puppet 6.19.1-x64-mingw32 → 6.23.0-x64-mingw32

data/lib/puppet/provider/user/useradd.rb

@@ -59,23 +59,37 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
      get(:uid)
   end
 
+  def gid
+     return localgid if @resource.forcelocal?
+     get(:gid)
+  end
+
   def comment
      return localcomment if @resource.forcelocal?
      get(:comment)
   end
 
+  def groups
+     return localgroups if @resource.forcelocal?
+     super
+  end
+
   def finduser(key, value)
-    passwd_file = "/etc/passwd"
+    passwd_file = '/etc/passwd'
     passwd_keys = [:account, :password, :uid, :gid, :gecos, :directory, :shell]
-    index = passwd_keys.index(key)
-    @passwd_content ||= File.read(passwd_file)
-    @passwd_content.each_line do |line|
-      user = line.split(":")
-      if user[index] == value
-        return Hash[passwd_keys.zip(user)]
+
+    unless @users
+      unless Puppet::FileSystem.exist?(passwd_file)
+        raise Puppet::Error.new("Forcelocal set for user resource '#{resource[:name]}', but #{passwd_file} does not exist")
+      end
+
+      @users = []
+      Puppet::FileSystem.each_line(passwd_file) do |line|
+        user = line.chomp.split(':')
+        @users << Hash[passwd_keys.zip(user)]
       end
     end
-    false
+    @users.find { |param| param[key] == value } || false
   end
 
   def local_username
@@ -88,16 +102,56 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
     false
   end
 
+  def localgid
+    user = finduser(:account, resource[:name])
+    if user
+      begin
+        return Integer(user[:gid])
+      rescue ArgumentError
+        Puppet.debug("Non-numeric GID found in /etc/passwd for user #{resource[:name]}")
+        return user[:gid]
+      end
+    end
+    false
+  end
+
   def localcomment
     user = finduser(:account, resource[:name])
     user[:gecos]
   end
 
+  def localgroups
+    @groups_of ||= {}
+    group_file = '/etc/group'
+    user = resource[:name]
+
+    return @groups_of[user] if @groups_of[user]
+
+    @groups_of[user] = []
+
+    unless Puppet::FileSystem.exist?(group_file)
+      raise Puppet::Error.new("Forcelocal set for user resource '#{user}', but #{group_file} does not exist")
+    end
+
+    Puppet::FileSystem.each_line(group_file) do |line|
+      data = line.chomp.split(':')
+      if !data.empty? && data.last.split(',').include?(user)
+        @groups_of[user] << data.first
+      end
+    end
+
+    @groups_of[user]
+  end
+
   def shell=(value)
     check_valid_shell
     set(:shell, value)
   end
 
+  def groups=(value)
+    set(:groups, value)
+  end
+
   verify :gid, "GID must be an integer" do |value|
     value.is_a? Integer
   end

data/lib/puppet/reference/configuration.rb

@@ -41,7 +41,7 @@ config = Puppet::Util::Reference.newreference(:configuration, :depth => 1, :doc
     # Leave out the section information; it was apparently confusing people.
     #str << "- **Section**: #{object.section}\n"
     unless val == ""
-      str << "- *Default*: #{val}\n"
+      str << "- *Default*: `#{val}`\n"
     end
     str << "\n"
   end
@@ -55,11 +55,12 @@ config.header = <<EOT
 * Each of these settings can be specified in `puppet.conf` or on the
   command line.
 * Puppet Enterprise (PE) and open source Puppet share the configuration settings
-  that are documented here. However, PE defaults for some settings differ from
-  the open source Puppet defaults. Some examples of settings that have different
-  PE defaults include `disable18n`, `environment_timeout`, `always_retry_plugins`,
-  and the Puppet Server JRuby `max-active-instances` setting. To verify PE
-  configuration defaults, check the `puppet.conf` file after installation.
+  documented here. However, PE defaults differ from open source defaults for some 
+  settings, such as `node_terminus`, `storeconfigs`, `always_retry_plugins`, 
+  `disable18n`, `environment_timeout` (when Code Manager is enabled), and the 
+  Puppet Server JRuby `max-active-instances` setting. To verify PE configuration 
+  defaults, check the `puppet.conf` or `pe-puppet-server.conf` file after 
+  installation.
 * When using boolean settings on the command line, use `--setting` and
   `--no-setting` instead of `--setting (true|false)`. (Using `--setting false`
   results in "Error: Could not parse application options: needless argument".)

