puppet/reference/metaparameter.rb +3 -1
- data/lib/puppet/reference/network.rb +8 -8
- data/lib/puppet/reference/providers.rb +17 -21
- data/lib/puppet/reference/type.rb +12 -9
- data/lib/puppet/resource.rb +2 -5
- data/lib/puppet/resource/catalog.rb +1 -1
- data/lib/puppet/ssl/certificate_request.rb +70 -0
- data/lib/puppet/ssl/host.rb +6 -0
- data/lib/puppet/transaction.rb +158 -55
- data/lib/puppet/transaction/event_manager.rb +1 -1
- data/lib/puppet/type.rb +60 -30
- data/lib/puppet/type/augeas.rb +83 -49
- data/lib/puppet/type/computer.rb +1 -1
- data/lib/puppet/type/cron.rb +11 -11
- data/lib/puppet/type/exec.rb +28 -21
- data/lib/puppet/type/file.rb +17 -7
- data/lib/puppet/type/file/content.rb +2 -2
- data/lib/puppet/type/file/ensure.rb +15 -12
- data/lib/puppet/type/file/mode.rb +30 -5
- data/lib/puppet/type/file/source.rb +11 -10
- data/lib/puppet/type/file/target.rb +2 -2
- data/lib/puppet/type/filebucket.rb +1 -1
- data/lib/puppet/type/group.rb +4 -5
- data/lib/puppet/type/host.rb +1 -1
- data/lib/puppet/type/interface.rb +13 -10
- data/lib/puppet/type/k5login.rb +6 -6
- data/lib/puppet/type/macauthorization.rb +37 -36
- data/lib/puppet/type/maillist.rb +2 -2
- data/lib/puppet/type/mcx.rb +6 -6
- data/lib/puppet/type/mount.rb +3 -2
- data/lib/puppet/type/notify.rb +1 -1
- data/lib/puppet/type/package.rb +24 -23
- data/lib/puppet/type/router.rb +4 -1
- data/lib/puppet/type/schedule.rb +52 -44
- data/lib/puppet/type/scheduled_task.rb +222 -0
- data/lib/puppet/type/selmodule.rb +10 -6
- data/lib/puppet/type/service.rb +11 -11
- data/lib/puppet/type/ssh_authorized_key.rb +2 -5
- data/lib/puppet/type/sshkey.rb +1 -1
- data/lib/puppet/type/stage.rb +1 -1
- data/lib/puppet/type/tidy.rb +10 -8
- data/lib/puppet/type/user.rb +61 -53
- data/lib/puppet/type/vlan.rb +4 -4
- data/lib/puppet/type/whit.rb +6 -2
- data/lib/puppet/type/yumrepo.rb +33 -31
- data/lib/puppet/type/zfs.rb +34 -32
- data/lib/puppet/type/zone.rb +21 -19
- data/lib/puppet/type/zpool.rb +3 -3
- data/lib/puppet/util.rb +24 -6
- data/lib/puppet/util/adsi.rb +12 -7
- data/lib/puppet/util/checksums.rb +1 -1
- data/lib/puppet/util/diff.rb +1 -1
- data/lib/puppet/util/nagios_maker.rb +2 -2
- data/lib/puppet/util/reference.rb +16 -17
- data/lib/puppet/util/settings/file_setting.rb +14 -2
- data/lib/puppet/util/windows/security.rb +96 -32
- data/spec/integration/file_serving/terminus_helper_spec.rb +1 -1
- data/spec/integration/indirector/direct_file_server_spec.rb +9 -15
- data/spec/integration/indirector/file_content/file_server_spec.rb +1 -1
- data/spec/integration/indirector/file_metadata/file_server_spec.rb +1 -1
- data/spec/integration/provider/package_spec.rb +4 -0
- data/spec/integration/provider/service/init_spec.rb +8 -2
- data/spec/integration/reference/providers_spec.rb +1 -1
- data/spec/integration/ssl/certificate_request_spec.rb +1 -2
- data/spec/integration/ssl/certificate_revocation_list_spec.rb +1 -2
- data/spec/integration/ssl/host_spec.rb +1 -2
- data/spec/integration/transaction_spec.rb +25 -17
- data/spec/integration/type/exec_spec.rb +77 -0
- data/spec/integration/type/file_spec.rb +322 -2
- data/spec/integration/util/windows/security_spec.rb +393 -230
- data/spec/integration/util_spec.rb +16 -0
