puppet 6.17.0-universal-darwin → 6.18.0-universal-darwin
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Gemfile.lock +6 -5
- data/lib/puppet/application/apply.rb +18 -20
- data/lib/puppet/application/lookup.rb +16 -4
- data/lib/puppet/configurer/downloader.rb +31 -10
- data/lib/puppet/confine.rb +1 -1
- data/lib/puppet/confine/any.rb +1 -1
- data/lib/puppet/defaults.rb +21 -3
- data/lib/puppet/feature/base.rb +1 -1
- data/lib/puppet/file_serving/mount/locales.rb +1 -2
- data/lib/puppet/file_serving/mount/pluginfacts.rb +1 -2
- data/lib/puppet/file_serving/mount/plugins.rb +1 -2
- data/lib/puppet/file_system/file_impl.rb +3 -3
- data/lib/puppet/functions/lstrip.rb +4 -4
- data/lib/puppet/functions/reverse_each.rb +1 -1
- data/lib/puppet/functions/rstrip.rb +4 -4
- data/lib/puppet/functions/step.rb +1 -1
- data/lib/puppet/functions/strip.rb +4 -4
- data/lib/puppet/gettext/config.rb +5 -5
- data/lib/puppet/gettext/module_translations.rb +4 -4
- data/lib/puppet/indirector/exec.rb +1 -1
- data/lib/puppet/indirector/facts/facter.rb +3 -3
- data/lib/puppet/indirector/file_metadata/http.rb +1 -0
- data/lib/puppet/indirector/hiera.rb +4 -0
- data/lib/puppet/indirector/indirection.rb +1 -1
- data/lib/puppet/indirector/report/processor.rb +2 -2
- data/lib/puppet/module.rb +1 -2
- data/lib/puppet/network/format_support.rb +2 -2
- data/lib/puppet/network/http/route.rb +2 -2
- data/lib/puppet/node/environment.rb +12 -5
- data/lib/puppet/pal/pal_impl.rb +27 -3
- data/lib/puppet/parameter.rb +1 -1
- data/lib/puppet/parser/functions.rb +21 -17
- data/lib/puppet/parser/functions/create_resources.rb +11 -7
- data/lib/puppet/parser/type_loader.rb +2 -2
- data/lib/puppet/pops/adaptable.rb +7 -13
- data/lib/puppet/pops/adapters.rb +8 -4
- data/lib/puppet/pops/loader/runtime3_type_loader.rb +4 -2
- data/lib/puppet/pops/loaders.rb +18 -11
- data/lib/puppet/pops/lookup/context.rb +1 -1
- data/lib/puppet/pops/lookup/hiera_config.rb +14 -1
- data/lib/puppet/pops/types/iterable.rb +34 -8
- data/lib/puppet/pops/validation/checker4_0.rb +19 -15
- data/lib/puppet/provider/file/windows.rb +1 -1
- data/lib/puppet/provider/package/apt.rb +34 -0
- data/lib/puppet/provider/package/gem.rb +4 -2
- data/lib/puppet/provider/package/puppet_gem.rb +5 -0
- data/lib/puppet/provider/package/zypper.rb +3 -0
- data/lib/puppet/provider/user/aix.rb +1 -1
- data/lib/puppet/provider/user/user_role_add.rb +1 -1
- data/lib/puppet/provider/user/windows_adsi.rb +18 -1
- data/lib/puppet/settings.rb +1 -1
- data/lib/puppet/ssl/validator/default_validator.rb +1 -1
- data/lib/puppet/test/test_helper.rb +10 -3
- data/lib/puppet/transaction.rb +2 -2
- data/lib/puppet/transaction/persistence.rb +1 -1
- data/lib/puppet/transaction/report.rb +1 -1
- data/lib/puppet/trusted_external.rb +2 -2
- data/lib/puppet/type.rb +4 -3
- data/lib/puppet/type/file.rb +2 -2
- data/lib/puppet/type/file/source.rb +27 -7
- data/lib/puppet/type/notify.rb +2 -2
- data/lib/puppet/type/service.rb +4 -0
- data/lib/puppet/type/user.rb +18 -3
- data/lib/puppet/util.rb +26 -12
- data/lib/puppet/util/autoload.rb +9 -7
- data/lib/puppet/util/character_encoding.rb +9 -5
- data/lib/puppet/util/execution.rb +2 -2
- data/lib/puppet/util/windows.rb +1 -0
- data/lib/puppet/util/windows/api_types.rb +15 -1
- data/lib/puppet/util/windows/monkey_patches/dir.rb +40 -0
- data/lib/puppet/util/windows/security.rb +4 -4
- data/lib/puppet/util/windows/user.rb +219 -0
- data/lib/puppet/version.rb +1 -1
