puppet 4.0.0 → 4.1.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of puppet might be problematic. Click here for more details.

Files changed (219) hide show
  1. checksums.yaml +4 -4
  2. data/ext/build_defaults.yaml +8 -35
  3. data/ext/debian/puppet.default +0 -5
  4. data/ext/debian/puppet.init +1 -15
  5. data/lib/hiera/puppet_function.rb +15 -4
  6. data/lib/puppet/application/agent.rb +5 -0
  7. data/lib/puppet/application/apply.rb +23 -2
  8. data/lib/puppet/application/device.rb +8 -3
  9. data/lib/puppet/application/master.rb +16 -5
  10. data/lib/puppet/configurer.rb +7 -5
  11. data/lib/puppet/defaults.rb +18 -0
  12. data/lib/puppet/environments.rb +1 -1
  13. data/lib/puppet/error.rb +27 -1
  14. data/lib/puppet/file_serving/metadata.rb +13 -8
  15. data/lib/puppet/file_serving/terminus_helper.rb +7 -8
  16. data/lib/puppet/file_system.rb +13 -0
  17. data/lib/puppet/file_system/file_impl.rb +4 -0
  18. data/lib/puppet/file_system/memory_impl.rb +4 -0
  19. data/lib/puppet/file_system/windows.rb +8 -0
  20. data/lib/puppet/functions.rb +33 -3
  21. data/lib/puppet/functions/defined.rb +130 -0
  22. data/lib/puppet/functions/regsubst.rb +1 -1
  23. data/lib/puppet/functions/split.rb +1 -1
  24. data/lib/puppet/indirector/catalog/compiler.rb +1 -1
  25. data/lib/puppet/indirector/facts/facter.rb +11 -0
  26. data/lib/puppet/loaders.rb +1 -0
  27. data/lib/puppet/node.rb +17 -1
  28. data/lib/puppet/node/environment.rb +4 -0
  29. data/lib/puppet/parser/ast/pops_bridge.rb +4 -0
  30. data/lib/puppet/parser/compiler.rb +9 -0
  31. data/lib/puppet/parser/functions/defined.rb +25 -1
  32. data/lib/puppet/parser/functions/file.rb +3 -1
  33. data/lib/puppet/parser/scope.rb +11 -2
  34. data/lib/puppet/parser/templatewrapper.rb +2 -1
  35. data/lib/puppet/pops.rb +4 -0
  36. data/lib/puppet/pops/evaluator/access_operator.rb +25 -5
  37. data/lib/puppet/pops/evaluator/closure.rb +28 -2
  38. data/lib/puppet/pops/evaluator/collector_transformer.rb +1 -11
  39. data/lib/puppet/pops/evaluator/collectors/catalog_collector.rb +4 -0
  40. data/lib/puppet/pops/evaluator/collectors/exported_collector.rb +4 -0
  41. data/lib/puppet/pops/evaluator/compare_operator.rb +43 -0
  42. data/lib/puppet/pops/evaluator/epp_evaluator.rb +7 -2
  43. data/lib/puppet/pops/evaluator/evaluator_impl.rb +48 -14
  44. data/lib/puppet/pops/evaluator/runtime3_support.rb +10 -5
  45. data/lib/puppet/pops/functions/dispatch.rb +6 -1
  46. data/lib/puppet/pops/functions/dispatcher.rb +7 -1
  47. data/lib/puppet/pops/issue_reporter.rb +42 -16
  48. data/lib/puppet/pops/issues.rb +116 -2
  49. data/lib/puppet/pops/loader/loader.rb +11 -0
  50. data/lib/puppet/pops/loader/loader_paths.rb +67 -6
  51. data/lib/puppet/pops/loader/module_loaders.rb +19 -8
  52. data/lib/puppet/pops/loader/puppet_function_instantiator.rb +78 -0
  53. data/lib/puppet/pops/loaders.rb +6 -4
  54. data/lib/puppet/pops/migration/migration_checker.rb +54 -0
  55. data/lib/puppet/pops/model/factory.rb +5 -1
  56. data/lib/puppet/pops/model/model_label_provider.rb +2 -0
  57. data/lib/puppet/pops/model/model_meta.rb +5 -1
  58. data/lib/puppet/pops/parser/egrammar.ra +9 -10
  59. data/lib/puppet/pops/parser/eparser.rb +1061 -1047
  60. data/lib/puppet/pops/parser/epp_support.rb +18 -9
  61. data/lib/puppet/pops/parser/evaluating_parser.rb +7 -1
  62. data/lib/puppet/pops/parser/heredoc_support.rb +12 -11
  63. data/lib/puppet/pops/parser/interpolation_support.rb +7 -1
  64. data/lib/puppet/pops/parser/lexer2.rb +29 -12
  65. data/lib/puppet/pops/parser/lexer_support.rb +52 -23
  66. data/lib/puppet/pops/parser/parser_support.rb +11 -14
  67. data/lib/puppet/pops/parser/slurp_support.rb +22 -6
  68. data/lib/puppet/pops/types/type_calculator.rb +156 -55
  69. data/lib/puppet/pops/types/type_factory.rb +66 -13
  70. data/lib/puppet/pops/types/type_parser.rb +22 -13
  71. data/lib/puppet/pops/types/types.rb +23 -4
  72. data/lib/puppet/pops/types/types_meta.rb +13 -2
  73. data/lib/puppet/pops/validation.rb +25 -2
  74. data/lib/puppet/pops/validation/checker4_0.rb +63 -31
  75. data/lib/puppet/provider/group/windows_adsi.rb +8 -4
  76. data/lib/puppet/provider/mount/parsed.rb +145 -2
  77. data/lib/puppet/provider/package/apt.rb +1 -1
  78. data/lib/puppet/provider/package/pip.rb +11 -2
  79. data/lib/puppet/provider/package/pkgng.rb +134 -0