- data/spec/lib/puppet_spec/files.rb +3 -7
- data/spec/unit/application/apply_spec.rb +0 -9
- data/spec/unit/application/inspect_spec.rb +1 -0
- data/spec/unit/configurer/downloader_spec.rb +3 -3
- data/spec/unit/face/certificate_spec.rb +6 -2
- data/spec/unit/file_bucket/dipper_spec.rb +67 -10
- data/spec/unit/file_bucket/file_spec.rb +22 -28
- data/spec/unit/file_serving/content_spec.rb +1 -1
- data/spec/unit/file_serving/metadata_spec.rb +30 -3
- data/spec/unit/indirector/facts/inventory_service_spec.rb +22 -0
- data/spec/unit/indirector/file_bucket_file/file_spec.rb +21 -24
- data/spec/unit/indirector/node/store_configs_spec.rb +1 -0
- data/spec/unit/indirector/resource/ral_spec.rb +1 -1
- data/spec/unit/indirector/resource_type/parser_spec.rb +2 -2
- data/spec/unit/indirector/rest_spec.rb +1 -1
- data/spec/unit/network/handler/ca_spec.rb +1 -1
- data/spec/unit/network/http/mongrel/rest_spec.rb +54 -25
- data/spec/unit/parameter_spec.rb +36 -0
- data/spec/unit/parser/parser_spec.rb +4 -0
- data/spec/unit/property_spec.rb +2 -2
- data/spec/unit/provider/exec/windows_spec.rb +2 -8
- data/spec/unit/provider/file/posix_spec.rb +6 -0
- data/spec/unit/provider/file/windows_spec.rb +18 -0
- data/spec/unit/provider/group/windows_adsi_spec.rb +22 -6
- data/spec/unit/provider/mount/parsed_spec.rb +1 -1
- data/spec/unit/provider/package/msi_spec.rb +2 -2
- data/spec/unit/provider/scheduled_task/win32_taskscheduler_spec.rb +1571 -0
- data/spec/unit/provider/service/launchd_spec.rb +143 -130
- data/spec/unit/provider/ssh_authorized_key/parsed_spec.rb +5 -0
- data/spec/unit/provider/user/user_role_add_spec.rb +39 -9
- data/spec/unit/provider/user/useradd_spec.rb +1 -1
- data/spec/unit/provider/user/windows_adsi_spec.rb +8 -1
- data/spec/unit/rb_tree_map_spec.rb +572 -0
- data/spec/unit/resource/catalog_spec.rb +1 -1
- data/spec/unit/simple_graph_spec.rb +9 -9
- data/spec/unit/ssl/host_spec.rb +60 -12
- data/spec/unit/transaction/report_spec.rb +3 -3
- data/spec/unit/transaction_spec.rb +394 -11
- data/spec/unit/type/exec_spec.rb +35 -15
- data/spec/unit/type/file/content_spec.rb +11 -10
- data/spec/unit/type/file/mode_spec.rb +73 -19
- data/spec/unit/type/file/source_spec.rb +1 -1
- data/spec/unit/type/file_spec.rb +15 -0
- data/spec/unit/type/group_spec.rb +1 -1
- data/spec/unit/type/mount_spec.rb +5 -5
- data/spec/unit/type/resources_spec.rb +3 -3
- data/spec/unit/type/scheduled_task_spec.rb +102 -0
- data/spec/unit/type/ssh_authorized_key_spec.rb +2 -3
- data/spec/unit/type/user_spec.rb +2 -1
- data/spec/unit/type_spec.rb +48 -4
- data/spec/unit/util/adsi_spec.rb +18 -7
- data/spec/unit/util/checksums_spec.rb +20 -2
- data/spec/unit/util/execution_stub_spec.rb +10 -5
- data/spec/unit/util/logging_spec.rb +6 -6
- data/spec/unit/util/rdoc/parser_spec.rb +1 -1
- data/spec/unit/util/reference_spec.rb +29 -0
- data/spec/unit/util/settings/file_setting_spec.rb +8 -2
- data/spec/unit/util_spec.rb +115 -0
- data/test/other/transactions.rb +5 -11
- data/test/ral/type/exec.rb +1 -1
- metadata +24 -11
data/lib/puppet/type/file.rb
CHANGED
@@ -25,7 +25,9 @@ Puppet::Type.newtype(:file) do
|
|
25
25
|
Puppet Labs and we can hopefully work with you to develop a
|
26
26
|
native resource to support what you are doing.