- data/locales/puppet.pot +78 -69
- data/man/man5/puppet.conf.5 +22 -3
- data/man/man8/puppet-agent.8 +1 -1
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +1 -1
- data/man/man8/puppet-filebucket.8 +1 -1
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-key.8 +1 -1
- data/man/man8/puppet-lookup.8 +2 -2
- data/man/man8/puppet-man.8 +1 -1
- data/man/man8/puppet-module.8 +1 -1
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +1 -1
- data/man/man8/puppet-status.8 +1 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/integration/application/apply/environments/spec/modules/amod/lib/puppet/provider/applytest/applytest.rb +2 -0
- data/spec/fixtures/integration/application/apply/environments/spec/modules/amod/lib/puppet/type/applytest.rb +25 -0
- data/spec/fixtures/unit/forge/bacula-releases.json +128 -0
- data/spec/fixtures/unit/forge/bacula.tar.gz +0 -0
- data/spec/integration/application/agent_spec.rb +29 -37
- data/spec/integration/application/apply_spec.rb +149 -149
- data/spec/integration/application/config_spec.rb +74 -0
- data/spec/integration/application/doc_spec.rb +16 -6
- data/spec/integration/application/filebucket_spec.rb +65 -16
- data/spec/integration/application/help_spec.rb +42 -0
- data/spec/integration/application/lookup_spec.rb +13 -0
- data/spec/integration/application/module_spec.rb +68 -0
- data/spec/integration/application/plugin_spec.rb +50 -0
- data/spec/integration/data_binding_spec.rb +82 -0
- data/spec/integration/directory_environments_spec.rb +17 -17
- data/spec/integration/indirector/facts/facter_spec.rb +8 -6
- data/spec/integration/node/environment_spec.rb +1 -1
- data/spec/integration/util/execution_spec.rb +22 -0
- data/spec/integration/util/windows/monkey_patches/dir_spec.rb +11 -0
- data/spec/integration/util/windows/process_spec.rb +26 -32
- data/spec/integration/util/windows/user_spec.rb +7 -0
- data/spec/integration/util_spec.rb +7 -33
- data/spec/lib/puppet_spec/matchers.rb +0 -80
- data/spec/lib/puppet_spec/puppetserver.rb +8 -0
- data/spec/unit/application/agent_spec.rb +3 -4
- data/spec/unit/application/face_base_spec.rb +6 -4
- data/spec/unit/application/facts_spec.rb +39 -10
- data/spec/unit/application/man_spec.rb +52 -0
- data/spec/unit/application/resource_spec.rb +3 -1
- data/spec/unit/application/ssl_spec.rb +15 -2
- data/spec/unit/configurer/downloader_spec.rb +10 -0
- data/spec/unit/configurer_spec.rb +47 -31
- data/spec/unit/confine_spec.rb +2 -1
- data/spec/unit/face/config_spec.rb +3 -1
- data/spec/unit/file_serving/mount/locales_spec.rb +2 -2
- data/spec/unit/file_serving/mount/pluginfacts_spec.rb +2 -2
- data/spec/unit/file_serving/mount/plugins_spec.rb +2 -2
- data/spec/unit/file_system/uniquefile_spec.rb +18 -0
- data/spec/unit/http/client_spec.rb +0 -1
- data/spec/unit/http/resolver_spec.rb +0 -1
- data/spec/unit/http/service/ca_spec.rb +0 -1
- data/spec/unit/http/service/compiler_spec.rb +0 -1
- data/spec/unit/http/service/file_server_spec.rb +0 -1
- data/spec/unit/http/service/report_spec.rb +0 -1
- data/spec/unit/http/service_spec.rb +0 -1
- data/spec/unit/http/session_spec.rb +0 -1
- data/spec/unit/module_tool/tar/mini_spec.rb +20 -0
- data/spec/unit/network/format_support_spec.rb +3 -2
- data/spec/unit/node/environment_spec.rb +18 -1
- data/spec/unit/pops/loaders/loaders_spec.rb +70 -0
- data/spec/unit/pops/lookup/lookup_spec.rb +25 -0
- data/spec/unit/provider/package/apt_spec.rb +77 -0
- data/spec/unit/provider/package/aptitude_spec.rb +1 -0
