puppet 6.21.0-x64-mingw32 → 6.24.0-x64-mingw32

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of puppet might be problematic. Click here for more details.

Files changed (217) hide show
  1. checksums.yaml +4 -4
  2. data/CONTRIBUTING.md +5 -5
  3. data/Gemfile +1 -1
  4. data/Gemfile.lock +29 -23
  5. data/README.md +4 -4
  6. data/ext/osx/puppet.plist +2 -0
  7. data/ext/project_data.yaml +3 -2
  8. data/lib/puppet.rb +3 -3
  9. data/lib/puppet/application/agent.rb +12 -5
  10. data/lib/puppet/application/apply.rb +2 -1
  11. data/lib/puppet/application/device.rb +2 -1
  12. data/lib/puppet/application/filebucket.rb +1 -0
  13. data/lib/puppet/application/resource.rb +17 -3
  14. data/lib/puppet/application/script.rb +2 -1
  15. data/lib/puppet/application/ssl.rb +12 -0
  16. data/lib/puppet/configurer/downloader.rb +2 -1
  17. data/lib/puppet/defaults.rb +27 -5
  18. data/lib/puppet/environments.rb +26 -1
  19. data/lib/puppet/face/facts.rb +128 -30
  20. data/lib/puppet/face/help/action.erb +1 -0
  21. data/lib/puppet/face/help/face.erb +1 -0
  22. data/lib/puppet/face/node/clean.rb +11 -0
  23. data/lib/puppet/file_serving/fileset.rb +14 -2
  24. data/lib/puppet/file_system/file_impl.rb +1 -1
  25. data/lib/puppet/file_system/memory_file.rb +8 -1
  26. data/lib/puppet/file_system/windows.rb +4 -2
  27. data/lib/puppet/forge.rb +3 -3
  28. data/lib/puppet/functions/all.rb +1 -1
  29. data/lib/puppet/functions/camelcase.rb +1 -1
  30. data/lib/puppet/functions/capitalize.rb +2 -2
  31. data/lib/puppet/functions/downcase.rb +2 -2
  32. data/lib/puppet/functions/empty.rb +8 -0
  33. data/lib/puppet/functions/get.rb +5 -5
  34. data/lib/puppet/functions/group_by.rb +13 -5
  35. data/lib/puppet/functions/lest.rb +1 -1
  36. data/lib/puppet/functions/new.rb +100 -100
  37. data/lib/puppet/functions/partition.rb +12 -4
  38. data/lib/puppet/functions/require.rb +5 -5
  39. data/lib/puppet/functions/sort.rb +3 -3
  40. data/lib/puppet/functions/strftime.rb +1 -0
  41. data/lib/puppet/functions/tree_each.rb +7 -9
  42. data/lib/puppet/functions/type.rb +4 -4
  43. data/lib/puppet/functions/unwrap.rb +17 -2
  44. data/lib/puppet/functions/upcase.rb +2 -2
  45. data/lib/puppet/http/resolver/server_list.rb +15 -4
  46. data/lib/puppet/http/service/compiler.rb +69 -0
  47. data/lib/puppet/http/service/file_server.rb +2 -1
  48. data/lib/puppet/indirector/catalog/compiler.rb +1 -0
  49. data/lib/puppet/indirector/facts/facter.rb +24 -3
  50. data/lib/puppet/indirector/file_metadata/rest.rb +1 -0
  51. data/lib/puppet/indirector/resource/ral.rb +6 -1
  52. data/lib/puppet/interface/documentation.rb +1 -0
  53. data/lib/puppet/module_tool/applications/installer.rb +4 -0
  54. data/lib/puppet/module_tool/errors/shared.rb +17 -0
  55. data/lib/puppet/network/formats.rb +67 -0
  56. data/lib/puppet/network/http/factory.rb +4 -0
  57. data/lib/puppet/parser/functions/fqdn_rand.rb +14 -6
  58. data/lib/puppet/pops/types/p_sem_ver_type.rb +8 -2
  59. data/lib/puppet/pops/types/p_sensitive_type.rb +10 -0
  60. data/lib/puppet/pops/types/type_mismatch_describer.rb +1 -1
  61. data/lib/puppet/provider/exec/posix.rb +16 -4
  62. data/lib/puppet/provider/package/dnfmodule.rb +1 -1
  63. data/lib/puppet/provider/package/nim.rb +11 -6
  64. data/lib/puppet/provider/package/pip.rb +15 -3
  65. data/lib/puppet/provider/parsedfile.rb +3 -0
  66. data/lib/puppet/provider/service/systemd.rb +14 -4
  67. data/lib/puppet/provider/service/windows.rb +38 -0
  68. data/lib/puppet/provider/user/directoryservice.rb +25 -12
  69. data/lib/puppet/provider/user/useradd.rb +9 -2
  70. data/lib/puppet/reference/configuration.rb +1 -1
  71. data/lib/puppet/settings.rb +30 -7
  72. data/lib/puppet/settings/environment_conf.rb +1 -0
  73. data/lib/puppet/transaction/additional_resource_generator.rb +1 -1
