puppet 5.5.6-universal-darwin → 5.5.7-universal-darwin
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Gemfile +3 -1
- data/Gemfile.lock +12 -12
- data/Rakefile +9 -0
- data/lib/puppet/application.rb +5 -0
- data/lib/puppet/application/apply.rb +1 -0
- data/lib/puppet/application/master.rb +9 -7
- data/lib/puppet/application/script.rb +1 -1
- data/lib/puppet/defaults.rb +51 -31
- data/lib/puppet/etc.rb +20 -0
- data/lib/puppet/file_serving/fileset.rb +1 -1
- data/lib/puppet/functions.rb +123 -0
- data/lib/puppet/functions/new.rb +37 -53
- data/lib/puppet/functions/warning.rb +1 -1
- data/lib/puppet/loaders.rb +1 -0
- data/lib/puppet/parser/functions.rb +3 -1
- data/lib/puppet/parser/functions/sprintf.rb +12 -1
- data/lib/puppet/pops/evaluator/runtime3_converter.rb +16 -0
- data/lib/puppet/pops/evaluator/runtime3_support.rb +3 -4
- data/lib/puppet/pops/issues.rb +8 -0
- data/lib/puppet/pops/loader/loader.rb +2 -2
- data/lib/puppet/pops/loader/loader_paths.rb +3 -1
- data/lib/puppet/pops/loader/module_loaders.rb +1 -1
- data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +62 -0
- data/lib/puppet/pops/loaders.rb +5 -21
- data/lib/puppet/pops/parser/heredoc_support.rb +1 -2
- data/lib/puppet/pops/parser/lexer2.rb +1 -1
- data/lib/puppet/pops/validation/checker4_0.rb +31 -6
- data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -0
- data/lib/puppet/property/keyvalue.rb +70 -8
- data/lib/puppet/provider/aix_object.rb +483 -0
- data/lib/puppet/provider/exec.rb +54 -57
- data/lib/puppet/provider/group/aix.rb +40 -115
- data/lib/puppet/provider/group/pw.rb +4 -8
- data/lib/puppet/provider/group/windows_adsi.rb +7 -4
- data/lib/puppet/provider/nameservice.rb +1 -25
- data/lib/puppet/provider/nameservice/directoryservice.rb +5 -3
- data/lib/puppet/provider/package/portage.rb +2 -2
- data/lib/puppet/provider/package/windows.rb +2 -2
- data/lib/puppet/provider/package/windows/exe_package.rb +3 -10
- data/lib/puppet/provider/package/zypper.rb +1 -1
- data/lib/puppet/provider/service/launchd.rb +19 -3
- data/lib/puppet/provider/service/windows.rb +49 -40
- data/lib/puppet/provider/user/aix.rb +180 -246
- data/lib/puppet/provider/user/windows_adsi.rb +9 -1
- data/lib/puppet/resource/catalog.rb +1 -5
- data/lib/puppet/type/augeas.rb +1 -1
- data/lib/puppet/type/exec.rb +16 -14
- data/lib/puppet/type/file.rb +2 -2
- data/lib/puppet/type/file/source.rb +9 -5
- data/lib/puppet/type/group.rb +65 -23
- data/lib/puppet/type/k5login.rb +2 -2
- data/lib/puppet/type/notify.rb +1 -1
- data/lib/puppet/type/package.rb +3 -6
- data/lib/puppet/type/resources.rb +12 -2
- data/lib/puppet/type/schedule.rb +8 -1
- data/lib/puppet/type/selboolean.rb +2 -2
- data/lib/puppet/type/selmodule.rb +3 -4
- data/lib/puppet/type/service.rb +2 -5
- data/lib/puppet/type/tidy.rb +1 -1
- data/lib/puppet/type/user.rb +15 -20
- data/lib/puppet/type/yumrepo.rb +2 -2
- data/lib/puppet/type/zone.rb +2 -2
- data/lib/puppet/util.rb +7 -3
- data/lib/puppet/util/execution.rb +15 -1
- data/lib/puppet/util/posix.rb +15 -0
- data/lib/puppet/util/storage.rb +12 -0
- data/lib/puppet/util/windows.rb +4 -2
- data/lib/puppet/util/windows/adsi.rb +235 -205
- data/lib/puppet/util/windows/process.rb +23 -3
- data/lib/puppet/util/windows/security.rb +14 -0
- data/lib/puppet/util/windows/service.rb +977 -0
- data/lib/puppet/util/windows/user.rb +3 -5
- data/lib/puppet/version.rb +1 -1
