RubyGems - puppet - Versions diffs - 3.3.2 → 3.4.0.rc1 - Mend

puppet 3.3.2 → 3.4.0.rc1

Potentially problematic release.

This version of puppet might be problematic. Click here for more details.

Files changed (589) hide show

data/CONTRIBUTING.md +22 -0
data/Gemfile +11 -2
data/README.md +13 -17
data/README_DEVELOPER.md +1 -1
data/Rakefile +1 -1
data/examples/hiera/README.md +4 -4
data/ext/debian/puppetmaster.init +1 -0
data/ext/debian/rules +2 -5
data/ext/nagios/check_puppet.rb +7 -7
data/ext/osx/file_mapping.yaml +1 -1
data/ext/osx/preflight.erb +34 -19
data/ext/rack/{files/config.ru → config.ru} +0 -0
data/ext/rack/{files/apache2.conf → example-passenger-vhost.conf} +6 -0
data/ext/redhat/puppet.spec.erb +20 -2
data/ext/systemd/{puppetagent.service → puppet.service} +0 -0
data/lib/hiera_puppet.rb +2 -2
data/lib/puppet/agent.rb +1 -6
data/lib/puppet/application.rb +15 -2
data/lib/puppet/application/agent.rb +2 -7
data/lib/puppet/application/apply.rb +8 -13
data/lib/puppet/application/cert.rb +47 -7
data/lib/puppet/application/device.rb +1 -6
data/lib/puppet/application/face_base.rb +1 -1
data/lib/puppet/application/filebucket.rb +1 -1
data/lib/puppet/application/inspect.rb +3 -12
data/lib/puppet/application/master.rb +1 -6
data/lib/puppet/application/queue.rb +1 -6
data/lib/puppet/application/resource.rb +2 -6
data/lib/puppet/coercion.rb +11 -0
data/lib/puppet/configurer.rb +5 -3
data/lib/puppet/configurer/downloader.rb +3 -1
data/lib/puppet/configurer/plugin_handler.rb +10 -0
data/lib/puppet/confine.rb +80 -0
data/lib/puppet/{provider/confine → confine}/exists.rb +3 -3
data/lib/puppet/{provider/confine → confine}/false.rb +2 -2
data/lib/puppet/{provider/confine → confine}/feature.rb +2 -2
data/lib/puppet/{provider/confine → confine}/true.rb +2 -2
data/lib/puppet/{provider/confine → confine}/variable.rb +2 -2
data/lib/puppet/{provider/confine_collection.rb → confine_collection.rb} +4 -4
data/lib/puppet/{provider/confiner.rb → confiner.rb} +4 -4
data/lib/puppet/daemon.rb +2 -6
data/lib/puppet/data_binding.rb +2 -30
data/lib/puppet/defaults.rb +283 -174
data/lib/puppet/error.rb +1 -0
data/lib/puppet/external/nagios.rb +0 -2
data/lib/puppet/external/nagios/base.rb +4 -3
data/lib/puppet/external/nagios/grammar.ry +173 -112
data/lib/puppet/external/nagios/parser.rb +233 -184
data/lib/puppet/face/file/store.rb +1 -1
data/lib/puppet/face/module/generate.rb +5 -7
data/lib/puppet/face/parser.rb +12 -2
data/lib/puppet/face/plugin.rb +6 -0
data/lib/puppet/feature/base.rb +16 -0
data/lib/puppet/feature/external_facts.rb +5 -0
data/lib/puppet/feature/libuser.rb +1 -1
data/lib/puppet/feature/msgpack.rb +1 -0
data/lib/puppet/feature/rails.rb +2 -2
data/lib/puppet/file_bucket/dipper.rb +8 -6
data/lib/puppet/file_bucket/file.rb +17 -1
data/lib/puppet/file_serving/base.rb +21 -10
data/lib/puppet/file_serving/configuration.rb +5 -7
data/lib/puppet/file_serving/configuration/parser.rb +1 -1
data/lib/puppet/file_serving/content.rb +1 -1
data/lib/puppet/file_serving/fileset.rb +3 -3
data/lib/puppet/file_serving/metadata.rb +22 -18
data/lib/puppet/file_serving/mount/file.rb +1 -1
data/lib/puppet/file_serving/mount/pluginfacts.rb +35 -0
data/lib/puppet/file_system.rb +3 -0
data/lib/puppet/file_system/file.rb +261 -0
data/lib/puppet/file_system/file18.rb +5 -0
data/lib/puppet/file_system/file19.rb +5 -0
data/lib/puppet/file_system/file19windows.rb +113 -0
data/lib/puppet/file_system/memory_file.rb +31 -0
data/lib/puppet/file_system/tempfile.rb +20 -0
data/lib/puppet/indirector/active_record.rb +1 -0
data/lib/puppet/indirector/catalog/compiler.rb +28 -0
data/lib/puppet/indirector/certificate_request/memory.rb +6 -0
data/lib/puppet/indirector/data_binding/hiera.rb +46 -2
data/lib/puppet/indirector/direct_file_server.rb +2 -2
data/lib/puppet/indirector/facts/facter.rb +25 -0
data/lib/puppet/indirector/file_bucket_file/file.rb +60 -74
data/lib/puppet/indirector/indirection.rb +5 -1
data/lib/puppet/indirector/json.rb +1 -1
data/lib/puppet/indirector/key/ca.rb +4 -0
data/lib/puppet/indirector/key/file.rb +7 -3
data/lib/puppet/indirector/key/memory.rb +6 -0
data/lib/puppet/indirector/node/write_only_yaml.rb +2 -2
data/lib/puppet/indirector/request.rb +17 -11
data/lib/puppet/indirector/resource/ral.rb +5 -0
data/lib/puppet/indirector/resource/rest.rb +1 -0
data/lib/puppet/indirector/resource/store_configs.rb +4 -0
data/lib/puppet/indirector/rest.rb +2 -1
data/lib/puppet/indirector/ssl_file.rb +7 -7
data/lib/puppet/indirector/terminus.rb +4 -0
data/lib/puppet/indirector/yaml.rb +3 -3
data/lib/puppet/interface/documentation.rb +4 -11
data/lib/puppet/module.rb +19 -6
data/lib/puppet/module_tool/applications/builder.rb +1 -1
data/lib/puppet/module_tool/applications/installer.rb +1 -1
data/lib/puppet/module_tool/checksums.rb +1 -1
data/lib/puppet/module_tool/dependency.rb +7 -3
data/lib/puppet/module_tool/metadata.rb +6 -2
data/lib/puppet/module_tool/tar.rb +2 -1
data/lib/puppet/module_tool/tar/gnu.rb +6 -2
data/lib/puppet/module_tool/tar/mini.rb +2 -0
data/lib/puppet/module_tool/tar/solaris.rb +2 -5
data/lib/puppet/network/authconfig.rb +0 -2
data/lib/puppet/network/authentication.rb +1 -1
data/lib/puppet/network/authstore.rb +6 -7
data/lib/puppet/network/format.rb +2 -3
data/lib/puppet/network/format_handler.rb +16 -11
data/lib/puppet/network/format_support.rb +14 -0
data/lib/puppet/network/formats.rb +26 -0
data/lib/puppet/network/http/connection.rb +8 -41
data/lib/puppet/network/http/handler.rb +28 -32
data/lib/puppet/network/http/webrick.rb +15 -22
data/lib/puppet/network/http_pool.rb +43 -9
data/lib/puppet/network/rights.rb +0 -0
data/lib/puppet/node.rb +24 -8
data/lib/puppet/node/environment.rb +18 -20