|
27
27
|
|
28
|
-
**Autorequires:** If Puppet is managing the user or group that owns a
|
28
|
+
**Autorequires:** If Puppet is managing the user or group that owns a
|
29
|
+
file, the file resource will autorequire them. If Puppet is managing any
|
30
|
+
parent directories of a file, the file resource will autorequire them."
|
29
31
|
|
30
32
|
def self.title_patterns
|
31
33
|
[ [ /^(.*?)\/*\Z/m, [ [ :path, lambda{|x| x} ] ] ] ]
|
@@ -45,7 +47,7 @@ Puppet::Type.newtype(:file) do
|
|
45
47
|
# path name. The aim is to use less storage for all common paths in a hierarchy
|
46
48
|
munge do |value|
|
47
49
|
# We know the value is absolute, so expanding it will just standardize it.
|
48
|
-
path, name = ::File.split(::File.expand_path
|
50
|
+
path, name = ::File.split(::File.expand_path(value))
|
49
51
|
|
50
52
|
{ :index => Puppet::FileCollection.collection.index(path), :name => name }
|
51
53
|
end
|
@@ -54,7 +56,7 @@ Puppet::Type.newtype(:file) do
|
|
54
56
|
unmunge do |value|
|
55
57
|
basedir = Puppet::FileCollection.collection.path(value[:index])
|
56
58
|
|
57
|
-
::File.
|
59
|
+
::File.join( basedir, value[:name] )
|
58
60
|
end
|
59
61
|
end
|
60
62
|
|
@@ -221,8 +223,8 @@ Puppet::Type.newtype(:file) do
|
|
221
223
|
`follow` will copy the target file instead of the link, `manage`
|
222
224
|
will copy the link itself, and `ignore` will just pass it by.
|
223
225
|
When not copying, `manage` and `ignore` behave equivalently
|
224
|
-
(because you cannot really ignore links entirely during local
|
225
|
-
link points."
|
226
|
+
(because you cannot really ignore links entirely during local
|
227
|
+
recursion), and `follow` will manage the file to which the link points."
|
226
228
|
|
227
229
|
newvalues(:follow, :manage)
|
228
230
|
|
@@ -259,7 +261,7 @@ Puppet::Type.newtype(:file) do
|
|
259
261
|
|
260
262
|
# Autorequire the nearest ancestor directory found in the catalog.
|
261
263
|
autorequire(:file) do
|
262
|
-
path = Pathname(self[:path])
|
264
|
+
path = Pathname.new(self[:path])
|
263
265
|
if !path.root?
|
264
266
|
# Start at our parent, to avoid autorequiring ourself
|
265
267
|
parents = path.parent.enum_for(:ascend)
|
@@ -304,6 +306,8 @@ Puppet::Type.newtype(:file) do
|
|
304
306
|
end
|
305
307
|
|
306
308
|
self.warning "Possible error: recurselimit is set but not recurse, no recursion will happen" if !self[:recurse] and self[:recurselimit]
|
309
|
+
|
310
|
+
provider.validate if provider.respond_to?(:validate)
|
307
311
|
end
|
308
312
|
|
309
313
|
def self.[](path)
|
@@ -384,6 +388,12 @@ Puppet::Type.newtype(:file) do
|
|
384
388
|
#end
|
385
389
|
end
|
386
390
|
|
391
|
+
def ancestors
|
392
|
+
ancestors = Pathname.new(self[:path]).enum_for(:ascend).map(&:to_s)
|
393
|
+
ancestors.delete(self[:path])
|
394
|
+
ancestors
|
395
|
+
end
|
396
|
+
|
387
397
|
def flush
|
388
398
|
# We want to make sure we retrieve metadata anew on each transaction.
|
389
399
|
@parameters.each do |name, param|
|
@@ -721,7 +731,7 @@ Puppet::Type.newtype(:file) do
|
|
721
731
|
umask = mode ? 000 : 022
|
722
732
|
mode_int = mode ? mode.to_i(8) : nil
|
723
733
|
|
724
|
-
content_checksum = Puppet::Util.withumask(umask) { ::File.open(path, '
|
734
|
+
content_checksum = Puppet::Util.withumask(umask) { ::File.open(path, 'wb', mode_int ) { |f| write_content(f) } }
|
725
735
|
|
726
736
|
# And put our new file in place
|
727
737
|
if use_temporary_file # This is only not true when our file is empty.
