RubyGems - puppet - Versions diffs - 3.3.2 → 3.4.0.rc1 - Mend

puppet 3.3.2 → 3.4.0.rc1

Potentially problematic release.

This version of puppet might be problematic. Click here for more details.

Files changed (589) hide show

data/CONTRIBUTING.md +22 -0
data/Gemfile +11 -2
data/README.md +13 -17
data/README_DEVELOPER.md +1 -1
data/Rakefile +1 -1
data/examples/hiera/README.md +4 -4
data/ext/debian/puppetmaster.init +1 -0
data/ext/debian/rules +2 -5
data/ext/nagios/check_puppet.rb +7 -7
data/ext/osx/file_mapping.yaml +1 -1
data/ext/osx/preflight.erb +34 -19
data/ext/rack/{files/config.ru → config.ru} +0 -0
data/ext/rack/{files/apache2.conf → example-passenger-vhost.conf} +6 -0
data/ext/redhat/puppet.spec.erb +20 -2
data/ext/systemd/{puppetagent.service → puppet.service} +0 -0
data/lib/hiera_puppet.rb +2 -2
data/lib/puppet/agent.rb +1 -6
data/lib/puppet/application.rb +15 -2
data/lib/puppet/application/agent.rb +2 -7
data/lib/puppet/application/apply.rb +8 -13
data/lib/puppet/application/cert.rb +47 -7
data/lib/puppet/application/device.rb +1 -6
data/lib/puppet/application/face_base.rb +1 -1
data/lib/puppet/application/filebucket.rb +1 -1
data/lib/puppet/application/inspect.rb +3 -12
data/lib/puppet/application/master.rb +1 -6
data/lib/puppet/application/queue.rb +1 -6
data/lib/puppet/application/resource.rb +2 -6
data/lib/puppet/coercion.rb +11 -0
data/lib/puppet/configurer.rb +5 -3
data/lib/puppet/configurer/downloader.rb +3 -1
data/lib/puppet/configurer/plugin_handler.rb +10 -0
data/lib/puppet/confine.rb +80 -0
data/lib/puppet/{provider/confine → confine}/exists.rb +3 -3
data/lib/puppet/{provider/confine → confine}/false.rb +2 -2
data/lib/puppet/{provider/confine → confine}/feature.rb +2 -2
data/lib/puppet/{provider/confine → confine}/true.rb +2 -2
data/lib/puppet/{provider/confine → confine}/variable.rb +2 -2
data/lib/puppet/{provider/confine_collection.rb → confine_collection.rb} +4 -4
data/lib/puppet/{provider/confiner.rb → confiner.rb} +4 -4
data/lib/puppet/daemon.rb +2 -6
data/lib/puppet/data_binding.rb +2 -30
data/lib/puppet/defaults.rb +283 -174
data/lib/puppet/error.rb +1 -0
data/lib/puppet/external/nagios.rb +0 -2
data/lib/puppet/external/nagios/base.rb +4 -3
data/lib/puppet/external/nagios/grammar.ry +173 -112
data/lib/puppet/external/nagios/parser.rb +233 -184
data/lib/puppet/face/file/store.rb +1 -1
data/lib/puppet/face/module/generate.rb +5 -7
data/lib/puppet/face/parser.rb +12 -2
data/lib/puppet/face/plugin.rb +6 -0
data/lib/puppet/feature/base.rb +16 -0
data/lib/puppet/feature/external_facts.rb +5 -0
data/lib/puppet/feature/libuser.rb +1 -1
data/lib/puppet/feature/msgpack.rb +1 -0
data/lib/puppet/feature/rails.rb +2 -2
data/lib/puppet/file_bucket/dipper.rb +8 -6
data/lib/puppet/file_bucket/file.rb +17 -1
data/lib/puppet/file_serving/base.rb +21 -10
data/lib/puppet/file_serving/configuration.rb +5 -7
data/lib/puppet/file_serving/configuration/parser.rb +1 -1
data/lib/puppet/file_serving/content.rb +1 -1
data/lib/puppet/file_serving/fileset.rb +3 -3
data/lib/puppet/file_serving/metadata.rb +22 -18
data/lib/puppet/file_serving/mount/file.rb +1 -1
data/lib/puppet/file_serving/mount/pluginfacts.rb +35 -0
data/lib/puppet/file_system.rb +3 -0
data/lib/puppet/file_system/file.rb +261 -0
data/lib/puppet/file_system/file18.rb +5 -0
data/lib/puppet/file_system/file19.rb +5 -0
data/lib/puppet/file_system/file19windows.rb +113 -0
data/lib/puppet/file_system/memory_file.rb +31 -0
data/lib/puppet/file_system/tempfile.rb +20 -0
data/lib/puppet/indirector/active_record.rb +1 -0
data/lib/puppet/indirector/catalog/compiler.rb +28 -0
data/lib/puppet/indirector/certificate_request/memory.rb +6 -0
data/lib/puppet/indirector/data_binding/hiera.rb +46 -2
data/lib/puppet/indirector/direct_file_server.rb +2 -2
data/lib/puppet/indirector/facts/facter.rb +25 -0
data/lib/puppet/indirector/file_bucket_file/file.rb +60 -74
data/lib/puppet/indirector/indirection.rb +5 -1
data/lib/puppet/indirector/json.rb +1 -1
data/lib/puppet/indirector/key/ca.rb +4 -0
data/lib/puppet/indirector/key/file.rb +7 -3
data/lib/puppet/indirector/key/memory.rb +6 -0
data/lib/puppet/indirector/node/write_only_yaml.rb +2 -2
data/lib/puppet/indirector/request.rb +17 -11
data/lib/puppet/indirector/resource/ral.rb +5 -0
data/lib/puppet/indirector/resource/rest.rb +1 -0
data/lib/puppet/indirector/resource/store_configs.rb +4 -0
data/lib/puppet/indirector/rest.rb +2 -1
data/lib/puppet/indirector/ssl_file.rb +7 -7
data/lib/puppet/indirector/terminus.rb +4 -0
data/lib/puppet/indirector/yaml.rb +3 -3
data/lib/puppet/interface/documentation.rb +4 -11
data/lib/puppet/module.rb +19 -6
data/lib/puppet/module_tool/applications/builder.rb +1 -1
data/lib/puppet/module_tool/applications/installer.rb +1 -1
data/lib/puppet/module_tool/checksums.rb +1 -1
data/lib/puppet/module_tool/dependency.rb +7 -3
data/lib/puppet/module_tool/metadata.rb +6 -2
data/lib/puppet/module_tool/tar.rb +2 -1
data/lib/puppet/module_tool/tar/gnu.rb +6 -2
data/lib/puppet/module_tool/tar/mini.rb +2 -0
data/lib/puppet/module_tool/tar/solaris.rb +2 -5
data/lib/puppet/network/authconfig.rb +0 -2
data/lib/puppet/network/authentication.rb +1 -1
data/lib/puppet/network/authstore.rb +6 -7
data/lib/puppet/network/format.rb +2 -3
data/lib/puppet/network/format_handler.rb +16 -11
data/lib/puppet/network/format_support.rb +14 -0
data/lib/puppet/network/formats.rb +26 -0
data/lib/puppet/network/http/connection.rb +8 -41
data/lib/puppet/network/http/handler.rb +28 -32
data/lib/puppet/network/http/webrick.rb +15 -22
data/lib/puppet/network/http_pool.rb +43 -9
data/lib/puppet/network/rights.rb +0 -0
data/lib/puppet/node.rb +24 -8
data/lib/puppet/node/environment.rb +18 -20