data/lib/puppet/node/facts.rb +23 -6
data/lib/puppet/parameter.rb +15 -2
data/lib/puppet/parameter/boolean.rb +5 -0
data/lib/puppet/parameter/value_collection.rb +6 -4
data/lib/puppet/parser/ast/resourceparam.rb +2 -1
data/lib/puppet/parser/compiler.rb +25 -9
data/lib/puppet/parser/files.rb +1 -1
data/lib/puppet/parser/functions.rb +12 -21
data/lib/puppet/parser/functions/collect.rb +6 -35
data/lib/puppet/parser/functions/contain.rb +26 -0
data/lib/puppet/parser/functions/create_resources.rb +5 -0
data/lib/puppet/parser/functions/extlookup.rb +2 -2
data/lib/puppet/parser/functions/file.rb +1 -1
data/lib/puppet/parser/functions/{reject.rb → filter.rb} +13 -12
data/lib/puppet/parser/functions/fqdn_rand.rb +13 -5
data/lib/puppet/parser/functions/include.rb +18 -1
data/lib/puppet/parser/functions/map.rb +44 -0
data/lib/puppet/parser/functions/select.rb +6 -38
data/lib/puppet/parser/lexer.rb +1 -1
data/lib/puppet/parser/parser_support.rb +1 -1
data/lib/puppet/parser/resource.rb +6 -45
data/lib/puppet/parser/scope.rb +33 -2
data/lib/puppet/parser/type_loader.rb +4 -60
data/lib/puppet/pops/binder/bindings_loader.rb +1 -1
data/lib/puppet/pops/binder/config/binder_config.rb +3 -3
data/lib/puppet/pops/binder/hiera2/bindings_provider.rb +1 -1
data/lib/puppet/pops/binder/scheme_handler/confdir_hiera_scheme.rb +1 -1
data/lib/puppet/pops/binder/scheme_handler/module_hiera_scheme.rb +2 -2
data/lib/puppet/pops/issues.rb +4 -0
data/lib/puppet/pops/model/ast_transformer.rb +4 -1
data/lib/puppet/pops/model/model_label_provider.rb +1 -1
data/lib/puppet/pops/parser/egrammar.ra +5 -24
data/lib/puppet/pops/parser/eparser.rb +859 -902
data/lib/puppet/pops/parser/lexer.rb +48 -30
data/lib/puppet/pops/parser/parser_support.rb +1 -1
data/lib/puppet/pops/patterns.rb +4 -4
data/lib/puppet/pops/utils.rb +1 -1
data/lib/puppet/pops/validation/checker3_1.rb +25 -20
data/lib/puppet/provider.rb +23 -6
data/lib/puppet/provider/aixobject.rb +0 -0
data/lib/puppet/provider/augeas/augeas.rb +21 -5
data/lib/puppet/provider/confine.rb +5 -79
data/lib/puppet/provider/cron/crontab.rb +0 -0
data/lib/puppet/provider/exec.rb +9 -7
data/lib/puppet/provider/exec/posix.rb +10 -1
data/lib/puppet/provider/exec/windows.rb +1 -1
data/lib/puppet/provider/file/posix.rb +1 -0
data/lib/puppet/provider/file/windows.rb +16 -5
data/lib/puppet/provider/group/aix.rb +0 -0
data/lib/puppet/provider/group/windows_adsi.rb +33 -1
data/lib/puppet/provider/macauthorization/macauthorization.rb +1 -1
data/lib/puppet/provider/mailalias/aliases.rb +0 -0
data/lib/puppet/provider/maillist/mailman.rb +0 -0
data/lib/puppet/provider/mount/parsed.rb +0 -0
data/lib/puppet/provider/nameservice/directoryservice.rb +3 -3
data/lib/puppet/provider/package/appdmg.rb +1 -1
data/lib/puppet/provider/package/apple.rb +1 -1
data/lib/puppet/provider/package/apt.rb +1 -1
data/lib/puppet/provider/package/aptitude.rb +0 -0
data/lib/puppet/provider/package/blastwave.rb +1 -1
data/lib/puppet/provider/package/dpkg.rb +1 -1
data/lib/puppet/provider/package/fink.rb +1 -1
data/lib/puppet/provider/package/freebsd.rb +0 -0
data/lib/puppet/provider/package/gem.rb +0 -0
data/lib/puppet/provider/package/macports.rb +0 -0
data/lib/puppet/provider/package/msi.rb +4 -10
data/lib/puppet/provider/package/nim.rb +8 -8
data/lib/puppet/provider/package/openbsd.rb +1 -1
data/lib/puppet/provider/package/opkg.rb +0 -0
data/lib/puppet/provider/package/pacman.rb +2 -2
data/lib/puppet/provider/package/pkgdmg.rb +1 -1
data/lib/puppet/provider/package/pkgutil.rb +1 -1
data/lib/puppet/provider/package/ports.rb +0 -0
data/lib/puppet/provider/package/rpm.rb +39 -3
data/lib/puppet/provider/package/sun.rb +3 -3
data/lib/puppet/provider/package/sunfreeware.rb +0 -0
data/lib/puppet/provider/package/windows.rb +12 -19
data/lib/puppet/provider/package/windows/package.rb +1 -1
data/lib/puppet/provider/package/yum.rb +2 -2
data/lib/puppet/provider/parsedfile.rb +0 -0
data/lib/puppet/provider/port/parsed.rb +0 -0
data/lib/puppet/provider/service/base.rb +0 -0
data/lib/puppet/provider/service/bsd.rb +3 -3
data/lib/puppet/provider/service/daemontools.rb +8 -8
data/lib/puppet/provider/service/debian.rb +0 -0
data/lib/puppet/provider/service/freebsd.rb +3 -3
data/lib/puppet/provider/service/init.rb +5 -4
data/lib/puppet/provider/service/launchd.rb +35 -24
data/lib/puppet/provider/service/openbsd.rb +23 -0
data/lib/puppet/provider/service/redhat.rb +0 -0
data/lib/puppet/provider/service/runit.rb +3 -3
data/lib/puppet/provider/service/smf.rb +0 -0
data/lib/puppet/provider/service/src.rb +0 -0
data/lib/puppet/provider/service/systemd.rb +0 -0
data/lib/puppet/provider/service/upstart.rb +3 -3
data/lib/puppet/provider/ssh_authorized_key/parsed.rb +2 -2
data/lib/puppet/provider/sshkey/parsed.rb +0 -0
data/lib/puppet/provider/user/aix.rb +0 -0
data/lib/puppet/provider/user/directoryservice.rb +1 -1
data/lib/puppet/provider/user/useradd.rb +1 -1
data/lib/puppet/provider/zone/solaris.rb +1 -1
data/lib/puppet/rails/benchmark.rb +1 -1
data/lib/puppet/reference/configuration.rb +1 -2
data/lib/puppet/reference/indirection.rb +12 -14
data/lib/puppet/relationship.rb +7 -4
data/lib/puppet/reports.rb +2 -2
data/lib/puppet/reports/rrdgraph.rb +1 -1
data/lib/puppet/reports/store.rb +3 -3
data/lib/puppet/reports/tagmail.rb +2 -2
data/lib/puppet/resource.rb +66 -8
data/lib/puppet/resource/catalog.rb +18 -25
data/lib/puppet/resource/status.rb +10 -4
data/lib/puppet/run.rb +6 -2
data/lib/puppet/settings.rb +39 -119
data/lib/puppet/settings/base_setting.rb +8 -9
data/lib/puppet/settings/directory_setting.rb +8 -0
data/lib/puppet/settings/file_setting.rb +35 -1
data/lib/puppet/settings/priority_setting.rb +42 -0
