puppet 6.21.1-universal-darwin → 6.25.0-universal-darwin

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of puppet might be problematic. Click here for more details.

Files changed (427) hide show
  1. checksums.yaml +4 -4
  2. data/CONTRIBUTING.md +5 -5
  3. data/Gemfile +3 -3
  4. data/Gemfile.lock +34 -28
  5. data/README.md +4 -4
  6. data/{ext → examples/enc}/regexp_nodes/classes/databases +0 -0
  7. data/{ext → examples/enc}/regexp_nodes/classes/webservers +0 -0
  8. data/{ext → examples/enc}/regexp_nodes/environment/development +0 -0
  9. data/{ext → examples/enc}/regexp_nodes/parameters/service/prod +0 -0
  10. data/{ext → examples/enc}/regexp_nodes/parameters/service/qa +0 -0
  11. data/{ext → examples/enc}/regexp_nodes/parameters/service/sandbox +0 -0
  12. data/{ext → examples/enc}/regexp_nodes/regexp_nodes.rb +0 -0
  13. data/{ext → examples}/nagios/check_puppet.rb +2 -2
  14. data/ext/README.md +13 -0
  15. data/ext/osx/puppet.plist +2 -0
  16. data/ext/project_data.yaml +3 -2
  17. data/lib/puppet/application/agent.rb +16 -5
  18. data/lib/puppet/application/apply.rb +22 -3
  19. data/lib/puppet/application/device.rb +2 -1
  20. data/lib/puppet/application/filebucket.rb +1 -0
  21. data/lib/puppet/application/resource.rb +32 -16
  22. data/lib/puppet/application/script.rb +2 -1
  23. data/lib/puppet/application/ssl.rb +12 -0
  24. data/lib/puppet/concurrent/thread_local_singleton.rb +1 -0
  25. data/lib/puppet/configurer/downloader.rb +2 -1
  26. data/lib/puppet/configurer.rb +85 -57
  27. data/lib/puppet/confine/variable.rb +1 -1
  28. data/lib/puppet/defaults.rb +63 -35
  29. data/lib/puppet/environments.rb +91 -26
  30. data/lib/puppet/face/facts.rb +129 -31
  31. data/lib/puppet/face/help/action.erb +1 -0
  32. data/lib/puppet/face/help/face.erb +1 -0
  33. data/lib/puppet/face/node/clean.rb +11 -0
  34. data/lib/puppet/facter_impl.rb +96 -0
  35. data/lib/puppet/file_serving/configuration/parser.rb +2 -0
  36. data/lib/puppet/file_serving/configuration.rb +3 -0
  37. data/lib/puppet/file_serving/fileset.rb +14 -2
  38. data/lib/puppet/file_serving/mount/file.rb +4 -4
  39. data/lib/puppet/file_serving/mount/scripts.rb +24 -0
  40. data/lib/puppet/file_system/file_impl.rb +3 -1
  41. data/lib/puppet/file_system/memory_file.rb +8 -1
  42. data/lib/puppet/file_system/windows.rb +4 -2
  43. data/lib/puppet/forge.rb +4 -4
  44. data/lib/puppet/functions/all.rb +1 -1
  45. data/lib/puppet/functions/camelcase.rb +1 -1
  46. data/lib/puppet/functions/capitalize.rb +2 -2
  47. data/lib/puppet/functions/downcase.rb +2 -2
  48. data/lib/puppet/functions/empty.rb +8 -0
  49. data/lib/puppet/functions/find_template.rb +2 -2
  50. data/lib/puppet/functions/get.rb +5 -5
  51. data/lib/puppet/functions/group_by.rb +13 -5
  52. data/lib/puppet/functions/lest.rb +1 -1
  53. data/lib/puppet/functions/new.rb +100 -100
  54. data/lib/puppet/functions/partition.rb +12 -4
  55. data/lib/puppet/functions/require.rb +5 -5
  56. data/lib/puppet/functions/sort.rb +3 -3
  57. data/lib/puppet/functions/strftime.rb +1 -0
  58. data/lib/puppet/functions/tree_each.rb +7 -9
  59. data/lib/puppet/functions/type.rb +4 -4
  60. data/lib/puppet/functions/unwrap.rb +17 -2
  61. data/lib/puppet/functions/upcase.rb +2 -2
  62. data/lib/puppet/http/resolver/server_list.rb +15 -4
  63. data/lib/puppet/http/service/compiler.rb +75 -1
  64. data/lib/puppet/http/service/file_server.rb +2 -1
  65. data/lib/puppet/indirector/catalog/compiler.rb +25 -6
  66. data/lib/puppet/indirector/catalog/rest.rb +1 -0
  67. data/lib/puppet/indirector/facts/facter.rb +28 -7
  68. data/lib/puppet/indirector/file_metadata/rest.rb +1 -0
  69. data/lib/puppet/indirector/indirection.rb +1 -1
  70. data/lib/puppet/indirector/resource/ral.rb +6 -1
  71. data/lib/puppet/indirector/terminus.rb +4 -0
  72. data/lib/puppet/interface/documentation.rb +1 -0
  73. data/lib/puppet/module/plan.rb +0 -1
  74. data/lib/puppet/module/task.rb +1 -1
  75. data/lib/puppet/module.rb +1 -0
  76. data/lib/puppet/module_tool/applications/installer.rb +12 -4
  77. data/lib/puppet/module_tool/applications/uninstaller.rb +1 -1
  78. data/lib/puppet/module_tool/applications/upgrader.rb +1 -1
  79. data/lib/puppet/module_tool/errors/shared.rb +17 -0
  80. data/lib/puppet/network/formats.rb +67 -0
  81. data/lib/puppet/network/http/api/indirected_routes.rb +1 -1
  82. data/lib/puppet/network/http/factory.rb +4 -0
  83. data/lib/puppet/node/environment.rb +10 -11
  84. data/lib/puppet/pal/pal_impl.rb +1 -1
  85. data/lib/puppet/parser/functions/fqdn_rand.rb +14 -6
  86. data/lib/puppet/parser/scope.rb +1 -0
  87. data/lib/puppet/parser/templatewrapper.rb +1 -0
  88. data/lib/puppet/pops/lookup/lookup_adapter.rb +3 -2
  89. data/lib/puppet/pops/model/ast.rb +1 -0
  90. data/lib/puppet/pops/model/factory.rb +2 -1
  91. data/lib/puppet/pops/parser/eparser.rb +201 -201
  92. data/lib/puppet/pops/parser/lexer2.rb +92 -91
  93. data/lib/puppet/pops/parser/slurp_support.rb +1 -0
  94. data/lib/puppet/pops/serialization/to_data_converter.rb +18 -6
  95. data/lib/puppet/pops/serialization/to_stringified_converter.rb +1 -1
  96. data/lib/puppet/pops/types/p_sem_ver_type.rb +8 -2
  97. data/lib/puppet/pops/types/p_sensitive_type.rb +10 -0
  98. data/lib/puppet/pops/types/type_formatter.rb +4 -3
  99. data/lib/puppet/pops/types/type_mismatch_describer.rb +1 -1
  100. data/lib/puppet/pops/types/types.rb +1 -1
  101. data/lib/puppet/provider/aix_object.rb +1 -1
  102. data/lib/puppet/provider/exec/posix.rb +16 -4
  103. data/lib/puppet/provider/group/groupadd.rb +5 -2
  104. data/lib/puppet/provider/package/dnfmodule.rb +1 -1
  105. data/lib/puppet/provider/package/nim.rb +11 -6
  106. data/lib/puppet/provider/package/pip.rb +15 -3
  107. data/lib/puppet/provider/package/pkg.rb +19 -2
  108. data/lib/puppet/provider/package/puppetserver_gem.rb +1 -1
  109. data/lib/puppet/provider/package/yum.rb +1 -1
  110. data/lib/puppet/provider/parsedfile.rb +3 -0
  111. data/lib/puppet/provider/service/base.rb +1 -1
  112. data/lib/puppet/provider/service/init.rb +5 -5
  113. data/lib/puppet/provider/service/launchd.rb +2 -2
  114. data/lib/puppet/provider/service/redhat.rb +1 -1
  115. data/lib/puppet/provider/service/smf.rb +3 -3
  116. data/lib/puppet/provider/service/systemd.rb +16 -6
  117. data/lib/puppet/provider/service/upstart.rb +5 -5
  118. data/lib/puppet/provider/service/windows.rb +38 -0
  119. data/lib/puppet/provider/user/aix.rb +44 -1
  120. data/lib/puppet/provider/user/directoryservice.rb +26 -13
  121. data/lib/puppet/provider/user/useradd.rb +73 -17
  122. data/lib/puppet/provider.rb +1 -1
  123. data/lib/puppet/reference/configuration.rb +1 -1
  124. data/lib/puppet/reference/providers.rb +2 -2
  125. data/lib/puppet/resource/type_collection.rb +1 -0
  126. data/lib/puppet/runtime.rb +11 -1
  127. data/lib/puppet/settings/environment_conf.rb +1 -0
  128. data/lib/puppet/settings.rb +32 -9
  129. data/lib/puppet/test/test_helper.rb +4 -1
  130. data/lib/puppet/transaction/additional_resource_generator.rb +1 -1
  131. data/lib/puppet/transaction/persistence.rb +11 -1
  132. data/lib/puppet/transaction/report.rb +15 -1
  133. data/lib/puppet/type/exec.rb +35 -5
  134. data/lib/puppet/type/file/mode.rb +6 -0
  135. data/lib/puppet/type/file/selcontext.rb +1 -1
  136. data/lib/puppet/type/file.rb +25 -7
  137. data/lib/puppet/type/filebucket.rb +3 -3
  138. data/lib/puppet/type/group.rb +0 -1
  139. data/lib/puppet/type/resources.rb +1 -1
  140. data/lib/puppet/type/service.rb +26 -41
  141. data/lib/puppet/type/tidy.rb +22 -3
