puppet 6.21.0-x86-mingw32 → 6.24.0-x86-mingw32
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CONTRIBUTING.md +5 -5
- data/Gemfile +1 -1
- data/Gemfile.lock +29 -23
- data/README.md +4 -4
- data/ext/osx/puppet.plist +2 -0
- data/ext/project_data.yaml +3 -2
- data/lib/puppet.rb +3 -3
- data/lib/puppet/application/agent.rb +12 -5
- data/lib/puppet/application/apply.rb +2 -1
- data/lib/puppet/application/device.rb +2 -1
- data/lib/puppet/application/filebucket.rb +1 -0
- data/lib/puppet/application/resource.rb +17 -3
- data/lib/puppet/application/script.rb +2 -1
- data/lib/puppet/application/ssl.rb +12 -0
- data/lib/puppet/configurer/downloader.rb +2 -1
- data/lib/puppet/defaults.rb +27 -5
- data/lib/puppet/environments.rb +26 -1
- data/lib/puppet/face/facts.rb +128 -30
- data/lib/puppet/face/help/action.erb +1 -0
- data/lib/puppet/face/help/face.erb +1 -0
- data/lib/puppet/face/node/clean.rb +11 -0
- data/lib/puppet/file_serving/fileset.rb +14 -2
- data/lib/puppet/file_system/file_impl.rb +1 -1
- data/lib/puppet/file_system/memory_file.rb +8 -1
- data/lib/puppet/file_system/windows.rb +4 -2
- data/lib/puppet/forge.rb +3 -3
- data/lib/puppet/functions/all.rb +1 -1
- data/lib/puppet/functions/camelcase.rb +1 -1
- data/lib/puppet/functions/capitalize.rb +2 -2
- data/lib/puppet/functions/downcase.rb +2 -2
- data/lib/puppet/functions/empty.rb +8 -0
- data/lib/puppet/functions/get.rb +5 -5
- data/lib/puppet/functions/group_by.rb +13 -5
- data/lib/puppet/functions/lest.rb +1 -1
- data/lib/puppet/functions/new.rb +100 -100
- data/lib/puppet/functions/partition.rb +12 -4
- data/lib/puppet/functions/require.rb +5 -5
- data/lib/puppet/functions/sort.rb +3 -3
- data/lib/puppet/functions/strftime.rb +1 -0
- data/lib/puppet/functions/tree_each.rb +7 -9
- data/lib/puppet/functions/type.rb +4 -4
- data/lib/puppet/functions/unwrap.rb +17 -2
- data/lib/puppet/functions/upcase.rb +2 -2
- data/lib/puppet/http/resolver/server_list.rb +15 -4
- data/lib/puppet/http/service/compiler.rb +69 -0
- data/lib/puppet/http/service/file_server.rb +2 -1
- data/lib/puppet/indirector/catalog/compiler.rb +1 -0
- data/lib/puppet/indirector/facts/facter.rb +24 -3
- data/lib/puppet/indirector/file_metadata/rest.rb +1 -0
- data/lib/puppet/indirector/resource/ral.rb +6 -1
- data/lib/puppet/interface/documentation.rb +1 -0
- data/lib/puppet/module_tool/applications/installer.rb +4 -0
- data/lib/puppet/module_tool/errors/shared.rb +17 -0
- data/lib/puppet/network/formats.rb +67 -0
- data/lib/puppet/network/http/factory.rb +4 -0
- data/lib/puppet/parser/functions/fqdn_rand.rb +14 -6
- data/lib/puppet/pops/types/p_sem_ver_type.rb +8 -2
- data/lib/puppet/pops/types/p_sensitive_type.rb +10 -0
- data/lib/puppet/pops/types/type_mismatch_describer.rb +1 -1
- data/lib/puppet/provider/exec/posix.rb +16 -4
- data/lib/puppet/provider/package/dnfmodule.rb +1 -1
- data/lib/puppet/provider/package/nim.rb +11 -6
- data/lib/puppet/provider/package/pip.rb +15 -3
- data/lib/puppet/provider/parsedfile.rb +3 -0
- data/lib/puppet/provider/service/systemd.rb +14 -4
- data/lib/puppet/provider/service/windows.rb +38 -0
- data/lib/puppet/provider/user/directoryservice.rb +25 -12
- data/lib/puppet/provider/user/useradd.rb +9 -2
- data/lib/puppet/reference/configuration.rb +1 -1
- data/lib/puppet/settings.rb +30 -7
- data/lib/puppet/settings/environment_conf.rb +1 -0
- data/lib/puppet/transaction/additional_resource_generator.rb +1 -1
- data/lib/puppet/type/exec.rb +16 -3
- data/lib/puppet/type/file.rb +19 -1
- data/lib/puppet/type/file/mode.rb +6 -0
- data/lib/puppet/type/file/selcontext.rb +1 -1
- data/lib/puppet/type/service.rb +18 -38
- data/lib/puppet/type/tidy.rb +22 -3
- data/lib/puppet/type/user.rb +38 -20
- data/lib/puppet/util/fact_dif.rb +36 -17
- data/lib/puppet/util/monkey_patches.rb +7 -0
- data/lib/puppet/util/selinux.rb +30 -4
- data/lib/puppet/util/symbolic_file_mode.rb +29 -17
- data/lib/puppet/util/windows/adsi.rb +46 -0
- data/lib/puppet/util/windows/api_types.rb +1 -1
- data/lib/puppet/util/windows/principal.rb +9 -2
- data/lib/puppet/util/windows/sid.rb +6 -2
- data/lib/puppet/version.rb +1 -1
- data/locales/puppet.pot +360 -280
- data/man/man5/puppet.conf.5 +279 -251
- data/man/man8/puppet-agent.8 +1 -1
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +9 -9
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +65 -7
- data/man/man8/puppet-filebucket.8 +1 -1
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-key.8 +7 -7
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-man.8 +1 -1
- data/man/man8/puppet-module.8 +1 -1
- data/man/man8/puppet-node.8 +5 -5
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +5 -5
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +5 -1
- data/man/man8/puppet-status.8 +4 -4
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/ssl/127.0.0.1-key.pem +107 -57
- data/spec/fixtures/ssl/127.0.0.1.pem +52 -31
- data/spec/fixtures/ssl/bad-basic-constraints.pem +57 -35
- data/spec/fixtures/ssl/bad-int-basic-constraints.pem +57 -35
- data/spec/fixtures/ssl/ca.pem +57 -35
