puppet 4.0.0-x86-mingw32 → 4.1.0-x86-mingw32
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/ext/build_defaults.yaml +8 -35
- data/ext/debian/puppet.default +0 -5
- data/ext/debian/puppet.init +1 -15
- data/lib/hiera/puppet_function.rb +15 -4
- data/lib/puppet/application/agent.rb +5 -0
- data/lib/puppet/application/apply.rb +23 -2
- data/lib/puppet/application/device.rb +8 -3
- data/lib/puppet/application/master.rb +16 -5
- data/lib/puppet/configurer.rb +7 -5
- data/lib/puppet/defaults.rb +18 -0
- data/lib/puppet/environments.rb +1 -1
- data/lib/puppet/error.rb +27 -1
- data/lib/puppet/file_serving/metadata.rb +13 -8
- data/lib/puppet/file_serving/terminus_helper.rb +7 -8
- data/lib/puppet/file_system.rb +13 -0
- data/lib/puppet/file_system/file_impl.rb +4 -0
- data/lib/puppet/file_system/memory_impl.rb +4 -0
- data/lib/puppet/file_system/windows.rb +8 -0
- data/lib/puppet/functions.rb +33 -3
- data/lib/puppet/functions/defined.rb +130 -0
- data/lib/puppet/functions/regsubst.rb +1 -1
- data/lib/puppet/functions/split.rb +1 -1
- data/lib/puppet/indirector/catalog/compiler.rb +1 -1
- data/lib/puppet/indirector/facts/facter.rb +11 -0
- data/lib/puppet/loaders.rb +1 -0
- data/lib/puppet/node.rb +17 -1
- data/lib/puppet/node/environment.rb +4 -0
- data/lib/puppet/parser/ast/pops_bridge.rb +4 -0
- data/lib/puppet/parser/compiler.rb +9 -0
- data/lib/puppet/parser/functions/defined.rb +25 -1
- data/lib/puppet/parser/functions/file.rb +3 -1
- data/lib/puppet/parser/scope.rb +11 -2
- data/lib/puppet/parser/templatewrapper.rb +2 -1
- data/lib/puppet/pops.rb +4 -0
- data/lib/puppet/pops/evaluator/access_operator.rb +25 -5
- data/lib/puppet/pops/evaluator/closure.rb +28 -2
- data/lib/puppet/pops/evaluator/collector_transformer.rb +1 -11
- data/lib/puppet/pops/evaluator/collectors/catalog_collector.rb +4 -0
- data/lib/puppet/pops/evaluator/collectors/exported_collector.rb +4 -0
- data/lib/puppet/pops/evaluator/compare_operator.rb +43 -0
- data/lib/puppet/pops/evaluator/epp_evaluator.rb +7 -2
- data/lib/puppet/pops/evaluator/evaluator_impl.rb +48 -14
- data/lib/puppet/pops/evaluator/runtime3_support.rb +10 -5
- data/lib/puppet/pops/functions/dispatch.rb +6 -1
- data/lib/puppet/pops/functions/dispatcher.rb +7 -1
- data/lib/puppet/pops/issue_reporter.rb +42 -16
- data/lib/puppet/pops/issues.rb +116 -2
- data/lib/puppet/pops/loader/loader.rb +11 -0
- data/lib/puppet/pops/loader/loader_paths.rb +67 -6
- data/lib/puppet/pops/loader/module_loaders.rb +19 -8
- data/lib/puppet/pops/loader/puppet_function_instantiator.rb +78 -0
- data/lib/puppet/pops/loaders.rb +6 -4
- data/lib/puppet/pops/migration/migration_checker.rb +54 -0
- data/lib/puppet/pops/model/factory.rb +5 -1
- data/lib/puppet/pops/model/model_label_provider.rb +2 -0
- data/lib/puppet/pops/model/model_meta.rb +5 -1
- data/lib/puppet/pops/parser/egrammar.ra +9 -10
- data/lib/puppet/pops/parser/eparser.rb +1061 -1047
- data/lib/puppet/pops/parser/epp_support.rb +18 -9
- data/lib/puppet/pops/parser/evaluating_parser.rb +7 -1
- data/lib/puppet/pops/parser/heredoc_support.rb +12 -11
- data/lib/puppet/pops/parser/interpolation_support.rb +7 -1
- data/lib/puppet/pops/parser/lexer2.rb +29 -12
- data/lib/puppet/pops/parser/lexer_support.rb +52 -23
- data/lib/puppet/pops/parser/parser_support.rb +11 -14
- data/lib/puppet/pops/parser/slurp_support.rb +22 -6
- data/lib/puppet/pops/types/type_calculator.rb +156 -55
- data/lib/puppet/pops/types/type_factory.rb +66 -13
- data/lib/puppet/pops/types/type_parser.rb +22 -13
- data/lib/puppet/pops/types/types.rb +23 -4
- data/lib/puppet/pops/types/types_meta.rb +13 -2
- data/lib/puppet/pops/validation.rb +25 -2
- data/lib/puppet/pops/validation/checker4_0.rb +63 -31
- data/lib/puppet/provider/group/windows_adsi.rb +8 -4
- data/lib/puppet/provider/mount/parsed.rb +145 -2
- data/lib/puppet/provider/package/apt.rb +1 -1
- data/lib/puppet/provider/package/pip.rb +11 -2
- data/lib/puppet/provider/package/pkgng.rb +134 -0
- data/lib/puppet/provider/package/portage.rb +1 -1
- data/lib/puppet/provider/package/ports.rb +0 -3
- data/lib/puppet/provider/package/windows/exe_package.rb +0 -1
