RubyGems - puppet - Versions diffs - 5.5.16 → 5.5.21 - Mend

puppet 5.5.16 → 5.5.21

Potentially problematic release.

This version of puppet might be problematic. Click here for more details.

Files changed (359) hide show

checksums.yaml +4 -4
data/CODEOWNERS +10 -10
data/Gemfile +2 -3
data/Gemfile.lock +57 -52
data/ext/build_defaults.yaml +1 -0
data/ext/cert_inspector +3 -3
data/ext/project_data.yaml +2 -2
data/ext/puppet-test +2 -2
data/ext/regexp_nodes/regexp_nodes.rb +4 -4
data/ext/windows/service/daemon.rb +54 -8
data/install.rb +6 -24
data/lib/puppet.rb +5 -2
data/lib/puppet/agent.rb +5 -13
data/lib/puppet/application.rb +1 -1
data/lib/puppet/application/agent.rb +15 -1
data/lib/puppet/application/apply.rb +2 -2
data/lib/puppet/application/describe.rb +3 -9
data/lib/puppet/application/device.rb +4 -4
data/lib/puppet/application/doc.rb +1 -1
data/lib/puppet/application/filebucket.rb +13 -0
data/lib/puppet/application/lookup.rb +1 -1
data/lib/puppet/application/resource.rb +4 -4
data/lib/puppet/application/script.rb +2 -2
data/lib/puppet/configurer.rb +86 -28
data/lib/puppet/configurer/downloader.rb +2 -6
data/lib/puppet/daemon.rb +1 -1
data/lib/puppet/defaults.rb +82 -38
data/lib/puppet/error.rb +9 -1
data/lib/puppet/external/nagios/base.rb +1 -1
data/lib/puppet/face/ca.rb +1 -1
data/lib/puppet/face/config.rb +10 -48
data/lib/puppet/face/facts.rb +1 -1
data/lib/puppet/face/module/list.rb +5 -5
data/lib/puppet/face/module/search.rb +1 -1
data/lib/puppet/face/module/uninstall.rb +1 -1
data/lib/puppet/face/module/upgrade.rb +1 -1
data/lib/puppet/face/plugin.rb +9 -2
data/lib/puppet/file_serving/http_metadata.rb +1 -1
data/lib/puppet/file_system.rb +0 -8
data/lib/puppet/file_system/memory_file.rb +1 -1
data/lib/puppet/file_system/posix.rb +3 -2
data/lib/puppet/file_system/uniquefile.rb +4 -0
data/lib/puppet/forge.rb +3 -3
data/lib/puppet/functions/epp.rb +4 -4
data/lib/puppet/functions/inline_epp.rb +5 -5
data/lib/puppet/functions/reduce.rb +2 -4
data/lib/puppet/gettext/module_translations.rb +1 -1
data/lib/puppet/graph/rb_tree_map.rb +2 -2
data/lib/puppet/graph/simple_graph.rb +6 -5
data/lib/puppet/indirector/catalog/compiler.rb +8 -0
data/lib/puppet/indirector/file_bucket_file/file.rb +1 -1
data/lib/puppet/indirector/hiera.rb +2 -0
data/lib/puppet/indirector/resource/ral.rb +1 -3
data/lib/puppet/indirector/resource/validator.rb +1 -1
data/lib/puppet/interface.rb +2 -1
data/lib/puppet/loaders.rb +0 -1
data/lib/puppet/metatype/manager.rb +1 -1
data/lib/puppet/module.rb +1 -1
data/lib/puppet/module_tool/applications/builder.rb +1 -1
data/lib/puppet/module_tool/applications/installer.rb +1 -1
data/lib/puppet/module_tool/applications/uninstaller.rb +3 -3
data/lib/puppet/module_tool/metadata.rb +1 -1
data/lib/puppet/module_tool/shared_behaviors.rb +4 -4
data/lib/puppet/module_tool/tar/mini.rb +12 -2
data/lib/puppet/network/http/api/indirected_routes.rb +13 -12
data/lib/puppet/network/http/api/master/v3/environment.rb +3 -0
data/lib/puppet/network/http/connection.rb +14 -12
data/lib/puppet/network/http/factory.rb +1 -11
data/lib/puppet/network/http/pool.rb +7 -1
data/lib/puppet/network/http/rack/rest.rb +2 -2
data/lib/puppet/network/http/site.rb +1 -1
data/lib/puppet/network/resolver.rb +2 -2
data/lib/puppet/node/environment.rb +4 -2
data/lib/puppet/parameter.rb +8 -0
data/lib/puppet/parser/ast.rb +1 -1
data/lib/puppet/parser/ast/resourceparam.rb +1 -1
data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +2 -0
data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +2 -0
data/lib/puppet/parser/environment_compiler.rb +3 -0
data/lib/puppet/parser/functions.rb +1 -1
data/lib/puppet/parser/functions/epp.rb +3 -3
data/lib/puppet/parser/functions/inline_epp.rb +5 -5
data/lib/puppet/parser/resource.rb +3 -2
data/lib/puppet/parser/resource/param.rb +6 -0
data/lib/puppet/pops/evaluator/access_operator.rb +2 -2
data/lib/puppet/pops/evaluator/collectors/catalog_collector.rb +1 -1
data/lib/puppet/pops/evaluator/collectors/exported_collector.rb +1 -1
data/lib/puppet/pops/evaluator/evaluator_impl.rb +1 -1
data/lib/puppet/pops/evaluator/external_syntax_support.rb +3 -2
data/lib/puppet/pops/evaluator/runtime3_support.rb +4 -4
data/lib/puppet/pops/issues.rb +5 -0
data/lib/puppet/pops/loaders.rb +1 -1
data/lib/puppet/pops/lookup/hiera_config.rb +1 -0
data/lib/puppet/pops/lookup/sub_lookup.rb +1 -1
data/lib/puppet/pops/merge_strategy.rb +22 -18
data/lib/puppet/pops/parser/heredoc_support.rb +1 -1
data/lib/puppet/pops/parser/interpolation_support.rb +4 -4
data/lib/puppet/pops/parser/locator.rb +1 -1
data/lib/puppet/pops/parser/pn_parser.rb +17 -16
data/lib/puppet/pops/puppet_stack.rb +51 -48
data/lib/puppet/pops/resource/resource_type_impl.rb +2 -0
data/lib/puppet/pops/types/p_sensitive_type.rb +1 -1
data/lib/puppet/pops/types/string_converter.rb +10 -10
data/lib/puppet/pops/types/type_calculator.rb +24 -0
data/lib/puppet/pops/types/types.rb +3 -3
data/lib/puppet/pops/validation/checker4_0.rb +10 -0
data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -0
data/lib/puppet/property.rb +1 -1
data/lib/puppet/property/ensure.rb +1 -1
data/lib/puppet/provider/augeas/augeas.rb +1 -1
data/lib/puppet/provider/cron/crontab.rb +1 -1
data/lib/puppet/provider/exec.rb +6 -2
data/lib/puppet/provider/file/posix.rb +5 -0
data/lib/puppet/provider/group/groupadd.rb +19 -19
data/lib/puppet/provider/group/windows_adsi.rb +3 -3
data/lib/puppet/provider/mailalias/aliases.rb +1 -1
data/lib/puppet/provider/mount.rb +1 -1
data/lib/puppet/provider/mount/parsed.rb +8 -8
data/lib/puppet/provider/nameservice.rb +10 -3