data/lib/puppet/ssl.rb +4 -0
data/lib/puppet/ssl/certificate.rb +18 -0
data/lib/puppet/ssl/certificate_authority.rb +101 -72
data/lib/puppet/ssl/certificate_authority/autosign_command.rb +44 -0
data/lib/puppet/ssl/certificate_authority/interface.rb +21 -17
data/lib/puppet/ssl/certificate_factory.rb +38 -12
data/lib/puppet/ssl/certificate_request.rb +201 -47
data/lib/puppet/ssl/certificate_request_attributes.rb +34 -0
data/lib/puppet/ssl/certificate_revocation_list.rb +2 -2
data/lib/puppet/ssl/host.rb +21 -10
data/lib/puppet/ssl/inventory.rb +6 -10
data/lib/puppet/ssl/key.rb +1 -1
data/lib/puppet/ssl/oids.rb +78 -0
data/lib/puppet/ssl/validator.rb +41 -97
data/lib/puppet/ssl/validator/default_validator.rb +153 -0
data/lib/puppet/ssl/validator/no_validator.rb +17 -0
data/lib/puppet/status.rb +4 -0
data/lib/puppet/test/test_helper.rb +5 -0
data/lib/puppet/transaction.rb +13 -0
data/lib/puppet/transaction/event.rb +8 -3
data/lib/puppet/transaction/report.rb +6 -2
data/lib/puppet/transaction/resource_harness.rb +173 -115
data/lib/puppet/type.rb +30 -13
data/lib/puppet/type/augeas.rb +12 -46
data/lib/puppet/type/component.rb +1 -7
data/lib/puppet/type/cron.rb +0 -0
data/lib/puppet/type/exec.rb +13 -1
data/lib/puppet/type/file.rb +19 -10
data/lib/puppet/type/file/checksum.rb +0 -0
data/lib/puppet/type/file/content.rb +3 -0
data/lib/puppet/type/file/ensure.rb +33 -15
data/lib/puppet/type/file/group.rb +0 -0
data/lib/puppet/type/file/mode.rb +6 -2
data/lib/puppet/type/file/owner.rb +0 -0
data/lib/puppet/type/file/source.rb +65 -14
data/lib/puppet/type/file/target.rb +6 -6
data/lib/puppet/type/file/type.rb +0 -0
data/lib/puppet/type/filebucket.rb +0 -0
data/lib/puppet/type/group.rb +18 -0
data/lib/puppet/type/host.rb +0 -0
data/lib/puppet/type/k5login.rb +4 -4
data/lib/puppet/type/mailalias.rb +0 -0
data/lib/puppet/type/maillist.rb +0 -0
data/lib/puppet/type/mount.rb +15 -1
data/lib/puppet/type/package.rb +7 -1
data/lib/puppet/type/port.rb +0 -0
data/lib/puppet/type/schedule.rb +9 -4
data/lib/puppet/type/service.rb +1 -1
data/lib/puppet/type/sshkey.rb +0 -0
data/lib/puppet/type/tidy.rb +1 -1
data/lib/puppet/type/user.rb +3 -0
data/lib/puppet/type/yumrepo.rb +8 -6
data/lib/puppet/type/zpool.rb +0 -0
data/lib/puppet/util.rb +4 -31
data/lib/puppet/util/adsi.rb +73 -17
data/lib/puppet/util/autoload.rb +3 -3
data/lib/puppet/util/backups.rb +4 -4
data/lib/puppet/util/cacher.rb +7 -13
data/lib/puppet/util/checksums.rb +2 -2
data/lib/puppet/util/classgen.rb +3 -1
data/lib/puppet/util/colors.rb +1 -0
data/lib/puppet/util/command_line.rb +5 -0
data/lib/puppet/util/docs.rb +33 -27
data/lib/puppet/util/execution.rb +42 -18
data/lib/puppet/util/filetype.rb +3 -3
data/lib/puppet/util/instance_loader.rb +2 -2
data/lib/puppet/util/instrumentation.rb +23 -42
data/lib/puppet/util/instrumentation/data.rb +11 -4
data/lib/puppet/util/instrumentation/indirection_probe.rb +11 -4
data/lib/puppet/util/instrumentation/instrumentable.rb +7 -14
data/lib/puppet/util/instrumentation/listener.rb +15 -8
data/lib/puppet/util/instrumentation/listeners/log.rb +4 -10
data/lib/puppet/util/instrumentation/listeners/performance.rb +8 -14
data/lib/puppet/util/limits.rb +12 -0
data/lib/puppet/util/lockfile.rb +2 -2
data/lib/puppet/util/log.rb +14 -6
data/lib/puppet/util/log/destinations.rb +23 -1
data/lib/puppet/util/metric.rb +9 -3
data/lib/puppet/util/monkey_patches.rb +7 -2
data/lib/puppet/util/network_device/config.rb +1 -1
data/lib/puppet/util/plugins.rb +1 -1
data/lib/puppet/util/posix.rb +0 -0
data/lib/puppet/util/profiler.rb +7 -2
data/lib/puppet/util/provider_features.rb +2 -2
data/lib/puppet/util/rdoc.rb +28 -30
data/lib/puppet/util/rdoc/code_objects.rb +75 -25
data/lib/puppet/util/rdoc/generators/puppet_generator.rb +1 -1
data/lib/puppet/util/rdoc/parser.rb +12 -487
data/lib/puppet/util/rdoc/parser/puppet_parser_core.rb +477 -0
data/lib/puppet/util/rdoc/parser/puppet_parser_rdoc1.rb +19 -0
data/lib/puppet/util/rdoc/parser/puppet_parser_rdoc2.rb +14 -0
data/lib/puppet/util/reference.rb +1 -1
data/lib/puppet/util/resource_template.rb +1 -1
data/lib/puppet/util/selinux.rb +1 -1
data/lib/puppet/util/storage.rb +2 -2
data/lib/puppet/util/suidmanager.rb +1 -1
data/lib/puppet/util/tag_set.rb +29 -0
data/lib/puppet/util/tagging.rb +8 -24
data/lib/puppet/util/watched_file.rb +1 -1
data/lib/puppet/util/watcher.rb +1 -1
data/lib/puppet/util/windows.rb +3 -0
data/lib/puppet/util/windows/access_control_entry.rb +84 -0
data/lib/puppet/util/windows/access_control_list.rb +106 -0
data/lib/puppet/util/windows/file.rb +213 -0
data/lib/puppet/util/windows/process.rb +199 -0
data/lib/puppet/util/windows/root_certs.rb +52 -37
data/lib/puppet/util/windows/security.rb +270 -245
data/lib/puppet/util/windows/security_descriptor.rb +62 -0
data/lib/puppet/util/windows/sid.rb +26 -4
data/lib/puppet/version.rb +2 -2
data/spec/fixtures/releases/jamtur01-apache/lib/puppet/provider/a2mod/debian.rb +1 -1
data/spec/fixtures/unit/indirector/{hiera → data_binding/hiera}/global.yaml +0 -0
data/spec/fixtures/unit/indirector/data_binding/hiera/invalid.yaml +1 -0
data/spec/fixtures/unit/module/trailing-comma.json +24 -0
data/spec/fixtures/unit/util/monkey_patches/x509.pem +32 -0
data/spec/integration/application/apply_spec.rb +1 -1
data/spec/integration/application/doc_spec.rb +1 -1
data/spec/integration/configurer_spec.rb +4 -2
data/spec/integration/data_binding.rb +100 -0
data/spec/integration/indirector/catalog/compiler_spec.rb +16 -13
data/spec/integration/indirector/direct_file_server_spec.rb +3 -5
data/spec/integration/indirector/file_content/file_server_spec.rb +2 -2
data/spec/integration/node/facts_spec.rb +1 -1