- data/spec/fixtures/ssl/crl.pem +28 -18
- data/spec/fixtures/ssl/ec-key.pem +11 -11
- data/spec/fixtures/ssl/ec.pem +33 -24
- data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
- data/spec/fixtures/ssl/encrypted-key.pem +108 -58
- data/spec/fixtures/ssl/intermediate-agent-crl.pem +28 -19
- data/spec/fixtures/ssl/intermediate-agent.pem +57 -36
- data/spec/fixtures/ssl/intermediate-crl.pem +31 -21
- data/spec/fixtures/ssl/intermediate.pem +57 -36
- data/spec/fixtures/ssl/oid-key.pem +117 -0
- data/spec/fixtures/ssl/oid.pem +69 -0
- data/spec/fixtures/ssl/pluto-key.pem +107 -57
- data/spec/fixtures/ssl/pluto.pem +52 -30
- data/spec/fixtures/ssl/request-key.pem +107 -57
- data/spec/fixtures/ssl/request.pem +47 -26
- data/spec/fixtures/ssl/revoked-key.pem +107 -57
- data/spec/fixtures/ssl/revoked.pem +52 -30
- data/spec/fixtures/ssl/signed-key.pem +107 -57
- data/spec/fixtures/ssl/signed.pem +52 -30
- data/spec/fixtures/ssl/tampered-cert.pem +52 -30
- data/spec/fixtures/ssl/tampered-csr.pem +47 -26
- data/spec/fixtures/ssl/trusted_oid_mapping.yaml +5 -0
- data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +107 -57
- data/spec/fixtures/ssl/unknown-127.0.0.1.pem +50 -29
- data/spec/fixtures/ssl/unknown-ca-key.pem +107 -57
- data/spec/fixtures/ssl/unknown-ca.pem +55 -33
- data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services_vendor_preset +9 -0
- data/spec/integration/application/filebucket_spec.rb +11 -0
- data/spec/integration/application/module_spec.rb +21 -0
- data/spec/integration/application/plugin_spec.rb +1 -1
- data/spec/integration/application/resource_spec.rb +64 -0
- data/spec/integration/application/ssl_spec.rb +20 -0
- data/spec/integration/environments/settings_interpolation_spec.rb +0 -4
- data/spec/integration/http/client_spec.rb +12 -0
- data/spec/integration/indirector/direct_file_server_spec.rb +1 -3
- data/spec/integration/indirector/facts/facter_spec.rb +90 -36
- data/spec/integration/type/exec_spec.rb +70 -45
- data/spec/integration/util/windows/adsi_spec.rb +18 -0
- data/spec/integration/util/windows/principal_spec.rb +21 -0
- data/spec/integration/util/windows/registry_spec.rb +6 -0
- data/spec/lib/puppet/test_ca.rb +7 -2
- data/spec/lib/puppet_spec/settings.rb +1 -0
- data/spec/spec_helper.rb +11 -1
- data/spec/unit/application/agent_spec.rb +7 -2
- data/spec/unit/application/facts_spec.rb +482 -3
- data/spec/unit/application/ssl_spec.rb +23 -0
- data/spec/unit/configurer/downloader_spec.rb +6 -0
- data/spec/unit/configurer_spec.rb +23 -0
- data/spec/unit/defaults_spec.rb +16 -0
- data/spec/unit/environments_spec.rb +199 -88
- data/spec/unit/face/facts_spec.rb +4 -0
- data/spec/unit/file_serving/fileset_spec.rb +60 -0
- data/spec/unit/file_system_spec.rb +15 -0
- data/spec/unit/functions/assert_type_spec.rb +1 -1
- data/spec/unit/functions/empty_spec.rb +10 -0
- data/spec/unit/functions/unwrap_spec.rb +8 -0
- data/spec/unit/functions4_spec.rb +2 -2
- data/spec/unit/gettext/config_spec.rb +12 -0
- data/spec/unit/http/service/compiler_spec.rb +123 -0
- data/spec/unit/indirector/catalog/compiler_spec.rb +14 -10
- data/spec/unit/indirector/facts/facter_spec.rb +95 -0
- data/spec/unit/indirector/resource/ral_spec.rb +40 -75
- data/spec/unit/module_tool/applications/installer_spec.rb +12 -0
- data/spec/unit/network/formats_spec.rb +41 -0
- data/spec/unit/network/http/factory_spec.rb +19 -0
- data/spec/unit/parser/functions/fqdn_rand_spec.rb +15 -1
- data/spec/unit/parser/templatewrapper_spec.rb +12 -2
- data/spec/unit/pops/types/p_sem_ver_type_spec.rb +18 -0
- data/spec/unit/pops/types/p_sensitive_type_spec.rb +18 -0
- data/spec/unit/provider/package/dnfmodule_spec.rb +10 -1
- data/spec/unit/provider/package/nim_spec.rb +42 -0
- data/spec/unit/provider/package/pip_spec.rb +37 -0
- data/spec/unit/provider/parsedfile_spec.rb +10 -0
- data/spec/unit/provider/service/init_spec.rb +1 -0
- data/spec/unit/provider/service/openwrt_spec.rb +3 -1
- data/spec/unit/provider/service/systemd_spec.rb +53 -8
- data/spec/unit/provider/service/windows_spec.rb +202 -0
- data/spec/unit/provider/user/directoryservice_spec.rb +67 -35
- data/spec/unit/provider/user/useradd_spec.rb +21 -6
- data/spec/unit/resource/catalog_spec.rb +1 -1
- data/spec/unit/settings_spec.rb +97 -56
- data/spec/unit/ssl/state_machine_spec.rb +19 -5
- data/spec/unit/transaction/additional_resource_generator_spec.rb +0 -2
- data/spec/unit/transaction_spec.rb +18 -20
- data/spec/unit/type/exec_spec.rb +76 -29
- data/spec/unit/type/file/selinux_spec.rb +3 -3
- data/spec/unit/type/file/source_spec.rb +4 -4
- data/spec/unit/type/service_spec.rb +59 -188
- data/spec/unit/type/tidy_spec.rb +24 -7
- data/spec/unit/type/user_spec.rb +45 -0
- data/spec/unit/util/selinux_spec.rb +87 -16
- data/spec/unit/util/windows/sid_spec.rb +41 -0
- data/tasks/generate_cert_fixtures.rake +12 -3
- metadata +24 -9
- data/spec/lib/matchers/include.rb +0 -27
- data/spec/lib/matchers/include_spec.rb +0 -32
| @@ -104,7 +104,14 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ | |
| 104 104 |  | 
| 105 105 | 
             