data/lib/puppet/provider/nameservice/directoryservice.rb +1 -1
data/lib/puppet/provider/nameservice/pw.rb +2 -2
data/lib/puppet/provider/package/aix.rb +17 -2
data/lib/puppet/provider/package/apt.rb +14 -3
data/lib/puppet/provider/package/dnf.rb +1 -1
data/lib/puppet/provider/package/dnfmodule.rb +141 -0
data/lib/puppet/provider/package/dpkg.rb +16 -18
data/lib/puppet/provider/package/fink.rb +20 -3
data/lib/puppet/provider/package/openbsd.rb +14 -2
data/lib/puppet/provider/package/pip.rb +37 -10
data/lib/puppet/provider/package/pkg.rb +18 -5
data/lib/puppet/provider/package/pkgdmg.rb +1 -1
data/lib/puppet/provider/package/pkgng.rb +16 -4
data/lib/puppet/provider/package/portage.rb +4 -4
data/lib/puppet/provider/package/rpm.rb +57 -19
data/lib/puppet/provider/package/windows/package.rb +1 -1
data/lib/puppet/provider/package/yum.rb +35 -24
data/lib/puppet/provider/package/zypper.rb +1 -0
data/lib/puppet/provider/package_targetable.rb +5 -4
data/lib/puppet/provider/parsedfile.rb +1 -1
data/lib/puppet/provider/scheduled_task/win32_taskscheduler.rb +3 -3
data/lib/puppet/provider/selmodule/semodule.rb +43 -26
data/lib/puppet/provider/service/daemontools.rb +9 -9
data/lib/puppet/provider/service/launchd.rb +20 -5
data/lib/puppet/provider/service/openbsd.rb +1 -1
data/lib/puppet/provider/service/rcng.rb +2 -2
data/lib/puppet/provider/service/runit.rb +2 -8
data/lib/puppet/provider/service/systemd.rb +35 -22
data/lib/puppet/provider/service/windows.rb +8 -0
data/lib/puppet/provider/user/directoryservice.rb +31 -6
data/lib/puppet/provider/user/hpux.rb +1 -1
data/lib/puppet/provider/user/pw.rb +12 -3
data/lib/puppet/provider/user/user_role_add.rb +5 -1
data/lib/puppet/provider/user/useradd.rb +62 -27
data/lib/puppet/provider/user/windows_adsi.rb +4 -5
data/lib/puppet/provider/yumrepo/inifile.rb +2 -2
data/lib/puppet/reference/indirection.rb +2 -2
data/lib/puppet/reference/metaparameter.rb +1 -3
data/lib/puppet/reference/providers.rb +1 -1
data/lib/puppet/reference/type.rb +3 -9
data/lib/puppet/reports.rb +1 -1
data/lib/puppet/resource.rb +18 -1
data/lib/puppet/resource/catalog.rb +1 -1
data/lib/puppet/resource/type.rb +8 -0
data/lib/puppet/settings.rb +43 -3
data/lib/puppet/settings/environment_conf.rb +1 -0
data/lib/puppet/ssl/certificate.rb +2 -1
data/lib/puppet/ssl/certificate_authority.rb +6 -5
data/lib/puppet/ssl/certificate_authority/interface.rb +1 -1
data/lib/puppet/ssl/certificate_factory.rb +2 -2
data/lib/puppet/ssl/host.rb +3 -3
data/lib/puppet/ssl/oids.rb +1 -1
data/lib/puppet/test/test_helper.rb +15 -10
data/lib/puppet/transaction/report.rb +1 -1
data/lib/puppet/transaction/resource_harness.rb +1 -1
data/lib/puppet/type.rb +15 -4
data/lib/puppet/type/cron.rb +1 -1
data/lib/puppet/type/exec.rb +21 -9
data/lib/puppet/type/file.rb +14 -2
data/lib/puppet/type/file/data_sync.rb +5 -1
data/lib/puppet/type/group.rb +4 -2
data/lib/puppet/type/interface.rb +1 -1
data/lib/puppet/type/notify.rb +3 -2
data/lib/puppet/type/package.rb +107 -8
data/lib/puppet/type/schedule.rb +1 -1
data/lib/puppet/type/selboolean.rb +17 -3
data/lib/puppet/type/service.rb +9 -10
data/lib/puppet/type/user.rb +6 -24
data/lib/puppet/type/yumrepo.rb +3 -7
data/lib/puppet/util.rb +47 -25
data/lib/puppet/util/command_line/trollop.rb +1 -1
data/lib/puppet/util/execution.rb +4 -3
data/lib/puppet/util/http_proxy.rb +24 -16
data/lib/puppet/util/instance_loader.rb +1 -1
data/lib/puppet/util/log.rb +1 -1
data/lib/puppet/util/log/destinations.rb +3 -12
data/lib/puppet/util/logging.rb +30 -18
data/lib/puppet/util/metric.rb +2 -2
data/lib/puppet/util/monkey_patches.rb +1 -1
data/lib/puppet/util/nagios_maker.rb +2 -2
data/lib/puppet/util/network_device/cisco/device.rb +1 -1
data/lib/puppet/util/network_device/cisco/interface.rb +2 -2
data/lib/puppet/util/network_device/transport/ssh.rb +1 -1
data/lib/puppet/util/pidlock.rb +12 -6
data/lib/puppet/util/plist.rb +6 -0
data/lib/puppet/util/provider_features.rb +2 -4
data/lib/puppet/util/rdoc.rb +1 -1
data/lib/puppet/util/reference.rb +1 -1
data/lib/puppet/util/resource_template.rb +1 -1
data/lib/puppet/util/selinux.rb +8 -2
data/lib/puppet/util/windows/adsi.rb +60 -30
data/lib/puppet/util/windows/api_types.rb +45 -32
data/lib/puppet/util/windows/eventlog.rb +1 -6
data/lib/puppet/util/windows/principal.rb +8 -6
data/lib/puppet/util/windows/process.rb +16 -15
data/lib/puppet/util/windows/registry.rb +17 -15
data/lib/puppet/util/windows/security.rb +3 -0
data/lib/puppet/util/windows/service.rb +149 -4
data/lib/puppet/util/windows/sid.rb +4 -3
data/lib/puppet/vendor.rb +1 -1
data/lib/puppet/version.rb +1 -1
data/lib/puppet_pal.rb +2 -2
data/locales/puppet.pot +479 -443
data/man/man5/puppet.conf.5 +38 -8
data/man/man8/puppet-agent.8 +2 -2
data/man/man8/puppet-apply.8 +1 -1
data/man/man8/puppet-ca.8 +1 -1
data/man/man8/puppet-catalog.8 +1 -1
data/man/man8/puppet-cert.8 +1 -1
data/man/man8/puppet-certificate.8 +1 -1
data/man/man8/puppet-certificate_request.8 +1 -1
data/man/man8/puppet-certificate_revocation_list.8 +1 -1
data/man/man8/puppet-config.8 +1 -1
data/man/man8/puppet-describe.8 +1 -1
data/man/man8/puppet-device.8 +1 -1
data/man/man8/puppet-doc.8 +1 -1
data/man/man8/puppet-epp.8 +1 -1
data/man/man8/puppet-facts.8 +1 -1
data/man/man8/puppet-filebucket.8 +16 -1
data/man/man8/puppet-generate.8 +1 -1
data/man/man8/puppet-help.8 +1 -1
data/man/man8/puppet-key.8 +1 -1
data/man/man8/puppet-lookup.8 +1 -1
data/man/man8/puppet-man.8 +1 -1
data/man/man8/puppet-master.8 +1 -1
data/man/man8/puppet-module.8 +1 -1
data/man/man8/puppet-node.8 +1 -1