  80. data/lib/puppet/provider/package/portage.rb +1 -1
  81. data/lib/puppet/provider/package/ports.rb +0 -3
  82. data/lib/puppet/provider/package/windows/exe_package.rb +0 -1
  83. data/lib/puppet/provider/package/windows/msi_package.rb +0 -1
  84. data/lib/puppet/provider/package/zypper.rb +50 -15
  85. data/lib/puppet/provider/scheduled_task/win32_taskscheduler.rb +32 -7
  86. data/lib/puppet/provider/service/debian.rb +1 -1
  87. data/lib/puppet/provider/service/init.rb +7 -0
  88. data/lib/puppet/provider/user/openbsd.rb +1 -0
  89. data/lib/puppet/provider/user/windows_adsi.rb +45 -2
  90. data/lib/puppet/reference/indirection.rb +1 -1
  91. data/lib/puppet/resource.rb +1 -1
  92. data/lib/puppet/resource/catalog.rb +0 -4
  93. data/lib/puppet/settings.rb +19 -0
  94. data/lib/puppet/type/file.rb +1 -0
  95. data/lib/puppet/type/file/ensure.rb +1 -1
  96. data/lib/puppet/type/mount.rb +9 -1
  97. data/lib/puppet/type/scheduled_task.rb +13 -0
  98. data/lib/puppet/type/tidy.rb +3 -1
  99. data/lib/puppet/type/user.rb +32 -0
  100. data/lib/puppet/type/yumrepo.rb +5 -5
  101. data/lib/puppet/util/log.rb +50 -8
  102. data/lib/puppet/util/log/destinations.rb +23 -2
  103. data/lib/puppet/util/logging.rb +37 -1
  104. data/lib/puppet/util/run_mode.rb +1 -14
  105. data/lib/puppet/util/windows/adsi.rb +130 -58
  106. data/lib/puppet/version.rb +1 -1
  107. data/man/man5/puppet.conf.5 +48 -6
  108. data/man/man8/extlookup2hiera.8 +1 -1
  109. data/man/man8/puppet-agent.8 +4 -1
  110. data/man/man8/puppet-apply.8 +4 -1
  111. data/man/man8/puppet-ca.8 +1 -1
  112. data/man/man8/puppet-catalog.8 +1 -1
  113. data/man/man8/puppet-cert.8 +1 -1
  114. data/man/man8/puppet-certificate.8 +1 -1
  115. data/man/man8/puppet-certificate_request.8 +1 -1
  116. data/man/man8/puppet-certificate_revocation_list.8 +1 -1
  117. data/man/man8/puppet-config.8 +1 -1
  118. data/man/man8/puppet-describe.8 +1 -1
  119. data/man/man8/puppet-device.8 +6 -3
  120. data/man/man8/puppet-doc.8 +1 -1
  121. data/man/man8/puppet-epp.8 +1 -1
  122. data/man/man8/puppet-facts.8 +1 -1
  123. data/man/man8/puppet-file.8 +1 -1
  124. data/man/man8/puppet-filebucket.8 +1 -1
  125. data/man/man8/puppet-help.8 +1 -1
  126. data/man/man8/puppet-inspect.8 +1 -1
  127. data/man/man8/puppet-key.8 +1 -1
  128. data/man/man8/puppet-man.8 +1 -1
  129. data/man/man8/puppet-master.8 +4 -1
  130. data/man/man8/puppet-module.8 +1 -1
  131. data/man/man8/puppet-node.8 +1 -1
  132. data/man/man8/puppet-parser.8 +1 -1
  133. data/man/man8/puppet-plugin.8 +1 -1
  134. data/man/man8/puppet-report.8 +1 -1
  135. data/man/man8/puppet-resource.8 +1 -1
  136. data/man/man8/puppet-resource_type.8 +1 -1
  137. data/man/man8/puppet-status.8 +1 -1
  138. data/man/man8/puppet.8 +1 -1
  139. data/spec/fixtures/unit/data_providers/environments/production/lib/puppet/functions/environment/data.rb +3 -1
  140. data/spec/fixtures/unit/data_providers/environments/production/modules/xyz/functions/data.pp +6 -0
  141. data/spec/fixtures/unit/data_providers/environments/production/modules/xyz/lib/puppet/bindings/xyz/default.rb +9 -0
  142. data/spec/fixtures/unit/data_providers/environments/production/modules/xyz/manifests/init.pp +9 -0
  143. data/spec/fixtures/unit/pops/loaders/loaders/mix_4x_and_3x_functions/user/functions/puppetcalled.pp +3 -0
  144. data/spec/fixtures/unit/pops/loaders/loaders/mix_4x_and_3x_functions/user/functions/puppetcaller.pp +3 -0
  145. data/spec/fixtures/unit/pops/loaders/loaders/mix_4x_and_3x_functions/user/functions/puppetcaller4.pp +3 -0
  146. data/spec/fixtures/unit/pops/loaders/loaders/mix_4x_and_3x_functions/user/lib/puppet/functions/user/callingpuppet.rb +5 -0
  147. data/spec/fixtures/unit/pops/loaders/loaders/module_no_lib/modules/modulea/functions/hello.pp +3 -0
  148. data/spec/fixtures/unit/pops/loaders/loaders/module_no_lib/modules/modulea/manifests/init.pp +3 -0
  149. data/spec/fixtures/unit/pops/loaders/loaders/module_no_lib/modules/modulea/metadata.json +10 -0
  150. data/spec/fixtures/unit/pops/loaders/loaders/single_module/modules/modulea/functions/hello.pp +3 -0
  151. data/spec/fixtures/unit/pops/loaders/loaders/single_module/modules/modulea/functions/subspace/hello.pp +3 -0
  152. data/spec/fixtures/unit/pops/loaders/loaders/single_module/modules/modulea/metadata.json +1 -10
  153. data/spec/fixtures/unit/provider/mount/parsed/aix.filesystems +93 -85