  74. data/lib/puppet/type/exec.rb +16 -3
  75. data/lib/puppet/type/file.rb +19 -1
  76. data/lib/puppet/type/file/mode.rb +6 -0
  77. data/lib/puppet/type/file/selcontext.rb +1 -1
  78. data/lib/puppet/type/service.rb +18 -38
  79. data/lib/puppet/type/tidy.rb +22 -3
  80. data/lib/puppet/type/user.rb +38 -20
  81. data/lib/puppet/util/fact_dif.rb +36 -17
  82. data/lib/puppet/util/monkey_patches.rb +7 -0
  83. data/lib/puppet/util/selinux.rb +30 -4
  84. data/lib/puppet/util/symbolic_file_mode.rb +29 -17
  85. data/lib/puppet/util/windows/adsi.rb +46 -0
  86. data/lib/puppet/util/windows/api_types.rb +1 -1
  87. data/lib/puppet/util/windows/principal.rb +9 -2
  88. data/lib/puppet/util/windows/sid.rb +6 -2
  89. data/lib/puppet/version.rb +1 -1
  90. data/locales/puppet.pot +360 -280
  91. data/man/man5/puppet.conf.5 +279 -251
  92. data/man/man8/puppet-agent.8 +1 -1
  93. data/man/man8/puppet-apply.8 +1 -1
  94. data/man/man8/puppet-catalog.8 +9 -9
  95. data/man/man8/puppet-config.8 +1 -1
  96. data/man/man8/puppet-describe.8 +1 -1
  97. data/man/man8/puppet-device.8 +1 -1
  98. data/man/man8/puppet-doc.8 +1 -1
  99. data/man/man8/puppet-epp.8 +1 -1
  100. data/man/man8/puppet-facts.8 +65 -7
  101. data/man/man8/puppet-filebucket.8 +1 -1
  102. data/man/man8/puppet-generate.8 +1 -1
  103. data/man/man8/puppet-help.8 +1 -1
  104. data/man/man8/puppet-key.8 +7 -7
  105. data/man/man8/puppet-lookup.8 +1 -1
  106. data/man/man8/puppet-man.8 +1 -1
  107. data/man/man8/puppet-module.8 +1 -1
  108. data/man/man8/puppet-node.8 +5 -5
  109. data/man/man8/puppet-parser.8 +1 -1
  110. data/man/man8/puppet-plugin.8 +1 -1
  111. data/man/man8/puppet-report.8 +5 -5
  112. data/man/man8/puppet-resource.8 +1 -1
  113. data/man/man8/puppet-script.8 +1 -1
  114. data/man/man8/puppet-ssl.8 +5 -1
  115. data/man/man8/puppet-status.8 +4 -4
  116. data/man/man8/puppet.8 +2 -2
  117. data/spec/fixtures/ssl/127.0.0.1-key.pem +107 -57
  118. data/spec/fixtures/ssl/127.0.0.1.pem +52 -31
  119. data/spec/fixtures/ssl/bad-basic-constraints.pem +57 -35
  120. data/spec/fixtures/ssl/bad-int-basic-constraints.pem +57 -35
  121. data/spec/fixtures/ssl/ca.pem +57 -35
  122. data/spec/fixtures/ssl/crl.pem +28 -18
  123. data/spec/fixtures/ssl/ec-key.pem +11 -11
  124. data/spec/fixtures/ssl/ec.pem +33 -24
  125. data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
  126. data/spec/fixtures/ssl/encrypted-key.pem +108 -58
  127. data/spec/fixtures/ssl/intermediate-agent-crl.pem +28 -19
  128. data/spec/fixtures/ssl/intermediate-agent.pem +57 -36
  129. data/spec/fixtures/ssl/intermediate-crl.pem +31 -21
  130. data/spec/fixtures/ssl/intermediate.pem +57 -36
  131. data/spec/fixtures/ssl/oid-key.pem +117 -0
  132. data/spec/fixtures/ssl/oid.pem +69 -0
  133. data/spec/fixtures/ssl/pluto-key.pem +107 -57
  134. data/spec/fixtures/ssl/pluto.pem +52 -30
  135. data/spec/fixtures/ssl/request-key.pem +107 -57
  136. data/spec/fixtures/ssl/request.pem +47 -26
  137. data/spec/fixtures/ssl/revoked-key.pem +107 -57
  138. data/spec/fixtures/ssl/revoked.pem +52 -30
  139. data/spec/fixtures/ssl/signed-key.pem +107 -57
  140. data/spec/fixtures/ssl/signed.pem +52 -30
  141. data/spec/fixtures/ssl/tampered-cert.pem +52 -30
  142. data/spec/fixtures/ssl/tampered-csr.pem +47 -26
  143. data/spec/fixtures/ssl/trusted_oid_mapping.yaml +5 -0
  144. data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +107 -57
  145. data/spec/fixtures/ssl/unknown-127.0.0.1.pem +50 -29
  146. data/spec/fixtures/ssl/unknown-ca-key.pem +107 -57
  147. data/spec/fixtures/ssl/unknown-ca.pem +55 -33
  148. data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services_vendor_preset +9 -0
  149. data/spec/integration/application/filebucket_spec.rb +11 -0
  150. data/spec/integration/application/module_spec.rb +21 -0