data/lib/puppet/settings.rb

@@ -32,6 +32,7 @@ class Puppet::Settings
   require 'puppet/settings/server_list_setting'
   require 'puppet/settings/http_extra_headers_setting'
   require 'puppet/settings/certificate_revocation_setting'
+  require 'puppet/settings/alias_setting'
 
   # local reference for convenience
   PuppetOptionParser = Puppet::Util::CommandLine::PuppetOptionParser
@@ -385,19 +386,6 @@ class Puppet::Settings
     call_hooks_deferred_to_application_initialization
     issue_deprecations
 
-    run_mode = Puppet::Util::RunMode[self.preferred_run_mode]
-    if run_mode.agent? || run_mode.server?
-      if self.set_in_section?(:masterport, run_mode.name) && !self.set_in_section?(:serverport, run_mode.name)
-        self[:serverport] = self[:masterport]
-      elsif self.set_by_config?(:masterport) && !self.set_by_config?(:serverport)
-        self[:serverport] = self[:masterport]
-      elsif self.set_in_section?(:serverport, run_mode.name) && !self.set_in_section?(:masterport, run_mode.name)
-        self[:masterport] = self[:serverport]
-      elsif self.set_by_config?(:serverport) && !self.set_by_config?(:masterport)
-        self[:masterport] = self[:serverport]
-      end
-    end
-
     REQUIRED_APP_SETTINGS.each do |key|
       create_ancestors(Puppet[key])
     end
@@ -742,7 +730,8 @@ class Puppet::Settings
       :autosign   => AutosignSetting,
       :server_list => ServerListSetting,
       :http_extra_headers => HttpExtraHeadersSetting,
-      :certificate_revocation => CertificateRevocationSetting
+      :certificate_revocation => CertificateRevocationSetting,
+      :alias => AliasSetting
   }
 
   # Create a new setting.  The value is passed in because it's used to determine
@@ -1273,27 +1262,37 @@ Generated on #{Time.now}.
   end
 
   def add_environment_resources(catalog, sections)
-    path = self[:environmentpath]
-    envdir = path.split(File::PATH_SEPARATOR).first if path
     configured_environment = self[:environment]
-    if configured_environment == "production" && envdir && Puppet::FileSystem.exist?(envdir)
-      configured_environment_path = File.join(envdir, configured_environment)
-      # If configured_environment_path is a symlink, assume the source path is being managed
-      # elsewhere, so don't do any of this configuration
-      if !Puppet::FileSystem.symlink?(configured_environment_path)
+
+    if configured_environment == "production" && !production_environment_exists?
+      environment_path = self[:environmentpath]
+      first_environment_path = environment_path.split(File::PATH_SEPARATOR).first
+
+      if Puppet::FileSystem.exist?(first_environment_path)
+        production_environment_path = File.join(first_environment_path, configured_environment)
         parameters = { :ensure => 'directory' }
-        unless Puppet::FileSystem.exist?(configured_environment_path)
-          parameters[:mode] = '0750'
-          if Puppet.features.root?
-            parameters[:owner] = Puppet[:user] if service_user_available?
-            parameters[:group] = Puppet[:group] if service_group_available?
-          end
+        parameters[:mode] = '0750'
+        if Puppet.features.root?
+          parameters[:owner] = Puppet[:user] if service_user_available?
+          parameters[:group] = Puppet[:group] if service_group_available?
         end
-        catalog.add_resource(Puppet::Resource.new(:file, configured_environment_path, :parameters => parameters))
+        catalog.add_resource(Puppet::Resource.new(:file, production_environment_path, :parameters => parameters))
       end
     end
   end
 