- data/spec/unit/provider/package/puppet_gem_spec.rb +4 -1
- data/spec/unit/provider/package/zypper_spec.rb +14 -0
- data/spec/unit/provider/service/init_spec.rb +41 -0
- data/spec/unit/provider/service/systemd_spec.rb +1 -6
- data/spec/unit/provider/service/windows_spec.rb +28 -0
- data/spec/unit/provider/user/windows_adsi_spec.rb +82 -0
- data/spec/unit/puppet_pal_2pec.rb +40 -0
- data/spec/unit/reports/store_spec.rb +17 -13
- data/spec/unit/transaction/persistence_spec.rb +15 -0
- data/spec/unit/type/service_spec.rb +35 -2
- data/spec/unit/type/user_spec.rb +31 -2
- data/spec/unit/util/character_encoding_spec.rb +4 -4
- data/spec/unit/util/command_line_spec.rb +11 -6
- metadata +21 -44
- data/spec/integration/faces/config_spec.rb +0 -91
- data/spec/integration/faces/documentation_spec.rb +0 -57
- data/spec/integration/file_bucket/file_spec.rb +0 -50
- data/spec/integration/file_serving/content_spec.rb +0 -7
- data/spec/integration/file_serving/fileset_spec.rb +0 -12
- data/spec/integration/file_serving/metadata_spec.rb +0 -8
- data/spec/integration/file_serving/terminus_helper_spec.rb +0 -20
- data/spec/integration/file_system/uniquefile_spec.rb +0 -26
- data/spec/integration/module_tool/forge_spec.rb +0 -51
- data/spec/integration/module_tool/tar/mini_spec.rb +0 -28
- data/spec/integration/provider/service/init_spec.rb +0 -48
- data/spec/integration/provider/service/systemd_spec.rb +0 -25
- data/spec/integration/provider/service/windows_spec.rb +0 -50
- data/spec/integration/reference/providers_spec.rb +0 -21
- data/spec/integration/reports_spec.rb +0 -13
- data/spec/integration/ssl/certificate_request_spec.rb +0 -44
- data/spec/integration/ssl/host_spec.rb +0 -72
- data/spec/integration/ssl/key_spec.rb +0 -99
- data/spec/shared_behaviours/file_serving_model.rb +0 -51
- data/spec/unit/face/man_spec.rb +0 -25
- data/spec/unit/man_spec.rb +0 -31
@@ -104,7 +104,7 @@ class Puppet::SSL::Validator::DefaultValidator #< class Puppet::SSL::Validator
|
|
104
104
|
crl = store_context.current_crl
|
105
105
|
if crl
|
106
106
|
if crl.last_update && crl.last_update < Time.now + FIVE_MINUTES_AS_SECONDS
|
107
|
-
Puppet.debug
|
107
|
+
Puppet.debug { "Ignoring CRL not yet valid, current time #{Time.now.utc}, CRL last updated #{crl.last_update.utc}" }
|
108
108
|
preverify_ok = true
|
109
109
|
else
|
110
110
|
@verify_errors << "#{error_string} for #{crl.issuer.to_utf8}"
|
@@ -120,8 +120,11 @@ module Puppet::Test
|
|
120
120
|
indirections = Puppet::Indirector::Indirection.send(:class_variable_get, :@@indirections)
|
121
121
|
indirections.each do |indirector|
|
122
122
|
$saved_indirection_state[indirector.name] = {
|
123
|
-
|
124
|
-
|
123
|
+
:@terminus_class => indirector.instance_variable_get(:@terminus_class).value,
|
124
|
+
:@cache_class => indirector.instance_variable_get(:@cache_class).value,
|
125
|
+
# dup the termini hash so termini created and registered during
|
126
|
+
# the test aren't stored in our saved_indirection_state
|
127
|
+
:@termini => indirector.instance_variable_get(:@termini).dup
|
125
128
|
}
|
126
129
|
end
|
127
130
|
|
@@ -176,7 +179,11 @@ module Puppet::Test
|
|
176
179
|
indirections = Puppet::Indirector::Indirection.send(:class_variable_get, :@@indirections)
|
177
180
|
indirections.each do |indirector|
|
178
181
|
$saved_indirection_state.fetch(indirector.name, {}).each do |variable, value|
|
179
|
-
|
182
|
+
if variable == :@termini
|
183
|
+
indirector.instance_variable_set(variable, value)