  154. data/spec/fixtures/unit/provider/mount/parsed/aix.mount +11 -7
  155. data/spec/fixtures/unit/provider/package/pkgng/pkg.info +8 -0
  156. data/spec/fixtures/unit/provider/package/pkgng/pkg.query +1 -0
  157. data/spec/fixtures/unit/provider/package/pkgng/pkg.query_absent +1 -0
  158. data/spec/fixtures/unit/provider/package/pkgng/pkg.version +3 -0
  159. data/spec/fixtures/unit/provider/package/zypper/zypper-list-updates-empty.out +3 -0
  160. data/spec/integration/application/apply_spec.rb +49 -0
  161. data/spec/integration/faces/plugin_spec.rb +0 -4
  162. data/spec/integration/indirector/facts/facter_spec.rb +59 -0
  163. data/spec/integration/parser/compiler_spec.rb +850 -0
  164. data/spec/integration/parser/resource_expressions_spec.rb +3 -0
  165. data/spec/integration/parser/scope_spec.rb +26 -5
  166. data/spec/integration/transaction_spec.rb +1 -1
  167. data/spec/integration/type/file_spec.rb +318 -41
  168. data/spec/integration/util/windows/security_spec.rb +14 -5
  169. data/spec/lib/matchers/resource.rb +22 -1
  170. data/spec/lib/puppet_spec/matchers.rb +6 -4
  171. data/spec/unit/application/master_spec.rb +33 -7
  172. data/spec/unit/data_providers/function_data_provider_spec.rb +10 -1
  173. data/spec/unit/file_serving/metadata_spec.rb +1 -1
  174. data/spec/unit/file_serving/terminus_helper_spec.rb +2 -3
  175. data/spec/unit/file_system_spec.rb +38 -0
  176. data/spec/unit/functions/defined_spec.rb +289 -0
  177. data/spec/unit/functions/hiera_spec.rb +8 -6
  178. data/spec/unit/functions/regsubst_spec.rb +4 -0
  179. data/spec/unit/functions/split_spec.rb +8 -0
  180. data/spec/unit/functions4_spec.rb +97 -2
  181. data/spec/unit/indirector/facts/facter_spec.rb +7 -0
  182. data/spec/unit/node_spec.rb +6 -0
  183. data/spec/unit/parser/functions/file_spec.rb +7 -1
  184. data/spec/unit/parser/functions/template_spec.rb +1 -1
  185. data/spec/unit/parser/scope_spec.rb +2 -2
  186. data/spec/unit/parser/templatewrapper_spec.rb +1 -1
  187. data/spec/unit/pops/evaluator/access_ops_spec.rb +19 -0
  188. data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +84 -18
  189. data/spec/unit/pops/evaluator/variables_spec.rb +1 -1
  190. data/spec/unit/pops/issues_spec.rb +16 -16
  191. data/spec/unit/pops/loaders/loaders_spec.rb +106 -48
  192. data/spec/unit/pops/migration_spec.rb +53 -0
  193. data/spec/unit/pops/parser/lexer2_spec.rb +142 -1
  194. data/spec/unit/pops/parser/parse_heredoc_spec.rb +26 -0
  195. data/spec/unit/pops/types/type_calculator_spec.rb +205 -12
  196. data/spec/unit/pops/validation_spec.rb +66 -0
  197. data/spec/unit/pops/validator/validator_spec.rb +1 -1
  198. data/spec/unit/provider/group/windows_adsi_spec.rb +57 -9
  199. data/spec/unit/provider/mount/parsed_spec.rb +31 -5
  200. data/spec/unit/provider/package/apt_spec.rb +5 -0
  201. data/spec/unit/provider/package/pip_spec.rb +9 -0
  202. data/spec/unit/provider/package/pkgng_spec.rb +172 -0
  203. data/spec/unit/provider/package/windows/exe_package_spec.rb +0 -1
  204. data/spec/unit/provider/package/windows/msi_package_spec.rb +0 -1
  205. data/spec/unit/provider/package/zypper_spec.rb +50 -19
  206. data/spec/unit/provider/scheduled_task/win32_taskscheduler_spec.rb +312 -70
  207. data/spec/unit/provider/service/base_spec.rb +38 -27
  208. data/spec/unit/provider/service/debian_spec.rb +8 -0
  209. data/spec/unit/provider/service/freebsd_spec.rb +1 -0
  210. data/spec/unit/provider/service/gentoo_spec.rb +1 -0
  211. data/spec/unit/provider/service/init_spec.rb +18 -0
  212. data/spec/unit/provider/service/openbsd_spec.rb +1 -0
  213. data/spec/unit/provider/service/redhat_spec.rb +1 -0
  214. data/spec/unit/provider/user/windows_adsi_spec.rb +134 -5
  215. data/spec/unit/settings_spec.rb +11 -0
  216. data/spec/unit/util/log_spec.rb +113 -0
  217. data/spec/unit/util/windows/adsi_spec.rb +135 -41
  218. data/spec/unit/util/windows/sid_spec.rb +0 -10
  219. metadata +48 -2
@@ -15,7 +15,7 @@ module Puppet::Util::Windows::ADSI
15
15
  def connect(uri)
16
16
  begin
17
17
  WIN32OLE.connect(uri)
18
- rescue Exception => e
18
+ rescue WIN32OLERuntimeError => e
19
19
  raise Puppet::Error.new( "ADSI connection error: #{e}", e )
20
20
  end
21
21
  end
@@ -97,18 +97,19 @@ module Puppet::Util::Windows::ADSI
97
97
  [:lpwstr, :lpdword], :win32_bool
98
98
  end
99
99
 
