puppet 6.21.0-x64-mingw32 → 6.24.0-x64-mingw32
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CONTRIBUTING.md +5 -5
- data/Gemfile +1 -1
- data/Gemfile.lock +29 -23
- data/README.md +4 -4
- data/ext/osx/puppet.plist +2 -0
- data/ext/project_data.yaml +3 -2
- data/lib/puppet.rb +3 -3
- data/lib/puppet/application/agent.rb +12 -5
- data/lib/puppet/application/apply.rb +2 -1
- data/lib/puppet/application/device.rb +2 -1
- data/lib/puppet/application/filebucket.rb +1 -0
- data/lib/puppet/application/resource.rb +17 -3
- data/lib/puppet/application/script.rb +2 -1
- data/lib/puppet/application/ssl.rb +12 -0
- data/lib/puppet/configurer/downloader.rb +2 -1
- data/lib/puppet/defaults.rb +27 -5
- data/lib/puppet/environments.rb +26 -1
- data/lib/puppet/face/facts.rb +128 -30
- data/lib/puppet/face/help/action.erb +1 -0
- data/lib/puppet/face/help/face.erb +1 -0
- data/lib/puppet/face/node/clean.rb +11 -0
- data/lib/puppet/file_serving/fileset.rb +14 -2
- data/lib/puppet/file_system/file_impl.rb +1 -1
- data/lib/puppet/file_system/memory_file.rb +8 -1
- data/lib/puppet/file_system/windows.rb +4 -2
- data/lib/puppet/forge.rb +3 -3
- data/lib/puppet/functions/all.rb +1 -1
- data/lib/puppet/functions/camelcase.rb +1 -1
- data/lib/puppet/functions/capitalize.rb +2 -2
- data/lib/puppet/functions/downcase.rb +2 -2
- data/lib/puppet/functions/empty.rb +8 -0
- data/lib/puppet/functions/get.rb +5 -5
- data/lib/puppet/functions/group_by.rb +13 -5
- data/lib/puppet/functions/lest.rb +1 -1
- data/lib/puppet/functions/new.rb +100 -100
- data/lib/puppet/functions/partition.rb +12 -4
- data/lib/puppet/functions/require.rb +5 -5
- data/lib/puppet/functions/sort.rb +3 -3
- data/lib/puppet/functions/strftime.rb +1 -0
- data/lib/puppet/functions/tree_each.rb +7 -9
- data/lib/puppet/functions/type.rb +4 -4
- data/lib/puppet/functions/unwrap.rb +17 -2
- data/lib/puppet/functions/upcase.rb +2 -2
- data/lib/puppet/http/resolver/server_list.rb +15 -4
- data/lib/puppet/http/service/compiler.rb +69 -0
- data/lib/puppet/http/service/file_server.rb +2 -1
- data/lib/puppet/indirector/catalog/compiler.rb +1 -0
- data/lib/puppet/indirector/facts/facter.rb +24 -3
- data/lib/puppet/indirector/file_metadata/rest.rb +1 -0
- data/lib/puppet/indirector/resource/ral.rb +6 -1
- data/lib/puppet/interface/documentation.rb +1 -0
- data/lib/puppet/module_tool/applications/installer.rb +4 -0
- data/lib/puppet/module_tool/errors/shared.rb +17 -0
- data/lib/puppet/network/formats.rb +67 -0
- data/lib/puppet/network/http/factory.rb +4 -0
- data/lib/puppet/parser/functions/fqdn_rand.rb +14 -6
- data/lib/puppet/pops/types/p_sem_ver_type.rb +8 -2
- data/lib/puppet/pops/types/p_sensitive_type.rb +10 -0
- data/lib/puppet/pops/types/type_mismatch_describer.rb +1 -1
- data/lib/puppet/provider/exec/posix.rb +16 -4
- data/lib/puppet/provider/package/dnfmodule.rb +1 -1
- data/lib/puppet/provider/package/nim.rb +11 -6
- data/lib/puppet/provider/package/pip.rb +15 -3
- data/lib/puppet/provider/parsedfile.rb +3 -0
- data/lib/puppet/provider/service/systemd.rb +14 -4
- data/lib/puppet/provider/service/windows.rb +38 -0
- data/lib/puppet/provider/user/directoryservice.rb +25 -12
- data/lib/puppet/provider/user/useradd.rb +9 -2
- data/lib/puppet/reference/configuration.rb +1 -1
- data/lib/puppet/settings.rb +30 -7
- data/lib/puppet/settings/environment_conf.rb +1 -0
- data/lib/puppet/transaction/additional_resource_generator.rb +1 -1
- data/lib/puppet/type/exec.rb +16 -3
- data/lib/puppet/type/file.rb +19 -1
- data/lib/puppet/type/file/mode.rb +6 -0
- data/lib/puppet/type/file/selcontext.rb +1 -1
- data/lib/puppet/type/service.rb +18 -38
- data/lib/puppet/type/tidy.rb +22 -3
- data/lib/puppet/type/user.rb +38 -20
- data/lib/puppet/util/fact_dif.rb +36 -17
- data/lib/puppet/util/monkey_patches.rb +7 -0
- data/lib/puppet/util/selinux.rb +30 -4