data/spec/integration/node_spec.rb +1 -1
data/spec/integration/parser/compiler_spec.rb +90 -0
data/spec/integration/parser/parser_spec.rb +2 -2
data/spec/integration/provider/cron/crontab_spec.rb +3 -5
data/spec/integration/resource/catalog_spec.rb +1 -1
data/spec/integration/ssl/autosign_spec.rb +90 -0
data/spec/integration/ssl/certificate_authority_spec.rb +62 -69
data/spec/integration/ssl/certificate_revocation_list_spec.rb +1 -1
data/spec/integration/ssl/host_spec.rb +1 -1
data/spec/integration/transaction_spec.rb +13 -13
data/spec/integration/type/exec_spec.rb +2 -2
data/spec/integration/type/file_spec.rb +287 -45
data/spec/integration/type/tidy_spec.rb +3 -3
data/spec/integration/util/rdoc/parser_spec.rb +236 -35
data/spec/integration/util/settings_spec.rb +1 -1
data/spec/integration/util/windows/process_spec.rb +22 -0
data/spec/integration/util/windows/security_spec.rb +316 -106
data/spec/lib/matchers/containment_matchers.rb +52 -0
data/spec/lib/puppet_spec/compiler.rb +6 -0
data/spec/lib/puppet_spec/files.rb +20 -21
data/spec/shared_behaviours/documentation_on_faces.rb +3 -3
data/spec/shared_behaviours/file_server_terminus.rb +2 -2
data/spec/shared_contexts/platform.rb +1 -0
data/spec/spec_helper.rb +13 -1
data/spec/unit/agent_spec.rb +0 -12
data/spec/unit/application/agent_spec.rb +4 -4
data/spec/unit/application/apply_spec.rb +18 -2
data/spec/unit/application/cert_spec.rb +8 -6
data/spec/unit/application/device_spec.rb +1 -1
data/spec/unit/application/filebucket_spec.rb +1 -1
data/spec/unit/application/inspect_spec.rb +1 -1
data/spec/unit/application_spec.rb +24 -0
data/spec/unit/configurer/downloader_spec.rb +8 -7
data/spec/unit/configurer/fact_handler_spec.rb +23 -0
data/spec/unit/configurer/plugin_handler_spec.rb +7 -2
data/spec/unit/configurer_spec.rb +15 -5
data/spec/unit/{provider/confine → confine}/exists_spec.rb +12 -12
data/spec/unit/{provider/confine → confine}/false_spec.rb +9 -9
data/spec/unit/{provider/confine → confine}/feature_spec.rb +10 -10
data/spec/unit/{provider/confine → confine}/true_spec.rb +7 -7
data/spec/unit/{provider/confine → confine}/variable_spec.rb +16 -16
data/spec/unit/{provider/confine_collection_spec.rb → confine_collection_spec.rb} +30 -30
data/spec/unit/{provider/confine_spec.rb → confine_spec.rb} +11 -11
data/spec/unit/{provider/confiner_spec.rb → confiner_spec.rb} +4 -4
data/spec/unit/face/parser_spec.rb +54 -0
data/spec/unit/file_bucket/dipper_spec.rb +2 -2
data/spec/unit/file_serving/base_spec.rb +32 -9
data/spec/unit/file_serving/configuration_spec.rb +7 -7
data/spec/unit/file_serving/content_spec.rb +12 -7
data/spec/unit/file_serving/fileset_spec.rb +57 -27
data/spec/unit/file_serving/metadata_spec.rb +74 -12
data/spec/unit/file_serving/mount/file_spec.rb +10 -10
data/spec/unit/file_serving/mount/pluginfacts_spec.rb +73 -0
data/spec/unit/file_system/file_spec.rb +486 -0
data/spec/unit/file_system/tempfile_spec.rb +48 -0
data/spec/unit/graph/relationship_graph_spec.rb +0 -6
data/spec/unit/hiera_puppet_spec.rb +2 -2
data/spec/unit/indirector/catalog/compiler_spec.rb +15 -19
data/spec/unit/indirector/certificate_status/file_spec.rb +30 -40
data/spec/unit/indirector/data_binding/hiera_spec.rb +95 -2
data/spec/unit/indirector/direct_file_server_spec.rb +6 -6
data/spec/unit/indirector/facts/facter_spec.rb +33 -0
data/spec/unit/indirector/file_bucket_file/file_spec.rb +61 -52
data/spec/unit/indirector/file_metadata/file_spec.rb +2 -2
data/spec/unit/indirector/file_server_spec.rb +4 -4
data/spec/unit/indirector/json_spec.rb +4 -4
data/spec/unit/indirector/key/file_spec.rb +13 -14
data/spec/unit/indirector/resource/ral_spec.rb +7 -0
data/spec/unit/indirector/resource/store_configs_spec.rb +11 -0
data/spec/unit/indirector/rest_spec.rb +7 -3
data/spec/unit/indirector/ssl_file_spec.rb +14 -17
data/spec/unit/indirector/yaml_spec.rb +4 -4
data/spec/unit/module_spec.rb +43 -15
data/spec/unit/module_tool/tar/gnu_spec.rb +2 -2
data/spec/unit/module_tool/tar/solaris_spec.rb +2 -2
data/spec/unit/module_tool/tar_spec.rb +45 -0
data/spec/unit/network/authconfig_spec.rb +2 -1
data/spec/unit/network/authentication_spec.rb +2 -2
data/spec/unit/network/format_handler_spec.rb +2 -2
data/spec/unit/network/formats_spec.rb +24 -0
data/spec/unit/network/http/connection_spec.rb +76 -199
data/spec/unit/network/http/handler_spec.rb +33 -34
data/spec/unit/network/http_pool_spec.rb +8 -5
data/spec/unit/node/environment_spec.rb +76 -90
data/spec/unit/node/facts_spec.rb +20 -3
data/spec/unit/node_spec.rb +43 -0
data/spec/unit/parameter/boolean_spec.rb +22 -12
data/spec/unit/parser/ast/resourceparam_spec.rb +51 -0
data/spec/unit/parser/compiler_spec.rb +103 -35
data/spec/unit/parser/eparser_adapter_spec.rb +12 -12
data/spec/unit/parser/files_spec.rb +11 -11
data/spec/unit/parser/functions/contain_spec.rb +185 -0
data/spec/unit/parser/functions/create_resources_spec.rb +13 -5
data/spec/unit/parser/functions/generate_spec.rb +1 -1
data/spec/unit/parser/functions_spec.rb +2 -2
data/spec/unit/parser/lexer_spec.rb +1 -1
data/spec/unit/parser/methods/each_spec.rb +1 -1
data/spec/unit/parser/methods/{select_spec.rb → filter_spec.rb} +11 -11
data/spec/unit/parser/methods/map_spec.rb +95 -0
data/spec/unit/parser/methods/reduce_spec.rb +12 -11
data/spec/unit/parser/methods/shared.rb +5 -5
data/spec/unit/parser/methods/slice_spec.rb +13 -13
data/spec/unit/parser/parser_spec.rb +1 -1
data/spec/unit/parser/resource/param_spec.rb +44 -0
data/spec/unit/parser/resource_spec.rb +16 -15
data/spec/unit/pops/model/ast_transformer_spec.rb +18 -4
data/spec/unit/pops/parser/lexer_spec.rb +22 -5
data/spec/unit/pops/parser/parse_calls_spec.rb +5 -5
