puppet 6.22.1-universal-darwin → 6.25.1-universal-darwin

Sign up to get free protection for your applications and to get access to all the features.
Files changed (415) hide show
  1. checksums.yaml +4 -4
  2. data/CONTRIBUTING.md +5 -5
  3. data/Gemfile +2 -2
  4. data/Gemfile.lock +20 -20
  5. data/README.md +4 -4
  6. data/{ext → examples/enc}/regexp_nodes/classes/databases +0 -0
  7. data/{ext → examples/enc}/regexp_nodes/classes/webservers +0 -0
  8. data/{ext → examples/enc}/regexp_nodes/environment/development +0 -0
  9. data/{ext → examples/enc}/regexp_nodes/parameters/service/prod +0 -0
  10. data/{ext → examples/enc}/regexp_nodes/parameters/service/qa +0 -0
  11. data/{ext → examples/enc}/regexp_nodes/parameters/service/sandbox +0 -0
  12. data/{ext → examples/enc}/regexp_nodes/regexp_nodes.rb +0 -0
  13. data/{ext → examples}/nagios/check_puppet.rb +2 -2
  14. data/ext/README.md +13 -0
  15. data/ext/osx/puppet.plist +2 -0
  16. data/ext/project_data.yaml +1 -0
  17. data/lib/puppet/application/agent.rb +16 -5
  18. data/lib/puppet/application/apply.rb +22 -3
  19. data/lib/puppet/application/device.rb +2 -1
  20. data/lib/puppet/application/filebucket.rb +1 -0
  21. data/lib/puppet/application/resource.rb +32 -16
  22. data/lib/puppet/application/script.rb +2 -1
  23. data/lib/puppet/application/ssl.rb +1 -0
  24. data/lib/puppet/concurrent/thread_local_singleton.rb +1 -0
  25. data/lib/puppet/configurer/downloader.rb +2 -1
  26. data/lib/puppet/configurer.rb +144 -56
  27. data/lib/puppet/confine/variable.rb +1 -1
  28. data/lib/puppet/defaults.rb +47 -33
  29. data/lib/puppet/environments.rb +75 -25
  30. data/lib/puppet/face/facts.rb +1 -1
  31. data/lib/puppet/face/help/action.erb +1 -0
  32. data/lib/puppet/face/help/face.erb +1 -0
  33. data/lib/puppet/face/node/clean.rb +11 -0
  34. data/lib/puppet/facter_impl.rb +96 -0
  35. data/lib/puppet/file_serving/configuration/parser.rb +2 -0
  36. data/lib/puppet/file_serving/configuration.rb +3 -0
  37. data/lib/puppet/file_serving/fileset.rb +14 -2
  38. data/lib/puppet/file_serving/mount/file.rb +4 -4
  39. data/lib/puppet/file_serving/mount/scripts.rb +24 -0
  40. data/lib/puppet/file_system/file_impl.rb +3 -1
  41. data/lib/puppet/file_system/windows.rb +2 -2
  42. data/lib/puppet/forge.rb +4 -4
  43. data/lib/puppet/functions/all.rb +1 -1
  44. data/lib/puppet/functions/camelcase.rb +1 -1
  45. data/lib/puppet/functions/capitalize.rb +2 -2
  46. data/lib/puppet/functions/downcase.rb +2 -2
  47. data/lib/puppet/functions/empty.rb +8 -0
  48. data/lib/puppet/functions/find_template.rb +2 -2
  49. data/lib/puppet/functions/get.rb +5 -5
  50. data/lib/puppet/functions/group_by.rb +13 -5
  51. data/lib/puppet/functions/lest.rb +1 -1
  52. data/lib/puppet/functions/new.rb +100 -100
  53. data/lib/puppet/functions/partition.rb +4 -4
  54. data/lib/puppet/functions/require.rb +5 -5
  55. data/lib/puppet/functions/sort.rb +3 -3
  56. data/lib/puppet/functions/strftime.rb +1 -0
  57. data/lib/puppet/functions/tree_each.rb +7 -9
  58. data/lib/puppet/functions/type.rb +4 -4
  59. data/lib/puppet/functions/unwrap.rb +17 -2
  60. data/lib/puppet/functions/upcase.rb +2 -2
  61. data/lib/puppet/http/client.rb +1 -1
  62. data/lib/puppet/http/redirector.rb +5 -0
  63. data/lib/puppet/http/resolver/server_list.rb +15 -4
  64. data/lib/puppet/http/service/compiler.rb +75 -1
  65. data/lib/puppet/http/service/file_server.rb +2 -1
  66. data/lib/puppet/indirector/catalog/compiler.rb +25 -6
  67. data/lib/puppet/indirector/catalog/rest.rb +1 -0
  68. data/lib/puppet/indirector/facts/facter.rb +6 -6
  69. data/lib/puppet/indirector/file_metadata/rest.rb +1 -0
  70. data/lib/puppet/indirector/indirection.rb +1 -1
  71. data/lib/puppet/indirector/resource/ral.rb +6 -1
  72. data/lib/puppet/indirector/terminus.rb +4 -0
  73. data/lib/puppet/interface/documentation.rb +1 -0
  74. data/lib/puppet/module/plan.rb +0 -1
  75. data/lib/puppet/module/task.rb +1 -1
  76. data/lib/puppet/module.rb +1 -0
  77. data/lib/puppet/module_tool/applications/installer.rb +12 -4
  78. data/lib/puppet/module_tool/applications/uninstaller.rb +1 -1
  79. data/lib/puppet/module_tool/applications/upgrader.rb +1 -1
  80. data/lib/puppet/module_tool/errors/shared.rb +17 -0
  81. data/lib/puppet/network/http/api/indirected_routes.rb +1 -1
  82. data/lib/puppet/node/environment.rb +10 -11
  83. data/lib/puppet/pal/pal_impl.rb +1 -1
  84. data/lib/puppet/parser/functions/fqdn_rand.rb +14 -6
  85. data/lib/puppet/parser/resource.rb +1 -1
  86. data/lib/puppet/parser/scope.rb +1 -0
  87. data/lib/puppet/parser/templatewrapper.rb +1 -0
  88. data/lib/puppet/pops/evaluator/closure.rb +7 -5
  89. data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +1 -0
  90. data/lib/puppet/pops/lookup/lookup_adapter.rb +3 -2
  91. data/lib/puppet/pops/model/ast.rb +1 -0
  92. data/lib/puppet/pops/model/factory.rb +2 -1
  93. data/lib/puppet/pops/parser/eparser.rb +201 -201
  94. data/lib/puppet/pops/parser/lexer2.rb +92 -91
  95. data/lib/puppet/pops/parser/slurp_support.rb +1 -0
  96. data/lib/puppet/pops/serialization/to_data_converter.rb +18 -6
  97. data/lib/puppet/pops/serialization/to_stringified_converter.rb +1 -1
  98. data/lib/puppet/pops/types/p_sem_ver_type.rb +8 -2
  99. data/lib/puppet/pops/types/p_sensitive_type.rb +10 -0
  100. data/lib/puppet/pops/types/type_formatter.rb +4 -3
  101. data/lib/puppet/pops/types/type_mismatch_describer.rb +1 -1
  102. data/lib/puppet/pops/types/types.rb +1 -1
  103. data/lib/puppet/provider/aix_object.rb +1 -1
  104. data/lib/puppet/provider/exec/posix.rb +16 -4
  105. data/lib/puppet/provider/group/groupadd.rb +5 -2
  106. data/lib/puppet/provider/package/nim.rb +11 -6
  107. data/lib/puppet/provider/package/pip.rb +15 -3
  108. data/lib/puppet/provider/package/pkg.rb +19 -2
  109. data/lib/puppet/provider/package/puppetserver_gem.rb +1 -1
  110. data/lib/puppet/provider/package/yum.rb +1 -1
  111. data/lib/puppet/provider/parsedfile.rb +3 -0
  112. data/lib/puppet/provider/service/base.rb +1 -1
  113. data/lib/puppet/provider/service/init.rb +5 -5
  114. data/lib/puppet/provider/service/launchd.rb +2 -2
  115. data/lib/puppet/provider/service/redhat.rb +1 -1
  116. data/lib/puppet/provider/service/smf.rb +3 -3
  117. data/lib/puppet/provider/service/systemd.rb +15 -5
  118. data/lib/puppet/provider/service/upstart.rb +5 -5
  119. data/lib/puppet/provider/service/windows.rb +38 -0
  120. data/lib/puppet/provider/user/aix.rb +44 -1
  121. data/lib/puppet/provider/user/directoryservice.rb +26 -13
  122. data/lib/puppet/provider/user/useradd.rb +72 -16
  123. data/lib/puppet/provider.rb +1 -1
  124. data/lib/puppet/reference/configuration.rb +1 -1
  125. data/lib/puppet/reference/providers.rb +2 -2
  126. data/lib/puppet/resource/catalog.rb +1 -1
  127. data/lib/puppet/resource/type_collection.rb +1 -0
  128. data/lib/puppet/resource.rb +38 -5
  129. data/lib/puppet/runtime.rb +11 -1
  130. data/lib/puppet/settings.rb +32 -9
  131. data/lib/puppet/test/test_helper.rb +4 -1
  132. data/lib/puppet/transaction/additional_resource_generator.rb +1 -1
  133. data/lib/puppet/transaction/persistence.rb +11 -1
  134. data/lib/puppet/transaction/report.rb +15 -1
  135. data/lib/puppet/type/exec.rb +35 -5
  136. data/lib/puppet/type/file/mode.rb +6 -0