- data/lib/puppet/util/symbolic_file_mode.rb +29 -17
- data/lib/puppet/util/windows/adsi.rb +46 -0
- data/lib/puppet/util/windows/api_types.rb +1 -1
- data/lib/puppet/util/windows/principal.rb +9 -2
- data/lib/puppet/util/windows/sid.rb +6 -2
- data/lib/puppet/version.rb +1 -1
- data/locales/puppet.pot +360 -280
- data/man/man5/puppet.conf.5 +279 -251
- data/man/man8/puppet-agent.8 +1 -1
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +9 -9
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +65 -7
- data/man/man8/puppet-filebucket.8 +1 -1
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-key.8 +7 -7
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-man.8 +1 -1
- data/man/man8/puppet-module.8 +1 -1
- data/man/man8/puppet-node.8 +5 -5
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +5 -5
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +5 -1
- data/man/man8/puppet-status.8 +4 -4
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/ssl/127.0.0.1-key.pem +107 -57
- data/spec/fixtures/ssl/127.0.0.1.pem +52 -31
- data/spec/fixtures/ssl/bad-basic-constraints.pem +57 -35
- data/spec/fixtures/ssl/bad-int-basic-constraints.pem +57 -35
- data/spec/fixtures/ssl/ca.pem +57 -35
- data/spec/fixtures/ssl/crl.pem +28 -18
- data/spec/fixtures/ssl/ec-key.pem +11 -11
- data/spec/fixtures/ssl/ec.pem +33 -24
- data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
- data/spec/fixtures/ssl/encrypted-key.pem +108 -58
- data/spec/fixtures/ssl/intermediate-agent-crl.pem +28 -19
- data/spec/fixtures/ssl/intermediate-agent.pem +57 -36
- data/spec/fixtures/ssl/intermediate-crl.pem +31 -21
- data/spec/fixtures/ssl/intermediate.pem +57 -36
- data/spec/fixtures/ssl/oid-key.pem +117 -0
- data/spec/fixtures/ssl/oid.pem +69 -0
- data/spec/fixtures/ssl/pluto-key.pem +107 -57
- data/spec/fixtures/ssl/pluto.pem +52 -30
- data/spec/fixtures/ssl/request-key.pem +107 -57
- data/spec/fixtures/ssl/request.pem +47 -26
- data/spec/fixtures/ssl/revoked-key.pem +107 -57
- data/spec/fixtures/ssl/revoked.pem +52 -30
- data/spec/fixtures/ssl/signed-key.pem +107 -57
- data/spec/fixtures/ssl/signed.pem +52 -30
- data/spec/fixtures/ssl/tampered-cert.pem +52 -30
- data/spec/fixtures/ssl/tampered-csr.pem +47 -26
- data/spec/fixtures/ssl/trusted_oid_mapping.yaml +5 -0
- data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +107 -57
- data/spec/fixtures/ssl/unknown-127.0.0.1.pem +50 -29
- data/spec/fixtures/ssl/unknown-ca-key.pem +107 -57
- data/spec/fixtures/ssl/unknown-ca.pem +55 -33
- data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services_vendor_preset +9 -0
- data/spec/integration/application/filebucket_spec.rb +11 -0
- data/spec/integration/application/module_spec.rb +21 -0
- data/spec/integration/application/plugin_spec.rb +1 -1
- data/spec/integration/application/resource_spec.rb +64 -0
- data/spec/integration/application/ssl_spec.rb +20 -0
- data/spec/integration/environments/settings_interpolation_spec.rb +0 -4
- data/spec/integration/http/client_spec.rb +12 -0
- data/spec/integration/indirector/direct_file_server_spec.rb +1 -3
- data/spec/integration/indirector/facts/facter_spec.rb +90 -36
- data/spec/integration/type/exec_spec.rb +70 -45
- data/spec/integration/util/windows/adsi_spec.rb +18 -0
- data/spec/integration/util/windows/principal_spec.rb +21 -0
- data/spec/integration/util/windows/registry_spec.rb +6 -0
- data/spec/lib/puppet/test_ca.rb +7 -2
- data/spec/lib/puppet_spec/settings.rb +1 -0
- data/spec/spec_helper.rb +11 -1
- data/spec/unit/application/agent_spec.rb +7 -2
- data/spec/unit/application/facts_spec.rb +482 -3
- data/spec/unit/application/ssl_spec.rb +23 -0
- data/spec/unit/configurer/downloader_spec.rb +6 -0
- data/spec/unit/configurer_spec.rb +23 -0
- data/spec/unit/defaults_spec.rb +16 -0
- data/spec/unit/environments_spec.rb +199 -88