100
- class User
101
- extend Enumerable
102
- extend FFI::Library
100
+ module Shared
101
+ def uri(name, host = '.')
102
+ if sid_uri = Puppet::Util::Windows::ADSI.sid_uri_safe(name) then return sid_uri end
103
103
 
104
- attr_accessor :native_user
105
- attr_reader :name, :sid
106
- def initialize(name, native_user = nil)
107
- @name = name
108
- @native_user = native_user
104
+ host = '.' if ['NT AUTHORITY', 'BUILTIN', Socket.gethostname].include?(host)
105
+
106
+ # group or user
107
+ account_type = self.name.split('::').last.downcase
108
+
109
+ Puppet::Util::Windows::ADSI.uri(name, account_type, host)
109
110
  end
110
111
 
111
- def self.parse_name(name)
112
+ def parse_name(name)
112
113
  if name =~ /\//
113
114
  raise Puppet::Error.new( "Value must be in DOMAIN\\user style syntax" )
114
115
  end
@@ -120,20 +121,51 @@ module Puppet::Util::Windows::ADSI
120
121
  return account, domain
121
122
  end
122
123
 
123
- def native_user
124
- @native_user ||= Puppet::Util::Windows::ADSI.connect(self.class.uri(*self.class.parse_name(@name)))
124
+ def get_sids(adsi_child_collection)
125
+ sids = []
126
+ adsi_child_collection.each do |m|
127
+ sids << Puppet::Util::Windows::SID.octet_string_to_sid_object(m.objectSID)
128
+ end
129
+
130
+ sids
125
131
  end
126
132
 
127
- def sid
128
- @sid ||= Puppet::Util::Windows::SID.octet_string_to_sid_object(native_user.objectSID)
133
+ def name_sid_hash(names)
134
+ return {} if names.nil? || names.empty?
135
+
136
+ sids = names.map do |name|
137
+ sid = Puppet::Util::Windows::SID.name_to_sid_object(name)
138
+ raise Puppet::Error.new( "Could not resolve name: #{name}" ) if !sid
139
+ [sid.to_s, sid]
140
+ end
141
+
142
+ Hash[ sids ]
129
143
  end
144
+ end
130
145
 