data/man/man8/puppet-parser.8 +1 -1
data/man/man8/puppet-plugin.8 +1 -1
data/man/man8/puppet-report.8 +1 -1
data/man/man8/puppet-resource.8 +1 -1
data/man/man8/puppet-script.8 +1 -1
data/man/man8/puppet-status.8 +1 -1
data/man/man8/puppet.8 +2 -2
data/spec/fixtures/integration/provider/mailalias/aliases/test1 +1 -0
data/spec/fixtures/unit/provider/package/dnfmodule/dnf-module-list.txt +19 -0
data/spec/fixtures/unit/provider/package/pkgng/pkg.version +2 -0
data/spec/fixtures/unit/provider/package/yum/yum-check-update-subscription-manager.txt +9 -0
data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services +9 -0
data/spec/integration/configurer_spec.rb +52 -0
data/spec/integration/defaults_spec.rb +1 -2
data/spec/integration/indirector/facts/facter_spec.rb +4 -0
data/spec/integration/parser/compiler_spec.rb +11 -0
data/spec/integration/provider/service/systemd_spec.rb +8 -5
data/spec/integration/type/file_spec.rb +28 -0
data/spec/integration/type/notify_spec.rb +46 -0
data/spec/integration/util/execution_spec.rb +27 -0
data/spec/integration/util/windows/adsi_spec.rb +6 -1
data/spec/integration/util/windows/registry_spec.rb +7 -7
data/spec/unit/agent_spec.rb +34 -26
data/spec/unit/application/agent_spec.rb +18 -0
data/spec/unit/application/apply_spec.rb +2 -12
data/spec/unit/application/device_spec.rb +1 -1
data/spec/unit/configurer/fact_handler_spec.rb +0 -4
data/spec/unit/configurer_spec.rb +377 -397
data/spec/unit/daemon_spec.rb +0 -1
data/spec/unit/face/facts_spec.rb +9 -0
data/spec/unit/face/plugin_spec.rb +8 -0
data/spec/unit/file_system/uniquefile_spec.rb +11 -0
data/spec/unit/forge/forge_spec.rb +1 -3
data/spec/unit/forge/repository_spec.rb +1 -3
data/spec/unit/indirector/catalog/compiler_spec.rb +45 -26
data/spec/unit/indirector/resource/ral_spec.rb +4 -4
data/spec/unit/module_tool/tar/mini_spec.rb +1 -1
data/spec/unit/network/http/api/indirected_routes_spec.rb +28 -11
data/spec/unit/network/http/connection_spec.rb +43 -1
data/spec/unit/network/http/factory_spec.rb +27 -5
data/spec/unit/network/http/pool_spec.rb +32 -0
data/spec/unit/node_spec.rb +7 -4
data/spec/unit/parser/environment_compiler_spec.rb +7 -0
data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +8 -3
data/spec/unit/pops/validator/validator_spec.rb +7 -0
data/spec/unit/provider/exec_spec.rb +209 -0
data/spec/unit/provider/group/groupadd_spec.rb +30 -1
data/spec/unit/provider/group/windows_adsi_spec.rb +43 -10
data/spec/unit/provider/package/aix_spec.rb +29 -0
data/spec/unit/provider/package/apt_spec.rb +13 -2
data/spec/unit/provider/package/aptitude_spec.rb +1 -0
data/spec/unit/provider/package/aptrpm_spec.rb +1 -1
data/spec/unit/provider/package/dnf_spec.rb +7 -0
data/spec/unit/provider/package/dnfmodule_spec.rb +247 -0
data/spec/unit/provider/package/dpkg_spec.rb +35 -7
data/spec/unit/provider/package/openbsd_spec.rb +17 -0
data/spec/unit/provider/package/pip_spec.rb +93 -22
data/spec/unit/provider/package/pkg_spec.rb +13 -1
data/spec/unit/provider/package/pkgdmg_spec.rb +1 -1
data/spec/unit/provider/package/pkgng_spec.rb +36 -0
data/spec/unit/provider/package/portage_spec.rb +4 -4
data/spec/unit/provider/package/rpm_spec.rb +150 -16
data/spec/unit/provider/package/yum_spec.rb +66 -0
data/spec/unit/provider/package/zypper_spec.rb +13 -0
data/spec/unit/provider/package_targetable_spec.rb +60 -0
data/spec/unit/provider/selmodule_spec.rb +118 -47
data/spec/unit/provider/service/daemontools_spec.rb +24 -0
data/spec/unit/provider/service/launchd_spec.rb +28 -0
data/spec/unit/provider/service/runit_spec.rb +24 -0
data/spec/unit/provider/service/systemd_spec.rb +109 -36
data/spec/unit/provider/service/windows_spec.rb +20 -0
data/spec/unit/provider/user/directoryservice_spec.rb +41 -0
data/spec/unit/provider/user/hpux_spec.rb +2 -2
data/spec/unit/provider/user/openbsd_spec.rb +1 -0
data/spec/unit/provider/user/pw_spec.rb +37 -0
data/spec/unit/provider/user/useradd_spec.rb +122 -15
data/spec/unit/provider/user/windows_adsi_spec.rb +3 -3
data/spec/unit/puppet_pal_2pec.rb +3 -0
data/spec/unit/resource_spec.rb +26 -1
data/spec/unit/ssl/certificate_authority_spec.rb +2 -3
data/spec/unit/ssl/certificate_spec.rb +7 -0
data/spec/unit/test/test_helper_spec.rb +17 -0
data/spec/unit/transaction_spec.rb +18 -0
data/spec/unit/type/exec_spec.rb +15 -12
data/spec/unit/type/file/content_spec.rb +9 -3
data/spec/unit/type/file/source_spec.rb +4 -4
data/spec/unit/type/file_spec.rb +9 -4
data/spec/unit/type/package_spec.rb +8 -0
data/spec/unit/type/schedule_spec.rb +3 -1
data/spec/unit/type/selboolean_spec.rb +4 -6
data/spec/unit/type/service_spec.rb +25 -8
data/spec/unit/type/user_spec.rb +32 -26
data/spec/unit/type/yumrepo_spec.rb +30 -0
data/spec/unit/type_spec.rb +40 -0
data/spec/unit/util/execution_spec.rb +16 -0
data/spec/unit/util/http_proxy_spec.rb +121 -1
data/spec/unit/util/log/destinations_spec.rb +2 -26
data/spec/unit/util/log_spec.rb +0 -112
data/spec/unit/util/logging_spec.rb +200 -0
data/spec/unit/util/pidlock_spec.rb +67 -40
data/spec/unit/util/plist_spec.rb +20 -0
data/spec/unit/util/windows/adsi_spec.rb +55 -4
data/spec/unit/util/windows/api_types_spec.rb +104 -40
data/spec/unit/util/windows/service_spec.rb +9 -0
data/spec/unit/util/windows/sid_spec.rb +2 -2
data/tasks/manpages.rake +1 -0
metadata +16 -11
data/ext/windows/eventlog/Rakefile +0 -32
data/ext/windows/eventlog/puppetres.dll +0 -0
data/ext/windows/eventlog/puppetres.mc +0 -18
data/lib/puppet/pops/loader/null_loader.rb +0 -60
data/locales/ja/puppet.po +0 -12114
data/spec/integration/test/test_helper_spec.rb +0 -31