- data/spec/unit/face/facts_spec.rb +4 -0
- data/spec/unit/file_serving/fileset_spec.rb +60 -0
- data/spec/unit/file_system_spec.rb +15 -0
- data/spec/unit/functions/assert_type_spec.rb +1 -1
- data/spec/unit/functions/empty_spec.rb +10 -0
- data/spec/unit/functions/unwrap_spec.rb +8 -0
- data/spec/unit/functions4_spec.rb +2 -2
- data/spec/unit/gettext/config_spec.rb +12 -0
- data/spec/unit/http/service/compiler_spec.rb +123 -0
- data/spec/unit/indirector/catalog/compiler_spec.rb +14 -10
- data/spec/unit/indirector/facts/facter_spec.rb +95 -0
- data/spec/unit/indirector/resource/ral_spec.rb +40 -75
- data/spec/unit/module_tool/applications/installer_spec.rb +12 -0
- data/spec/unit/network/formats_spec.rb +41 -0
- data/spec/unit/network/http/factory_spec.rb +19 -0
- data/spec/unit/parser/functions/fqdn_rand_spec.rb +15 -1
- data/spec/unit/parser/templatewrapper_spec.rb +12 -2
- data/spec/unit/pops/types/p_sem_ver_type_spec.rb +18 -0
- data/spec/unit/pops/types/p_sensitive_type_spec.rb +18 -0
- data/spec/unit/provider/package/dnfmodule_spec.rb +10 -1
- data/spec/unit/provider/package/nim_spec.rb +42 -0
- data/spec/unit/provider/package/pip_spec.rb +37 -0
- data/spec/unit/provider/parsedfile_spec.rb +10 -0
- data/spec/unit/provider/service/init_spec.rb +1 -0
- data/spec/unit/provider/service/openwrt_spec.rb +3 -1
- data/spec/unit/provider/service/systemd_spec.rb +53 -8
- data/spec/unit/provider/service/windows_spec.rb +202 -0
- data/spec/unit/provider/user/directoryservice_spec.rb +67 -35
- data/spec/unit/provider/user/useradd_spec.rb +21 -6
- data/spec/unit/resource/catalog_spec.rb +1 -1
- data/spec/unit/settings_spec.rb +97 -56
- data/spec/unit/ssl/state_machine_spec.rb +19 -5
- data/spec/unit/transaction/additional_resource_generator_spec.rb +0 -2
- data/spec/unit/transaction_spec.rb +18 -20
- data/spec/unit/type/exec_spec.rb +76 -29
- data/spec/unit/type/file/selinux_spec.rb +3 -3
- data/spec/unit/type/file/source_spec.rb +4 -4
- data/spec/unit/type/service_spec.rb +59 -188
- data/spec/unit/type/tidy_spec.rb +24 -7
- data/spec/unit/type/user_spec.rb +45 -0
- data/spec/unit/util/selinux_spec.rb +87 -16
- data/spec/unit/util/windows/sid_spec.rb +41 -0
- data/tasks/generate_cert_fixtures.rake +12 -3
- metadata +24 -9
- data/spec/lib/matchers/include.rb +0 -27
- data/spec/lib/matchers/include_spec.rb +0 -32
@@ -104,7 +104,14 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
|
|
104
104
|
|
105
105
|
def localgid
|
106
106
|
user = finduser(:account, resource[:name])
|
107
|
-
|
107
|
+
if user
|
108
|
+
begin
|
109
|
+
return Integer(user[:gid])
|
110
|
+
rescue ArgumentError
|
111
|
+
Puppet.debug("Non-numeric GID found in /etc/passwd for user #{resource[:name]}")
|
112
|
+
return user[:gid]
|
113
|
+
end
|
114
|
+
end
|
108
115
|
false
|
109
116
|
end
|
110
117
|
|
@@ -128,7 +135,7 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
|
|
128
135
|
|
129
136
|
Puppet::FileSystem.each_line(group_file) do |line|
|
130
137
|
data = line.chomp.split(':')
|
131
|
-
if data.last.split(',').include?(user)
|
138
|
+
if !data.empty? && data.last.split(',').include?(user)
|
132
139
|
@groups_of[user] << data.first
|
133
140
|
end
|
134
141
|
end
|
@@ -41,7 +41,7 @@ config = Puppet::Util::Reference.newreference(:configuration, :depth => 1, :doc
|
|
41
41
|
# Leave out the section information; it was apparently confusing people.
|
42
42
|
#str << "- **Section**: #{object.section}\n"
|
43
43
|
unless val == ""
|
44
|
-
str << "- *Default*:
|
44
|
+
str << "- *Default*: `#{val}`\n"
|
45
45
|
end
|
46
46
|
str << "\n"
|
47
47
|
end
|
data/lib/puppet/settings.rb
CHANGED
@@ -862,7 +862,11 @@ class Puppet::Settings
|
|
862
862
|
if self[:user]
|
863
863
|
user = Puppet::Type.type(:user).new :name => self[:user], :audit => :ensure
|
864
864
|
|
865
|
-
|
865
|
+
if user.suitable?