data/spec/unit/pops/transformer/transform_calls_spec.rb +6 -6
data/spec/unit/pops/transformer/transform_containers_spec.rb +2 -2
data/spec/unit/pops/validator/validator_spec.rb +31 -0
data/spec/unit/provider/augeas/augeas_spec.rb +57 -2
data/spec/unit/provider/exec/posix_spec.rb +8 -3
data/spec/unit/provider/file/posix_spec.rb +2 -2
data/spec/unit/provider/group/windows_adsi_spec.rb +70 -3
data/spec/unit/provider/nameservice/directoryservice_spec.rb +3 -3
data/spec/unit/provider/package/apt_spec.rb +1 -1
data/spec/unit/provider/package/msi_spec.rb +15 -42
data/spec/unit/provider/package/openbsd_spec.rb +3 -3
data/spec/unit/provider/package/rpm_spec.rb +56 -13
data/spec/unit/provider/package/windows_spec.rb +15 -19
data/spec/unit/provider/service/base_spec.rb +1 -1
data/spec/unit/provider/service/daemontools_spec.rb +18 -8
data/spec/unit/provider/service/freebsd_spec.rb +3 -3
data/spec/unit/provider/service/gentoo_spec.rb +5 -2
data/spec/unit/provider/service/init_spec.rb +17 -17
data/spec/unit/provider/service/launchd_spec.rb +76 -23
data/spec/unit/provider/service/openbsd_spec.rb +125 -0
data/spec/unit/provider/service/openwrt_spec.rb +1 -1
data/spec/unit/provider/service/runit_spec.rb +12 -5
data/spec/unit/provider/service/upstart_spec.rb +4 -4
data/spec/unit/provider/ssh_authorized_key/parsed_spec.rb +5 -5
data/spec/unit/provider/user/directoryservice_spec.rb +4 -4
data/spec/unit/provider/zone/solaris_spec.rb +1 -1
data/spec/unit/provider_spec.rb +2 -2
data/spec/unit/reports/http_spec.rb +19 -34
data/spec/unit/reports/store_spec.rb +2 -2
data/spec/unit/resource/catalog_spec.rb +81 -11
data/spec/unit/resource/status_spec.rb +11 -1
data/spec/unit/resource/type_spec.rb +30 -1
data/spec/unit/resource_spec.rb +40 -4
data/spec/unit/settings/file_setting_spec.rb +2 -2
data/spec/unit/settings/path_setting_spec.rb +2 -2
data/spec/unit/settings/priority_setting_spec.rb +66 -0
data/spec/unit/settings_spec.rb +16 -31
data/spec/unit/ssl/certificate_authority/autosign_command_spec.rb +30 -0
data/spec/unit/ssl/certificate_authority_spec.rb +129 -134
data/spec/unit/ssl/certificate_factory_spec.rb +18 -0
data/spec/unit/ssl/certificate_request_attributes_spec.rb +61 -0
data/spec/unit/ssl/certificate_request_spec.rb +103 -0
data/spec/unit/ssl/certificate_spec.rb +31 -18
data/spec/unit/ssl/host_spec.rb +34 -8
data/spec/unit/ssl/inventory_spec.rb +27 -62
data/spec/unit/ssl/key_spec.rb +4 -4
data/spec/unit/ssl/oids_spec.rb +48 -0
data/spec/unit/ssl/validator_spec.rb +49 -6
data/spec/unit/status_spec.rb +9 -0
data/spec/unit/transaction/event_spec.rb +1 -9
data/spec/unit/transaction/report_spec.rb +20 -1
data/spec/unit/transaction/resource_harness_spec.rb +60 -210
data/spec/unit/transaction_spec.rb +54 -8
data/spec/unit/type/component_spec.rb +2 -2
data/spec/unit/type/exec_spec.rb +14 -7
data/spec/unit/type/file/content_spec.rb +13 -2
data/spec/unit/type/file/ctime_spec.rb +1 -1
data/spec/unit/type/file/mode_spec.rb +48 -2
data/spec/unit/type/file/mtime_spec.rb +1 -1
data/spec/unit/type/file/source_spec.rb +177 -7
data/spec/unit/type/file_spec.rb +63 -71
data/spec/unit/type/group_spec.rb +20 -0
data/spec/unit/type/k5login_spec.rb +3 -3
data/spec/unit/type/mount_spec.rb +53 -0
data/spec/unit/type/nagios_spec.rb +216 -0
data/spec/unit/type/package_spec.rb +7 -1
data/spec/unit/type/schedule_spec.rb +6 -0
data/spec/unit/type/service_spec.rb +3 -3
data/spec/unit/type/tidy_spec.rb +14 -14
data/spec/unit/type/user_spec.rb +9 -0
data/spec/unit/type_spec.rb +86 -4
data/spec/unit/util/adsi_spec.rb +120 -12
data/spec/unit/util/autoload_spec.rb +14 -14
data/spec/unit/util/backups_spec.rb +29 -21
data/spec/unit/util/checksums_spec.rb +2 -1
data/spec/unit/util/command_line_spec.rb +41 -0
data/spec/unit/util/docs_spec.rb +91 -0
data/spec/unit/util/execution_spec.rb +26 -2
data/spec/unit/util/filetype_spec.rb +7 -7
data/spec/unit/util/lockfile_spec.rb +2 -2
data/spec/unit/util/log/destinations_spec.rb +32 -0
data/spec/unit/util/monkey_patches_spec.rb +41 -0
data/spec/unit/util/pidlock_spec.rb +6 -6
data/spec/unit/util/rdoc/parser_spec.rb +15 -13
data/spec/unit/util/rdoc_spec.rb +18 -24
data/spec/unit/util/resource_template_spec.rb +3 -3
data/spec/unit/util/selinux_spec.rb +4 -2
data/spec/unit/util/storage_spec.rb +4 -4
data/spec/unit/util/suidmanager_spec.rb +7 -0
data/spec/unit/util/tag_set_spec.rb +46 -0
data/spec/unit/util/tagging_spec.rb +82 -45
data/spec/unit/util/watcher_spec.rb +4 -1
data/spec/unit/util/windows/access_control_entry_spec.rb +67 -0
data/spec/unit/util/windows/access_control_list_spec.rb +133 -0
data/spec/unit/util/windows/root_certs_spec.rb +10 -8
data/spec/unit/util/windows/security_descriptor_spec.rb +117 -0
data/spec/unit/util/windows/sid_spec.rb +69 -0
data/spec/unit/util_spec.rb +7 -7
data/tasks/ci.rake +17 -36
metadata +2811 -2746
checksums.yaml +0 -7
data/examples/mac_automount.pp +0 -16
data/examples/mcx_dock_absent.pp +0 -4
data/examples/mcx_dock_default.pp +0 -118
data/examples/mcx_dock_full.pp +0 -125
data/examples/mcx_dock_invalid.pp +0 -9
data/examples/mcx_nogroup.pp +0 -118
data/examples/mcx_notexists_absent.pp +0 -4
data/ext/rack/README +0 -58
data/ext/rack/manifest.pp +0 -59
data/lib/puppet/external/lock.rb +0 -63
data/lib/puppet/indirector/hiera.rb +0 -39
data/lib/puppet/parser/functions/foreach.rb +0 -95
data/spec/integration/network/server/webrick_spec.rb +0 -76
data/spec/integration/parser/functions_spec.rb +0 -16
data/spec/unit/indirector/hiera_spec.rb +0 -154
data/spec/unit/parser/methods/collect_spec.rb +0 -153
data/spec/unit/parser/methods/foreach_spec.rb +0 -91
data/spec/unit/parser/methods/reject_spec.rb +0 -73
data/spec/unit/resource/resource_type.json +0 -34