- data/lib/puppet/provider/package/windows/msi_package.rb +0 -1
- data/lib/puppet/provider/package/zypper.rb +50 -15
- data/lib/puppet/provider/scheduled_task/win32_taskscheduler.rb +32 -7
- data/lib/puppet/provider/service/debian.rb +1 -1
- data/lib/puppet/provider/service/init.rb +7 -0
- data/lib/puppet/provider/user/openbsd.rb +1 -0
- data/lib/puppet/provider/user/windows_adsi.rb +45 -2
- data/lib/puppet/reference/indirection.rb +1 -1
- data/lib/puppet/resource.rb +1 -1
- data/lib/puppet/resource/catalog.rb +0 -4
- data/lib/puppet/settings.rb +19 -0
- data/lib/puppet/type/file.rb +1 -0
- data/lib/puppet/type/file/ensure.rb +1 -1
- data/lib/puppet/type/mount.rb +9 -1
- data/lib/puppet/type/scheduled_task.rb +13 -0
- data/lib/puppet/type/tidy.rb +3 -1
- data/lib/puppet/type/user.rb +32 -0
- data/lib/puppet/type/yumrepo.rb +5 -5
- data/lib/puppet/util/log.rb +50 -8
- data/lib/puppet/util/log/destinations.rb +23 -2
- data/lib/puppet/util/logging.rb +37 -1
- data/lib/puppet/util/run_mode.rb +1 -14
- data/lib/puppet/util/windows/adsi.rb +130 -58
- data/lib/puppet/version.rb +1 -1
- data/man/man5/puppet.conf.5 +48 -6
- data/man/man8/extlookup2hiera.8 +1 -1
- data/man/man8/puppet-agent.8 +4 -1
- data/man/man8/puppet-apply.8 +4 -1
- data/man/man8/puppet-ca.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-cert.8 +1 -1
- data/man/man8/puppet-certificate.8 +1 -1
- data/man/man8/puppet-certificate_request.8 +1 -1
- data/man/man8/puppet-certificate_revocation_list.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +6 -3
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +1 -1
- data/man/man8/puppet-file.8 +1 -1
- data/man/man8/puppet-filebucket.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-inspect.8 +1 -1
- data/man/man8/puppet-key.8 +1 -1
- data/man/man8/puppet-man.8 +1 -1
- data/man/man8/puppet-master.8 +4 -1
- data/man/man8/puppet-module.8 +1 -1
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-resource_type.8 +1 -1
- data/man/man8/puppet-status.8 +1 -1
- data/man/man8/puppet.8 +1 -1
- data/spec/fixtures/unit/data_providers/environments/production/lib/puppet/functions/environment/data.rb +3 -1
- data/spec/fixtures/unit/data_providers/environments/production/modules/xyz/functions/data.pp +6 -0
- data/spec/fixtures/unit/data_providers/environments/production/modules/xyz/lib/puppet/bindings/xyz/default.rb +9 -0
- data/spec/fixtures/unit/data_providers/environments/production/modules/xyz/manifests/init.pp +9 -0
- data/spec/fixtures/unit/pops/loaders/loaders/mix_4x_and_3x_functions/user/functions/puppetcalled.pp +3 -0
- data/spec/fixtures/unit/pops/loaders/loaders/mix_4x_and_3x_functions/user/functions/puppetcaller.pp +3 -0
- data/spec/fixtures/unit/pops/loaders/loaders/mix_4x_and_3x_functions/user/functions/puppetcaller4.pp +3 -0
- data/spec/fixtures/unit/pops/loaders/loaders/mix_4x_and_3x_functions/user/lib/puppet/functions/user/callingpuppet.rb +5 -0
- data/spec/fixtures/unit/pops/loaders/loaders/module_no_lib/modules/modulea/functions/hello.pp +3 -0
- data/spec/fixtures/unit/pops/loaders/loaders/module_no_lib/modules/modulea/manifests/init.pp +3 -0
- data/spec/fixtures/unit/pops/loaders/loaders/module_no_lib/modules/modulea/metadata.json +10 -0
- data/spec/fixtures/unit/pops/loaders/loaders/single_module/modules/modulea/functions/hello.pp +3 -0
- data/spec/fixtures/unit/pops/loaders/loaders/single_module/modules/modulea/functions/subspace/hello.pp +3 -0
- data/spec/fixtures/unit/pops/loaders/loaders/single_module/modules/modulea/metadata.json +1 -10
- data/spec/fixtures/unit/provider/mount/parsed/aix.filesystems +93 -85
- data/spec/fixtures/unit/provider/mount/parsed/aix.mount +11 -7
- data/spec/fixtures/unit/provider/package/pkgng/pkg.info +8 -0
- data/spec/fixtures/unit/provider/package/pkgng/pkg.query +1 -0
- data/spec/fixtures/unit/provider/package/pkgng/pkg.query_absent +1 -0
- data/spec/fixtures/unit/provider/package/pkgng/pkg.version +3 -0
- data/spec/fixtures/unit/provider/package/zypper/zypper-list-updates-empty.out +3 -0
- data/spec/integration/application/apply_spec.rb +49 -0
- data/spec/integration/faces/plugin_spec.rb +0 -4
- data/spec/integration/indirector/facts/facter_spec.rb +59 -0