|
866
|
+
@service_user_available = user.exists?
|
867
|
+
else
|
868
|
+
raise Puppet::Error, (_("Cannot manage owner permissions, because the provider for '%{name}' is not functional") % { name: user })
|
869
|
+
end
|
866
870
|
else
|
867
871
|
@service_user_available = false
|
868
872
|
end
|
@@ -874,7 +878,11 @@ class Puppet::Settings
|
|
874
878
|
if self[:group]
|
875
879
|
group = Puppet::Type.type(:group).new :name => self[:group], :audit => :ensure
|
876
880
|
|
877
|
-
|
881
|
+
if group.suitable?
|
882
|
+
@service_group_available = group.exists?
|
883
|
+
else
|
884
|
+
raise Puppet::Error, (_("Cannot manage group permissions, because the provider for '%{name}' is not functional") % { name: group })
|
885
|
+
end
|
878
886
|
else
|
879
887
|
@service_group_available = false
|
880
888
|
end
|
@@ -883,9 +891,16 @@ class Puppet::Settings
|
|
883
891
|
# Allow later inspection to determine if the setting was set on the
|
884
892
|
# command line, or through some other code path. Used for the
|
885
893
|
# `dns_alt_names` option during cert generate. --daniel 2011-10-18
|
886
|
-
|
894
|
+
#
|
895
|
+
# @param param [String, Symbol] the setting to look up
|
896
|
+
# @return [Object, nil] the value of the setting or nil if unset
|
897
|
+
def set_by_cli(param)
|
887
898
|
param = param.to_sym
|
888
|
-
|
899
|
+
@value_sets[:cli].lookup(param)
|
900
|
+
end
|
901
|
+
|
902
|
+
def set_by_cli?(param)
|
903
|
+
!!set_by_cli(param)
|
889
904
|
end
|
890
905
|
|
891
906
|
# Get values from a search path entry.
|
@@ -918,9 +933,13 @@ class Puppet::Settings
|
|
918
933
|
end
|
919
934
|
end
|
920
935
|
|
921
|
-
# Allow later inspection to determine if the setting was set
|
922
|
-
#
|
923
|
-
|
936
|
+
# Allow later inspection to determine if the setting was set in a specific
|
937
|
+
# section
|
938
|
+
#
|
939
|
+
# @param param [String, Symbol] the setting to look up
|
940
|
+
# @param section [Symbol] the section in which to look up the setting
|
941
|
+
# @return [Object, nil] the value of the setting or nil if unset
|
942
|
+
def set_in_section(param, section)
|
924
943
|
param = param.to_sym
|
925
944
|
vals = searchpath_values(SearchPathElement.new(section, :section))
|
926
945
|
if vals
|
@@ -928,6 +947,10 @@ class Puppet::Settings
|
|
928
947
|
end
|
929
948
|
end
|
930
949
|
|
950
|
+
def set_in_section?(param, section)
|
951
|
+
!!set_in_section(param, section)
|
952
|
+
end
|
953
|
+
|
931
954
|
# Patches the value for a param in a section.
|
932
955
|
# This method is required to support the use case of unifying --dns-alt-names and
|
933
956
|
# --dns_alt_names in the certificate face. Ideally this should be cleaned up.
|
@@ -29,6 +29,7 @@ class Puppet::Settings::EnvironmentConf
|
|
29
29
|
section = config.sections[:main]
|
30
30
|
rescue Errno::ENOENT
|
31
31
|
# environment.conf is an optional file
|
32
|
+
Puppet.debug { "Path to #{path_to_env} does not exist, using default environment.conf" }
|
32
33
|
end
|
33
34
|
|
34
35
|
new(path_to_env, section, global_module_path)
|
@@ -137,7 +137,7 @@ class Puppet::Transaction::AdditionalResourceGenerator
|
|
137
137
|
else
|
138
138
|
@catalog.add_resource_after(parent_resource, res)
|
139
139
|
end
|
140
|
-
@catalog.add_edge(@catalog.container_of(parent_resource), res)
|
140
|
+
@catalog.add_edge(@catalog.container_of(parent_resource), res) if @catalog.container_of(parent_resource)
|
141
141
|
if @relationship_graph && priority
|
142
142
|
# If we have a relationship_graph we should add the resource
|
143
143
|
# to it (this is an eval_generate). If we don't, then the
|
data/lib/puppet/type/exec.rb
CHANGED
@@ -201,7 +201,9 @@ module Puppet
|
|
201
201
|
only uses the resource title to ensure `exec`s are unique."