data/lib/puppet/settings/priority_setting.rb ADDED

@@ -0,0 +1,42 @@
+require 'puppet/settings/base_setting'
+# A setting that represents a scheduling priority, and evaluates to an
+# OS-specific priority level.
+class Puppet::Settings::PrioritySetting < Puppet::Settings::BaseSetting
+  PRIORITY_MAP =
+    if Puppet::Util::Platform.windows?
+      require 'win32/process'
+      {
+        :high    => Process::HIGH_PRIORITY_CLASS,
+        :normal  => Process::NORMAL_PRIORITY_CLASS,
+        :low     => Process::BELOW_NORMAL_PRIORITY_CLASS,
+        :idle    => Process::IDLE_PRIORITY_CLASS
+      }
+    else
+      {
+        :high    => -10,
+        :normal  => 0,
+        :low     => 10,
+        :idle    => 19
+      }
+    end
+  def type
+    :priority
+  end
+  def munge(value)
+    return unless value
+    case
+    when value.is_a?(Integer)
+      value
+    when (value.is_a?(String) and value =~ /\d+/)
+      value.to_i
+    when (value.is_a?(String) and PRIORITY_MAP[value.to_sym])
+      PRIORITY_MAP[value.to_sym]
+    else
+      raise Puppet::Settings::ValidationError, "Invalid priority format '#{value.inspect}' for parameter: #{@name}"
+    end
+  end
+end

data/lib/puppet/ssl.rb CHANGED

@@ -5,4 +5,8 @@ require 'openssl'
 module Puppet::SSL # :nodoc:
   CA_NAME = "ca"
   require 'puppet/ssl/host'
+  require 'puppet/ssl/oids'
+  require 'puppet/ssl/validator'
+  require 'puppet/ssl/validator/no_validator'
+  require 'puppet/ssl/validator/default_validator'
 end

data/lib/puppet/ssl/certificate.rb CHANGED

@@ -44,4 +44,22 @@ DOC
   def unmunged_name
     self.class.name_from_subject(content.subject)
   end
+  # Any extensions registered with custom OIDs as defined in module
+  # Puppet::SSL::Oids may be looked up here.
+  #
+  # A cert with a 'pp_uuid' extension having the value 'abcd' would return:
+  #
+  # [{ 'oid' => 'pp_uuid', 'value' => 'abcd'}]
+  #
+  # @return [Array<Hash{String => String}>] An array of two element hashes,
+  # with key/value pairs for the extension's oid, and its value.
+  def custom_extensions
+    custom_exts = content.extensions.select do |ext|
+      Puppet::SSL::Oids.subtree_of?('ppRegCertExt', ext.oid) or
+        Puppet::SSL::Oids.subtree_of?('ppPrivCertExt', ext.oid)
+    end
+    custom_exts.map { |ext| {'oid' => ext.oid, 'value' => ext.value} }
+  end
 end