data/lib/puppet/provider/service/daemontools.rb CHANGED

@@ -46,14 +46,8 @@ Puppet::Type.type(:service).provide :daemontools, :parent => :base do
     # Determine the daemon path.
     def defpath
-      unless @defpath
-        ["/var/lib/service", "/etc"].each do |path|
-          if Puppet::FileSystem.exist?(path)
-            @defpath = path
-            break
-          end
-        end
-        raise "Could not find the daemon directory (tested [/var/lib/service,/etc])" unless @defpath
+      @defpath ||= ["/var/lib/service", "/etc"].find do |path|
+        Puppet::FileSystem.exist?(path) && FileTest.directory?(path)
       end
       @defpath
     end
@@ -65,6 +59,10 @@ Puppet::Type.type(:service).provide :daemontools, :parent => :base do
   # ie enabled or not
   def self.instances
     path = self.defpath
+    unless path
+      Puppet.info("#{self.name} is unsuitable because service directory is nil")
+      return
+    end
     unless FileTest.directory?(path)
       Puppet.notice "Service path #{path} does not exist"
       return
@@ -109,7 +107,9 @@ Puppet::Type.type(:service).provide :daemontools, :parent => :base do
   # note that this path can be overridden in the resource
   # definition
   def daemon
-    File.join(resource[:path], resource[:name])
+    path = resource[:path]
+    raise Puppet::Error.new("#{self.class.name} must specify a path for daemon directory") unless path
+    File.join(path, resource[:name])
   end
   def status