|
202
202
|
|
203
203
|
validate do |command|
|
204
|
-
|
204
|
+
unless command.is_a?(String) || command.is_a?(Array)
|
205
|
+
raise ArgumentError, _("Command must be a String or Array<String>, got value of class %{klass}") % { klass: command.class }
|
206
|
+
end
|
205
207
|
end
|
206
208
|
end
|
207
209
|
|
@@ -458,6 +460,10 @@ module Puppet
|
|
458
460
|
|
459
461
|
unless => ['test -f /tmp/file1', 'test -f /tmp/file2'],
|
460
462
|
|
463
|
+
or an array of arrays. For example:
|
464
|
+
|
465
|
+
unless => [['test', '-f', '/tmp/file1'], 'test -f /tmp/file2']
|
466
|
+
|
461
467
|
This `exec` would only run if every command in the array has a
|
462
468
|
non-zero exit code.
|
463
469
|
EOT
|
@@ -514,6 +520,10 @@ module Puppet
|
|
514
520
|
|
515
521
|
onlyif => ['test -f /tmp/file1', 'test -f /tmp/file2'],
|
516
522
|
|
523
|
+
or an array of arrays. For example:
|
524
|
+
|
525
|
+
onlyif => [['test', '-f', '/tmp/file1'], 'test -f /tmp/file2']
|
526
|
+
|
517
527
|
This `exec` would only run if every command in the array has an
|
518
528
|
exit code of 0 (success).
|
519
529
|
EOT
|
@@ -562,12 +572,14 @@ module Puppet
|
|
562
572
|
reqs << self[:cwd] if self[:cwd]
|
563
573
|
|
564
574
|
file_regex = Puppet::Util::Platform.windows? ? %r{^([a-zA-Z]:[\\/]\S+)} : %r{^(/\S+)}
|
575
|
+
cmd = self[:command]
|
576
|
+
cmd = cmd[0] if cmd.is_a? Array
|
565
577
|
|
566
|
-
|
578
|
+
cmd.scan(file_regex) { |str|
|
567
579
|
reqs << str
|
568
580
|
}
|
569
581
|
|
570
|
-
|
582
|
+
cmd.scan(/^"([^"]+)"/) { |str|
|
571
583
|
reqs << str
|
572
584
|
}
|
573
585
|
|
@@ -583,6 +595,7 @@ module Puppet
|
|
583
595
|
# fully qualified. It might not be a bad idea to add
|
584
596
|
# unqualified files, but, well, that's a bit more annoying
|
585
597
|
# to do.
|
598
|
+
line = line[0] if line.is_a? Array
|
586
599
|
reqs += line.scan(file_regex)
|
587
600
|
end
|
588
601
|
}
|
data/lib/puppet/type/file.rb
CHANGED
@@ -220,6 +220,23 @@ Puppet::Type.newtype(:file) do
|
|
220
220
|
end
|
221
221
|
end
|
222
222
|
|
223
|
+
newparam(:max_files) do
|
224
|
+
desc "In case the resource is a directory and the recursion is enabled, puppet will
|
225
|
+
generate a new resource for each file file found, possible leading to
|
226
|
+
an excessive number of resources generated without any control.
|
227
|
+
|
228
|
+
Setting `max_files` will check the number of file resources that
|
229
|
+
will eventually be created and will raise a resource argument error if the
|
230
|
+
limit will be exceeded.
|
231
|
+
|
232
|
+
Use value `0` to log a warning instead of raising an error.
|
233
|
+
|
234
|
+
Use value `-1` to disable errors and warnings due to max files."
|
235
|
+
|
236
|
+
defaultto 0
|
237
|
+
newvalues(/^[0-9]+$/, /^-1$/)
|
238
|
+
end
|
239
|
+
|
223
240
|
newparam(:replace, :boolean => true, :parent => Puppet::Parameter::Boolean) do
|
224
241
|
desc "Whether to replace a file or symlink that already exists on the local system but
|
225
242
|
whose content doesn't match what the `source` or `content` attribute
|
@@ -576,7 +593,7 @@ Puppet::Type.newtype(:file) do
|
|
576
593
|
options = @original_parameters.merge(:path => full_path).reject { |param, value| value.nil? }