  151. data/spec/integration/application/plugin_spec.rb +1 -1
  152. data/spec/integration/application/resource_spec.rb +64 -0
  153. data/spec/integration/application/ssl_spec.rb +20 -0
  154. data/spec/integration/environments/settings_interpolation_spec.rb +0 -4
  155. data/spec/integration/http/client_spec.rb +12 -0
  156. data/spec/integration/indirector/direct_file_server_spec.rb +1 -3
  157. data/spec/integration/indirector/facts/facter_spec.rb +90 -36
  158. data/spec/integration/type/exec_spec.rb +70 -45
  159. data/spec/integration/util/windows/adsi_spec.rb +18 -0
  160. data/spec/integration/util/windows/principal_spec.rb +21 -0
  161. data/spec/integration/util/windows/registry_spec.rb +6 -0
  162. data/spec/lib/puppet/test_ca.rb +7 -2
  163. data/spec/lib/puppet_spec/settings.rb +1 -0
  164. data/spec/spec_helper.rb +11 -1
  165. data/spec/unit/application/agent_spec.rb +7 -2
  166. data/spec/unit/application/facts_spec.rb +482 -3
  167. data/spec/unit/application/ssl_spec.rb +23 -0
  168. data/spec/unit/configurer/downloader_spec.rb +6 -0
  169. data/spec/unit/configurer_spec.rb +23 -0
  170. data/spec/unit/defaults_spec.rb +16 -0
  171. data/spec/unit/environments_spec.rb +199 -88
  172. data/spec/unit/face/facts_spec.rb +4 -0
  173. data/spec/unit/file_serving/fileset_spec.rb +60 -0
  174. data/spec/unit/file_system_spec.rb +15 -0
  175. data/spec/unit/functions/assert_type_spec.rb +1 -1
  176. data/spec/unit/functions/empty_spec.rb +10 -0
  177. data/spec/unit/functions/unwrap_spec.rb +8 -0
  178. data/spec/unit/functions4_spec.rb +2 -2
  179. data/spec/unit/gettext/config_spec.rb +12 -0
  180. data/spec/unit/http/service/compiler_spec.rb +123 -0
  181. data/spec/unit/indirector/catalog/compiler_spec.rb +14 -10
  182. data/spec/unit/indirector/facts/facter_spec.rb +95 -0
  183. data/spec/unit/indirector/resource/ral_spec.rb +40 -75
  184. data/spec/unit/module_tool/applications/installer_spec.rb +12 -0
  185. data/spec/unit/network/formats_spec.rb +41 -0
  186. data/spec/unit/network/http/factory_spec.rb +19 -0
  187. data/spec/unit/parser/functions/fqdn_rand_spec.rb +15 -1
  188. data/spec/unit/parser/templatewrapper_spec.rb +12 -2
  189. data/spec/unit/pops/types/p_sem_ver_type_spec.rb +18 -0
  190. data/spec/unit/pops/types/p_sensitive_type_spec.rb +18 -0
  191. data/spec/unit/provider/package/dnfmodule_spec.rb +10 -1
  192. data/spec/unit/provider/package/nim_spec.rb +42 -0
  193. data/spec/unit/provider/package/pip_spec.rb +37 -0
  194. data/spec/unit/provider/parsedfile_spec.rb +10 -0
  195. data/spec/unit/provider/service/init_spec.rb +1 -0
  196. data/spec/unit/provider/service/openwrt_spec.rb +3 -1
  197. data/spec/unit/provider/service/systemd_spec.rb +53 -8
  198. data/spec/unit/provider/service/windows_spec.rb +202 -0
  199. data/spec/unit/provider/user/directoryservice_spec.rb +67 -35
  200. data/spec/unit/provider/user/useradd_spec.rb +21 -6
  201. data/spec/unit/resource/catalog_spec.rb +1 -1
  202. data/spec/unit/settings_spec.rb +97 -56
  203. data/spec/unit/ssl/state_machine_spec.rb +19 -5
  204. data/spec/unit/transaction/additional_resource_generator_spec.rb +0 -2
  205. data/spec/unit/transaction_spec.rb +18 -20
  206. data/spec/unit/type/exec_spec.rb +76 -29
  207. data/spec/unit/type/file/selinux_spec.rb +3 -3
  208. data/spec/unit/type/file/source_spec.rb +4 -4
  209. data/spec/unit/type/service_spec.rb +59 -188
  210. data/spec/unit/type/tidy_spec.rb +24 -7
  211. data/spec/unit/type/user_spec.rb +45 -0
  212. data/spec/unit/util/selinux_spec.rb +87 -16
  213. data/spec/unit/util/windows/sid_spec.rb +41 -0
  214. data/tasks/generate_cert_fixtures.rake +12 -3
  215. metadata +24 -9
  216. data/spec/lib/matchers/include.rb +0 -27
  217. data/spec/lib/matchers/include_spec.rb +0 -32
@@ -104,7 +104,14 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
104
104
 