data/lib/puppet/node/facts.rb +23 -6
data/lib/puppet/parameter.rb +15 -2
data/lib/puppet/parameter/boolean.rb +5 -0
data/lib/puppet/parameter/value_collection.rb +6 -4
data/lib/puppet/parser/ast/resourceparam.rb +2 -1
data/lib/puppet/parser/compiler.rb +25 -9
data/lib/puppet/parser/files.rb +1 -1
data/lib/puppet/parser/functions.rb +12 -21
data/lib/puppet/parser/functions/collect.rb +6 -35
data/lib/puppet/parser/functions/contain.rb +26 -0
data/lib/puppet/parser/functions/create_resources.rb +5 -0
data/lib/puppet/parser/functions/extlookup.rb +2 -2
data/lib/puppet/parser/functions/file.rb +1 -1
data/lib/puppet/parser/functions/{reject.rb → filter.rb} +13 -12
data/lib/puppet/parser/functions/fqdn_rand.rb +13 -5
data/lib/puppet/parser/functions/include.rb +18 -1
data/lib/puppet/parser/functions/map.rb +44 -0
data/lib/puppet/parser/functions/select.rb +6 -38
data/lib/puppet/parser/lexer.rb +1 -1
data/lib/puppet/parser/parser_support.rb +1 -1
data/lib/puppet/parser/resource.rb +6 -45
data/lib/puppet/parser/scope.rb +33 -2
data/lib/puppet/parser/type_loader.rb +4 -60
data/lib/puppet/pops/binder/bindings_loader.rb +1 -1
data/lib/puppet/pops/binder/config/binder_config.rb +3 -3
data/lib/puppet/pops/binder/hiera2/bindings_provider.rb +1 -1
data/lib/puppet/pops/binder/scheme_handler/confdir_hiera_scheme.rb +1 -1
data/lib/puppet/pops/binder/scheme_handler/module_hiera_scheme.rb +2 -2
data/lib/puppet/pops/issues.rb +4 -0
data/lib/puppet/pops/model/ast_transformer.rb +4 -1
data/lib/puppet/pops/model/model_label_provider.rb +1 -1
data/lib/puppet/pops/parser/egrammar.ra +5 -24
data/lib/puppet/pops/parser/eparser.rb +859 -902
data/lib/puppet/pops/parser/lexer.rb +48 -30
data/lib/puppet/pops/parser/parser_support.rb +1 -1
data/lib/puppet/pops/patterns.rb +4 -4
data/lib/puppet/pops/utils.rb +1 -1
data/lib/puppet/pops/validation/checker3_1.rb +25 -20
data/lib/puppet/provider.rb +23 -6
data/lib/puppet/provider/aixobject.rb +0 -0
data/lib/puppet/provider/augeas/augeas.rb +21 -5
data/lib/puppet/provider/confine.rb +5 -79
data/lib/puppet/provider/cron/crontab.rb +0 -0
data/lib/puppet/provider/exec.rb +9 -7
data/lib/puppet/provider/exec/posix.rb +10 -1
data/lib/puppet/provider/exec/windows.rb +1 -1
data/lib/puppet/provider/file/posix.rb +1 -0
data/lib/puppet/provider/file/windows.rb +16 -5
data/lib/puppet/provider/group/aix.rb +0 -0
data/lib/puppet/provider/group/windows_adsi.rb +33 -1
data/lib/puppet/provider/macauthorization/macauthorization.rb +1 -1
data/lib/puppet/provider/mailalias/aliases.rb +0 -0
data/lib/puppet/provider/maillist/mailman.rb +0 -0
data/lib/puppet/provider/mount/parsed.rb +0 -0
data/lib/puppet/provider/nameservice/directoryservice.rb +3 -3
data/lib/puppet/provider/package/appdmg.rb +1 -1
data/lib/puppet/provider/package/apple.rb +1 -1
data/lib/puppet/provider/package/apt.rb +1 -1
data/lib/puppet/provider/package/aptitude.rb +0 -0
data/lib/puppet/provider/package/blastwave.rb +1 -1
data/lib/puppet/provider/package/dpkg.rb +1 -1
data/lib/puppet/provider/package/fink.rb +1 -1
data/lib/puppet/provider/package/freebsd.rb +0 -0
data/lib/puppet/provider/package/gem.rb +0 -0
data/lib/puppet/provider/package/macports.rb +0 -0
data/lib/puppet/provider/package/msi.rb +4 -10
data/lib/puppet/provider/package/nim.rb +8 -8
data/lib/puppet/provider/package/openbsd.rb +1 -1
data/lib/puppet/provider/package/opkg.rb +0 -0
data/lib/puppet/provider/package/pacman.rb +2 -2
data/lib/puppet/provider/package/pkgdmg.rb +1 -1
data/lib/puppet/provider/package/pkgutil.rb +1 -1
data/lib/puppet/provider/package/ports.rb +0 -0
data/lib/puppet/provider/package/rpm.rb +39 -3
data/lib/puppet/provider/package/sun.rb +3 -3
data/lib/puppet/provider/package/sunfreeware.rb +0 -0
data/lib/puppet/provider/package/windows.rb +12 -19
data/lib/puppet/provider/package/windows/package.rb +1 -1
data/lib/puppet/provider/package/yum.rb +2 -2
data/lib/puppet/provider/parsedfile.rb +0 -0
data/lib/puppet/provider/port/parsed.rb +0 -0
data/lib/puppet/provider/service/base.rb +0 -0
data/lib/puppet/provider/service/bsd.rb +3 -3
data/lib/puppet/provider/service/daemontools.rb +8 -8
data/lib/puppet/provider/service/debian.rb +0 -0
data/lib/puppet/provider/service/freebsd.rb +3 -3
data/lib/puppet/provider/service/init.rb +5 -4
data/lib/puppet/provider/service/launchd.rb +35 -24
data/lib/puppet/provider/service/openbsd.rb +23 -0
data/lib/puppet/provider/service/redhat.rb +0 -0
data/lib/puppet/provider/service/runit.rb +3 -3
data/lib/puppet/provider/service/smf.rb +0 -0
data/lib/puppet/provider/service/src.rb +0 -0
data/lib/puppet/provider/service/systemd.rb +0 -0
data/lib/puppet/provider/service/upstart.rb +3 -3
data/lib/puppet/provider/ssh_authorized_key/parsed.rb +2 -2
data/lib/puppet/provider/sshkey/parsed.rb +0 -0
data/lib/puppet/provider/user/aix.rb +0 -0
data/lib/puppet/provider/user/directoryservice.rb +1 -1
data/lib/puppet/provider/user/useradd.rb +1 -1
data/lib/puppet/provider/zone/solaris.rb +1 -1
data/lib/puppet/rails/benchmark.rb +1 -1
data/lib/puppet/reference/configuration.rb +1 -2
data/lib/puppet/reference/indirection.rb +12 -14
data/lib/puppet/relationship.rb +7 -4
data/lib/puppet/reports.rb +2 -2
data/lib/puppet/reports/rrdgraph.rb +1 -1
data/lib/puppet/reports/store.rb +3 -3
data/lib/puppet/reports/tagmail.rb +2 -2
data/lib/puppet/resource.rb +66 -8
data/lib/puppet/resource/catalog.rb +18 -25
data/lib/puppet/resource/status.rb +10 -4
data/lib/puppet/run.rb +6 -2
data/lib/puppet/settings.rb +39 -119
data/lib/puppet/settings/base_setting.rb +8 -9
data/lib/puppet/settings/directory_setting.rb +8 -0
data/lib/puppet/settings/file_setting.rb +35 -1
data/lib/puppet/settings/priority_setting.rb +42 -0
