puppet 6.21.1 → 6.25.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CONTRIBUTING.md +5 -5
- data/Gemfile +3 -3
- data/Gemfile.lock +34 -28
- data/README.md +4 -4
- data/{ext → examples/enc}/regexp_nodes/classes/databases +0 -0
- data/{ext → examples/enc}/regexp_nodes/classes/webservers +0 -0
- data/{ext → examples/enc}/regexp_nodes/environment/development +0 -0
- data/{ext → examples/enc}/regexp_nodes/parameters/service/prod +0 -0
- data/{ext → examples/enc}/regexp_nodes/parameters/service/qa +0 -0
- data/{ext → examples/enc}/regexp_nodes/parameters/service/sandbox +0 -0
- data/{ext → examples/enc}/regexp_nodes/regexp_nodes.rb +0 -0
- data/{ext → examples}/nagios/check_puppet.rb +2 -2
- data/ext/README.md +13 -0
- data/ext/osx/puppet.plist +2 -0
- data/ext/project_data.yaml +3 -2
- data/lib/puppet/application/agent.rb +16 -5
- data/lib/puppet/application/apply.rb +22 -3
- data/lib/puppet/application/device.rb +2 -1
- data/lib/puppet/application/filebucket.rb +1 -0
- data/lib/puppet/application/resource.rb +32 -16
- data/lib/puppet/application/script.rb +2 -1
- data/lib/puppet/application/ssl.rb +12 -0
- data/lib/puppet/concurrent/thread_local_singleton.rb +1 -0
- data/lib/puppet/configurer/downloader.rb +2 -1
- data/lib/puppet/configurer.rb +85 -57
- data/lib/puppet/confine/variable.rb +1 -1
- data/lib/puppet/defaults.rb +63 -35
- data/lib/puppet/environments.rb +91 -26
- data/lib/puppet/face/facts.rb +129 -31
- data/lib/puppet/face/help/action.erb +1 -0
- data/lib/puppet/face/help/face.erb +1 -0
- data/lib/puppet/face/node/clean.rb +11 -0
- data/lib/puppet/facter_impl.rb +96 -0
- data/lib/puppet/file_serving/configuration/parser.rb +2 -0
- data/lib/puppet/file_serving/configuration.rb +3 -0
- data/lib/puppet/file_serving/fileset.rb +14 -2
- data/lib/puppet/file_serving/mount/file.rb +4 -4
- data/lib/puppet/file_serving/mount/scripts.rb +24 -0
- data/lib/puppet/file_system/file_impl.rb +3 -1
- data/lib/puppet/file_system/memory_file.rb +8 -1
- data/lib/puppet/file_system/windows.rb +4 -2
- data/lib/puppet/forge.rb +4 -4
- data/lib/puppet/functions/all.rb +1 -1
- data/lib/puppet/functions/camelcase.rb +1 -1
- data/lib/puppet/functions/capitalize.rb +2 -2
- data/lib/puppet/functions/downcase.rb +2 -2
- data/lib/puppet/functions/empty.rb +8 -0
- data/lib/puppet/functions/find_template.rb +2 -2
- data/lib/puppet/functions/get.rb +5 -5
- data/lib/puppet/functions/group_by.rb +13 -5
- data/lib/puppet/functions/lest.rb +1 -1
- data/lib/puppet/functions/new.rb +100 -100
- data/lib/puppet/functions/partition.rb +12 -4
- data/lib/puppet/functions/require.rb +5 -5
- data/lib/puppet/functions/sort.rb +3 -3
- data/lib/puppet/functions/strftime.rb +1 -0
- data/lib/puppet/functions/tree_each.rb +7 -9
- data/lib/puppet/functions/type.rb +4 -4
- data/lib/puppet/functions/unwrap.rb +17 -2
- data/lib/puppet/functions/upcase.rb +2 -2
- data/lib/puppet/http/resolver/server_list.rb +15 -4
- data/lib/puppet/http/service/compiler.rb +75 -1
- data/lib/puppet/http/service/file_server.rb +2 -1
- data/lib/puppet/indirector/catalog/compiler.rb +25 -6
- data/lib/puppet/indirector/catalog/rest.rb +1 -0
- data/lib/puppet/indirector/facts/facter.rb +28 -7
- data/lib/puppet/indirector/file_metadata/rest.rb +1 -0
- data/lib/puppet/indirector/indirection.rb +1 -1
- data/lib/puppet/indirector/resource/ral.rb +6 -1
- data/lib/puppet/indirector/terminus.rb +4 -0
- data/lib/puppet/interface/documentation.rb +1 -0
- data/lib/puppet/module/plan.rb +0 -1
- data/lib/puppet/module/task.rb +1 -1
- data/lib/puppet/module.rb +1 -0
- data/lib/puppet/module_tool/applications/installer.rb +12 -4
- data/lib/puppet/module_tool/applications/uninstaller.rb +1 -1
- data/lib/puppet/module_tool/applications/upgrader.rb +1 -1
- data/lib/puppet/module_tool/errors/shared.rb +17 -0
- data/lib/puppet/network/formats.rb +67 -0
- data/lib/puppet/network/http/api/indirected_routes.rb +1 -1
- data/lib/puppet/network/http/factory.rb +4 -0
- data/lib/puppet/node/environment.rb +10 -11
- data/lib/puppet/pal/pal_impl.rb +1 -1
- data/lib/puppet/parser/functions/fqdn_rand.rb +14 -6
- data/lib/puppet/parser/scope.rb +1 -0
- data/lib/puppet/parser/templatewrapper.rb +1 -0
- data/lib/puppet/pops/lookup/lookup_adapter.rb +3 -2
- data/lib/puppet/pops/model/ast.rb +1 -0
- data/lib/puppet/pops/model/factory.rb +2 -1
- data/lib/puppet/pops/parser/eparser.rb +201 -201
- data/lib/puppet/pops/parser/lexer2.rb +92 -91
- data/lib/puppet/pops/parser/slurp_support.rb +1 -0
- data/lib/puppet/pops/serialization/to_data_converter.rb +18 -6
- data/lib/puppet/pops/serialization/to_stringified_converter.rb +1 -1
- data/lib/puppet/pops/types/p_sem_ver_type.rb +8 -2
- data/lib/puppet/pops/types/p_sensitive_type.rb +10 -0
- data/lib/puppet/pops/types/type_formatter.rb +4 -3
- data/lib/puppet/pops/types/type_mismatch_describer.rb +1 -1
- data/lib/puppet/pops/types/types.rb +1 -1
- data/lib/puppet/provider/aix_object.rb +1 -1
- data/lib/puppet/provider/exec/posix.rb +16 -4
- data/lib/puppet/provider/group/groupadd.rb +5 -2
- data/lib/puppet/provider/package/dnfmodule.rb +1 -1
- data/lib/puppet/provider/package/nim.rb +11 -6
- data/lib/puppet/provider/package/pip.rb +15 -3
- data/lib/puppet/provider/package/pkg.rb +19 -2
- data/lib/puppet/provider/package/puppetserver_gem.rb +1 -1
- data/lib/puppet/provider/package/yum.rb +1 -1
- data/lib/puppet/provider/parsedfile.rb +3 -0
- data/lib/puppet/provider/service/base.rb +1 -1
- data/lib/puppet/provider/service/init.rb +5 -5
- data/lib/puppet/provider/service/launchd.rb +2 -2
- data/lib/puppet/provider/service/redhat.rb +1 -1
- data/lib/puppet/provider/service/smf.rb +3 -3
- data/lib/puppet/provider/service/systemd.rb +16 -6
- data/lib/puppet/provider/service/upstart.rb +5 -5
- data/lib/puppet/provider/service/windows.rb +38 -0
- data/lib/puppet/provider/user/aix.rb +44 -1
- data/lib/puppet/provider/user/directoryservice.rb +26 -13
