puppet 5.5.6-universal-darwin → 5.5.7-universal-darwin

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of puppet might be problematic. Click here for more details.

Files changed (152) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +3 -1
  3. data/Gemfile.lock +12 -12
  4. data/Rakefile +9 -0
  5. data/lib/puppet/application.rb +5 -0
  6. data/lib/puppet/application/apply.rb +1 -0
  7. data/lib/puppet/application/master.rb +9 -7
  8. data/lib/puppet/application/script.rb +1 -1
  9. data/lib/puppet/defaults.rb +51 -31
  10. data/lib/puppet/etc.rb +20 -0
  11. data/lib/puppet/file_serving/fileset.rb +1 -1
  12. data/lib/puppet/functions.rb +123 -0
  13. data/lib/puppet/functions/new.rb +37 -53
  14. data/lib/puppet/functions/warning.rb +1 -1
  15. data/lib/puppet/loaders.rb +1 -0
  16. data/lib/puppet/parser/functions.rb +3 -1
  17. data/lib/puppet/parser/functions/sprintf.rb +12 -1
  18. data/lib/puppet/pops/evaluator/runtime3_converter.rb +16 -0
  19. data/lib/puppet/pops/evaluator/runtime3_support.rb +3 -4
  20. data/lib/puppet/pops/issues.rb +8 -0
  21. data/lib/puppet/pops/loader/loader.rb +2 -2
  22. data/lib/puppet/pops/loader/loader_paths.rb +3 -1
  23. data/lib/puppet/pops/loader/module_loaders.rb +1 -1
  24. data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +62 -0
  25. data/lib/puppet/pops/loaders.rb +5 -21
  26. data/lib/puppet/pops/parser/heredoc_support.rb +1 -2
  27. data/lib/puppet/pops/parser/lexer2.rb +1 -1
  28. data/lib/puppet/pops/validation/checker4_0.rb +31 -6
  29. data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -0
  30. data/lib/puppet/property/keyvalue.rb +70 -8
  31. data/lib/puppet/provider/aix_object.rb +483 -0
  32. data/lib/puppet/provider/exec.rb +54 -57
  33. data/lib/puppet/provider/group/aix.rb +40 -115
  34. data/lib/puppet/provider/group/pw.rb +4 -8
  35. data/lib/puppet/provider/group/windows_adsi.rb +7 -4
  36. data/lib/puppet/provider/nameservice.rb +1 -25
  37. data/lib/puppet/provider/nameservice/directoryservice.rb +5 -3
  38. data/lib/puppet/provider/package/portage.rb +2 -2
  39. data/lib/puppet/provider/package/windows.rb +2 -2
  40. data/lib/puppet/provider/package/windows/exe_package.rb +3 -10
  41. data/lib/puppet/provider/package/zypper.rb +1 -1
  42. data/lib/puppet/provider/service/launchd.rb +19 -3
  43. data/lib/puppet/provider/service/windows.rb +49 -40
  44. data/lib/puppet/provider/user/aix.rb +180 -246
  45. data/lib/puppet/provider/user/windows_adsi.rb +9 -1
  46. data/lib/puppet/resource/catalog.rb +1 -5
  47. data/lib/puppet/type/augeas.rb +1 -1
  48. data/lib/puppet/type/exec.rb +16 -14
  49. data/lib/puppet/type/file.rb +2 -2
  50. data/lib/puppet/type/file/source.rb +9 -5
  51. data/lib/puppet/type/group.rb +65 -23
  52. data/lib/puppet/type/k5login.rb +2 -2
  53. data/lib/puppet/type/notify.rb +1 -1
  54. data/lib/puppet/type/package.rb +3 -6
  55. data/lib/puppet/type/resources.rb +12 -2
  56. data/lib/puppet/type/schedule.rb +8 -1
  57. data/lib/puppet/type/selboolean.rb +2 -2
  58. data/lib/puppet/type/selmodule.rb +3 -4
  59. data/lib/puppet/type/service.rb +2 -5
  60. data/lib/puppet/type/tidy.rb +1 -1
  61. data/lib/puppet/type/user.rb +15 -20
  62. data/lib/puppet/type/yumrepo.rb +2 -2
  63. data/lib/puppet/type/zone.rb +2 -2
  64. data/lib/puppet/util.rb +7 -3
  65. data/lib/puppet/util/execution.rb +15 -1
  66. data/lib/puppet/util/posix.rb +15 -0
  67. data/lib/puppet/util/storage.rb +12 -0
  68. data/lib/puppet/util/windows.rb +4 -2
  69. data/lib/puppet/util/windows/adsi.rb +235 -205
  70. data/lib/puppet/util/windows/process.rb +23 -3
  71. data/lib/puppet/util/windows/security.rb +14 -0
  72. data/lib/puppet/util/windows/service.rb +977 -0
  73. data/lib/puppet/util/windows/user.rb +3 -5
  74. data/lib/puppet/version.rb +1 -1
  75. data/locales/ja/puppet.po +705 -374
  76. data/locales/puppet.pot +485 -261
  77. data/man/man5/puppet.conf.5 +36 -15
  78. data/man/man8/puppet-agent.8 +1 -1