data/lib/puppet/ssl.rb +4 -0
data/lib/puppet/ssl/certificate.rb +18 -0
data/lib/puppet/ssl/certificate_authority.rb +101 -72
data/lib/puppet/ssl/certificate_authority/autosign_command.rb +44 -0
data/lib/puppet/ssl/certificate_authority/interface.rb +21 -17
data/lib/puppet/ssl/certificate_factory.rb +38 -12
data/lib/puppet/ssl/certificate_request.rb +201 -47
data/lib/puppet/ssl/certificate_request_attributes.rb +34 -0
data/lib/puppet/ssl/certificate_revocation_list.rb +2 -2
data/lib/puppet/ssl/host.rb +21 -10
data/lib/puppet/ssl/inventory.rb +6 -10
data/lib/puppet/ssl/key.rb +1 -1
data/lib/puppet/ssl/oids.rb +78 -0
data/lib/puppet/ssl/validator.rb +41 -97
data/lib/puppet/ssl/validator/default_validator.rb +153 -0
data/lib/puppet/ssl/validator/no_validator.rb +17 -0
data/lib/puppet/status.rb +4 -0
data/lib/puppet/test/test_helper.rb +5 -0
data/lib/puppet/transaction.rb +13 -0
data/lib/puppet/transaction/event.rb +8 -3
data/lib/puppet/transaction/report.rb +6 -2
data/lib/puppet/transaction/resource_harness.rb +173 -115
data/lib/puppet/type.rb +30 -13
data/lib/puppet/type/augeas.rb +12 -46
data/lib/puppet/type/component.rb +1 -7
data/lib/puppet/type/cron.rb +0 -0
data/lib/puppet/type/exec.rb +13 -1
data/lib/puppet/type/file.rb +19 -10
data/lib/puppet/type/file/checksum.rb +0 -0
data/lib/puppet/type/file/content.rb +3 -0
data/lib/puppet/type/file/ensure.rb +33 -15
data/lib/puppet/type/file/group.rb +0 -0
data/lib/puppet/type/file/mode.rb +6 -2
data/lib/puppet/type/file/owner.rb +0 -0
data/lib/puppet/type/file/source.rb +65 -14
data/lib/puppet/type/file/target.rb +6 -6
data/lib/puppet/type/file/type.rb +0 -0
data/lib/puppet/type/filebucket.rb +0 -0
data/lib/puppet/type/group.rb +18 -0
data/lib/puppet/type/host.rb +0 -0
data/lib/puppet/type/k5login.rb +4 -4
data/lib/puppet/type/mailalias.rb +0 -0
data/lib/puppet/type/maillist.rb +0 -0
data/lib/puppet/type/mount.rb +15 -1
data/lib/puppet/type/package.rb +7 -1
data/lib/puppet/type/port.rb +0 -0
data/lib/puppet/type/schedule.rb +9 -4
data/lib/puppet/type/service.rb +1 -1
data/lib/puppet/type/sshkey.rb +0 -0
data/lib/puppet/type/tidy.rb +1 -1
data/lib/puppet/type/user.rb +3 -0
data/lib/puppet/type/yumrepo.rb +8 -6
data/lib/puppet/type/zpool.rb +0 -0
data/lib/puppet/util.rb +4 -31
data/lib/puppet/util/adsi.rb +73 -17
data/lib/puppet/util/autoload.rb +3 -3
data/lib/puppet/util/backups.rb +4 -4
data/lib/puppet/util/cacher.rb +7 -13
data/lib/puppet/util/checksums.rb +2 -2
data/lib/puppet/util/classgen.rb +3 -1
data/lib/puppet/util/colors.rb +1 -0
data/lib/puppet/util/command_line.rb +5 -0
data/lib/puppet/util/docs.rb +33 -27
data/lib/puppet/util/execution.rb +42 -18
data/lib/puppet/util/filetype.rb +3 -3
data/lib/puppet/util/instance_loader.rb +2 -2
data/lib/puppet/util/instrumentation.rb +23 -42
data/lib/puppet/util/instrumentation/data.rb +11 -4
data/lib/puppet/util/instrumentation/indirection_probe.rb +11 -4
data/lib/puppet/util/instrumentation/instrumentable.rb +7 -14
data/lib/puppet/util/instrumentation/listener.rb +15 -8
data/lib/puppet/util/instrumentation/listeners/log.rb +4 -10
data/lib/puppet/util/instrumentation/listeners/performance.rb +8 -14
data/lib/puppet/util/limits.rb +12 -0
data/lib/puppet/util/lockfile.rb +2 -2
data/lib/puppet/util/log.rb +14 -6
data/lib/puppet/util/log/destinations.rb +23 -1
data/lib/puppet/util/metric.rb +9 -3
data/lib/puppet/util/monkey_patches.rb +7 -2
data/lib/puppet/util/network_device/config.rb +1 -1
data/lib/puppet/util/plugins.rb +1 -1
data/lib/puppet/util/posix.rb +0 -0
data/lib/puppet/util/profiler.rb +7 -2
data/lib/puppet/util/provider_features.rb +2 -2
data/lib/puppet/util/rdoc.rb +28 -30
data/lib/puppet/util/rdoc/code_objects.rb +75 -25
data/lib/puppet/util/rdoc/generators/puppet_generator.rb +1 -1
data/lib/puppet/util/rdoc/parser.rb +12 -487
data/lib/puppet/util/rdoc/parser/puppet_parser_core.rb +477 -0
data/lib/puppet/util/rdoc/parser/puppet_parser_rdoc1.rb +19 -0
data/lib/puppet/util/rdoc/parser/puppet_parser_rdoc2.rb +14 -0
data/lib/puppet/util/reference.rb +1 -1
data/lib/puppet/util/resource_template.rb +1 -1
data/lib/puppet/util/selinux.rb +1 -1
data/lib/puppet/util/storage.rb +2 -2
data/lib/puppet/util/suidmanager.rb +1 -1
data/lib/puppet/util/tag_set.rb +29 -0
data/lib/puppet/util/tagging.rb +8 -24
data/lib/puppet/util/watched_file.rb +1 -1
data/lib/puppet/util/watcher.rb +1 -1
data/lib/puppet/util/windows.rb +3 -0
data/lib/puppet/util/windows/access_control_entry.rb +84 -0
data/lib/puppet/util/windows/access_control_list.rb +106 -0
data/lib/puppet/util/windows/file.rb +213 -0
data/lib/puppet/util/windows/process.rb +199 -0
data/lib/puppet/util/windows/root_certs.rb +52 -37
data/lib/puppet/util/windows/security.rb +270 -245
data/lib/puppet/util/windows/security_descriptor.rb +62 -0
data/lib/puppet/util/windows/sid.rb +26 -4
data/lib/puppet/version.rb +2 -2
data/spec/fixtures/releases/jamtur01-apache/lib/puppet/provider/a2mod/debian.rb +1 -1
data/spec/fixtures/unit/indirector/{hiera → data_binding/hiera}/global.yaml +0 -0
data/spec/fixtures/unit/indirector/data_binding/hiera/invalid.yaml +1 -0
data/spec/fixtures/unit/module/trailing-comma.json +24 -0
data/spec/fixtures/unit/util/monkey_patches/x509.pem +32 -0
data/spec/integration/application/apply_spec.rb +1 -1
data/spec/integration/application/doc_spec.rb +1 -1
data/spec/integration/configurer_spec.rb +4 -2
data/spec/integration/data_binding.rb +100 -0
data/spec/integration/indirector/catalog/compiler_spec.rb +16 -13
data/spec/integration/indirector/direct_file_server_spec.rb +3 -5
data/spec/integration/indirector/file_content/file_server_spec.rb +2 -2
data/spec/integration/node/facts_spec.rb +1 -1