data/lib/puppet/provider/service/launchd.rb CHANGED

@@ -240,12 +240,20 @@ Puppet::Type.type(:service).provide :launchd, :parent => :base do
   def status
     if @resource && ((@resource[:hasstatus] == :false) || (@resource[:status]))
       return super
-    else
-      if @property_hash[:status].nil?
-        :absent
+    elsif @property_hash[:status].nil?
+      # property_hash was flushed so the service changed status
+      service_name = @resource[:name]
+      # Updating services with new statuses
+      job_list = self.class.job_list
+      # if job is present in job_list, return its status
+      if job_list.key?(service_name)
+        job_list[service_name]
+      # if job is no longer present in job_list, it was stopped
       else
-        @property_hash[:status]
+        :stopped
       end
+    else
+      @property_hash[:status]
     end
   end
@@ -313,7 +321,14 @@ Puppet::Type.type(:service).provide :launchd, :parent => :base do
     job_plist_disabled = nil
     overrides_disabled = nil
-    _, job_plist = plist_from_label(resource[:name])
+    begin
+      _, job_plist = plist_from_label(resource[:name])
+    rescue Puppet::Error => err
+      # if job does not exist, log the error and return false as on other platforms
+      Puppet.log_exception(err)
+      return :false
+    end
     job_plist_disabled = job_plist["Disabled"] if job_plist.has_key?("Disabled")
     if FileTest.file?(self.class.launchd_overrides) and overrides = self.class.read_overrides

data/lib/puppet/provider/service/openbsd.rb CHANGED

@@ -79,7 +79,7 @@ Puppet::Type.type(:service).provide :openbsd, :parent => :init do
   def running?
     output = execute([command(:rcctl), "check", @resource[:name]],
                      :failonfail => false, :combine => false, :squelch => false).chomp
-    return true if output.match(/\(ok\)/)
+    return true if output =~ /\(ok\)/
   end
   # Uses the wrapper to prevent failure when the service is not running;

data/lib/puppet/provider/service/rcng.rb CHANGED

@@ -17,7 +17,7 @@ Puppet::Type.type(:service).provide :rcng, :parent => :bsd do
     if Puppet::FileSystem.exist?(rcfile)
       File.open(rcfile).readlines.each do |line|
         # Now look for something that looks like "service=${service:=YES}" or "service=YES"
-        if line.match(/^\s*#{@resource[:name]}=(?:YES|\${#{@resource[:name]}:=YES})/)
+        if line =~ /^\s*#{@resource[:name]}=(?:YES|\${#{@resource[:name]}:=YES})/
           return :true
         end
       end
@@ -34,7 +34,7 @@ Puppet::Type.type(:service).provide :rcng, :parent => :bsd do
     if Puppet::FileSystem.exist?(rcfile)
       newcontents = []
       File.open(rcfile).readlines.each do |line|
-        if line.match(/^\s*#{@resource[:name]}=(NO|\$\{#{@resource[:name]}:NO\})/)
+        if line =~ /^\s*#{@resource[:name]}=(NO|\$\{#{@resource[:name]}:NO\})/
           line = "#{@resource[:name]}=${#{@resource[:name]}:=YES}"
         end
         newcontents.push(line)

data/lib/puppet/provider/service/runit.rb CHANGED

@@ -40,14 +40,8 @@ Puppet::Type.type(:service).provide :runit, :parent => :daemontools do
     # this is necessary to autodetect a valid resource
     # default path, since there is no standard for such directory.
     def defpath
-      unless @defpath
-        ["/etc/sv", "/var/lib/service"].each do |path|
-          if Puppet::FileSystem.exist?(path)
-            @defpath = path
-            break
-          end
-        end
-        raise "Could not find the daemon directory (tested [/etc/sv,/var/lib/service])" unless @defpath
+      @defpath ||= ["/var/lib/service", "/etc/sv"].find do |path|
+        Puppet::FileSystem.exist?(path) && FileTest.directory?(path)
       end
       @defpath
     end