data/lib/puppet/ssl/certificate_authority.rb CHANGED

@@ -1,4 +1,3 @@
-require 'monitor'
 require 'puppet/ssl/host'
 require 'puppet/ssl/certificate_request'
 require 'puppet/ssl/certificate_signer'
@@ -26,10 +25,9 @@ class Puppet::SSL::CertificateAuthority
   require 'puppet/ssl/inventory'
   require 'puppet/ssl/certificate_revocation_list'
   require 'puppet/ssl/certificate_authority/interface'
+  require 'puppet/ssl/certificate_authority/autosign_command'
   require 'puppet/network/authstore'
-  extend MonitorMixin
   class CertificateVerificationError < RuntimeError
     attr_accessor :error_code
@@ -39,9 +37,7 @@ class Puppet::SSL::CertificateAuthority
   end
   def self.singleton_instance
-    synchronize do
-      @singleton_instance ||= new
-    end
+    @singleton_instance ||= new
   end
   class CertificateSigningError < RuntimeError
@@ -53,67 +49,56 @@ class Puppet::SSL::CertificateAuthority
   end
   def self.ca?
-    return false unless Puppet[:ca]
-    return false unless Puppet.run_mode.master?
-    true
+    # running as ca? - ensure boolean answer
+    !!(Puppet[:ca] && Puppet.run_mode.master?)
   end
-  # If this process can function as a CA, then return a singleton
-  # instance.
+  # If this process can function as a CA, then return a singleton instance.
   def self.instance
-    return nil unless ca?
-    singleton_instance
+    ca? ? singleton_instance : nil
   end
   attr_reader :name, :host
-  # Create and run an applicator.  I wanted to build an interface where you could do
-  # something like 'ca.apply(:generate).to(:all) but I don't think it's really possible.
-  def apply(method, options)
-    raise ArgumentError, "You must specify the hosts to apply to; valid values are an array or the symbol :all" unless options[:to]
-    applier = Interface.new(method, options)
-    applier.apply(self)
-  end
-  # If autosign is configured, then autosign all CSRs that match our configuration.
-  def autosign
-    return unless auto = autosign?
-    store = nil
-    store = autosign_store(auto) if auto != true
-    Puppet::SSL::CertificateRequest.indirection.search("*").each do |csr|
-      if auto == true or store.allowed?(csr.name, "127.1.1.1")
-        Puppet.info "Autosigning #{csr.name}"
-        sign(csr.name)
-      end
+  # If autosign is configured, autosign the csr we are passed.
+  # @param csr [Puppet::SSL::CertificateRequest] The csr to sign.
+  # @return [Void]
+  # @api private
+  def autosign(csr)
+    if autosign?(csr)
+      Puppet.info "Autosigning #{csr.name}"
+      sign(csr.name)
     end
   end
-  # Do we autosign?  This returns true, false, or a filename.
-  def autosign?
+  # Determine if a CSR can be autosigned by the autosign store or autosign command
+  #
+  # @param csr [Puppet::SSL::CertificateRequest] The CSR to check
+  # @return [true, false]
+  # @api private
+  def autosign?(csr)
     auto = Puppet[:autosign]
-    return false if ['false', false].include?(auto)
-    return true if ['true', true].include?(auto)
-    raise ArgumentError, "The autosign configuration '#{auto}' must be a fully qualified file" unless Puppet::Util.absolute_path?(auto)
-    FileTest.exist?(auto) && auto
-  end
-  # Create an AuthStore for autosigning.
-  def autosign_store(file)
-    auth = Puppet::Network::AuthStore.new
-    File.readlines(file).each do |line|
-      next if line =~ /^\s*#/
-      next if line =~ /^\s*$/
-      auth.allow(line.chomp)
-    end
+    decider = case auto
+      when 'false', false, nil
+        AutosignNever.new
+      when 'true', true
+        AutosignAlways.new
+      else
+        file = Puppet::FileSystem::File.new(auto)
+        if file.executable?
+          Puppet::SSL::CertificateAuthority::AutosignCommand.new(auto)
+        elsif file.exist?
+          AutosignConfig.new(file)
+        else
+          AutosignNever.new
+        end
+      end
-    auth
+    decider.allowed?(csr)
   end
-  # Retrieve (or create, if necessary) the certificate revocation list.
+  # Retrieves (or creates, if necessary) the certificate revocation list.
   def crl
     unless defined?(@crl)
       unless @crl = Puppet::SSL::CertificateRevocationList.indirection.find(Puppet::SSL::CA_NAME)
@@ -125,12 +110,12 @@ class Puppet::SSL::CertificateAuthority
     @crl
   end
-  # Delegate this to our Host class.
+  # Delegates this to our Host class.
   def destroy(name)
     Puppet::SSL::Host.destroy(name)
   end
-  # Generate a new certificate.
+  # Generates a new certificate.
   # @return Puppet::SSL::Certificate
   def generate(name, options = {})
     raise ArgumentError, "A Certificate already exists for #{name}" if Puppet::SSL::Certificate.indirection.find(name)
@@ -187,7 +172,7 @@ class Puppet::SSL::CertificateAuthority
     20.times { pass += (rand(74) + 48).chr }
     begin
-      Puppet.settings.write(:capass) { |f| f.print pass }
+      Puppet.settings.setting(:capass).open('w') { |f| f.print pass }
     rescue Errno::EACCES => detail
       raise Puppet::Error, "Could not write CA password: #{detail}"
     end
@@ -222,26 +207,27 @@ class Puppet::SSL::CertificateAuthority
   # Read the next serial from the serial file, and increment the
   # file so this one is considered used.
   def next_serial
-    serial = nil
-    # This is slightly odd.  If the file doesn't exist, our readwritelock creates
-    # it, but with a mode we can't actually read in some cases.  So, use
-    # a default before the lock.
-    serial = 0x1 unless FileTest.exist?(Puppet[:serial])
+    serial = 1
+    Puppet.settings.setting(:serial).exclusive_open('a+') do |f|
+      f.rewind
+      serial = f.read.chomp.hex
+      if serial == 0
+        serial = 1
+      end
-    Puppet.settings.readwritelock(:serial) { |f|
-      serial ||= File.read(Puppet.settings[:serial]).chomp.hex if FileTest.exist?(Puppet[:serial])
+      f.truncate(0)
+      f.rewind
       # We store the next valid serial, not the one we just used.
       f << "%04X" % (serial + 1)
-    }
+    end
     serial
   end
   # Does the password file exist?
   def password?
-    FileTest.exist? Puppet[:capass]
+    Puppet::FileSystem::File.exist? Puppet[:capass]
   end
   # Print a given host's certificate as text.
@@ -323,8 +309,11 @@ class Puppet::SSL::CertificateAuthority
   def check_internal_signing_policies(hostname, csr, allow_dns_alt_names)
     # Reject unknown request extensions.
-    unknown_req = csr.request_extensions.
-      reject {|x| RequestExtensionWhitelist.include? x["oid"] }
+    unknown_req = csr.request_extensions.reject do |x|
+      RequestExtensionWhitelist.include? x["oid"] or
+        Puppet::SSL::Oids.subtree_of?('ppRegCertExt', x["oid"], true) or
+        Puppet::SSL::Oids.subtree_of?('ppPrivCertExt', x["oid"], true)
+    end
     if unknown_req and not unknown_req.empty?
       names = unknown_req.map {|x| x["oid"] }.sort.uniq.join(", ")
@@ -393,7 +382,7 @@ class Puppet::SSL::CertificateAuthority
   #
   # @return [OpenSSL::X509::Store]
   def x509_store(options = {})
-    if (options[:cache])
+    if (options[:cache])
       return @x509store unless @x509store.nil?
       @x509store = create_x509_store
     else
@@ -407,11 +396,13 @@ class Puppet::SSL::CertificateAuthority
   #
   # @return [OpenSSL::X509::Store]
   def create_x509_store
-    store = OpenSSL::X509::Store.new
-    store.add_file Puppet[:cacert]
-    store.add_crl crl.content if self.crl
+    store = OpenSSL::X509::Store.new()
+    store.add_file(Puppet[:cacert])
+    store.add_crl(crl.content) if self.crl
     store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT
-    store.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL|OpenSSL::X509::V_FLAG_CRL_CHECK if Puppet.settings[:certificate_revocation]
+    if Puppet.settings[:certificate_revocation]
+      store.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL | OpenSSL::X509::V_FLAG_CRL_CHECK
+    end
     store
   end
   private :create_x509_store
@@ -472,4 +463,42 @@ class Puppet::SSL::CertificateAuthority
   def waiting?
     Puppet::SSL::CertificateRequest.indirection.search("*").collect { |r| r.name }
   end
+  # @api private
+  class AutosignAlways
+    def allowed?(csr)
+      true
+    end
+  end
+  # @api private
+  class AutosignNever
+    def allowed?(csr)
+      false
+    end
+  end
+  # @api private
+  class AutosignConfig
+    def initialize(config_file)
+      @config = config_file
+    end
+    def allowed?(csr)
+      autosign_store.allowed?(csr.name, '127.1.1.1')
+    end
+    private
+    def autosign_store
+      auth = Puppet::Network::AuthStore.new
+      @config.each_line do |line|
+        next if line =~ /^\s*#/
+        next if line =~ /^\s*$/
+        auth.allow(line.chomp)
+      end
+      auth
+    end
+  end
 end