  79. data/man/man8/puppet-apply.8 +1 -1
  80. data/man/man8/puppet-ca.8 +1 -1
  81. data/man/man8/puppet-catalog.8 +1 -1
  82. data/man/man8/puppet-cert.8 +1 -1
  83. data/man/man8/puppet-certificate.8 +1 -1
  84. data/man/man8/puppet-certificate_request.8 +1 -1
  85. data/man/man8/puppet-certificate_revocation_list.8 +1 -1
  86. data/man/man8/puppet-config.8 +1 -1
  87. data/man/man8/puppet-describe.8 +1 -1
  88. data/man/man8/puppet-device.8 +1 -1
  89. data/man/man8/puppet-doc.8 +1 -1
  90. data/man/man8/puppet-epp.8 +1 -1
  91. data/man/man8/puppet-facts.8 +1 -1
  92. data/man/man8/puppet-filebucket.8 +1 -1
  93. data/man/man8/puppet-generate.8 +1 -1
  94. data/man/man8/puppet-help.8 +1 -1
  95. data/man/man8/puppet-key.8 +1 -1
  96. data/man/man8/puppet-lookup.8 +1 -1
  97. data/man/man8/puppet-man.8 +1 -1
  98. data/man/man8/puppet-master.8 +1 -1
  99. data/man/man8/puppet-module.8 +1 -1
  100. data/man/man8/puppet-node.8 +1 -1
  101. data/man/man8/puppet-parser.8 +1 -1
  102. data/man/man8/puppet-plugin.8 +1 -1
  103. data/man/man8/puppet-report.8 +1 -1
  104. data/man/man8/puppet-resource.8 +1 -1
  105. data/man/man8/puppet-script.8 +1 -1
  106. data/man/man8/puppet-status.8 +1 -1
  107. data/man/man8/puppet.8 +2 -2
  108. data/spec/fixtures/unit/provider/aix_object/aix_colon_list_real_world_input.out +1 -0
  109. data/spec/fixtures/unit/provider/aix_object/aix_colon_list_real_world_output.out +1 -0
  110. data/spec/fixtures/unit/provider/user/aix/aix_passwd_file.out +32 -0
  111. data/spec/integration/parser/collection_spec.rb +4 -8
  112. data/spec/integration/provider/service/windows_spec.rb +5 -5
  113. data/spec/integration/type/file_spec.rb +6 -6
  114. data/spec/integration/util/windows/adsi_spec.rb +6 -5
  115. data/spec/integration/util/windows/security_spec.rb +10 -7
  116. data/spec/integration/util/windows/user_spec.rb +37 -17
  117. data/spec/spec_helper.rb +0 -1
  118. data/spec/unit/application/apply_spec.rb +41 -2
  119. data/spec/unit/application/master_spec.rb +7 -0
  120. data/spec/unit/application_spec.rb +21 -3
  121. data/spec/unit/defaults_spec.rb +20 -0
  122. data/spec/unit/etc_spec.rb +25 -0
  123. data/spec/unit/file_serving/fileset_spec.rb +11 -11
  124. data/spec/unit/gettext/config_spec.rb +1 -1
  125. data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +6 -6
  126. data/spec/unit/pops/loaders/loaders_spec.rb +40 -7
  127. data/spec/unit/pops/parser/parse_heredoc_spec.rb +16 -0
  128. data/spec/unit/pops/validator/validator_spec.rb +129 -10
  129. data/spec/unit/property/keyvalue_spec.rb +97 -6
  130. data/spec/unit/provider/aix_object_spec.rb +805 -0
  131. data/spec/unit/provider/group/aix_spec.rb +57 -0
  132. data/spec/unit/provider/group/pw_spec.rb +0 -6
  133. data/spec/unit/provider/group/windows_adsi_spec.rb +34 -35
  134. data/spec/unit/provider/nameservice/directoryservice_spec.rb +2 -2
  135. data/spec/unit/provider/package/windows/exe_package_spec.rb +3 -3
  136. data/spec/unit/provider/package/windows_spec.rb +4 -4
  137. data/spec/unit/provider/service/launchd_spec.rb +19 -0
  138. data/spec/unit/provider/service/windows_spec.rb +71 -78
  139. data/spec/unit/provider/user/aix_spec.rb +162 -116
  140. data/spec/unit/provider/user/windows_adsi_spec.rb +4 -4
  141. data/spec/unit/resource/catalog_spec.rb +2 -2
  142. data/spec/unit/ssl/certificate_authority_spec.rb +0 -1
  143. data/spec/unit/type/group_spec.rb +111 -13
  144. data/spec/unit/type/resources_spec.rb +18 -0
  145. data/spec/unit/util/execution_spec.rb +77 -0
  146. data/spec/unit/util/posix_spec.rb +28 -0
  147. data/spec/unit/util/storage_spec.rb +107 -0
  148. data/spec/unit/util/windows/adsi_spec.rb +108 -13
  149. data/spec/unit/util/windows/service_spec.rb +669 -0
  150. metadata +17 -5
  151. data/lib/puppet/provider/aixobject.rb +0 -392
  152. data/spec/unit/provider/aixobject_spec.rb +0 -101
@@ -124,7 +124,15 @@ Puppet::Type.type(:user).provide :windows_adsi do
124
124
  end
125
125
 