data/lib/puppet/provider/service/systemd.rb CHANGED

@@ -1,5 +1,7 @@
 # Manage systemd services using systemctl
+require 'puppet/file_system'
 Puppet::Type.type(:service).provide :systemd, :parent => :base do
   desc "Manages `systemd` services using `systemctl`.
@@ -9,14 +11,7 @@ Puppet::Type.type(:service).provide :systemd, :parent => :base do
   commands :systemctl => "systemctl"
-  if Facter.value(:osfamily).downcase == 'debian'
-    # With multiple init systems on Debian, it is possible to have
-    # pieces of systemd around (e.g. systemctl) but not really be
-    # using systemd.  We do not do this on other platforms as it can
-    # cause issues when running in a chroot without /run mounted
-    # (PUP-5577)
-    confine :exists => "/run/systemd/system"
-  end
+  confine :true => Puppet::FileSystem.exist?('/proc/1/comm') && Puppet::FileSystem.read('/proc/1/comm').include?('systemd')
   defaultfor :osfamily => [:archlinux]
   defaultfor :osfamily => :redhat, :operatingsystemmajrelease => ["7", "8"]
@@ -24,14 +19,15 @@ Puppet::Type.type(:service).provide :systemd, :parent => :base do
   defaultfor :osfamily => :suse
   defaultfor :osfamily => :coreos
   defaultfor :operatingsystem => :amazon, :operatingsystemmajrelease => ["2"]
-  defaultfor :operatingsystem => :debian, :operatingsystemmajrelease => ["8", "stretch/sid", "9", "buster/sid"]
-  defaultfor :operatingsystem => :ubuntu, :operatingsystemmajrelease => ["15.04","15.10","16.04","16.10","17.04","17.10","18.04"]
+  defaultfor :operatingsystem => :debian, :operatingsystemmajrelease => ["8", "stretch/sid", "9", "buster/sid", "10", "bullseye/sid"]
+  defaultfor :operatingsystem => :ubuntu, :operatingsystemmajrelease => ["15.04","15.10","16.04","16.10","17.04","17.10","18.04","18.10","19.04","19.10","20.04"]
   defaultfor :operatingsystem => :cumuluslinux, :operatingsystemmajrelease => ["3"]
   def self.instances
     i = []
     output = systemctl('list-unit-files', '--type', 'service', '--full', '--all',  '--no-pager')
-    output.scan(/^(\S+)\s+(disabled|enabled|masked|indirect)\s*$/i).each do |m|
+    output.scan(/^(\S+)\s+(disabled|enabled|masked|indirect|bad|static)\s*$/i).each do |m|
+      Puppet.debug("#{m[0]} marked as bad by `systemctl`. It is recommended to be further checked.") if m[1] == "bad"
       i << new(:name => m[0])
     end
     return i
@@ -39,13 +35,29 @@ Puppet::Type.type(:service).provide :systemd, :parent => :base do
     return []
   end
+  # Static services cannot be enabled or disabled manually. Indirect services
+  # should not be enabled or disabled due to limitations in systemd (see
+  # https://github.com/systemd/systemd/issues/6681).
+  def enabled_insync?(current)
+    case cached_enabled?[:output]
+    when 'static'
+      Puppet.debug("Unable to enable or disable static service #{@resource[:name]}")
+      return true
+    when 'indirect'
+      Puppet.debug("Service #{@resource[:name]} is in 'indirect' state and cannot be enabled/disabled")
+      return true
+    else
+      current == @resource[:enable]
+    end
+  end
   # This helper ensures that the enable state cache is always reset
   # after a systemctl enable operation. A particular service state is not guaranteed
   # after such an operation, so the cache must be emptied to prevent inconsistencies
   # in the provider's believed state of the service and the actual state.
   # @param action [String,Symbol] One of 'enable', 'disable', 'mask' or 'unmask'
   def systemctl_change_enable(action)
-    output = systemctl(action, @resource[:name])
+    output = systemctl(action, '--', @resource[:name])
   rescue
     raise Puppet::Error, "Could not #{action} #{self.name}: #{output}", $!.backtrace
   ensure
@@ -58,7 +70,7 @@ Puppet::Type.type(:service).provide :systemd, :parent => :base do
   def get_start_link_count
     # Start links don't include '.service'. Just search for the service name.
-    if @resource[:name].match(/\.service/)
+    if @resource[:name] =~ /\.service/
       link_name = @resource[:name].split('.')[0]
     else
       link_name = @resource[:name]
@@ -69,13 +81,14 @@ Puppet::Type.type(:service).provide :systemd, :parent => :base do
   def cached_enabled?
     return @cached_enabled if @cached_enabled
-    cmd = [command(:systemctl), 'is-enabled', @resource[:name]]
-    @cached_enabled = execute(cmd, :failonfail => false).strip
+    cmd = [command(:systemctl), 'is-enabled', '--', @resource[:name]]
+    result = execute(cmd, :failonfail => false)
+    @cached_enabled = { output: result.chomp, exitcode: result.exitstatus }
   end
   def enabled?
-    output = cached_enabled?
-    code = $CHILD_STATUS.exitstatus
+    output = cached_enabled?[:output]
+    code = cached_enabled?[:exitcode]
     # The masked state is equivalent to the disabled state in terms of
     # comparison so we only care to check if it is masked if we want to keep
@@ -88,7 +101,7 @@ Puppet::Type.type(:service).provide :systemd, :parent => :base do
     # The indirect state indicates that the unit is not enabled.
     return :false if output == 'indirect'
     return :true if (code == 0)
-    if (output.empty?) && (code > 0) && (Facter.value(:osfamily).downcase == 'debian')
+    if (output.empty?) && (code > 0) && (Facter.value(:osfamily).casecmp('debian').zero?)
       ret = debian_enabled?
       return ret if ret
     end
@@ -136,20 +149,20 @@ Puppet::Type.type(:service).provide :systemd, :parent => :base do
   end
   def restartcmd
-    [command(:systemctl), "restart", @resource[:name]]
+    [command(:systemctl), "restart", '--', @resource[:name]]
   end
   def startcmd
     self.unmask
-    [command(:systemctl), "start", @resource[:name]]
+    [command(:systemctl), "start", '--', @resource[:name]]
   end
   def stopcmd
-    [command(:systemctl), "stop", @resource[:name]]
+    [command(:systemctl), "stop", '--', @resource[:name]]
   end
   def statuscmd
-    [command(:systemctl), "is-active", @resource[:name]]
+    [command(:systemctl), "is-active", '--', @resource[:name]]
   end
   def restart

data/lib/puppet/provider/service/windows.rb CHANGED

@@ -34,6 +34,12 @@ Puppet::Type.type(:service).provide :windows, :parent => :service do
     raise Puppet::Error.new(_("Cannot enable %{resource_name} for manual start, error was: %{detail}") % { resource_name: @resource[:name], detail: detail }, detail )
   end
+  def delayed_start
+    Puppet::Util::Windows::Service.set_startup_mode( @resource[:name], :SERVICE_AUTO_START, true )
+  rescue => detail
+    raise Puppet::Error.new(_("Cannot enable %{resource_name} for delayed start, error was: %{detail}") % { resource_name: @resource[:name], detail: detail }, detail )
+  end
   def enabled?
     return :false unless Puppet::Util::Windows::Service.exists?(@resource[:name])
@@ -46,6 +52,8 @@ Puppet::Type.type(:service).provide :windows, :parent => :service do
         :true
       when :SERVICE_DEMAND_START
         :manual
+      when :SERVICE_DELAYED_AUTO_START
+        :delayed
       when :SERVICE_DISABLED
         :false
       else