|
184
|
+
else
|
185
|
+
indirector.instance_variable_get(variable).value = value
|
186
|
+
end
|
180
187
|
end
|
181
188
|
end
|
182
189
|
$saved_indirection_state = nil
|
data/lib/puppet/transaction.rb
CHANGED
@@ -202,7 +202,7 @@ class Puppet::Transaction
|
|
202
202
|
# mark the end of transaction evaluate.
|
203
203
|
report.transaction_completed = true
|
204
204
|
|
205
|
-
Puppet.debug "Finishing transaction #{object_id}"
|
205
|
+
Puppet.debug { "Finishing transaction #{object_id}" }
|
206
206
|
end
|
207
207
|
|
208
208
|
# Wraps application run state check to flag need to interrupt processing
|
@@ -373,7 +373,7 @@ class Puppet::Transaction
|
|
373
373
|
type_name = provider_class.resource_type.name
|
374
374
|
return if @prefetched_providers[type_name][provider_class.name] ||
|
375
375
|
@prefetch_failed_providers[type_name][provider_class.name]
|
376
|
-
Puppet.debug "Prefetching #{provider_class.name} resources for #{type_name}"
|
376
|
+
Puppet.debug { "Prefetching #{provider_class.name} resources for #{type_name}" }
|
377
377
|
begin
|
378
378
|
provider_class.prefetch(resources)
|
379
379
|
rescue LoadError, Puppet::MissingCommand => detail
|
@@ -62,7 +62,7 @@ class Puppet::Transaction::Persistence
|
|
62
62
|
result = nil
|
63
63
|
Puppet::Util.benchmark(:debug, _("Loaded transaction store file in %{seconds} seconds")) do
|
64
64
|
begin
|
65
|
-
result = Puppet::Util::Yaml.safe_load_file(filename, [Symbol])
|
65
|
+
result = Puppet::Util::Yaml.safe_load_file(filename, [Symbol, Time])
|
66
66
|
rescue Puppet::Util::Yaml::YamlLoadError => detail
|
67
67
|
Puppet.log_exception(detail, _("Transaction store file %{filename} is corrupt (%{detail}); replacing") % { filename: filename, detail: detail })
|
68
68
|
|
@@ -122,7 +122,7 @@ class Puppet::Transaction::Report
|
|
122
122
|
|
123
123
|
# @!attribute [r] corrective_change
|
124
124
|
# @return [Boolean] true if the report contains any events and resources that had
|
125
|
-
# corrective changes.
|
125
|
+
# corrective changes, including noop corrective changes.
|
126
126
|
attr_reader :corrective_change
|
127
127
|
|
128
128
|
# @return [Boolean] true if one or more resources attempted to generate
|
@@ -3,7 +3,7 @@ module Puppet::TrustedExternal
|
|
3
3
|
def retrieve(certname)
|
4
4
|
command = Puppet[:trusted_external_command]
|
5
5
|
return nil unless command
|
6
|
-
Puppet.debug _("Retrieving trusted external data from %{command}") % {command: command}
|
6
|
+
Puppet.debug { _("Retrieving trusted external data from %{command}") % {command: command} }
|
7
7
|
setting_type = Puppet.settings.setting(:trusted_external_command).type
|
8
8
|
if setting_type == :file
|
9
9
|
return fetch_data(command, certname)
|
@@ -17,7 +17,7 @@ module Puppet::TrustedExternal
|
|
17
17
|
abs_path = Puppet::FileSystem.expand_path(file)
|
18
18
|
executable_file = Puppet::FileSystem.file?(abs_path) && Puppet::FileSystem.executable?(abs_path)
|
19
19
|
unless executable_file
|
20
|
-
Puppet.debug _("Skipping non-executable file %{file}") % { file: abs_path }
|
20
|
+
Puppet.debug { _("Skipping non-executable file %{file}") % { file: abs_path } }
|
21
21
|
next
|
22
22
|
end
|
23
23
|
basename = file.basename(file.extname).to_s
|
data/lib/puppet/type.rb
CHANGED
@@ -1212,8 +1212,9 @@ class Type
|
|
1212
1212
|
title = instance.respond_to?(:title) ? instance.title : instance.name
|
1213
1213
|
other = provider_instances[title]
|
1214
1214
|
if other
|
1215
|
-
Puppet.debug
|
1216
|
-
[self.name.to_s.capitalize, title, other.class.name, instance.class.name, instance.class.name]
|
1215
|
+
Puppet.debug {
|
1216
|
+
"%s %s found in both %s and %s; skipping the %s version" % [self.name.to_s.capitalize, title, other.class.name, instance.class.name, instance.class.name]
|
1217
|
+
}
|
1217
1218
|
next
|
1218
1219
|
end
|
1219
1220
|
provider_instances[title] = instance
|
@@ -1895,7 +1896,7 @@ end
|
|
1895
1896
|
name = name.intern
|
1896
1897
|
|
1897
1898
|
if unprovide(name)
|
1898
|
-
Puppet.debug "Reloading #{name} #{self.name} provider"
|
1899
|
+
Puppet.debug { "Reloading #{name} #{self.name} provider" }
|
1899
1900
|
end
|
1900
1901
|
|
1901
1902
|
pname = options[:parent]
|
data/lib/puppet/type/file.rb
CHANGED
@@ -116,9 +116,9 @@ Puppet::Type.newtype(:file) do
|
|
116
116
|
that sufficient disk space is available for the file backups. Generally, you
|
117
117
|
can implement this using one of the following two options:
|
118
118
|
- Use a `find` command and `crontab` entry to retain only the last X days
|
119
|
-
of file backups. For example
|
119
|
+
of file backups. For example:
|
120
120
|
|
121
|
-
```
|
121
|
+
```
|
122
122
|
find /opt/puppetlabs/server/data/puppetserver/bucket -type f -mtime +45 -atime +45 -print0 | xargs -0 rm
|
123
123
|
```
|
124
124
|
|
@@ -23,7 +23,7 @@ module Puppet
|
|
23
23
|
* Fully qualified paths to locally available files (including files on NFS
|
24
24
|
shares or Windows mapped drives).