data/spec/integration/node_spec.rb +1 -1
data/spec/integration/parser/compiler_spec.rb +90 -0
data/spec/integration/parser/parser_spec.rb +2 -2
data/spec/integration/provider/cron/crontab_spec.rb +3 -5
data/spec/integration/resource/catalog_spec.rb +1 -1
data/spec/integration/ssl/autosign_spec.rb +90 -0
data/spec/integration/ssl/certificate_authority_spec.rb +62 -69
data/spec/integration/ssl/certificate_revocation_list_spec.rb +1 -1
data/spec/integration/ssl/host_spec.rb +1 -1
data/spec/integration/transaction_spec.rb +13 -13
data/spec/integration/type/exec_spec.rb +2 -2
data/spec/integration/type/file_spec.rb +287 -45
data/spec/integration/type/tidy_spec.rb +3 -3
data/spec/integration/util/rdoc/parser_spec.rb +236 -35
data/spec/integration/util/settings_spec.rb +1 -1
data/spec/integration/util/windows/process_spec.rb +22 -0
data/spec/integration/util/windows/security_spec.rb +316 -106
data/spec/lib/matchers/containment_matchers.rb +52 -0
data/spec/lib/puppet_spec/compiler.rb +6 -0
data/spec/lib/puppet_spec/files.rb +20 -21
data/spec/shared_behaviours/documentation_on_faces.rb +3 -3
data/spec/shared_behaviours/file_server_terminus.rb +2 -2
data/spec/shared_contexts/platform.rb +1 -0
data/spec/spec_helper.rb +13 -1
data/spec/unit/agent_spec.rb +0 -12
data/spec/unit/application/agent_spec.rb +4 -4
data/spec/unit/application/apply_spec.rb +18 -2
data/spec/unit/application/cert_spec.rb +8 -6
data/spec/unit/application/device_spec.rb +1 -1
data/spec/unit/application/filebucket_spec.rb +1 -1
data/spec/unit/application/inspect_spec.rb +1 -1
data/spec/unit/application_spec.rb +24 -0
data/spec/unit/configurer/downloader_spec.rb +8 -7
data/spec/unit/configurer/fact_handler_spec.rb +23 -0
data/spec/unit/configurer/plugin_handler_spec.rb +7 -2
data/spec/unit/configurer_spec.rb +15 -5
data/spec/unit/{provider/confine → confine}/exists_spec.rb +12 -12
data/spec/unit/{provider/confine → confine}/false_spec.rb +9 -9
data/spec/unit/{provider/confine → confine}/feature_spec.rb +10 -10
data/spec/unit/{provider/confine → confine}/true_spec.rb +7 -7
data/spec/unit/{provider/confine → confine}/variable_spec.rb +16 -16
data/spec/unit/{provider/confine_collection_spec.rb → confine_collection_spec.rb} +30 -30
data/spec/unit/{provider/confine_spec.rb → confine_spec.rb} +11 -11
data/spec/unit/{provider/confiner_spec.rb → confiner_spec.rb} +4 -4
data/spec/unit/face/parser_spec.rb +54 -0
data/spec/unit/file_bucket/dipper_spec.rb +2 -2
data/spec/unit/file_serving/base_spec.rb +32 -9
data/spec/unit/file_serving/configuration_spec.rb +7 -7
data/spec/unit/file_serving/content_spec.rb +12 -7
data/spec/unit/file_serving/fileset_spec.rb +57 -27
data/spec/unit/file_serving/metadata_spec.rb +74 -12
data/spec/unit/file_serving/mount/file_spec.rb +10 -10
data/spec/unit/file_serving/mount/pluginfacts_spec.rb +73 -0
data/spec/unit/file_system/file_spec.rb +486 -0
data/spec/unit/file_system/tempfile_spec.rb +48 -0
data/spec/unit/graph/relationship_graph_spec.rb +0 -6
data/spec/unit/hiera_puppet_spec.rb +2 -2
data/spec/unit/indirector/catalog/compiler_spec.rb +15 -19
data/spec/unit/indirector/certificate_status/file_spec.rb +30 -40
data/spec/unit/indirector/data_binding/hiera_spec.rb +95 -2
data/spec/unit/indirector/direct_file_server_spec.rb +6 -6
data/spec/unit/indirector/facts/facter_spec.rb +33 -0
data/spec/unit/indirector/file_bucket_file/file_spec.rb +61 -52
data/spec/unit/indirector/file_metadata/file_spec.rb +2 -2
data/spec/unit/indirector/file_server_spec.rb +4 -4
data/spec/unit/indirector/json_spec.rb +4 -4
data/spec/unit/indirector/key/file_spec.rb +13 -14
data/spec/unit/indirector/resource/ral_spec.rb +7 -0
data/spec/unit/indirector/resource/store_configs_spec.rb +11 -0
data/spec/unit/indirector/rest_spec.rb +7 -3
data/spec/unit/indirector/ssl_file_spec.rb +14 -17
data/spec/unit/indirector/yaml_spec.rb +4 -4
data/spec/unit/module_spec.rb +43 -15
data/spec/unit/module_tool/tar/gnu_spec.rb +2 -2
data/spec/unit/module_tool/tar/solaris_spec.rb +2 -2
data/spec/unit/module_tool/tar_spec.rb +45 -0
data/spec/unit/network/authconfig_spec.rb +2 -1
data/spec/unit/network/authentication_spec.rb +2 -2
data/spec/unit/network/format_handler_spec.rb +2 -2
data/spec/unit/network/formats_spec.rb +24 -0
data/spec/unit/network/http/connection_spec.rb +76 -199
data/spec/unit/network/http/handler_spec.rb +33 -34
data/spec/unit/network/http_pool_spec.rb +8 -5
data/spec/unit/node/environment_spec.rb +76 -90
data/spec/unit/node/facts_spec.rb +20 -3
data/spec/unit/node_spec.rb +43 -0
data/spec/unit/parameter/boolean_spec.rb +22 -12
data/spec/unit/parser/ast/resourceparam_spec.rb +51 -0
data/spec/unit/parser/compiler_spec.rb +103 -35
data/spec/unit/parser/eparser_adapter_spec.rb +12 -12
data/spec/unit/parser/files_spec.rb +11 -11
data/spec/unit/parser/functions/contain_spec.rb +185 -0
data/spec/unit/parser/functions/create_resources_spec.rb +13 -5
data/spec/unit/parser/functions/generate_spec.rb +1 -1
data/spec/unit/parser/functions_spec.rb +2 -2
data/spec/unit/parser/lexer_spec.rb +1 -1
data/spec/unit/parser/methods/each_spec.rb +1 -1
data/spec/unit/parser/methods/{select_spec.rb → filter_spec.rb} +11 -11
data/spec/unit/parser/methods/map_spec.rb +95 -0
data/spec/unit/parser/methods/reduce_spec.rb +12 -11
data/spec/unit/parser/methods/shared.rb +5 -5
data/spec/unit/parser/methods/slice_spec.rb +13 -13
data/spec/unit/parser/parser_spec.rb +1 -1
data/spec/unit/parser/resource/param_spec.rb +44 -0
data/spec/unit/parser/resource_spec.rb +16 -15
data/spec/unit/pops/model/ast_transformer_spec.rb +18 -4
data/spec/unit/pops/parser/lexer_spec.rb +22 -5
data/spec/unit/pops/parser/parse_calls_spec.rb +5 -5