data/lib/puppet/provider/user/directoryservice.rb CHANGED

@@ -386,7 +386,7 @@ Puppet::Type.type(:user).provide :directoryservice do
     if (Puppet::Util::Package.versioncmp(self.class.get_os_version, '10.7') > 0)
       assert_full_pbkdf2_password
-      sleep 2
+      sleep 3
       flush_dscl_cache
       users_plist = get_users_plist(@resource.name)
       shadow_hash_data = get_shadow_hash_data(users_plist)
@@ -403,7 +403,7 @@ Puppet::Type.type(:user).provide :directoryservice do
     if (Puppet::Util::Package.versioncmp(self.class.get_os_version, '10.7') > 0)
       assert_full_pbkdf2_password
-      sleep 2
+      sleep 3
       flush_dscl_cache
       users_plist = get_users_plist(@resource.name)
       shadow_hash_data = get_shadow_hash_data(users_plist)
@@ -434,8 +434,8 @@ Puppet::Type.type(:user).provide :directoryservice do
   ['home', 'uid', 'gid', 'comment', 'shell'].each do |setter_method|
     define_method("#{setter_method}=") do |value|
       if @property_hash[setter_method.intern]
-        if self.class.get_os_version == '10.14' && %w(home uid).include?(setter_method)
-          raise Puppet::Error, "OS X version 10\.14 does not allow changing #{setter_method} using puppet"
+        if self.class.get_os_version.split('.').last.to_i >= 14 && %w(home uid).include?(setter_method)
+          raise Puppet::Error, "OS X version #{self.class.get_os_version} does not allow changing #{setter_method} using puppet"
         end
         begin
           dscl '.', '-change', "/Users/#{resource.name}", self.class.ns_to_ds_attribute_map[setter_method.intern], @property_hash[setter_method.intern], value
@@ -503,7 +503,7 @@ Puppet::Type.type(:user).provide :directoryservice do
   def next_system_id(min_id=20)
     dscl_output = dscl '.', '-list', '/Users', 'uid'
     # We're ok with throwing away negative uids here. Also, remove nil values.
-    user_ids = dscl_output.split.compact.collect { |l| l.to_i if l.match(/^\d+$/) }
+    user_ids = dscl_output.split.compact.collect { |l| l.to_i if l =~ /^\d+$/ }
     ids = user_ids.compact!.sort! { |a,b| a.to_f <=> b.to_f }
     # We're just looking for an unused id in our sorted array.
     ids.each_index do |i|
@@ -571,7 +571,32 @@ Puppet::Type.type(:user).provide :directoryservice do
     else
       users_plist['ShadowHashData'] = [binary_plist]
     end
-    write_users_plist_to_disk(users_plist)
+    if Puppet::Util::Package.versioncmp(self.class.get_os_version, '10.15') < 0
+      write_users_plist_to_disk(users_plist)
+    else
+      write_and_import_shadow_hash_data(users_plist['ShadowHashData'].first)
+    end
+  end
+  # This method writes the ShadowHashData plist in a temporary file,
+  # then imports it using dsimport. macOS versions 10.15 and newer do
+  # not support directly managing binary plists, so we have to use an
+  # intermediary.
+  # dsimport is an archaic utilitary with hard-to-find documentation
+  #
+  # See http://web.archive.org/web/20090106120111/http://support.apple.com/kb/TA21305?viewlocale=en_US
+  # for information regarding the dsimport syntax
+  def write_and_import_shadow_hash_data(data_plist)
+    Tempfile.create("dsimport_#{@resource.name}", :encoding => Encoding::ASCII) do |dsimport_file|
+      dsimport_file.write <<-DSIMPORT
+0x0A 0x5C 0x3A 0x2C dsRecTypeStandard:Users 2 dsAttrTypeStandard:RecordName base64:dsAttrTypeNative:ShadowHashData
+#{@resource.name}:#{Base64.strict_encode64(data_plist)}
+      DSIMPORT
+      dsimport_file.flush
+      # Delete the user's existing ShadowHashData, since dsimport appends, not replaces
+      dscl('.', 'delete', "/Users/#{@resource.name}", 'ShadowHashData')
+      dsimport(dsimport_file.path, '/Local/Default', 'M')
+    end
   end
   # This method accepts an argument of a hex password hash, and base64

data/lib/puppet/provider/user/hpux.rb CHANGED

@@ -29,7 +29,7 @@ Puppet::Type.type(:user).provide :hpuxuseradd, :parent => :useradd do
   def modifycmd(param,value)
      cmd = super(param, value)
-     cmd << "-F"
+     cmd.insert(1,"-F")
      if trusted then
        # Append an additional command to reset the password age to 0
        # until a workaround with expiry module can be found for trusted

data/lib/puppet/provider/user/pw.rb CHANGED

@@ -66,11 +66,11 @@ Puppet::Type.type(:user).provide :pw, :parent => Puppet::Provider::NameService::
   # use pw to update password hash
   def password=(cryptopw)
-    Puppet.debug "change password for user '#{@resource[:name]}' method called with hash '#{cryptopw}'"
+    Puppet.debug "change password for user '#{@resource[:name]}' method called with hash [redacted]"
     stdin, _, _ = Open3.popen3("pw user mod #{@resource[:name]} -H 0")
     stdin.puts(cryptopw)
     stdin.close
-    Puppet.debug "finished password for user '#{@resource[:name]}' method called with hash '#{cryptopw}'"
+    Puppet.debug "finished password for user '#{@resource[:name]}' method called with hash [redacted]"
   end
   # get password from /etc/master.passwd
@@ -78,10 +78,19 @@ Puppet::Type.type(:user).provide :pw, :parent => Puppet::Provider::NameService::
     Puppet.debug "checking password for user '#{@resource[:name]}' method called"
     current_passline = `getent passwd #{@resource[:name]}`
     current_password = current_passline.chomp.split(':')[1] if current_passline
-    Puppet.debug "finished password for user '#{@resource[:name]}' method called : '#{current_password}'"
+    Puppet.debug "finished password for user '#{@resource[:name]}' method called : [redacted]"
     current_password
   end
+  def has_sensitive_data?(property = nil)
+    #Check for sensitive values?
+    properties = property ? [property] : Puppet::Type.type(:user).validproperties
+    properties.any? do |prop|
+      p = @resource.parameter(prop)
+      p && p.respond_to?(:is_sensitive) && p.is_sensitive
+    end
+  end
   # Get expiry from system and convert to Puppet-style date
   def expiry
     expiry = self.get(:expiry)