- data/locales/ja/puppet.po +705 -374
- data/locales/puppet.pot +485 -261
- data/man/man5/puppet.conf.5 +36 -15
- data/man/man8/puppet-agent.8 +1 -1
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-ca.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-cert.8 +1 -1
- data/man/man8/puppet-certificate.8 +1 -1
- data/man/man8/puppet-certificate_request.8 +1 -1
- data/man/man8/puppet-certificate_revocation_list.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +1 -1
- data/man/man8/puppet-filebucket.8 +1 -1
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-key.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-man.8 +1 -1
- data/man/man8/puppet-master.8 +1 -1
- data/man/man8/puppet-module.8 +1 -1
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-status.8 +1 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/unit/provider/aix_object/aix_colon_list_real_world_input.out +1 -0
- data/spec/fixtures/unit/provider/aix_object/aix_colon_list_real_world_output.out +1 -0
- data/spec/fixtures/unit/provider/user/aix/aix_passwd_file.out +32 -0
- data/spec/integration/parser/collection_spec.rb +4 -8
- data/spec/integration/provider/service/windows_spec.rb +5 -5
- data/spec/integration/type/file_spec.rb +6 -6
- data/spec/integration/util/windows/adsi_spec.rb +6 -5
- data/spec/integration/util/windows/security_spec.rb +10 -7
- data/spec/integration/util/windows/user_spec.rb +37 -17
- data/spec/spec_helper.rb +0 -1
- data/spec/unit/application/apply_spec.rb +41 -2
- data/spec/unit/application/master_spec.rb +7 -0
- data/spec/unit/application_spec.rb +21 -3
- data/spec/unit/defaults_spec.rb +20 -0
- data/spec/unit/etc_spec.rb +25 -0
- data/spec/unit/file_serving/fileset_spec.rb +11 -11
- data/spec/unit/gettext/config_spec.rb +1 -1
- data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +6 -6
- data/spec/unit/pops/loaders/loaders_spec.rb +40 -7
- data/spec/unit/pops/parser/parse_heredoc_spec.rb +16 -0
- data/spec/unit/pops/validator/validator_spec.rb +129 -10
- data/spec/unit/property/keyvalue_spec.rb +97 -6
- data/spec/unit/provider/aix_object_spec.rb +805 -0
- data/spec/unit/provider/group/aix_spec.rb +57 -0
- data/spec/unit/provider/group/pw_spec.rb +0 -6
- data/spec/unit/provider/group/windows_adsi_spec.rb +34 -35
- data/spec/unit/provider/nameservice/directoryservice_spec.rb +2 -2
- data/spec/unit/provider/package/windows/exe_package_spec.rb +3 -3
- data/spec/unit/provider/package/windows_spec.rb +4 -4
- data/spec/unit/provider/service/launchd_spec.rb +19 -0
- data/spec/unit/provider/service/windows_spec.rb +71 -78
- data/spec/unit/provider/user/aix_spec.rb +162 -116
- data/spec/unit/provider/user/windows_adsi_spec.rb +4 -4
- data/spec/unit/resource/catalog_spec.rb +2 -2
- data/spec/unit/ssl/certificate_authority_spec.rb +0 -1
- data/spec/unit/type/group_spec.rb +111 -13
- data/spec/unit/type/resources_spec.rb +18 -0
- data/spec/unit/util/execution_spec.rb +77 -0
- data/spec/unit/util/posix_spec.rb +28 -0
- data/spec/unit/util/storage_spec.rb +107 -0
- data/spec/unit/util/windows/adsi_spec.rb +108 -13
- data/spec/unit/util/windows/service_spec.rb +669 -0
- metadata +17 -5
- data/lib/puppet/provider/aixobject.rb +0 -392
- data/spec/unit/provider/aixobject_spec.rb +0 -101
@@ -124,7 +124,15 @@ Puppet::Type.type(:user).provide :windows_adsi do
|
|
124
124
|
end
|
125
125
|
|
126
126
|
def password=(value)
|
127
|
-
user.