- data/spec/integration/parser/compiler_spec.rb +850 -0
- data/spec/integration/parser/resource_expressions_spec.rb +3 -0
- data/spec/integration/parser/scope_spec.rb +26 -5
- data/spec/integration/transaction_spec.rb +1 -1
- data/spec/integration/type/file_spec.rb +318 -41
- data/spec/integration/util/windows/security_spec.rb +14 -5
- data/spec/lib/matchers/resource.rb +22 -1
- data/spec/lib/puppet_spec/matchers.rb +6 -4
- data/spec/unit/application/master_spec.rb +33 -7
- data/spec/unit/data_providers/function_data_provider_spec.rb +10 -1
- data/spec/unit/file_serving/metadata_spec.rb +1 -1
- data/spec/unit/file_serving/terminus_helper_spec.rb +2 -3
- data/spec/unit/file_system_spec.rb +38 -0
- data/spec/unit/functions/defined_spec.rb +289 -0
- data/spec/unit/functions/hiera_spec.rb +8 -6
- data/spec/unit/functions/regsubst_spec.rb +4 -0
- data/spec/unit/functions/split_spec.rb +8 -0
- data/spec/unit/functions4_spec.rb +97 -2
- data/spec/unit/indirector/facts/facter_spec.rb +7 -0
- data/spec/unit/node_spec.rb +6 -0
- data/spec/unit/parser/functions/file_spec.rb +7 -1
- data/spec/unit/parser/functions/template_spec.rb +1 -1
- data/spec/unit/parser/scope_spec.rb +2 -2
- data/spec/unit/parser/templatewrapper_spec.rb +1 -1
- data/spec/unit/pops/evaluator/access_ops_spec.rb +19 -0
- data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +84 -18
- data/spec/unit/pops/evaluator/variables_spec.rb +1 -1
- data/spec/unit/pops/issues_spec.rb +16 -16
- data/spec/unit/pops/loaders/loaders_spec.rb +106 -48
- data/spec/unit/pops/migration_spec.rb +53 -0
- data/spec/unit/pops/parser/lexer2_spec.rb +142 -1
- data/spec/unit/pops/parser/parse_heredoc_spec.rb +26 -0
- data/spec/unit/pops/types/type_calculator_spec.rb +205 -12
- data/spec/unit/pops/validation_spec.rb +66 -0
- data/spec/unit/pops/validator/validator_spec.rb +1 -1
- data/spec/unit/provider/group/windows_adsi_spec.rb +57 -9
- data/spec/unit/provider/mount/parsed_spec.rb +31 -5
- data/spec/unit/provider/package/apt_spec.rb +5 -0
- data/spec/unit/provider/package/pip_spec.rb +9 -0
- data/spec/unit/provider/package/pkgng_spec.rb +172 -0
- data/spec/unit/provider/package/windows/exe_package_spec.rb +0 -1
- data/spec/unit/provider/package/windows/msi_package_spec.rb +0 -1
- data/spec/unit/provider/package/zypper_spec.rb +50 -19
- data/spec/unit/provider/scheduled_task/win32_taskscheduler_spec.rb +312 -70
- data/spec/unit/provider/service/base_spec.rb +38 -27
- data/spec/unit/provider/service/debian_spec.rb +8 -0
- data/spec/unit/provider/service/freebsd_spec.rb +1 -0
- data/spec/unit/provider/service/gentoo_spec.rb +1 -0
- data/spec/unit/provider/service/init_spec.rb +18 -0
- data/spec/unit/provider/service/openbsd_spec.rb +1 -0
- data/spec/unit/provider/service/redhat_spec.rb +1 -0
- data/spec/unit/provider/user/windows_adsi_spec.rb +134 -5
- data/spec/unit/settings_spec.rb +11 -0
- data/spec/unit/util/log_spec.rb +113 -0
- data/spec/unit/util/windows/adsi_spec.rb +135 -41
- data/spec/unit/util/windows/sid_spec.rb +0 -10
- metadata +48 -2
@@ -65,6 +65,8 @@ Puppet::Util::Log.newdesttype :file do
|
|
65
65
|
|
66
66
|
def initialize(path)
|
67
67
|
@name = path
|
68
|
+
@json = path.end_with?('.json') ? 1 : 0
|
69
|
+
|
68
70
|
# first make sure the directory exists
|
69
71
|
# We can't just use 'Config.use' here, because they've
|
70
72
|
# specified a "special" destination.
|
@@ -74,7 +76,21 @@ Puppet::Util::Log.newdesttype :file do
|
|
74
76
|
end
|
75
77
|
|
76
78
|
# create the log file, if it doesn't already exist
|
77
|
-
|
79
|
+
need_array_start = false
|
80
|
+
if @json == 1
|
81
|
+
need_array_start = true
|
82
|
+
if File.exists?(path)
|
83
|
+
sz = File.size(path)
|
84
|
+
need_array_start = sz == 0
|
85
|
+
|
86
|
+
# Assume that entries have been written and that a comma
|
87
|
+
# is needed before next entry
|
88
|
+
@json = 2 if sz > 2
|
89
|
+
end
|
90
|
+
end
|
91
|
+
|
92
|
+
file = File.open(path, File::WRONLY|File::CREAT|File::APPEND)
|
93
|
+
file.puts('[') if need_array_start
|
78
94
|
|
79
95
|
# Give ownership to the user and group puppet will run as
|
80
96
|
if Puppet.features.root? && !Puppet::Util::Platform.windows?
