puppet 3.0.1 → 3.0.2.rc1

data/lib/puppet/provider/user/windows_adsi.rb

@@ -79,7 +79,7 @@ Puppet::Type.type(:user).provide :windows_adsi do
   end
 
   def uid
-    Puppet::Util::ADSI.sid_for_account(@resource[:name])
+    Puppet::Util::Windows::Security.name_to_sid(@resource[:name])
   end
 
   def uid=(value)

data/lib/puppet/provider/zpool/zpool.rb

@@ -50,7 +50,7 @@ Puppet::Type.type(:zpool).provide(:zpool) do
   def get_pool_data
     # http://docs.oracle.com/cd/E19082-01/817-2271/gbcve/index.html
     # we could also use zpool iostat -v mypool for a (little bit) cleaner output
-    out = execute("zpool status #{@resource[:pool]}", :failonfail => false)
+    out = execute("zpool status #{@resource[:pool]}", :failonfail => false, :combine => false)
     zpool_data = out.lines.select { |line| line.index("\t") == 0 }.collect { |l| l.strip.split("\s")[0] }
     zpool_data.shift
     zpool_data

data/lib/puppet/run.rb

@@ -11,7 +11,8 @@ class Puppet::Run
   attr_reader :status, :background, :options
 
   def agent
-    Puppet::Agent.new(Puppet::Configurer)
+    # Forking disabled for "puppet kick" runs
+    Puppet::Agent.new(Puppet::Configurer, false)
   end
 
   def background?

data/lib/puppet/settings.rb

@@ -172,15 +172,17 @@ class Puppet::Settings
                      "The effective 'run mode' of the application: master, agent, or user.",
                      :REQUIRED) do |arg|
       Puppet.settings.preferred_run_mode = arg
+    end
+
+    option_parser.parse(args)
 
-      # remove this option from the arguments so that later parses don't think
-      # it is an unknown option
-      option_index = args.index '--run_mode'
+    # remove run_mode options from the arguments so that later parses don't think
+    # it is an unknown option.
+    while option_index = args.index('--run_mode') do
       args.delete_at option_index
       args.delete_at option_index
     end
-
-    option_parser.parse(args)
+    args.reject! { |arg| arg.start_with? '--run_mode=' }
   end
   private :parse_global_options
 
@@ -855,6 +857,8 @@ These parameters affect the required permissions of any files specified after
 their specification.  Puppet will sometimes use these parameters to check its
 own configured state, so they can be used to make Puppet a bit more self-managing.
 
+The file format supports octothorpe-commented lines, but not partial-line comments.
+
 Generated on #{Time.now}.
 
 }.gsub(/^/, "# ")

data/lib/puppet/ssl/certificate_authority.rb

@@ -232,6 +232,8 @@ class Puppet::SSL::CertificateAuthority
 
     if cert = Puppet::SSL::Certificate.indirection.find(name)
       serial = cert.content.serial
+    elsif name =~ /^0x[0-9A-Fa-f]+$/
+      serial = name.hex
     elsif ! serial = inventory.serial(name)
       raise ArgumentError, "Could not find a serial number for #{name}"
     end

data/lib/puppet/transaction.rb

@@ -151,7 +151,7 @@ class Puppet::Transaction
     begin
       made = resource.eval_generate.uniq
       return false if made.empty?
-      made = made.inject({}) {|a,v| a.merge(v.name => v) }
+      made = Hash[made.map(&:name).zip(made)]
     rescue => detail
       resource.log_exception(detail, "Failed to generate additional resources using 'eval_generate: #{detail}")
       return false

data/lib/puppet/type/cron.rb

@@ -364,9 +364,9 @@ Puppet::Type.newtype(:cron) do
   end
 
   newproperty(:target) do
-    desc "Where the cron job should be stored.  For crontab-style
-      entries this is the same as the user and defaults that way.
-      Other providers default accordingly."
+    desc "The username that will own the cron entry. Defaults to 
+    the value of $USER for the shell that invoked Puppet, or root if $USER
+    is empty."
 
     defaultto {
       if provider.is_a?(@resource.class.provider(:crontab))
@@ -374,7 +374,7 @@ Puppet::Type.newtype(:cron) do
           val
         else
           raise ArgumentError,
-            "You must provide a user with crontab entries"
+            "You must provide a username with crontab entries"
         end
       elsif provider.class.ancestors.include?(Puppet::Provider::ParsedFile)
         provider.class.default_target

data/lib/puppet/type/exec.rb

@@ -313,9 +313,11 @@ module Puppet
 
     newcheck(:creates, :parent => Puppet::Parameter::Path) do
       desc <<-'EOT'
-        A file that this command creates.  If this
-        parameter is provided, then the command will only be run
-        if the specified file does not exist.
+        A file to look for before running the command. The command will
+        only run if the file **doesn't exist.**
+
+        This parameter doesn't cause Puppet to create a file; it is only
+        useful if **the command itself** creates a file.
 