+  def production_environment_exists?
+    environment_path = self[:environmentpath]
+    paths = environment_path.split(File::PATH_SEPARATOR)
+
+    paths.any? do |path|
+      # If expected_path is a symlink, assume the source path is being managed
+      # elsewhere, so accept it also as a valid production environment path
+      expected_path = File.join(path, 'production')
+      Puppet::FileSystem.directory?(expected_path) || Puppet::FileSystem.symlink?(expected_path)
+    end
+  end
+
   def add_user_resources(catalog, sections)
     return unless Puppet.features.root?
     return if Puppet::Util::Platform.windows?
@@ -1394,6 +1393,12 @@ Generated on #{Time.now}.
         end
       end
 
+      setting  = @defaults[name]
+      if setting.respond_to?(:alias_name)
+        val  = lookup(setting.alias_name)
+        return val if val
+      end
+
       @defaults[name].default
     end
 

data/lib/puppet/settings/alias_setting.rb

@@ -0,0 +1,37 @@
+class Puppet::Settings::AliasSetting
+  attr_reader :name, :alias_name
+
+  def initialize(args = {})
+    @name = args[:name]
+    @alias_name = args[:alias_for]
+    @alias_for = Puppet.settings.setting(alias_name)
+  end
+
+  def optparse_args
+    args = @alias_for.optparse_args
+    args[0].gsub!(alias_name.to_s, name.to_s)
+    args
+  end
+
+  def getopt_args
+    args = @alias_for.getopt_args
+    args[0].gsub!(alias_name.to_s, name.to_s)
+    args
+  end
+
+  def type
+    :alias
+  end
+
+  def method_missing(method, *args)
+    begin
+      alias_for.send(method, *args)
+    rescue => e
+      Puppet.log_exception(self.class, e.message)
+    end
+  end
+
+  private
+
+  attr_reader :alias_for
+end

data/lib/puppet/settings/base_setting.rb

@@ -1,3 +1,4 @@
+require 'set'
 require 'puppet/settings/errors'
 
 # The base setting type
@@ -5,27 +6,50 @@ class Puppet::Settings::BaseSetting
   attr_accessor :name, :desc, :section, :default, :call_hook
   attr_reader :short, :deprecated
 
+  # Hooks are called during different parts of the settings lifecycle:
+  #
+  # * :on_write_only - This is the default hook type. The hook will be called
+  #   if its value is set in `main` or programmatically. If its value is set in
+  #   a section that doesn't match the application's run mode, it will be
+  #   ignored entirely. If the section does match the run mode, the value will
+  #   be used, but the hook will not be called!
+  #
+  # * :on_define_and_write - The hook behaves the same as above, except it is
+  #   also called immediately when the setting is defined in
+  #   {Puppet::Settings.define_settings}. In that case, the hook receives the
+  #   default value as specified.
+  #
+  # * :on_initialize_and_write - The hook will be called if the value is set in
+  #   `main`, the section that matches the run mode, or programmatically.
+  #
+  HOOK_TYPES = Set.new([:on_define_and_write, :on_initialize_and_write, :on_write_only]).freeze
+
   def self.available_call_hook_values
-    [:on_define_and_write, :on_initialize_and_write, :on_write_only]
+    HOOK_TYPES.to_a
   end
 
+  # Registers a hook to be called later based on the type of hook specified in `value`.
+  #
+  # @param value [Symbol] One of {HOOK_TYPES}
   def call_hook=(value)
     if value.nil?
       #TRANSLATORS ':%{name}', ':call_hook', and ':on_write_only' should not be translated
       Puppet.warning _("Setting :%{name} :call_hook is nil, defaulting to :on_write_only") % { name: name }
       value = :on_write_only
     end
-    unless self.class.available_call_hook_values.include?(value)
+    unless HOOK_TYPES.include?(value)
       #TRANSLATORS 'call_hook' is a Puppet option name and should not be translated
       raise ArgumentError, _("Invalid option %{value} for call_hook") % { value: value }
     end
     @call_hook = value
   end
 
+  # @see {HOOK_TYPES}
   def call_hook_on_define?
     call_hook == :on_define_and_write
   end
 