105
105
  def localgid
106
106
  user = finduser(:account, resource[:name])
107
- return user[:gid] if user
107
+ if user
108
+ begin
109
+ return Integer(user[:gid])
110
+ rescue ArgumentError
111
+ Puppet.debug("Non-numeric GID found in /etc/passwd for user #{resource[:name]}")
112
+ return user[:gid]
113
+ end
114
+ end
108
115
  false
109
116
  end
110
117
 
@@ -128,7 +135,7 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
128
135
 
129
136
  Puppet::FileSystem.each_line(group_file) do |line|
130
137
  data = line.chomp.split(':')
131
- if data.last.split(',').include?(user)
138
+ if !data.empty? && data.last.split(',').include?(user)
132
139
  @groups_of[user] << data.first
133
140
  end
134
141
  end
@@ -41,7 +41,7 @@ config = Puppet::Util::Reference.newreference(:configuration, :depth => 1, :doc
41
41
  # Leave out the section information; it was apparently confusing people.
42
42
  #str << "- **Section**: #{object.section}\n"
43
43
  unless val == ""
44
- str << "- *Default*: #{val}\n"
44
+ str << "- *Default*: `#{val}`\n"
45
45
  end
46
46
  str << "\n"
47
47
  end
@@ -862,7 +862,11 @@ class Puppet::Settings
862
862
  if self[:user]
863
863
  user = Puppet::Type.type(:user).new :name => self[:user], :audit => :ensure
864
864
 
865
- @service_user_available = user.exists?
865
+ if user.suitable?
866
+ @service_user_available = user.exists?
867
+ else
868
+ raise Puppet::Error, (_("Cannot manage owner permissions, because the provider for '%{name}' is not functional") % { name: user })
869
+ end
866
870
  else
867
871
  @service_user_available = false
868
872
  end
@@ -874,7 +878,11 @@ class Puppet::Settings
874
878
  if self[:group]
875
879
  group = Puppet::Type.type(:group).new :name => self[:group], :audit => :ensure
876
880
 
877
- @service_group_available = group.exists?
881
+ if group.suitable?
882
+ @service_group_available = group.exists?
883
+ else
884
+ raise Puppet::Error, (_("Cannot manage group permissions, because the provider for '%{name}' is not functional") % { name: group })
885
+ end
878
886
  else
879
887
  @service_group_available = false
880
888
  end
@@ -883,9 +891,16 @@ class Puppet::Settings
883
891
  # Allow later inspection to determine if the setting was set on the
884
892
  # command line, or through some other code path. Used for the
885
893
  # `dns_alt_names` option during cert generate. --daniel 2011-10-18
886
- def set_by_cli?(param)
894
+ #
895
+ # @param param [String, Symbol] the setting to look up
896
+ # @return [Object, nil] the value of the setting or nil if unset
897
+ def set_by_cli(param)
887
898
  param = param.to_sym
888
- !@value_sets[:cli].lookup(param).nil?
899
+ @value_sets[:cli].lookup(param)
900
+ end
901
+
902
+ def set_by_cli?(param)
903
+ !!set_by_cli(param)
889
904
  end
890
905
 
891
906
  # Get values from a search path entry.
@@ -918,9 +933,13 @@ class Puppet::Settings
918
933
  end
919
934
  end
920
935
 