  142. data/lib/puppet/type/user.rb +38 -21
  143. data/lib/puppet/type.rb +1 -1
  144. data/lib/puppet/util/command_line.rb +1 -1
  145. data/lib/puppet/util/fact_dif.rb +36 -17
  146. data/lib/puppet/util/filetype.rb +2 -2
  147. data/lib/puppet/util/json.rb +3 -0
  148. data/lib/puppet/util/log.rb +1 -2
  149. data/lib/puppet/util/logging.rb +1 -25
  150. data/lib/puppet/util/monkey_patches.rb +7 -0
  151. data/lib/puppet/util/pidlock.rb +1 -1
  152. data/lib/puppet/util/rdoc/parser/puppet_parser_core.rb +1 -1
  153. data/lib/puppet/util/selinux.rb +30 -4
  154. data/lib/puppet/util/suidmanager.rb +1 -2
  155. data/lib/puppet/util/symbolic_file_mode.rb +29 -17
  156. data/lib/puppet/util/tagging.rb +1 -0
  157. data/lib/puppet/util/windows/adsi.rb +46 -0
  158. data/lib/puppet/util/windows/api_types.rb +1 -1
  159. data/lib/puppet/util/windows/principal.rb +9 -2
  160. data/lib/puppet/util/windows/sid.rb +6 -2
  161. data/lib/puppet/util/windows/user.rb +0 -2
  162. data/lib/puppet/util.rb +4 -3
  163. data/lib/puppet/version.rb +1 -1
  164. data/lib/puppet.rb +5 -9
  165. data/locales/puppet.pot +506 -410
  166. data/man/man5/puppet.conf.5 +310 -274
  167. data/man/man8/puppet-agent.8 +4 -1
  168. data/man/man8/puppet-apply.8 +1 -1
  169. data/man/man8/puppet-catalog.8 +9 -9
  170. data/man/man8/puppet-config.8 +1 -1
  171. data/man/man8/puppet-describe.8 +1 -1
  172. data/man/man8/puppet-device.8 +1 -1
  173. data/man/man8/puppet-doc.8 +1 -1
  174. data/man/man8/puppet-epp.8 +1 -1
  175. data/man/man8/puppet-facts.8 +65 -7
  176. data/man/man8/puppet-filebucket.8 +1 -1
  177. data/man/man8/puppet-generate.8 +1 -1
  178. data/man/man8/puppet-help.8 +1 -1
  179. data/man/man8/puppet-key.8 +7 -7
  180. data/man/man8/puppet-lookup.8 +1 -1
  181. data/man/man8/puppet-man.8 +1 -1
  182. data/man/man8/puppet-module.8 +3 -3
  183. data/man/man8/puppet-node.8 +5 -5
  184. data/man/man8/puppet-parser.8 +1 -1
  185. data/man/man8/puppet-plugin.8 +1 -1
  186. data/man/man8/puppet-report.8 +5 -5
  187. data/man/man8/puppet-resource.8 +1 -1
  188. data/man/man8/puppet-script.8 +1 -1
  189. data/man/man8/puppet-ssl.8 +5 -1
  190. data/man/man8/puppet-status.8 +4 -4
  191. data/man/man8/puppet.8 +2 -2
  192. data/spec/fixtures/integration/application/agent/lib/facter/agent_spec_role.rb +3 -0
  193. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/Gemfile +4 -0
  194. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/Rakefile +3 -0
  195. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/lib/puppet/functions/l10n.rb +8 -0
  196. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/config.yaml +25 -0
  197. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/ja/puppet-l10n.po +19 -0
  198. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/puppet-l10n.pot +20 -0
  199. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/metadata.json +8 -0
  200. data/spec/fixtures/ssl/127.0.0.1-key.pem +107 -57
  201. data/spec/fixtures/ssl/127.0.0.1.pem +52 -31
  202. data/spec/fixtures/ssl/bad-basic-constraints.pem +57 -35
  203. data/spec/fixtures/ssl/bad-int-basic-constraints.pem +57 -35
  204. data/spec/fixtures/ssl/ca.pem +57 -35
  205. data/spec/fixtures/ssl/crl.pem +28 -18
  206. data/spec/fixtures/ssl/ec-key.pem +11 -11
  207. data/spec/fixtures/ssl/ec.pem +33 -24
  208. data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
  209. data/spec/fixtures/ssl/encrypted-key.pem +108 -58
  210. data/spec/fixtures/ssl/intermediate-agent-crl.pem +28 -19
  211. data/spec/fixtures/ssl/intermediate-agent.pem +57 -36
  212. data/spec/fixtures/ssl/intermediate-crl.pem +31 -21
  213. data/spec/fixtures/ssl/intermediate.pem +57 -36
  214. data/spec/fixtures/ssl/oid-key.pem +117 -0
  215. data/spec/fixtures/ssl/oid.pem +69 -0
  216. data/spec/fixtures/ssl/pluto-key.pem +107 -57
  217. data/spec/fixtures/ssl/pluto.pem +52 -30
  218. data/spec/fixtures/ssl/request-key.pem +107 -57
  219. data/spec/fixtures/ssl/request.pem +47 -26
  220. data/spec/fixtures/ssl/revoked-key.pem +107 -57
  221. data/spec/fixtures/ssl/revoked.pem +52 -30
  222. data/spec/fixtures/ssl/signed-key.pem +107 -57
  223. data/spec/fixtures/ssl/signed.pem +52 -30
  224. data/spec/fixtures/ssl/tampered-cert.pem +52 -30
  225. data/spec/fixtures/ssl/tampered-csr.pem +47 -26
  226. data/spec/fixtures/ssl/trusted_oid_mapping.yaml +5 -0
  227. data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +107 -57
  228. data/spec/fixtures/ssl/unknown-127.0.0.1.pem +50 -29
  229. data/spec/fixtures/ssl/unknown-ca-key.pem +107 -57
  230. data/spec/fixtures/ssl/unknown-ca.pem +55 -33
  231. data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services_vendor_preset +9 -0
  232. data/spec/integration/application/agent_spec.rb +113 -37
  233. data/spec/integration/application/filebucket_spec.rb +16 -0
  234. data/spec/integration/application/module_spec.rb +21 -0
  235. data/spec/integration/application/plugin_spec.rb +1 -1
  236. data/spec/integration/application/resource_spec.rb +64 -0
  237. data/spec/integration/application/ssl_spec.rb +20 -0
  238. data/spec/integration/configurer_spec.rb +18 -2
  239. data/spec/integration/environments/settings_interpolation_spec.rb +0 -4
  240. data/spec/integration/http/client_spec.rb +12 -0
  241. data/spec/integration/indirector/direct_file_server_spec.rb +1 -3
  242. data/spec/integration/indirector/facts/facter_spec.rb +93 -39
  243. data/spec/integration/l10n/compiler_spec.rb +37 -0
  244. data/spec/integration/transaction/report_spec.rb +1 -1
  245. data/spec/integration/type/exec_spec.rb +70 -45
  246. data/spec/integration/type/file_spec.rb +2 -2
  247. data/spec/integration/type/package_spec.rb +6 -6
  248. data/spec/integration/util/rdoc/parser_spec.rb +1 -1
  249. data/spec/integration/util/windows/adsi_spec.rb +18 -0
  250. data/spec/integration/util/windows/principal_spec.rb +21 -0
  251. data/spec/integration/util/windows/process_spec.rb +1 -9
  252. data/spec/integration/util/windows/registry_spec.rb +6 -0
  253. data/spec/lib/puppet/test_ca.rb +7 -2
  254. data/spec/lib/puppet_spec/modules.rb +13 -2
  255. data/spec/lib/puppet_spec/puppetserver.rb +15 -0
  256. data/spec/lib/puppet_spec/settings.rb +1 -0
  257. data/spec/shared_behaviours/documentation_on_faces.rb +0 -2
  258. data/spec/shared_contexts/l10n.rb +27 -0
  259. data/spec/spec_helper.rb +12 -11
  260. data/spec/unit/application/agent_spec.rb +7 -2
  261. data/spec/unit/application/apply_spec.rb +76 -56
  262. data/spec/unit/application/facts_spec.rb +482 -3
  263. data/spec/unit/application/resource_spec.rb +29 -0
  264. data/spec/unit/application/ssl_spec.rb +23 -0
  265. data/spec/unit/configurer/downloader_spec.rb +6 -0
  266. data/spec/unit/configurer_spec.rb +194 -56
  267. data/spec/unit/defaults_spec.rb +17 -0
  268. data/spec/unit/environments_spec.rb +348 -88
  269. data/spec/unit/face/facts_spec.rb +4 -0
  270. data/spec/unit/facter_impl_spec.rb +31 -0
  271. data/spec/unit/file_bucket/dipper_spec.rb +2 -2
  272. data/spec/unit/file_serving/configuration/parser_spec.rb +23 -0
  273. data/spec/unit/file_serving/configuration_spec.rb +14 -4
  274. data/spec/unit/file_serving/fileset_spec.rb +60 -0
  275. data/spec/unit/file_serving/mount/scripts_spec.rb +69 -0
  276. data/spec/unit/file_system_spec.rb +22 -0
  277. data/spec/unit/functions/assert_type_spec.rb +1 -1
  278. data/spec/unit/functions/empty_spec.rb +10 -0
  279. data/spec/unit/functions/logging_spec.rb +1 -0
  280. data/spec/unit/functions/lookup_spec.rb +64 -0
  281. data/spec/unit/functions/unwrap_spec.rb +8 -0