+  # @see {HOOK_TYPES}
   def call_hook_on_initialize?
     call_hook == :on_initialize_and_write
   end

data/lib/puppet/settings/environment_conf.rb

@@ -29,6 +29,7 @@ class Puppet::Settings::EnvironmentConf
       section = config.sections[:main]
     rescue Errno::ENOENT
       # environment.conf is an optional file
+      Puppet.debug { "Path to #{path_to_env} does not exist, using default environment.conf" }
     end
 
     new(path_to_env, section, global_module_path)

data/lib/puppet/transaction/additional_resource_generator.rb

@@ -137,7 +137,7 @@ class Puppet::Transaction::AdditionalResourceGenerator
       else
         @catalog.add_resource_after(parent_resource, res)
       end
-      @catalog.add_edge(@catalog.container_of(parent_resource), res)
+      @catalog.add_edge(@catalog.container_of(parent_resource), res) if @catalog.container_of(parent_resource)
       if @relationship_graph && priority
         # If we have a relationship_graph we should add the resource
         # to it (this is an eval_generate). If we don't, then the

data/lib/puppet/type/file.rb

@@ -220,6 +220,23 @@ Puppet::Type.newtype(:file) do
     end
   end
 
+  newparam(:max_files) do
+    desc "In case the resource is a directory and the recursion is enabled, puppet will
+      generate a new resource for each file file found, possible leading to
+      an excessive number of resources generated without any control.
+
+      Setting `max_files` will check the number of file resources that
+      will eventually be created and will raise a resource argument error if the
+      limit will be exceeded.
+
+      Use value `0` to log a warning instead of raising an error.
+
+      Use value `-1` to disable errors and warnings due to max files."
+
+    defaultto 0
+    newvalues(/^[0-9]+$/, /^-1$/)
+  end
+
   newparam(:replace, :boolean => true, :parent => Puppet::Parameter::Boolean) do
     desc "Whether to replace a file or symlink that already exists on the local system but
       whose content doesn't match what the `source` or `content` attribute
@@ -576,7 +593,7 @@ Puppet::Type.newtype(:file) do
     options = @original_parameters.merge(:path => full_path).reject { |param, value| value.nil? }
 
     # These should never be passed to our children.
-    [:parent, :ensure, :recurse, :recurselimit, :target, :alias, :source].each do |param|
+    [:parent, :ensure, :recurse, :recurselimit, :max_files, :target, :alias, :source].each do |param|
       options.delete(param) if options.include?(param)
     end
 
@@ -753,6 +770,7 @@ Puppet::Type.newtype(:file) do
       :links => self[:links],
       :recurse => (self[:recurse] == :remote ? true : self[:recurse]),
       :recurselimit => self[:recurselimit],
+      :max_files => self[:max_files],
       :source_permissions => self[:source_permissions],
       :ignore => self[:ignore],
       :checksum_type => (self[:source] || self[:content]) ? self[:checksum] : :none,

data/lib/puppet/type/file/selcontext.rb

@@ -42,7 +42,7 @@ module Puppet
         return nil
       end
 
-      context = self.get_selinux_default_context(@resource[:path])
+      context = self.get_selinux_default_context(@resource[:path], @resource[:ensure])
       unless context
         return nil
       end

data/lib/puppet/type/package.rb

@@ -426,10 +426,10 @@ module Puppet
     end
 
     newparam(:source) do
-      desc "Where to find the package file. This is only used by providers that don't
+      desc "Where to find the package file. This is mostly used by providers that don't
         automatically download packages from a central repository. (For example:
-        the `yum` and `apt` providers ignore this attribute, but the `rpm` and
-        `dpkg` providers require it.)
+        the `yum` provider ignores this attribute, `apt` provider uses it if present
+        and the `rpm` and `dpkg` providers require it.)
 
         Different providers accept different values for `source`. Most providers
         accept paths to local files stored on the target system. Some providers

data/lib/puppet/type/service.rb

@@ -38,6 +38,12 @@ module Puppet
     feature :enableable, "The provider can enable and disable the service.",
       :methods => [:disable, :enable, :enabled?]
 