|
127
|
+
if user.disabled?
|
128
|
+
warning _("The user account '%s' is disabled; puppet will not reset the password" % @resource[:name])
|
129
|
+
elsif user.locked_out?
|
130
|
+
warning _("The user account '%s' is locked out; puppet will not reset the password" % @resource[:name])
|
131
|
+
elsif user.expired?
|
132
|
+
warning _("The user account '%s' is expired; puppet will not reset the password" % @resource[:name])
|
133
|
+
else
|
134
|
+
user.password = value
|
135
|
+
end
|
128
136
|
end
|
129
137
|
|
130
138
|
def uid
|
@@ -559,11 +559,7 @@ class Puppet::Resource::Catalog < Puppet::Graph::SimpleGraph
|
|
559
559
|
Puppet::FileSystem.open(resourcefile.value, resourcefile.mode.to_i(8), "w:UTF-8") do |f|
|
560
560
|
to_print = resources.map do |resource|
|
561
561
|
next unless resource.managed?
|
562
|
-
|
563
|
-
"#{resource.type}[#{resource[resource.name_var]}]"
|
564
|
-
else
|
565
|
-
"#{resource.ref.downcase}"
|
566
|
-
end
|
562
|
+
"#{resource.ref.downcase}"
|
567
563
|
end.compact
|
568
564
|
f.puts to_print.join("\n")
|
569
565
|
end
|
data/lib/puppet/type/augeas.rb
CHANGED
@@ -143,7 +143,7 @@ Puppet::Type.newtype(:augeas) do
|
|
143
143
|
end
|
144
144
|
|
145
145
|
newparam(:type_check) do
|
146
|
-
desc "Whether augeas should perform typechecking.
|
146
|
+
desc "Whether augeas should perform typechecking."
|
147
147
|
newvalues(:true, :false)
|
148
148
|
|
149
149
|
defaultto :false
|
data/lib/puppet/type/exec.rb
CHANGED
@@ -78,8 +78,8 @@ module Puppet
|
|
78
78
|
|
79
79
|
attr_reader :output
|
80
80
|
desc "The expected exit code(s). An error will be returned if the
|
81
|
-
executed command has some other exit code.
|
82
|
-
|
81
|
+
executed command has some other exit code. Can be specified as an array
|
82
|
+
of acceptable exit codes or a single value.
|
83
83
|
|
84
84
|
On POSIX systems, exit codes are always integers between 0 and 255.
|
85
85
|
|
@@ -197,14 +197,17 @@ module Puppet
|
|
197
197
|
end
|
198
198
|
|
199
199
|
newparam(:user) do
|
200
|
-
desc "The user to run the command as.
|
201
|
-
|
202
|
-
|
203
|
-
create this user, the exec will automatically require the user,
|
204
|
-
as long as it is specified by name.
|
200
|
+
desc "The user to run the command as.
|
201
|
+
|
202
|
+
> **Note:** Puppet cannot execute commands as other users on Windows.
|
205
203
|
|
206
|
-
|
207
|
-
|
204
|
+
Note that if you use this attribute, any error output is not captured
|
205
|
+
due to a bug within Ruby. If you use Puppet to create this user, the
|
206
|
+
exec automatically requires the user, as long as it is specified by
|
207
|
+
name.
|
208
|
+
|
209
|
+
The $HOME environment variable is not automatically set when using
|
210
|
+
this attribute."
|
208
211
|
|
209
212
|
validate do |user|
|
210
213
|
if Puppet.features.microsoft_windows?
|
@@ -230,7 +233,7 @@ module Puppet
|
|
230
233
|
|
231
234
|
newparam(:logoutput) do
|
232
235
|
desc "Whether to log command output in addition to logging the
|
233
|
-
exit code.
|
236
|
+
exit code. Defaults to `on_failure`, which only logs the output
|
234
237
|
when the command has an exit code that does not match any value
|
235
238
|
specified by the `returns` attribute. As with any resource type,
|
236
239
|
the log level can be controlled with the `loglevel` metaparameter."