  282. data/spec/unit/functions4_spec.rb +2 -2
  283. data/spec/unit/gettext/config_spec.rb +12 -0
  284. data/spec/unit/http/service/compiler_spec.rb +131 -0
  285. data/spec/unit/indirector/catalog/compiler_spec.rb +101 -10
  286. data/spec/unit/indirector/catalog/rest_spec.rb +8 -0
  287. data/spec/unit/indirector/facts/facter_spec.rb +95 -0
  288. data/spec/unit/indirector/indirection_spec.rb +10 -3
  289. data/spec/unit/indirector/resource/ral_spec.rb +40 -75
  290. data/spec/unit/interface/action_spec.rb +0 -9
  291. data/spec/unit/module_spec.rb +15 -1
  292. data/spec/unit/module_tool/applications/installer_spec.rb +51 -12
  293. data/spec/unit/network/authstore_spec.rb +0 -15
  294. data/spec/unit/network/formats_spec.rb +47 -0
  295. data/spec/unit/network/http/factory_spec.rb +19 -0
  296. data/spec/unit/parser/functions/fqdn_rand_spec.rb +15 -1
  297. data/spec/unit/parser/templatewrapper_spec.rb +12 -2
  298. data/spec/unit/pops/parser/parse_containers_spec.rb +0 -11
  299. data/spec/unit/pops/serialization/to_from_hr_spec.rb +58 -0
  300. data/spec/unit/pops/serialization/to_stringified_spec.rb +5 -0
  301. data/spec/unit/pops/types/p_sem_ver_type_spec.rb +18 -0
  302. data/spec/unit/pops/types/p_sensitive_type_spec.rb +18 -0
  303. data/spec/unit/pops/types/type_calculator_spec.rb +6 -0
  304. data/spec/unit/provider/package/dnfmodule_spec.rb +10 -1
  305. data/spec/unit/provider/package/gem_spec.rb +1 -1
  306. data/spec/unit/provider/package/nim_spec.rb +42 -0
  307. data/spec/unit/provider/package/pip2_spec.rb +1 -1
  308. data/spec/unit/provider/package/pip3_spec.rb +1 -1
  309. data/spec/unit/provider/package/pip_spec.rb +38 -1
  310. data/spec/unit/provider/package/pkg_spec.rb +29 -4
  311. data/spec/unit/provider/package/puppet_gem_spec.rb +1 -1
  312. data/spec/unit/provider/package/puppetserver_gem_spec.rb +1 -1
  313. data/spec/unit/provider/parsedfile_spec.rb +10 -0
  314. data/spec/unit/provider/service/init_spec.rb +1 -0
  315. data/spec/unit/provider/service/launchd_spec.rb +11 -0
  316. data/spec/unit/provider/service/openwrt_spec.rb +3 -1
  317. data/spec/unit/provider/service/systemd_spec.rb +54 -9
  318. data/spec/unit/provider/service/windows_spec.rb +202 -0
  319. data/spec/unit/provider/user/aix_spec.rb +100 -0
  320. data/spec/unit/provider/user/directoryservice_spec.rb +68 -36
  321. data/spec/unit/provider/user/useradd_spec.rb +61 -5
  322. data/spec/unit/provider_spec.rb +4 -4
  323. data/spec/unit/puppet_spec.rb +12 -4
  324. data/spec/unit/resource/catalog_spec.rb +1 -1
  325. data/spec/unit/settings_spec.rb +97 -56
  326. data/spec/unit/ssl/certificate_request_spec.rb +8 -14
  327. data/spec/unit/ssl/state_machine_spec.rb +19 -5
  328. data/spec/unit/transaction/additional_resource_generator_spec.rb +0 -2
  329. data/spec/unit/transaction_spec.rb +18 -20
  330. data/spec/unit/type/exec_spec.rb +76 -29
  331. data/spec/unit/type/file/selinux_spec.rb +3 -3
  332. data/spec/unit/type/file/source_spec.rb +4 -4
  333. data/spec/unit/type/service_spec.rb +86 -188
  334. data/spec/unit/type/tidy_spec.rb +24 -7
  335. data/spec/unit/type/user_spec.rb +45 -0
  336. data/spec/unit/type_spec.rb +2 -2
  337. data/spec/unit/util/logging_spec.rb +2 -0
  338. data/spec/unit/util/selinux_spec.rb +87 -16
  339. data/spec/unit/util/windows/sid_spec.rb +41 -0
  340. data/tasks/generate_cert_fixtures.rake +12 -3
  341. data/tasks/parallel.rake +3 -3
  342. metadata +51 -99
  343. data/ext/README.environment +0 -8
  344. data/ext/dbfix.sql +0 -132
  345. data/ext/debian/README.Debian +0 -8
  346. data/ext/debian/README.source +0 -2
  347. data/ext/debian/TODO.Debian +0 -1
  348. data/ext/debian/changelog.erb +0 -1122
  349. data/ext/debian/compat +0 -1
  350. data/ext/debian/control +0 -144
  351. data/ext/debian/copyright +0 -339
  352. data/ext/debian/docs +0 -1
  353. data/ext/debian/fileserver.conf +0 -41
  354. data/ext/debian/puppet-common.dirs +0 -13
  355. data/ext/debian/puppet-common.install +0 -3
  356. data/ext/debian/puppet-common.lintian-overrides +0 -5
  357. data/ext/debian/puppet-common.manpages +0 -28
  358. data/ext/debian/puppet-common.postinst +0 -35
  359. data/ext/debian/puppet-common.postrm +0 -33
  360. data/ext/debian/puppet-el.dirs +0 -1
  361. data/ext/debian/puppet-el.emacsen-install +0 -25
  362. data/ext/debian/puppet-el.emacsen-remove +0 -11
  363. data/ext/debian/puppet-el.emacsen-startup +0 -9
  364. data/ext/debian/puppet-el.install +0 -1
  365. data/ext/debian/puppet-testsuite.install +0 -2
  366. data/ext/debian/puppet-testsuite.lintian-overrides +0 -4
  367. data/ext/debian/puppet.lintian-overrides +0 -3
  368. data/ext/debian/puppet.logrotate +0 -20
  369. data/ext/debian/puppet.postinst +0 -20
  370. data/ext/debian/puppet.postrm +0 -20
  371. data/ext/debian/puppet.preinst +0 -20
  372. data/ext/debian/puppetmaster-common.install +0 -2
  373. data/ext/debian/puppetmaster-common.manpages +0 -2
  374. data/ext/debian/puppetmaster-common.postinst +0 -6
  375. data/ext/debian/puppetmaster-passenger.dirs +0 -4
  376. data/ext/debian/puppetmaster-passenger.postinst +0 -162
  377. data/ext/debian/puppetmaster-passenger.postrm +0 -61
  378. data/ext/debian/puppetmaster.README.debian +0 -17
  379. data/ext/debian/puppetmaster.default +0 -14
  380. data/ext/debian/puppetmaster.init +0 -137
  381. data/ext/debian/puppetmaster.lintian-overrides +0 -3
  382. data/ext/debian/puppetmaster.postinst +0 -20
  383. data/ext/debian/puppetmaster.postrm +0 -5
  384. data/ext/debian/puppetmaster.preinst +0 -22
  385. data/ext/debian/rules +0 -132
  386. data/ext/debian/source/format +0 -1
  387. data/ext/debian/source/options +0 -1
  388. data/ext/debian/vim-puppet.README.Debian +0 -13
  389. data/ext/debian/vim-puppet.dirs +0 -5
  390. data/ext/debian/vim-puppet.yaml +0 -7
  391. data/ext/debian/watch +0 -2
  392. data/ext/freebsd/puppetd +0 -26
  393. data/ext/freebsd/puppetmasterd +0 -26
  394. data/ext/gentoo/conf.d/puppet +0 -5
  395. data/ext/gentoo/conf.d/puppetmaster +0 -12
  396. data/ext/gentoo/init.d/puppet +0 -38
  397. data/ext/gentoo/init.d/puppetmaster +0 -51
  398. data/ext/gentoo/puppet/fileserver.conf +0 -41
  399. data/ext/ips/puppet-agent +0 -44
  400. data/ext/ips/puppet-master +0 -44
  401. data/ext/ips/puppet.p5m.erb +0 -12
  402. data/ext/ips/puppetagent.xml +0 -42
  403. data/ext/ips/puppetmaster.xml +0 -42
  404. data/ext/ips/rules +0 -19
  405. data/ext/ips/transforms +0 -34
  406. data/ext/ldap/puppet.schema +0 -24
  407. data/ext/logcheck/puppet +0 -23
  408. data/ext/osx/file_mapping.yaml +0 -33
  409. data/ext/osx/postflight.erb +0 -109
  410. data/ext/osx/preflight.erb +0 -52
  411. data/ext/osx/prototype.plist.erb +0 -38
  412. data/ext/redhat/fileserver.conf +0 -41
  413. data/ext/redhat/logrotate +0 -21
  414. data/ext/redhat/puppet.spec.erb +0 -842
  415. data/ext/redhat/server.init +0 -128
  416. data/ext/redhat/server.sysconfig +0 -13
  417. data/ext/solaris/pkginfo +0 -6
  418. data/ext/solaris/smf/puppetd.xml +0 -77
  419. data/ext/solaris/smf/puppetmasterd.xml +0 -77
  420. data/ext/solaris/smf/svc-puppetd +0 -71
  421. data/ext/solaris/smf/svc-puppetmasterd +0 -67
  422. data/ext/suse/puppet.spec +0 -310
  423. data/ext/suse/server.init +0 -173
  424. data/ext/yaml_nodes.rb +0 -105
  425. data/spec/lib/matchers/include.rb +0 -27
  426. data/spec/lib/matchers/include_spec.rb +0 -32
  427. data/spec/unit/indirector/store_configs_spec.rb +0 -7
@@ -4,7 +4,7 @@ Puppet::Type.type(:service).provide :init, :parent => :base do
4
4
  desc "Standard `init`-style service management."
5
5
 