             exec { "tar -xf /Volumes/nfs02/important.tar":
               cwd     => "/var/tmp",
@@ -323,8 +325,11 @@ module Puppet
               path    => ["/usr/bin", "/usr/sbin"]
             }
 
-        In this example, if `/var/tmp/myfile` is ever deleted, the exec
-        will bring it back by re-extracting the tarball.
+        In this example, `myfile` is assumed to be a file inside
+        `important.tar`. If it is ever deleted, the exec will bring it
+        back by re-extracting the tarball. If `important.tar` does **not**
+        actually contain `myfile`, the exec will keep running every time
+        Puppet runs.
       EOT
 
       accept_arrays

data/lib/puppet/type/file.rb

@@ -164,7 +164,7 @@ Puppet::Type.newtype(:file) do
   end
 
   newparam(:replace, :boolean => true) do
-    desc "Whether to replace a file that already exists on the local system but
+    desc "Whether to replace a file or symlink that already exists on the local system but
       whose content doesn't match what the `source` or `content` attribute
       specifies.  Setting this to false allows file resources to initialize files
       without overwriting future changes.  Note that this only affects content;

data/lib/puppet/type/service.rb

@@ -198,8 +198,9 @@ module Puppet
     newparam :hasrestart do
       desc "Specify that an init script has a `restart` command.  If this is
         false and you do not specify a command in the `restart` attribute,
-        the init script's `stop` and `start` commands will be used. Defaults
-        to true; note that this is a change from earlier versions of Puppet."
+        the init script's `stop` and `start` commands will be used.
+
+        Defaults to false."
       newvalues(:true, :false)
     end
 

data/lib/puppet/type/user.rb

@@ -33,6 +33,10 @@ module Puppet
       "The provider can set age requirements and restrictions for
       passwords."
 
+    feature :manages_password_salt,
+      "The provider can set a password salt. This is for providers that
+       implement PBKDF2 passwords with salt properties."
+
     feature :manages_solaris_rbac,
       "The provider can manage roles and normal users"
 
@@ -295,7 +299,8 @@ module Puppet
 
     newparam(:managehome, :boolean => true) do
       desc "Whether to manage the home directory when managing the user.
-        Defaults to `false`."
+        This will create the home directory when `ensure => present`, and
+        delete the home directory when `ensure => absent`. Defaults to `false`."
 
       newvalues(:true, :false)
 
@@ -303,7 +308,7 @@ module Puppet
 
       validate do |val|
         if val.to_s == "true"
-          raise ArgumentError, "User provider #{provider.class.name} can not manage home directories" unless provider.class.manages_homedir?
+          raise ArgumentError, "User provider #{provider.class.name} can not manage home directories" if provider and not provider.class.manages_homedir?
         end
       end
     end
@@ -519,6 +524,23 @@ module Puppet
       defaultto :minimum
     end
 
+    newproperty(:salt, :required_features => :manages_password_salt) do
+      desc "This is the 32 byte salt used to generate the PBKDF2 password used in
+            OS X"
+    end
+
+    newproperty(:iterations, :required_features => :manages_password_salt) do
+      desc "This is the number of iterations of a chained computation of the
+            password hash (http://en.wikipedia.org/wiki/PBKDF2).  This parameter
+            is used in OS X"
 
+      munge do |value|
+        if value.is_a?(String) and value =~/^[-0-9]+$/
+          Integer(value)
+        else
+          value
+        end
+      end
+    end
   end
 end

data/lib/puppet/util.rb

@@ -232,10 +232,6 @@ module Util
   AbsolutePathWindows = %r!^(?:(?:[A-Z]:#{slash})|(?:#{slash}#{slash}#{label}#{slash}#{label})|(?:#{slash}#{slash}\?#{slash}#{label}))!io
   AbsolutePathPosix   = %r!^/!
   def absolute_path?(path, platform=nil)
-    # Due to weird load order issues, I was unable to remove this require.
-    # This is fixed in Telly so it can be removed there.
-    require 'puppet' unless defined?(Puppet)
-
     # Ruby only sets File::ALT_SEPARATOR on Windows and the Ruby standard
     # library uses that to test what platform it's on.  Normally in Puppet we
     # would use Puppet.features.microsoft_windows?, but this method needs to
@@ -534,9 +530,10 @@ module Util
   end
   module_function :execfail
 