- data/lib/puppet/provider/user/useradd.rb +73 -17
- data/lib/puppet/provider.rb +1 -1
- data/lib/puppet/reference/configuration.rb +1 -1
- data/lib/puppet/reference/providers.rb +2 -2
- data/lib/puppet/resource/type_collection.rb +1 -0
- data/lib/puppet/runtime.rb +11 -1
- data/lib/puppet/settings/environment_conf.rb +1 -0
- data/lib/puppet/settings.rb +32 -9
- data/lib/puppet/test/test_helper.rb +4 -1
- data/lib/puppet/transaction/additional_resource_generator.rb +1 -1
- data/lib/puppet/transaction/persistence.rb +11 -1
- data/lib/puppet/transaction/report.rb +15 -1
- data/lib/puppet/type/exec.rb +35 -5
- data/lib/puppet/type/file/mode.rb +6 -0
- data/lib/puppet/type/file/selcontext.rb +1 -1
- data/lib/puppet/type/file.rb +25 -7
- data/lib/puppet/type/filebucket.rb +3 -3
- data/lib/puppet/type/group.rb +0 -1
- data/lib/puppet/type/resources.rb +1 -1
- data/lib/puppet/type/service.rb +26 -41
- data/lib/puppet/type/tidy.rb +22 -3
- data/lib/puppet/type/user.rb +38 -21
- data/lib/puppet/type.rb +1 -1
- data/lib/puppet/util/command_line.rb +1 -1
- data/lib/puppet/util/fact_dif.rb +36 -17
- data/lib/puppet/util/filetype.rb +2 -2
- data/lib/puppet/util/json.rb +3 -0
- data/lib/puppet/util/log.rb +1 -2
- data/lib/puppet/util/logging.rb +1 -25
- data/lib/puppet/util/monkey_patches.rb +7 -0
- data/lib/puppet/util/pidlock.rb +1 -1
- data/lib/puppet/util/rdoc/parser/puppet_parser_core.rb +1 -1
- data/lib/puppet/util/selinux.rb +30 -4
- data/lib/puppet/util/suidmanager.rb +1 -2
- data/lib/puppet/util/symbolic_file_mode.rb +29 -17
- data/lib/puppet/util/tagging.rb +1 -0
- data/lib/puppet/util/windows/adsi.rb +46 -0
- data/lib/puppet/util/windows/api_types.rb +1 -1
- data/lib/puppet/util/windows/principal.rb +9 -2
- data/lib/puppet/util/windows/sid.rb +6 -2
- data/lib/puppet/util/windows/user.rb +0 -2
- data/lib/puppet/util.rb +4 -3
- data/lib/puppet/version.rb +1 -1
- data/lib/puppet.rb +5 -9
- data/locales/puppet.pot +506 -410
- data/man/man5/puppet.conf.5 +310 -274
- data/man/man8/puppet-agent.8 +4 -1
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +9 -9
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +65 -7
- data/man/man8/puppet-filebucket.8 +1 -1
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-key.8 +7 -7
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-man.8 +1 -1
- data/man/man8/puppet-module.8 +3 -3
- data/man/man8/puppet-node.8 +5 -5
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +5 -5
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +5 -1
- data/man/man8/puppet-status.8 +4 -4
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/integration/application/agent/lib/facter/agent_spec_role.rb +3 -0
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/Gemfile +4 -0
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/Rakefile +3 -0
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/lib/puppet/functions/l10n.rb +8 -0
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/config.yaml +25 -0
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/ja/puppet-l10n.po +19 -0
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/puppet-l10n.pot +20 -0
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/metadata.json +8 -0
- data/spec/fixtures/ssl/127.0.0.1-key.pem +107 -57
- data/spec/fixtures/ssl/127.0.0.1.pem +52 -31
- data/spec/fixtures/ssl/bad-basic-constraints.pem +57 -35
- data/spec/fixtures/ssl/bad-int-basic-constraints.pem +57 -35
- data/spec/fixtures/ssl/ca.pem +57 -35
- data/spec/fixtures/ssl/crl.pem +28 -18
- data/spec/fixtures/ssl/ec-key.pem +11 -11
- data/spec/fixtures/ssl/ec.pem +33 -24
- data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
- data/spec/fixtures/ssl/encrypted-key.pem +108 -58
- data/spec/fixtures/ssl/intermediate-agent-crl.pem +28 -19
- data/spec/fixtures/ssl/intermediate-agent.pem +57 -36
- data/spec/fixtures/ssl/intermediate-crl.pem +31 -21
- data/spec/fixtures/ssl/intermediate.pem +57 -36
- data/spec/fixtures/ssl/oid-key.pem +117 -0
- data/spec/fixtures/ssl/oid.pem +69 -0
- data/spec/fixtures/ssl/pluto-key.pem +107 -57
- data/spec/fixtures/ssl/pluto.pem +52 -30
- data/spec/fixtures/ssl/request-key.pem +107 -57
- data/spec/fixtures/ssl/request.pem +47 -26
- data/spec/fixtures/ssl/revoked-key.pem +107 -57
- data/spec/fixtures/ssl/revoked.pem +52 -30
- data/spec/fixtures/ssl/signed-key.pem +107 -57
- data/spec/fixtures/ssl/signed.pem +52 -30
- data/spec/fixtures/ssl/tampered-cert.pem +52 -30
- data/spec/fixtures/ssl/tampered-csr.pem +47 -26
- data/spec/fixtures/ssl/trusted_oid_mapping.yaml +5 -0
- data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +107 -57
- data/spec/fixtures/ssl/unknown-127.0.0.1.pem +50 -29
- data/spec/fixtures/ssl/unknown-ca-key.pem +107 -57
- data/spec/fixtures/ssl/unknown-ca.pem +55 -33
- data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services_vendor_preset +9 -0
- data/spec/integration/application/agent_spec.rb +113 -37
- data/spec/integration/application/filebucket_spec.rb +16 -0
- data/spec/integration/application/module_spec.rb +21 -0
- data/spec/integration/application/plugin_spec.rb +1 -1
- data/spec/integration/application/resource_spec.rb +64 -0
- data/spec/integration/application/ssl_spec.rb +20 -0
- data/spec/integration/configurer_spec.rb +18 -2
- data/spec/integration/environments/settings_interpolation_spec.rb +0 -4
- data/spec/integration/http/client_spec.rb +12 -0
- data/spec/integration/indirector/direct_file_server_spec.rb +1 -3
- data/spec/integration/indirector/facts/facter_spec.rb +93 -39
- data/spec/integration/l10n/compiler_spec.rb +37 -0
- data/spec/integration/transaction/report_spec.rb +1 -1
- data/spec/integration/type/exec_spec.rb +70 -45
- data/spec/integration/type/file_spec.rb +2 -2
- data/spec/integration/type/package_spec.rb +6 -6
- data/spec/integration/util/rdoc/parser_spec.rb +1 -1
- data/spec/integration/util/windows/adsi_spec.rb +18 -0
- data/spec/integration/util/windows/principal_spec.rb +21 -0