131
- def self.uri(name, host = '.')
132
- if sid_uri = Puppet::Util::Windows::ADSI.sid_uri_safe(name) then return sid_uri end
146
+ class User
147
+ extend Enumerable
148
+ extend Puppet::Util::Windows::ADSI::Shared
149
+ extend FFI::Library
133
150
 
134
- host = '.' if ['NT AUTHORITY', 'BUILTIN', Socket.gethostname].include?(host)
151
+ # https://msdn.microsoft.com/en-us/library/aa746340.aspx
152
+ # IADsUser interface
153
+
154
+ require 'puppet/util/windows/sid'
135
155
 
136
- Puppet::Util::Windows::ADSI.uri(name, 'user', host)
156
+ attr_accessor :native_user
157
+ attr_reader :name, :sid
158
+ def initialize(name, native_user = nil)
159
+ @name = name
160
+ @native_user = native_user
161
+ end
162
+
163
+ def native_user
164
+ @native_user ||= Puppet::Util::Windows::ADSI.connect(self.class.uri(*self.class.parse_name(@name)))
165
+ end
166
+
167
+ def sid
168
+ @sid ||= Puppet::Util::Windows::SID.octet_string_to_sid_object(native_user.objectSID)
137
169
  end
138
170
 
139
171
  def uri
@@ -155,7 +187,15 @@ module Puppet::Util::Windows::ADSI
155
187
  def commit
156
188
  begin
157
189
  native_user.SetInfo unless native_user.nil?
158
- rescue Exception => e
190
+ rescue WIN32OLERuntimeError => e
191
+ # ERROR_BAD_USERNAME 2202L from winerror.h
192
+ if e.message =~ /8007089A/m
193
+ raise Puppet::Error.new(
194
+ "Puppet is not able to create/delete domain users with the user resource.",
195
+ e
196
+ )
197
+ end
198
+
159
199
  raise Puppet::Error.new( "User update failed: #{e}", e )
160
200
  end
161
201
  self
@@ -181,6 +221,7 @@ module Puppet::Util::Windows::ADSI
181
221
  end
182
222
 
183
223
  def groups
224
+ # https://msdn.microsoft.com/en-us/library/aa746342.aspx
184
225
  # WIN32OLE objects aren't enumerable, so no map
185
226
  groups = []
186
227
  native_user.Groups.each {|g| groups << g.Name} rescue nil
@@ -201,21 +242,54 @@ module Puppet::Util::Windows::ADSI
201
242
  end
202
243
  alias remove_from_group remove_from_groups
203
244
 
245
+
246
+ def add_group_sids(*sids)
247
+ group_names = []
248
+ sids.each do |sid|
249
+ group_names << Puppet::Util::Windows::SID.sid_to_name(sid)
250
+ end
251
+
252
+ add_to_groups(*group_names)
253
+ end
254
+
255
+ def remove_group_sids(*sids)
256
+ group_names = []
257
+ sids.each do |sid|
258
+ group_names << Puppet::Util::Windows::SID.sid_to_name(sid)
259
+ end
260
+
261
+ remove_from_groups(*group_names)
262
+ end
263
+
264
+ def group_sids
265
+ self.class.get_sids(native_user.Groups)
266
+ end
267
+
204
268
  def set_groups(desired_groups, minimum = true)
205
- return if desired_groups.nil? or desired_groups.empty?
269
+ return if desired_groups.nil?
206
270
 
207
271
  desired_groups = desired_groups.split(',').map(&:strip)
208
272
 
209
- current_groups = self.groups
273
+ current_hash = Hash[ self.group_sids.map { |sid| [sid.to_s, sid] } ]
274
+ desired_hash = self.class.name_sid_hash(desired_groups)
210
275
 
211
276
  # First we add the user to all the groups it should be in but isn't
212
- groups_to_add = desired_groups - current_groups
213
- add_to_groups(*groups_to_add)
277
+ if !desired_groups.empty?
278
+ groups_to_add = (desired_hash.keys - current_hash.keys).map { |sid| desired_hash[sid] }
279
+ add_group_sids(*groups_to_add)
280
+ end
214
281
 
215
282
  # Then we remove the user from all groups it is in but shouldn't be, if
216
283
  # that's been requested
217
- groups_to_remove = current_groups - desired_groups
218
- remove_from_groups(*groups_to_remove) unless minimum
284
+ if !minimum
285
+ if desired_hash.empty?
286
+ groups_to_remove = current_hash.values
287
+ else
288
+ groups_to_remove = (current_hash.keys - desired_hash.keys).map { |sid| current_hash[sid] }
289
+ end
290
+
291
+ remove_group_sids(*groups_to_remove)
292
+ end
219
293
  end
220
294
 