921
- # Allow later inspection to determine if the setting was set by user
922
- # config, rather than a default setting.
923
- def set_in_section?(param, section)
936
+ # Allow later inspection to determine if the setting was set in a specific
937
+ # section
938
+ #
939
+ # @param param [String, Symbol] the setting to look up
940
+ # @param section [Symbol] the section in which to look up the setting
941
+ # @return [Object, nil] the value of the setting or nil if unset
942
+ def set_in_section(param, section)
924
943
  param = param.to_sym
925
944
  vals = searchpath_values(SearchPathElement.new(section, :section))
926
945
  if vals
@@ -928,6 +947,10 @@ class Puppet::Settings
928
947
  end
929
948
  end
930
949
 
950
+ def set_in_section?(param, section)
951
+ !!set_in_section(param, section)
952
+ end
953
+
931
954
  # Patches the value for a param in a section.
932
955
  # This method is required to support the use case of unifying --dns-alt-names and
933
956
  # --dns_alt_names in the certificate face. Ideally this should be cleaned up.
@@ -29,6 +29,7 @@ class Puppet::Settings::EnvironmentConf
29
29
  section = config.sections[:main]
30
30
  rescue Errno::ENOENT
31
31
  # environment.conf is an optional file
32
+ Puppet.debug { "Path to #{path_to_env} does not exist, using default environment.conf" }
32
33
  end
33
34
 
34
35
  new(path_to_env, section, global_module_path)
@@ -137,7 +137,7 @@ class Puppet::Transaction::AdditionalResourceGenerator
137
137
  else
138
138
  @catalog.add_resource_after(parent_resource, res)
139
139
  end
140
- @catalog.add_edge(@catalog.container_of(parent_resource), res)
140
+ @catalog.add_edge(@catalog.container_of(parent_resource), res) if @catalog.container_of(parent_resource)
141
141
  if @relationship_graph && priority
142
142
  # If we have a relationship_graph we should add the resource
143
143
  # to it (this is an eval_generate). If we don't, then the
@@ -201,7 +201,9 @@ module Puppet
201
201
  only uses the resource title to ensure `exec`s are unique."
202
202
 
203
203
  validate do |command|
204
- raise ArgumentError, _("Command must be a String, got value of class %{klass}") % { klass: command.class } unless command.is_a? String
204
+ unless command.is_a?(String) || command.is_a?(Array)
205
+ raise ArgumentError, _("Command must be a String or Array<String>, got value of class %{klass}") % { klass: command.class }
206
+ end
205
207
  end
206
208
  end
207
209
 
@@ -458,6 +460,10 @@ module Puppet
458
460
 
459
461
  unless => ['test -f /tmp/file1', 'test -f /tmp/file2'],
460
462
 
463
+ or an array of arrays. For example:
464
+
465
+ unless => [['test', '-f', '/tmp/file1'], 'test -f /tmp/file2']
466
+
461
467
  This `exec` would only run if every command in the array has a
462
468
  non-zero exit code.
463
469
  EOT
@@ -514,6 +520,10 @@ module Puppet
514
520
 
515
521
  onlyif => ['test -f /tmp/file1', 'test -f /tmp/file2'],
516
522
 
523
+ or an array of arrays. For example:
524
+
525
+ onlyif => [['test', '-f', '/tmp/file1'], 'test -f /tmp/file2']
526
+
517
527
  This `exec` would only run if every command in the array has an
518
528
  exit code of 0 (success).
519
529
  EOT
@@ -562,12 +572,14 @@ module Puppet
562
572
  reqs << self[:cwd] if self[:cwd]
563
573
 
564
574
  file_regex = Puppet::Util::Platform.windows? ? %r{^([a-zA-Z]:[\\/]\S+)} : %r{^(/\S+)}
575
+ cmd = self[:command]
576
+ cmd = cmd[0] if cmd.is_a? Array
565
577
 
566
- self[:command].scan(file_regex) { |str|
578
+ cmd.scan(file_regex) { |str|
567
579
  reqs << str
568
580
  }
569
581
 
570
- self[:command].scan(/^"([^"]+)"/) { |str|
582
+ cmd.scan(/^"([^"]+)"/) { |str|
571
583
  reqs << str
572
584
  }
573
585
 
@@ -583,6 +595,7 @@ module Puppet
583
595
  # fully qualified. It might not be a bad idea to add
584
596
  # unqualified files, but, well, that's a bit more annoying
585
597
  # to do.
598
+ line = line[0] if line.is_a? Array
586
599
  reqs += line.scan(file_regex)
587
600
  end
588
601
  }
@@ -220,6 +220,23 @@ Puppet::Type.newtype(:file) do
220
220
  end
221
221
  end
222
222
 