              def localgid
         | 
| 106 106 | 
             
                user = finduser(:account, resource[:name])
         | 
| 107 | 
            -
                 | 
| 107 | 
            +
                if user
         | 
| 108 | 
            +
                  begin
         | 
| 109 | 
            +
                    return Integer(user[:gid])
         | 
| 110 | 
            +
                  rescue ArgumentError
         | 
| 111 | 
            +
                    Puppet.debug("Non-numeric GID found in /etc/passwd for user #{resource[:name]}")
         | 
| 112 | 
            +
                    return user[:gid]
         | 
| 113 | 
            +
                  end
         | 
| 114 | 
            +
                end
         | 
| 108 115 | 
             
                false
         | 
| 109 116 | 
             
              end
         | 
| 110 117 |  | 
| @@ -128,7 +135,7 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ | |
| 128 135 |  | 
| 129 136 | 
             
                Puppet::FileSystem.each_line(group_file) do |line|
         | 
| 130 137 | 
             
                  data = line.chomp.split(':')
         | 
| 131 | 
            -
                  if data.last.split(',').include?(user)
         | 
| 138 | 
            +
                  if !data.empty? && data.last.split(',').include?(user)
         | 
| 132 139 | 
             
                    @groups_of[user] << data.first
         | 
| 133 140 | 
             
                  end
         | 
| 134 141 | 
             
                end
         | 
| @@ -41,7 +41,7 @@ config = Puppet::Util::Reference.newreference(:configuration, :depth => 1, :doc | |
| 41 41 | 
             
                # Leave out the section information; it was apparently confusing people.
         | 
| 42 42 | 
             
                #str << "- **Section**: #{object.section}\n"
         | 
| 43 43 | 
             
                unless val == ""
         | 
| 44 | 
            -
                  str << "- *Default*:  | 
| 44 | 
            +
                  str << "- *Default*: `#{val}`\n"
         | 
| 45 45 | 
             
                end
         | 
| 46 46 | 
             
                str << "\n"
         | 
| 47 47 | 
             
              end
         | 
    
        data/lib/puppet/settings.rb
    CHANGED
    
    | @@ -862,7 +862,11 @@ class Puppet::Settings | |
| 862 862 | 
             
                if self[:user]
         | 
| 863 863 | 
             
                  user = Puppet::Type.type(:user).new :name => self[:user], :audit => :ensure
         | 
| 864 864 |  | 
| 865 | 
            -
                   | 
| 865 | 
            +
                  if user.suitable?
         | 
| 866 | 
            +
                    @service_user_available = user.exists?
         | 
| 867 | 
            +
                  else
         | 
| 868 | 
            +
                    raise Puppet::Error, (_("Cannot manage owner permissions, because the provider for '%{name}' is not functional") % { name: user })
         | 
| 869 | 
            +
                  end
         | 
| 866 870 | 
             
                else
         | 
| 867 871 | 
             
                  @service_user_available = false
         | 
| 868 872 | 
             
                end
         | 
| @@ -874,7 +878,11 @@ class Puppet::Settings | |
| 874 878 | 
             
                if self[:group]
         | 
| 875 879 | 
             
                  group = Puppet::Type.type(:group).new :name => self[:group], :audit => :ensure
         | 
| 876 880 |  | 
| 877 | 
            -
                   | 
| 881 | 
            +
                  if group.suitable?
         | 
| 882 | 
            +
                    @service_group_available = group.exists?
         | 
| 883 | 
            +
                  else
         | 
| 884 | 
            +
                    raise Puppet::Error, (_("Cannot manage group permissions, because the provider for '%{name}' is not functional") % { name: group })
         | 
| 885 | 
            +
                  end
         | 
| 878 886 | 
             
                else
         | 
| 879 887 | 
             
                  @service_group_available = false
         | 
| 880 888 | 
             
                end
         | 
| @@ -883,9 +891,16 @@ class Puppet::Settings | |
| 883 891 | 
             
              # Allow later inspection to determine if the setting was set on the
         | 
| 884 892 | 
             
              # command line, or through some other code path.  Used for the
         | 
| 885 893 | 
             
              # `dns_alt_names` option during cert generate. --daniel 2011-10-18
         | 
| 886 | 
            -
               | 
| 894 | 
            +
              #
         | 
| 895 | 
            +
              # @param param [String, Symbol] the setting to look up
         | 
| 896 | 
            +
              # @return [Object, nil] the value of the setting or nil if unset
         | 
| 897 | 
            +
              def set_by_cli(param)
         | 
| 887 898 | 
             