221
295
  def self.create(name)
@@ -279,7 +353,7 @@ module Puppet::Util::Windows::ADSI
279
353
  def self.delete(sid)
280
354
  begin
281
355
  Puppet::Util::Windows::ADSI.wmi_connection.Delete("Win32_UserProfile.SID='#{sid}'")
282
- rescue => e
356
+ rescue WIN32OLERuntimeError => e
283
357
  # http://social.technet.microsoft.com/Forums/en/ITCG/thread/0f190051-ac96-4bf1-a47f-6b864bfacee5
284
358
  # Prior to Vista SP1, there's no builtin way to programmatically
285
359
  # delete user profiles (except for delprof.exe). So try to delete
@@ -293,6 +367,10 @@ module Puppet::Util::Windows::ADSI
293
367
 
294
368
  class Group
295
369
  extend Enumerable
370
+ extend Puppet::Util::Windows::ADSI::Shared
371
+
372
+ # https://msdn.microsoft.com/en-us/library/aa706021.aspx
373
+ # IADsGroup interface
296
374
 
297
375
  attr_accessor :native_group
298
376
  attr_reader :name, :sid
@@ -302,17 +380,11 @@ module Puppet::Util::Windows::ADSI
302
380
  end
303
381
 
304
382
  def uri
305
- self.class.uri(name)
306
- end
307
-
308
- def self.uri(name, host = '.')
309
- if sid_uri = Puppet::Util::Windows::ADSI.sid_uri_safe(name) then return sid_uri end
310
-
311
- Puppet::Util::Windows::ADSI.uri(name, 'group', host)
383
+ self.class.uri(sid.account, sid.domain)
312
384
  end
313
385
 
314
386
  def native_group
315
- @native_group ||= Puppet::Util::Windows::ADSI.connect(uri)
387
+ @native_group ||= Puppet::Util::Windows::ADSI.connect(self.class.uri(*self.class.parse_name(name)))
316
388
  end
317
389
 
318
390
  def sid
@@ -322,24 +394,20 @@ module Puppet::Util::Windows::ADSI
322
394
  def commit
323
395
  begin
324
396
  native_group.SetInfo unless native_group.nil?
325
- rescue Exception => e
397
+ rescue WIN32OLERuntimeError => e
398
+ # ERROR_BAD_USERNAME 2202L from winerror.h
399
+ if e.message =~ /8007089A/m
400
+ raise Puppet::Error.new(
401
+ "Puppet is not able to create/delete domain groups with the group resource.",
402
+ e
403
+ )
404
+ end
405
+
326
406
  raise Puppet::Error.new( "Group update failed: #{e}", e )
327
407
  end
328
408
  self
329
409
  end
330
410
 
331
- def self.name_sid_hash(names)
332
- return {} if names.nil? or names.empty?
333
-
334
- sids = names.map do |name|
335
- sid = Puppet::Util::Windows::SID.name_to_sid_object(name)
336
- raise Puppet::Error.new( "Could not resolve username: #{name}" ) if !sid
337
- [sid.to_s, sid]
338
- end
339
-
340
- Hash[ sids ]
341
- end
342
-
343
411
  def add_member_sids(*sids)
344
412
  sids.each do |sid|
345
413
  native_group.Add(Puppet::Util::Windows::ADSI.sid_uri(sid))
@@ -360,27 +428,31 @@ module Puppet::Util::Windows::ADSI
360
428
  end
361
429
 
362
430
  def member_sids
363
- sids = []
364
- native_group.Members.each do |m|
365
- sids << Puppet::Util::Windows::SID.octet_string_to_sid_object(m.objectSID)
366
- end
367
- sids
431
+ self.class.get_sids(native_group.Members)
368
432
  end
369
433
 
370
434
  def set_members(desired_members, inclusive = true)
371
- return if desired_members.nil? or desired_members.empty?
435
+ return if desired_members.nil?
372
436
 
373
437
  current_hash = Hash[ self.member_sids.map { |sid| [sid.to_s, sid] } ]
374
438
  desired_hash = self.class.name_sid_hash(desired_members)
375
439
 
376
440
  # First we add all missing members
377
- members_to_add = (desired_hash.keys - current_hash.keys).map { |sid| desired_hash[sid] }
378
- add_member_sids(*members_to_add)
441
+ if !desired_hash.empty?
442
+ members_to_add = (desired_hash.keys - current_hash.keys).map { |sid| desired_hash[sid] }
443
+ add_member_sids(*members_to_add)
444
+ end
379
445
 
380
- # Then we remove all extra members
381
- members_to_remove = (current_hash.keys - desired_hash.keys).map { |sid| current_hash[sid] }
446
+ # Then we remove all extra members if inclusive
447
+ if inclusive
448
+ if desired_hash.empty?
449
+ members_to_remove = current_hash.values
450
+ else
451
+ members_to_remove = (current_hash.keys - desired_hash.keys).map { |sid| current_hash[sid] }
452
+ end
382
453
 
383
- remove_member_sids(*members_to_remove) if inclusive
454
+ remove_member_sids(*members_to_remove)
455
+ end
384
456
  end
385
457
 