|
577
594
|
|
578
595
|
# These should never be passed to our children.
|
579
|
-
[:parent, :ensure, :recurse, :recurselimit, :target, :alias, :source].each do |param|
|
596
|
+
[:parent, :ensure, :recurse, :recurselimit, :max_files, :target, :alias, :source].each do |param|
|
580
597
|
options.delete(param) if options.include?(param)
|
581
598
|
end
|
582
599
|
|
@@ -753,6 +770,7 @@ Puppet::Type.newtype(:file) do
|
|
753
770
|
:links => self[:links],
|
754
771
|
:recurse => (self[:recurse] == :remote ? true : self[:recurse]),
|
755
772
|
:recurselimit => self[:recurselimit],
|
773
|
+
:max_files => self[:max_files],
|
756
774
|
:source_permissions => self[:source_permissions],
|
757
775
|
:ignore => self[:ignore],
|
758
776
|
:checksum_type => (self[:source] || self[:content]) ? self[:checksum] : :none,
|
@@ -90,9 +90,15 @@ module Puppet
|
|
90
90
|
raise Puppet::Error, "The file mode specification is invalid: #{value.inspect}"
|
91
91
|
end
|
92
92
|
|
93
|
+
# normalizes to symbolic form, e.g. u+a, an octal string without leading 0
|
93
94
|
normalize_symbolic_mode(value)
|
94
95
|
end
|
95
96
|
|
97
|
+
unmunge do |value|
|
98
|
+
# return symbolic form or octal string *with* leading 0's
|
99
|
+
display_mode(value) if value
|
100
|
+
end
|
101
|
+
|
96
102
|
def desired_mode_from_current(desired, current)
|
97
103
|
current = current.to_i(8) if current.is_a? String
|
98
104
|
is_a_directory = @resource.stat && @resource.stat.directory?
|
data/lib/puppet/type/service.rb
CHANGED
@@ -38,6 +38,12 @@ module Puppet
|
|
38
38
|
feature :enableable, "The provider can enable and disable the service.",
|
39
39
|
:methods => [:disable, :enable, :enabled?]
|
40
40
|
|
41
|
+
feature :delayed_startable, "The provider can set service to delayed start",
|
42
|
+
:methods => [:delayed_start]
|
43
|
+
|
44
|
+
feature :manual_startable, "The provider can set service to manual start",
|
45
|
+
:methods => [:manual_start]
|
46
|
+
|
41
47
|
feature :controllable, "The provider uses a control variable."
|
42
48
|
|
43
49
|
feature :flaggable, "The provider can pass flags to the service."
|
@@ -67,7 +73,7 @@ module Puppet
|
|
67
73
|
provider.disable
|
68
74
|
end
|
69
75
|
|
70
|
-
newvalue(:manual, :event => :service_manual_start) do
|
76
|
+
newvalue(:manual, :event => :service_manual_start, :required_features => :manual_startable) do
|
71
77
|
provider.manual_start
|
72
78
|
end
|
73
79
|
|
@@ -81,8 +87,7 @@ module Puppet
|
|
81
87
|
provider.enabled?
|
82
88
|
end
|
83
89
|
|
84
|
-
|
85
|
-
newvalue(:delayed, :event => :service_delayed_start) do
|
90
|
+
newvalue(:delayed, :event => :service_delayed_start, :required_features => :delayed_startable) do
|
86
91
|
provider.delayed_start
|
87
92
|
end
|
88
93
|
|
@@ -90,12 +95,6 @@ module Puppet
|
|
90
95
|
return provider.enabled_insync?(current) if provider.respond_to?(:enabled_insync?)
|
91
96
|
super(current)
|
92
97
|
end
|
93
|
-
|
94
|
-
validate do |value|
|
95
|
-
if (value == :manual || value == :delayed) && !Puppet::Util::Platform.windows?
|
96
|
-
raise Puppet::Error.new(_("Setting enable to %{value} is only supported on Microsoft Windows.") % { value: value.to_s} )
|
97
|
-
end
|
98
|
-
end
|
99
98
|
end
|
100
99
|
|
101
100
|
# Handle whether the service should actually be running right now.
|
@@ -139,23 +138,9 @@ module Puppet
|
|
139
138
|
newproperty(:logonaccount, :required_features => :manages_logon_credentials) do
|
140
139
|
desc "Specify an account for service logon"
|
141
140
|
|
142
|
-
|
143
|
-
return
|
144
|
-
|
145
|
-
|
146
|
-
value.sub!(/^\.\\/, "#{Puppet::Util::Windows::ADSI.computer_name}\\")
|
147
|
-
user_information = Puppet::Util::Windows::SID.name_to_principal(value)
|
148
|
-
raise Puppet::Error.new("\"#{value}\" is not a valid account") unless user_information && [:SidTypeUser, :SidTypeWellKnownGroup].include?(user_information.account_type)
|
149
|
-
|
150
|
-
user_rights = Puppet::Util::Windows::User::get_rights(user_information.domain_account) unless Puppet::Util::Windows::User::default_system_account?(value)
|
151
|
-
raise Puppet::Error.new("\"#{user_information.domain_account}\" has the 'Log On As A Service' right set to denied.") if user_rights =~ /SeDenyServiceLogonRight/
|
152
|
-
raise Puppet::Error.new("\"#{user_information.domain_account}\" is missing the 'Log On As A Service' right.") unless user_rights.nil? || user_rights =~ /SeServiceLogonRight/
|
153
|
-
|
154
|
-
if user_information.domain == Puppet::Util::Windows::ADSI.computer_name
|
155
|
-
".\\#{user_information.account}"
|
156
|
-
else
|
157
|
-
user_information.domain_account
|
158
|
-
end
|
141
|
+
def insync?(current)
|
142
|
+
return provider.logonaccount_insync?(current) if provider.respond_to?(:logonaccount_insync?)