|
@@ -91,7 +107,12 @@ Puppet::Util::Log.newdesttype :file do
|
|
91
107
|
end
|
92
108
|
|
93
109
|
def handle(msg)
|
94
|
-
@
|
110
|
+
if @json > 0
|
111
|
+
@json > 1 ? @file.puts(',') : @json = 2
|
112
|
+
JSON.dump(msg.to_structured_hash, @file)
|
113
|
+
else
|
114
|
+
@file.puts("#{msg.time} #{msg.source} (#{msg.level}): #{msg}")
|
115
|
+
end
|
95
116
|
|
96
117
|
@file.flush if @autoflush
|
97
118
|
end
|
data/lib/puppet/util/logging.rb
CHANGED
@@ -46,8 +46,44 @@ module Puppet::Util::Logging
|
|
46
46
|
# wish to log a message at all; in this case it is likely that you are only calling this method in order
|
47
47
|
# to take advantage of the backtrace logging.
|
48
48
|
def log_exception(exception, message = :default, options = {})
|
49
|
-
|
49
|
+
trace = Puppet[:trace] || options[:trace]
|
50
|
+
if message == :default && exception.is_a?(Puppet::ParseErrorWithIssue)
|
51
|
+
# Retain all detailed info and keep plain message and stacktrace separate
|
52
|
+
backtrace = []
|
53
|
+
build_exception_trace(backtrace, exception, trace)
|
54
|
+
Puppet::Util::Log.create({
|
55
|
+
:level => :err,
|
56
|
+
:source => log_source,
|
57
|
+
:message => exception.basic_message,
|
58
|
+
:issue_code => exception.issue_code,
|
59
|
+
:backtrace => backtrace.empty? ? nil : backtrace,
|
60
|
+
:file => exception.file,
|
61
|
+
:line => exception.line,
|
62
|
+
:pos => exception.pos,
|
63
|
+
:environment => exception.environment,
|
64
|
+
:node => exception.node
|
65
|
+
}.merge(log_metadata))
|
66
|
+
else
|
67
|
+
err(format_exception(exception, message, trace))
|
68
|
+
end
|
69
|
+
end
|
70
|
+
|
71
|
+
def build_exception_trace(arr, exception, trace = true)
|
72
|
+
if trace and exception.backtrace
|
73
|
+
exception.backtrace.each do |line|
|
74
|
+
arr << line =~ /^(.+):(\d+.*)$/ ? ("#{Pathname($1).realpath}:#{$2}" rescue line) : line
|
75
|
+
end
|
76
|
+
end
|
77
|
+
if exception.respond_to?(:original)
|
78
|
+
original = exception.original
|
79
|
+
unless original.nil?
|
80
|
+
arr << 'Wrapped exception:'
|
81
|
+
arr << original.message
|
82
|
+
build_exception_trace(arr, original, trace)
|
83
|
+
end
|
84
|
+
end
|
50
85
|
end
|
86
|
+
private :build_exception_trace
|
51
87
|
|
52
88
|
def format_exception(exception, message = :default, trace = true)
|
53
89
|
arr = []
|
data/lib/puppet/util/run_mode.rb
CHANGED
@@ -1,5 +1,4 @@
|
|
1
1
|
require 'etc'
|
2
|
-
require 'fileutils'
|
3
2
|
|
4
3
|
module Puppet
|
5
4
|
module Util
|
@@ -53,19 +52,7 @@ module Puppet
|
|
53
52
|
if Puppet.features.root?
|
54
53
|
File.expand_path(system)
|
55
54
|
else
|
56
|
-
|
57
|
-
# both root and non-root users. The paths used by the root user are created
|
58
|
-
# by packaging, so no special action is required in the code.
|
59
|
-
#
|
60
|
-
# However, for non-root users, these new paths introduce deep paths (see below
|
61
|
-
# in the two RunMode sub-classes). Since puppet doesn't create parent directories
|
62
|
-
# for directories in the settings catalog, we take this opportunity to create
|
63
|
-
# those parent directories. (Note that pre-AIO this code would have had to do the
|
64
|
-
# same thing, except that everything was under ~/.puppet which was confdir so was
|
65
|
-
# created.)
|
66
|
-
expanded_user = File.expand_path(user)
|
67
|
-
FileUtils.mkdir_p(File.dirname(expanded_user)) if File.exists?(File.expand_path('~'))
|
68
|
-
expanded_user
|
55
|
+
File.expand_path(user)
|
69
56
|
end
|
70
57
|
end
|
71
58
|
end
|
@@ -15,7 +15,7 @@ module Puppet::Util::Windows::ADSI
|
|
15
15
|
def connect(uri)
|
16
16
|
begin
|
17
17
|
WIN32OLE.connect(uri)
|
18
|
-
rescue
|
18
|
+
rescue WIN32OLERuntimeError => e
|
19
19
|
raise Puppet::Error.new( "ADSI connection error: #{e}", e )
|
20
20
|
end
|
21
21
|
end
|
@@ -97,18 +97,19 @@ module Puppet::Util::Windows::ADSI
|
|
97
97
|
[:lpwstr, :lpdword], :win32_bool
|
98
98
|
end
|
99
99
|
|
100
|
-
|
101
|
-
|
102
|
-
|
100
|
+
module Shared
|
101
|
+
def uri(name, host = '.')