  137. data/lib/puppet/type/file/selcontext.rb +1 -1
  138. data/lib/puppet/type/file.rb +25 -7
  139. data/lib/puppet/type/filebucket.rb +3 -3
  140. data/lib/puppet/type/group.rb +0 -1
  141. data/lib/puppet/type/resources.rb +1 -1
  142. data/lib/puppet/type/service.rb +26 -41
  143. data/lib/puppet/type/tidy.rb +22 -3
  144. data/lib/puppet/type/user.rb +38 -21
  145. data/lib/puppet/type.rb +1 -1
  146. data/lib/puppet/util/command_line.rb +1 -1
  147. data/lib/puppet/util/filetype.rb +2 -2
  148. data/lib/puppet/util/json.rb +3 -0
  149. data/lib/puppet/util/log.rb +1 -2
  150. data/lib/puppet/util/logging.rb +1 -25
  151. data/lib/puppet/util/pidlock.rb +1 -1
  152. data/lib/puppet/util/rdoc/parser/puppet_parser_core.rb +1 -1
  153. data/lib/puppet/util/selinux.rb +30 -4
  154. data/lib/puppet/util/suidmanager.rb +1 -2
  155. data/lib/puppet/util/symbolic_file_mode.rb +29 -17
  156. data/lib/puppet/util/tagging.rb +1 -0
  157. data/lib/puppet/util/windows/service.rb +0 -5
  158. data/lib/puppet/util/windows/sid.rb +3 -1
  159. data/lib/puppet/util/windows/user.rb +0 -2
  160. data/lib/puppet/util/windows.rb +3 -0
  161. data/lib/puppet/util.rb +4 -3
  162. data/lib/puppet/version.rb +1 -1
  163. data/lib/puppet.rb +5 -9
  164. data/locales/puppet.pot +408 -364
  165. data/man/man5/puppet.conf.5 +303 -275
  166. data/man/man8/puppet-agent.8 +4 -1
  167. data/man/man8/puppet-apply.8 +1 -1
  168. data/man/man8/puppet-catalog.8 +9 -9
  169. data/man/man8/puppet-config.8 +1 -1
  170. data/man/man8/puppet-describe.8 +1 -1
  171. data/man/man8/puppet-device.8 +1 -1
  172. data/man/man8/puppet-doc.8 +1 -1
  173. data/man/man8/puppet-epp.8 +1 -1
  174. data/man/man8/puppet-facts.8 +8 -8
  175. data/man/man8/puppet-filebucket.8 +1 -1
  176. data/man/man8/puppet-generate.8 +1 -1
  177. data/man/man8/puppet-help.8 +1 -1
  178. data/man/man8/puppet-key.8 +7 -7
  179. data/man/man8/puppet-lookup.8 +1 -1
  180. data/man/man8/puppet-man.8 +1 -1
  181. data/man/man8/puppet-module.8 +3 -3
  182. data/man/man8/puppet-node.8 +5 -5
  183. data/man/man8/puppet-parser.8 +1 -1
  184. data/man/man8/puppet-plugin.8 +1 -1
  185. data/man/man8/puppet-report.8 +5 -5
  186. data/man/man8/puppet-resource.8 +1 -1
  187. data/man/man8/puppet-script.8 +1 -1
  188. data/man/man8/puppet-ssl.8 +1 -1
  189. data/man/man8/puppet-status.8 +4 -4
  190. data/man/man8/puppet.8 +2 -2
  191. data/spec/fixtures/integration/application/agent/cached_deferred_catalog.json +2 -1
  192. data/spec/fixtures/integration/application/agent/lib/facter/agent_spec_role.rb +3 -0
  193. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/Gemfile +4 -0
  194. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/Rakefile +3 -0
  195. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/lib/puppet/functions/l10n.rb +8 -0
  196. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/config.yaml +25 -0
  197. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/ja/puppet-l10n.po +19 -0
  198. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/puppet-l10n.pot +20 -0
  199. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/metadata.json +8 -0
  200. data/spec/fixtures/ssl/127.0.0.1-key.pem +107 -57
  201. data/spec/fixtures/ssl/127.0.0.1.pem +52 -31
  202. data/spec/fixtures/ssl/bad-basic-constraints.pem +57 -35
  203. data/spec/fixtures/ssl/bad-int-basic-constraints.pem +57 -35
  204. data/spec/fixtures/ssl/ca.pem +57 -35
  205. data/spec/fixtures/ssl/crl.pem +28 -18
  206. data/spec/fixtures/ssl/ec-key.pem +11 -11
  207. data/spec/fixtures/ssl/ec.pem +33 -24
  208. data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
  209. data/spec/fixtures/ssl/encrypted-key.pem +108 -58
  210. data/spec/fixtures/ssl/intermediate-agent-crl.pem +28 -19
  211. data/spec/fixtures/ssl/intermediate-agent.pem +57 -36
  212. data/spec/fixtures/ssl/intermediate-crl.pem +31 -21
  213. data/spec/fixtures/ssl/intermediate.pem +57 -36
  214. data/spec/fixtures/ssl/oid-key.pem +117 -0
  215. data/spec/fixtures/ssl/oid.pem +69 -0
  216. data/spec/fixtures/ssl/pluto-key.pem +107 -57
  217. data/spec/fixtures/ssl/pluto.pem +52 -30
  218. data/spec/fixtures/ssl/request-key.pem +107 -57
  219. data/spec/fixtures/ssl/request.pem +47 -26
  220. data/spec/fixtures/ssl/revoked-key.pem +107 -57
  221. data/spec/fixtures/ssl/revoked.pem +52 -30
  222. data/spec/fixtures/ssl/signed-key.pem +107 -57
  223. data/spec/fixtures/ssl/signed.pem +52 -30
  224. data/spec/fixtures/ssl/tampered-cert.pem +52 -30
  225. data/spec/fixtures/ssl/tampered-csr.pem +47 -26
  226. data/spec/fixtures/ssl/trusted_oid_mapping.yaml +5 -0
  227. data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +107 -57
  228. data/spec/fixtures/ssl/unknown-127.0.0.1.pem +50 -29
  229. data/spec/fixtures/ssl/unknown-ca-key.pem +107 -57
  230. data/spec/fixtures/ssl/unknown-ca.pem +55 -33
  231. data/spec/integration/application/agent_spec.rb +141 -37
  232. data/spec/integration/application/filebucket_spec.rb +16 -0
  233. data/spec/integration/application/module_spec.rb +21 -0
  234. data/spec/integration/application/resource_spec.rb +64 -0
  235. data/spec/integration/application/ssl_spec.rb +20 -0
  236. data/spec/integration/configurer_spec.rb +18 -2
  237. data/spec/integration/environments/settings_interpolation_spec.rb +0 -4
  238. data/spec/integration/indirector/facts/facter_spec.rb +93 -39
  239. data/spec/integration/l10n/compiler_spec.rb +37 -0
  240. data/spec/integration/parser/pcore_resource_spec.rb +10 -0
  241. data/spec/integration/transaction/report_spec.rb +1 -1
  242. data/spec/integration/type/exec_spec.rb +70 -45
  243. data/spec/integration/type/file_spec.rb +2 -2
  244. data/spec/integration/type/package_spec.rb +6 -6
  245. data/spec/integration/util/rdoc/parser_spec.rb +1 -1
  246. data/spec/integration/util/windows/process_spec.rb +1 -9
  247. data/spec/lib/puppet/test_ca.rb +7 -2
  248. data/spec/lib/puppet_spec/modules.rb +13 -2
  249. data/spec/lib/puppet_spec/puppetserver.rb +15 -0
  250. data/spec/lib/puppet_spec/settings.rb +1 -0
  251. data/spec/shared_behaviours/documentation_on_faces.rb +0 -2
  252. data/spec/shared_contexts/l10n.rb +27 -0
  253. data/spec/spec_helper.rb +1 -10
  254. data/spec/unit/application/agent_spec.rb +7 -2
  255. data/spec/unit/application/apply_spec.rb +76 -56
  256. data/spec/unit/application/resource_spec.rb +29 -0
  257. data/spec/unit/configurer/downloader_spec.rb +6 -0
  258. data/spec/unit/configurer_spec.rb +256 -57
  259. data/spec/unit/defaults_spec.rb +1 -0
  260. data/spec/unit/environments_spec.rb +184 -0
  261. data/spec/unit/facter_impl_spec.rb +31 -0
  262. data/spec/unit/file_bucket/dipper_spec.rb +2 -2
  263. data/spec/unit/file_serving/configuration/parser_spec.rb +23 -0
  264. data/spec/unit/file_serving/configuration_spec.rb +14 -4
  265. data/spec/unit/file_serving/fileset_spec.rb +60 -0
  266. data/spec/unit/file_serving/mount/scripts_spec.rb +69 -0
  267. data/spec/unit/file_system_spec.rb +13 -0
  268. data/spec/unit/functions/assert_type_spec.rb +1 -1
  269. data/spec/unit/functions/empty_spec.rb +10 -0
  270. data/spec/unit/functions/logging_spec.rb +1 -0
  271. data/spec/unit/functions/lookup_spec.rb +64 -0
  272. data/spec/unit/functions/unwrap_spec.rb +8 -0
  273. data/spec/unit/functions4_spec.rb +2 -2
  274. data/spec/unit/gettext/config_spec.rb +12 -0