|
143
|
+
super(current)
|
159
144
|
end
|
160
145
|
end
|
161
146
|
|
@@ -163,18 +148,7 @@ module Puppet
|
|
163
148
|
desc "Specify a password for service logon. Default value is an empty string (when logonaccount is specified)."
|
164
149
|
|
165
150
|
validate do |value|
|
166
|
-
raise
|
167
|
-
raise ArgumentError, _("Passwords cannot include ':'") if value.is_a?(String) and value.include?(":")
|
168
|
-
return unless Puppet::Util::Platform.windows?
|
169
|
-
|
170
|
-
is_a_predefined_local_account = Puppet::Util::Windows::User::default_system_account?(@resource[:logonaccount]) || @resource[:logonaccount] == 'LocalSystem'
|
171
|
-
|
172
|
-
account_info = @resource[:logonaccount].split("\\")
|
173
|
-
able_to_logon = Puppet::Util::Windows::User.password_is?(account_info[1], value, account_info[0]) unless is_a_predefined_local_account
|
174
|
-
|
175
|
-
raise Puppet::Error.new("The given password is invalid for user '#{@resource[:logonaccount]}'.") unless is_a_predefined_local_account || able_to_logon
|
176
|
-
|
177
|
-
provider.logonpassword=(value)
|
151
|
+
raise ArgumentError, _("Passwords cannot include ':'") if value.is_a?(String) && value.include?(":")
|
178
152
|
end
|
179
153
|
|
180
154
|
sensitive true
|
@@ -320,5 +294,11 @@ module Puppet
|
|
320
294
|
def self.needs_ensure_retrieved
|
321
295
|
false
|
322
296
|
end
|
297
|
+
|
298
|
+
validate do
|
299
|
+
if @parameters[:logonpassword] && @parameters[:logonaccount].nil?
|
300
|
+
raise Puppet::Error.new(_"The 'logonaccount' parameter is mandatory when setting 'logonpassword'.")
|
301
|
+
end
|
302
|
+
end
|
323
303
|
end
|
324
304
|
end
|
data/lib/puppet/type/tidy.rb
CHANGED
@@ -50,6 +50,22 @@ Puppet::Type.newtype(:tidy) do
|
|
50
50
|
end
|
51
51
|
end
|
52
52
|
|
53
|
+
newparam(:max_files) do
|
54
|
+
desc "In case the resource is a directory and the recursion is enabled, puppet will
|
55
|
+
generate a new resource for each file file found, possible leading to
|
56
|
+
an excessive number of resources generated without any control.
|
57
|
+
|
58
|
+
Setting `max_files` will check the number of file resources that
|
59
|
+
will eventually be created and will raise a resource argument error if the
|
60
|
+
limit will be exceeded.
|
61
|
+
|
62
|
+
Use value `0` to disable the check. In this case, a warning is logged if
|
63
|
+
the number of files exceeds 1000."
|
64
|
+
|
65
|
+
defaultto 0
|
66
|
+
newvalues(/^[0-9]+$/)
|
67
|
+
end
|
68
|
+
|
53
69
|
newparam(:matches) do
|
54
70
|
desc <<-'EOT'
|
55
71
|
One or more (shell type) file glob patterns, which restrict
|
@@ -128,7 +144,7 @@ Puppet::Type.newtype(:tidy) do
|
|
128
144
|
|
129
145
|
def tidy?(path, stat)
|
130
146
|
# If the file's older than we allow, we should get rid of it.
|
131
|
-
(Time.now.to_i - stat.send(resource[:type]).to_i)
|
147
|
+
(Time.now.to_i - stat.send(resource[:type]).to_i) >= value
|
132
148
|
end
|
133
149
|
|
134
150
|
munge do |age|
|
@@ -256,9 +272,12 @@ Puppet::Type.newtype(:tidy) do
|
|
256
272
|
|
257
273
|
case self[:recurse]
|
258
274
|
when Integer, /^\d+$/
|
259
|
-
parameter = { :
|
275
|
+
parameter = { :max_files => self[:max_files],
|
276
|
+
:recurse => true,
|
277
|
+
:recurselimit => self[:recurse] }
|
260
278
|
when true, :true, :inf
|
261
|
-
parameter = { :
|
279
|
+
parameter = { :max_files => self[:max_files],
|
280
|
+
:recurse => true }
|
262
281
|
end
|
263
282
|
|
264
283
|
if parameter
|
data/lib/puppet/type/user.rb
CHANGED
@@ -67,6 +67,7 @@ module Puppet
|
|
67
67
|
newproperty(:ensure, :parent => Puppet::Property::Ensure) do
|
68
68
|
newvalue(:present, :event => :user_created) do
|
69
69
|
provider.create
|
70
|
+
@resource.generate
|
70
71
|
end
|
71
72
|
|
72
73
|
newvalue(:absent, :event => :user_removed) do
|
@@ -695,6 +696,7 @@ module Puppet
|
|
695
696
|
|
696
697
|
def generate
|
697
698
|
if !self[:purge_ssh_keys].empty?