data/lib/puppet/provider/user/user_role_add.rb CHANGED

@@ -36,7 +36,7 @@ Puppet::Type.type(:user).provide :user_role_add, :parent => :useradd, :source =>
   has_features :manages_homedir, :allows_duplicates, :manages_solaris_rbac, :manages_passwords, :manages_password_age, :manages_shell
   def check_valid_shell
-    unless File.exists?(@resource.should(:shell))
+    unless File.exist?(@resource.should(:shell))
       raise(Puppet::Error, "Shell #{@resource.should(:shell)} must exist")
     end
     unless File.executable?(@resource.should(:shell).to_s)
@@ -202,6 +202,10 @@ Puppet::Type.type(:user).provide :user_role_add, :parent => :useradd, :source =>
     shadow_entry[5].empty? ? -1 : shadow_entry[5]
   end
+  def has_sensitive_data?(property = nil)
+    false
+  end
   # Read in /etc/shadow, find the line for our used and rewrite it with the
   # new pw.  Smooth like 80 grit sandpaper.
   #

data/lib/puppet/provider/user/useradd.rb CHANGED

@@ -21,7 +21,11 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
   options :expiry, :method => :sp_expire,
     :munge => proc { |value|
       if value == :absent
-        ''
+        if Facter.value(:operatingsystem)=='SLES' && Facter.value(:operatingsystemmajrelease) == "11"
+          -1
+        else
+          ''
+        end
       else
         case Facter.value(:operatingsystem)
         when 'Solaris'
@@ -55,35 +59,43 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
      get(:uid)
   end
+  def comment
+     return localcomment if @resource.forcelocal?
+     get(:comment)
+  end
   def finduser(key, value)
     passwd_file = "/etc/passwd"
-    passwd_keys = ['account', 'password', 'uid', 'gid', 'gecos', 'directory', 'shell']
+    passwd_keys = [:account, :password, :uid, :gid, :gecos, :directory, :shell]
     index = passwd_keys.index(key)
-    File.open(passwd_file) do |f|
-      f.each_line do |line|
-         user = line.split(":")
-         if user[index] == value
-             f.close
-             return user
-         end
+    @passwd_content ||= File.read(passwd_file)
+    @passwd_content.each_line do |line|
+      user = line.split(":")
+      if user[index] == value
+        return Hash[passwd_keys.zip(user)]
       end
     end
     false
   end
   def local_username
-    finduser('uid', @resource.uid)
+    finduser(:uid, @resource.uid)
   end
   def localuid
-    user = finduser('account', resource[:name])
-    return user[2] if user
+    user = finduser(:account, resource[:name])
+    return user[:uid] if user
     false
   end
+  def localcomment
+    user = finduser(:account, resource[:name])
+    user[:gecos]
+  end
   def shell=(value)
     check_valid_shell
-    set("shell", value)
+    set(:shell, value)
   end
   verify :gid, "GID must be an integer" do |value|
@@ -106,8 +118,8 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
     # to ensure consistent behaviour of the useradd provider when
     # using both useradd and luseradd
     if (!@resource.allowdupe?) && @resource.forcelocal?
-       if @resource.should(:uid) && finduser('uid', @resource.should(:uid).to_s)
-           raise(Puppet::Error, "UID #{@resource.should(:uid).to_s} already exists, use allowdupe to force user creation")
+       if @resource.should(:uid) && finduser(:uid, @resource.should(:uid).to_s)
+           raise(Puppet::Error, "UID #{@resource.should(:uid)} already exists, use allowdupe to force user creation")
        end
     elsif @resource.allowdupe? && (!@resource.forcelocal?)
        return ["-o"]
@@ -116,7 +128,7 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
   end
   def check_valid_shell
-    unless File.exists?(@resource.should(:shell))
+    unless File.exist?(@resource.should(:shell))
       raise(Puppet::Error, "Shell #{@resource.should(:shell)} must exist")
     end
     unless File.executable?(@resource.should(:shell).to_s)
@@ -126,10 +138,17 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
   def check_manage_home
     cmd = []
-    if @resource.managehome? && (!@resource.forcelocal?)
-      cmd << "-m"
-    elsif (!@resource.managehome?) && Facter.value(:osfamily) == 'RedHat'
-      cmd << "-M"
+    if @resource.managehome?
+      # libuser does not implement the -m flag
+      cmd << "-m" unless @resource.forcelocal?
+    else
+      osfamily = Facter.value(:osfamily)
+      osversion = Facter.value(:operatingsystemmajrelease).to_i
+      # SLES 11 uses pwdutils instead of shadow, which does not have -M
+      # Solaris and OpenBSD use different useradd flavors
+      unless osfamily =~ /Solaris|OpenBSD/ || osfamily == 'Suse' && osversion <= 11
+        cmd << "-M"
+      end
     end
     cmd
   end
@@ -147,19 +166,35 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
     # validproperties is a list of properties in undefined order
     # sort them to have a predictable command line in tests
     Puppet::Type.type(:user).validproperties.sort.each do |property|
-      next if property == :ensure
-      next if property_manages_password_age?(property)
-      next if (property == :groups) && @resource.forcelocal?
-      next if (property == :expiry) && @resource.forcelocal?
+      value = get_value_for_property(property)
+      next if value.nil?
       # the value needs to be quoted, mostly because -c might
       # have spaces in it
-      if (value = @resource.should(property)) && (value != "")
-        cmd << flag(property) << munge(property, value)
-      end
+      cmd << flag(property) << munge(property, value)
     end
     cmd
   end
+  def get_value_for_property(property)
+    return nil if property == :ensure
+    return nil if property_manages_password_age?(property)
+    return nil if property == :groups and @resource.forcelocal?
+    return nil if property == :expiry and @resource.forcelocal?
+    value = @resource.should(property)
+    return nil if !value || value == ""
+    value
+  end
+  def has_sensitive_data?(property = nil)
+    #Check for sensitive values?
+    properties = property ? [property] : Puppet::Type.type(:user).validproperties
+    properties.any? do |prop|
+      p = @resource.parameter(prop)
+      p && p.respond_to?(:is_sensitive) && p.is_sensitive
+    end
+  end
   def addcmd
     if @resource.forcelocal?
       cmd = [command(:localadd)]