  275. data/spec/unit/http/client_spec.rb +58 -1
  276. data/spec/unit/http/service/compiler_spec.rb +131 -0
  277. data/spec/unit/indirector/catalog/compiler_spec.rb +101 -10
  278. data/spec/unit/indirector/catalog/rest_spec.rb +8 -0
  279. data/spec/unit/indirector/indirection_spec.rb +10 -3
  280. data/spec/unit/indirector/resource/ral_spec.rb +40 -75
  281. data/spec/unit/interface/action_spec.rb +0 -9
  282. data/spec/unit/module_spec.rb +15 -1
  283. data/spec/unit/module_tool/applications/installer_spec.rb +51 -12
  284. data/spec/unit/network/authstore_spec.rb +0 -15
  285. data/spec/unit/network/formats_spec.rb +6 -0
  286. data/spec/unit/parser/functions/fqdn_rand_spec.rb +15 -1
  287. data/spec/unit/parser/templatewrapper_spec.rb +12 -2
  288. data/spec/unit/pops/parser/parse_containers_spec.rb +0 -11
  289. data/spec/unit/pops/serialization/to_from_hr_spec.rb +58 -0
  290. data/spec/unit/pops/serialization/to_stringified_spec.rb +5 -0
  291. data/spec/unit/pops/types/p_sem_ver_type_spec.rb +18 -0
  292. data/spec/unit/pops/types/p_sensitive_type_spec.rb +18 -0
  293. data/spec/unit/pops/types/type_calculator_spec.rb +6 -0
  294. data/spec/unit/provider/package/gem_spec.rb +1 -1
  295. data/spec/unit/provider/package/nim_spec.rb +42 -0
  296. data/spec/unit/provider/package/pip2_spec.rb +1 -1
  297. data/spec/unit/provider/package/pip3_spec.rb +1 -1
  298. data/spec/unit/provider/package/pip_spec.rb +38 -1
  299. data/spec/unit/provider/package/pkg_spec.rb +29 -4
  300. data/spec/unit/provider/package/puppet_gem_spec.rb +1 -1
  301. data/spec/unit/provider/package/puppetserver_gem_spec.rb +1 -1
  302. data/spec/unit/provider/parsedfile_spec.rb +10 -0
  303. data/spec/unit/provider/service/init_spec.rb +1 -0
  304. data/spec/unit/provider/service/launchd_spec.rb +11 -0
  305. data/spec/unit/provider/service/openwrt_spec.rb +3 -1
  306. data/spec/unit/provider/service/systemd_spec.rb +43 -9
  307. data/spec/unit/provider/service/windows_spec.rb +202 -0
  308. data/spec/unit/provider/user/aix_spec.rb +100 -0
  309. data/spec/unit/provider/user/directoryservice_spec.rb +68 -36
  310. data/spec/unit/provider/user/useradd_spec.rb +43 -2
  311. data/spec/unit/provider_spec.rb +4 -4
  312. data/spec/unit/puppet_spec.rb +12 -4
  313. data/spec/unit/resource/catalog_spec.rb +14 -1
  314. data/spec/unit/resource_spec.rb +58 -2
  315. data/spec/unit/settings_spec.rb +97 -56
  316. data/spec/unit/ssl/certificate_request_spec.rb +8 -14
  317. data/spec/unit/ssl/state_machine_spec.rb +19 -5
  318. data/spec/unit/transaction/additional_resource_generator_spec.rb +0 -2
  319. data/spec/unit/transaction_spec.rb +18 -20
  320. data/spec/unit/type/exec_spec.rb +76 -29
  321. data/spec/unit/type/file/selinux_spec.rb +3 -3
  322. data/spec/unit/type/file/source_spec.rb +4 -4
  323. data/spec/unit/type/service_spec.rb +86 -188
  324. data/spec/unit/type/tidy_spec.rb +24 -7
  325. data/spec/unit/type/user_spec.rb +45 -0
  326. data/spec/unit/type_spec.rb +2 -2
  327. data/spec/unit/util/logging_spec.rb +2 -0
  328. data/spec/unit/util/selinux_spec.rb +87 -16
  329. data/spec/unit/util/windows/sid_spec.rb +39 -4
  330. data/tasks/generate_cert_fixtures.rake +12 -3
  331. data/tasks/parallel.rake +3 -3
  332. metadata +49 -95
  333. data/ext/README.environment +0 -8
  334. data/ext/dbfix.sql +0 -132
  335. data/ext/debian/README.Debian +0 -8
  336. data/ext/debian/README.source +0 -2
  337. data/ext/debian/TODO.Debian +0 -1
  338. data/ext/debian/changelog.erb +0 -1122
  339. data/ext/debian/compat +0 -1
  340. data/ext/debian/control +0 -144
  341. data/ext/debian/copyright +0 -339
  342. data/ext/debian/docs +0 -1
  343. data/ext/debian/fileserver.conf +0 -41
  344. data/ext/debian/puppet-common.dirs +0 -13
  345. data/ext/debian/puppet-common.install +0 -3
  346. data/ext/debian/puppet-common.lintian-overrides +0 -5
  347. data/ext/debian/puppet-common.manpages +0 -28
  348. data/ext/debian/puppet-common.postinst +0 -35
  349. data/ext/debian/puppet-common.postrm +0 -33
  350. data/ext/debian/puppet-el.dirs +0 -1
  351. data/ext/debian/puppet-el.emacsen-install +0 -25
  352. data/ext/debian/puppet-el.emacsen-remove +0 -11
  353. data/ext/debian/puppet-el.emacsen-startup +0 -9
  354. data/ext/debian/puppet-el.install +0 -1
  355. data/ext/debian/puppet-testsuite.install +0 -2
  356. data/ext/debian/puppet-testsuite.lintian-overrides +0 -4
  357. data/ext/debian/puppet.lintian-overrides +0 -3
  358. data/ext/debian/puppet.logrotate +0 -20
  359. data/ext/debian/puppet.postinst +0 -20
  360. data/ext/debian/puppet.postrm +0 -20
  361. data/ext/debian/puppet.preinst +0 -20
  362. data/ext/debian/puppetmaster-common.install +0 -2
  363. data/ext/debian/puppetmaster-common.manpages +0 -2
  364. data/ext/debian/puppetmaster-common.postinst +0 -6
  365. data/ext/debian/puppetmaster-passenger.dirs +0 -4
  366. data/ext/debian/puppetmaster-passenger.postinst +0 -162
  367. data/ext/debian/puppetmaster-passenger.postrm +0 -61
  368. data/ext/debian/puppetmaster.README.debian +0 -17
  369. data/ext/debian/puppetmaster.default +0 -14
  370. data/ext/debian/puppetmaster.init +0 -137
  371. data/ext/debian/puppetmaster.lintian-overrides +0 -3
  372. data/ext/debian/puppetmaster.postinst +0 -20
  373. data/ext/debian/puppetmaster.postrm +0 -5
  374. data/ext/debian/puppetmaster.preinst +0 -22
  375. data/ext/debian/rules +0 -132
  376. data/ext/debian/source/format +0 -1
  377. data/ext/debian/source/options +0 -1
  378. data/ext/debian/vim-puppet.README.Debian +0 -13
  379. data/ext/debian/vim-puppet.dirs +0 -5
  380. data/ext/debian/vim-puppet.yaml +0 -7
  381. data/ext/debian/watch +0 -2
  382. data/ext/freebsd/puppetd +0 -26
  383. data/ext/freebsd/puppetmasterd +0 -26
  384. data/ext/gentoo/conf.d/puppet +0 -5
  385. data/ext/gentoo/conf.d/puppetmaster +0 -12
  386. data/ext/gentoo/init.d/puppet +0 -38
  387. data/ext/gentoo/init.d/puppetmaster +0 -51
  388. data/ext/gentoo/puppet/fileserver.conf +0 -41
  389. data/ext/ips/puppet-agent +0 -44
  390. data/ext/ips/puppet-master +0 -44
  391. data/ext/ips/puppet.p5m.erb +0 -12
  392. data/ext/ips/puppetagent.xml +0 -42
  393. data/ext/ips/puppetmaster.xml +0 -42
  394. data/ext/ips/rules +0 -19
  395. data/ext/ips/transforms +0 -34
  396. data/ext/ldap/puppet.schema +0 -24
  397. data/ext/logcheck/puppet +0 -23
  398. data/ext/osx/file_mapping.yaml +0 -33
  399. data/ext/osx/postflight.erb +0 -109
  400. data/ext/osx/preflight.erb +0 -52
  401. data/ext/osx/prototype.plist.erb +0 -38
  402. data/ext/redhat/fileserver.conf +0 -41
  403. data/ext/redhat/logrotate +0 -21
  404. data/ext/redhat/puppet.spec.erb +0 -842
  405. data/ext/redhat/server.init +0 -128
  406. data/ext/redhat/server.sysconfig +0 -13
  407. data/ext/solaris/pkginfo +0 -6
  408. data/ext/solaris/smf/puppetd.xml +0 -77
  409. data/ext/solaris/smf/puppetmasterd.xml +0 -77
  410. data/ext/solaris/smf/svc-puppetd +0 -71
  411. data/ext/solaris/smf/svc-puppetmasterd +0 -67
  412. data/ext/suse/puppet.spec +0 -310
  413. data/ext/suse/server.init +0 -173
  414. data/ext/yaml_nodes.rb +0 -105
  415. data/spec/unit/indirector/store_configs_spec.rb +0 -7
@@ -4,7 +4,7 @@ Puppet::Type.type(:service).provide :init, :parent => :base do
4
4
  desc "Standard `init`-style service management."
5
5
 