|
25
25
|
* `file:` URIs, which behave the same as local file paths.
|
26
|
-
* `http:` URIs, which point to files served by common web servers.
|
26
|
+
* `http(s):` URIs, which point to files served by common web servers.
|
27
27
|
|
28
28
|
The normal form of a `puppet:` URI is:
|
29
29
|
|
@@ -44,11 +44,26 @@ module Puppet
|
|
44
44
|
because HTTP servers do not transfer any metadata that translates to
|
45
45
|
ownership or permission details.
|
46
46
|
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
47
|
+
Puppet determines if file content is synchronized by computing a checksum
|
48
|
+
for the local file and comparing it against the `checksum_value`
|
49
|
+
parameter. If the `checksum_value` parameter is not specified for
|
50
|
+
`puppet` and `file` sources, Puppet computes a checksum based on its
|
51
|
+
`Puppet[:digest_algorithm]`. For `http(s)` sources, Puppet uses the
|
52
|
+
first HTTP header it recognizes out of the following list:
|
53
|
+
`X-Checksum-Sha256`, `X-Checksum-Sha1`, `X-Checksum-Md5` or `Content-MD5`.
|
54
|
+
If the server response does not include one of these headers, Puppet
|
55
|
+
defaults to using the `Last-Modified` header. Puppet updates the local
|
56
|
+
file if the header is newer than the modified time (mtime) of the local
|
57
|
+
file.
|
58
|
+
|
59
|
+
_HTTP_ URIs can include a user information component so that Puppet can
|
60
|
+
retrieve file metadata and content from HTTP servers that require HTTP Basic
|
61
|
+
authentication. For example `https://<user>:<pass>@<server>:<port>/path/to/file.`
|
62
|
+
|
63
|
+
When connecting to _HTTPS_ servers, Puppet trusts CA certificates in the
|
64
|
+
puppet-agent certificate bundle and the Puppet CA. You can configure Puppet
|
65
|
+
to trust additional CA certificates using the `Puppet[:ssl_trust_store]`
|
66
|
+
setting.
|
52
67
|
|
53
68
|
Multiple `source` values can be specified as an array, and Puppet will
|
54
69
|
use the first source that exists. This can be used to serve different
|
@@ -307,7 +322,12 @@ module Puppet
|
|
307
322
|
|
308
323
|
def chunk_file_from_source(&block)
|
309
324
|
if uri.scheme =~ /^https?/
|
310
|
-
|
325
|
+
# Historically puppet has not encoded the http(s) source URL before parsing
|
326
|
+
# it, for example, if the path contains spaces, then it must be URL encoded
|
327
|
+
# as %20 in the manifest. Puppet behaves the same when retrieving file
|
328
|
+
# metadata via http(s), see Puppet::Indirector::FileMetadata::Http#find.
|
329
|
+
url = URI.parse(metadata.source)
|
330
|
+
get_from_http_source(url, &block)
|
311
331
|
elsif metadata.content_uri
|
312
332
|
content_url = URI.parse(Puppet::Util.uri_encode(metadata.content_uri))
|
313
333
|
get_from_content_uri_source(content_url, &block)
|
data/lib/puppet/type/notify.rb
CHANGED
@@ -4,12 +4,12 @@
|
|
4
4
|
|
5
5
|
module Puppet
|
6
6
|
Type.newtype(:notify) do
|
7
|
-
@doc = "Sends an arbitrary message to the agent run-time log. It's important to note that the notify resource type is not idempotent. As a result, notifications are shown as a change on every Puppet run."
|
7
|
+
@doc = "Sends an arbitrary message, specified as a string, to the agent run-time log. It's important to note that the notify resource type is not idempotent. As a result, notifications are shown as a change on every Puppet run."
|
8
8
|
|
9
9
|
apply_to_all
|
10
10
|
|
11
11
|
newproperty(:message, :idempotent => false) do
|
12
|
-
desc "The message to be sent to the log."
|
12
|
+
desc "The message to be sent to the log. Note that the value specified must be a string."