- data/spec/integration/util/windows/process_spec.rb +1 -9
- data/spec/integration/util/windows/registry_spec.rb +6 -0
- data/spec/lib/puppet/test_ca.rb +7 -2
- data/spec/lib/puppet_spec/modules.rb +13 -2
- data/spec/lib/puppet_spec/puppetserver.rb +15 -0
- data/spec/lib/puppet_spec/settings.rb +1 -0
- data/spec/shared_behaviours/documentation_on_faces.rb +0 -2
- data/spec/shared_contexts/l10n.rb +27 -0
- data/spec/spec_helper.rb +12 -11
- data/spec/unit/application/agent_spec.rb +7 -2
- data/spec/unit/application/apply_spec.rb +76 -56
- data/spec/unit/application/facts_spec.rb +482 -3
- data/spec/unit/application/resource_spec.rb +29 -0
- data/spec/unit/application/ssl_spec.rb +23 -0
- data/spec/unit/configurer/downloader_spec.rb +6 -0
- data/spec/unit/configurer_spec.rb +194 -56
- data/spec/unit/defaults_spec.rb +17 -0
- data/spec/unit/environments_spec.rb +348 -88
- data/spec/unit/face/facts_spec.rb +4 -0
- data/spec/unit/facter_impl_spec.rb +31 -0
- data/spec/unit/file_bucket/dipper_spec.rb +2 -2
- data/spec/unit/file_serving/configuration/parser_spec.rb +23 -0
- data/spec/unit/file_serving/configuration_spec.rb +14 -4
- data/spec/unit/file_serving/fileset_spec.rb +60 -0
- data/spec/unit/file_serving/mount/scripts_spec.rb +69 -0
- data/spec/unit/file_system_spec.rb +22 -0
- data/spec/unit/functions/assert_type_spec.rb +1 -1
- data/spec/unit/functions/empty_spec.rb +10 -0
- data/spec/unit/functions/logging_spec.rb +1 -0
- data/spec/unit/functions/lookup_spec.rb +64 -0
- data/spec/unit/functions/unwrap_spec.rb +8 -0
- data/spec/unit/functions4_spec.rb +2 -2
- data/spec/unit/gettext/config_spec.rb +12 -0
- data/spec/unit/http/service/compiler_spec.rb +131 -0
- data/spec/unit/indirector/catalog/compiler_spec.rb +101 -10
- data/spec/unit/indirector/catalog/rest_spec.rb +8 -0
- data/spec/unit/indirector/facts/facter_spec.rb +95 -0
- data/spec/unit/indirector/indirection_spec.rb +10 -3
- data/spec/unit/indirector/resource/ral_spec.rb +40 -75
- data/spec/unit/interface/action_spec.rb +0 -9
- data/spec/unit/module_spec.rb +15 -1
- data/spec/unit/module_tool/applications/installer_spec.rb +51 -12
- data/spec/unit/network/authstore_spec.rb +0 -15
- data/spec/unit/network/formats_spec.rb +47 -0
- data/spec/unit/network/http/factory_spec.rb +19 -0
- data/spec/unit/parser/functions/fqdn_rand_spec.rb +15 -1
- data/spec/unit/parser/templatewrapper_spec.rb +12 -2
- data/spec/unit/pops/parser/parse_containers_spec.rb +0 -11
- data/spec/unit/pops/serialization/to_from_hr_spec.rb +58 -0
- data/spec/unit/pops/serialization/to_stringified_spec.rb +5 -0
- data/spec/unit/pops/types/p_sem_ver_type_spec.rb +18 -0
- data/spec/unit/pops/types/p_sensitive_type_spec.rb +18 -0
- data/spec/unit/pops/types/type_calculator_spec.rb +6 -0
- data/spec/unit/provider/package/dnfmodule_spec.rb +10 -1
- data/spec/unit/provider/package/gem_spec.rb +1 -1
- data/spec/unit/provider/package/nim_spec.rb +42 -0
- data/spec/unit/provider/package/pip2_spec.rb +1 -1
- data/spec/unit/provider/package/pip3_spec.rb +1 -1
- data/spec/unit/provider/package/pip_spec.rb +38 -1
- data/spec/unit/provider/package/pkg_spec.rb +29 -4
- data/spec/unit/provider/package/puppet_gem_spec.rb +1 -1
- data/spec/unit/provider/package/puppetserver_gem_spec.rb +1 -1
- data/spec/unit/provider/parsedfile_spec.rb +10 -0
- data/spec/unit/provider/service/init_spec.rb +1 -0
- data/spec/unit/provider/service/launchd_spec.rb +11 -0
- data/spec/unit/provider/service/openwrt_spec.rb +3 -1
- data/spec/unit/provider/service/systemd_spec.rb +54 -9
- data/spec/unit/provider/service/windows_spec.rb +202 -0
- data/spec/unit/provider/user/aix_spec.rb +100 -0
- data/spec/unit/provider/user/directoryservice_spec.rb +68 -36
- data/spec/unit/provider/user/useradd_spec.rb +61 -5
- data/spec/unit/provider_spec.rb +4 -4
- data/spec/unit/puppet_spec.rb +12 -4
- data/spec/unit/resource/catalog_spec.rb +1 -1
- data/spec/unit/settings_spec.rb +97 -56
- data/spec/unit/ssl/certificate_request_spec.rb +8 -14
- data/spec/unit/ssl/state_machine_spec.rb +19 -5
- data/spec/unit/transaction/additional_resource_generator_spec.rb +0 -2
- data/spec/unit/transaction_spec.rb +18 -20
- data/spec/unit/type/exec_spec.rb +76 -29
- data/spec/unit/type/file/selinux_spec.rb +3 -3
- data/spec/unit/type/file/source_spec.rb +4 -4
- data/spec/unit/type/service_spec.rb +86 -188
- data/spec/unit/type/tidy_spec.rb +24 -7
- data/spec/unit/type/user_spec.rb +45 -0
- data/spec/unit/type_spec.rb +2 -2
- data/spec/unit/util/logging_spec.rb +2 -0
- data/spec/unit/util/selinux_spec.rb +87 -16
- data/spec/unit/util/windows/sid_spec.rb +41 -0
- data/tasks/generate_cert_fixtures.rake +12 -3
- data/tasks/parallel.rake +3 -3
- metadata +51 -99
- data/ext/README.environment +0 -8
- data/ext/dbfix.sql +0 -132
- data/ext/debian/README.Debian +0 -8
- data/ext/debian/README.source +0 -2
- data/ext/debian/TODO.Debian +0 -1
- data/ext/debian/changelog.erb +0 -1122
- data/ext/debian/compat +0 -1
- data/ext/debian/control +0 -144
- data/ext/debian/copyright +0 -339
- data/ext/debian/docs +0 -1
- data/ext/debian/fileserver.conf +0 -41
- data/ext/debian/puppet-common.dirs +0 -13
- data/ext/debian/puppet-common.install +0 -3
- data/ext/debian/puppet-common.lintian-overrides +0 -5
- data/ext/debian/puppet-common.manpages +0 -28
- data/ext/debian/puppet-common.postinst +0 -35
- data/ext/debian/puppet-common.postrm +0 -33
- data/ext/debian/puppet-el.dirs +0 -1
- data/ext/debian/puppet-el.emacsen-install +0 -25
- data/ext/debian/puppet-el.emacsen-remove +0 -11
- data/ext/debian/puppet-el.emacsen-startup +0 -9
- data/ext/debian/puppet-el.install +0 -1
- data/ext/debian/puppet-testsuite.install +0 -2
- data/ext/debian/puppet-testsuite.lintian-overrides +0 -4
- data/ext/debian/puppet.lintian-overrides +0 -3
- data/ext/debian/puppet.logrotate +0 -20
- data/ext/debian/puppet.postinst +0 -20
- data/ext/debian/puppet.postrm +0 -20
- data/ext/debian/puppet.preinst +0 -20