386
458
  def self.create(name)
@@ -7,7 +7,7 @@
7
7
 
8
8
 
9
9
  module Puppet
10
- PUPPETVERSION = '4.0.0'
10
+ PUPPETVERSION = '4.1.0'
11
11
 
12
12
  ##
13
13
  # version is a public API method intended to always provide a fast and
@@ -1,8 +1,8 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPETCONF" "5" "March 2015" "Puppet Labs, LLC" "Puppet manual"
5
- \fBThis page is autogenerated; any changes will get overwritten\fR \fI(last generated on 2015\-03\-13 13:47:01 \-0700)\fR
4
+ .TH "PUPPETCONF" "5" "May 2015" "Puppet Labs, LLC" "Puppet manual"
5
+ \fBThis page is autogenerated; any changes will get overwritten\fR \fI(last generated on 2015\-05\-18 10:15:47 \-0700)\fR
6
6
  .
7
7
  .SH "Configuration Settings"
8
8
  .
@@ -586,7 +586,24 @@ The name of a registered environment data provider\. The two built in and regist
586
586
  .IP "" 0
587
587
  .
588
588
  .SS "environment_timeout"
589
- The time to live for a cached environment\. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y)\. This setting can also be set to \fBunlimited\fR, which causes the environment to be cached until the master is restarted\.
589
+ How long the Puppet master should cache data it loads from an environment\. This setting can be a time interval in seconds (30 or 30s), minutes (30m), hours (6h), days (2d), or years (5y)\. A value of \fB0\fR will disable caching\. This setting can also be set to \fBunlimited\fR, which will cache environments until the master is restarted or told to refresh the cache\.
590
+ .
591
+ .P
592
+ You should change this setting once your Puppet deployment is doing non\-trivial work\. We chose the default value of \fB0\fR because it lets new users update their code without any extra steps, but it lowers the performance of your Puppet master\.
593
+ .
594
+ .P
595
+ We recommend setting this to \fBunlimited\fR and explicitly refreshing your Puppet master as part of your code deployment process\.
596
+ .
597
+ .IP "\(bu" 4
598
+ With Puppet Server, you should refresh environments by calling the \fBenvironment\-cache\fR API endpoint\. See the docs for the Puppet Server administrative API\.
599
+ .
600
+ .IP "\(bu" 4
601
+ With a Rack Puppet master, you should restart the web server or the application server\. Passenger lets you touch a \fBrestart\.txt\fR file to refresh an application without restarting Apache; see the Passenger docs for details\.
602
+ .
603
+ .IP "" 0
604
+ .
605
+ .P
606
+ We don\'t recommend using any value other than \fB0\fR or \fBunlimited\fR, since most Puppet masters use a pool of Ruby interpreters which all have their own cache timers\. When these timers drift out of sync, agents can be served inconsistent catalogs\.
590
607
  .
591
608
  .IP "\(bu" 4
592
609
  \fIDefault\fR: 0
@@ -687,7 +704,16 @@ Whether to just print a manifest to stdout and exit\. Only makes sense when spec
687
704
  .IP "" 0
688
705
  .
689
706
  .SS "graph"
690
- Whether to create dot graph files for the different configuration graphs\. These dot files can be interpreted by tools like OmniGraffle or dot (which is part of ImageMagick)\.
707
+ Whether to create \.dot graph files, which let you visualize the dependency and containment relationships in Puppet\'s catalog\. You can load and view these files with tools like OmniGraffle \fIhttp://www\.omnigroup\.com/applications/omnigraffle/\fR (OS X) or graphviz \fIhttp://www\.graphviz\.org/\fR (multi\-platform)\.
708
+ .
709
+ .P
710
+ Graph files are created when \fIapplying\fR a catalog, so this setting should be used on nodes running \fBpuppet agent\fR or \fBpuppet apply\fR\.
711
+ .
712
+ .P
713
+ The \fBgraphdir\fR setting determines where Puppet will save graphs\. Note that we don\'t save graphs for historical runs; Puppet will replace the previous \.dot files with new ones every time it applies a catalog\.
714
+ .
715
+ .P
716
+ See your graphing software\'s documentation for details on opening \.dot files\. If you\'re using GraphViz\'s \fBdot\fR command, you can do a quick PNG render with \fBdot \-Tpng <DOT FILE> \-o <OUTPUT FILE>\fR\.
691
717
  .
692
718
  .IP "\(bu" 4
693
719
  \fIDefault\fR: false
@@ -695,7 +721,7 @@ Whether to create dot graph files for the different configuration graphs\. These
695
721
  .IP "" 0
696
722
  .
697
723
  .SS "graphdir"
698
- Where to store dot\-outputted graphs\.
724
+ Where to save \.dot\-format graphs (when the \fBgraph\fR setting is enabled)\.
699
725
  .
700
726
  .IP "\(bu" 4
701
727