126
126
  def password=(value)
127
- user.password = value
127
+ if user.disabled?
128
+ warning _("The user account '%s' is disabled; puppet will not reset the password" % @resource[:name])
129
+ elsif user.locked_out?
130
+ warning _("The user account '%s' is locked out; puppet will not reset the password" % @resource[:name])
131
+ elsif user.expired?
132
+ warning _("The user account '%s' is expired; puppet will not reset the password" % @resource[:name])
133
+ else
134
+ user.password = value
135
+ end
128
136
  end
129
137
 
130
138
  def uid
@@ -559,11 +559,7 @@ class Puppet::Resource::Catalog < Puppet::Graph::SimpleGraph
559
559
  Puppet::FileSystem.open(resourcefile.value, resourcefile.mode.to_i(8), "w:UTF-8") do |f|
560
560
  to_print = resources.map do |resource|
561
561
  next unless resource.managed?
562
- if resource.name_var
563
- "#{resource.type}[#{resource[resource.name_var]}]"
564
- else
565
- "#{resource.ref.downcase}"
566
- end
562
+ "#{resource.ref.downcase}"
567
563
  end.compact
568
564
  f.puts to_print.join("\n")
569
565
  end
@@ -143,7 +143,7 @@ Puppet::Type.newtype(:augeas) do
143
143
  end
144
144
 
145
145
  newparam(:type_check) do
146
- desc "Whether augeas should perform typechecking. Defaults to false."
146
+ desc "Whether augeas should perform typechecking."
147
147
  newvalues(:true, :false)
148
148
 
149
149
  defaultto :false
@@ -78,8 +78,8 @@ module Puppet
78
78
 
79
79
  attr_reader :output
80
80
  desc "The expected exit code(s). An error will be returned if the
81
- executed command has some other exit code. Defaults to 0. Can be
82
- specified as an array of acceptable exit codes or a single value.
81
+ executed command has some other exit code. Can be specified as an array
82
+ of acceptable exit codes or a single value.
83
83
 
84
84
  On POSIX systems, exit codes are always integers between 0 and 255.
85
85
 