6
6
  def self.defpath
7
- case Facter.value(:operatingsystem)
7
+ case Puppet.runtime[:facter].value(:operatingsystem)
8
8
  when "FreeBSD", "DragonFly"
9
9
  ["/etc/rc.d", "/usr/local/etc/rc.d"]
10
10
  when "HP-UX"
@@ -21,8 +21,8 @@ Puppet::Type.type(:service).provide :init, :parent => :base do
21
21
  # Debian and Ubuntu should use the Debian provider.
22
22
  # RedHat systems should use the RedHat provider.
23
23
  confine :true => begin
24
- os = Facter.value(:operatingsystem).downcase
25
- family = Facter.value(:osfamily).downcase
24
+ os = Puppet.runtime[:facter].value(:operatingsystem).downcase
25
+ family = Puppet.runtime[:facter].value(:osfamily).downcase
26
26
  !(os == 'debian' || os == 'ubuntu' || family == 'redhat')
27
27
  end
28
28
 
@@ -54,7 +54,7 @@ Puppet::Type.type(:service).provide :init, :parent => :base do
54
54
  # these excludes were found with grep -r -L start /etc/init.d
55
55
  excludes += %w{rcS module-init-tools}
56
56
  # Prevent puppet failing on unsafe scripts from Yocto Linux
57
- if Facter.value(:osfamily) == "cisco-wrlinux"
57
+ if Puppet.runtime[:facter].value(:osfamily) == "cisco-wrlinux"
58
58
  excludes += %w{banner.sh bootmisc.sh checkroot.sh devpts.sh dmesg.sh
59
59
  hostname.sh mountall.sh mountnfs.sh populate-volatile.sh
60
60
  rmnologin.sh save-rtc.sh sendsigs sysfs.sh umountfs
@@ -171,7 +171,7 @@ Puppet::Type.type(:service).provide :init, :parent => :base do
171
171
  end
172
172
 