|
@@ -104,7 +104,7 @@ module Puppet
|
|
104
104
|
|
105
105
|
if ! result and Puppet[:show_diff]
|
106
106
|
write_temporarily do |path|
|
107
|
-
|
107
|
+
notice "\n" + diff(@resource[:path], path)
|
108
108
|
end
|
109
109
|
end
|
110
110
|
result
|
@@ -192,7 +192,7 @@ module Puppet
|
|
192
192
|
end
|
193
193
|
|
194
194
|
def chunk_file_from_disk(source_or_content)
|
195
|
-
File.open(source_or_content.full_path, "
|
195
|
+
File.open(source_or_content.full_path, "rb") do |src|
|
196
196
|
while chunk = src.read(8192)
|
197
197
|
yield chunk
|
198
198
|
end
|
@@ -1,29 +1,32 @@
|
|
1
1
|
module Puppet
|
2
2
|
Puppet::Type.type(:file).ensurable do
|
3
3
|
require 'etc'
|
4
|
-
desc
|
4
|
+
desc <<-EOT
|
5
|
+
Whether to create files that don't currently exist.
|
5
6
|
Possible values are *absent*, *present*, *file*, and *directory*.
|
6
7
|
Specifying `present` will match any form of file existence, and
|
7
8
|
if the file is missing will create an empty file. Specifying
|
8
|
-
`absent` will delete the file (and directory if recurse => true).
|
9
|
+
`absent` will delete the file (and directory if `recurse => true`).
|
9
10
|
|
10
|
-
Anything other than those values will create a symlink. In the interest
|
11
|
-
|
12
|
-
|
11
|
+
Anything other than those values will create a symlink. In the interest
|
12
|
+
of readability and clarity, you should use `ensure => link` and
|
13
|
+
explicitly specify a target; however, if a `target` attribute isn't
|
14
|
+
provided, the value of the `ensure` attribute will be used as the
|
15
|
+
symlink target. The following two declarations are equivalent:
|
13
16
|
|
14
17
|
# (Useful on Solaris)
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
+
|
19
|
+
# Less maintainable:
|
20
|
+
file { "/etc/inetd.conf":
|
21
|
+
ensure => "/etc/inet/inetd.conf",
|
18
22
|
}
|
19
23
|
|
20
24
|
# More maintainable:
|
21
|
-
file {
|
25
|
+
file { "/etc/inetd.conf":
|
22
26
|
ensure => link,
|
23
|
-
target =>
|
27
|
+
target => "/etc/inet/inetd.conf",
|
24
28
|
}
|
25
|
-
|
26
|
-
These two declarations are equivalent."
|
29
|
+
EOT
|
27
30
|
|
28
31
|
# Most 'ensure' properties have a default, but with files we, um, don't.
|
29
32
|
nodefault
|
@@ -15,7 +15,7 @@ module Puppet
|
|
15
15
|
world-readable by setting e.g.:
|
16
16
|
|
17
17
|
file { '/some/dir':
|
18
|
-
mode
|
18
|
+
mode => 644,
|
19
19
|
recurse => true,
|
20
20
|
}
|
21
21
|
|
@@ -29,20 +29,25 @@ module Puppet
|
|
29
29
|
end
|
30
30
|
|
31
31
|
munge do |should|
|
32
|
-
|
32
|
+
if should.is_a?(String)
|
33
|
+
should.to_i(8).to_s(8)
|
34
|
+
else
|
35
|
+
should.to_s(8)
|
36
|
+
end
|
33
37
|
end
|
34
38
|
|
35
39
|
# If we're a directory, we need to be executable for all cases
|
36
40
|
# that are readable. This should probably be selectable, but eh.
|
37
41
|
def dirmask(value)
|
38
|
-
value = value.to_i(8) unless value.is_a? Integer
|
39
42
|
if FileTest.directory?(resource[:path])
|
43
|
+
value = value.to_i(8)
|
40
44
|
value |= 0100 if value & 0400 != 0
|
41
45
|
value |= 010 if value & 040 != 0
|
42
46
|
value |= 01 if value & 04 != 0
|
47
|
+
value = value.to_s(8)
|
43
48
|
end
|
44
49
|
|
45
|
-
value
|
50
|
+
value
|
46
51
|
end
|
47
52
|
|
48
53
|
# If we're not following links and we're a link, then we just turn
|
@@ -55,6 +60,26 @@ module Puppet
|
|
55
60
|
return super(currentvalue)