data/spec/unit/pops/transformer/transform_calls_spec.rb +6 -6
data/spec/unit/pops/transformer/transform_containers_spec.rb +2 -2
data/spec/unit/pops/validator/validator_spec.rb +31 -0
data/spec/unit/provider/augeas/augeas_spec.rb +57 -2
data/spec/unit/provider/exec/posix_spec.rb +8 -3
data/spec/unit/provider/file/posix_spec.rb +2 -2
data/spec/unit/provider/group/windows_adsi_spec.rb +70 -3
data/spec/unit/provider/nameservice/directoryservice_spec.rb +3 -3
data/spec/unit/provider/package/apt_spec.rb +1 -1
data/spec/unit/provider/package/msi_spec.rb +15 -42
data/spec/unit/provider/package/openbsd_spec.rb +3 -3
data/spec/unit/provider/package/rpm_spec.rb +56 -13
data/spec/unit/provider/package/windows_spec.rb +15 -19
data/spec/unit/provider/service/base_spec.rb +1 -1
data/spec/unit/provider/service/daemontools_spec.rb +18 -8
data/spec/unit/provider/service/freebsd_spec.rb +3 -3
data/spec/unit/provider/service/gentoo_spec.rb +5 -2
data/spec/unit/provider/service/init_spec.rb +17 -17
data/spec/unit/provider/service/launchd_spec.rb +76 -23
data/spec/unit/provider/service/openbsd_spec.rb +125 -0
data/spec/unit/provider/service/openwrt_spec.rb +1 -1
data/spec/unit/provider/service/runit_spec.rb +12 -5
data/spec/unit/provider/service/upstart_spec.rb +4 -4
data/spec/unit/provider/ssh_authorized_key/parsed_spec.rb +5 -5
data/spec/unit/provider/user/directoryservice_spec.rb +4 -4
data/spec/unit/provider/zone/solaris_spec.rb +1 -1
data/spec/unit/provider_spec.rb +2 -2
data/spec/unit/reports/http_spec.rb +19 -34
data/spec/unit/reports/store_spec.rb +2 -2
data/spec/unit/resource/catalog_spec.rb +81 -11
data/spec/unit/resource/status_spec.rb +11 -1
data/spec/unit/resource/type_spec.rb +30 -1
data/spec/unit/resource_spec.rb +40 -4
data/spec/unit/settings/file_setting_spec.rb +2 -2
data/spec/unit/settings/path_setting_spec.rb +2 -2
data/spec/unit/settings/priority_setting_spec.rb +66 -0
data/spec/unit/settings_spec.rb +16 -31
data/spec/unit/ssl/certificate_authority/autosign_command_spec.rb +30 -0
data/spec/unit/ssl/certificate_authority_spec.rb +129 -134
data/spec/unit/ssl/certificate_factory_spec.rb +18 -0
data/spec/unit/ssl/certificate_request_attributes_spec.rb +61 -0
data/spec/unit/ssl/certificate_request_spec.rb +103 -0
data/spec/unit/ssl/certificate_spec.rb +31 -18
data/spec/unit/ssl/host_spec.rb +34 -8
data/spec/unit/ssl/inventory_spec.rb +27 -62
data/spec/unit/ssl/key_spec.rb +4 -4
data/spec/unit/ssl/oids_spec.rb +48 -0
data/spec/unit/ssl/validator_spec.rb +49 -6
data/spec/unit/status_spec.rb +9 -0
data/spec/unit/transaction/event_spec.rb +1 -9
data/spec/unit/transaction/report_spec.rb +20 -1
data/spec/unit/transaction/resource_harness_spec.rb +60 -210
data/spec/unit/transaction_spec.rb +54 -8
data/spec/unit/type/component_spec.rb +2 -2
data/spec/unit/type/exec_spec.rb +14 -7
data/spec/unit/type/file/content_spec.rb +13 -2
data/spec/unit/type/file/ctime_spec.rb +1 -1
data/spec/unit/type/file/mode_spec.rb +48 -2
data/spec/unit/type/file/mtime_spec.rb +1 -1
data/spec/unit/type/file/source_spec.rb +177 -7
data/spec/unit/type/file_spec.rb +63 -71
data/spec/unit/type/group_spec.rb +20 -0
data/spec/unit/type/k5login_spec.rb +3 -3
data/spec/unit/type/mount_spec.rb +53 -0
data/spec/unit/type/nagios_spec.rb +216 -0
data/spec/unit/type/package_spec.rb +7 -1
data/spec/unit/type/schedule_spec.rb +6 -0
data/spec/unit/type/service_spec.rb +3 -3
data/spec/unit/type/tidy_spec.rb +14 -14
data/spec/unit/type/user_spec.rb +9 -0
data/spec/unit/type_spec.rb +86 -4
data/spec/unit/util/adsi_spec.rb +120 -12
data/spec/unit/util/autoload_spec.rb +14 -14
data/spec/unit/util/backups_spec.rb +29 -21
data/spec/unit/util/checksums_spec.rb +2 -1
data/spec/unit/util/command_line_spec.rb +41 -0
data/spec/unit/util/docs_spec.rb +91 -0
data/spec/unit/util/execution_spec.rb +26 -2
data/spec/unit/util/filetype_spec.rb +7 -7
data/spec/unit/util/lockfile_spec.rb +2 -2
data/spec/unit/util/log/destinations_spec.rb +32 -0
data/spec/unit/util/monkey_patches_spec.rb +41 -0
data/spec/unit/util/pidlock_spec.rb +6 -6
data/spec/unit/util/rdoc/parser_spec.rb +15 -13
data/spec/unit/util/rdoc_spec.rb +18 -24
data/spec/unit/util/resource_template_spec.rb +3 -3
data/spec/unit/util/selinux_spec.rb +4 -2
data/spec/unit/util/storage_spec.rb +4 -4
data/spec/unit/util/suidmanager_spec.rb +7 -0
data/spec/unit/util/tag_set_spec.rb +46 -0
data/spec/unit/util/tagging_spec.rb +82 -45
data/spec/unit/util/watcher_spec.rb +4 -1
data/spec/unit/util/windows/access_control_entry_spec.rb +67 -0
data/spec/unit/util/windows/access_control_list_spec.rb +133 -0
data/spec/unit/util/windows/root_certs_spec.rb +10 -8
data/spec/unit/util/windows/security_descriptor_spec.rb +117 -0
data/spec/unit/util/windows/sid_spec.rb +69 -0
data/spec/unit/util_spec.rb +7 -7
data/tasks/ci.rake +17 -36
metadata +2811 -2746
checksums.yaml +0 -7
data/examples/mac_automount.pp +0 -16
data/examples/mcx_dock_absent.pp +0 -4
data/examples/mcx_dock_default.pp +0 -118
data/examples/mcx_dock_full.pp +0 -125
data/examples/mcx_dock_invalid.pp +0 -9
data/examples/mcx_nogroup.pp +0 -118
data/examples/mcx_notexists_absent.pp +0 -4
data/ext/rack/README +0 -58
data/ext/rack/manifest.pp +0 -59
data/lib/puppet/external/lock.rb +0 -63
data/lib/puppet/indirector/hiera.rb +0 -39
data/lib/puppet/parser/functions/foreach.rb +0 -95
data/spec/integration/network/server/webrick_spec.rb +0 -76
data/spec/integration/parser/functions_spec.rb +0 -16
data/spec/unit/indirector/hiera_spec.rb +0 -154
data/spec/unit/parser/methods/collect_spec.rb +0 -153
data/spec/unit/parser/methods/foreach_spec.rb +0 -91
data/spec/unit/parser/methods/reject_spec.rb +0 -73
data/spec/unit/resource/resource_type.json +0 -34