                param = param.to_sym
         | 
| 888 | 
            -
                 | 
| 899 | 
            +
                @value_sets[:cli].lookup(param)
         | 
| 900 | 
            +
              end
         | 
| 901 | 
            +
             | 
| 902 | 
            +
              def set_by_cli?(param)
         | 
| 903 | 
            +
                !!set_by_cli(param)
         | 
| 889 904 | 
             
              end
         | 
| 890 905 |  | 
| 891 906 | 
             
              # Get values from a search path entry.
         | 
| @@ -918,9 +933,13 @@ class Puppet::Settings | |
| 918 933 | 
             
                end
         | 
| 919 934 | 
             
              end
         | 
| 920 935 |  | 
| 921 | 
            -
              # Allow later inspection to determine if the setting was set  | 
| 922 | 
            -
              #  | 
| 923 | 
            -
               | 
| 936 | 
            +
              # Allow later inspection to determine if the setting was set in a specific
         | 
| 937 | 
            +
              # section
         | 
| 938 | 
            +
              #
         | 
| 939 | 
            +
              # @param param [String, Symbol] the setting to look up
         | 
| 940 | 
            +
              # @param section [Symbol] the section in which to look up the setting
         | 
| 941 | 
            +
              # @return [Object, nil] the value of the setting or nil if unset
         | 
| 942 | 
            +
              def set_in_section(param, section)
         | 
| 924 943 | 
             
                param = param.to_sym
         | 
| 925 944 | 
             
                vals = searchpath_values(SearchPathElement.new(section, :section))
         | 
| 926 945 | 
             
                if vals
         | 
| @@ -928,6 +947,10 @@ class Puppet::Settings | |
| 928 947 | 
             
                end
         | 
| 929 948 | 
             
              end
         | 
| 930 949 |  | 
| 950 | 
            +
              def set_in_section?(param, section)
         | 
| 951 | 
            +
                !!set_in_section(param, section)
         | 
| 952 | 
            +
              end
         | 
| 953 | 
            +
             | 
| 931 954 | 
             
              # Patches the value for a param in a section.
         | 
| 932 955 | 
             
              # This method is required to support the use case of unifying --dns-alt-names and
         | 
| 933 956 | 
             
              # --dns_alt_names in the certificate face. Ideally this should be cleaned up.
         | 
| @@ -29,6 +29,7 @@ class Puppet::Settings::EnvironmentConf | |
| 29 29 | 
             
                  section = config.sections[:main]
         | 
| 30 30 | 
             
                rescue Errno::ENOENT
         | 
| 31 31 | 
             
                  # environment.conf is an optional file
         | 
| 32 | 
            +
                  Puppet.debug { "Path to #{path_to_env} does not exist, using default environment.conf" }
         | 
| 32 33 | 
             
                end
         | 
| 33 34 |  | 
| 34 35 | 
             
                new(path_to_env, section, global_module_path)
         | 
| @@ -137,7 +137,7 @@ class Puppet::Transaction::AdditionalResourceGenerator | |
| 137 137 | 
             
                  else
         | 
| 138 138 | 
             
                    @catalog.add_resource_after(parent_resource, res)
         | 
| 139 139 | 
             
                  end
         | 
| 140 | 
            -
                  @catalog.add_edge(@catalog.container_of(parent_resource), res)
         | 
| 140 | 
            +
                  @catalog.add_edge(@catalog.container_of(parent_resource), res) if @catalog.container_of(parent_resource)
         | 
| 141 141 | 
             
                  if @relationship_graph && priority
         | 
| 142 142 | 
             
                    # If we have a relationship_graph we should add the resource
         | 
| 143 143 | 
             
                    # to it (this is an eval_generate). If we don't, then the
         | 
    
        data/lib/puppet/type/exec.rb
    CHANGED
    
    | @@ -201,7 +201,9 @@ module Puppet | |
| 201 201 | 
             
                    only uses the resource title to ensure `exec`s are unique."
         | 
| 202 202 |  | 
| 203 203 | 
             
                  validate do |command|
         | 
| 204 | 
            -
                     | 
| 204 | 
            +
                    unless command.is_a?(String) || command.is_a?(Array)
         | 
| 205 | 
            +
                      raise ArgumentError, _("Command must be a String or Array<String>, got value of class %{klass}") % { klass: command.class }
         | 
| 206 | 
            +
                    end
         | 
| 205 207 | 
             
                  end
         | 
| 206 208 | 
             
                end
         | 
| 207 209 |  | 
| @@ -458,6 +460,10 @@ module Puppet | |
| 458 460 |  | 
| 459 461 | 
             
                        unless => ['test -f /tmp/file1', 'test -f /tmp/file2'],
         | 
| 460 462 |  | 
| 463 | 
            +
                    or an array of arrays. For example:
         | 
| 464 | 
            +
             | 
| 465 | 
            +
                        unless => [['test', '-f', '/tmp/file1'], 'test -f /tmp/file2']
         | 
| 466 | 
            +
             | 
| 461 467 | 
             
                    This `exec` would only run if every command in the array has a
         | 
| 462 468 | 
             
                    non-zero exit code.
         | 
| 463 469 | 
             
                  EOT
         | 
| @@ -514,6 +520,10 @@ module Puppet | |
| 514 520 |  | 
| 515 521 | 
             
                        onlyif => ['test -f /tmp/file1', 'test -f /tmp/file2'],
         | 
| 516 522 |  | 
| 523 | 
            +
                    or an array of arrays. For example:
         | 
| 524 | 
            +
             | 
| 525 | 
            +
                        onlyif => [['test', '-f', '/tmp/file1'], 'test -f /tmp/file2']
         | 
| 526 | 
            +
             | 
| 517 527 | 
             