|
56
61
|
end
|
57
62
|
end
|
63
|
+
|
64
|
+
# Ideally, dirmask'ing could be done at munge time, but we don't know if 'ensure'
|
65
|
+
# will eventually be a directory or something else. And unfortunately, that logic
|
66
|
+
# depends on the ensure, source, and target properties. So rather than duplicate
|
67
|
+
# that logic, and get it wrong, we do dirmask during retrieve, after 'ensure' has
|
68
|
+
# been synced.
|
69
|
+
def retrieve
|
70
|
+
if @resource.stat
|
71
|
+
@should &&= @should.collect { |s| self.dirmask(s) }
|
72
|
+
end
|
73
|
+
|
74
|
+
super
|
75
|
+
end
|
76
|
+
|
77
|
+
def should_to_s(should_value)
|
78
|
+
should_value.rjust(4,"0")
|
79
|
+
end
|
80
|
+
|
81
|
+
def is_to_s(currentvalue)
|
82
|
+
currentvalue.rjust(4,"0")
|
83
|
+
end
|
58
84
|
end
|
59
85
|
end
|
60
|
-
|
@@ -12,7 +12,8 @@ module Puppet
|
|
12
12
|
include Puppet::Util::Diff
|
13
13
|
|
14
14
|
attr_accessor :source, :local
|
15
|
-
desc
|
15
|
+
desc <<-EOT
|
16
|
+
Copy a file over the current file. Uses `checksum` to
|
16
17
|
determine when a file should be copied. Valid values are either
|
17
18
|
fully qualified paths to files, or URIs. Currently supported URI
|
18
19
|
types are *puppet* and *file*.
|
@@ -23,8 +24,8 @@ module Puppet
|
|
23
24
|
sytems. For instance:
|
24
25
|
|
25
26
|
class sendmail {
|
26
|
-
file {
|
27
|
-
source =>
|
27
|
+
file { "/etc/mail/sendmail.cf":
|
28
|
+
source => "puppet://server/modules/module_name/sendmail.cf"
|
28
29
|
}
|
29
30
|
}
|
30
31
|
|
@@ -42,18 +43,18 @@ module Puppet
|
|
42
43
|
on the local host, whereas `agent` will connect to the
|
43
44
|
puppet server that it received the manifest from.
|
44
45
|
|
45
|
-
See the [fileserver configuration documentation](http://docs.puppetlabs.com/guides/file_serving.html)
|
46
|
-
and use file services within Puppet.
|
46
|
+
See the [fileserver configuration documentation](http://docs.puppetlabs.com/guides/file_serving.html)
|
47
|
+
for information on how to configure and use file services within Puppet.
|
47
48
|
|
48
49
|
If you specify multiple file sources for a file, then the first
|
49
50
|
source that exists will be used. This allows you to specify
|
50
51
|
what amount to search paths for files:
|
51
52
|
|
52
|
-
file {
|
53
|
+
file { "/path/to/my/file":
|
53
54
|
source => [
|
54
|
-
|
55
|
-
|
56
|
-
|
55
|
+
"/modules/nfs/files/file.$host",
|
56
|
+
"/modules/nfs/files/file.$operatingsystem",
|
57
|
+
"/modules/nfs/files/file"
|
57
58
|
]
|
58
59
|
}
|
59
60
|
|
@@ -61,7 +62,7 @@ module Puppet
|
|
61
62
|
|
62
63
|
You cannot currently copy links using this mechanism; set `links`
|
63
64
|
to `follow` if any remote sources are links.
|
64
|
-
|
65
|
+
EOT
|
65
66
|
|
66
67
|
validate do |sources|
|
67
68
|
sources = [sources] unless sources.is_a?(Array)
|
@@ -2,7 +2,7 @@ module Puppet
|
|
2
2
|
Puppet::Type.type(:file).newproperty(:target) do
|
3
3
|
desc "The target for creating a link. Currently, symlinks are the
|
4
4
|
only type supported.
|
5
|
-
|
5
|
+
|
6
6
|
You can make relative links:
|
7
7
|
|
8
8
|
# (Useful on Solaris)
|
@@ -10,7 +10,7 @@ module Puppet
|
|
10
10
|
ensure => link,
|
11
11
|
target => \"inet/inetd.conf\",
|
12
12
|
}
|
13
|
-
|
13
|
+
|
14
14
|
You can also make recursive symlinks, which will create a
|
15
15
|
directory structure that maps to the target directory,
|
16
16
|
with directories corresponding to each directory
|
@@ -42,7 +42,7 @@ module Puppet
|
|
42
42
|
specified then *path* is checked. If it is set, then the
|
43
43
|
bucket is local. Otherwise the puppetmaster server specified
|
44
44
|
in the config or at the commandline is used.