+    feature :delayed_startable, "The provider can set service to delayed start",
+      :methods => [:delayed_start]
+
+    feature :manual_startable, "The provider can set service to manual start",
+      :methods => [:manual_start]
+
     feature :controllable, "The provider uses a control variable."
 
     feature :flaggable, "The provider can pass flags to the service."
@@ -67,7 +73,7 @@ module Puppet
         provider.disable
       end
 
-      newvalue(:manual, :event => :service_manual_start) do
+      newvalue(:manual, :event => :service_manual_start, :required_features => :manual_startable) do
         provider.manual_start
       end
 
@@ -81,8 +87,7 @@ module Puppet
         provider.enabled?
       end
 
-      # This only works on Windows systems.
-      newvalue(:delayed, :event => :service_delayed_start) do
+      newvalue(:delayed, :event => :service_delayed_start, :required_features => :delayed_startable) do
         provider.delayed_start
       end
 
@@ -90,12 +95,6 @@ module Puppet
         return provider.enabled_insync?(current) if provider.respond_to?(:enabled_insync?)
         super(current)
       end
-
-      validate do |value|
-        if (value == :manual || value == :delayed) && !Puppet::Util::Platform.windows?
-          raise Puppet::Error.new(_("Setting enable to %{value} is only supported on Microsoft Windows.") % { value: value.to_s} )
-        end
-      end
     end
 
     # Handle whether the service should actually be running right now.
@@ -139,23 +138,9 @@ module Puppet
     newproperty(:logonaccount, :required_features => :manages_logon_credentials) do
       desc "Specify an account for service logon"
 
-      munge do |value|
-        return value unless Puppet::Util::Platform.windows?
-        return 'LocalSystem' if Puppet::Util::Windows::User::localsystem?(value)
-
-        value.sub!(/^\.\\/, "#{Puppet::Util::Windows::ADSI.computer_name}\\")
-        user_information = Puppet::Util::Windows::SID.name_to_principal(value)
-        raise Puppet::Error.new("\"#{value}\" is not a valid account") unless user_information && [:SidTypeUser, :SidTypeWellKnownGroup].include?(user_information.account_type)
-
-        user_rights = Puppet::Util::Windows::User::get_rights(user_information.domain_account) unless Puppet::Util::Windows::User::default_system_account?(value)
-        raise Puppet::Error.new("\"#{user_information.domain_account}\" has the 'Log On As A Service' right set to denied.") if user_rights =~ /SeDenyServiceLogonRight/
-        raise Puppet::Error.new("\"#{user_information.domain_account}\" is missing the 'Log On As A Service' right.") unless user_rights.nil? || user_rights =~ /SeServiceLogonRight/
-
-        if user_information.domain == Puppet::Util::Windows::ADSI.computer_name
-          ".\\#{user_information.account}"
-        else
-          user_information.domain_account
-        end
+      def insync?(current)
+        return provider.logonaccount_insync?(current) if provider.respond_to?(:logonaccount_insync?)
+        super(current)
       end
     end
 
@@ -163,18 +148,7 @@ module Puppet
       desc "Specify a password for service logon. Default value is an empty string (when logonaccount is specified)."
 
       validate do |value|
-        raise Puppet::Error.new(_"The 'logonaccount' parameter is mandatory when setting 'logonpassword'.") unless @resource[:logonaccount]
-        raise ArgumentError, _("Passwords cannot include ':'") if value.is_a?(String) and value.include?(":")
-        return unless Puppet::Util::Platform.windows?
-
-        is_a_predefined_local_account = Puppet::Util::Windows::User::default_system_account?(@resource[:logonaccount]) || @resource[:logonaccount] == 'LocalSystem'
-
-        account_info = @resource[:logonaccount].split("\\")
-        able_to_logon = Puppet::Util::Windows::User.password_is?(account_info[1], value, account_info[0]) unless is_a_predefined_local_account
-
-        raise Puppet::Error.new("The given password is invalid for user '#{@resource[:logonaccount]}'.") unless is_a_predefined_local_account || able_to_logon
-
-        provider.logonpassword=(value)
+        raise ArgumentError, _("Passwords cannot include ':'") if value.is_a?(String) && value.include?(":")
       end
 
       sensitive true
@@ -320,5 +294,11 @@ module Puppet
     def self.needs_ensure_retrieved
       false
     end
+
+    validate do
+      if @parameters[:logonpassword] && @parameters[:logonaccount].nil?
+        raise Puppet::Error.new(_"The 'logonaccount' parameter is mandatory when setting 'logonpassword'.")
+      end
+    end
   end
 end