223
+ newparam(:max_files) do
224
+ desc "In case the resource is a directory and the recursion is enabled, puppet will
225
+ generate a new resource for each file file found, possible leading to
226
+ an excessive number of resources generated without any control.
227
+
228
+ Setting `max_files` will check the number of file resources that
229
+ will eventually be created and will raise a resource argument error if the
230
+ limit will be exceeded.
231
+
232
+ Use value `0` to log a warning instead of raising an error.
233
+
234
+ Use value `-1` to disable errors and warnings due to max files."
235
+
236
+ defaultto 0
237
+ newvalues(/^[0-9]+$/, /^-1$/)
238
+ end
239
+
223
240
  newparam(:replace, :boolean => true, :parent => Puppet::Parameter::Boolean) do
224
241
  desc "Whether to replace a file or symlink that already exists on the local system but
225
242
  whose content doesn't match what the `source` or `content` attribute
@@ -576,7 +593,7 @@ Puppet::Type.newtype(:file) do
576
593
  options = @original_parameters.merge(:path => full_path).reject { |param, value| value.nil? }
577
594
 
578
595
  # These should never be passed to our children.
579
- [:parent, :ensure, :recurse, :recurselimit, :target, :alias, :source].each do |param|
596
+ [:parent, :ensure, :recurse, :recurselimit, :max_files, :target, :alias, :source].each do |param|
580
597
  options.delete(param) if options.include?(param)
581
598
  end
582
599
 
@@ -753,6 +770,7 @@ Puppet::Type.newtype(:file) do
753
770
  :links => self[:links],
754
771
  :recurse => (self[:recurse] == :remote ? true : self[:recurse]),
755
772
  :recurselimit => self[:recurselimit],
773
+ :max_files => self[:max_files],
756
774
  :source_permissions => self[:source_permissions],
757
775
  :ignore => self[:ignore],
758
776
  :checksum_type => (self[:source] || self[:content]) ? self[:checksum] : :none,
@@ -90,9 +90,15 @@ module Puppet
90
90
  raise Puppet::Error, "The file mode specification is invalid: #{value.inspect}"
91
91
  end
92
92
 
93
+ # normalizes to symbolic form, e.g. u+a, an octal string without leading 0
93
94
  normalize_symbolic_mode(value)
94
95
  end
95
96
 
97
+ unmunge do |value|
98
+ # return symbolic form or octal string *with* leading 0's
99
+ display_mode(value) if value
100
+ end
101
+
96
102
  def desired_mode_from_current(desired, current)
97
103
  current = current.to_i(8) if current.is_a? String
98
104
  is_a_directory = @resource.stat && @resource.stat.directory?
@@ -42,7 +42,7 @@ module Puppet
42
42
  return nil
43
43
  end
44
44
 
45
- context = self.get_selinux_default_context(@resource[:path])
45
+ context = self.get_selinux_default_context(@resource[:path], @resource[:ensure])
46
46
  unless context
47
47
  return nil
48
48
  end
@@ -38,6 +38,12 @@ module Puppet
38
38
  feature :enableable, "The provider can enable and disable the service.",
39
39
  :methods => [:disable, :enable, :enabled?]
40
40
 
41
+ feature :delayed_startable, "The provider can set service to delayed start",
42
+ :methods => [:delayed_start]
43
+
44
+ feature :manual_startable, "The provider can set service to manual start",
45
+ :methods => [:manual_start]
46
+
41
47
  feature :controllable, "The provider uses a control variable."
42
48
 
43
49
  feature :flaggable, "The provider can pass flags to the service."
@@ -67,7 +73,7 @@ module Puppet
67
73
  provider.disable
68
74
  end
69
75
 
70
- newvalue(:manual, :event => :service_manual_start) do
76
+ newvalue(:manual, :event => :service_manual_start, :required_features => :manual_startable) do
71
77
  provider.manual_start
72
78
  end
73
79
 
@@ -81,8 +87,7 @@ module Puppet
81
87
  provider.enabled?
82
88
  end
83
89
 
84
- # This only works on Windows systems.
85
- newvalue(:delayed, :event => :service_delayed_start) do
90
+ newvalue(:delayed, :event => :service_delayed_start, :required_features => :delayed_startable) do
86
91
  provider.delayed_start
87
92
  end
88
93
 
@@ -90,12 +95,6 @@ module Puppet
90
95
  return provider.enabled_insync?(current) if provider.respond_to?(:enabled_insync?)
91
96
  super(current)
92
97
  end
93
-
94
- validate do |value|
95
- if (value == :manual || value == :delayed) && !Puppet::Util::Platform.windows?
96
- raise Puppet::Error.new(_("Setting enable to %{value} is only supported on Microsoft Windows.") % { value: value.to_s} )
97
- end
98
- end
99
98
  end
100
99
 