|
45
|
-
|
45
|
+
|
46
46
|
Due to a known issue, you currently must set the `path` attribute to
|
47
47
|
false if you wish to specify a `server` attribute."
|
48
48
|
defaultto { Puppet[:server] }
|
data/lib/puppet/type/group.rb
CHANGED
@@ -89,10 +89,9 @@ module Puppet
|
|
89
89
|
end
|
90
90
|
|
91
91
|
newparam(:name) do
|
92
|
-
desc "The group name.
|
93
|
-
|
94
|
-
|
95
|
-
a letter."
|
92
|
+
desc "The group name. While naming limitations vary by operating system,
|
93
|
+
it is advisable to restrict names to the lowest common denominator,
|
94
|
+
which is a maximum of 8 characters beginning with a letter."
|
96
95
|
isnamevar
|
97
96
|
end
|
98
97
|
|
@@ -110,7 +109,7 @@ module Puppet
|
|
110
109
|
end
|
111
110
|
|
112
111
|
newproperty(:attributes, :parent => Puppet::Property::KeyValue, :required_features => :manages_aix_lam) do
|
113
|
-
desc "Specify group AIX attributes in an array of
|
112
|
+
desc "Specify group AIX attributes in an array of `key=value` pairs."
|
114
113
|
|
115
114
|
def membership
|
116
115
|
:attribute_membership
|
data/lib/puppet/type/host.rb
CHANGED
@@ -7,7 +7,7 @@ require 'puppet/util/network_device/ipcalc'
|
|
7
7
|
Puppet::Type.newtype(:interface) do
|
8
8
|
|
9
9
|
@doc = "This represents a router or switch interface. It is possible to manage
|
10
|
-
interface mode (access or trunking, native vlan and encapsulation)
|
10
|
+
interface mode (access or trunking, native vlan and encapsulation) and
|
11
11
|
switchport characteristics (speed, duplex)."
|
12
12
|
|
13
13
|
apply_to_device
|
@@ -22,11 +22,11 @@ Puppet::Type.newtype(:interface) do
|
|
22
22
|
end
|
23
23
|
|
24
24
|
newparam(:name) do
|
25
|
-
desc "
|
25
|
+
desc "The interface's name."
|
26
26
|
end
|
27
27
|
|
28
28
|
newparam(:device_url) do
|
29
|
-
desc "
|
29
|
+
desc "The URL at which the router or switch can be reached."
|
30
30
|
end
|
31
31
|
|
32
32
|
newproperty(:description) do
|
@@ -73,14 +73,17 @@ Puppet::Type.newtype(:interface) do
|
|
73
73
|
newproperty(:ipaddress, :array_matching => :all) do
|
74
74
|
include Puppet::Util::NetworkDevice::IPCalc
|
75
75
|
|
76
|
-
desc "IP Address of this interface
|
77
|
-
it depends on the interface type and device type
|
76
|
+
desc "IP Address of this interface. Note that it might not be possible to set
|
77
|
+
an interface IP address; it depends on the interface type and device type.
|
78
|
+
|
78
79
|
Valid format of ip addresses are:
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
80
|
+
|
81
|
+
* IPV4, like 127.0.0.1
|
82
|
+
* IPV4/prefixlength like 127.0.1.1/24
|
83
|
+
* IPV6/prefixlength like FE80::21A:2FFF:FE30:ECF0/128
|
84
|
+
* an optional suffix for IPV6 addresses from this list: `eui-64`, `link-local`
|
85
|
+
|
86
|
+
It is also possible to supply an array of values.
|
84
87
|
"
|
85
88
|
|
86
89
|
validate do |values|
|
data/lib/puppet/type/k5login.rb
CHANGED
@@ -2,31 +2,31 @@
|
|
2
2
|
|
3
3
|
Puppet::Type.newtype(:k5login) do
|
4
4
|
@doc = "Manage the `.k5login` file for a user. Specify the full path to
|
5
|
-
the `.k5login` file as the name and an array of principals as the
|
6
|
-
|
5
|
+
the `.k5login` file as the name, and an array of principals as the
|
6
|
+
`principals` attribute."