173
173
  def texecute(type, command, fof = true, squelch = false, combine = true)
174
- if type == :start && Facter.value(:osfamily) == "Solaris"
174
+ if type == :start && Puppet.runtime[:facter].value(:osfamily) == "Solaris"
175
175
  command = ["/usr/bin/ctrun -l child", command].flatten.join(" ")
176
176
  end
177
177
  super(type, command, fof, squelch, combine)
@@ -70,7 +70,7 @@ Puppet::Type.type(:service).provide :launchd, :parent => :base do
70
70
  #
71
71
  # @api private
72
72
  def self.get_os_version
73
- @os_version ||= Facter.value(:operatingsystemmajrelease).to_i
73
+ @os_version ||= Puppet.runtime[:facter].value(:operatingsystemmajrelease).to_i
74
74
  end
75
75
 
76
76
  # Defines the path to the overrides plist file where service enabling
@@ -138,7 +138,7 @@ Puppet::Type.type(:service).provide :launchd, :parent => :base do
138
138
  Puppet.debug("Reading launchd plist #{filepath}")
139
139
  job = read_plist(filepath)
140
140
  next if job.nil?
141
- if job.has_key?("Label")
141
+ if job.respond_to?(:key) && job.key?("Label")
142
142
  @label_to_path_map[job["Label"]] = filepath
143
143
  else
144
144
  #TRANSLATORS 'plist' and label' should not be translated
@@ -35,7 +35,7 @@ Puppet::Type.type(:service).provide :redhat, :parent => :init, :source => :init
35
35
  # For Suse OS family, chkconfig returns 0 even if the service is disabled or non-existent
36
36
  # Therefore, check the output for '<name> on' (or '<name> B for boot services)
37
37
  # to see if it is enabled
38
- return :false unless Facter.value(:osfamily) != 'Suse' || output =~ /^#{name}\s+(on|B)$/
38
+ return :false unless Puppet.runtime[:facter].value(:osfamily) != 'Suse' || output =~ /^#{name}\s+(on|B)$/
39
39
 
40
40
  :true
41
41
  end
@@ -73,14 +73,14 @@ Puppet::Type.type(:service).provide :smf, :parent => :base do
73
73
 
74
74
  # Returns true if the provider supports incomplete services.
75
75
  def supports_incomplete_services?
76
- Puppet::Util::Package.versioncmp(Facter.value(:operatingsystemrelease), '11.1') >= 0
76
+ Puppet::Util::Package.versioncmp(Puppet.runtime[:facter].value(:operatingsystemrelease), '11.1') >= 0
77
77
  end
78
78
 
79
79
  # Returns true if the service is complete. A complete service is a service that
80
80
  # has the general/complete property defined.
81
81
  def complete_service?
82
82
  unless supports_incomplete_services?
83
- raise Puppet::Error, _("Cannot query if the %{service} service is complete: The concept of complete/incomplete services was introduced in Solaris 11.1. You are on a Solaris %{release} machine.") % { service: @resource[:name], release: Facter.value(:operatingsystemrelease) }
83
+ raise Puppet::Error, _("Cannot query if the %{service} service is complete: The concept of complete/incomplete services was introduced in Solaris 11.1. You are on a Solaris %{release} machine.") % { service: @resource[:name], release: Puppet.runtime[:facter].value(:operatingsystemrelease) }
84
84
  end
85
85
 
86
86
  return @complete_service if @complete_service
@@ -113,7 +113,7 @@ Puppet::Type.type(:service).provide :smf, :parent => :base do
113
113
  end
114
114
 
115
115
  def restartcmd
116
- if Puppet::Util::Package.versioncmp(Facter.value(:operatingsystemrelease), '11.2') >= 0
116
+ if Puppet::Util::Package.versioncmp(Puppet.runtime[:facter].value(:operatingsystemrelease), '11.2') >= 0
117
117
  [command(:adm), :restart, "-s", @resource[:name]]
118
118
  else
119
119
  # Synchronous restart only supported in Solaris 11.2 and above
@@ -14,7 +14,7 @@ Puppet::Type.type(:service).provide :systemd, :parent => :base do
14
14
  confine :true => Puppet::FileSystem.exist?('/proc/1/comm') && Puppet::FileSystem.read('/proc/1/comm').include?('systemd')
15
15
 
16
16
  defaultfor :osfamily => [:archlinux]
17
- defaultfor :osfamily => :redhat, :operatingsystemmajrelease => ["7", "8"]
17
+ defaultfor :osfamily => :redhat, :operatingsystemmajrelease => ["7", "8", "9"]
18
18
  defaultfor :osfamily => :redhat, :operatingsystem => :fedora
19
19
  defaultfor :osfamily => :suse
20
20
  defaultfor :osfamily => :coreos
@@ -30,7 +30,7 @@ Puppet::Type.type(:service).provide :systemd, :parent => :base do
30
30
  def self.instances
31
31
  i = []
32
32
  output = systemctl('list-unit-files', '--type', 'service', '--full', '--all', '--no-pager')
33
- output.scan(/^(\S+)\s+(disabled|enabled|masked|indirect|bad|static)\s*$/i).each do |m|
33
+ output.scan(/^(\S+)\s+(disabled|enabled|masked|indirect|bad|static)\s*([^-]\S+)?\s*$/i).each do |m|
34
34
  Puppet.debug("#{m[0]} marked as bad by `systemctl`. It is recommended to be further checked.") if m[1] == "bad"
35
35
  i << new(:name => m[0])
36
36
  end
@@ -45,8 +45,13 @@ Puppet::Type.type(:service).provide :systemd, :parent => :base do
45
45
  def enabled_insync?(current)
46
46
  case cached_enabled?[:output]
47
47
  when 'static'
48
- Puppet.debug("Unable to enable or disable static service #{@resource[:name]}")
49
- return true
48
+ # masking static services is OK, but enabling/disabling them is not
49
+ if @resource[:enable] == :mask
50
+ current == @resource[:enable]
51
+ else
52
+ Puppet.debug("Unable to enable or disable static service #{@resource[:name]}")
53
+ return true
54
+ end
50
55
  when 'indirect'
51
56
  Puppet.debug("Service #{@resource[:name]} is in 'indirect' state and cannot be enabled/disabled")
52
57
  return true
@@ -105,7 +110,7 @@ Puppet::Type.type(:service).provide :systemd, :parent => :base do
105
110
  # The indirect state indicates that the unit is not enabled.
106
111
  return :false if output == 'indirect'
107
112
  return :true if (code == 0)
108
- if (output.empty?) && (code > 0) && (Facter.value(:osfamily).casecmp('debian').zero?)
113
+ if (output.empty?) && (code > 0) && (Puppet.runtime[:facter].value(:osfamily).casecmp('debian').zero?)
109
114
  ret = debian_enabled?
110
115
  return ret if ret
111
116
  end
@@ -159,10 +164,15 @@ Puppet::Type.type(:service).provide :systemd, :parent => :base do
159
164
  end
160
165
 
161
166
  def mask
162
- self.disable
167
+ disable if exist?
163
168
  systemctl_change_enable(:mask)
164
169
  end
165
170
 
171
+ def exist?
172
+ result = execute([command(:systemctl), 'cat', '--', @resource[:name]], :failonfail => false)
173
+ result.exitstatus == 0
174
+ end
175
+
166
176
  def unmask
167
177
  systemctl_change_enable(:unmask)
168
178
  end
@@ -10,10 +10,10 @@ Puppet::Type.type(:service).provide :upstart, :parent => :debian do
10
10
  "
11
11
 
12
12
  confine :any => [
13
- Facter.value(:operatingsystem) == 'Ubuntu',
14
- (Facter.value(:osfamily) == 'RedHat' and Facter.value(:operatingsystemrelease) =~ /^6\./),
15
- (Facter.value(:operatingsystem) == 'Amazon' and Facter.value(:operatingsystemmajrelease) =~ /\d{4}/),
16
- Facter.value(:operatingsystem) == 'LinuxMint',
13
+ Puppet.runtime[:facter].value(:operatingsystem) == 'Ubuntu',
14
+ (Puppet.runtime[:facter].value(:osfamily) == 'RedHat' and Puppet.runtime[:facter].value(:operatingsystemrelease) =~ /^6\./),
15
+ (Puppet.runtime[:facter].value(:operatingsystem) == 'Amazon' and Puppet.runtime[:facter].value(:operatingsystemmajrelease) =~ /\d{4}/),
16
+ Puppet.runtime[:facter].value(:operatingsystem) == 'LinuxMint',
17
17
  ]
18
18
 