|
@@ -305,10 +308,9 @@ module Puppet
|
|
305
308
|
|
306
309
|
newparam(:tries) do
|
307
310
|
desc "The number of times execution of the command should be tried.
|
308
|
-
|
309
|
-
|
310
|
-
|
311
|
-
to the complete set of tries."
|
311
|
+
This many attempts will be made to execute the command until an
|
312
|
+
acceptable return code is returned. Note that the timeout parameter
|
313
|
+
applies to each try rather than to the complete set of tries."
|
312
314
|
|
313
315
|
munge do |value|
|
314
316
|
if value.is_a?(String)
|
data/lib/puppet/type/file.rb
CHANGED
@@ -207,7 +207,7 @@ Puppet::Type.newtype(:file) do
|
|
207
207
|
whose content doesn't match what the `source` or `content` attribute
|
208
208
|
specifies. Setting this to false allows file resources to initialize files
|
209
209
|
without overwriting future changes. Note that this only affects content;
|
210
|
-
Puppet will still manage ownership and permissions.
|
210
|
+
Puppet will still manage ownership and permissions."
|
211
211
|
defaultto :true
|
212
212
|
end
|
213
213
|
|
@@ -320,7 +320,7 @@ Puppet::Type.newtype(:file) do
|
|
320
320
|
|
321
321
|
newparam(:validate_replacement) do
|
322
322
|
desc "The replacement string in a `validate_cmd` that will be replaced
|
323
|
-
with an input file name.
|
323
|
+
with an input file name."
|
324
324
|
|
325
325
|
defaultto '%'
|
326
326
|
end
|
@@ -31,7 +31,7 @@ module Puppet
|
|
31
31
|
* Fully qualified paths to locally available files (including files on NFS
|
32
32
|
shares or Windows mapped drives).
|
33
33
|
* `file:` URIs, which behave the same as local file paths.
|
34
|
-
* `http:` URIs, which point to files served by common web servers
|
34
|
+
* `http:` URIs, which point to files served by common web servers.
|
35
35
|
|
36
36
|
The normal form of a `puppet:` URI is:
|
37
37
|
|
@@ -47,10 +47,14 @@ module Puppet
|
|
47
47
|
a source directory contains symlinks, use the `links` attribute to
|
48
48
|
specify whether to recreate links or follow them.
|
49
49
|
|
50
|
-
|
51
|
-
trees.
|
52
|
-
|
53
|
-
|
50
|
+
_HTTP_ URIs cannot be used to recursively synchronize whole directory
|
51
|
+
trees. You cannot use `source_permissions` values other than `ignore`
|
52
|
+
because HTTP servers do not transfer any metadata that translates to
|
53
|
+
ownership or permission details.
|
54
|
+
|
55
|
+
The `http` source uses the server `Content-MD5` header as a checksum to
|
56
|
+
determine if the remote file has changed. If the server response does not
|
57
|
+
include that header, Puppet defaults to using the `Last-Modified` header.
|
54
58
|
|
55
59
|
Multiple `source` values can be specified as an array, and Puppet will
|
56
60
|
use the first source that exists. This can be used to serve different
|
data/lib/puppet/type/group.rb
CHANGED
@@ -1,6 +1,7 @@
|
|
1
1
|
require 'etc'
|
2
2
|
require 'facter'
|
3
3
|
require 'puppet/property/keyvalue'
|
4
|
+
require 'puppet/property/list'
|
4
5
|
require 'puppet/parameter/boolean'
|
5
6
|
|
6
7
|
module Puppet
|
@@ -81,41 +82,84 @@ module Puppet
|
|
81
82
|
end
|
82
83
|
end
|
83
84
|
|
84
|
-
newproperty(:members, :
|
85
|
+
newproperty(:members, :parent => Puppet::Property::List, :required_features => :manages_members) do
|
85
86
|
desc "The members of the group. For platforms or directory services where group
|
86
87
|
membership is stored in the group objects, not the users. This parameter's
|
87
88
|
behavior can be configured with `auth_membership`."