|
7
7
|
|
8
8
|
ensurable
|
9
9
|
|
10
10
|
# Principals that should exist in the file
|
11
11
|
newproperty(:principals, :array_matching => :all) do
|
12
|
-
desc "The principals present in the `.k5login` file."
|
12
|
+
desc "The principals present in the `.k5login` file. This should be specified as an array."
|
13
13
|
end
|
14
14
|
|
15
15
|
# The path/name of the k5login file
|
16
16
|
newparam(:path) do
|
17
17
|
isnamevar
|
18
|
-
desc "The path to the file to manage. Must be fully qualified."
|
18
|
+
desc "The path to the `.k5login` file to manage. Must be fully qualified."
|
19
19
|
|
20
20
|
validate do |value|
|
21
21
|
unless value =~ /^#{File::SEPARATOR}/
|
22
|
-
raise Puppet::Error, "File paths must be fully qualified"
|
22
|
+
raise Puppet::Error, "File paths must be fully qualified."
|
23
23
|
end
|
24
24
|
end
|
25
25
|
end
|
26
26
|
|
27
27
|
# To manage the mode of the file
|
28
28
|
newproperty(:mode) do
|
29
|
-
desc "
|
29
|
+
desc "The desired permissions mode of the `.k5login` file. Defaults to `644`."
|
30
30
|
defaultto { "644" }
|
31
31
|
end
|
32
32
|
|
@@ -1,7 +1,12 @@
|
|
1
1
|
Puppet::Type.newtype(:macauthorization) do
|
2
2
|
|
3
|
-
@doc = "Manage the Mac OS X authorization database.
|
4
|
-
|
3
|
+
@doc = "Manage the Mac OS X authorization database. See the
|
4
|
+
[Apple developer site](http://developer.apple.com/documentation/Security/Conceptual/Security_Overview/Security_Services/chapter_4_section_5.html)
|
5
|
+
for more information.
|
6
|
+
|
7
|
+
Note that authorization store directives with hyphens in their names have
|
8
|
+
been renamed to use underscores, as Puppet does not react well to hyphens
|
9
|
+
in identifiers.
|
5
10
|
|
6
11
|
**Autorequires:** If Puppet is managing the `/etc/authorization` file, each
|
7
12
|
macauthorization resource will autorequire it."
|
@@ -31,7 +36,7 @@ Puppet::Type.newtype(:macauthorization) do
|
|
31
36
|
|
32
37
|
newparam(:name) do
|
33
38
|
desc "The name of the right or rule to be managed.
|
34
|
-
Corresponds to
|
39
|
+
Corresponds to `key` in Authorization Services. The key is the name
|
35
40
|
of a rule. A key uses the same naming conventions as a right. The
|
36
41
|
Security Server uses a rule's key to match the rule with a right.
|
37
42
|
Wildcard keys end with a '.'. The generic rule has an empty key value.
|
@@ -41,8 +46,8 @@ Puppet::Type.newtype(:macauthorization) do
|
|
41
46
|
end
|
42
47
|
|
43
48
|
newproperty(:auth_type) do
|
44
|
-
desc "
|
45
|
-
implemented."
|
49
|
+
desc "Type --- this can be a `right` or a `rule`. The `comment` type has
|
50
|
+
not yet been implemented."
|
46
51
|
|
47
52
|
newvalue(:right)
|
48
53
|
newvalue(:rule)
|
@@ -50,11 +55,10 @@ Puppet::Type.newtype(:macauthorization) do
|
|
50
55
|
end
|
51
56
|
|
52
57
|
newproperty(:allow_root, :boolean => true) do
|
53
|
-
desc "Corresponds to
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
not specified"
|
58
|
+
desc "Corresponds to `allow-root` in the authorization store. Specifies
|
59
|
+
whether a right should be allowed automatically if the requesting process
|
60
|
+
is running with `uid == 0`. AuthorizationServices defaults this attribute
|
61
|
+
to false if not specified."
|
58
62
|
|
59
63
|
newvalue(:true)
|
60
64
|
newvalue(:false)
|
@@ -65,8 +69,7 @@ Puppet::Type.newtype(:macauthorization) do
|
|
65
69
|
end
|
66
70
|
|
67
71
|
newproperty(:authenticate_user, :boolean => true) do
|
68
|
-
desc "Corresponds to
|
69
|
-
renamed due to hyphens being problematic."