data/lib/puppet/util/rdoc/parser/puppet_parser_rdoc1.rb ADDED

@@ -0,0 +1,19 @@
+require 'puppet/util/rdoc/parser/puppet_parser_core.rb'
+module RDoc
+  PUPPET_RDOC_VERSION = 1
+  # @api private
+  class PuppetParserRDoc1
+    extend ParserFactory
+    include PuppetParserCore
+    def create_rdoc_preprocess
+      preprocess = SM::PreProcess.new(@input_file_name, @options.rdoc_include)
+    end
+  end
+  # For backwards compatibility
+  # @api private
+  Parser = PuppetParserRDoc1
+end

data/lib/puppet/util/rdoc/parser/puppet_parser_rdoc2.rb ADDED

@@ -0,0 +1,14 @@
+require 'puppet/util/rdoc/parser/puppet_parser_core.rb'
+module RDoc
+  PUPPET_RDOC_VERSION = 2
+  # @api private
+  class PuppetParserRDoc2 < Parser
+    include PuppetParserCore
+    def create_rdoc_preprocess
+      preprocess = Markup::PreProcess.new(@input_file_name, @options.rdoc_include)
+    end
+  end
+end

data/lib/puppet/util/reference.rb CHANGED

@@ -46,7 +46,7 @@ class Puppet::Util::Reference
     # There used to be an attempt to use secure_open / replace_file to secure
     # the target, too, but that did nothing: the race was still here.  We can
     # get exactly the same benefit from running this effort:
-    File.unlink('/tmp/puppetdoc.tex') rescue nil
+    Puppet::FileSystem::File.unlink('/tmp/puppetdoc.tex') rescue nil
     output = %x{#{cmd}}
     unless $CHILD_STATUS == 0
       $stderr.puts "rst2latex failed"

data/lib/puppet/util/resource_template.rb CHANGED

@@ -44,7 +44,7 @@ class Puppet::Util::ResourceTemplate
   end
   def initialize(file, resource)
-    raise ArgumentError, "Template #{file} does not exist" unless FileTest.exist?(file)
+    raise ArgumentError, "Template #{file} does not exist" unless Puppet::FileSystem::File.exist?(file)
     @file = file
     @resource = resource
   end

data/lib/puppet/util/selinux.rb CHANGED

@@ -216,7 +216,7 @@ module Puppet::Util::SELinux
   #
   # @return [File::Stat] File.lstat result
   def file_lstat(path)
-    File.lstat(path)
+    Puppet::FileSystem::File.new(path).lstat
   end
   private :file_lstat
 end

data/lib/puppet/util/storage.rb CHANGED

@@ -45,7 +45,7 @@ class Puppet::Util::Storage
     Puppet.settings.use(:main) unless FileTest.directory?(Puppet[:statedir])
     filename = Puppet[:statefile]
-    unless File.exists?(filename)
+    unless Puppet::FileSystem::File.exist?(filename)
       self.init if @@state.nil?
       return
     end
@@ -80,7 +80,7 @@ class Puppet::Util::Storage
   def self.store
     Puppet.debug "Storing state"
-    Puppet.info "Creating state file #{Puppet[:statefile]}" unless FileTest.exist?(Puppet[:statefile])
+    Puppet.info "Creating state file #{Puppet[:statefile]}" unless Puppet::FileSystem::File.exist?(Puppet[:statefile])
     Puppet::Util.benchmark(:debug, "Stored state") do
       Puppet::Util::Yaml.dump(@@state, Puppet[:statefile])

data/lib/puppet/util/suidmanager.rb CHANGED

@@ -178,7 +178,7 @@ module Puppet::Util::SUIDManager
   #   :custom_environment (default {}) -- a hash of key/value pairs to set as environment variables for the duration
   #     of the command
   def run_and_capture(command, new_uid=nil, new_gid=nil, options = {})
+    Puppet.deprecation_warning("Puppet::Util::SUIDManager.run_and_capture is deprecated; please use Puppet::Util::Execution.execute instead.")
     # specifying these here rather than in the method signature to allow callers to pass in a partial
     # set of overrides without affecting the default values for options that they don't pass in
     default_options = {

data/lib/puppet/util/tag_set.rb ADDED

@@ -0,0 +1,29 @@
+require 'set'
+class Puppet::Util::TagSet < Set
+  def self.from_yaml(yaml)
+    self.new(YAML.load(yaml))
+  end
+  def to_yaml
+    @hash.keys.to_yaml
+  end
+  def self.from_pson(data)
+    self.new(data)
+  end
+  def to_pson(*args)
+    to_a.to_pson
+  end
+  # this makes puppet serialize it as an array for backwards
+  # compatibility
+  def to_zaml(z)
+    to_a.to_zaml(z)
+  end
+  def join(*args)
+    to_a.join(*args)
+  end
+end

data/lib/puppet/util/tagging.rb CHANGED

@@ -1,30 +1,10 @@
-# Created on 2008-01-19
-# Copyright Luke Kanies
+require 'puppet/util/tag_set'
-# A common module to handle tagging.
-#
-# So, do you want the bad news or the good news first?
-#
-# The bad news is that using an array here is hugely costly compared to using
-# a hash.  Like, the same speed empty, 50 percent slower with one item, and
-# 300 percent slower at 6 - one of our common peaks for tagging items.
-#
-# ...and that assumes an efficient implementation, just using include?.  These
-# methods have even more costs hidden in them.
-#
-# The good news is that this module has no API.  Various objects directly
-# interact with their `@tags` member as an array, or dump it directly in YAML,
-# or whatever.
-#
-# So, er, you can't actually change this.  No matter how much you want to be
-# cause it is inefficient in both CPU and object allocation terms.
-#
-# Good luck, my friend. --daniel 2012-07-17
 module Puppet::Util::Tagging
   # Add a tag to our current list.  These tags will be added to all
   # of the objects contained in this scope.
   def tag(*ary)
-    @tags ||= []
+    @tags ||= new_tags
     qualified = []
@@ -45,12 +25,12 @@ module Puppet::Util::Tagging
   # Return a copy of the tag list, so someone can't ask for our tags
   # and then modify them.
   def tags
-    @tags ||= []
+    @tags ||= new_tags
     @tags.dup
   end
   def tags=(tags)
-    @tags = []
+    @tags = new_tags
     return if tags.nil? or tags == ""
@@ -73,4 +53,8 @@ module Puppet::Util::Tagging
   def valid_tag?(tag)
     tag.is_a?(String) and tag =~ ValidTagRegex
   end
+  def new_tags
+    Puppet::Util::TagSet.new
+  end
 end

data/lib/puppet/util/watched_file.rb CHANGED

@@ -26,7 +26,7 @@ class Puppet::Util::WatchedFile
   end
   # Allow this to be used as the name of the file being watched in various
-  # other methods (such as File.exist?)
+  # other methods (such as Puppet::FileSystem::File.exist?)
   def to_str
     @filename
   end

data/lib/puppet/util/watcher.rb CHANGED

@@ -7,7 +7,7 @@ module Puppet::Util::Watcher
     def self.file_ctime_change_watcher(filename)
       Puppet::Util::Watcher::ChangeWatcher.watch(lambda do
         begin
-          File.stat(filename).ctime
+          Puppet::FileSystem::File.new(filename).stat.ctime
         rescue Errno::ENOENT, Errno::ENOTDIR
           :absent
         end

data/lib/puppet/util/windows.rb CHANGED

@@ -8,6 +8,9 @@ module Puppet::Util::Windows
     require 'puppet/util/windows/process'
     require 'puppet/util/windows/file'
     require 'puppet/util/windows/root_certs'
+    require 'puppet/util/windows/access_control_entry'
+    require 'puppet/util/windows/access_control_list'
+    require 'puppet/util/windows/security_descriptor'
   end
   require 'puppet/util/windows/registry'
 end