|
102
|
+
if sid_uri = Puppet::Util::Windows::ADSI.sid_uri_safe(name) then return sid_uri end
|
103
103
|
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
104
|
+
host = '.' if ['NT AUTHORITY', 'BUILTIN', Socket.gethostname].include?(host)
|
105
|
+
|
106
|
+
# group or user
|
107
|
+
account_type = self.name.split('::').last.downcase
|
108
|
+
|
109
|
+
Puppet::Util::Windows::ADSI.uri(name, account_type, host)
|
109
110
|
end
|
110
111
|
|
111
|
-
def
|
112
|
+
def parse_name(name)
|
112
113
|
if name =~ /\//
|
113
114
|
raise Puppet::Error.new( "Value must be in DOMAIN\\user style syntax" )
|
114
115
|
end
|
@@ -120,20 +121,51 @@ module Puppet::Util::Windows::ADSI
|
|
120
121
|
return account, domain
|
121
122
|
end
|
122
123
|
|
123
|
-
def
|
124
|
-
|
124
|
+
def get_sids(adsi_child_collection)
|
125
|
+
sids = []
|
126
|
+
adsi_child_collection.each do |m|
|
127
|
+
sids << Puppet::Util::Windows::SID.octet_string_to_sid_object(m.objectSID)
|
128
|
+
end
|
129
|
+
|
130
|
+
sids
|
125
131
|
end
|
126
132
|
|
127
|
-
def
|
128
|
-
|
133
|
+
def name_sid_hash(names)
|
134
|
+
return {} if names.nil? || names.empty?
|
135
|
+
|
136
|
+
sids = names.map do |name|
|
137
|
+
sid = Puppet::Util::Windows::SID.name_to_sid_object(name)
|
138
|
+
raise Puppet::Error.new( "Could not resolve name: #{name}" ) if !sid
|
139
|
+
[sid.to_s, sid]
|
140
|
+
end
|
141
|
+
|
142
|
+
Hash[ sids ]
|
129
143
|
end
|
144
|
+
end
|
130
145
|
|
131
|
-
|
132
|
-
|
146
|
+
class User
|
147
|
+
extend Enumerable
|
148
|
+
extend Puppet::Util::Windows::ADSI::Shared
|
149
|
+
extend FFI::Library
|
133
150
|
|
134
|
-
|
151
|
+
# https://msdn.microsoft.com/en-us/library/aa746340.aspx
|
152
|
+
# IADsUser interface
|
153
|
+
|
154
|
+
require 'puppet/util/windows/sid'
|
135
155
|
|
136
|
-
|
156
|
+
attr_accessor :native_user
|
157
|
+
attr_reader :name, :sid
|
158
|
+
def initialize(name, native_user = nil)
|
159
|
+
@name = name
|
160
|
+
@native_user = native_user
|
161
|
+
end
|
162
|
+
|
163
|
+
def native_user
|
164
|
+
@native_user ||= Puppet::Util::Windows::ADSI.connect(self.class.uri(*self.class.parse_name(@name)))
|
165
|
+
end
|
166
|
+
|
167
|
+
def sid
|
168
|
+
@sid ||= Puppet::Util::Windows::SID.octet_string_to_sid_object(native_user.objectSID)
|
137
169
|
end
|
138
170
|
|
139
171
|
def uri
|
@@ -155,7 +187,15 @@ module Puppet::Util::Windows::ADSI
|
|
155
187
|
def commit
|
156
188
|
begin
|
157
189
|
native_user.SetInfo unless native_user.nil?
|
158
|
-
rescue
|
190
|
+
rescue WIN32OLERuntimeError => e
|
191
|
+
# ERROR_BAD_USERNAME 2202L from winerror.h
|
192
|
+
if e.message =~ /8007089A/m
|
193
|
+
raise Puppet::Error.new(
|
194
|
+
"Puppet is not able to create/delete domain users with the user resource.",
|
195
|
+
e
|
196
|
+
)
|
197
|
+
end
|
198
|
+
|
159
199
|
raise Puppet::Error.new( "User update failed: #{e}", e )
|
160
200
|
end
|
161
201
|
self
|
@@ -181,6 +221,7 @@ module Puppet::Util::Windows::ADSI
|
|
181
221
|
end
|
182
222
|
|
183
223
|
def groups
|
224
|
+
# https://msdn.microsoft.com/en-us/library/aa746342.aspx
|
184
225
|
# WIN32OLE objects aren't enumerable, so no map
|
185
226
|
groups = []
|
186
227
|
native_user.Groups.each {|g| groups << g.Name} rescue nil
|
@@ -201,21 +242,54 @@ module Puppet::Util::Windows::ADSI
|
|
201
242
|
end
|
202
243
|
alias remove_from_group remove_from_groups
|
203
244
|
|
245
|
+
|
246
|
+
def add_group_sids(*sids)
|
247
|
+
group_names = []
|
248
|
+
sids.each do |sid|
|
249
|
+
group_names << Puppet::Util::Windows::SID.sid_to_name(sid)
|
250
|
+
end
|
251
|
+
|
252
|
+
add_to_groups(*group_names)
|
253
|
+
end
|
254
|
+
|
255
|
+
def remove_group_sids(*sids)
|
256
|
+
group_names = []
|
257
|
+
sids.each do |sid|
|
258
|
+
group_names << Puppet::Util::Windows::SID.sid_to_name(sid)
|
259
|
+
end
|
260
|
+
|
261
|
+
remove_from_groups(*group_names)
|
262
|
+
end
|
263
|
+
|
264
|
+
def group_sids
|
265
|
+
self.class.get_sids(native_user.Groups)
|
266
|
+
end
|
267
|
+
|
204
268
|
def set_groups(desired_groups, minimum = true)
|
205
|
-
return if desired_groups.nil?