|
13
13
|
def sync
|
14
14
|
message = @sensitive ? 'Sensitive [value redacted]' : self.should
|
15
15
|
case @resource["withpath"]
|
data/lib/puppet/type/service.rb
CHANGED
@@ -147,6 +147,10 @@ module Puppet
|
|
147
147
|
user_information = Puppet::Util::Windows::SID.name_to_principal(value)
|
148
148
|
raise Puppet::Error.new("\"#{value}\" is not a valid account") unless user_information && [:SidTypeUser, :SidTypeWellKnownGroup].include?(user_information.account_type)
|
149
149
|
|
150
|
+
user_rights = Puppet::Util::Windows::User::get_rights(user_information.domain_account) unless Puppet::Util::Windows::User::default_system_account?(value)
|
151
|
+
raise Puppet::Error.new("\"#{user_information.domain_account}\" has the 'Log On As A Service' right set to denied.") if user_rights =~ /SeDenyServiceLogonRight/
|
152
|
+
raise Puppet::Error.new("\"#{user_information.domain_account}\" is missing the 'Log On As A Service' right.") unless user_rights.nil? || user_rights =~ /SeServiceLogonRight/
|
153
|
+
|
150
154
|
if user_information.domain == Puppet::Util::Windows::ADSI.computer_name
|
151
155
|
".\\#{user_information.account}"
|
152
156
|
else
|
data/lib/puppet/type/user.rb
CHANGED
@@ -40,7 +40,10 @@ module Puppet
|
|
40
40
|
implement PBKDF2 passwords with salt properties."
|
41
41
|
|
42
42
|
feature :manages_solaris_rbac,
|
43
|
-
"The provider can manage
|
43
|
+
"The provider can manage normal users"
|
44
|
+
|
45
|
+
feature :manages_roles,
|
46
|
+
"The provider can manage roles"
|
44
47
|
|
45
48
|
feature :manages_expiry,
|
46
49
|
"The provider can manage the expiry date for a user."
|
@@ -97,6 +100,18 @@ module Puppet
|
|
97
100
|
return :absent
|
98
101
|
end
|
99
102
|
end
|
103
|
+
|
104
|
+
def sync
|
105
|
+
event = super
|
106
|
+
|
107
|
+
property = @resource.property(:roles)
|
108
|
+
if property
|
109
|
+
val = property.retrieve
|
110
|
+
property.sync unless property.safe_insync?(val)
|
111
|
+
end
|
112
|
+
|
113
|
+
event
|
114
|
+
end
|
100
115
|
end
|
101
116
|
|
102
117
|
newproperty(:home) do
|
@@ -493,7 +508,7 @@ module Puppet
|
|
493
508
|
provider.exists?
|
494
509
|
end
|
495
510
|
|
496
|
-
newproperty(:roles, :parent => Puppet::Property::List, :required_features => :
|
511
|
+
newproperty(:roles, :parent => Puppet::Property::List, :required_features => :manages_roles) do
|
497
512
|
desc "The roles the user has. Multiple roles should be
|
498
513
|
specified as an array."
|
499
514
|
|
@@ -520,7 +535,7 @@ module Puppet
|
|
520
535
|
end
|
521
536
|
|
522
537
|
reqs
|
523
|
-
end
|
538
|
+
end unless Puppet::Util::Platform.windows?
|
524
539
|
|
525
540
|
newparam(:role_membership) do
|
526
541
|
desc "Whether specified roles should be considered the **complete list**
|
data/lib/puppet/util.rb
CHANGED
@@ -26,20 +26,21 @@ module Util
|
|
26
26
|
|
27
27
|
extend Puppet::Util::SymbolicFileMode
|
28
28
|
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
29
|
+
def default_env
|
30
|
+
Puppet.features.microsoft_windows? ?
|
31
|
+
:windows :
|
32
|
+
:posix
|
33
|
+
end
|
34
|
+
module_function :default_env
|
34
35
|
|
35
36
|
# @param name [String] The name of the environment variable to retrieve
|
36
37
|
# @param mode [Symbol] Which operating system mode to use e.g. :posix or :windows. Use nil to autodetect
|
37
38
|
# @return [String] Value of the specified environment variable. nil if it does not exist
|
38
39
|
# @api private
|
39
|
-
def get_env(name, mode =
|
40
|
+
def get_env(name, mode = default_env)
|
40
41
|
if mode == :windows
|
41
|
-
Puppet::Util::Windows::Process.get_environment_strings.