data/lib/puppet/ssl/certificate_authority/autosign_command.rb ADDED

@@ -0,0 +1,44 @@
+require 'puppet/ssl/certificate_authority'
+# This class wraps a given command and invokes it with a CSR name and body to
+# determine if the given CSR should be autosigned
+#
+# @api private
+class Puppet::SSL::CertificateAuthority::AutosignCommand
+  class CheckFailure < Puppet::Error; end
+  def initialize(path)
+    @path = path
+  end
+  # Run the autosign command with the given CSR name as an argument and the
+  # CSR body on stdin.
+  #
+  # @param name [String] The CSR name to check for autosigning
+  # @return [true, false] If the CSR should be autosigned
+  def allowed?(csr)
+    name = csr.name
+    cmd = [@path, name]
+    output = Puppet::FileSystem::Tempfile.open('puppet-csr') do |csr_file|
+      csr_file.write(csr.to_s)
+      csr_file.flush
+      execute_options = {:stdinfile => csr_file.path, :combine => true, :failonfail => false}
+      Puppet::Util::Execution.execute(cmd, execute_options)
+    end
+    output.chomp!
+    Puppet.debug "Autosign command '#{@path}' exit status: #{output.exitstatus}"
+    Puppet.debug "Autosign command '#{@path}' output: #{output}"
+    case output.exitstatus
+    when 0
+      true
+    else
+      false
+    end
+  end
+end

data/lib/puppet/ssl/certificate_authority/interface.rb CHANGED

@@ -4,7 +4,9 @@ module Puppet
       # This class is basically a hidden class that knows how to act on the
       # CA.  Its job is to provide a CLI-like interface to the CA class.
       class Interface
-        INTERFACE_METHODS = [:destroy, :list, :revoke, :generate, :sign, :print, :verify, :fingerprint]
+        INTERFACE_METHODS = [:destroy, :list, :revoke, :generate, :sign, :print, :verify, :fingerprint, :reinventory]
+        SUBJECTLESS_METHODS = [:list, :reinventory]
         class InterfaceError < ArgumentError; end
@@ -12,14 +14,17 @@ module Puppet
         # Actually perform the work.
         def apply(ca)
-          unless subjects or method == :list
+          unless subjects || SUBJECTLESS_METHODS.include?(method)
             raise ArgumentError, "You must provide hosts or --all when using #{method}"
           end
-          return send(method, ca) if respond_to?(method)
-          (subjects == :all ? ca.list : subjects).each do |host|
-            ca.send(method, host)
+          # if the interface implements the method, use it instead of the ca's method
+          if respond_to?(method)
+            send(method, ca)
+          else
+            (subjects == :all ? ca.list : subjects).each do |host|
+              ca.send(method, host)
+            end
           end
         end
@@ -66,14 +71,11 @@ module Puppet
             end
             if verify_error
-              cert = Puppet::SSL::Certificate.indirection.find(host)
-              certs[:invalid][host] = [cert, verify_error]
+              certs[:invalid][host] = [ Puppet::SSL::Certificate.indirection.find(host), verify_error ]
             elsif signed.include?(host)
-              cert = Puppet::SSL::Certificate.indirection.find(host)
-              certs[:signed][host] = cert
+              certs[:signed][host]  = Puppet::SSL::Certificate.indirection.find(host)
             else
-              req = Puppet::SSL::CertificateRequest.indirection.find(host)
-              certs[:request][host] = req
+              certs[:request][host] = Puppet::SSL::CertificateRequest.indirection.find(host)
             end
           end
@@ -147,7 +149,7 @@ module Puppet
           end
         end
-        # Sign a given certificate.
+        # Signs given certificates or waiting of subjects == :all
         def sign(ca)
           list = subjects == :all ? ca.waiting? : subjects
           raise InterfaceError, "No waiting certificate requests to sign" if list.empty?
@@ -156,15 +158,17 @@ module Puppet
           end
         end
+        def reinventory(ca)
+          ca.inventory.rebuild
+        end
         # Set the list of hosts we're operating on.  Also supports keywords.
         def subjects=(value)
-          unless value == :all or value == :signed or value.is_a?(Array)
+          unless value == :all || value == :signed || value.is_a?(Array)
             raise ArgumentError, "Subjects must be an array or :all; not #{value}"
           end
-          value = nil if value.is_a?(Array) and value.empty?
-          @subjects = value
+          @subjects = (value == []) ? nil : value
         end
       end
     end