19
19
  defaultfor :operatingsystem => :ubuntu, :operatingsystemmajrelease => ["10.04", "12.04", "14.04", "14.10"]
@@ -57,7 +57,7 @@ Puppet::Type.type(:service).provide :upstart, :parent => :debian do
57
57
 
58
58
  def self.excludes
59
59
  excludes = super
60
- if Facter.value(:osfamily) == 'RedHat'
60
+ if Puppet.runtime[:facter].value(:osfamily) == 'RedHat'
61
61
  # Puppet cannot deal with services that have instances, so we have to
62
62
  # ignore these services using instances on redhat based systems.
63
63
  excludes += %w[serial tty]
@@ -128,17 +128,55 @@ Puppet::Type.type(:service).provide :windows, :parent => :service do
128
128
  services
129
129
  end
130
130
 
131
+ def logonaccount_insync?(current)
132
+ @normalized_logon_account ||= normalize_logonaccount
133
+ @resource[:logonaccount] = @normalized_logon_account
134
+
135
+ insync = @resource[:logonaccount] == current
136
+ self.logonpassword = @resource[:logonpassword] if insync
137
+ insync
138
+ end
139
+
131
140
  def logonaccount
132
141
  return unless Puppet::Util::Windows::Service.exists?(@resource[:name])
133
142
  Puppet::Util::Windows::Service.logon_account(@resource[:name])
134
143
  end
135
144
 
136
145
  def logonaccount=(value)
146
+ validate_logon_credentials
137
147
  Puppet::Util::Windows::Service.set_startup_configuration(@resource[:name], options: {logon_account: value, logon_password: @resource[:logonpassword]})
138
148
  restart if @resource[:ensure] == :running && [:running, :paused].include?(status)
139
149
  end
140
150
 
141
151
  def logonpassword=(value)
152
+ validate_logon_credentials
142
153
  Puppet::Util::Windows::Service.set_startup_configuration(@resource[:name], options: {logon_password: value})
143
154
  end
155
+
156
+ private
157
+
158
+ def normalize_logonaccount
159
+ logon_account = @resource[:logonaccount].sub(/^\.\\/, "#{Puppet::Util::Windows::ADSI.computer_name}\\")
160
+ return 'LocalSystem' if Puppet::Util::Windows::User::localsystem?(logon_account)
161
+
162
+ @logonaccount_information ||= Puppet::Util::Windows::SID.name_to_principal(logon_account)
163
+ return logon_account unless @logonaccount_information
164
+ return ".\\#{@logonaccount_information.account}" if @logonaccount_information.domain == Puppet::Util::Windows::ADSI.computer_name
165
+ @logonaccount_information.domain_account
166
+ end
167
+
168
+ def validate_logon_credentials
169
+ unless Puppet::Util::Windows::User::localsystem?(@normalized_logon_account)
170
+ raise Puppet::Error.new("\"#{@normalized_logon_account}\" is not a valid account") unless @logonaccount_information && [:SidTypeUser, :SidTypeWellKnownGroup].include?(@logonaccount_information.account_type)
171
+
172
+ user_rights = Puppet::Util::Windows::User::get_rights(@logonaccount_information.domain_account) unless Puppet::Util::Windows::User::default_system_account?(@normalized_logon_account)
173
+ raise Puppet::Error.new("\"#{@normalized_logon_account}\" has the 'Log On As A Service' right set to denied.") if user_rights =~ /SeDenyServiceLogonRight/
174
+ raise Puppet::Error.new("\"#{@normalized_logon_account}\" is missing the 'Log On As A Service' right.") unless user_rights.nil? || user_rights =~ /SeServiceLogonRight/
175
+ end
176
+
177
+ is_a_predefined_local_account = Puppet::Util::Windows::User::default_system_account?(@normalized_logon_account) || @normalized_logon_account == 'LocalSystem'
178
+ account_info = @normalized_logon_account.split("\\")
179
+ able_to_logon = Puppet::Util::Windows::User.password_is?(account_info[1], @resource[:logonpassword], account_info[0]) unless is_a_predefined_local_account
180
+ raise Puppet::Error.new("The given password is invalid for user '#{@normalized_logon_account}'.") unless is_a_predefined_local_account || able_to_logon
181
+ end
144
182
  end
@@ -265,6 +265,50 @@ Puppet::Type.type(:user).provide :aix, :parent => Puppet::Provider::AixObject do
265
265
  end
266
266
  end
267
267
 
268
+ # Lists all instances of the given object, taking in an optional set
269
+ # of ia_module arguments. Returns an array of hashes, each hash
270
+ # having the schema
271
+ # {
272
+ # :name => <object_name>
273
+ # :home => <object_home>
274
+ # }
275
+ def list_all_homes(ia_module_args = [])
276
+ cmd = [command(:list), '-c', *ia_module_args, '-a', 'home', 'ALL']
277
+ parse_aix_objects(execute(cmd)).to_a.map do |object|
278
+ name = object[:name]
279
+ home = object[:attributes].delete(:home)
280
+
281
+ { name: name, home: home }
282
+ end
283
+ rescue => e
284
+ Puppet.debug("Could not list home of all users: #{e.message}")
285
+ {}
286
+ end
287
+
288
+ # Deletes this instance resource
289
+ def delete
290
+ homedir = home
291
+ super
292
+ return unless @resource.managehome?
293
+
294
+ if !Puppet::Util.absolute_path?(homedir) || File.realpath(homedir) == '/' || Puppet::FileSystem.symlink?(homedir)
295
+ Puppet.debug("Can not remove home directory '#{homedir}' of user '#{@resource[:name]}'. Please make sure the path is not relative, symlink or '/'.")
296
+ return
297
+ end
298
+
299
+ affected_home = list_all_homes.find { |info| info[:home].start_with?(File.realpath(homedir)) }
300
+ if affected_home
301
+ Puppet.debug("Can not remove home directory '#{homedir}' of user '#{@resource[:name]}' as it would remove the home directory '#{affected_home[:home]}' of user '#{affected_home[:name]}' also.")
302
+ return
303
+ end
304
+
305
+ FileUtils.remove_entry_secure(homedir, true)
306
+ end
307
+
308
+ def deletecmd
309
+ [self.class.command(:delete), '-p'] + ia_module_args + [@resource[:name]]
310
+ end
311
+
268
312
  # UNSUPPORTED
269
313
  #- **profile_membership**
270
314
  # Whether specified roles should be treated as the only roles
@@ -314,5 +358,4 @@ Puppet::Type.type(:user).provide :aix, :parent => Puppet::Provider::AixObject do
314
358
  # be treated as the minimum membership list. Valid values are
315
359
  # `inclusive`, `minimum`.
316
360
  # UNSUPPORTED
317
-
318
361
  end
@@ -159,7 +159,7 @@ Puppet::Type.type(:user).provide :directoryservice do
159
159
  end
160
160
 
161
161
  def self.get_os_version
162
- @os_version ||= Facter.value(:macosx_productversion_major)
162
+ @os_version ||= Puppet.runtime[:facter].value(:macosx_productversion_major)
163
163
  end
164
164
 