                    This `exec` would only run if every command in the array has an
         | 
| 518 528 | 
             
                    exit code of 0 (success).
         | 
| 519 529 | 
             
                  EOT
         | 
| @@ -562,12 +572,14 @@ module Puppet | |
| 562 572 | 
             
                  reqs << self[:cwd] if self[:cwd]
         | 
| 563 573 |  | 
| 564 574 | 
             
                  file_regex = Puppet::Util::Platform.windows? ? %r{^([a-zA-Z]:[\\/]\S+)} : %r{^(/\S+)}
         | 
| 575 | 
            +
                  cmd = self[:command]
         | 
| 576 | 
            +
                  cmd = cmd[0] if cmd.is_a? Array
         | 
| 565 577 |  | 
| 566 | 
            -
                   | 
| 578 | 
            +
                  cmd.scan(file_regex) { |str|
         | 
| 567 579 | 
             
                    reqs << str
         | 
| 568 580 | 
             
                  }
         | 
| 569 581 |  | 
| 570 | 
            -
                   | 
| 582 | 
            +
                  cmd.scan(/^"([^"]+)"/) { |str|
         | 
| 571 583 | 
             
                    reqs << str
         | 
| 572 584 | 
             
                  }
         | 
| 573 585 |  | 
| @@ -583,6 +595,7 @@ module Puppet | |
| 583 595 | 
             
                      # fully qualified.  It might not be a bad idea to add
         | 
| 584 596 | 
             
                      # unqualified files, but, well, that's a bit more annoying
         | 
| 585 597 | 
             
                      # to do.
         | 
| 598 | 
            +
                      line = line[0] if line.is_a? Array
         | 
| 586 599 | 
             
                      reqs += line.scan(file_regex)
         | 
| 587 600 | 
             
                    end
         | 
| 588 601 | 
             
                  }
         | 
    
        data/lib/puppet/type/file.rb
    CHANGED
    
    | @@ -220,6 +220,23 @@ Puppet::Type.newtype(:file) do | |
| 220 220 | 
             
                end
         | 
| 221 221 | 
             
              end
         | 
| 222 222 |  | 
| 223 | 
            +
              newparam(:max_files) do
         | 
| 224 | 
            +
                desc "In case the resource is a directory and the recursion is enabled, puppet will
         | 
| 225 | 
            +
                  generate a new resource for each file file found, possible leading to
         | 
| 226 | 
            +
                  an excessive number of resources generated without any control.
         | 
| 227 | 
            +
             | 
| 228 | 
            +
                  Setting `max_files` will check the number of file resources that
         | 
| 229 | 
            +
                  will eventually be created and will raise a resource argument error if the
         | 
| 230 | 
            +
                  limit will be exceeded.
         | 
| 231 | 
            +
             | 
| 232 | 
            +
                  Use value `0` to log a warning instead of raising an error.
         | 
| 233 | 
            +
             | 
| 234 | 
            +
                  Use value `-1` to disable errors and warnings due to max files."
         | 
| 235 | 
            +
             | 
| 236 | 
            +
                defaultto 0
         | 
| 237 | 
            +
                newvalues(/^[0-9]+$/, /^-1$/)
         | 
| 238 | 
            +
              end
         | 
| 239 | 
            +
             | 
| 223 240 | 
             
              newparam(:replace, :boolean => true, :parent => Puppet::Parameter::Boolean) do
         | 
| 224 241 | 
             
                desc "Whether to replace a file or symlink that already exists on the local system but
         | 
| 225 242 | 
             
                  whose content doesn't match what the `source` or `content` attribute
         | 
| @@ -576,7 +593,7 @@ Puppet::Type.newtype(:file) do | |
| 576 593 | 
             
                options = @original_parameters.merge(:path => full_path).reject { |param, value| value.nil? }
         | 
| 577 594 |  | 
| 578 595 | 
             
                # These should never be passed to our children.
         | 
| 579 | 
            -
                [:parent, :ensure, :recurse, :recurselimit, :target, :alias, :source].each do |param|
         | 
| 596 | 
            +
                [:parent, :ensure, :recurse, :recurselimit, :max_files, :target, :alias, :source].each do |param|
         | 
| 580 597 | 
             
                  options.delete(param) if options.include?(param)
         | 
| 581 598 | 
             
                end
         | 
| 582 599 |  | 
| @@ -753,6 +770,7 @@ Puppet::Type.newtype(:file) do | |
| 753 770 | 
             
                  :links => self[:links],
         | 
| 754 771 | 
             
                  :recurse => (self[:recurse] == :remote ? true : self[:recurse]),
         | 
| 755 772 | 
             
                  :recurselimit => self[:recurselimit],
         | 
| 773 | 
            +
                  :max_files => self[:max_files],
         | 
| 756 774 | 
             
                  :source_permissions => self[:source_permissions],
         | 
| 757 775 | 
             
                  :ignore => self[:ignore],
         | 
| 758 776 | 
             
                  :checksum_type => (self[:source] || self[:content]) ? self[:checksum] : :none,
         | 
| @@ -90,9 +90,15 @@ module Puppet | |
| 90 90 | 
             
                    raise Puppet::Error, "The file mode specification is invalid: #{value.inspect}"
         | 
| 91 91 | 
             
                  end
         | 
| 92 92 |  | 
| 93 | 
            +
                  # normalizes to symbolic form, e.g. u+a, an octal string without leading 0
         | 
| 93 94 | 
             
                  normalize_symbolic_mode(value)
         | 
| 94 95 | 
             
                end
         | 
| 95 96 |  | 
| 97 | 
            +
                unmunge do |value|
         | 
| 98 | 
            +
                  # return symbolic form or octal string *with* leading 0's
         | 
| 99 | 
            +
                  display_mode(value) if value
         | 
| 100 | 
            +
                end
         | 
| 101 | 
            +
             | 
| 96 102 | 
             
                def desired_mode_from_current(desired, current)
         | 
| 97 103 | 
             
                  current = current.to_i(8) if current.is_a? String
         | 
| 98 104 | 
             
                  is_a_directory = @resource.stat && @resource.stat.directory?
         | 
    
        data/lib/puppet/type/service.rb
    CHANGED
    
    | @@ -38,6 +38,12 @@ module Puppet | |
| 38 38 | 
             
                feature :enableable, "The provider can enable and disable the service.",
         | 
| 39 39 | 
             