|
269
|
+
return if desired_groups.nil?
|
206
270
|
|
207
271
|
desired_groups = desired_groups.split(',').map(&:strip)
|
208
272
|
|
209
|
-
|
273
|
+
current_hash = Hash[ self.group_sids.map { |sid| [sid.to_s, sid] } ]
|
274
|
+
desired_hash = self.class.name_sid_hash(desired_groups)
|
210
275
|
|
211
276
|
# First we add the user to all the groups it should be in but isn't
|
212
|
-
|
213
|
-
|
277
|
+
if !desired_groups.empty?
|
278
|
+
groups_to_add = (desired_hash.keys - current_hash.keys).map { |sid| desired_hash[sid] }
|
279
|
+
add_group_sids(*groups_to_add)
|
280
|
+
end
|
214
281
|
|
215
282
|
# Then we remove the user from all groups it is in but shouldn't be, if
|
216
283
|
# that's been requested
|
217
|
-
|
218
|
-
|
284
|
+
if !minimum
|
285
|
+
if desired_hash.empty?
|
286
|
+
groups_to_remove = current_hash.values
|
287
|
+
else
|
288
|
+
groups_to_remove = (current_hash.keys - desired_hash.keys).map { |sid| current_hash[sid] }
|
289
|
+
end
|
290
|
+
|
291
|
+
remove_group_sids(*groups_to_remove)
|
292
|
+
end
|
219
293
|
end
|
220
294
|
|
221
295
|
def self.create(name)
|
@@ -279,7 +353,7 @@ module Puppet::Util::Windows::ADSI
|
|
279
353
|
def self.delete(sid)
|
280
354
|
begin
|
281
355
|
Puppet::Util::Windows::ADSI.wmi_connection.Delete("Win32_UserProfile.SID='#{sid}'")
|
282
|
-
rescue => e
|
356
|
+
rescue WIN32OLERuntimeError => e
|
283
357
|
# http://social.technet.microsoft.com/Forums/en/ITCG/thread/0f190051-ac96-4bf1-a47f-6b864bfacee5
|
284
358
|
# Prior to Vista SP1, there's no builtin way to programmatically
|
285
359
|
# delete user profiles (except for delprof.exe). So try to delete
|
@@ -293,6 +367,10 @@ module Puppet::Util::Windows::ADSI
|
|
293
367
|
|
294
368
|
class Group
|
295
369
|
extend Enumerable
|
370
|
+
extend Puppet::Util::Windows::ADSI::Shared
|
371
|
+
|
372
|
+
# https://msdn.microsoft.com/en-us/library/aa706021.aspx
|
373
|
+
# IADsGroup interface
|
296
374
|
|
297
375
|
attr_accessor :native_group
|
298
376
|
attr_reader :name, :sid
|
@@ -302,17 +380,11 @@ module Puppet::Util::Windows::ADSI
|
|
302
380
|
end
|
303
381
|
|
304
382
|
def uri
|
305
|
-
self.class.uri(
|
306
|
-
end
|
307
|
-
|
308
|
-
def self.uri(name, host = '.')
|
309
|
-
if sid_uri = Puppet::Util::Windows::ADSI.sid_uri_safe(name) then return sid_uri end
|
310
|
-
|
311
|
-
Puppet::Util::Windows::ADSI.uri(name, 'group', host)
|
383
|
+
self.class.uri(sid.account, sid.domain)
|
312
384
|
end
|
313
385
|
|
314
386
|
def native_group
|
315
|
-
@native_group ||= Puppet::Util::Windows::ADSI.connect(uri)
|
387
|
+
@native_group ||= Puppet::Util::Windows::ADSI.connect(self.class.uri(*self.class.parse_name(name)))
|
316
388
|
end
|
317
389
|
|
318
390
|
def sid
|
@@ -322,24 +394,20 @@ module Puppet::Util::Windows::ADSI
|
|
322
394
|
def commit
|
323
395
|
begin
|
324
396
|
native_group.SetInfo unless native_group.nil?