  \fIDefault\fR: $statedir/graphs
@@ -1293,6 +1319,14 @@ The preferred means of serializing ruby instances for passing over the wire\. Th
1293
1319
  .SS "prerun_command"
1294
1320
  A command to run before every agent run\. If this command returns a non\-zero return code, the entire Puppet run will fail\.
1295
1321
  .
1322
+ .SS "preview_outputdir"
1323
+ The directory where catalog previews per node are generated\.
1324
+ .
1325
+ .IP "\(bu" 4
1326
+ \fIDefault\fR: $vardir/preview
1327
+ .
1328
+ .IP "" 0
1329
+ .
1296
1330
  .SS "priority"
1297
1331
  The scheduling priority of the process\. Valid values are \'high\', \'normal\', \'low\', or \'idle\', which are mapped to platform\-specific values\. The priority can also be specified as an integer value and will be passed as is, e\.g\. \-5\. Puppet must be running as a privileged user in order to increase scheduling priority\.
1298
1332
  .
@@ -1652,6 +1686,14 @@ File that provides mapping between custom SSL oids and user\-friendly names
1652
1686
  .
1653
1687
  .IP "" 0
1654
1688
  .
1689
+ .SS "trusted_server_facts"
1690
+ Stores a trusted set of server\-side global variables in a hash called $server_facts, which cannot be cannot be overridden by client_facts or logic in manifests\. Makes it illegal to assign to the variable $server_facts in any scope\.
1691
+ .
1692
+ .IP "\(bu" 4
1693
+ \fIDefault\fR: false
1694
+ .
1695
+ .IP "" 0
1696
+ .
1655
1697
  .SS "use_cached_catalog"
1656
1698
  Whether to only use the cached catalog rather than compiling a new catalog on every run\. Puppet can be run with this enabled by default and then selectively disabled when a recompile is desired\.
1657
1699
  .
@@ -1715,4 +1757,4 @@ The directory in which YAML data is stored, usually in a subdirectory\.
1715
1757
  .IP "" 0
1716
1758
  .
1717
1759
  .P
1718
- \fIThis page autogenerated on 2015\-03\-13 13:47:01 \-0700\fR
1760
+ \fIThis page autogenerated on 2015\-05\-18 10:15:47 \-0700\fR
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "EXTLOOKUP2HIERA" "8" "March 2015" "Puppet Labs, LLC" "Puppet manual"
4
+ .TH "EXTLOOKUP2HIERA" "8" "May 2015" "Puppet Labs, LLC" "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBextlookup2hiera\fR
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-AGENT" "8" "March 2015" "Puppet Labs, LLC" "Puppet manual"
4
+ .TH "PUPPET\-AGENT" "8" "May 2015" "Puppet Labs, LLC" "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-agent\fR \- The puppet agent daemon
@@ -95,6 +95,9 @@ Print this help message
95
95
  \-\-logdest
96
96
  Where to send log messages\. Choose between \'syslog\' (the POSIX syslog service), \'eventlog\' (the Windows Event Log), \'console\', or the path to a log file\. If debugging or verbosity is enabled, this defaults to \'console\'\. Otherwise, it defaults to \'syslog\' on POSIX systems and \'eventlog\' on Windows\.
97
97
  .
98
+ .IP
99
+ A path ending with \'\.json\' will receive structured output in JSON format\. The log file will not have an ending \']\' automatically written to it due to the appending nature of logging\. It must be appended manually to make the content valid JSON\.
100
+ .
98
101
  .TP
99
102
  \-\-masterport
100
103
  The port on which to contact the puppet master\. (This is a Puppet setting, and can go in puppet\.conf\.)
@@ -1,7 +1,7 @@
1
1
  .\" generated with Ronn/v0.7.3
2
2
  .\" http://github.com/rtomayko/ronn/tree/0.7.3
3
3
  .
4
- .TH "PUPPET\-APPLY" "8" "March 2015" "Puppet Labs, LLC" "Puppet manual"
4
+ .TH "PUPPET\-APPLY" "8" "May 2015" "Puppet Labs, LLC" "Puppet manual"
5
5
  .
6
6
  .SH "NAME"
7
7
  \fBpuppet\-apply\fR \- Apply Puppet manifests locally
@@ -42,6 +42,9 @@ See the configuration file documentation at http://docs\.puppetlabs\.com/referen
42
42
  .IP "\(bu" 4
43
43
  \-\-logdest: Where to send log messages\. Choose between \'syslog\' (the POSIX syslog service), \'eventlog\' (the Windows Event Log), \'console\', or the path to a log file\. Defaults to \'console\'\.
44
44
  .
45
+ .IP
46
+ A path ending with \'\.json\' will receive structured output in JSON format\. The log file will not have an ending \']\' automatically written to it due to the appending nature of logging\. It must be appended manually to make the content valid JSON\.
47
+ .
45
48
  .IP "\(bu" 4
46
49
  \-\-noop: Use \'noop\' mode where Puppet runs in a no\-op or dry\-run mode\. This is useful for seeing what changes Puppet will make without actually executing the changes\.
47
50
  .