- data/ext/debian/puppetmaster-common.install +0 -2
- data/ext/debian/puppetmaster-common.manpages +0 -2
- data/ext/debian/puppetmaster-common.postinst +0 -6
- data/ext/debian/puppetmaster-passenger.dirs +0 -4
- data/ext/debian/puppetmaster-passenger.postinst +0 -162
- data/ext/debian/puppetmaster-passenger.postrm +0 -61
- data/ext/debian/puppetmaster.README.debian +0 -17
- data/ext/debian/puppetmaster.default +0 -14
- data/ext/debian/puppetmaster.init +0 -137
- data/ext/debian/puppetmaster.lintian-overrides +0 -3
- data/ext/debian/puppetmaster.postinst +0 -20
- data/ext/debian/puppetmaster.postrm +0 -5
- data/ext/debian/puppetmaster.preinst +0 -22
- data/ext/debian/rules +0 -132
- data/ext/debian/source/format +0 -1
- data/ext/debian/source/options +0 -1
- data/ext/debian/vim-puppet.README.Debian +0 -13
- data/ext/debian/vim-puppet.dirs +0 -5
- data/ext/debian/vim-puppet.yaml +0 -7
- data/ext/debian/watch +0 -2
- data/ext/freebsd/puppetd +0 -26
- data/ext/freebsd/puppetmasterd +0 -26
- data/ext/gentoo/conf.d/puppet +0 -5
- data/ext/gentoo/conf.d/puppetmaster +0 -12
- data/ext/gentoo/init.d/puppet +0 -38
- data/ext/gentoo/init.d/puppetmaster +0 -51
- data/ext/gentoo/puppet/fileserver.conf +0 -41
- data/ext/ips/puppet-agent +0 -44
- data/ext/ips/puppet-master +0 -44
- data/ext/ips/puppet.p5m.erb +0 -12
- data/ext/ips/puppetagent.xml +0 -42
- data/ext/ips/puppetmaster.xml +0 -42
- data/ext/ips/rules +0 -19
- data/ext/ips/transforms +0 -34
- data/ext/ldap/puppet.schema +0 -24
- data/ext/logcheck/puppet +0 -23
- data/ext/osx/file_mapping.yaml +0 -33
- data/ext/osx/postflight.erb +0 -109
- data/ext/osx/preflight.erb +0 -52
- data/ext/osx/prototype.plist.erb +0 -38
- data/ext/redhat/fileserver.conf +0 -41
- data/ext/redhat/logrotate +0 -21
- data/ext/redhat/puppet.spec.erb +0 -842
- data/ext/redhat/server.init +0 -128
- data/ext/redhat/server.sysconfig +0 -13
- data/ext/solaris/pkginfo +0 -6
- data/ext/solaris/smf/puppetd.xml +0 -77
- data/ext/solaris/smf/puppetmasterd.xml +0 -77
- data/ext/solaris/smf/svc-puppetd +0 -71
- data/ext/solaris/smf/svc-puppetmasterd +0 -67
- data/ext/suse/puppet.spec +0 -310
- data/ext/suse/server.init +0 -173
- data/ext/yaml_nodes.rb +0 -105
- data/spec/lib/matchers/include.rb +0 -27
- data/spec/lib/matchers/include_spec.rb +0 -32
- data/spec/unit/indirector/store_configs_spec.rb +0 -7
data/lib/puppet/settings.rb
CHANGED
@@ -75,11 +75,11 @@ class Puppet::Settings
|
|
75
75
|
end
|
76
76
|
|
77
77
|
def self.hostname_fact()
|
78
|
-
|
78
|
+
Puppet.runtime[:facter].value :hostname
|
79
79
|
end
|
80
80
|
|
81
81
|
def self.domain_fact()
|
82
|
-
|
82
|
+
Puppet.runtime[:facter].value :domain
|
83
83
|
end
|
84
84
|
|
85
85
|
def self.default_config_file_name
|
@@ -862,7 +862,11 @@ class Puppet::Settings
|
|
862
862
|
if self[:user]
|
863
863
|
user = Puppet::Type.type(:user).new :name => self[:user], :audit => :ensure
|
864
864
|
|
865
|
-
|
865
|
+
if user.suitable?
|
866
|
+
@service_user_available = user.exists?
|
867
|
+
else
|
868
|
+
raise Puppet::Error, (_("Cannot manage owner permissions, because the provider for '%{name}' is not functional") % { name: user })
|
869
|
+
end
|
866
870
|
else
|
867
871
|
@service_user_available = false
|
868
872
|
end
|
@@ -874,7 +878,11 @@ class Puppet::Settings
|
|
874
878
|
if self[:group]
|
875
879
|
group = Puppet::Type.type(:group).new :name => self[:group], :audit => :ensure
|
876
880
|
|
877
|
-
|
881
|
+
if group.suitable?
|
882
|
+
@service_group_available = group.exists?
|
883
|
+
else
|
884
|
+
raise Puppet::Error, (_("Cannot manage group permissions, because the provider for '%{name}' is not functional") % { name: group })
|
885
|
+
end
|
878
886
|
else
|
879
887
|
@service_group_available = false
|
880
888
|
end
|
@@ -883,9 +891,16 @@ class Puppet::Settings
|
|
883
891
|
# Allow later inspection to determine if the setting was set on the
|
884
892
|
# command line, or through some other code path. Used for the
|
885
893
|
# `dns_alt_names` option during cert generate. --daniel 2011-10-18
|
886
|
-
|
894
|
+
#
|
895
|
+
# @param param [String, Symbol] the setting to look up
|
896
|
+
# @return [Object, nil] the value of the setting or nil if unset
|
897
|
+
def set_by_cli(param)
|
887
898
|
param = param.to_sym
|
888
|
-
|
899
|
+
@value_sets[:cli].lookup(param)
|
900
|
+
end
|
901
|
+
|
902
|
+
def set_by_cli?(param)
|
903
|
+
!!set_by_cli(param)
|
889
904
|
end
|
890
905
|
|
891
906
|
# Get values from a search path entry.
|
@@ -918,9 +933,13 @@ class Puppet::Settings
|
|
918
933
|
end
|
919
934
|
end
|
920
935
|
|
921
|
-
# Allow later inspection to determine if the setting was set
|
922
|
-
#
|
923
|
-
|
936
|
+
# Allow later inspection to determine if the setting was set in a specific
|
937
|
+
# section
|
938
|
+
#
|
939
|
+
# @param param [String, Symbol] the setting to look up
|
940
|
+
# @param section [Symbol] the section in which to look up the setting
|
941
|
+
# @return [Object, nil] the value of the setting or nil if unset
|
942
|
+
def set_in_section(param, section)
|
924
943
|
param = param.to_sym
|
925
944
|
vals = searchpath_values(SearchPathElement.new(section, :section))
|
926
945
|
if vals
|
@@ -928,6 +947,10 @@ class Puppet::Settings
|
|
928
947
|
end
|
929
948
|
end
|
930
949
|
|
950
|
+
def set_in_section?(param, section)
|
951
|
+
!!set_in_section(param, section)
|
952
|
+
end
|
953
|
+
|
931
954
|
# Patches the value for a param in a section.
|
932
955
|
# This method is required to support the use case of unifying --dns-alt-names and
|
933
956
|
# --dns_alt_names in the certificate face. Ideally this should be cleaned up.
|
@@ -142,7 +142,9 @@ module Puppet::Test
|
|
142
142
|
},
|
143
143
|
"Context for specs")
|
144
144
|
|
145
|
-
|
145
|
+
# trigger `require 'facter'`
|
146
|
+
Puppet.runtime[:facter]
|
147
|
+
|
146
148
|
Puppet::Parser::Functions.reset
|
147
149
|
Puppet::Application.clear!