|
325
|
-
rescue
|
397
|
+
rescue WIN32OLERuntimeError => e
|
398
|
+
# ERROR_BAD_USERNAME 2202L from winerror.h
|
399
|
+
if e.message =~ /8007089A/m
|
400
|
+
raise Puppet::Error.new(
|
401
|
+
"Puppet is not able to create/delete domain groups with the group resource.",
|
402
|
+
e
|
403
|
+
)
|
404
|
+
end
|
405
|
+
|
326
406
|
raise Puppet::Error.new( "Group update failed: #{e}", e )
|
327
407
|
end
|
328
408
|
self
|
329
409
|
end
|
330
410
|
|
331
|
-
def self.name_sid_hash(names)
|
332
|
-
return {} if names.nil? or names.empty?
|
333
|
-
|
334
|
-
sids = names.map do |name|
|
335
|
-
sid = Puppet::Util::Windows::SID.name_to_sid_object(name)
|
336
|
-
raise Puppet::Error.new( "Could not resolve username: #{name}" ) if !sid
|
337
|
-
[sid.to_s, sid]
|
338
|
-
end
|
339
|
-
|
340
|
-
Hash[ sids ]
|
341
|
-
end
|
342
|
-
|
343
411
|
def add_member_sids(*sids)
|
344
412
|
sids.each do |sid|
|
345
413
|
native_group.Add(Puppet::Util::Windows::ADSI.sid_uri(sid))
|
@@ -360,27 +428,31 @@ module Puppet::Util::Windows::ADSI
|
|
360
428
|
end
|
361
429
|
|
362
430
|
def member_sids
|
363
|
-
|
364
|
-
native_group.Members.each do |m|
|
365
|
-
sids << Puppet::Util::Windows::SID.octet_string_to_sid_object(m.objectSID)
|
366
|
-
end
|
367
|
-
sids
|
431
|
+
self.class.get_sids(native_group.Members)
|
368
432
|
end
|
369
433
|
|
370
434
|
def set_members(desired_members, inclusive = true)
|
371
|
-
return if desired_members.nil?
|
435
|
+
return if desired_members.nil?
|
372
436
|
|
373
437
|
current_hash = Hash[ self.member_sids.map { |sid| [sid.to_s, sid] } ]
|
374
438
|
desired_hash = self.class.name_sid_hash(desired_members)
|
375
439
|
|
376
440
|
# First we add all missing members
|
377
|
-
|
378
|
-
|
441
|
+
if !desired_hash.empty?
|
442
|
+
members_to_add = (desired_hash.keys - current_hash.keys).map { |sid| desired_hash[sid] }
|
443
|
+
add_member_sids(*members_to_add)
|
444
|
+
end
|
379
445
|
|
380
|
-
# Then we remove all extra members
|
381
|
-
|
446
|
+
# Then we remove all extra members if inclusive
|
447
|
+
if inclusive
|
448
|
+
if desired_hash.empty?
|
449
|
+
members_to_remove = current_hash.values
|
450
|
+
else
|
451
|
+
members_to_remove = (current_hash.keys - desired_hash.keys).map { |sid| current_hash[sid] }
|
452
|
+
end
|
382
453
|
|
383
|
-
|
454
|
+
remove_member_sids(*members_to_remove)
|
455
|
+
end
|
384
456
|
end
|
385
457
|
|
386
458
|
def self.create(name)
|
data/lib/puppet/version.rb
CHANGED
data/man/man5/puppet.conf.5
CHANGED
@@ -1,8 +1,8 @@
|
|
1
1
|
.\" generated with Ronn/v0.7.3
|
2
2
|
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
3
3
|
.
|
4
|
-
.TH "PUPPETCONF" "5" "
|
5
|
-
\fBThis page is autogenerated; any changes will get overwritten\fR \fI(last generated on 2015\-
|
4
|
+
.TH "PUPPETCONF" "5" "May 2015" "Puppet Labs, LLC" "Puppet manual"
|
5
|
+
\fBThis page is autogenerated; any changes will get overwritten\fR \fI(last generated on 2015\-05\-18 10:15:47 \-0700)\fR
|
6
6
|
.
|
7
7
|
.SH "Configuration Settings"
|
8
8
|
.
|
@@ -586,7 +586,24 @@ The name of a registered environment data provider\. The two built in and regist
|
|
586
586
|
.IP "" 0
|
587
587
|
.
|
588
588
|
.SS "environment_timeout"
|
589
|
-
|
589
|
+
How long the Puppet master should cache data it loads from an environment\. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y)\. A value of \fB0\fR will disable caching\. This setting can also be set to \fBunlimited\fR, which will cache environments until the master is restarted or told to refresh the cache\.
|
590
|
+
.
|
591
|
+
.P
|
592
|
+
You should change this setting once your Puppet deployment is doing non\-trivial work\. We chose the default value of \fB0\fR because it lets new users update their code without any extra steps, but it lowers the performance of your Puppet master\.
|
593
|
+
.
|
594
|
+
.P
|
595
|
+
We recommend setting this to \fBunlimited\fR and explicitly refreshing your Puppet master as part of your code deployment process\.
|
596
|
+
.
|
597
|
+
.IP "\(bu" 4
|
598
|
+
With Puppet Server, you should refresh environments by calling the \fBenvironment\-cache\fR API endpoint\. See the docs for the Puppet Server administrative API\.
|
599
|
+
.