|
88
89
|
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
90
|
+
validate do |value|
|
91
|
+
unless value.is_a?(String)
|
92
|
+
raise ArgumentError, _("The members property must be specified as either an array of strings, or as a single string consisting of a comma-separated list of members")
|
93
|
+
end
|
94
|
+
|
95
|
+
if value.is_a?(Integer) || value =~ /^\d+$/
|
96
|
+
raise ArgumentError, _("User names must be provided, not UID numbers.")
|
97
|
+
end
|
98
|
+
|
99
|
+
if value.empty?
|
100
|
+
raise ArgumentError, _("User names must not be empty. If you want to specify \"no users\" pass an empty array")
|
101
|
+
end
|
102
|
+
|
103
|
+
if provider.respond_to?(:member_valid?)
|
104
|
+
return provider.member_valid?(value)
|
105
|
+
end
|
93
106
|
end
|
94
107
|
|
95
|
-
def
|
96
|
-
|
97
|
-
|
108
|
+
def inclusive?
|
109
|
+
@resource[:auth_membership]
|
110
|
+
end
|
111
|
+
|
112
|
+
def change_to_s(currentvalue, newvalue)
|
113
|
+
newvalue = newvalue.split(",") if newvalue != :absent
|
114
|
+
|
115
|
+
if provider.respond_to?(:members_to_s)
|
116
|
+
# for Windows ADSI
|
117
|
+
# de-dupe the "newvalue" when the sync event message is generated,
|
118
|
+
# due to final retrieve called after the resource has been modified
|
119
|
+
newvalue = provider.members_to_s(newvalue).split(',').uniq
|
98
120
|
end
|
99
121
|
|
100
|
-
super(
|
122
|
+
super(currentvalue, newvalue)
|
101
123
|
end
|
102
124
|
|
103
|
-
|
125
|
+
# override Puppet::Property::List#retrieve
|
126
|
+
def retrieve
|
104
127
|
if provider.respond_to?(:members_to_s)
|
105
|
-
|
106
|
-
|
128
|
+
# Windows ADSI members returns SIDs, but retrieve needs names
|
129
|
+
# must return qualified names for SIDs for "is" value and puppet resource
|
130
|
+
return provider.members_to_s(provider.members).split(',')
|
131
|
+
end
|
107
132
|
|
108
|
-
|
133
|
+
super
|
134
|
+
end
|
135
|
+
|
136
|
+
# The members property should also accept a comma separated
|
137
|
+
# list of members (a String parameter) for backwards
|
138
|
+
# compatibility. Unfortunately, the List property would treat
|
139
|
+
# our comma separated list of members as a single-element Array.
|
140
|
+
# This override of should= ensures that a comma separated list of
|
141
|
+
# members is munged to an array of members, which is what we want.
|
142
|
+
# Note that we cannot use `munge` because that will pass in each
|
143
|
+
# array element instead of the entire array if the members property
|
144
|
+
# is specified as an array of members, which would cause each member
|
145
|
+
# to be munged into an array for that case. This is undesirable
|
146
|
+
# behavior.
|
147
|
+
def should=(values)
|
148
|
+
super(values)
|
149
|
+
|
150
|
+
if @should.length == 1 && @should.first.include?(delimiter)
|
151
|
+
@should = @should.first.split(delimiter)
|
109
152
|
end
|
110
153
|
|
111
|
-
|
154
|
+
@should
|
112
155
|
end
|
113
|
-
alias :should_to_s :is_to_s
|
114
156
|
|
115
|
-
|
116
|
-
if provider.respond_to?(:
|
117
|
-
return provider.
|
157
|
+
def insync?(current)
|
158
|
+
if provider.respond_to?(:members_insync?)
|
159
|
+
return provider.members_insync?(current, @should)
|
118
160
|
end
|
161
|
+
|
162
|
+
super(current)
|
119
163
|
end
|
120
164
|
end
|
121
165
|
|
@@ -141,7 +185,7 @@ module Puppet
|
|
141
185
|
end
|
142
186
|
|
143
187
|
newparam(:allowdupe, :boolean => true, :parent => Puppet::Parameter::Boolean) do
|
144
|
-
desc "Whether to allow duplicate GIDs.
|
188
|
+
desc "Whether to allow duplicate GIDs."