|
148
150
|
Puppet::Util::Profiler.clear
|
@@ -169,6 +171,7 @@ module Puppet::Test
|
|
169
171
|
|
170
172
|
Puppet::Util::Storage.clear
|
171
173
|
Puppet::Util::ExecutionStub.reset
|
174
|
+
Puppet.runtime.clear
|
172
175
|
|
173
176
|
Puppet.clear_deprecation_warnings
|
174
177
|
|
@@ -137,7 +137,7 @@ class Puppet::Transaction::AdditionalResourceGenerator
|
|
137
137
|
else
|
138
138
|
@catalog.add_resource_after(parent_resource, res)
|
139
139
|
end
|
140
|
-
@catalog.add_edge(@catalog.container_of(parent_resource), res)
|
140
|
+
@catalog.add_edge(@catalog.container_of(parent_resource), res) if @catalog.container_of(parent_resource)
|
141
141
|
if @relationship_graph && priority
|
142
142
|
# If we have a relationship_graph we should add the resource
|
143
143
|
# to it (this is an eval_generate). If we don't, then the
|
@@ -87,7 +87,17 @@ class Puppet::Transaction::Persistence
|
|
87
87
|
|
88
88
|
# Save data from internal class to persistence store on disk.
|
89
89
|
def save
|
90
|
-
Puppet::
|
90
|
+
converted_data = Puppet::Pops::Serialization::ToDataConverter.convert(
|
91
|
+
@new_data, {
|
92
|
+
symbol_as_string: false,
|
93
|
+
local_reference: false,
|
94
|
+
type_by_reference: true,
|
95
|
+
force_symbol: true,
|
96
|
+
silence_warnings: true,
|
97
|
+
message_prefix: to_s
|
98
|
+
}
|
99
|
+
)
|
100
|
+
Puppet::Util::Yaml.dump(converted_data, Puppet[:transactionstorefile])
|
91
101
|
end
|
92
102
|
|
93
103
|
# Use the catalog and run_mode to determine if persistence should be enabled or not
|
@@ -77,6 +77,10 @@ class Puppet::Transaction::Report
|
|
77
77
|
# @return [String] the environment name
|
78
78
|
attr_accessor :environment
|
79
79
|
|
80
|
+
# The name of the environment the agent initially started in
|
81
|
+
# @return [String] the environment name
|
82
|
+
attr_accessor :initial_environment
|
83
|
+
|
80
84
|
# Whether there are changes that we decided not to apply because of noop
|
81
85
|
# @return [Boolean]
|
82
86
|
#
|
@@ -377,7 +381,17 @@ class Puppet::Transaction::Report
|
|
377
381
|
# @api public
|
378
382
|
#
|
379
383
|
def raw_summary
|
380
|
-
report = {
|
384
|
+
report = {
|
385
|
+
"version" => {
|
386
|
+
"config" => configuration_version,
|
387
|
+
"puppet" => Puppet.version
|
388
|
+
},
|
389
|
+
"application" => {
|
390
|
+
"run_mode" => Puppet.run_mode.name.to_s,
|
391
|
+
"initial_environment" => initial_environment,
|
392
|
+
"converged_environment" => environment
|
393
|
+
}
|
394
|
+
}
|
381
395
|
|
382
396
|
@metrics.each do |name, metric|
|
383
397
|
key = metric.name.to_s
|
data/lib/puppet/type/exec.rb
CHANGED
@@ -11,7 +11,10 @@ module Puppet
|
|
11
11
|
|
12
12
|
* The command itself is already idempotent. (For example, `apt-get update`.)
|
13
13
|
* The exec has an `onlyif`, `unless`, or `creates` attribute, which prevents
|
14
|
-
Puppet from running the command unless some condition is met.
|
14
|
+
Puppet from running the command unless some condition is met. The
|
15
|
+
`onlyif` and `unless` commands of an `exec` are used in the process of
|
16
|
+
determining whether the `exec` is already in sync, therefore they must be run
|
17
|
+
during a noop Puppet run.
|
15
18
|
* The exec has `refreshonly => true`, which allows Puppet to run the
|
16
19
|
command only when some other resource is changed. (See the notes on refreshing
|
17
20
|
below.)
|
@@ -198,10 +201,20 @@ module Puppet
|
|
198
201
|
any output is logged at the `err` log level.
|
199
202
|
|
200
203
|
Multiple `exec` resources can use the same `command` value; Puppet
|
201
|
-
only uses the resource title to ensure `exec`s are unique.
|
204
|
+
only uses the resource title to ensure `exec`s are unique.
|
205
|
+
|
206
|
+
On *nix platforms, the command can be specified as an array of
|
207
|
+
strings and Puppet will invoke it using the more secure method of
|
208
|
+
parameterized system calls. For example, rather than executing the
|
209
|
+
malicious injected code, this command will echo it out:
|
210
|
+
|
211
|
+
command => ['/bin/echo', 'hello world; rm -rf /']
|
212
|
+
"
|
202
213
|
|
203
214
|
validate do |command|
|
204
|
-
|
215
|
+
unless command.is_a?(String) || command.is_a?(Array)
|
216
|
+
raise ArgumentError, _("Command must be a String or Array<String>, got value of class %{klass}") % { klass: command.class }
|
217
|
+
end
|
205
218
|
end
|
206
219
|
end
|
207
220
|
|
@@ -454,10 +467,17 @@ module Puppet
|
|
454
467
|
`user`, `cwd`, and `group` as the main command. If the `path` isn't set, you
|
455
468
|
must fully qualify the command's name.
|
456
469
|
|
470
|
+
Since this command is used in the process of determining whether the
|
471
|
+
`exec` is already in sync, it must be run during a noop Puppet run.
|
472
|
+
|
457
473
|
This parameter can also take an array of commands. For example:
|
458
474
|
|
459
475
|
unless => ['test -f /tmp/file1', 'test -f /tmp/file2'],
|
460
476
|
|
477
|
+
or an array of arrays. For example:
|
478
|
+
|
479
|
+
unless => [['test', '-f', '/tmp/file1'], 'test -f /tmp/file2']
|
480
|
+
|
461
481
|
This `exec` would only run if every command in the array has a
|
462
482
|
non-zero exit code.
|
463
483
|
EOT
|
@@ -510,10 +530,17 @@ module Puppet
|
|
510
530
|
`user`, `cwd`, and `group` as the main command. If the `path` isn't set, you
|
511
531
|
must fully qualify the command's name.
|
512
532
|
|
533
|
+
Since this command is used in the process of determining whether the
|
534
|
+
`exec` is already in sync, it must be run during a noop Puppet run.
|
535
|
+
|
513
536
|
This parameter can also take an array of commands. For example:
|
514
537
|
|
515
538
|
onlyif => ['test -f /tmp/file1', 'test -f /tmp/file2'],
|
516
539
|
|
540
|
+
or an array of arrays. For example:
|
541
|
+
|
542
|
+
onlyif => [['test', '-f', '/tmp/file1'], 'test -f /tmp/file2']
|
543
|
+
|
517
544
|
This `exec` would only run if every command in the array has an
|
518
545
|
exit code of 0 (success).