                  :methods => [:disable, :enable, :enabled?]
         | 
| 40 40 |  | 
| 41 | 
            +
                feature :delayed_startable, "The provider can set service to delayed start",
         | 
| 42 | 
            +
                  :methods => [:delayed_start]
         | 
| 43 | 
            +
             | 
| 44 | 
            +
                feature :manual_startable, "The provider can set service to manual start",
         | 
| 45 | 
            +
                  :methods => [:manual_start]
         | 
| 46 | 
            +
             | 
| 41 47 | 
             
                feature :controllable, "The provider uses a control variable."
         | 
| 42 48 |  | 
| 43 49 | 
             
                feature :flaggable, "The provider can pass flags to the service."
         | 
| @@ -67,7 +73,7 @@ module Puppet | |
| 67 73 | 
             
                    provider.disable
         | 
| 68 74 | 
             
                  end
         | 
| 69 75 |  | 
| 70 | 
            -
                  newvalue(:manual, :event => :service_manual_start) do
         | 
| 76 | 
            +
                  newvalue(:manual, :event => :service_manual_start, :required_features => :manual_startable) do
         | 
| 71 77 | 
             
                    provider.manual_start
         | 
| 72 78 | 
             
                  end
         | 
| 73 79 |  | 
| @@ -81,8 +87,7 @@ module Puppet | |
| 81 87 | 
             
                    provider.enabled?
         | 
| 82 88 | 
             
                  end
         | 
| 83 89 |  | 
| 84 | 
            -
                   | 
| 85 | 
            -
                  newvalue(:delayed, :event => :service_delayed_start) do
         | 
| 90 | 
            +
                  newvalue(:delayed, :event => :service_delayed_start, :required_features => :delayed_startable) do
         | 
| 86 91 | 
             
                    provider.delayed_start
         | 
| 87 92 | 
             
                  end
         | 
| 88 93 |  | 
| @@ -90,12 +95,6 @@ module Puppet | |
| 90 95 | 
             
                    return provider.enabled_insync?(current) if provider.respond_to?(:enabled_insync?)
         | 
| 91 96 | 
             
                    super(current)
         | 
| 92 97 | 
             
                  end
         | 
| 93 | 
            -
             | 
| 94 | 
            -
                  validate do |value|
         | 
| 95 | 
            -
                    if (value == :manual || value == :delayed) && !Puppet::Util::Platform.windows?
         | 
| 96 | 
            -
                      raise Puppet::Error.new(_("Setting enable to %{value} is only supported on Microsoft Windows.") % { value: value.to_s} )
         | 
| 97 | 
            -
                    end
         | 
| 98 | 
            -
                  end
         | 
| 99 98 | 
             
                end
         | 
| 100 99 |  | 
| 101 100 | 
             
                # Handle whether the service should actually be running right now.
         | 
| @@ -139,23 +138,9 @@ module Puppet | |
| 139 138 | 
             
                newproperty(:logonaccount, :required_features => :manages_logon_credentials) do
         | 
| 140 139 | 
             
                  desc "Specify an account for service logon"
         | 
| 141 140 |  | 
| 142 | 
            -
                   | 
| 143 | 
            -
                    return  | 
| 144 | 
            -
                     | 
| 145 | 
            -
             | 
| 146 | 
            -
                    value.sub!(/^\.\\/, "#{Puppet::Util::Windows::ADSI.computer_name}\\")
         | 
| 147 | 
            -
                    user_information = Puppet::Util::Windows::SID.name_to_principal(value)
         | 
| 148 | 
            -
                    raise Puppet::Error.new("\"#{value}\" is not a valid account") unless user_information && [:SidTypeUser, :SidTypeWellKnownGroup].include?(user_information.account_type)
         | 
| 149 | 
            -
             | 
| 150 | 
            -
                    user_rights = Puppet::Util::Windows::User::get_rights(user_information.domain_account) unless Puppet::Util::Windows::User::default_system_account?(value)
         | 
| 151 | 
            -
                    raise Puppet::Error.new("\"#{user_information.domain_account}\" has the 'Log On As A Service' right set to denied.") if user_rights =~ /SeDenyServiceLogonRight/
         | 
| 152 | 
            -
                    raise Puppet::Error.new("\"#{user_information.domain_account}\" is missing the 'Log On As A Service' right.") unless user_rights.nil? || user_rights =~ /SeServiceLogonRight/
         | 
| 153 | 
            -
             | 
| 154 | 
            -
                    if user_information.domain == Puppet::Util::Windows::ADSI.computer_name
         | 
| 155 | 
            -
                      ".\\#{user_information.account}"
         | 
| 156 | 
            -
                    else
         | 
| 157 | 
            -
                      user_information.domain_account
         | 
| 158 | 
            -
                    end
         | 
| 141 | 
            +
                  def insync?(current)
         | 
| 142 | 
            +
                    return provider.logonaccount_insync?(current) if provider.respond_to?(:logonaccount_insync?)
         | 
| 143 | 
            +
                    super(current)
         | 
| 159 144 | 
             
                  end
         | 
| 160 145 | 
             
                end
         | 
| 161 146 |  | 
| @@ -163,18 +148,7 @@ module Puppet | |
| 163 148 | 
             
                  desc "Specify a password for service logon. Default value is an empty string (when logonaccount is specified)."
         | 
| 164 149 |  | 
| 165 150 | 
             