data/lib/puppet/util/windows/access_control_entry.rb ADDED

@@ -0,0 +1,84 @@
+# Windows Access Control Entry
+#
+# Represents an access control entry, which grants or denies a subject,
+# identified by a SID, rights to a securable object.
+#
+# @see http://msdn.microsoft.com/en-us/library/windows/desktop/aa374868(v=vs.85).aspx
+# @api private
+class Puppet::Util::Windows::AccessControlEntry
+  require 'puppet/util/windows/security'
+  include Puppet::Util::Windows::SID
+  attr_accessor :sid
+  attr_reader :mask, :flags, :type
+  OBJECT_INHERIT_ACE                      = 0x1
+  CONTAINER_INHERIT_ACE                   = 0x2
+  NO_PROPAGATE_INHERIT_ACE                = 0x4
+  INHERIT_ONLY_ACE                        = 0x8
+  INHERITED_ACE                           = 0x10
+  ACCESS_ALLOWED_ACE_TYPE                 = 0x0
+  ACCESS_DENIED_ACE_TYPE                  = 0x1
+  def initialize(sid, mask, flags = 0, type = ACCESS_ALLOWED_ACE_TYPE)
+    @sid = sid
+    @mask = mask
+    @flags = flags
+    @type = type
+  end
+  # Returns true if this ACE is inherited from a parent. If false,
+  # then the ACE is set directly on the object to which it refers.
+  #
+  # @return [Boolean] true if the ACE is inherited
+  def inherited?
+    (@flags & INHERITED_ACE) == INHERITED_ACE
+  end
+  # Returns true if this ACE only applies to children of the object.
+  # If false, it applies to the object.
+  #
+  # @return [Boolean] true if the ACE only applies to children and
+  # not the object itself.
+  def inherit_only?
+    (@flags & INHERIT_ONLY_ACE) == INHERIT_ONLY_ACE
+  end
+  # Returns true if this ACE applies to child directories.
+  #
+  # @return [Boolean] true if the ACE applies to child direcories
+  def container_inherit?
+    (@flags & CONTAINER_INHERIT_ACE) == CONTAINER_INHERIT_ACE
+  end
+  # Returns true if this ACE applies to child files.
+  #
+  # @return [Boolean] true if the ACE applies to child files.
+  def object_inherit?
+    (@flags & OBJECT_INHERIT_ACE) == OBJECT_INHERIT_ACE
+  end
+  def inspect
+    inheritance = ""
+    inheritance << '(I)' if inherited?
+    inheritance << '(OI)' if object_inherit?
+    inheritance << '(CI)' if container_inherit?
+    inheritance << '(IO)' if inherit_only?
+    left = "#{sid_to_name(sid)}:#{inheritance}"
+    left = left.ljust(45)
+    "#{left} 0x#{mask.to_s(16)}"
+  end
+  # Returns true if this ACE is equal to +other+
+  def ==(other)
+    self.class == other.class &&
+      sid == other.sid &&
+      mask == other.mask &&
+      flags == other.flags &&
+      type == other.type
+  end
+  alias eql? ==
+end

data/lib/puppet/util/windows/access_control_list.rb ADDED

@@ -0,0 +1,106 @@
+# Windows Access Control List
+#
+# Represents a list of access control entries (ACEs).
+#
+# @see http://msdn.microsoft.com/en-us/library/windows/desktop/aa374872(v=vs.85).aspx
+# @api private
+class Puppet::Util::Windows::AccessControlList
+  include Enumerable
+  ACCESS_ALLOWED_ACE_TYPE                 = 0x0
+  ACCESS_DENIED_ACE_TYPE                  = 0x1
+  # Construct an ACL.
+  #
+  # @param acl [Enumerable] A list of aces to copy from.
+  def initialize(acl = nil)
+    if acl
+      @aces = acl.map(&:dup)
+    else
+      @aces = []
+    end
+  end
+  # Enumerate each ACE in the list.
+  #
+  # @yieldparam ace [Hash] the ace
+  def each
+    @aces.each {|ace| yield ace}
+  end
+  # Allow the +sid+ to access a resource with the specified access +mask+.
+  #
+  # @param sid [String] The SID that the ACE is granting access to
+  # @param mask [int] The access mask granted to the SID
+  # @param flags [int] The flags assigned to the ACE, e.g. +INHERIT_ONLY_ACE+
+  def allow(sid, mask, flags = 0)
+    @aces << Puppet::Util::Windows::AccessControlEntry.new(sid, mask, flags, ACCESS_ALLOWED_ACE_TYPE)
+  end
+  # Deny the +sid+ access to a resource with the specified access +mask+.
+  #
+  # @param sid [String] The SID that the ACE is denying access to
+  # @param mask [int] The access mask denied to the SID
+  # @param flags [int] The flags assigned to the ACE, e.g. +INHERIT_ONLY_ACE+
+  def deny(sid, mask, flags = 0)
+    @aces << Puppet::Util::Windows::AccessControlEntry.new(sid, mask, flags, ACCESS_DENIED_ACE_TYPE)
+  end
+  # Reassign all ACEs currently assigned to +old_sid+ to +new_sid+ instead.
+  # If an ACE is inherited or is not assigned to +old_sid+, then it will
+  # be copied as-is to the new ACL, preserving its order within the ACL.
+  #
+  # @param old_sid [String] The old SID, e.g. 'S-1-5-18'
+  # @param new_sid [String] The new SID
+  # @return [AccessControlList] The copied ACL.
+  def reassign!(old_sid, new_sid)
+    new_aces = []
+    prepend_needed = false
+    aces_to_prepend = []
+    @aces.each do |ace|
+      new_ace = ace.dup
+      if ace.sid == old_sid
+        if ace.inherited?
+          # create an explicit ACE granting or denying the
+          # new_sid the rights that the inherited ACE
+          # granted or denied the old_sid. We mask off all
+          # flags except those affecting inheritance of the
+          # ACE we're creating.
+          inherit_mask = Windows::Security::CONTAINER_INHERIT_ACE |
+            Windows::Security::OBJECT_INHERIT_ACE |
+            Windows::Security::INHERIT_ONLY_ACE
+          explicit_ace = Puppet::Util::Windows::AccessControlEntry.new(new_sid, ace.mask, ace.flags & inherit_mask, ace.type)
+          aces_to_prepend << explicit_ace
+        else
+          new_ace.sid = new_sid
+          prepend_needed = old_sid == Win32::Security::SID::LocalSystem
+        end
+      end
+      new_aces << new_ace
+    end
+    @aces = []
+    if prepend_needed
+      mask = Windows::Security::STANDARD_RIGHTS_ALL | Windows::Security::SPECIFIC_RIGHTS_ALL
+      ace = Puppet::Util::Windows::AccessControlEntry.new(
+              Win32::Security::SID::LocalSystem,
+              mask)
+      @aces << ace
+    end
+    @aces.concat(aces_to_prepend)
+    @aces.concat(new_aces)
+  end
+  def inspect
+    str = ""
+    @aces.each do |ace|
+      str << "  #{ace.inspect}\n"
+    end
+    str
+  end
+end