@@ -197,14 +197,17 @@ module Puppet
197
197
  end
198
198
 
199
199
  newparam(:user) do
200
- desc "The user to run the command as. Note that if you
201
- use this then any error output is not currently captured. This
202
- is because of a bug within Ruby. If you are using Puppet to
203
- create this user, the exec will automatically require the user,
204
- as long as it is specified by name.
200
+ desc "The user to run the command as.
201
+
202
+ > **Note:** Puppet cannot execute commands as other users on Windows.
205
203
 
206
- Please note that the $HOME environment variable is not automatically set
207
- when using this attribute."
204
+ Note that if you use this attribute, any error output is not captured
205
+ due to a bug within Ruby. If you use Puppet to create this user, the
206
+ exec automatically requires the user, as long as it is specified by
207
+ name.
208
+
209
+ The $HOME environment variable is not automatically set when using
210
+ this attribute."
208
211
 
209
212
  validate do |user|
210
213
  if Puppet.features.microsoft_windows?
@@ -230,7 +233,7 @@ module Puppet
230
233
 
231
234
  newparam(:logoutput) do
232
235
  desc "Whether to log command output in addition to logging the
233
- exit code. Defaults to `on_failure`, which only logs the output
236
+ exit code. Defaults to `on_failure`, which only logs the output
234
237
  when the command has an exit code that does not match any value
235
238
  specified by the `returns` attribute. As with any resource type,
236
239
  the log level can be controlled with the `loglevel` metaparameter."
@@ -305,10 +308,9 @@ module Puppet
305
308
 
306
309
  newparam(:tries) do
307
310
  desc "The number of times execution of the command should be tried.
308
- Defaults to '1'. This many attempts will be made to execute
309
- the command until an acceptable return code is returned.
310
- Note that the timeout parameter applies to each try rather than
311
- to the complete set of tries."
311
+ This many attempts will be made to execute the command until an
312
+ acceptable return code is returned. Note that the timeout parameter
313
+ applies to each try rather than to the complete set of tries."
312
314
 
313
315
  munge do |value|
314
316
  if value.is_a?(String)
@@ -207,7 +207,7 @@ Puppet::Type.newtype(:file) do
207
207
  whose content doesn't match what the `source` or `content` attribute
208
208
  specifies. Setting this to false allows file resources to initialize files
209
209
  without overwriting future changes. Note that this only affects content;
210
- Puppet will still manage ownership and permissions. Defaults to `true`."
210
+ Puppet will still manage ownership and permissions."
211
211
  defaultto :true
212
212
  end
213
213
 
@@ -320,7 +320,7 @@ Puppet::Type.newtype(:file) do
320
320
 
321
321
  newparam(:validate_replacement) do
322
322
  desc "The replacement string in a `validate_cmd` that will be replaced
323
- with an input file name. Defaults to: `%`"
323
+ with an input file name."
324
324
 
325
325
  defaultto '%'
326
326
  end
@@ -31,7 +31,7 @@ module Puppet
31
31
  * Fully qualified paths to locally available files (including files on NFS
32
32
  shares or Windows mapped drives).
33
33
  * `file:` URIs, which behave the same as local file paths.
34
- * `http:` URIs, which point to files served by common web servers
34
+ * `http:` URIs, which point to files served by common web servers.
35
35
 
36
36
  The normal form of a `puppet:` URI is:
37
37
 
@@ -47,10 +47,14 @@ module Puppet
47
47
  a source directory contains symlinks, use the `links` attribute to
48
48
  specify whether to recreate links or follow them.
49
49
 
50
- *HTTP* URIs cannot be used to recursively synchronize whole directory
51
- trees. It is also not possible to use `source_permissions` values other
52
- than `ignore`. That's because HTTP servers do not transfer any metadata
53
- that translates to ownership or permission details.
50
+ _HTTP_ URIs cannot be used to recursively synchronize whole directory
51
+ trees. You cannot use `source_permissions` values other than `ignore`
52
+ because HTTP servers do not transfer any metadata that translates to
53
+ ownership or permission details.
54
+
55
+ The `http` source uses the server `Content-MD5` header as a checksum to
56
+ determine if the remote file has changed. If the server response does not
57
+ include that header, Puppet defaults to using the `Last-Modified` header.
54
58
 