                  validate do |value|
         | 
| 166 | 
            -
                    raise  | 
| 167 | 
            -
                    raise ArgumentError, _("Passwords cannot include ':'") if value.is_a?(String) and value.include?(":")
         | 
| 168 | 
            -
                    return unless Puppet::Util::Platform.windows?
         | 
| 169 | 
            -
             | 
| 170 | 
            -
                    is_a_predefined_local_account = Puppet::Util::Windows::User::default_system_account?(@resource[:logonaccount]) || @resource[:logonaccount] == 'LocalSystem'
         | 
| 171 | 
            -
             | 
| 172 | 
            -
                    account_info = @resource[:logonaccount].split("\\")
         | 
| 173 | 
            -
                    able_to_logon = Puppet::Util::Windows::User.password_is?(account_info[1], value, account_info[0]) unless is_a_predefined_local_account
         | 
| 174 | 
            -
             | 
| 175 | 
            -
                    raise Puppet::Error.new("The given password is invalid for user '#{@resource[:logonaccount]}'.") unless is_a_predefined_local_account || able_to_logon
         | 
| 176 | 
            -
             | 
| 177 | 
            -
                    provider.logonpassword=(value)
         | 
| 151 | 
            +
                    raise ArgumentError, _("Passwords cannot include ':'") if value.is_a?(String) && value.include?(":")
         | 
| 178 152 | 
             
                  end
         | 
| 179 153 |  | 
| 180 154 | 
             
                  sensitive true
         | 
| @@ -320,5 +294,11 @@ module Puppet | |
| 320 294 | 
             
                def self.needs_ensure_retrieved
         | 
| 321 295 | 
             
                  false
         | 
| 322 296 | 
             
                end
         | 
| 297 | 
            +
             | 
| 298 | 
            +
                validate do
         | 
| 299 | 
            +
                  if @parameters[:logonpassword] && @parameters[:logonaccount].nil?
         | 
| 300 | 
            +
                    raise Puppet::Error.new(_"The 'logonaccount' parameter is mandatory when setting 'logonpassword'.")
         | 
| 301 | 
            +
                  end
         | 
| 302 | 
            +
                end
         | 
| 323 303 | 
             
              end
         | 
| 324 304 | 
             
            end
         | 
    
        data/lib/puppet/type/tidy.rb
    CHANGED
    
    | @@ -50,6 +50,22 @@ Puppet::Type.newtype(:tidy) do | |
| 50 50 | 
             
                end
         | 
| 51 51 | 
             
              end
         | 
| 52 52 |  | 
| 53 | 
            +
              newparam(:max_files) do
         | 
| 54 | 
            +
                desc "In case the resource is a directory and the recursion is enabled, puppet will
         | 
| 55 | 
            +
                  generate a new resource for each file file found, possible leading to
         | 
| 56 | 
            +
                  an excessive number of resources generated without any control.
         | 
| 57 | 
            +
             | 
| 58 | 
            +
                  Setting `max_files` will check the number of file resources that
         | 
| 59 | 
            +
                  will eventually be created and will raise a resource argument error if the
         | 
| 60 | 
            +
                  limit will be exceeded.
         | 
| 61 | 
            +
             | 
| 62 | 
            +
                  Use value `0` to disable the check. In this case, a warning is logged if
         | 
| 63 | 
            +
                  the number of files exceeds 1000."
         | 
| 64 | 
            +
             | 
| 65 | 
            +
                defaultto 0
         | 
| 66 | 
            +
                newvalues(/^[0-9]+$/)
         | 
| 67 | 
            +
              end
         | 
| 68 | 
            +
             | 
| 53 69 | 
             
              newparam(:matches) do
         | 
| 54 70 | 
             
                desc <<-'EOT'
         | 
| 55 71 | 
             
                  One or more (shell type) file glob patterns, which restrict
         | 
| @@ -128,7 +144,7 @@ Puppet::Type.newtype(:tidy) do | |
| 128 144 |  | 
| 129 145 | 
             
                def tidy?(path, stat)
         | 
| 130 146 | 
             
                  # If the file's older than we allow, we should get rid of it.
         | 
| 131 | 
            -
                  (Time.now.to_i - stat.send(resource[:type]).to_i)  | 
| 147 | 
            +
                  (Time.now.to_i - stat.send(resource[:type]).to_i) >= value
         | 
| 132 148 | 
             
                end
         | 
| 133 149 |  | 
| 134 150 | 
             
                munge do |age|
         | 
| @@ -256,9 +272,12 @@ Puppet::Type.newtype(:tidy) do | |
| 256 272 |  | 
| 257 273 | 
             
                case self[:recurse]
         | 
| 258 274 | 
             
                when Integer, /^\d+$/
         | 
| 259 | 
            -
                  parameter = { : | 
| 275 | 
            +
                  parameter = { :max_files => self[:max_files],
         | 
| 276 | 
            +
                                :recurse => true,
         | 
| 277 | 
            +
                                :recurselimit => self[:recurse] }
         | 
| 260 278 | 
             
                when true, :true, :inf
         | 
| 261 | 
            -
                  parameter = { : | 
| 279 | 
            +
                  parameter = { :max_files => self[:max_files],
         | 
| 280 | 
            +
                                :recurse => true }
         | 
| 262 281 | 
             
                end
         | 
| 263 282 |  | 
| 264 283 | 
             
                if parameter
         | 
    
        data/lib/puppet/type/user.rb
    CHANGED
    
    | @@ -67,6 +67,7 @@ module Puppet | |
| 67 67 | 
             
                newproperty(:ensure, :parent => Puppet::Property::Ensure) do
         | 
| 68 68 | 
             
                  newvalue(:present, :event => :user_created) do
         | 
| 69 69 | 
             
                    provider.create
         | 
| 70 | 
            +
                    @resource.generate
         | 
| 70 71 | 
             
                  end
         | 
| 71 72 |  | 
| 72 73 | 
             
                  newvalue(:absent, :event => :user_removed) do
         | 
| @@ -695,6 +696,7 @@ module Puppet | |
| 695 696 |  | 
| 696 697 | 
             