|
699
|
+
return [] if self[:ensure] == :present && !provider.exists?
|
698
700
|
if Puppet::Type.type(:ssh_authorized_key).nil?
|
699
701
|
warning _("Ssh_authorized_key type is not available. Cannot purge SSH keys.")
|
700
702
|
else
|
@@ -743,25 +745,6 @@ module Puppet
|
|
743
745
|
end
|
744
746
|
raise ArgumentError, _("purge_ssh_keys must be true, false, or an array of file names, not %{value}") % { value: value.inspect }
|
745
747
|
end
|
746
|
-
|
747
|
-
munge do |value|
|
748
|
-
# Resolve string, boolean and symbol forms of true and false to a
|
749
|
-
# single representation.
|
750
|
-
test_sym = value.to_s.intern
|
751
|
-
value = test_sym if [:true, :false].include? test_sym
|
752
|
-
|
753
|
-
return [] if value == :false
|
754
|
-
home = resource[:home] || Dir.home(resource[:name])
|
755
|
-
|
756
|
-
return [ "#{home}/.ssh/authorized_keys" ] if value == :true
|
757
|
-
# value is an array - munge each value
|
758
|
-
[ value ].flatten.map do |entry|
|
759
|
-
# make sure frozen value is duplicated by using a gsub, second mutating gsub! is then ok
|
760
|
-
entry = entry.gsub(/^~\//, "#{home}/")
|
761
|
-
entry.gsub!(/^%h\//, "#{home}/")
|
762
|
-
entry
|
763
|
-
end
|
764
|
-
end
|
765
748
|
end
|
766
749
|
|
767
750
|
newproperty(:loginclass, :required_features => :manages_loginclass) do
|
@@ -783,7 +766,7 @@ module Puppet
|
|
783
766
|
# @see generate
|
784
767
|
# @api private
|
785
768
|
def find_unmanaged_keys
|
786
|
-
|
769
|
+
munged_unmanaged_keys.
|
787
770
|
select { |f| File.readable?(f) }.
|
788
771
|
map { |f| unknown_keys_in_file(f) }.
|
789
772
|
flatten.each do |res|
|
@@ -795,6 +778,41 @@ module Puppet
|
|
795
778
|
end
|
796
779
|
end
|
797
780
|
|
781
|
+
def munged_unmanaged_keys
|
782
|
+
value = self[:purge_ssh_keys]
|
783
|
+
|
784
|
+
# Resolve string, boolean and symbol forms of true and false to a
|
785
|
+
# single representation.
|
786
|
+
test_sym = value.to_s.intern
|
787
|
+
value = test_sym if [:true, :false].include? test_sym
|
788
|
+
|
789
|
+
return [] if value == :false
|
790
|
+
|
791
|
+
home = self[:home]
|
792
|
+
begin
|
793
|
+
home ||= provider.home
|
794
|
+
rescue
|
795
|
+
Puppet.debug("User '#{self[:name]}' does not exist")
|
796
|
+
end
|
797
|
+
|
798
|
+
if home.to_s.empty? || !Dir.exist?(home.to_s)
|
799
|
+
if value == :true || [ value ].flatten.any? { |v| v.start_with?('~/', '%h/') }
|
800
|
+
Puppet.debug("User '#{self[:name]}' has no home directory set to purge ssh keys from.")
|
801
|
+
return []
|
802
|
+
end
|
803
|
+
end
|
804
|
+
|
805
|
+
return [ "#{home}/.ssh/authorized_keys" ] if value == :true
|
806
|
+
|
807
|
+
# value is an array - munge each value
|
808
|
+
[ value ].flatten.map do |entry|
|
809
|
+
# make sure frozen value is duplicated by using a gsub, second mutating gsub! is then ok
|
810
|
+
entry = entry.gsub(/^~\//, "#{home}/")
|
811
|
+
entry.gsub!(/^%h\//, "#{home}/")
|
812
|
+
entry
|
813
|
+
end
|
814
|
+
end
|
815
|
+
|
798
816
|
# Parse an ssh authorized keys file superficially, extract the comments
|
799
817
|
# on the keys. These are considered names of possible ssh_authorized_keys
|
800
818
|
# resources. Keys that are managed by the present catalog are ignored.
|