data/lib/puppet/util/windows/file.rb CHANGED

@@ -1,6 +1,7 @@
 require 'puppet/util/windows'
 module Puppet::Util::Windows::File
+  require 'ffi'
   require 'windows/api'
   require 'windows/wide_string'
@@ -24,4 +25,216 @@ module Puppet::Util::Windows::File
       new("MoveFileEx(#{source}, #{target}, #{flags.to_s(8)})")
   end
   module_function :move_file_ex
+  module API
+    extend FFI::Library
+    ffi_lib 'kernel32'
+    ffi_convention :stdcall
+    # BOOLEAN WINAPI CreateSymbolicLink(
+    #   _In_  LPTSTR lpSymlinkFileName, - symbolic link to be created
+    #   _In_  LPTSTR lpTargetFileName, - name of target for symbolic link
+    #   _In_  DWORD dwFlags - 0x0 target is a file, 0x1 target is a directory
+    # );
+    # rescue on Windows < 6.0 so that code doesn't explode
+    begin
+      attach_function :create_symbolic_link, :CreateSymbolicLinkW,
+        [:buffer_in, :buffer_in, :uint], :bool
+    rescue LoadError
+    end
+    # DWORD WINAPI GetFileAttributes(
+    #   _In_  LPCTSTR lpFileName
+    # );
+    attach_function :get_file_attributes, :GetFileAttributesW,
+      [:buffer_in], :uint
+    # HANDLE WINAPI CreateFile(
+    #   _In_      LPCTSTR lpFileName,
+    #   _In_      DWORD dwDesiredAccess,
+    #   _In_      DWORD dwShareMode,
+    #   _In_opt_  LPSECURITY_ATTRIBUTES lpSecurityAttributes,
+    #   _In_      DWORD dwCreationDisposition,
+    #   _In_      DWORD dwFlagsAndAttributes,
+    #   _In_opt_  HANDLE hTemplateFile
+    # );
+    attach_function :create_file, :CreateFileW,
+      [:buffer_in, :uint, :uint, :pointer, :uint, :uint, :uint], :uint
+    # http://msdn.microsoft.com/en-us/library/windows/desktop/aa363216(v=vs.85).aspx
+    # BOOL WINAPI DeviceIoControl(
+    #   _In_         HANDLE hDevice,
+    #   _In_         DWORD dwIoControlCode,
+    #   _In_opt_     LPVOID lpInBuffer,
+    #   _In_         DWORD nInBufferSize,
+    #   _Out_opt_    LPVOID lpOutBuffer,
+    #   _In_         DWORD nOutBufferSize,
+    #   _Out_opt_    LPDWORD lpBytesReturned,
+    #   _Inout_opt_  LPOVERLAPPED lpOverlapped
+    # );
+    attach_function :device_io_control, :DeviceIoControl,
+      [:uint, :uint, :pointer, :uint, :pointer, :uint, :pointer, :pointer], :bool
+    MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 16384
+    # REPARSE_DATA_BUFFER
+    # http://msdn.microsoft.com/en-us/library/cc232006.aspx
+    # http://msdn.microsoft.com/en-us/library/windows/hardware/ff552012(v=vs.85).aspx
+    # struct is always MAXIMUM_REPARSE_DATA_BUFFER_SIZE bytes
+    class ReparseDataBuffer < FFI::Struct
+      layout :reparse_tag, :uint,
+             :reparse_data_length, :ushort,
+             :reserved, :ushort,
+             :substitute_name_offset, :ushort,
+             :substitute_name_length, :ushort,
+             :print_name_offset, :ushort,
+             :print_name_length, :ushort,
+             :flags, :uint,
+             # max less above fields dword / uint 4 bytes, ushort 2 bytes
+             :path_buffer, [:uchar, MAXIMUM_REPARSE_DATA_BUFFER_SIZE - 20]
+    end
+    # BOOL WINAPI CloseHandle(
+    #   _In_  HANDLE hObject
+    # );
+    attach_function :close_handle, :CloseHandle, [:uint], :bool
+  end
+  def symlink(target, symlink)
+    flags = File.directory?(target) ? 0x1 : 0x0
+    result = API.create_symbolic_link(WideString.new(symlink.to_s),
+      WideString.new(target.to_s), flags)
+    return true if result
+    raise Puppet::Util::Windows::Error.new(
+      "CreateSymbolicLink(#{symlink}, #{target}, #{flags.to_s(8)})")
+  end
+  module_function :symlink
+  INVALID_FILE_ATTRIBUTES = 0xFFFFFFFF #define INVALID_FILE_ATTRIBUTES (DWORD (-1))
+  def self.get_file_attributes(file_name)
+    result = API.get_file_attributes(WideString.new(file_name.to_s))
+    return result unless result == INVALID_FILE_ATTRIBUTES
+    raise Puppet::Util::Windows::Error.new("GetFileAttributes(#{file_name})")
+  end
+  INVALID_HANDLE_VALUE = -1 #define INVALID_HANDLE_VALUE ((HANDLE)(LONG_PTR)-1)
+  def self.create_file(file_name, desired_access, share_mode, security_attributes,
+    creation_disposition, flags_and_attributes, template_file_handle)
+    result = API.create_file(WideString.new(file_name.to_s),
+      desired_access, share_mode, security_attributes, creation_disposition,
+      flags_and_attributes, template_file_handle)
+    return result unless result == INVALID_HANDLE_VALUE
+    raise Puppet::Util::Windows::Error.new(
+      "CreateFile(#{file_name}, #{desired_access.to_s(8)}, #{share_mode.to_s(8)}, " +
+        "#{security_attributes}, #{creation_disposition.to_s(8)}, " +
+        "#{flags_and_attributes.to_s(8)}, #{template_file_handle})")
+  end
+  def self.device_io_control(handle, io_control_code, in_buffer = nil, out_buffer = nil)
+    if out_buffer.nil?
+      raise Puppet::Util::Windows::Error.new("out_buffer is required")
+    end
+    result = API.device_io_control(
+      handle,
+      io_control_code,
+      in_buffer, in_buffer.nil? ? 0 : in_buffer.size,
+      out_buffer, out_buffer.size,
+      FFI::MemoryPointer.new(:uint, 1),
+      nil
+    )
+    return out_buffer if result
+    raise Puppet::Util::Windows::Error.new(
+      "DeviceIoControl(#{handle}, #{io_control_code}, #{in_buffer}, #{in_buffer.size}, " +
+      "#{out_buffer}, #{out_buffer.size}")
+  end
+  FILE_ATTRIBUTE_REPARSE_POINT = 0x400
+  def symlink?(file_name)
+    begin
+      attributes = get_file_attributes(file_name)
+      (attributes & FILE_ATTRIBUTE_REPARSE_POINT) == FILE_ATTRIBUTE_REPARSE_POINT
+    rescue
+      # raised INVALID_FILE_ATTRIBUTES is equivalent to file not found
+      false
+    end
+  end
+  module_function :symlink?
+  GENERIC_READ                  = 0x80000000
+  FILE_SHARE_READ               = 1
+  OPEN_EXISTING                 = 3
+  FILE_FLAG_OPEN_REPARSE_POINT  = 0x00200000
+  FILE_FLAG_BACKUP_SEMANTICS    = 0x02000000
+  def self.open_symlink(link_name)
+    begin
+      yield handle = create_file(
+      WideString.new(link_name.to_s),
+      GENERIC_READ,
+      FILE_SHARE_READ,
+      nil, # security_attributes
+      OPEN_EXISTING,
+      FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS,
+      0) # template_file
+    ensure
+      API.close_handle(handle) if handle
+    end
+  end
+  def readlink(link_name)
+    open_symlink(link_name) do |handle|
+      resolve_symlink(handle)
+    end
+  end
+  module_function :readlink
+  def stat(file_name)
+    file_name = file_name.to_s # accomodate PathName or String
+    stat = File.stat(file_name)
+    if symlink?(file_name)
+      link_ftype = File.stat(readlink(file_name)).ftype
+      # sigh, monkey patch instance method for instance, and close over link_ftype
+      singleton_class = class << stat; self; end
+      singleton_class.send(:define_method, :ftype) do
+        link_ftype
+      end
+    end
+    stat
+  end
+  module_function :stat
+  def lstat(file_name)
+    file_name = file_name.to_s # accomodate PathName or String
+    # monkey'ing around!
+    stat = File.lstat(file_name)
+    if symlink?(file_name)
+      def stat.ftype
+        "link"
+      end
+    end
+    stat
+  end
+  module_function :lstat
+  private
+  # http://msdn.microsoft.com/en-us/library/windows/desktop/aa364571(v=vs.85).aspx
+  FSCTL_GET_REPARSE_POINT = 0x900a8
+  def self.resolve_symlink(handle)
+    # must be multiple of 1024, min 10240
+    out_buffer = FFI::MemoryPointer.new(API::ReparseDataBuffer.size)
+    device_io_control(handle, FSCTL_GET_REPARSE_POINT, nil, out_buffer)
+    reparse_data = API::ReparseDataBuffer.new(out_buffer)
+    offset = reparse_data[:print_name_offset]
+    length = reparse_data[:print_name_length]
+    result = reparse_data[:path_buffer].to_a[offset, length].pack('C*')
+    result.force_encoding('UTF-16LE').encode(Encoding.default_external)
+  end
 end