6
6
  def self.defpath
7
- case Facter.value(:operatingsystem)
7
+ case Puppet.runtime[:facter].value(:operatingsystem)
8
8
  when "FreeBSD", "DragonFly"
9
9
  ["/etc/rc.d", "/usr/local/etc/rc.d"]
10
10
  when "HP-UX"
@@ -21,8 +21,8 @@ Puppet::Type.type(:service).provide :init, :parent => :base do
21
21
  # Debian and Ubuntu should use the Debian provider.
22
22
  # RedHat systems should use the RedHat provider.
23
23
  confine :true => begin
24
- os = Facter.value(:operatingsystem).downcase
25
- family = Facter.value(:osfamily).downcase
24
+ os = Puppet.runtime[:facter].value(:operatingsystem).downcase
25
+ family = Puppet.runtime[:facter].value(:osfamily).downcase
26
26
  !(os == 'debian' || os == 'ubuntu' || family == 'redhat')
27
27
  end
28
28
 
@@ -54,7 +54,7 @@ Puppet::Type.type(:service).provide :init, :parent => :base do
54
54
  # these excludes were found with grep -r -L start /etc/init.d
55
55
  excludes += %w{rcS module-init-tools}
56
56
  # Prevent puppet failing on unsafe scripts from Yocto Linux
57
- if Facter.value(:osfamily) == "cisco-wrlinux"
57
+ if Puppet.runtime[:facter].value(:osfamily) == "cisco-wrlinux"
58
58
  excludes += %w{banner.sh bootmisc.sh checkroot.sh devpts.sh dmesg.sh
59
59
  hostname.sh mountall.sh mountnfs.sh populate-volatile.sh
60
60
  rmnologin.sh save-rtc.sh sendsigs sysfs.sh umountfs
@@ -171,7 +171,7 @@ Puppet::Type.type(:service).provide :init, :parent => :base do
171
171
  end
172
172
 