|
519
546
|
EOT
|
@@ -562,12 +589,14 @@ module Puppet
|
|
562
589
|
reqs << self[:cwd] if self[:cwd]
|
563
590
|
|
564
591
|
file_regex = Puppet::Util::Platform.windows? ? %r{^([a-zA-Z]:[\\/]\S+)} : %r{^(/\S+)}
|
592
|
+
cmd = self[:command]
|
593
|
+
cmd = cmd[0] if cmd.is_a? Array
|
565
594
|
|
566
|
-
|
595
|
+
cmd.scan(file_regex) { |str|
|
567
596
|
reqs << str
|
568
597
|
}
|
569
598
|
|
570
|
-
|
599
|
+
cmd.scan(/^"([^"]+)"/) { |str|
|
571
600
|
reqs << str
|
572
601
|
}
|
573
602
|
|
@@ -583,6 +612,7 @@ module Puppet
|
|
583
612
|
# fully qualified. It might not be a bad idea to add
|
584
613
|
# unqualified files, but, well, that's a bit more annoying
|
585
614
|
# to do.
|
615
|
+
line = line[0] if line.is_a? Array
|
586
616
|
reqs += line.scan(file_regex)
|
587
617
|
end
|
588
618
|
}
|
@@ -90,9 +90,15 @@ module Puppet
|
|
90
90
|
raise Puppet::Error, "The file mode specification is invalid: #{value.inspect}"
|
91
91
|
end
|
92
92
|
|
93
|
+
# normalizes to symbolic form, e.g. u+a, an octal string without leading 0
|
93
94
|
normalize_symbolic_mode(value)
|
94
95
|
end
|
95
96
|
|
97
|
+
unmunge do |value|
|
98
|
+
# return symbolic form or octal string *with* leading 0's
|
99
|
+
display_mode(value) if value
|
100
|
+
end
|
101
|
+
|
96
102
|
def desired_mode_from_current(desired, current)
|
97
103
|
current = current.to_i(8) if current.is_a? String
|
98
104
|
is_a_directory = @resource.stat && @resource.stat.directory?
|
data/lib/puppet/type/file.rb
CHANGED
@@ -93,23 +93,23 @@ Puppet::Type.newtype(:file) do
|
|
93
93
|
|
94
94
|
Backing up to a local filebucket isn't particularly useful. If you want
|
95
95
|
to make organized use of backups, you will generally want to use the
|
96
|
-
|
96
|
+
primary Puppet server's filebucket service. This requires declaring a
|
97
97
|
filebucket resource and a resource default for the `backup` attribute
|
98
98
|
in site.pp:
|
99
99
|
|
100
100
|
# /etc/puppetlabs/puppet/manifests/site.pp
|
101
101
|
filebucket { 'main':
|
102
102
|
path => false, # This is required for remote filebuckets.
|
103
|
-
server => 'puppet.example.com', # Optional; defaults to the configured
|
103
|
+
server => 'puppet.example.com', # Optional; defaults to the configured primary Puppet server.
|
104
104
|
}
|
105
105
|
|
106
106
|
File { backup => main, }
|
107
107
|
|
108
|
-
If you are using multiple
|
108
|
+
If you are using multiple primary servers, you will want to
|
109
109
|
centralize the contents of the filebucket. Either configure your load
|
110
|
-
balancer to direct all filebucket traffic to a single
|
110
|
+
balancer to direct all filebucket traffic to a single primary server, or use
|
111
111
|
something like an out-of-band rsync task to synchronize the content on all
|
112
|
-
|
112
|
+
primary servers.
|
113
113
|
|
114
114
|
> **Note**: Enabling and using the backup option, and by extension the
|
115
115
|
filebucket resource, requires appropriate planning and management to ensure
|
@@ -220,6 +220,23 @@ Puppet::Type.newtype(:file) do
|
|
220
220
|
end
|
221
221
|
end
|
222
222
|
|
223
|
+
newparam(:max_files) do
|
224
|
+
desc "In case the resource is a directory and the recursion is enabled, puppet will
|
225
|
+
generate a new resource for each file file found, possible leading to
|
226
|
+
an excessive number of resources generated without any control.
|
227
|
+
|
228
|
+
Setting `max_files` will check the number of file resources that
|
229
|
+
will eventually be created and will raise a resource argument error if the
|
230
|
+
limit will be exceeded.
|
231
|
+
|
232
|
+
Use value `0` to log a warning instead of raising an error.
|
233
|
+
|
234
|
+
Use value `-1` to disable errors and warnings due to max files."
|
235
|
+
|
236
|
+
defaultto 0
|
237
|
+
newvalues(/^[0-9]+$/, /^-1$/)
|
238
|
+
end
|
239
|
+
|
223
240
|
newparam(:replace, :boolean => true, :parent => Puppet::Parameter::Boolean) do
|
224
241
|
desc "Whether to replace a file or symlink that already exists on the local system but
|
225
242
|
whose content doesn't match what the `source` or `content` attribute
|
@@ -344,7 +361,7 @@ Puppet::Type.newtype(:file) do
|
|
344
361
|
This command must have a fully qualified path, and should contain a
|
345
362
|
percent (`%`) token where it would expect an input file. It must exit `0`
|
346
363
|
if the syntax is correct, and non-zero otherwise. The command will be
|
347
|
-
run on the target system while applying the catalog, not on the
|
364
|
+
run on the target system while applying the catalog, not on the primary Puppet server.
|
348
365
|
|
349
366
|
Example:
|
350
367
|
|
@@ -576,7 +593,7 @@ Puppet::Type.newtype(:file) do
|
|
576
593
|
options = @original_parameters.merge(:path => full_path).reject { |param, value| value.nil? }
|
577
594
|
|
578
595
|
# These should never be passed to our children.
|
579
|
-
[:parent, :ensure, :recurse, :recurselimit, :target, :alias, :source].each do |param|
|
596
|
+
[:parent, :ensure, :recurse, :recurselimit, :max_files, :target, :alias, :source].each do |param|
|
580
597
|
options.delete(param) if options.include?(param)
|
581
598
|
end
|
582
599
|
|
@@ -753,6 +770,7 @@ Puppet::Type.newtype(:file) do
|
|
753
770
|
:links => self[:links],
|
754
771
|
:recurse => (self[:recurse] == :remote ? true : self[:recurse]),
|
755
772
|
:recurselimit => self[:recurselimit],
|
773
|
+
:max_files => self[:max_files],
|
756
774
|
:source_permissions => self[:source_permissions],
|
757
775
|
:ignore => self[:ignore],
|
758
776
|
:checksum_type => (self[:source] || self[:content]) ? self[:checksum] : :none,
|
@@ -4,8 +4,8 @@ module Puppet
|
|
4
4
|
Type.newtype(:filebucket) do
|
5
5
|
@doc = <<-EOT
|
6
6
|
A repository for storing and retrieving file content by MD5 checksum. Can
|
7
|
-
be local to each agent node, or centralized on a
|
8
|
-
puppet
|
7
|
+
be local to each agent node, or centralized on a primary Puppet server. All
|
8
|
+
puppet servers provide a filebucket service that agent nodes can access
|
9
9
|
via HTTP, but you must declare a filebucket resource before any agents
|
10
10
|
will do so.
|
11
11
|
|
@@ -25,7 +25,7 @@ module Puppet
|
|
25
25
|
# /etc/puppetlabs/puppet/manifests/site.pp
|
26
26
|
filebucket { 'main':
|
27
27
|
path => false, # This is required for remote filebuckets.
|
28
|
-
server => 'puppet.example.com', # Optional; defaults to the configured
|
28
|
+
server => 'puppet.example.com', # Optional; defaults to the configured primary server.
