puppet 6.22.1 → 6.25.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CONTRIBUTING.md +5 -5
- data/Gemfile +2 -2
- data/Gemfile.lock +20 -20
- data/README.md +4 -4
- data/{ext → examples/enc}/regexp_nodes/classes/databases +0 -0
- data/{ext → examples/enc}/regexp_nodes/classes/webservers +0 -0
- data/{ext → examples/enc}/regexp_nodes/environment/development +0 -0
- data/{ext → examples/enc}/regexp_nodes/parameters/service/prod +0 -0
- data/{ext → examples/enc}/regexp_nodes/parameters/service/qa +0 -0
- data/{ext → examples/enc}/regexp_nodes/parameters/service/sandbox +0 -0
- data/{ext → examples/enc}/regexp_nodes/regexp_nodes.rb +0 -0
- data/{ext → examples}/nagios/check_puppet.rb +2 -2
- data/ext/README.md +13 -0
- data/ext/osx/puppet.plist +2 -0
- data/ext/project_data.yaml +1 -0
- data/lib/puppet/application/agent.rb +16 -5
- data/lib/puppet/application/apply.rb +22 -3
- data/lib/puppet/application/device.rb +2 -1
- data/lib/puppet/application/filebucket.rb +1 -0
- data/lib/puppet/application/resource.rb +32 -16
- data/lib/puppet/application/script.rb +2 -1
- data/lib/puppet/application/ssl.rb +1 -0
- data/lib/puppet/concurrent/thread_local_singleton.rb +1 -0
- data/lib/puppet/configurer/downloader.rb +2 -1
- data/lib/puppet/configurer.rb +144 -56
- data/lib/puppet/confine/variable.rb +1 -1
- data/lib/puppet/defaults.rb +47 -33
- data/lib/puppet/environments.rb +75 -25
- data/lib/puppet/face/facts.rb +1 -1
- data/lib/puppet/face/help/action.erb +1 -0
- data/lib/puppet/face/help/face.erb +1 -0
- data/lib/puppet/face/node/clean.rb +11 -0
- data/lib/puppet/facter_impl.rb +96 -0
- data/lib/puppet/file_serving/configuration/parser.rb +2 -0
- data/lib/puppet/file_serving/configuration.rb +3 -0
- data/lib/puppet/file_serving/fileset.rb +14 -2
- data/lib/puppet/file_serving/mount/file.rb +4 -4
- data/lib/puppet/file_serving/mount/scripts.rb +24 -0
- data/lib/puppet/file_system/file_impl.rb +3 -1
- data/lib/puppet/file_system/windows.rb +2 -2
- data/lib/puppet/forge.rb +4 -4
- data/lib/puppet/functions/all.rb +1 -1
- data/lib/puppet/functions/camelcase.rb +1 -1
- data/lib/puppet/functions/capitalize.rb +2 -2
- data/lib/puppet/functions/downcase.rb +2 -2
- data/lib/puppet/functions/empty.rb +8 -0
- data/lib/puppet/functions/find_template.rb +2 -2
- data/lib/puppet/functions/get.rb +5 -5
- data/lib/puppet/functions/group_by.rb +13 -5
- data/lib/puppet/functions/lest.rb +1 -1
- data/lib/puppet/functions/new.rb +100 -100
- data/lib/puppet/functions/partition.rb +4 -4
- data/lib/puppet/functions/require.rb +5 -5
- data/lib/puppet/functions/sort.rb +3 -3
- data/lib/puppet/functions/strftime.rb +1 -0
- data/lib/puppet/functions/tree_each.rb +7 -9
- data/lib/puppet/functions/type.rb +4 -4
- data/lib/puppet/functions/unwrap.rb +17 -2
- data/lib/puppet/functions/upcase.rb +2 -2
- data/lib/puppet/http/client.rb +1 -1
- data/lib/puppet/http/redirector.rb +5 -0
- data/lib/puppet/http/resolver/server_list.rb +15 -4
- data/lib/puppet/http/service/compiler.rb +75 -1
- data/lib/puppet/http/service/file_server.rb +2 -1
- data/lib/puppet/indirector/catalog/compiler.rb +25 -6
- data/lib/puppet/indirector/catalog/rest.rb +1 -0
- data/lib/puppet/indirector/facts/facter.rb +6 -6
- data/lib/puppet/indirector/file_metadata/rest.rb +1 -0
- data/lib/puppet/indirector/indirection.rb +1 -1
- data/lib/puppet/indirector/resource/ral.rb +6 -1
- data/lib/puppet/indirector/terminus.rb +4 -0
- data/lib/puppet/interface/documentation.rb +1 -0
- data/lib/puppet/module/plan.rb +0 -1