|
600
|
+
.IP "\(bu" 4
|
601
|
+
With a Rack Puppet master, you should restart the web server or the application server\. Passenger lets you touch a \fBrestart\.txt\fR file to refresh an application without restarting Apache; see the Passenger docs for details\.
|
602
|
+
.
|
603
|
+
.IP "" 0
|
604
|
+
.
|
605
|
+
.P
|
606
|
+
We don\'t recommend using any value other than \fB0\fR or \fBunlimited\fR, since most Puppet masters use a pool of Ruby interpreters which all have their own cache timers\. When these timers drift out of sync, agents can be served inconsistent catalogs\.
|
590
607
|
.
|
591
608
|
.IP "\(bu" 4
|
592
609
|
\fIDefault\fR: 0
|
@@ -687,7 +704,16 @@ Whether to just print a manifest to stdout and exit\. Only makes sense when spec
|
|
687
704
|
.IP "" 0
|
688
705
|
.
|
689
706
|
.SS "graph"
|
690
|
-
Whether to create dot graph files
|
707
|
+
Whether to create \.dot graph files, which let you visualize the dependency and containment relationships in Puppet\'s catalog\. You can load and view these files with tools like OmniGraffle \fIhttp://www\.omnigroup\.com/applications/omnigraffle/\fR (OS X) or graphviz \fIhttp://www\.graphviz\.org/\fR (multi\-platform)\.
|
708
|
+
.
|
709
|
+
.P
|
710
|
+
Graph files are created when \fIapplying\fR a catalog, so this setting should be used on nodes running \fBpuppet agent\fR or \fBpuppet apply\fR\.
|
711
|
+
.
|
712
|
+
.P
|
713
|
+
The \fBgraphdir\fR setting determines where Puppet will save graphs\. Note that we don\'t save graphs for historical runs; Puppet will replace the previous \.dot files with new ones every time it applies a catalog\.
|
714
|
+
.
|
715
|
+
.P
|
716
|
+
See your graphing software\'s documentation for details on opening \.dot files\. If you\'re using GraphViz\'s \fBdot\fR command, you can do a quick PNG render with \fBdot \-Tpng <DOT FILE> \-o <OUTPUT FILE>\fR\.
|
691
717
|
.
|
692
718
|
.IP "\(bu" 4
|
693
719
|
\fIDefault\fR: false
|
@@ -695,7 +721,7 @@ Whether to create dot graph files for the different configuration graphs\. These
|
|
695
721
|
.IP "" 0
|
696
722
|
.
|
697
723
|
.SS "graphdir"
|
698
|
-
Where to
|
724
|
+
Where to save \.dot\-format graphs (when the \fBgraph\fR setting is enabled)\.
|
699
725
|
.
|
700
726
|
.IP "\(bu" 4
|
701
727
|
\fIDefault\fR: $statedir/graphs
|
@@ -1293,6 +1319,14 @@ The preferred means of serializing ruby instances for passing over the wire\. Th
|
|
1293
1319
|
.SS "prerun_command"
|
1294
1320
|
A command to run before every agent run\. If this command returns a non\-zero return code, the entire Puppet run will fail\.
|
1295
1321
|
.
|
1322
|
+
.SS "preview_outputdir"
|
1323
|
+
The directory where catalog previews per node are generated\.
|
1324
|
+
.
|
1325
|
+
.IP "\(bu" 4
|
1326
|
+
\fIDefault\fR: $vardir/preview
|
1327
|
+
.
|
1328
|
+
.IP "" 0
|
1329
|
+
.
|
1296
1330
|
.SS "priority"
|
1297
1331
|
The scheduling priority of the process\. Valid values are \'high\', \'normal\', \'low\', or \'idle\', which are mapped to platform\-specific values\. The priority can also be specified as an integer value and will be passed as is, e\.g\. \-5\. Puppet must be running as a privileged user in order to increase scheduling priority\.
|
1298
1332
|
.
|
@@ -1652,6 +1686,14 @@ File that provides mapping between custom SSL oids and user\-friendly names
|
|
1652
1686
|
.
|
1653
1687
|
.IP "" 0
|
1654
1688
|
.
|
1689
|
+
.SS "trusted_server_facts"
|
1690
|
+
Stores a trusted set of server\-side global variables in a hash called $server_facts, which cannot be cannot be overridden by client_facts or logic in manifests\. Makes it illegal to assign to the variable $server_facts in any scope\.
|
1691
|
+
.
|
1692
|
+
.IP "\(bu" 4
|
1693
|
+
\fIDefault\fR: false
|
1694
|
+
.
|
1695
|
+
.IP "" 0
|
1696
|
+
.
|
1655
1697
|
.SS "use_cached_catalog"
|
1656
1698
|
Whether to only use the cached catalog rather than compiling a new catalog on every run\. Puppet can be run with this enabled by default and then selectively disabled when a recompile is desired\.
|
1657
1699
|
.
|
@@ -1715,4 +1757,4 @@ The directory in which YAML data is stored, usually in a subdirectory\.
|
|
1715
1757
|
.IP "" 0
|
1716
1758
|
.
|
1717
1759
|
.P
|
1718
|
-
\fIThis page autogenerated on 2015\-
|
1760
|
+
\fIThis page autogenerated on 2015\-05\-18 10:15:47 \-0700\fR
|