|
29
29
|
}
|
30
30
|
|
31
31
|
File { backup => main, }
|
data/lib/puppet/type/group.rb
CHANGED
@@ -175,7 +175,7 @@ Puppet::Type.newtype(:resources) do
|
|
175
175
|
end
|
176
176
|
|
177
177
|
# Otherwise, use a sensible default based on the OS family
|
178
|
-
@system_users_max_uid ||= case
|
178
|
+
@system_users_max_uid ||= case Puppet.runtime[:facter].value(:osfamily)
|
179
179
|
when 'OpenBSD', 'FreeBSD'
|
180
180
|
999
|
181
181
|
else
|
data/lib/puppet/type/service.rb
CHANGED
@@ -38,6 +38,12 @@ module Puppet
|
|
38
38
|
feature :enableable, "The provider can enable and disable the service.",
|
39
39
|
:methods => [:disable, :enable, :enabled?]
|
40
40
|
|
41
|
+
feature :delayed_startable, "The provider can set service to delayed start",
|
42
|
+
:methods => [:delayed_start]
|
43
|
+
|
44
|
+
feature :manual_startable, "The provider can set service to manual start",
|
45
|
+
:methods => [:manual_start]
|
46
|
+
|
41
47
|
feature :controllable, "The provider uses a control variable."
|
42
48
|
|
43
49
|
feature :flaggable, "The provider can pass flags to the service."
|
@@ -67,7 +73,7 @@ module Puppet
|
|
67
73
|
provider.disable
|
68
74
|
end
|
69
75
|
|
70
|
-
newvalue(:manual, :event => :service_manual_start) do
|
76
|
+
newvalue(:manual, :event => :service_manual_start, :required_features => :manual_startable) do
|
71
77
|
provider.manual_start
|
72
78
|
end
|
73
79
|
|
@@ -81,8 +87,7 @@ module Puppet
|
|
81
87
|
provider.enabled?
|
82
88
|
end
|
83
89
|
|
84
|
-
|
85
|
-
newvalue(:delayed, :event => :service_delayed_start) do
|
90
|
+
newvalue(:delayed, :event => :service_delayed_start, :required_features => :delayed_startable) do
|
86
91
|
provider.delayed_start
|
87
92
|
end
|
88
93
|
|
@@ -90,12 +95,6 @@ module Puppet
|
|
90
95
|
return provider.enabled_insync?(current) if provider.respond_to?(:enabled_insync?)
|
91
96
|
super(current)
|
92
97
|
end
|
93
|
-
|
94
|
-
validate do |value|
|
95
|
-
if (value == :manual || value == :delayed) && !Puppet::Util::Platform.windows?
|
96
|
-
raise Puppet::Error.new(_("Setting enable to %{value} is only supported on Microsoft Windows.") % { value: value.to_s} )
|
97
|
-
end
|
98
|
-
end
|
99
98
|
end
|
100
99
|
|
101
100
|
# Handle whether the service should actually be running right now.
|
@@ -139,23 +138,9 @@ module Puppet
|
|
139
138
|
newproperty(:logonaccount, :required_features => :manages_logon_credentials) do
|
140
139
|
desc "Specify an account for service logon"
|
141
140
|
|
142
|
-
|
143
|
-
return
|
144
|
-
|
145
|
-
|
146
|
-
value.sub!(/^\.\\/, "#{Puppet::Util::Windows::ADSI.computer_name}\\")
|
147
|
-
user_information = Puppet::Util::Windows::SID.name_to_principal(value)
|
148
|
-
raise Puppet::Error.new("\"#{value}\" is not a valid account") unless user_information && [:SidTypeUser, :SidTypeWellKnownGroup].include?(user_information.account_type)
|
149
|
-
|
150
|
-
user_rights = Puppet::Util::Windows::User::get_rights(user_information.domain_account) unless Puppet::Util::Windows::User::default_system_account?(value)
|
151
|
-
raise Puppet::Error.new("\"#{user_information.domain_account}\" has the 'Log On As A Service' right set to denied.") if user_rights =~ /SeDenyServiceLogonRight/
|
152
|
-
raise Puppet::Error.new("\"#{user_information.domain_account}\" is missing the 'Log On As A Service' right.") unless user_rights.nil? || user_rights =~ /SeServiceLogonRight/
|
153
|
-
|
154
|
-
if user_information.domain == Puppet::Util::Windows::ADSI.computer_name
|
155
|
-
".\\#{user_information.account}"
|
156
|
-
else
|
157
|
-
user_information.domain_account
|
158
|
-
end
|
141
|
+
def insync?(current)
|
142
|
+
return provider.logonaccount_insync?(current) if provider.respond_to?(:logonaccount_insync?)
|
143
|
+
super(current)
|
159
144
|
end
|
160
145
|
end
|
161
146
|
|
@@ -163,18 +148,7 @@ module Puppet
|
|
163
148
|
desc "Specify a password for service logon. Default value is an empty string (when logonaccount is specified)."
|
164
149
|
|
165
150
|
validate do |value|
|
166
|
-
raise
|
167
|
-
raise ArgumentError, _("Passwords cannot include ':'") if value.is_a?(String) and value.include?(":")
|
168
|
-
return unless Puppet::Util::Platform.windows?
|
169
|
-
|
170
|
-
is_a_predefined_local_account = Puppet::Util::Windows::User::default_system_account?(@resource[:logonaccount]) || @resource[:logonaccount] == 'LocalSystem'
|
171
|
-
|
172
|
-
account_info = @resource[:logonaccount].split("\\")
|
173
|
-
able_to_logon = Puppet::Util::Windows::User.password_is?(account_info[1], value, account_info[0]) unless is_a_predefined_local_account
|
174
|
-
|
175
|
-
raise Puppet::Error.new("The given password is invalid for user '#{@resource[:logonaccount]}'.") unless is_a_predefined_local_account || able_to_logon
|
176
|
-
|
177
|
-
provider.logonpassword=(value)
|
151
|
+
raise ArgumentError, _("Passwords cannot include ':'") if value.is_a?(String) && value.include?(":")
|
178
152
|
end
|
179
153
|
|
180
154
|
sensitive true
|
@@ -298,9 +272,14 @@ module Puppet
|
|
298
272
|
|
299
273
|
newparam(:timeout, :required_features => :configurable_timeout) do
|
300
274
|
desc "Specify an optional minimum timeout (in seconds) for puppet to wait when syncing service properties"
|
301
|
-
defaultto { provider.
|
302
|
-
|
303
|
-
|
275
|
+
defaultto { provider.respond_to?(:default_timeout) ? provider.default_timeout : 10 }
|
276
|
+
|
277
|
+
munge do |value|
|
278
|
+
begin
|
279
|
+
value = value.to_i
|
280
|
+
raise if value < 1
|
281
|
+
value
|
282
|
+
rescue
|
304
283
|
raise Puppet::Error.new(_("\"%{value}\" is not a positive integer: the timeout parameter must be specified as a positive integer") % { value: value })
|
305
284
|
end
|
306
285
|
end
|
@@ -320,5 +299,11 @@ module Puppet
|
|
320
299
|
def self.needs_ensure_retrieved
|
321
300
|
false
|
322
301
|
end
|
302
|
+
|
303
|
+
validate do
|
304
|
+
if @parameters[:logonpassword] && @parameters[:logonaccount].nil?
|
305
|
+
raise Puppet::Error.new(_"The 'logonaccount' parameter is mandatory when setting 'logonpassword'.")