- data/lib/puppet/module/task.rb +1 -1
- data/lib/puppet/module.rb +1 -0
- data/lib/puppet/module_tool/applications/installer.rb +12 -4
- data/lib/puppet/module_tool/applications/uninstaller.rb +1 -1
- data/lib/puppet/module_tool/applications/upgrader.rb +1 -1
- data/lib/puppet/module_tool/errors/shared.rb +17 -0
- data/lib/puppet/network/http/api/indirected_routes.rb +1 -1
- data/lib/puppet/node/environment.rb +10 -11
- data/lib/puppet/pal/pal_impl.rb +1 -1
- data/lib/puppet/parser/functions/fqdn_rand.rb +14 -6
- data/lib/puppet/parser/resource.rb +1 -1
- data/lib/puppet/parser/scope.rb +1 -0
- data/lib/puppet/parser/templatewrapper.rb +1 -0
- data/lib/puppet/pops/evaluator/closure.rb +7 -5
- data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +1 -0
- data/lib/puppet/pops/lookup/lookup_adapter.rb +3 -2
- data/lib/puppet/pops/model/ast.rb +1 -0
- data/lib/puppet/pops/model/factory.rb +2 -1
- data/lib/puppet/pops/parser/eparser.rb +201 -201
- data/lib/puppet/pops/parser/lexer2.rb +92 -91
- data/lib/puppet/pops/parser/slurp_support.rb +1 -0
- data/lib/puppet/pops/serialization/to_data_converter.rb +18 -6
- data/lib/puppet/pops/serialization/to_stringified_converter.rb +1 -1
- data/lib/puppet/pops/types/p_sem_ver_type.rb +8 -2
- data/lib/puppet/pops/types/p_sensitive_type.rb +10 -0
- data/lib/puppet/pops/types/type_formatter.rb +4 -3
- data/lib/puppet/pops/types/type_mismatch_describer.rb +1 -1
- data/lib/puppet/pops/types/types.rb +1 -1
- data/lib/puppet/provider/aix_object.rb +1 -1
- data/lib/puppet/provider/exec/posix.rb +16 -4
- data/lib/puppet/provider/group/groupadd.rb +5 -2
- data/lib/puppet/provider/package/nim.rb +11 -6
- data/lib/puppet/provider/package/pip.rb +15 -3
- data/lib/puppet/provider/package/pkg.rb +19 -2
- data/lib/puppet/provider/package/puppetserver_gem.rb +1 -1
- data/lib/puppet/provider/package/yum.rb +1 -1
- data/lib/puppet/provider/parsedfile.rb +3 -0
- data/lib/puppet/provider/service/base.rb +1 -1
- data/lib/puppet/provider/service/init.rb +5 -5
- data/lib/puppet/provider/service/launchd.rb +2 -2
- data/lib/puppet/provider/service/redhat.rb +1 -1
- data/lib/puppet/provider/service/smf.rb +3 -3
- data/lib/puppet/provider/service/systemd.rb +15 -5
- data/lib/puppet/provider/service/upstart.rb +5 -5
- data/lib/puppet/provider/service/windows.rb +38 -0
- data/lib/puppet/provider/user/aix.rb +44 -1
- data/lib/puppet/provider/user/directoryservice.rb +26 -13
- data/lib/puppet/provider/user/useradd.rb +72 -16
- data/lib/puppet/provider.rb +1 -1
- data/lib/puppet/reference/configuration.rb +1 -1
- data/lib/puppet/reference/providers.rb +2 -2
- data/lib/puppet/resource/catalog.rb +1 -1
- data/lib/puppet/resource/type_collection.rb +1 -0
- data/lib/puppet/resource.rb +38 -5
- data/lib/puppet/runtime.rb +11 -1
- data/lib/puppet/settings.rb +32 -9
- data/lib/puppet/test/test_helper.rb +4 -1
- data/lib/puppet/transaction/additional_resource_generator.rb +1 -1
- data/lib/puppet/transaction/persistence.rb +11 -1
- data/lib/puppet/transaction/report.rb +15 -1
- data/lib/puppet/type/exec.rb +35 -5
- data/lib/puppet/type/file/mode.rb +6 -0
- data/lib/puppet/type/file/selcontext.rb +1 -1
- data/lib/puppet/type/file.rb +25 -7
- data/lib/puppet/type/filebucket.rb +3 -3
- data/lib/puppet/type/group.rb +0 -1
- data/lib/puppet/type/resources.rb +1 -1
- data/lib/puppet/type/service.rb +26 -41
- data/lib/puppet/type/tidy.rb +22 -3
- data/lib/puppet/type/user.rb +38 -21
- data/lib/puppet/type.rb +1 -1
- data/lib/puppet/util/command_line.rb +1 -1
- data/lib/puppet/util/filetype.rb +2 -2