173
173
  def texecute(type, command, fof = true, squelch = false, combine = true)
174
- if type == :start && Facter.value(:osfamily) == "Solaris"
174
+ if type == :start && Puppet.runtime[:facter].value(:osfamily) == "Solaris"
175
175
  command = ["/usr/bin/ctrun -l child", command].flatten.join(" ")
176
176
  end
177
177
  super(type, command, fof, squelch, combine)
@@ -70,7 +70,7 @@ Puppet::Type.type(:service).provide :launchd, :parent => :base do
70
70
  #
71
71
  # @api private
72
72
  def self.get_os_version
73
- @os_version ||= Facter.value(:operatingsystemmajrelease).to_i
73
+ @os_version ||= Puppet.runtime[:facter].value(:operatingsystemmajrelease).to_i
74
74
  end
75
75
 
76
76
  # Defines the path to the overrides plist file where service enabling
@@ -138,7 +138,7 @@ Puppet::Type.type(:service).provide :launchd, :parent => :base do
138
138
  Puppet.debug("Reading launchd plist #{filepath}")
139
139
  job = read_plist(filepath)
140
140
  next if job.nil?
141
- if job.has_key?("Label")
141
+ if job.respond_to?(:key) && job.key?("Label")
142
142
  @label_to_path_map[job["Label"]] = filepath
143
143
  else
144
144
  #TRANSLATORS 'plist' and label' should not be translated
@@ -35,7 +35,7 @@ Puppet::Type.type(:service).provide :redhat, :parent => :init, :source => :init
35
35
  # For Suse OS family, chkconfig returns 0 even if the service is disabled or non-existent
36
36
  # Therefore, check the output for '<name> on' (or '<name> B for boot services)
37
37
  # to see if it is enabled
38
- return :false unless Facter.value(:osfamily) != 'Suse' || output =~ /^#{name}\s+(on|B)$/
38
+ return :false unless Puppet.runtime[:facter].value(:osfamily) != 'Suse' || output =~ /^#{name}\s+(on|B)$/
39
39
 
40
40
  :true
41
41
  end
@@ -73,14 +73,14 @@ Puppet::Type.type(:service).provide :smf, :parent => :base do
73
73
 
74
74
  # Returns true if the provider supports incomplete services.
75
75
  def supports_incomplete_services?
76
- Puppet::Util::Package.versioncmp(Facter.value(:operatingsystemrelease), '11.1') >= 0
76
+ Puppet::Util::Package.versioncmp(Puppet.runtime[:facter].value(:operatingsystemrelease), '11.1') >= 0
77
77
  end
78
78
 
79
79
  # Returns true if the service is complete. A complete service is a service that
80
80
  # has the general/complete property defined.
81
81
  def complete_service?
82
82
  unless supports_incomplete_services?
83
- raise Puppet::Error, _("Cannot query if the %{service} service is complete: The concept of complete/incomplete services was introduced in Solaris 11.1. You are on a Solaris %{release} machine.") % { service: @resource[:name], release: Facter.value(:operatingsystemrelease) }
83
+ raise Puppet::Error, _("Cannot query if the %{service} service is complete: The concept of complete/incomplete services was introduced in Solaris 11.1. You are on a Solaris %{release} machine.") % { service: @resource[:name], release: Puppet.runtime[:facter].value(:operatingsystemrelease) }
84
84
  end
85
85
 
86
86
  return @complete_service if @complete_service
@@ -113,7 +113,7 @@ Puppet::Type.type(:service).provide :smf, :parent => :base do
113
113
  end
114
114
 
115
115
  def restartcmd
116
- if Puppet::Util::Package.versioncmp(Facter.value(:operatingsystemrelease), '11.2') >= 0
116
+ if Puppet::Util::Package.versioncmp(Puppet.runtime[:facter].value(:operatingsystemrelease), '11.2') >= 0
117
117
  [command(:adm), :restart, "-s", @resource[:name]]
118
118
  else
119
119
  # Synchronous restart only supported in Solaris 11.2 and above
@@ -14,7 +14,7 @@ Puppet::Type.type(:service).provide :systemd, :parent => :base do
14
14
  confine :true => Puppet::FileSystem.exist?('/proc/1/comm') && Puppet::FileSystem.read('/proc/1/comm').include?('systemd')
15
15
 
16
16
  defaultfor :osfamily => [:archlinux]
17
- defaultfor :osfamily => :redhat, :operatingsystemmajrelease => ["7", "8"]
17
+ defaultfor :osfamily => :redhat, :operatingsystemmajrelease => ["7", "8", "9"]
18
18
  defaultfor :osfamily => :redhat, :operatingsystem => :fedora
19
19
  defaultfor :osfamily => :suse
20
20
  defaultfor :osfamily => :coreos
@@ -45,8 +45,13 @@ Puppet::Type.type(:service).provide :systemd, :parent => :base do
45
45
  def enabled_insync?(current)
46
46
  case cached_enabled?[:output]
47
47
  when 'static'
48
- Puppet.debug("Unable to enable or disable static service #{@resource[:name]}")
49
- return true
48
+ # masking static services is OK, but enabling/disabling them is not
49
+ if @resource[:enable] == :mask
50
+ current == @resource[:enable]
51
+ else
52
+ Puppet.debug("Unable to enable or disable static service #{@resource[:name]}")
53
+ return true
54
+ end
50
55
  when 'indirect'
51
56
  Puppet.debug("Service #{@resource[:name]} is in 'indirect' state and cannot be enabled/disabled")
52
57
  return true
@@ -105,7 +110,7 @@ Puppet::Type.type(:service).provide :systemd, :parent => :base do
105
110
  # The indirect state indicates that the unit is not enabled.
106
111
  return :false if output == 'indirect'
107
112
  return :true if (code == 0)
108
- if (output.empty?) && (code > 0) && (Facter.value(:osfamily).casecmp('debian').zero?)
113
+ if (output.empty?) && (code > 0) && (Puppet.runtime[:facter].value(:osfamily).casecmp('debian').zero?)
109
114
  ret = debian_enabled?
110
115
  return ret if ret
111
116
  end
@@ -159,10 +164,15 @@ Puppet::Type.type(:service).provide :systemd, :parent => :base do
159
164
  end
160
165
 
161
166
  def mask
162
- self.disable
167
+ disable if exist?
163
168
  systemctl_change_enable(:mask)
164
169
  end
165
170
 
171
+ def exist?
172
+ result = execute([command(:systemctl), 'cat', '--', @resource[:name]], :failonfail => false)
173
+ result.exitstatus == 0
174
+ end
175
+
166
176
  def unmask
167
177
  systemctl_change_enable(:unmask)
168
178
  end
@@ -10,10 +10,10 @@ Puppet::Type.type(:service).provide :upstart, :parent => :debian do
10
10
  "
11
11
 
12
12
  confine :any => [
13
- Facter.value(:operatingsystem) == 'Ubuntu',
14
- (Facter.value(:osfamily) == 'RedHat' and Facter.value(:operatingsystemrelease) =~ /^6\./),
15
- (Facter.value(:operatingsystem) == 'Amazon' and Facter.value(:operatingsystemmajrelease) =~ /\d{4}/),
16
- Facter.value(:operatingsystem) == 'LinuxMint',
13
+ Puppet.runtime[:facter].value(:operatingsystem) == 'Ubuntu',
14
+ (Puppet.runtime[:facter].value(:osfamily) == 'RedHat' and Puppet.runtime[:facter].value(:operatingsystemrelease) =~ /^6\./),
15
+ (Puppet.runtime[:facter].value(:operatingsystem) == 'Amazon' and Puppet.runtime[:facter].value(:operatingsystemmajrelease) =~ /\d{4}/),
16
+ Puppet.runtime[:facter].value(:operatingsystem) == 'LinuxMint',
17
17
  ]
18
18
 