|
145
189
|
|
146
190
|
defaultto false
|
147
191
|
end
|
@@ -154,6 +198,8 @@ module Puppet
|
|
154
198
|
desc "Specify group AIX attributes, as an array of `'key=value'` strings. This
|
155
199
|
parameter's behavior can be configured with `attribute_membership`."
|
156
200
|
|
201
|
+
self.log_only_changed_or_new_keys = true
|
202
|
+
|
157
203
|
def membership
|
158
204
|
:attribute_membership
|
159
205
|
end
|
@@ -161,10 +207,6 @@ module Puppet
|
|
161
207
|
def delimiter
|
162
208
|
" "
|
163
209
|
end
|
164
|
-
|
165
|
-
validate do |value|
|
166
|
-
raise ArgumentError, _("Attributes value pairs must be separated by an =") unless value.include?("=")
|
167
|
-
end
|
168
210
|
end
|
169
211
|
|
170
212
|
newparam(:attribute_membership) do
|
data/lib/puppet/type/k5login.rb
CHANGED
@@ -29,7 +29,7 @@ Puppet::Type.newtype(:k5login) do
|
|
29
29
|
|
30
30
|
# To manage the mode of the file
|
31
31
|
newproperty(:mode) do
|
32
|
-
desc "The desired permissions mode of the `.k5login` file.
|
32
|
+
desc "The desired permissions mode of the `.k5login` file."
|
33
33
|
defaultto { "644" }
|
34
34
|
end
|
35
35
|
|
@@ -104,7 +104,7 @@ Puppet::Type.newtype(:k5login) do
|
|
104
104
|
super
|
105
105
|
end
|
106
106
|
|
107
|
-
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
|
107
|
+
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
|
108
108
|
|
109
109
|
provide(:k5login) do
|
110
110
|
desc "The k5login provider is the only provider for the k5login
|
data/lib/puppet/type/notify.rb
CHANGED
data/lib/puppet/type/package.rb
CHANGED
@@ -172,7 +172,7 @@ module Puppet
|
|
172
172
|
when is == @latest
|
173
173
|
return true
|
174
174
|
when is == :present
|
175
|
-
# This will only happen on
|
175
|
+
# This will only happen on packaging systems
|
176
176
|
# that can't query versions.
|
177
177
|
return true
|
178
178
|
else
|
@@ -411,8 +411,7 @@ module Puppet
|
|
411
411
|
|
412
412
|
newparam(:configfiles) do
|
413
413
|
desc "Whether to keep or replace modified config files when installing or
|
414
|
-
upgrading a package. This only affects the `apt` and `dpkg` providers.
|
415
|
-
Defaults to `keep`."
|
414
|
+
upgrading a package. This only affects the `apt` and `dpkg` providers."
|
416
415
|
|
417
416
|
defaultto :keep
|
418
417
|
|
@@ -547,9 +546,7 @@ module Puppet
|
|
547
546
|
|
548
547
|
If you use this, be careful of notifying classes when you want to restart
|
549
548
|
services. If the class also contains a refreshable package, doing so could
|
550
|
-
cause unnecessary re-installs.
|
551
|
-
|
552
|
-
Defaults to `false`."
|
549
|
+
cause unnecessary re-installs."
|
553
550
|
newvalues(:true, :false)
|
554
551
|
|
555
552
|
defaultto :false
|
@@ -87,6 +87,12 @@ Puppet::Type.newtype(:resources) do
|
|
87
87
|
end
|
88
88
|
end
|
89
89
|
|
90
|
+
WINDOWS_SYSTEM_SID_REGEXES =
|
91
|
+
# Administrator, Guest, Domain Admins, Schema Admins, Enterprise Admins.
|
92
|
+
# https://support.microsoft.com/en-us/help/243330/well-known-security-identifiers-in-windows-operating-systems
|
93
|
+
[/S-1-5-21.+-500/, /S-1-5-21.+-501/, /S-1-5-21.+-512/, /S-1-5-21.+-518/,
|
94
|
+
/S-1-5-21.+-519/]
|
95
|
+
|
90
96
|
def check(resource)
|
91
97
|
@checkmethod ||= "#{self[:name]}_check"
|
92
98
|
@hascheck ||= respond_to?(@checkmethod)
|
@@ -145,8 +151,12 @@ Puppet::Type.newtype(:resources) do
|
|
145
151
|
|
146
152
|
return false if system_users.include?(resource[:name])
|
147
153
|
return false if unless_uids && unless_uids.include?(current_uid)
|
148
|
-
|
149
|
-
|
154
|
+
if current_uid.is_a?(String)