- data/lib/puppet/util/json.rb +3 -0
- data/lib/puppet/util/log.rb +1 -2
- data/lib/puppet/util/logging.rb +1 -25
- data/lib/puppet/util/pidlock.rb +1 -1
- data/lib/puppet/util/rdoc/parser/puppet_parser_core.rb +1 -1
- data/lib/puppet/util/selinux.rb +30 -4
- data/lib/puppet/util/suidmanager.rb +1 -2
- data/lib/puppet/util/symbolic_file_mode.rb +29 -17
- data/lib/puppet/util/tagging.rb +1 -0
- data/lib/puppet/util/windows/service.rb +0 -5
- data/lib/puppet/util/windows/sid.rb +3 -1
- data/lib/puppet/util/windows/user.rb +0 -2
- data/lib/puppet/util/windows.rb +3 -0
- data/lib/puppet/util.rb +4 -3
- data/lib/puppet/version.rb +1 -1
- data/lib/puppet.rb +5 -9
- data/locales/puppet.pot +408 -364
- data/man/man5/puppet.conf.5 +303 -275
- data/man/man8/puppet-agent.8 +4 -1
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +9 -9
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +8 -8
- data/man/man8/puppet-filebucket.8 +1 -1
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-key.8 +7 -7
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-man.8 +1 -1
- data/man/man8/puppet-module.8 +3 -3
- data/man/man8/puppet-node.8 +5 -5
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +5 -5
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +1 -1
- data/man/man8/puppet-status.8 +4 -4
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/integration/application/agent/cached_deferred_catalog.json +2 -1
- data/spec/fixtures/integration/application/agent/lib/facter/agent_spec_role.rb +3 -0
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/Gemfile +4 -0
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/Rakefile +3 -0
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/lib/puppet/functions/l10n.rb +8 -0
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/config.yaml +25 -0
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/ja/puppet-l10n.po +19 -0
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/puppet-l10n.pot +20 -0
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/metadata.json +8 -0
- data/spec/fixtures/ssl/127.0.0.1-key.pem +107 -57
- data/spec/fixtures/ssl/127.0.0.1.pem +52 -31
- data/spec/fixtures/ssl/bad-basic-constraints.pem +57 -35
- data/spec/fixtures/ssl/bad-int-basic-constraints.pem +57 -35
- data/spec/fixtures/ssl/ca.pem +57 -35
- data/spec/fixtures/ssl/crl.pem +28 -18
- data/spec/fixtures/ssl/ec-key.pem +11 -11
- data/spec/fixtures/ssl/ec.pem +33 -24
- data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
- data/spec/fixtures/ssl/encrypted-key.pem +108 -58
- data/spec/fixtures/ssl/intermediate-agent-crl.pem +28 -19
- data/spec/fixtures/ssl/intermediate-agent.pem +57 -36
- data/spec/fixtures/ssl/intermediate-crl.pem +31 -21
- data/spec/fixtures/ssl/intermediate.pem +57 -36
- data/spec/fixtures/ssl/oid-key.pem +117 -0
- data/spec/fixtures/ssl/oid.pem +69 -0
- data/spec/fixtures/ssl/pluto-key.pem +107 -57
- data/spec/fixtures/ssl/pluto.pem +52 -30
- data/spec/fixtures/ssl/request-key.pem +107 -57
- data/spec/fixtures/ssl/request.pem +47 -26
- data/spec/fixtures/ssl/revoked-key.pem +107 -57
- data/spec/fixtures/ssl/revoked.pem +52 -30
- data/spec/fixtures/ssl/signed-key.pem +107 -57
- data/spec/fixtures/ssl/signed.pem +52 -30
- data/spec/fixtures/ssl/tampered-cert.pem +52 -30
- data/spec/fixtures/ssl/tampered-csr.pem +47 -26
- data/spec/fixtures/ssl/trusted_oid_mapping.yaml +5 -0
- data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +107 -57
- data/spec/fixtures/ssl/unknown-127.0.0.1.pem +50 -29