|
306
|
+
end
|
307
|
+
end
|
323
308
|
end
|
324
309
|
end
|
data/lib/puppet/type/tidy.rb
CHANGED
@@ -50,6 +50,22 @@ Puppet::Type.newtype(:tidy) do
|
|
50
50
|
end
|
51
51
|
end
|
52
52
|
|
53
|
+
newparam(:max_files) do
|
54
|
+
desc "In case the resource is a directory and the recursion is enabled, puppet will
|
55
|
+
generate a new resource for each file file found, possible leading to
|
56
|
+
an excessive number of resources generated without any control.
|
57
|
+
|
58
|
+
Setting `max_files` will check the number of file resources that
|
59
|
+
will eventually be created and will raise a resource argument error if the
|
60
|
+
limit will be exceeded.
|
61
|
+
|
62
|
+
Use value `0` to disable the check. In this case, a warning is logged if
|
63
|
+
the number of files exceeds 1000."
|
64
|
+
|
65
|
+
defaultto 0
|
66
|
+
newvalues(/^[0-9]+$/)
|
67
|
+
end
|
68
|
+
|
53
69
|
newparam(:matches) do
|
54
70
|
desc <<-'EOT'
|
55
71
|
One or more (shell type) file glob patterns, which restrict
|
@@ -128,7 +144,7 @@ Puppet::Type.newtype(:tidy) do
|
|
128
144
|
|
129
145
|
def tidy?(path, stat)
|
130
146
|
# If the file's older than we allow, we should get rid of it.
|
131
|
-
(Time.now.to_i - stat.send(resource[:type]).to_i)
|
147
|
+
(Time.now.to_i - stat.send(resource[:type]).to_i) >= value
|
132
148
|
end
|
133
149
|
|
134
150
|
munge do |age|
|
@@ -256,9 +272,12 @@ Puppet::Type.newtype(:tidy) do
|
|
256
272
|
|
257
273
|
case self[:recurse]
|
258
274
|
when Integer, /^\d+$/
|
259
|
-
parameter = { :
|
275
|
+
parameter = { :max_files => self[:max_files],
|
276
|
+
:recurse => true,
|
277
|
+
:recurselimit => self[:recurse] }
|
260
278
|
when true, :true, :inf
|
261
|
-
parameter = { :
|
279
|
+
parameter = { :max_files => self[:max_files],
|
280
|
+
:recurse => true }
|
262
281
|
end
|
263
282
|
|
264
283
|
if parameter
|
data/lib/puppet/type/user.rb
CHANGED
@@ -1,5 +1,4 @@
|
|
1
1
|
require 'etc'
|
2
|
-
require 'facter'
|
3
2
|
require 'puppet/parameter/boolean'
|
4
3
|
require 'puppet/property/list'
|
5
4
|
require 'puppet/property/ordered_list'
|
@@ -67,6 +66,7 @@ module Puppet
|
|
67
66
|
newproperty(:ensure, :parent => Puppet::Property::Ensure) do
|
68
67
|
newvalue(:present, :event => :user_created) do
|
69
68
|
provider.create
|
69
|
+
@resource.generate
|
70
70
|
end
|
71
71
|
|
72
72
|
newvalue(:absent, :event => :user_removed) do
|
@@ -695,6 +695,7 @@ module Puppet
|
|
695
695
|
|
696
696
|
def generate
|
697
697
|
if !self[:purge_ssh_keys].empty?
|
698
|
+
return [] if self[:ensure] == :present && !provider.exists?
|
698
699
|
if Puppet::Type.type(:ssh_authorized_key).nil?
|
699
700
|
warning _("Ssh_authorized_key type is not available. Cannot purge SSH keys.")
|
700
701
|
else
|
@@ -743,25 +744,6 @@ module Puppet
|
|
743
744
|
end
|
744
745
|
raise ArgumentError, _("purge_ssh_keys must be true, false, or an array of file names, not %{value}") % { value: value.inspect }
|
745
746
|
end
|
746
|
-
|
747
|
-
munge do |value|
|
748
|
-
# Resolve string, boolean and symbol forms of true and false to a
|
749
|
-
# single representation.
|
750
|
-
test_sym = value.to_s.intern
|
751
|
-
value = test_sym if [:true, :false].include? test_sym
|
752
|
-
|
753
|
-
return [] if value == :false
|
754
|
-
home = resource[:home] || Dir.home(resource[:name])
|
755
|
-
|
756
|
-
return [ "#{home}/.ssh/authorized_keys" ] if value == :true
|
757
|
-
# value is an array - munge each value
|
758
|
-
[ value ].flatten.map do |entry|
|
759
|
-
# make sure frozen value is duplicated by using a gsub, second mutating gsub! is then ok
|
760
|
-
entry = entry.gsub(/^~\//, "#{home}/")
|
761
|
-
entry.gsub!(/^%h\//, "#{home}/")
|
762
|
-
entry
|
763
|
-
end
|
764
|
-
end
|
765
747
|
end
|
766
748
|
|
767
749
|
newproperty(:loginclass, :required_features => :manages_loginclass) do
|
@@ -783,7 +765,7 @@ module Puppet
|
|
783
765
|
# @see generate
|
784
766
|
# @api private
|
785
767
|
def find_unmanaged_keys
|
786
|
-
|
768
|
+
munged_unmanaged_keys.
|
787
769
|
select { |f| File.readable?(f) }.
|
788
770
|
map { |f| unknown_keys_in_file(f) }.
|
789
771
|
flatten.each do |res|
|
@@ -795,6 +777,41 @@ module Puppet
|
|
795
777
|
end
|
796
778
|
end
|
797
779
|
|
780
|
+
def munged_unmanaged_keys
|
781
|
+
value = self[:purge_ssh_keys]
|
782
|
+
|
783
|
+
# Resolve string, boolean and symbol forms of true and false to a
|
784
|
+
# single representation.
|
785
|
+
test_sym = value.to_s.intern
|
786
|
+
value = test_sym if [:true, :false].include? test_sym
|
787
|
+
|
788
|
+
return [] if value == :false
|
789
|
+
|
790
|
+
home = self[:home]
|
791
|
+
begin
|
792
|
+
home ||= provider.home
|
793
|
+
rescue
|
794
|
+
Puppet.debug("User '#{self[:name]}' does not exist")
|
795
|
+
end
|
796
|
+
|
797
|
+
if home.to_s.empty? || !Dir.exist?(home.to_s)
|
798
|
+
if value == :true || [ value ].flatten.any? { |v| v.start_with?('~/', '%h/') }
|
799
|
+
Puppet.debug("User '#{self[:name]}' has no home directory set to purge ssh keys from.")
|
800
|
+
return []
|
801
|
+
end
|
802
|
+
end
|
803
|
+
|
804
|
+
return [ "#{home}/.ssh/authorized_keys" ] if value == :true
|
805
|
+
|
806
|
+
# value is an array - munge each value
|
807
|
+
[ value ].flatten.map do |entry|
|
808
|
+
# make sure frozen value is duplicated by using a gsub, second mutating gsub! is then ok
|
809
|
+
entry = entry.gsub(/^~\//, "#{home}/")
|
810
|
+
entry.gsub!(/^%h\//, "#{home}/")
|
811
|
+
entry
|
812
|
+
end
|
813
|
+
end
|
814
|
+
|
798
815
|
# Parse an ssh authorized keys file superficially, extract the comments
|
799
816
|
# on the keys. These are considered names of possible ssh_authorized_keys
|
800
817
|
# resources. Keys that are managed by the present catalog are ignored.
|