19
19
  defaultfor :operatingsystem => :ubuntu, :operatingsystemmajrelease => ["10.04", "12.04", "14.04", "14.10"]
@@ -57,7 +57,7 @@ Puppet::Type.type(:service).provide :upstart, :parent => :debian do
57
57
 
58
58
  def self.excludes
59
59
  excludes = super
60
- if Facter.value(:osfamily) == 'RedHat'
60
+ if Puppet.runtime[:facter].value(:osfamily) == 'RedHat'
61
61
  # Puppet cannot deal with services that have instances, so we have to
62
62
  # ignore these services using instances on redhat based systems.
63
63
  excludes += %w[serial tty]
@@ -128,17 +128,55 @@ Puppet::Type.type(:service).provide :windows, :parent => :service do
128
128
  services
129
129
  end
130
130
 
131
+ def logonaccount_insync?(current)
132
+ @normalized_logon_account ||= normalize_logonaccount
133
+ @resource[:logonaccount] = @normalized_logon_account
134
+
135
+ insync = @resource[:logonaccount] == current
136
+ self.logonpassword = @resource[:logonpassword] if insync
137
+ insync
138
+ end
139
+
131
140
  def logonaccount
132
141
  return unless Puppet::Util::Windows::Service.exists?(@resource[:name])
133
142
  Puppet::Util::Windows::Service.logon_account(@resource[:name])
134
143
  end
135
144
 
136
145
  def logonaccount=(value)
146
+ validate_logon_credentials
137
147
  Puppet::Util::Windows::Service.set_startup_configuration(@resource[:name], options: {logon_account: value, logon_password: @resource[:logonpassword]})
138
148
  restart if @resource[:ensure] == :running && [:running, :paused].include?(status)
139
149
  end
140
150
 
141
151
  def logonpassword=(value)
152
+ validate_logon_credentials
142
153
  Puppet::Util::Windows::Service.set_startup_configuration(@resource[:name], options: {logon_password: value})
143
154
  end
155
+
156
+ private
157
+
158
+ def normalize_logonaccount
159
+ logon_account = @resource[:logonaccount].sub(/^\.\\/, "#{Puppet::Util::Windows::ADSI.computer_name}\\")
160
+ return 'LocalSystem' if Puppet::Util::Windows::User::localsystem?(logon_account)
161
+
162
+ @logonaccount_information ||= Puppet::Util::Windows::SID.name_to_principal(logon_account)
163
+ return logon_account unless @logonaccount_information
164
+ return ".\\#{@logonaccount_information.account}" if @logonaccount_information.domain == Puppet::Util::Windows::ADSI.computer_name
165
+ @logonaccount_information.domain_account
166
+ end
167
+
168
+ def validate_logon_credentials
169
+ unless Puppet::Util::Windows::User::localsystem?(@normalized_logon_account)
170
+ raise Puppet::Error.new("\"#{@normalized_logon_account}\" is not a valid account") unless @logonaccount_information && [:SidTypeUser, :SidTypeWellKnownGroup].include?(@logonaccount_information.account_type)
171
+
172
+ user_rights = Puppet::Util::Windows::User::get_rights(@logonaccount_information.domain_account) unless Puppet::Util::Windows::User::default_system_account?(@normalized_logon_account)
173
+ raise Puppet::Error.new("\"#{@normalized_logon_account}\" has the 'Log On As A Service' right set to denied.") if user_rights =~ /SeDenyServiceLogonRight/
174
+ raise Puppet::Error.new("\"#{@normalized_logon_account}\" is missing the 'Log On As A Service' right.") unless user_rights.nil? || user_rights =~ /SeServiceLogonRight/
175
+ end
176
+
177
+ is_a_predefined_local_account = Puppet::Util::Windows::User::default_system_account?(@normalized_logon_account) || @normalized_logon_account == 'LocalSystem'
178
+ account_info = @normalized_logon_account.split("\\")
179
+ able_to_logon = Puppet::Util::Windows::User.password_is?(account_info[1], @resource[:logonpassword], account_info[0]) unless is_a_predefined_local_account
180
+ raise Puppet::Error.new("The given password is invalid for user '#{@normalized_logon_account}'.") unless is_a_predefined_local_account || able_to_logon
181
+ end
144
182
  end
@@ -265,6 +265,50 @@ Puppet::Type.type(:user).provide :aix, :parent => Puppet::Provider::AixObject do
265
265
  end
266
266
  end
267
267
 
268
+ # Lists all instances of the given object, taking in an optional set
269
+ # of ia_module arguments. Returns an array of hashes, each hash
270
+ # having the schema
271
+ # {
272
+ # :name => <object_name>
273
+ # :home => <object_home>
274
+ # }
275
+ def list_all_homes(ia_module_args = [])
276
+ cmd = [command(:list), '-c', *ia_module_args, '-a', 'home', 'ALL']
277
+ parse_aix_objects(execute(cmd)).to_a.map do |object|
278
+ name = object[:name]
279
+ home = object[:attributes].delete(:home)
280
+
281
+ { name: name, home: home }
282
+ end
283
+ rescue => e
284
+ Puppet.debug("Could not list home of all users: #{e.message}")
285
+ {}
286
+ end
287
+
288
+ # Deletes this instance resource
289
+ def delete
290
+ homedir = home
291
+ super
292
+ return unless @resource.managehome?
293
+
294
+ if !Puppet::Util.absolute_path?(homedir) || File.realpath(homedir) == '/' || Puppet::FileSystem.symlink?(homedir)
295
+ Puppet.debug("Can not remove home directory '#{homedir}' of user '#{@resource[:name]}'. Please make sure the path is not relative, symlink or '/'.")
296
+ return
297
+ end
298
+
299
+ affected_home = list_all_homes.find { |info| info[:home].start_with?(File.realpath(homedir)) }
300
+ if affected_home
301
+ Puppet.debug("Can not remove home directory '#{homedir}' of user '#{@resource[:name]}' as it would remove the home directory '#{affected_home[:home]}' of user '#{affected_home[:name]}' also.")
302
+ return
303
+ end
304
+
305
+ FileUtils.remove_entry_secure(homedir, true)
306
+ end
307
+
308
+ def deletecmd
309
+ [self.class.command(:delete), '-p'] + ia_module_args + [@resource[:name]]
310
+ end
311
+
268
312
  # UNSUPPORTED
269
313
  #- **profile_membership**
270
314
  # Whether specified roles should be treated as the only roles
@@ -314,5 +358,4 @@ Puppet::Type.type(:user).provide :aix, :parent => Puppet::Provider::AixObject do
314
358
  # be treated as the minimum membership list. Valid values are
315
359
  # `inclusive`, `minimum`.
316
360
  # UNSUPPORTED
317
-
318
361
  end
@@ -159,7 +159,7 @@ Puppet::Type.type(:user).provide :directoryservice do
159
159
  end
160
160
 
161
161
  def self.get_os_version
162
- @os_version ||= Facter.value(:macosx_productversion_major)
162
+ @os_version ||= Puppet.runtime[:facter].value(:macosx_productversion_major)
163
163
  end
164
164
 