|
42
|
-
if name.casecmp(key) == 0
|
42
|
+
Puppet::Util::Windows::Process.get_environment_strings.each do |key, value |
|
43
|
+
if name.casecmp(key) == 0 then
|
43
44
|
return value
|
44
45
|
end
|
45
46
|
end
|
@@ -53,7 +54,7 @@ module Util
|
|
53
54
|
# @param mode [Symbol] Which operating system mode to use e.g. :posix or :windows. Use nil to autodetect
|
54
55
|
# @return [Hash] A hashtable of all environment variables
|
55
56
|
# @api private
|
56
|
-
def get_environment(mode =
|
57
|
+
def get_environment(mode = default_env)
|
57
58
|
case mode
|
58
59
|
when :posix
|
59
60
|
ENV.to_hash
|
@@ -68,7 +69,7 @@ module Util
|
|
68
69
|
# Removes all environment variables
|
69
70
|
# @param mode [Symbol] Which operating system mode to use e.g. :posix or :windows. Use nil to autodetect
|
70
71
|
# @api private
|
71
|
-
def clear_environment(mode =
|
72
|
+
def clear_environment(mode = default_env)
|
72
73
|
case mode
|
73
74
|
when :posix
|
74
75
|
ENV.clear
|
@@ -86,7 +87,7 @@ module Util
|
|
86
87
|
# @param value [String] The value to set the variable to. nil deletes the environment variable
|
87
88
|
# @param mode [Symbol] Which operating system mode to use e.g. :posix or :windows. Use nil to autodetect
|
88
89
|
# @api private
|
89
|
-
def set_env(name, value = nil, mode =
|
90
|
+
def set_env(name, value = nil, mode = default_env)
|
90
91
|
case mode
|
91
92
|
when :posix
|
92
93
|
ENV[name] = value
|
@@ -101,7 +102,7 @@ module Util
|
|
101
102
|
# @param name [Hash] Environment variables to merge into the existing environment. nil values will remove the variable
|
102
103
|
# @param mode [Symbol] Which operating system mode to use e.g. :posix or :windows. Use nil to autodetect
|
103
104
|
# @api private
|
104
|
-
def merge_environment(env_hash, mode =
|
105
|
+
def merge_environment(env_hash, mode = default_env)
|
105
106
|
case mode
|
106
107
|
when :posix
|
107
108
|
env_hash.each { |name, val| ENV[name.to_s] = val }
|
@@ -758,6 +759,19 @@ module Util
|
|
758
759
|
Random.new(seed).rand(max)
|
759
760
|
end
|
760
761
|
module_function :deterministic_rand_int
|
762
|
+
|
763
|
+
# Executes a block of code, wrapped around Facter.load_external(false) and
|
764
|
+
# Facter.load_external(true) which will cause Facter to not evaluate external facts.
|
765
|
+
def skip_external_facts
|
766
|
+
return yield unless Facter.respond_to? :load_external
|
767
|
+
begin
|
768
|
+
Facter.load_external(false)
|
769
|
+
yield
|
770
|
+
ensure
|
771
|
+
Facter.load_external(true)
|
772
|
+
end
|
773
|
+
end
|
774
|
+
module_function :skip_external_facts
|
761
775
|
end
|
762
776
|
end
|
763
777
|
|
data/lib/puppet/util/autoload.rb
CHANGED
@@ -10,6 +10,14 @@ require 'puppet/concurrent/synchronized'
|
|
10
10
|
# @api private
|
11
11
|
class Puppet::Util::ModuleDirectoriesAdapter < Puppet::Pops::Adaptable::Adapter
|
12
12
|
attr_accessor :directories
|
13
|
+
|
14
|
+
def self.create_adapter(env)
|
15
|
+
adapter = super(env)
|
16
|
+
adapter.directories = env.modulepath.flat_map do |dir|
|
17
|
+
Dir.glob(File.join(dir, '*', 'lib'))
|
18
|
+
end
|
19
|
+
adapter
|
20
|
+
end
|
13
21
|
end
|
14
22
|
|
15
23
|
# Autoload paths, either based on names or all at once.
|
@@ -119,13 +127,7 @@ class Puppet::Util::Autoload
|
|
119
127
|
def module_directories(env)
|
120
128
|
raise ArgumentError, "Autoloader requires an environment" unless env
|
121
129
|
|
122
|
-
Puppet::Util::ModuleDirectoriesAdapter.adapt(env)
|
123
|
-
a.directories ||= env.modulepath.collect do |dir|
|
124
|
-
Dir.entries(dir).reject { |f| f =~ /^\./ }.collect { |f| File.join(dir, f, "lib") }
|
125
|
-
end.flatten.find_all do |d|
|
126
|
-
FileTest.directory?(d)
|
127
|
-
end
|
128
|
-
end.directories
|
130
|
+
Puppet::Util::ModuleDirectoriesAdapter.adapt(env).directories
|
129
131
|
end
|
130
132
|
|
131
133
|
# @api private
|
@@ -19,8 +19,9 @@ module Puppet::Util::CharacterEncoding
|
|
19
19
|
begin
|
20
20
|
if original_encoding == Encoding::UTF_8
|
21
21
|
if !string_copy.valid_encoding?