55
59
  Multiple `source` values can be specified as an array, and Puppet will
56
60
  use the first source that exists. This can be used to serve different
@@ -1,6 +1,7 @@
1
1
  require 'etc'
2
2
  require 'facter'
3
3
  require 'puppet/property/keyvalue'
4
+ require 'puppet/property/list'
4
5
  require 'puppet/parameter/boolean'
5
6
 
6
7
  module Puppet
@@ -81,41 +82,84 @@ module Puppet
81
82
  end
82
83
  end
83
84
 
84
- newproperty(:members, :array_matching => :all, :required_features => :manages_members) do
85
+ newproperty(:members, :parent => Puppet::Property::List, :required_features => :manages_members) do
85
86
  desc "The members of the group. For platforms or directory services where group
86
87
  membership is stored in the group objects, not the users. This parameter's
87
88
  behavior can be configured with `auth_membership`."
88
89
 
89
- def change_to_s(currentvalue, newvalue)
90
- currentvalue = currentvalue.join(",") if currentvalue != :absent
91
- newvalue = newvalue.join(",")
92
- super(currentvalue, newvalue)
90
+ validate do |value|
91
+ unless value.is_a?(String)
92
+ raise ArgumentError, _("The members property must be specified as either an array of strings, or as a single string consisting of a comma-separated list of members")
93
+ end
94
+
95
+ if value.is_a?(Integer) || value =~ /^\d+$/
96
+ raise ArgumentError, _("User names must be provided, not UID numbers.")
97
+ end
98
+
99
+ if value.empty?
100
+ raise ArgumentError, _("User names must not be empty. If you want to specify \"no users\" pass an empty array")
101
+ end
102
+
103
+ if provider.respond_to?(:member_valid?)
104
+ return provider.member_valid?(value)
105
+ end
93
106
  end
94
107
 
95
- def insync?(current)
96
- if provider.respond_to?(:members_insync?)
97
- return provider.members_insync?(current, @should)
108
+ def inclusive?
109
+ @resource[:auth_membership]
110
+ end
111
+
112
+ def change_to_s(currentvalue, newvalue)
113
+ newvalue = newvalue.split(",") if newvalue != :absent
114
+
115
+ if provider.respond_to?(:members_to_s)
116
+ # for Windows ADSI
117
+ # de-dupe the "newvalue" when the sync event message is generated,
118
+ # due to final retrieve called after the resource has been modified
119
+ newvalue = provider.members_to_s(newvalue).split(',').uniq
98
120
  end
99
121
 
100
- super(current)
122
+ super(currentvalue, newvalue)
101
123
  end
102
124
 
103
- def is_to_s(currentvalue)
125
+ # override Puppet::Property::List#retrieve
126
+ def retrieve
104
127
  if provider.respond_to?(:members_to_s)
105
- currentvalue = '' if currentvalue.nil?
106
- currentvalue = currentvalue.is_a?(Array) ? currentvalue : currentvalue.split(',')
128
+ # Windows ADSI members returns SIDs, but retrieve needs names
129
+ # must return qualified names for SIDs for "is" value and puppet resource
130
+ return provider.members_to_s(provider.members).split(',')
131
+ end
107
132
 
108
- return provider.members_to_s(currentvalue)
133
+ super
134
+ end
135
+
136
+ # The members property should also accept a comma separated
137
+ # list of members (a String parameter) for backwards
138
+ # compatibility. Unfortunately, the List property would treat
139
+ # our comma separated list of members as a single-element Array.
140
+ # This override of should= ensures that a comma separated list of
141
+ # members is munged to an array of members, which is what we want.
142
+ # Note that we cannot use `munge` because that will pass in each
143
+ # array element instead of the entire array if the members property
144
+ # is specified as an array of members, which would cause each member
145
+ # to be munged into an array for that case. This is undesirable
146
+ # behavior.
147
+ def should=(values)
148
+ super(values)
149
+
150
+ if @should.length == 1 && @should.first.include?(delimiter)
151
+ @should = @should.first.split(delimiter)
109
152
  end
110
153
 
111
- super(currentvalue)
154
+ @should
112
155
  end
113
- alias :should_to_s :is_to_s
114
156
 