|
155
|
+
# Windows user; is a system user if any regex matches.
|
156
|
+
WINDOWS_SYSTEM_SID_REGEXES.none? { |regex| current_uid =~ regex }
|
157
|
+
else
|
158
|
+
current_uid > self[:unless_system_user]
|
159
|
+
end
|
150
160
|
end
|
151
161
|
|
152
162
|
def system_users
|
data/lib/puppet/type/schedule.rb
CHANGED
@@ -46,6 +46,13 @@ module Puppet
|
|
46
46
|
}
|
47
47
|
|
48
48
|
This will cause resources to be applied every 30 minutes by default.
|
49
|
+
|
50
|
+
The `statettl` setting on the agent affects the ability of a schedule to
|
51
|
+
determine if a resource has already been checked. If the `statettl` is
|
52
|
+
set lower than the span of the associated schedule resource, then a
|
53
|
+
resource could be checked & applied multiple times in the schedule as
|
54
|
+
the information about when the resource was last checked will have
|
55
|
+
expired from the cache.
|
49
56
|
EOT
|
50
57
|
|
51
58
|
apply_to_all
|
@@ -312,7 +319,7 @@ module Puppet
|
|
312
319
|
|
313
320
|
newparam(:repeat) do
|
314
321
|
desc "How often a given resource may be applied in this schedule's `period`.
|
315
|
-
|
322
|
+
Must be an integer."
|
316
323
|
|
317
324
|
defaultto 1
|
318
325
|
|
@@ -15,8 +15,8 @@ module Puppet
|
|
15
15
|
end
|
16
16
|
|
17
17
|
newparam(:persistent) do
|
18
|
-
desc "If set true, SELinux booleans will be written to disk and persist across
|
19
|
-
|
18
|
+
desc "If set to true, SELinux booleans will be written to disk and persist across
|
19
|
+
reboots."
|
20
20
|
|
21
21
|
defaultto :false
|
22
22
|
newvalues(:true, :false)
|
@@ -23,10 +23,9 @@ Puppet::Type.newtype(:selmodule) do
|
|
23
23
|
newparam(:selmoduledir) do
|
24
24
|
|
25
25
|
desc "The directory to look for the compiled pp module file in.
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
`name` parameter."
|
26
|
+
If the `selmodulepath` attribute is not specified, Puppet expects to
|
27
|
+
find the module in `<selmoduledir>/<name>.pp`, where `name` is the
|
28
|
+
value of the `name` parameter."
|
30
29
|
|
31
30
|
defaultto "/usr/share/selinux/targeted"
|
32
31
|
end
|
data/lib/puppet/type/service.rb
CHANGED
@@ -135,8 +135,7 @@ module Puppet
|
|
135
135
|
|
136
136
|
newparam(:hasstatus) do
|
137
137
|
desc "Declare whether the service's init script has a functional status
|
138
|
-
command
|
139
|
-
Puppet 2.7.0.
|
138
|
+
command. This attribute's default value changed in Puppet 2.7.0.
|
140
139
|
|
141
140
|
The init script's status command must return 0 if the service is
|
142
141
|
running and a nonzero value otherwise. Ideally, these exit codes
|
@@ -230,9 +229,7 @@ module Puppet
|
|
230
229
|
newparam :hasrestart do
|
231
230
|
desc "Specify that an init script has a `restart` command. If this is
|
232
231
|
false and you do not specify a command in the `restart` attribute,
|
233
|
-
the init script's `stop` and `start` commands will be used.
|
234
|
-
|
235
|
-
Defaults to false."
|
232
|
+
the init script's `stop` and `start` commands will be used."
|
236
233
|
newvalues(:true, :false)
|
237
234
|
end
|
238
235
|
|
data/lib/puppet/type/tidy.rb
CHANGED