                def generate
         | 
| 697 698 | 
             
                  if !self[:purge_ssh_keys].empty?
         | 
| 699 | 
            +
                    return [] if self[:ensure] == :present && !provider.exists? 
         | 
| 698 700 | 
             
                    if Puppet::Type.type(:ssh_authorized_key).nil?
         | 
| 699 701 | 
             
                      warning _("Ssh_authorized_key type is not available. Cannot purge SSH keys.")
         | 
| 700 702 | 
             
                    else
         | 
| @@ -743,25 +745,6 @@ module Puppet | |
| 743 745 | 
             
                    end
         | 
| 744 746 | 
             
                    raise ArgumentError, _("purge_ssh_keys must be true, false, or an array of file names, not %{value}") % { value: value.inspect }
         | 
| 745 747 | 
             
                  end
         | 
| 746 | 
            -
             | 
| 747 | 
            -
                  munge do |value|
         | 
| 748 | 
            -
                    # Resolve string, boolean and symbol forms of true and false to a
         | 
| 749 | 
            -
                    # single representation.
         | 
| 750 | 
            -
                    test_sym = value.to_s.intern
         | 
| 751 | 
            -
                    value = test_sym if [:true, :false].include? test_sym
         | 
| 752 | 
            -
             | 
| 753 | 
            -
                    return [] if value == :false
         | 
| 754 | 
            -
                    home = resource[:home] || Dir.home(resource[:name])
         | 
| 755 | 
            -
             | 
| 756 | 
            -
                    return [ "#{home}/.ssh/authorized_keys" ] if value == :true
         | 
| 757 | 
            -
                    # value is an array - munge each value
         | 
| 758 | 
            -
                    [ value ].flatten.map do |entry|
         | 
| 759 | 
            -
                      # make sure frozen value is duplicated by using a gsub, second mutating gsub! is then ok
         | 
| 760 | 
            -
                      entry = entry.gsub(/^~\//, "#{home}/")
         | 
| 761 | 
            -
                      entry.gsub!(/^%h\//, "#{home}/")
         | 
| 762 | 
            -
                      entry
         | 
| 763 | 
            -
                    end
         | 
| 764 | 
            -
                  end
         | 
| 765 748 | 
             
                end
         | 
| 766 749 |  | 
| 767 750 | 
             
                newproperty(:loginclass, :required_features => :manages_loginclass) do
         | 
| @@ -783,7 +766,7 @@ module Puppet | |
| 783 766 | 
             
                # @see generate
         | 
| 784 767 | 
             
                # @api private
         | 
| 785 768 | 
             
                def find_unmanaged_keys
         | 
| 786 | 
            -
                   | 
| 769 | 
            +
                  munged_unmanaged_keys.
         | 
| 787 770 | 
             
                    select { |f| File.readable?(f) }.
         | 
| 788 771 | 
             
                    map { |f| unknown_keys_in_file(f) }.
         | 
| 789 772 | 
             
                    flatten.each do |res|
         | 
| @@ -795,6 +778,41 @@ module Puppet | |
| 795 778 | 
             
                    end
         | 
| 796 779 | 
             
                end
         | 
| 797 780 |  | 
| 781 | 
            +
                def munged_unmanaged_keys
         | 
| 782 | 
            +
                  value = self[:purge_ssh_keys]
         | 
| 783 | 
            +
             | 
| 784 | 
            +
                  # Resolve string, boolean and symbol forms of true and false to a
         | 
| 785 | 
            +
                  # single representation.
         | 
| 786 | 
            +
                  test_sym = value.to_s.intern
         | 
| 787 | 
            +
                  value = test_sym if [:true, :false].include? test_sym
         | 
| 788 | 
            +
             | 
| 789 | 
            +
                  return [] if value == :false
         | 
| 790 | 
            +
             | 
| 791 | 
            +
                  home = self[:home]
         | 
| 792 | 
            +
                  begin
         | 
| 793 | 
            +
                    home ||= provider.home
         | 
| 794 | 
            +
                  rescue
         | 
| 795 | 
            +
                    Puppet.debug("User '#{self[:name]}' does not exist")
         | 
| 796 | 
            +
                  end
         | 
| 797 | 
            +
             | 
| 798 | 
            +
                  if home.to_s.empty? || !Dir.exist?(home.to_s)
         | 
| 799 | 
            +
                    if value == :true || [ value ].flatten.any? { |v| v.start_with?('~/', '%h/') }
         | 
| 800 | 
            +
                      Puppet.debug("User '#{self[:name]}' has no home directory set to purge ssh keys from.")
         | 
| 801 | 
            +
                      return []
         | 
| 802 | 
            +
                    end
         | 
| 803 | 
            +
                  end
         | 
| 804 | 
            +
             | 
| 805 | 
            +
                  return [ "#{home}/.ssh/authorized_keys" ] if value == :true
         | 
| 806 | 
            +
             | 
| 807 | 
            +
                  # value is an array - munge each value
         | 
| 808 | 
            +
                  [ value ].flatten.map do |entry|
         | 
| 809 | 
            +
                    # make sure frozen value is duplicated by using a gsub, second mutating gsub! is then ok
         | 
| 810 | 
            +
                    entry = entry.gsub(/^~\//, "#{home}/")
         | 
| 811 | 
            +
                    entry.gsub!(/^%h\//, "#{home}/")
         | 
| 812 | 
            +
                    entry
         | 
| 813 | 
            +
                  end
         | 
| 814 | 
            +
                end
         | 
| 815 | 
            +
             | 
| 798 816 | 
             
                # Parse an ssh authorized keys file superficially, extract the comments
         | 
| 799 817 | 
             
                # on the keys. These are considered names of possible ssh_authorized_keys
         | 
| 800 818 | 
             
                # resources. Keys that are managed by the present catalog are ignored.
         |