165
165
  # Use dscl to retrieve an array of hashes containing attributes about all
@@ -435,7 +435,7 @@ Puppet::Type.type(:user).provide :directoryservice do
435
435
  ['home', 'uid', 'gid', 'comment', 'shell'].each do |setter_method|
436
436
  define_method("#{setter_method}=") do |value|
437
437
  if @property_hash[setter_method.intern]
438
- if self.class.get_os_version.split('.').last.to_i >= 14 && %w(home uid).include?(setter_method)
438
+ if %w(home uid).include?(setter_method)
439
439
  raise Puppet::Error, "OS X version #{self.class.get_os_version} does not allow changing #{setter_method} using puppet"
440
440
  end
441
441
  begin
@@ -536,6 +536,14 @@ Puppet::Type.type(:user).provide :directoryservice do
536
536
  if (shadow_hash_data.class == Hash) && (shadow_hash_data.has_key?('SALTED-SHA512'))
537
537
  shadow_hash_data.delete('SALTED-SHA512')
538
538
  end
539
+
540
+ # Starting with macOS 11 Big Sur, the AuthenticationAuthority field
541
+ # could be missing entirely and without it the managed user cannot log in
542
+ if needs_sha512_pbkdf2_authentication_authority_to_be_added?(users_plist)
543
+ Puppet.debug("Adding 'SALTED-SHA512-PBKDF2' AuthenticationAuthority key for ShadowHash to user '#{@resource.name}'")
544
+ merge_attribute_with_dscl('Users', @resource.name, 'AuthenticationAuthority', ERB::Util.html_escape(SHA512_PBKDF2_AUTHENTICATION_AUTHORITY))
545
+ end
546
+
539
547
  set_salted_pbkdf2(users_plist, shadow_hash_data, 'entropy', value)
540
548
  end
541
549
  end
@@ -562,6 +570,17 @@ Puppet::Type.type(:user).provide :directoryservice do
562
570
  end
563
571
  end
564
572
 
573
+ # This method will check if authentication_authority key of a user's plist
574
+ # needs SALTED_SHA512_PBKDF2 to be added. This is a valid case for macOS 11 (Big Sur)
575
+ # where users created with `dscl` started to have this field missing
576
+ def needs_sha512_pbkdf2_authentication_authority_to_be_added?(users_plist)
577
+ authority = users_plist['authentication_authority']
578
+ return false if Puppet::Util::Package.versioncmp(self.class.get_os_version, '11.0.0') < 0 && authority && authority.include?(SHA512_PBKDF2_AUTHENTICATION_AUTHORITY)
579
+
580
+ Puppet.debug("User '#{@resource.name}' is missing the 'SALTED-SHA512-PBKDF2' AuthenticationAuthority key for ShadowHash")
581
+ true
582
+ end
583
+
565
584
  # This method will embed the binary plist data comprising the user's
566
585
  # password hash (and Salt/Iterations value if the OS is 10.8 or greater)
567
586
  # into the ShadowHashData key of the user's plist.
@@ -572,11 +591,7 @@ Puppet::Type.type(:user).provide :directoryservice do
572
591
  else
573
592
  users_plist['ShadowHashData'] = [binary_plist]
574
593
  end
575
- if Puppet::Util::Package.versioncmp(self.class.get_os_version, '10.15') < 0
576
- write_users_plist_to_disk(users_plist)
577
- else
578
- write_and_import_shadow_hash_data(users_plist['ShadowHashData'].first)
579
- end
594
+ write_and_import_shadow_hash_data(users_plist['ShadowHashData'].first)
580
595
  end
581
596
 
582
597
  # This method writes the ShadowHashData plist in a temporary file,
@@ -652,12 +667,6 @@ Puppet::Type.type(:user).provide :directoryservice do
652
667
  set_shadow_hash_data(users_plist, binary_plist)
653
668
  end
654
669
 
655
- # This method will accept a plist in XML format, save it to disk, convert
656
- # the plist to a binary format, and flush the dscl cache.
657
- def write_users_plist_to_disk(users_plist)
658
- Puppet::Util::Plist.write_plist_file(users_plist, "#{users_plist_dir}/#{@resource.name}.plist", :binary)
659
- end
660
-
661
670
  # This is a simple wrapper method for writing values to a file.
662
671
  def write_to_file(filename, value)
663
672
  Puppet.deprecation_warning("Puppet::Type.type(:user).provider(:directoryservice).write_to_file is deprecated and will be removed in Puppet 5.")
@@ -667,4 +676,8 @@ Puppet::Type.type(:user).provide :directoryservice do
667
676
  raise Puppet::Error, "Could not write to file #{filename}: #{detail}", detail.backtrace
668
677
  end
669
678
  end
679
+
680
+ private
681
+
682
+ SHA512_PBKDF2_AUTHENTICATION_AUTHORITY = ';ShadowHash;HASHLIST:<SALTED-SHA512-PBKDF2,SRP-RFC5054-4096-SHA512-PBKDF2>'
670
683
  end
@@ -7,9 +7,12 @@ require 'puppet/error'
7
7
  Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameService::ObjectAdd do
8
8
  desc "User management via `useradd` and its ilk. Note that you will need to
9
9
  install Ruby's shadow password library (often known as `ruby-libshadow`)
10
- if you wish to manage user passwords."
10
+ if you wish to manage user passwords.
11
11
 
12
- commands :add => "useradd", :delete => "userdel", :modify => "usermod", :password => "chage"
12
+ To use the `forcelocal` parameter, you need to install the `libuser` package (providing
13
+ `/usr/sbin/lgroupadd` and `/usr/sbin/luseradd`)."
14
+
15
+ commands :add => "useradd", :delete => "userdel", :modify => "usermod", :password => "chage", :chpasswd => "chpasswd"
13
16
 
14
17
  options :home, :flag => "-d", :method => :dir
15
18
  options :comment, :method => :gecos
@@ -21,13 +24,13 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
21
24
  options :expiry, :method => :sp_expire,
22
25
  :munge => proc { |value|
23
26
  if value == :absent
24
- if Facter.value(:operatingsystem)=='SLES' && Facter.value(:operatingsystemmajrelease) == "11"
27
+ if Puppet.runtime[:facter].value(:operatingsystem)=='SLES' && Puppet.runtime[:facter].value(:operatingsystemmajrelease) == "11"
25
28
  -1
26
29
  else
27
30
  ''
28
31
  end
29
32
  else
30
- case Facter.value(:operatingsystem)
33
+ case Puppet.runtime[:facter].value(:operatingsystem)
31
34
  when 'Solaris'
32
35
  # Solaris uses %m/%d/%Y for useradd/usermod
33
36
  expiry_year, expiry_month, expiry_day = value.split('-')
@@ -69,6 +72,16 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
69
72
  get(:comment)
70
73
  end
71
74
 
75
+ def shell
76
+ return localshell if @resource.forcelocal?
77
+ get(:shell)
78
+ end
79
+
80
+ def home
81
+ return localhome if @resource.forcelocal?
82
+ get(:home)
83
+ end
84
+
72
85
  def groups
73
86
  return localgroups if @resource.forcelocal?
74
87
  super
@@ -120,6 +133,16 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
120
133
  user[:gecos]
121
134
  end
122
135
 
136
+ def localshell
137
+ user = finduser(:account, resource[:name])
138
+ user[:shell]
139
+ end
140
+
141
+ def localhome
142
+ user = finduser(:account, resource[:name])
143
+ user[:directory]
144
+ end
145
+
123
146
  def localgroups
124
147
  @groups_of ||= {}
125
148
  group_file = '/etc/group'
@@ -152,6 +175,38 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
152
175
  set(:groups, value)
153
176
  end
154
177
 