165
165
  # Use dscl to retrieve an array of hashes containing attributes about all
@@ -435,7 +435,7 @@ Puppet::Type.type(:user).provide :directoryservice do
435
435
  ['home', 'uid', 'gid', 'comment', 'shell'].each do |setter_method|
436
436
  define_method("#{setter_method}=") do |value|
437
437
  if @property_hash[setter_method.intern]
438
- if self.class.get_os_version.split('.').last.to_i >= 14 && %w(home uid).include?(setter_method)
438
+ if %w(home uid).include?(setter_method)
439
439
  raise Puppet::Error, "OS X version #{self.class.get_os_version} does not allow changing #{setter_method} using puppet"
440
440
  end
441
441
  begin
@@ -536,6 +536,14 @@ Puppet::Type.type(:user).provide :directoryservice do
536
536
  if (shadow_hash_data.class == Hash) && (shadow_hash_data.has_key?('SALTED-SHA512'))
537
537
  shadow_hash_data.delete('SALTED-SHA512')
538
538
  end
539
+
540
+ # Starting with macOS 11 Big Sur, the AuthenticationAuthority field
541
+ # could be missing entirely and without it the managed user cannot log in
542
+ if needs_sha512_pbkdf2_authentication_authority_to_be_added?(users_plist)
543
+ Puppet.debug("Adding 'SALTED-SHA512-PBKDF2' AuthenticationAuthority key for ShadowHash to user '#{@resource.name}'")
544
+ merge_attribute_with_dscl('Users', @resource.name, 'AuthenticationAuthority', ERB::Util.html_escape(SHA512_PBKDF2_AUTHENTICATION_AUTHORITY))
545
+ end
546
+
539
547
  set_salted_pbkdf2(users_plist, shadow_hash_data, 'entropy', value)
540
548
  end
541
549
  end
@@ -562,6 +570,17 @@ Puppet::Type.type(:user).provide :directoryservice do
562
570
  end
563
571
  end
564
572
 
573
+ # This method will check if authentication_authority key of a user's plist
574
+ # needs SALTED_SHA512_PBKDF2 to be added. This is a valid case for macOS 11 (Big Sur)
575
+ # where users created with `dscl` started to have this field missing
576
+ def needs_sha512_pbkdf2_authentication_authority_to_be_added?(users_plist)
577
+ authority = users_plist['authentication_authority']
578
+ return false if Puppet::Util::Package.versioncmp(self.class.get_os_version, '11.0.0') < 0 && authority && authority.include?(SHA512_PBKDF2_AUTHENTICATION_AUTHORITY)
579
+
580
+ Puppet.debug("User '#{@resource.name}' is missing the 'SALTED-SHA512-PBKDF2' AuthenticationAuthority key for ShadowHash")
581
+ true
582
+ end
583
+
565
584
  # This method will embed the binary plist data comprising the user's
566
585
  # password hash (and Salt/Iterations value if the OS is 10.8 or greater)
567
586
  # into the ShadowHashData key of the user's plist.
@@ -572,11 +591,7 @@ Puppet::Type.type(:user).provide :directoryservice do
572
591
  else
573
592
  users_plist['ShadowHashData'] = [binary_plist]
574
593
  end
575
- if Puppet::Util::Package.versioncmp(self.class.get_os_version, '10.15') < 0
576
- write_users_plist_to_disk(users_plist)
577
- else
578
- write_and_import_shadow_hash_data(users_plist['ShadowHashData'].first)
579
- end
594
+ write_and_import_shadow_hash_data(users_plist['ShadowHashData'].first)
580
595
  end
581
596
 
582
597
  # This method writes the ShadowHashData plist in a temporary file,
@@ -652,12 +667,6 @@ Puppet::Type.type(:user).provide :directoryservice do
652
667
  set_shadow_hash_data(users_plist, binary_plist)
653
668
  end
654
669
 
655
- # This method will accept a plist in XML format, save it to disk, convert
656
- # the plist to a binary format, and flush the dscl cache.
657
- def write_users_plist_to_disk(users_plist)
658
- Puppet::Util::Plist.write_plist_file(users_plist, "#{users_plist_dir}/#{@resource.name}.plist", :binary)
659
- end
660
-
661
670
  # This is a simple wrapper method for writing values to a file.
662
671
  def write_to_file(filename, value)
663
672
  Puppet.deprecation_warning("Puppet::Type.type(:user).provider(:directoryservice).write_to_file is deprecated and will be removed in Puppet 5.")
@@ -667,4 +676,8 @@ Puppet::Type.type(:user).provide :directoryservice do
667
676
  raise Puppet::Error, "Could not write to file #{filename}: #{detail}", detail.backtrace
668
677
  end
669
678
  end
679
+
680
+ private
681
+
682
+ SHA512_PBKDF2_AUTHENTICATION_AUTHORITY = ';ShadowHash;HASHLIST:<SALTED-SHA512-PBKDF2,SRP-RFC5054-4096-SHA512-PBKDF2>'
670
683
  end
@@ -7,9 +7,12 @@ require 'puppet/error'
7
7
  Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameService::ObjectAdd do
8
8
  desc "User management via `useradd` and its ilk. Note that you will need to
9
9
  install Ruby's shadow password library (often known as `ruby-libshadow`)
10
- if you wish to manage user passwords."
10
+ if you wish to manage user passwords.
11
11
 
12
- commands :add => "useradd", :delete => "userdel", :modify => "usermod", :password => "chage"
12
+ To use the `forcelocal` parameter, you need to install the `libuser` package (providing
13
+ `/usr/sbin/lgroupadd` and `/usr/sbin/luseradd`)."
14
+
15
+ commands :add => "useradd", :delete => "userdel", :modify => "usermod", :password => "chage", :chpasswd => "chpasswd"
13
16
 
14
17
  options :home, :flag => "-d", :method => :dir
15
18
  options :comment, :method => :gecos
@@ -21,13 +24,13 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
21
24
  options :expiry, :method => :sp_expire,
22
25
  :munge => proc { |value|
23
26
  if value == :absent
24
- if Facter.value(:operatingsystem)=='SLES' && Facter.value(:operatingsystemmajrelease) == "11"
27
+ if Puppet.runtime[:facter].value(:operatingsystem)=='SLES' && Puppet.runtime[:facter].value(:operatingsystemmajrelease) == "11"
25
28
  -1
26
29
  else
27
30
  ''
28
31
  end
29
32
  else
30
- case Facter.value(:operatingsystem)
33
+ case Puppet.runtime[:facter].value(:operatingsystem)
31
34
  when 'Solaris'
32
35
  # Solaris uses %m/%d/%Y for useradd/usermod
33
36
  expiry_year, expiry_month, expiry_day = value.split('-')
@@ -69,6 +72,16 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
69
72
  get(:comment)
70
73
  end
71
74
 
75
+ def shell
76
+ return localshell if @resource.forcelocal?
77
+ get(:shell)
78
+ end
79
+
80
+ def home
81
+ return localhome if @resource.forcelocal?
82
+ get(:home)
83
+ end
84
+
72
85
  def groups
73
86
  return localgroups if @resource.forcelocal?
74
87
  super
@@ -120,6 +133,16 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
120
133
  user[:gecos]
121
134
  end
122
135
 
136
+ def localshell
137
+ user = finduser(:account, resource[:name])
138
+ user[:shell]
139
+ end
140
+
141
+ def localhome
142
+ user = finduser(:account, resource[:name])
143
+ user[:directory]
144
+ end
145
+
123
146
  def localgroups
124
147
  @groups_of ||= {}
125
148
  group_file = '/etc/group'
@@ -135,7 +158,7 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
135
158
 
136
159
  Puppet::FileSystem.each_line(group_file) do |line|
137
160
  data = line.chomp.split(':')
138
- if data.last.split(',').include?(user)
161
+ if !data.empty? && data.last.split(',').include?(user)
139
162
  @groups_of[user] << data.first
140
163
  end
141
164
  end
@@ -152,6 +175,38 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
152
175
  set(:groups, value)
153
176
  end
154
177
 