115
- validate do |value|
116
- if provider.respond_to?(:member_valid?)
117
- return provider.member_valid?(value)
157
+ def insync?(current)
158
+ if provider.respond_to?(:members_insync?)
159
+ return provider.members_insync?(current, @should)
118
160
  end
161
+
162
+ super(current)
119
163
  end
120
164
  end
121
165
 
@@ -141,7 +185,7 @@ module Puppet
141
185
  end
142
186
 
143
187
  newparam(:allowdupe, :boolean => true, :parent => Puppet::Parameter::Boolean) do
144
- desc "Whether to allow duplicate GIDs. Defaults to `false`."
188
+ desc "Whether to allow duplicate GIDs."
145
189
 
146
190
  defaultto false
147
191
  end
@@ -154,6 +198,8 @@ module Puppet
154
198
  desc "Specify group AIX attributes, as an array of `'key=value'` strings. This
155
199
  parameter's behavior can be configured with `attribute_membership`."
156
200
 
201
+ self.log_only_changed_or_new_keys = true
202
+
157
203
  def membership
158
204
  :attribute_membership
159
205
  end
@@ -161,10 +207,6 @@ module Puppet
161
207
  def delimiter
162
208
  " "
163
209
  end
164
-
165
- validate do |value|
166
- raise ArgumentError, _("Attributes value pairs must be separated by an =") unless value.include?("=")
167
- end
168
210
  end
169
211
 
170
212
  newparam(:attribute_membership) do
@@ -29,7 +29,7 @@ Puppet::Type.newtype(:k5login) do
29
29
 
30
30
  # To manage the mode of the file
31
31
  newproperty(:mode) do
32
- desc "The desired permissions mode of the `.k5login` file. Defaults to `644`."
32
+ desc "The desired permissions mode of the `.k5login` file."
33
33
  defaultto { "644" }
34
34
  end
35
35
 
@@ -104,7 +104,7 @@ Puppet::Type.newtype(:k5login) do
104
104
  super
105
105
  end
106
106
 
107
- # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
107
+ # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
108
108
 
109
109
  provide(:k5login) do
110
110
  desc "The k5login provider is the only provider for the k5login
@@ -32,7 +32,7 @@ module Puppet
32
32
  end
33
33
 
34
34
  newparam(:withpath) do
35
- desc "Whether to show the full object path. Defaults to false."
35
+ desc "Whether to show the full object path."
36
36
  defaultto :false
37
37
 
38
38
  newvalues(:true, :false)
@@ -172,7 +172,7 @@ module Puppet
172
172
  when is == @latest
173
173
  return true
174
174
  when is == :present
175
- # This will only happen on retarded packaging systems
175
+ # This will only happen on packaging systems
176
176
  # that can't query versions.
177
177
  return true
178
178
  else
@@ -411,8 +411,7 @@ module Puppet
411
411
 
412
412
  newparam(:configfiles) do
413
413
  desc "Whether to keep or replace modified config files when installing or
414
- upgrading a package. This only affects the `apt` and `dpkg` providers.
415
- Defaults to `keep`."
414
+ upgrading a package. This only affects the `apt` and `dpkg` providers."
416
415
 
417
416
  defaultto :keep
418
417
 
@@ -547,9 +546,7 @@ module Puppet
547
546
 
548
547
  If you use this, be careful of notifying classes when you want to restart
549
548
  services. If the class also contains a refreshable package, doing so could
550
- cause unnecessary re-installs.
551
-
552
- Defaults to `false`."
549
+ cause unnecessary re-installs."
553
550
  newvalues(:true, :false)
554
551
 
555
552
  defaultto :false
@@ -87,6 +87,12 @@ Puppet::Type.newtype(:resources) do
87
87
  end
88
88
  end
89
89
 
90
+ WINDOWS_SYSTEM_SID_REGEXES =
91
+ # Administrator, Guest, Domain Admins, Schema Admins, Enterprise Admins.
92
+ # https://support.microsoft.com/en-us/help/243330/well-known-security-identifiers-in-windows-operating-systems
93
+ [/S-1-5-21.+-500/, /S-1-5-21.+-501/, /S-1-5-21.+-512/, /S-1-5-21.+-518/,
94
+ /S-1-5-21.+-519/]
95
+
90
96
  def check(resource)
91
97
  @checkmethod ||= "#{self[:name]}_check"
92
98
  @hascheck ||= respond_to?(@checkmethod)
@@ -145,8 +151,12 @@ Puppet::Type.newtype(:resources) do
145
151
 