101
100
  # Handle whether the service should actually be running right now.
@@ -139,23 +138,9 @@ module Puppet
139
138
  newproperty(:logonaccount, :required_features => :manages_logon_credentials) do
140
139
  desc "Specify an account for service logon"
141
140
 
142
- munge do |value|
143
- return value unless Puppet::Util::Platform.windows?
144
- return 'LocalSystem' if Puppet::Util::Windows::User::localsystem?(value)
145
-
146
- value.sub!(/^\.\\/, "#{Puppet::Util::Windows::ADSI.computer_name}\\")
147
- user_information = Puppet::Util::Windows::SID.name_to_principal(value)
148
- raise Puppet::Error.new("\"#{value}\" is not a valid account") unless user_information && [:SidTypeUser, :SidTypeWellKnownGroup].include?(user_information.account_type)
149
-
150
- user_rights = Puppet::Util::Windows::User::get_rights(user_information.domain_account) unless Puppet::Util::Windows::User::default_system_account?(value)
151
- raise Puppet::Error.new("\"#{user_information.domain_account}\" has the 'Log On As A Service' right set to denied.") if user_rights =~ /SeDenyServiceLogonRight/
152
- raise Puppet::Error.new("\"#{user_information.domain_account}\" is missing the 'Log On As A Service' right.") unless user_rights.nil? || user_rights =~ /SeServiceLogonRight/
153
-
154
- if user_information.domain == Puppet::Util::Windows::ADSI.computer_name
155
- ".\\#{user_information.account}"
156
- else
157
- user_information.domain_account
158
- end
141
+ def insync?(current)
142
+ return provider.logonaccount_insync?(current) if provider.respond_to?(:logonaccount_insync?)
143
+ super(current)
159
144
  end
160
145
  end
161
146
 
@@ -163,18 +148,7 @@ module Puppet
163
148
  desc "Specify a password for service logon. Default value is an empty string (when logonaccount is specified)."
164
149
 
165
150
  validate do |value|
166
- raise Puppet::Error.new(_"The 'logonaccount' parameter is mandatory when setting 'logonpassword'.") unless @resource[:logonaccount]
167
- raise ArgumentError, _("Passwords cannot include ':'") if value.is_a?(String) and value.include?(":")
168
- return unless Puppet::Util::Platform.windows?
169
-
170
- is_a_predefined_local_account = Puppet::Util::Windows::User::default_system_account?(@resource[:logonaccount]) || @resource[:logonaccount] == 'LocalSystem'
171
-
172
- account_info = @resource[:logonaccount].split("\\")
173
- able_to_logon = Puppet::Util::Windows::User.password_is?(account_info[1], value, account_info[0]) unless is_a_predefined_local_account
174
-
175
- raise Puppet::Error.new("The given password is invalid for user '#{@resource[:logonaccount]}'.") unless is_a_predefined_local_account || able_to_logon
176
-
177
- provider.logonpassword=(value)
151
+ raise ArgumentError, _("Passwords cannot include ':'") if value.is_a?(String) && value.include?(":")
178
152
  end
179
153
 
180
154
  sensitive true
@@ -320,5 +294,11 @@ module Puppet
320
294
  def self.needs_ensure_retrieved
321
295
  false
322
296
  end
297
+
298
+ validate do
299
+ if @parameters[:logonpassword] && @parameters[:logonaccount].nil?
300
+ raise Puppet::Error.new(_"The 'logonaccount' parameter is mandatory when setting 'logonpassword'.")
301
+ end
302
+ end
323
303
  end
324
304
  end
@@ -50,6 +50,22 @@ Puppet::Type.newtype(:tidy) do
50
50
  end
51
51
  end
52
52
 
53
+ newparam(:max_files) do
54
+ desc "In case the resource is a directory and the recursion is enabled, puppet will
55
+ generate a new resource for each file file found, possible leading to
56
+ an excessive number of resources generated without any control.
57
+
58
+ Setting `max_files` will check the number of file resources that
59
+ will eventually be created and will raise a resource argument error if the
60
+ limit will be exceeded.
61
+
62
+ Use value `0` to disable the check. In this case, a warning is logged if
63
+ the number of files exceeds 1000."
64
+
65
+ defaultto 0
66
+ newvalues(/^[0-9]+$/)
67
+ end
68
+
53
69
  newparam(:matches) do
54
70
  desc <<-'EOT'
55
71
  One or more (shell type) file glob patterns, which restrict
@@ -128,7 +144,7 @@ Puppet::Type.newtype(:tidy) do
128
144
 
129
145
  def tidy?(path, stat)
130
146
  # If the file's older than we allow, we should get rid of it.
131
- (Time.now.to_i - stat.send(resource[:type]).to_i) > value
147
+ (Time.now.to_i - stat.send(resource[:type]).to_i) >= value
132
148
  end
133
149
 