|
72
|
+
desc "Corresponds to `authenticate-user` in the authorization store."
|
70
73
|
|
71
74
|
newvalue(:true)
|
72
75
|
newvalue(:false)
|
@@ -77,8 +80,8 @@ Puppet::Type.newtype(:macauthorization) do
|
|
77
80
|
end
|
78
81
|
|
79
82
|
newproperty(:auth_class) do
|
80
|
-
desc "Corresponds to
|
81
|
-
to 'class' being a reserved word."
|
83
|
+
desc "Corresponds to `class` in the authorization store; renamed due
|
84
|
+
to 'class' being a reserved word in Puppet."
|
82
85
|
|
83
86
|
newvalue(:user)
|
84
87
|
newvalue(:'evaluate-mechanisms')
|
@@ -88,20 +91,20 @@ Puppet::Type.newtype(:macauthorization) do
|
|
88
91
|
end
|
89
92
|
|
90
93
|
newproperty(:comment) do
|
91
|
-
desc "The
|
94
|
+
desc "The `comment` attribute for authorization resources."
|
92
95
|
end
|
93
96
|
|
94
97
|
newproperty(:group) do
|
95
|
-
desc "
|
96
|
-
|
98
|
+
desc "A group which the user must authenticate as a member of. This
|
99
|
+
must be a single group."
|
97
100
|
end
|
98
101
|
|
99
102
|
newproperty(:k_of_n) do
|
100
|
-
desc "
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
|
103
|
+
desc "How large a subset of rule mechanisms must succeed for successful
|
104
|
+
authentication. If there are 'n' mechanisms, then 'k' (the integer value
|
105
|
+
of this parameter) mechanisms must succeed. The most common setting for
|
106
|
+
this parameter is `1`. If `k-of-n` is not set, then every mechanism ---
|
107
|
+
that is, 'n-of-n' --- must succeed."
|
105
108
|
|
106
109
|
munge do |value|
|
107
110
|
@resource.munge_integer(value)
|
@@ -109,7 +112,7 @@ Puppet::Type.newtype(:macauthorization) do
|
|
109
112
|
end
|
110
113
|
|
111
114
|
newproperty(:mechanisms, :array_matching => :all) do
|
112
|
-
desc "
|
115
|
+
desc "An array of suitable mechanisms."
|
113
116
|
end
|
114
117
|
|
115
118
|
newproperty(:rule, :array_matching => :all) do
|
@@ -117,9 +120,8 @@ Puppet::Type.newtype(:macauthorization) do
|
|
117
120
|
end
|
118
121
|
|
119
122
|
newproperty(:session_owner, :boolean => true) do
|
120
|
-
desc "
|
121
|
-
|
122
|
-
automatically matches this rule or right."
|
123
|
+
desc "Whether the session owner automatically matches this rule or right.
|
124
|
+
Corresponds to `session-owner` in the authorization store."
|
123
125
|
|
124
126
|
newvalue(:true)
|
125
127
|
newvalue(:false)
|
@@ -130,11 +132,11 @@ Puppet::Type.newtype(:macauthorization) do
|
|
130
132
|
end
|
131
133
|
|
132
134
|
newproperty(:shared, :boolean => true) do
|
133
|
-
desc "
|
134
|
-
|
135
|
-
|
136
|
-
|
137
|
-
|
135
|
+
desc "Whether the Security Server should mark the credentials used to gain
|
136
|
+
this right as shared. The Security Server may use any shared credentials
|
137
|
+
to authorize this right. For maximum security, set sharing to false so
|
138
|
+
credentials stored by the Security Server for one application may not be
|
139
|
+
used by another application."
|
138
140
|
|
139
141
|
newvalue(:true)
|
140
142
|
newvalue(:false)
|
@@ -145,11 +147,10 @@ Puppet::Type.newtype(:macauthorization) do
|
|
145
147
|
end
|
146
148
|
|
147
149
|
newproperty(:timeout) do
|
148
|
-
desc "The credential used by this rule
|
149
|
-
|
150
|
-
|
151
|
-
|
152
|
-
session."
|
150
|
+
desc "The number of seconds in which the credential used by this rule will
|
151
|
+
expire. For maximum security where the user must authenticate every time,
|
152
|
+
set the timeout to 0. For minimum security, remove the timeout attribute
|
153
|
+
so the user authenticates only once per session."
|
153
154
|
|
154
155
|
munge do |value|
|
155
156
|
@resource.munge_integer(value)
|