|
22
|
-
Puppet.debug
|
23
|
-
{ value: string.dump }
|
22
|
+
Puppet.debug {
|
23
|
+
_("%{value} is already labeled as UTF-8 but this encoding is invalid. It cannot be transcoded by Puppet.") % { value: string.dump }
|
24
|
+
}
|
24
25
|
end
|
25
26
|
# String is already valid UTF-8 - noop
|
26
27
|
return string_copy
|
@@ -40,8 +41,9 @@ module Puppet::Util::CharacterEncoding
|
|
40
41
|
# Catch both our own self-determined failure to transcode as well as any
|
41
42
|
# error on ruby's part, ie Encoding::UndefinedConversionError on a
|
42
43
|
# failure to encode!.
|
43
|
-
Puppet.debug
|
44
|
-
{ error: detail.inspect, value: string.dump }
|
44
|
+
Puppet.debug {
|
45
|
+
_("%{error}: %{value} cannot be transcoded by Puppet.") % { error: detail.inspect, value: string.dump }
|
46
|
+
}
|
45
47
|
return string_copy
|
46
48
|
end
|
47
49
|
end
|
@@ -67,7 +69,9 @@ module Puppet::Util::CharacterEncoding
|
|
67
69
|
if string_copy.force_encoding(Encoding::UTF_8).valid_encoding?
|
68
70
|
return string_copy
|
69
71
|
else
|
70
|
-
Puppet.debug
|
72
|
+
Puppet.debug {
|
73
|
+
_("%{value} is not valid UTF-8 and result of overriding encoding would be invalid.") % { value: string.dump }
|
74
|
+
}
|
71
75
|
# Set copy back to its original encoding before returning
|
72
76
|
return string_copy.force_encoding(original_encoding)
|
73
77
|
end
|
@@ -68,7 +68,7 @@ module Puppet::Util::Execution
|
|
68
68
|
if respond_to? :debug
|
69
69
|
debug "Executing '#{command_str}'"
|
70
70
|
else
|
71
|
-
Puppet.debug "Executing '#{command_str}'"
|
71
|
+
Puppet.debug { "Executing '#{command_str}'" }
|
72
72
|
end
|
73
73
|
|
74
74
|
# force the run of the command with
|
@@ -186,7 +186,7 @@ module Puppet::Util::Execution
|
|
186
186
|
if respond_to? :debug
|
187
187
|
debug "Executing#{user_log_s}: '#{command_str}'"
|
188
188
|
else
|
189
|
-
Puppet.debug "Executing#{user_log_s}: '#{command_str}'"
|
189
|
+
Puppet.debug { "Executing#{user_log_s}: '#{command_str}'" }
|
190
190
|
end
|
191
191
|
|
192
192
|
null_file = Puppet::Util::Platform.windows? ? 'NUL' : '/dev/null'
|
data/lib/puppet/util/windows.rb
CHANGED
@@ -60,7 +60,7 @@ module Puppet::Util::Windows::APITypes
|
|
60
60
|
|
61
61
|
str.encode(dst_encoding, str.encoding, encode_options)
|
62
62
|
rescue EncodingError => e
|
63
|
-
Puppet.debug "Unable to convert value #{str.nil? ? 'nil' : str.dump} to encoding #{dst_encoding} due to #{e.inspect}"
|
63
|
+
Puppet.debug { "Unable to convert value #{str.nil? ? 'nil' : str.dump} to encoding #{dst_encoding} due to #{e.inspect}" }
|
64
64
|
raise
|
65
65
|
end
|
66
66
|
|
@@ -196,6 +196,20 @@ module Puppet::Util::Windows::APITypes
|
|
196
196
|
FFI.typedef :uchar, :byte
|
197
197
|
FFI.typedef :uint16, :wchar
|
198
198
|
|
199
|
+
# Definitions for data types used in LSA structures and functions
|
200
|
+
# https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/
|
201
|
+
# https://docs.microsoft.com/sr-latn-rs/windows/win32/secmgmt/management-data-types
|
202
|
+
FFI.typedef :pointer, :pwstr
|
203
|
+
FFI.typedef :pointer, :pulong
|
204
|
+
FFI.typedef :pointer, :lsa_handle
|
205
|
+
FFI.typedef :pointer, :plsa_handle
|
206
|
+
FFI.typedef :pointer, :psid
|
207
|
+
FFI.typedef :pointer, :pvoid
|
208
|
+
FFI.typedef :pointer, :plsa_unicode_string
|
209
|
+
FFI.typedef :pointer, :plsa_object_attributes
|
210
|
+
FFI.typedef :uint32, :ntstatus
|
211
|
+
FFI.typedef :dword, :access_mask
|
212
|
+
|
199
213
|
module ::FFI::WIN32
|
200
214
|
extend ::FFI::Library
|
201
215
|
|