134
150
  munge do |age|
@@ -256,9 +272,12 @@ Puppet::Type.newtype(:tidy) do
256
272
 
257
273
  case self[:recurse]
258
274
  when Integer, /^\d+$/
259
- parameter = { :recurse => true, :recurselimit => self[:recurse] }
275
+ parameter = { :max_files => self[:max_files],
276
+ :recurse => true,
277
+ :recurselimit => self[:recurse] }
260
278
  when true, :true, :inf
261
- parameter = { :recurse => true }
279
+ parameter = { :max_files => self[:max_files],
280
+ :recurse => true }
262
281
  end
263
282
 
264
283
  if parameter
@@ -67,6 +67,7 @@ module Puppet
67
67
  newproperty(:ensure, :parent => Puppet::Property::Ensure) do
68
68
  newvalue(:present, :event => :user_created) do
69
69
  provider.create
70
+ @resource.generate
70
71
  end
71
72
 
72
73
  newvalue(:absent, :event => :user_removed) do
@@ -695,6 +696,7 @@ module Puppet
695
696
 
696
697
  def generate
697
698
  if !self[:purge_ssh_keys].empty?
699
+ return [] if self[:ensure] == :present && !provider.exists?
698
700
  if Puppet::Type.type(:ssh_authorized_key).nil?
699
701
  warning _("Ssh_authorized_key type is not available. Cannot purge SSH keys.")
700
702
  else
@@ -743,25 +745,6 @@ module Puppet
743
745
  end
744
746
  raise ArgumentError, _("purge_ssh_keys must be true, false, or an array of file names, not %{value}") % { value: value.inspect }
745
747
  end
746
-
747
- munge do |value|
748
- # Resolve string, boolean and symbol forms of true and false to a
749
- # single representation.
750
- test_sym = value.to_s.intern
751
- value = test_sym if [:true, :false].include? test_sym
752
-
753
- return [] if value == :false
754
- home = resource[:home] || Dir.home(resource[:name])
755
-
756
- return [ "#{home}/.ssh/authorized_keys" ] if value == :true
757
- # value is an array - munge each value
758
- [ value ].flatten.map do |entry|
759
- # make sure frozen value is duplicated by using a gsub, second mutating gsub! is then ok
760
- entry = entry.gsub(/^~\//, "#{home}/")
761
- entry.gsub!(/^%h\//, "#{home}/")
762
- entry
763
- end
764
- end
765
748
  end
766
749
 
767
750
  newproperty(:loginclass, :required_features => :manages_loginclass) do
@@ -783,7 +766,7 @@ module Puppet
783
766
  # @see generate
784
767
  # @api private
785
768
  def find_unmanaged_keys
786
- self[:purge_ssh_keys].
769
+ munged_unmanaged_keys.
787
770
  select { |f| File.readable?(f) }.
788
771
  map { |f| unknown_keys_in_file(f) }.
789
772
  flatten.each do |res|
@@ -795,6 +778,41 @@ module Puppet
795
778
  end
796
779
  end
797
780
 
781
+ def munged_unmanaged_keys
782
+ value = self[:purge_ssh_keys]
783
+
784
+ # Resolve string, boolean and symbol forms of true and false to a
785
+ # single representation.
786
+ test_sym = value.to_s.intern
787
+ value = test_sym if [:true, :false].include? test_sym
788
+
789
+ return [] if value == :false
790
+
791
+ home = self[:home]
792
+ begin
793
+ home ||= provider.home
794
+ rescue
795
+ Puppet.debug("User '#{self[:name]}' does not exist")
796
+ end
797
+
798
+ if home.to_s.empty? || !Dir.exist?(home.to_s)
799
+ if value == :true || [ value ].flatten.any? { |v| v.start_with?('~/', '%h/') }
800
+ Puppet.debug("User '#{self[:name]}' has no home directory set to purge ssh keys from.")
801
+ return []
802
+ end
803
+ end
804
+
805
+ return [ "#{home}/.ssh/authorized_keys" ] if value == :true
806
+
807
+ # value is an array - munge each value
808
+ [ value ].flatten.map do |entry|
809
+ # make sure frozen value is duplicated by using a gsub, second mutating gsub! is then ok
810
+ entry = entry.gsub(/^~\//, "#{home}/")
811
+ entry.gsub!(/^%h\//, "#{home}/")
812
+ entry
813
+ end
814
+ end
815
+
798
816
  # Parse an ssh authorized keys file superficially, extract the comments
799
817
  # on the keys. These are considered names of possible ssh_authorized_keys
800
818
  # resources. Keys that are managed by the present catalog are ignored.