-  def execute(command, arguments = {})
+  def execute(*args)
     Puppet.deprecation_warning("Puppet::Util.execute is deprecated; please use Puppet::Util::Execution.execute")
-    Puppet::Util::Execution.execute(command, arguments)
+
+    Puppet::Util::Execution.execute(*args)
   end
   module_function :execute
 

data/lib/puppet/util/adsi.rb

@@ -54,15 +54,9 @@ module Puppet::Util::ADSI
     end
 
     def sid_for_account(name)
-      sid = nil
-      if name =~ /\\/
-        domain, name = name.split('\\', 2)
-        query = "SELECT Sid from Win32_Account WHERE Name = '#{name}' AND Domain = '#{domain}' AND LocalAccount = true"
-      else
-        query = "SELECT Sid from Win32_Account WHERE Name = '#{name}' AND LocalAccount = true"
-      end
-      execquery(query).each { |u| sid ||= u.Sid }
-      sid
+      Puppet.deprecation_warning "Puppet::Util::ADSI.sid_for_account is deprecated and will be removed in 3.0, use Puppet::Util::Windows::SID.name_to_account instead."
+
+      Puppet::Util::Windows::Security.name_to_sid(name)
     end
   end
 

data/lib/puppet/util/diff.rb

@@ -13,7 +13,7 @@ module Puppet::Util::Diff
       command << args
     end
     command << old << new
-    Puppet::Util::Execution.execute(command, :failonfail => false)
+    Puppet::Util::Execution.execute(command, :failonfail => false, :combine => false)
   end
 
   module_function :diff

data/lib/puppet/util/execution.rb

@@ -52,18 +52,17 @@ module Util::Execution
   end
 
 
-
   # Execute the desired command, and return the status and output.
   # def execute(command, options)
   # [command] an Array or String representing the command to execute. If it is
   #   an Array the first element should be the executable and the rest of the
   #   elements should be the individual arguments to that executable.
   # [options] a Hash optionally containing any of the following keys:
-  #   :failonfail (default true) -- if this value is set to true, then this method will raise an error if the
+  #   :failonfail (see below) -- if this value is set to true, then this method will raise an error if the
   #      command is not executed successfully.
   #   :uid (default nil) -- the user id of the user that the process should be run as
   #   :gid (default nil) -- the group id of the group that the process should be run as
-  #   :combine (default true) -- sets whether or not to combine stdout/stderr in the output
+  #   :combine (see below) -- sets whether or not to combine stdout/stderr in the output
   #   :stdinfile (default nil) -- sets a file that can be used for stdin. Passing a string for stdin is not currently
   #      supported.
   #   :squelch (default false) -- if true, ignore stdout / stderr completely
@@ -73,14 +72,22 @@ module Util::Execution
   #     Passing in a value of false for this option will allow the command to be executed using the user/system locale.
   #   :custom_environment (default {}) -- a hash of key/value pairs to set as environment variables for the duration
   #     of the command
-  def self.execute(command, options = {})
+  #
+  # Unfortunately, the default behavior for failonfail and combine (since
+  # 0.22.4 and 0.24.7, respectively) depend on whether options are specified
+  # or not. If specified, then failonfail and combine default to false (even
+  # when the options specified are neither failonfail nor combine). If no
+  # options are specified, then failonfail and combine default to true. See
+  # commits efe9a833c and d32d7f30
+  NoOptionsSpecified = {}
+  def self.execute(command, options = NoOptionsSpecified)
     # specifying these here rather than in the method signature to allow callers to pass in a partial
     # set of overrides without affecting the default values for options that they don't pass in
     default_options = {
-        :failonfail => true,
+        :failonfail => NoOptionsSpecified.equal?(options),
         :uid => nil,
         :gid => nil,
-        :combine => true,
+        :combine => NoOptionsSpecified.equal?(options),
         :stdinfile => nil,
         :squelch => false,
         :override_locale => true,

data/lib/puppet/util/feature.rb

@@ -23,7 +23,9 @@ class Puppet::Util::Feature
     end
 
     meta_def(method) do
-      @results[name] = test(name, options) unless @results.include?(name)
+      # Positive cache only, except blocks which are executed just once above
+      final = @results[name] || block_given?
+      @results[name] = test(name, options) unless final
       @results[name]
     end
   end

data/lib/puppet/util/log/destinations.rb

@@ -106,27 +106,23 @@ Puppet::Util::Log.newdesttype :console do
   end
 
   def handle(msg)
-    error_levels = {
-      :warning => 'Warning',
-      :err     => 'Error',
-      :alert   => 'Alert',
-      :emerg   => 'Emergency',
-      :crit    => 'Critical'
+    levels = {
+      :emerg   => { :name => 'Emergency', :color => :hred,  :stream => $stderr },
+      :alert   => { :name => 'Alert',     :color => :hred,  :stream => $stderr },
+      :crit    => { :name => 'Critical',  :color => :hred,  :stream => $stderr },
+      :err     => { :name => 'Error',     :color => :hred,  :stream => $stderr },
+      :warning => { :name => 'Warning',   :color => :hred,  :stream => $stderr },
+
+      :notice  => { :name => 'Notice',    :color => :reset, :stream => $stdout },
+      :info    => { :name => 'Info',      :color => :green, :stream => $stdout },
+      :debug   => { :name => 'Debug',     :color => :cyan,  :stream => $stdout },
     }
 
     str = msg.respond_to?(:multiline) ? msg.multiline : msg.to_s
     str = msg.source == "Puppet" ? str : "#{msg.source}: #{str}"
 