178
+ def password=(value)
179
+ user = @resource[:name]
180
+ tempfile = Tempfile.new('puppet', :encoding => Encoding::UTF_8)
181
+ begin
182
+ # Puppet execute does not support strings as input, only files.
183
+ # The password is expected to be in an encrypted format given -e is specified:
184
+ tempfile << "#{user}:#{value}\n"
185
+ tempfile.flush
186
+
187
+ # Options '-e' use encrypted password
188
+ # Must receive "user:enc_password" as input
189
+ # command, arguments = {:failonfail => true, :combine => true}
190
+ cmd = [command(:chpasswd), '-e']
191
+ execute_options = {
192
+ :failonfail => false,
193
+ :combine => true,
194
+ :stdinfile => tempfile.path,
195
+ :sensitive => has_sensitive_data?
196
+ }
197
+ output = execute(cmd, execute_options)
198
+
199
+ rescue => detail
200
+ tempfile.close
201
+ tempfile.delete
202
+ raise Puppet::Error, "Could not set password on #{@resource.class.name}[#{@resource.name}]: #{detail}", detail.backtrace
203
+ end
204
+
205
+ # chpasswd can return 1, even on success (at least on AIX 6.1); empty output
206
+ # indicates success
207
+ raise Puppet::ExecutionFailure, "chpasswd said #{output}" if output != ''
208
+ end
209
+
155
210
  verify :gid, "GID must be an integer" do |value|
156
211
  value.is_a? Integer
157
212
  end
@@ -161,7 +216,7 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
161
216
  end
162
217
 
163
218
  has_features :manages_homedir, :allows_duplicates, :manages_expiry
164
- has_features :system_users unless %w{HP-UX Solaris}.include? Facter.value(:operatingsystem)
219
+ has_features :system_users unless %w{HP-UX Solaris}.include? Puppet.runtime[:facter].value(:operatingsystem)
165
220
 
166
221
  has_features :manages_passwords, :manages_password_age if Puppet.features.libshadow?
167
222
  has_features :manages_shell
@@ -196,8 +251,8 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
196
251
  # libuser does not implement the -m flag
197
252
  cmd << "-m" unless @resource.forcelocal?
198
253
  else
199
- osfamily = Facter.value(:osfamily)
200
- osversion = Facter.value(:operatingsystemmajrelease).to_i
254
+ osfamily = Puppet.runtime[:facter].value(:osfamily)
255
+ osversion = Puppet.runtime[:facter].value(:operatingsystemmajrelease).to_i
201
256
  # SLES 11 uses pwdutils instead of shadow, which does not have -M
202
257
  # Solaris and OpenBSD use different useradd flavors
203
258
  unless osfamily =~ /Solaris|OpenBSD/ || osfamily == 'Suse' && osversion <= 11
@@ -215,13 +270,15 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
215
270
  end
216
271
  end
217
272
 
273
+ # Add properties and flags but skipping password related properties due to
274
+ # security risks
218
275
  def add_properties
219
276
  cmd = []
220
277
  # validproperties is a list of properties in undefined order
221
278
  # sort them to have a predictable command line in tests
222
279
  Puppet::Type.type(:user).validproperties.sort.each do |property|
223
280
  value = get_value_for_property(property)
224
- next if value.nil?
281
+ next if value.nil? || property == :password
225
282
  # the value needs to be quoted, mostly because -c might
226
283
  # have spaces in it
227
284
  cmd << flag(property) << munge(property, value)
@@ -293,7 +350,7 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
293
350
  cmd = [command(:delete)]
294
351
  end
295
352
  # Solaris `userdel -r` will fail if the homedir does not exist.
296
- if @resource.managehome? && (('Solaris' != Facter.value(:operatingsystem)) || Dir.exist?(Dir.home(@resource[:name])))
353
+ if @resource.managehome? && (('Solaris' != Puppet.runtime[:facter].value(:operatingsystem)) || Dir.exist?(Dir.home(@resource[:name])))
297
354
  cmd << '-r'
298
355
  end
299
356
  cmd << @resource[:name]
@@ -331,13 +388,12 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
331
388
  if @resource[:shell]
332
389
  check_valid_shell
333
390
  end
334
- super
335
- if @resource.forcelocal? && self.groups?
336
- set(:groups, @resource[:groups])
337
- end
338
- if @resource.forcelocal? && @resource[:expiry]
339
- set(:expiry, @resource[:expiry])
340
- end
391
+ super
392
+ if @resource.forcelocal?
393
+ set(:groups, @resource[:groups]) if self.groups?
394
+ set(:expiry, @resource[:expiry]) if @resource[:expiry]
395
+ end
396
+ set(:password, @resource[:password]) if @resource[:password]
341
397
  end
342
398
 
343
399
  def groups?
@@ -302,7 +302,7 @@ class Puppet::Provider
302
302
  # values. Given one or more Regexp instances, fact is compared via the basic
303
303
  # pattern-matching operator.
304
304
  def self.fact_match(fact, values)
305
- fact_val = Facter.value(fact).to_s.downcase
305
+ fact_val = Puppet.runtime[:facter].value(fact).to_s.downcase
306
306
  if fact_val.empty?
307
307
  return false
308
308
  else
@@ -41,7 +41,7 @@ config = Puppet::Util::Reference.newreference(:configuration, :depth => 1, :doc
41
41
  # Leave out the section information; it was apparently confusing people.
42
42
  #str << "- **Section**: #{object.section}\n"
43
43
  unless val == ""
44
- str << "- *Default*: #{val}\n"
44
+ str << "- *Default*: `#{val}`\n"
45
45
  end
46
46
  str << "\n"
47
47
  end
@@ -15,7 +15,7 @@ providers = Puppet::Util::Reference.newreference :providers, :title => "Provider
15
15
  # Throw some facts in there, so we know where the report is from.
16
16
  ["Ruby Version", "Puppet Version", "Operating System", "Operating System Release"].each do |label|
17
17
  name = label.gsub(/\s+/, '')
18
- value = Facter.value(name)
18
+ value = Puppet.runtime[:facter].value(name)
19
19
  ret << option(label, value)
20
20
  end
21
21
  ret << "\n"
@@ -61,7 +61,7 @@ providers = Puppet::Util::Reference.newreference :providers, :title => "Provider
61
61
  if Puppet.settings.valid?(name)
62
62
  details << _(" - Setting %{name} (currently %{value}) not in list %{facts}\n") % { name: name, value: Puppet.settings.value(name).inspect, facts: facts.join(", ") }
63
63
  else
64
- details << _(" - Fact %{name} (currently %{value}) not in list %{facts}\n") % { name: name, value: Facter.value(name).inspect, facts: facts.join(", ") }
64
+ details << _(" - Fact %{name} (currently %{value}) not in list %{facts}\n") % { name: name, value: Puppet.runtime[:facter].value(name).inspect, facts: facts.join(", ") }
65
65
  end
66
66
  end
67
67
  when :true
@@ -315,7 +315,7 @@ class Puppet::Resource::Catalog < Puppet::Graph::SimpleGraph
315
315
  super()
316
316
  @name = name
317
317
  @catalog_uuid = SecureRandom.uuid
318
- @catalog_format = 1
318
+ @catalog_format = 2
319
319
  @metadata = {}
320
320
  @recursive_metadata = {}
321
321
  @classes = []
@@ -1,3 +1,4 @@
1
+ # frozen_string_literal: true
1
2
  require 'puppet/parser/type_loader'
2
3
  require 'puppet/util/file_watcher'
3
4
  require 'puppet/util/warnings'