146
152
  return false if system_users.include?(resource[:name])
147
153
  return false if unless_uids && unless_uids.include?(current_uid)
148
-
149
- current_uid > self[:unless_system_user]
154
+ if current_uid.is_a?(String)
155
+ # Windows user; is a system user if any regex matches.
156
+ WINDOWS_SYSTEM_SID_REGEXES.none? { |regex| current_uid =~ regex }
157
+ else
158
+ current_uid > self[:unless_system_user]
159
+ end
150
160
  end
151
161
 
152
162
  def system_users
@@ -46,6 +46,13 @@ module Puppet
46
46
  }
47
47
 
48
48
  This will cause resources to be applied every 30 minutes by default.
49
+
50
+ The `statettl` setting on the agent affects the ability of a schedule to
51
+ determine if a resource has already been checked. If the `statettl` is
52
+ set lower than the span of the associated schedule resource, then a
53
+ resource could be checked & applied multiple times in the schedule as
54
+ the information about when the resource was last checked will have
55
+ expired from the cache.
49
56
  EOT
50
57
 
51
58
  apply_to_all
@@ -312,7 +319,7 @@ module Puppet
312
319
 
313
320
  newparam(:repeat) do
314
321
  desc "How often a given resource may be applied in this schedule's `period`.
315
- Defaults to 1; must be an integer."
322
+ Must be an integer."
316
323
 
317
324
  defaultto 1
318
325
 
@@ -15,8 +15,8 @@ module Puppet
15
15
  end
16
16
 
17
17
  newparam(:persistent) do
18
- desc "If set true, SELinux booleans will be written to disk and persist across reboots.
19
- The default is `false`."
18
+ desc "If set to true, SELinux booleans will be written to disk and persist across
19
+ reboots."
20
20
 
21
21
  defaultto :false
22
22
  newvalues(:true, :false)
@@ -23,10 +23,9 @@ Puppet::Type.newtype(:selmodule) do
23
23
  newparam(:selmoduledir) do
24
24
 
25
25
  desc "The directory to look for the compiled pp module file in.
26
- Currently defaults to `/usr/share/selinux/targeted`. If the
27
- `selmodulepath` attribute is not specified, Puppet will expect to find
28
- the module in `<selmoduledir>/<name>.pp`, where `name` is the value of the
29
- `name` parameter."
26
+ If the `selmodulepath` attribute is not specified, Puppet expects to
27
+ find the module in `<selmoduledir>/<name>.pp`, where `name` is the
28
+ value of the `name` parameter."
30
29
 
31
30
  defaultto "/usr/share/selinux/targeted"
32
31
  end
@@ -135,8 +135,7 @@ module Puppet
135
135
 
136
136
  newparam(:hasstatus) do
137
137
  desc "Declare whether the service's init script has a functional status
138
- command; defaults to `true`. This attribute's default value changed in
139
- Puppet 2.7.0.
138
+ command. This attribute's default value changed in Puppet 2.7.0.
140
139
 
141
140
  The init script's status command must return 0 if the service is
142
141
  running and a nonzero value otherwise. Ideally, these exit codes
@@ -230,9 +229,7 @@ module Puppet
230
229
  newparam :hasrestart do
231
230
  desc "Specify that an init script has a `restart` command. If this is
232
231
  false and you do not specify a command in the `restart` attribute,
233
- the init script's `stop` and `start` commands will be used.
234
-
235
- Defaults to false."
232
+ the init script's `stop` and `start` commands will be used."
236
233
  newvalues(:true, :false)
237
234
  end
238
235
 
@@ -188,7 +188,7 @@ Puppet::Type.newtype(:tidy) do
188
188
  end
189
189
 
190
190
  newparam(:type) do
191
- desc "Set the mechanism for determining age. Default: atime."
191
+ desc "Set the mechanism for determining age."
192
192
 
193
193
  newvalues(:atime, :mtime, :ctime)
194
194