-    case msg.level
-    when *error_levels.keys
-      $stderr.puts colorize(:hred, "#{error_levels[msg.level]}: #{str}")
-    when :info
-      $stdout.puts "#{colorize(:green, 'Info')}: #{str}"
-    when :debug
-      $stdout.puts "#{colorize(:cyan, 'Debug')}: #{str}"
-    else
-      $stdout.puts str
-    end
+    level = levels[msg.level]
+    level[:stream].puts colorize(level[:color], "#{level[:name]}: #{str}")
   end
 end
 

data/lib/puppet/util/selinux.rb

@@ -42,11 +42,17 @@ module Puppet::Util::SELinux
     # If the file exists we should pass the mode to matchpathcon for the most specific
     # matching.  If not, we can pass a mode of 0.
     begin
-      filestat = File.lstat(file)
+      filestat = file_lstat(file)
+    rescue Errno::EACCES, Errno::ENOENT => detail
+      warning "Could not stat; #{detail}"
+    end
+
+    if filestat
       mode = filestat.mode
-    rescue Errno::ENOENT
+    else
       mode = 0
     end
+
     retval = Selinux.matchpathcon(file, mode)
     if retval == -1
       return nil
@@ -208,4 +214,14 @@ module Puppet::Util::SELinux
     # Should never be reached...
     return mounts['/']
   end
+
+  ##
+  # file_lstat is an internal, private method to allow precise stubbing and
+  # mocking without affecting the rest of the system.
+  #
+  # @return [File::Stat] File.lstat result
+  def file_lstat(path)
+    File.lstat(path)
+  end
+  private :file_lstat
 end

data/lib/puppet/util/windows.rb

@@ -2,6 +2,7 @@ module Puppet::Util::Windows
   if Puppet::Util::Platform.windows?
     # these reference platform specific gems
     require 'puppet/util/windows/error'
+    require 'puppet/util/windows/sid'
     require 'puppet/util/windows/security'
     require 'puppet/util/windows/user'
     require 'puppet/util/windows/process'

data/lib/puppet/util/windows/security.rb

@@ -80,6 +80,8 @@ module Puppet::Util::Windows::Security
   include ::Windows::MSVCRT::Buffer
   include ::Windows::Volume
 
+  include Puppet::Util::Windows::SID
+
   extend Puppet::Util::Windows::Security
 
   # file modes
@@ -553,45 +555,6 @@ module Puppet::Util::Windows::Security
     end
   end
 
-  # Convert a SID pointer to a string, e.g. "S-1-5-32-544".
-  def sid_ptr_to_string(psid)
-    sid_buf = 0.chr * 256
-    str_ptr = 0.chr * 4
-
-    raise Puppet::Util::Windows::Error.new("Invalid SID") unless IsValidSid(psid)
-
-    raise Puppet::Util::Windows::Error.new("Failed to convert binary SID") unless ConvertSidToStringSid(psid, str_ptr)
-
-    begin
-      strncpy(sid_buf, str_ptr.unpack('L')[0], sid_buf.size - 1)
-      sid_buf[sid_buf.size - 1] = 0.chr
-      return sid_buf.strip
-    ensure
-      LocalFree(str_ptr.unpack('L')[0])
-    end
-  end
-
-  # Convert a SID string, e.g. "S-1-5-32-544" to a pointer (containing the
-  # address of the binary SID structure). The returned value can be used in
-  # Win32 APIs that expect a PSID, e.g. IsValidSid.
-  def string_to_sid_ptr(string)
-    sid_buf = 0.chr * 80
-    string_addr = [string].pack('p*').unpack('L')[0]
-
-    raise Puppet::Util::Windows::Error.new("Failed to convert string SID: #{string}") unless ConvertStringSidToSid(string_addr, sid_buf)
-
-    sid_ptr = sid_buf.unpack('L')[0]
-    begin
-      if block_given?
-        yield sid_ptr
-      else
-        true
-      end
-    ensure
-      LocalFree(sid_ptr)
-    end
-  end
-
   # Open an existing file with the specified access mode, and execute a
   # block with the opened file HANDLE.
   def open_file(path, access)