178
+ def password=(value)
179
+ user = @resource[:name]
180
+ tempfile = Tempfile.new('puppet', :encoding => Encoding::UTF_8)
181
+ begin
182
+ # Puppet execute does not support strings as input, only files.
183
+ # The password is expected to be in an encrypted format given -e is specified:
184
+ tempfile << "#{user}:#{value}\n"
185
+ tempfile.flush
186
+
187
+ # Options '-e' use encrypted password
188
+ # Must receive "user:enc_password" as input
189
+ # command, arguments = {:failonfail => true, :combine => true}
190
+ cmd = [command(:chpasswd), '-e']
191
+ execute_options = {
192
+ :failonfail => false,
193
+ :combine => true,
194
+ :stdinfile => tempfile.path,
195
+ :sensitive => has_sensitive_data?
196
+ }
197
+ output = execute(cmd, execute_options)
198
+
199
+ rescue => detail
200
+ tempfile.close
201
+ tempfile.delete
202
+ raise Puppet::Error, "Could not set password on #{@resource.class.name}[#{@resource.name}]: #{detail}", detail.backtrace
203
+ end
204
+
205
+ # chpasswd can return 1, even on success (at least on AIX 6.1); empty output
206
+ # indicates success
207
+ raise Puppet::ExecutionFailure, "chpasswd said #{output}" if output != ''
208
+ end
209
+
155
210
  verify :gid, "GID must be an integer" do |value|
156
211
  value.is_a? Integer
157
212
  end
@@ -161,7 +216,7 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
161
216
  end
162
217
 
163
218
  has_features :manages_homedir, :allows_duplicates, :manages_expiry
164
- has_features :system_users unless %w{HP-UX Solaris}.include? Facter.value(:operatingsystem)
219
+ has_features :system_users unless %w{HP-UX Solaris}.include? Puppet.runtime[:facter].value(:operatingsystem)
165
220
 
166
221
  has_features :manages_passwords, :manages_password_age if Puppet.features.libshadow?
167
222
  has_features :manages_shell
@@ -196,8 +251,8 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
196
251
  # libuser does not implement the -m flag
197
252
  cmd << "-m" unless @resource.forcelocal?
198
253
  else
199
- osfamily = Facter.value(:osfamily)
200
- osversion = Facter.value(:operatingsystemmajrelease).to_i
254
+ osfamily = Puppet.runtime[:facter].value(:osfamily)
255
+ osversion = Puppet.runtime[:facter].value(:operatingsystemmajrelease).to_i
201
256
  # SLES 11 uses pwdutils instead of shadow, which does not have -M
202
257
  # Solaris and OpenBSD use different useradd flavors
203
258
  unless osfamily =~ /Solaris|OpenBSD/ || osfamily == 'Suse' && osversion <= 11
@@ -215,13 +270,15 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
215
270
  end
216
271
  end
217
272
 
273
+ # Add properties and flags but skipping password related properties due to
274
+ # security risks
218
275
  def add_properties
219
276
  cmd = []
220
277
  # validproperties is a list of properties in undefined order
221
278
  # sort them to have a predictable command line in tests
222
279
  Puppet::Type.type(:user).validproperties.sort.each do |property|
223
280
  value = get_value_for_property(property)
224
- next if value.nil?
281
+ next if value.nil? || property == :password
225
282
  # the value needs to be quoted, mostly because -c might
226
283
  # have spaces in it
227
284
  cmd << flag(property) << munge(property, value)
@@ -293,7 +350,7 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
293
350
  cmd = [command(:delete)]
294
351
  end
295
352
  # Solaris `userdel -r` will fail if the homedir does not exist.
296
- if @resource.managehome? && (('Solaris' != Facter.value(:operatingsystem)) || Dir.exist?(Dir.home(@resource[:name])))
353
+ if @resource.managehome? && (('Solaris' != Puppet.runtime[:facter].value(:operatingsystem)) || Dir.exist?(Dir.home(@resource[:name])))
297
354
  cmd << '-r'
298
355
  end
299
356
  cmd << @resource[:name]
@@ -331,13 +388,12 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
331
388
  if @resource[:shell]
332
389
  check_valid_shell
333
390
  end
334
- super
335
- if @resource.forcelocal? && self.groups?
336
- set(:groups, @resource[:groups])
337
- end
338
- if @resource.forcelocal? && @resource[:expiry]
339
- set(:expiry, @resource[:expiry])
340
- end
391
+ super
392
+ if @resource.forcelocal?
393
+ set(:groups, @resource[:groups]) if self.groups?
394
+ set(:expiry, @resource[:expiry]) if @resource[:expiry]
395
+ end
396
+ set(:password, @resource[:password]) if @resource[:password]
341
397
  end
342
398
 
343
399
  def groups?
@@ -302,7 +302,7 @@ class Puppet::Provider
302
302
  # values. Given one or more Regexp instances, fact is compared via the basic
303
303
  # pattern-matching operator.
304
304
  def self.fact_match(fact, values)
305
- fact_val = Facter.value(fact).to_s.downcase
305
+ fact_val = Puppet.runtime[:facter].value(fact).to_s.downcase
306
306
  if fact_val.empty?
307
307
  return false
308
308
  else
@@ -41,7 +41,7 @@ config = Puppet::Util::Reference.newreference(:configuration, :depth => 1, :doc
41
41
  # Leave out the section information; it was apparently confusing people.
42
42
  #str << "- **Section**: #{object.section}\n"
43
43
  unless val == ""
44
- str << "- *Default*: #{val}\n"
44
+ str << "- *Default*: `#{val}`\n"
45
45
  end
46
46
  str << "\n"
47
47
  end
@@ -15,7 +15,7 @@ providers = Puppet::Util::Reference.newreference :providers, :title => "Provider
15
15
  # Throw some facts in there, so we know where the report is from.
16
16
  ["Ruby Version", "Puppet Version", "Operating System", "Operating System Release"].each do |label|
17
17
  name = label.gsub(/\s+/, '')
18
- value = Facter.value(name)
18
+ value = Puppet.runtime[:facter].value(name)
19
19
  ret << option(label, value)
20
20
  end
21
21
  ret << "\n"
@@ -61,7 +61,7 @@ providers = Puppet::Util::Reference.newreference :providers, :title => "Provider
61
61
  if Puppet.settings.valid?(name)
62
62
  details << _(" - Setting %{name} (currently %{value}) not in list %{facts}\n") % { name: name, value: Puppet.settings.value(name).inspect, facts: facts.join(", ") }
63
63
  else
64
- details << _(" - Fact %{name} (currently %{value}) not in list %{facts}\n") % { name: name, value: Facter.value(name).inspect, facts: facts.join(", ") }
64
+ details << _(" - Fact %{name} (currently %{value}) not in list %{facts}\n") % { name: name, value: Puppet.runtime[:facter].value(name).inspect, facts: facts.join(", ") }
65
65
  end
66
66
  end
67
67
  when :true
@@ -1,3 +1,4 @@
1
+ # frozen_string_literal: true
1
2
  require 'puppet/parser/type_loader'
2
3
  require 'puppet/util/file_watcher'
3
4
  require 'puppet/util/warnings'
@@ -1,4 +1,5 @@
1
1
  require 'puppet/http'
2
+ require 'puppet/facter_impl'
2
3
  require 'singleton'
3
4
 
4
5
  # Provides access to runtime implementations.
@@ -17,11 +18,20 @@ class Puppet::Runtime
17
18
  else
18
19
  Puppet::HTTP::ExternalClient.new(klass)
19
20
  end
20
- end
21
+ end,
22
+ facter: proc { Puppet::FacterImpl.new }
21
23
  }
22
24
  end
23
25
  private :initialize
24
26
 
27
+ # Loads all runtime implementations.
28
+ #
29
+ # @return Array[Symbol] the names of loaded implementations
30
+ # @api private
31
+ def load_services
32
+ @runtime_services.keys.each { |key| self[key] }
33
+ end
34
+
25
35
  # Get a runtime implementation.
26
36
  #
27
37
  # @param name [Symbol] the name of the implementation
@@ -29,6 +29,7 @@ class Puppet::Settings::EnvironmentConf
29
29
  section = config.sections[:main]
30
30
  rescue Errno::ENOENT
31
31
  # environment.conf is an optional file
32
+ Puppet.debug { "Path to #{path_to_env} does not exist, using default environment.conf" }
32
33
  end
33
34
 
34
35
  new(path_to_env, section, global_module_path)