- data/spec/fixtures/ssl/unknown-ca-key.pem +107 -57
- data/spec/fixtures/ssl/unknown-ca.pem +55 -33
- data/spec/integration/application/agent_spec.rb +141 -37
- data/spec/integration/application/filebucket_spec.rb +16 -0
- data/spec/integration/application/module_spec.rb +21 -0
- data/spec/integration/application/resource_spec.rb +64 -0
- data/spec/integration/application/ssl_spec.rb +20 -0
- data/spec/integration/configurer_spec.rb +18 -2
- data/spec/integration/environments/settings_interpolation_spec.rb +0 -4
- data/spec/integration/indirector/facts/facter_spec.rb +93 -39
- data/spec/integration/l10n/compiler_spec.rb +37 -0
- data/spec/integration/parser/pcore_resource_spec.rb +10 -0
- data/spec/integration/transaction/report_spec.rb +1 -1
- data/spec/integration/type/exec_spec.rb +70 -45
- data/spec/integration/type/file_spec.rb +2 -2
- data/spec/integration/type/package_spec.rb +6 -6
- data/spec/integration/util/rdoc/parser_spec.rb +1 -1
- data/spec/integration/util/windows/process_spec.rb +1 -9
- data/spec/lib/puppet/test_ca.rb +7 -2
- data/spec/lib/puppet_spec/modules.rb +13 -2
- data/spec/lib/puppet_spec/puppetserver.rb +15 -0
- data/spec/lib/puppet_spec/settings.rb +1 -0
- data/spec/shared_behaviours/documentation_on_faces.rb +0 -2
- data/spec/shared_contexts/l10n.rb +27 -0
- data/spec/spec_helper.rb +1 -10
- data/spec/unit/application/agent_spec.rb +7 -2
- data/spec/unit/application/apply_spec.rb +76 -56
- data/spec/unit/application/resource_spec.rb +29 -0
- data/spec/unit/configurer/downloader_spec.rb +6 -0
- data/spec/unit/configurer_spec.rb +256 -57
- data/spec/unit/defaults_spec.rb +1 -0
- data/spec/unit/environments_spec.rb +184 -0
- data/spec/unit/facter_impl_spec.rb +31 -0
- data/spec/unit/file_bucket/dipper_spec.rb +2 -2
- data/spec/unit/file_serving/configuration/parser_spec.rb +23 -0
- data/spec/unit/file_serving/configuration_spec.rb +14 -4
- data/spec/unit/file_serving/fileset_spec.rb +60 -0
- data/spec/unit/file_serving/mount/scripts_spec.rb +69 -0
- data/spec/unit/file_system_spec.rb +13 -0
- data/spec/unit/functions/assert_type_spec.rb +1 -1
- data/spec/unit/functions/empty_spec.rb +10 -0
- data/spec/unit/functions/logging_spec.rb +1 -0
- data/spec/unit/functions/lookup_spec.rb +64 -0
- data/spec/unit/functions/unwrap_spec.rb +8 -0
- data/spec/unit/functions4_spec.rb +2 -2
- data/spec/unit/gettext/config_spec.rb +12 -0
- data/spec/unit/http/client_spec.rb +58 -1
- data/spec/unit/http/service/compiler_spec.rb +131 -0
- data/spec/unit/indirector/catalog/compiler_spec.rb +101 -10
- data/spec/unit/indirector/catalog/rest_spec.rb +8 -0
- data/spec/unit/indirector/indirection_spec.rb +10 -3
- data/spec/unit/indirector/resource/ral_spec.rb +40 -75
- data/spec/unit/interface/action_spec.rb +0 -9
- data/spec/unit/module_spec.rb +15 -1
- data/spec/unit/module_tool/applications/installer_spec.rb +51 -12
- data/spec/unit/network/authstore_spec.rb +0 -15
- data/spec/unit/network/formats_spec.rb +6 -0
- data/spec/unit/parser/functions/fqdn_rand_spec.rb +15 -1
- data/spec/unit/parser/templatewrapper_spec.rb +12 -2
- data/spec/unit/pops/parser/parse_containers_spec.rb +0 -11
- data/spec/unit/pops/serialization/to_from_hr_spec.rb +58 -0
- data/spec/unit/pops/serialization/to_stringified_spec.rb +5 -0
- data/spec/unit/pops/types/p_sem_ver_type_spec.rb +18 -0
- data/spec/unit/pops/types/p_sensitive_type_spec.rb +18 -0
- data/spec/unit/pops/types/type_calculator_spec.rb +6 -0
- data/spec/unit/provider/package/gem_spec.rb +1 -1
- data/spec/unit/provider/package/nim_spec.rb +42 -0
- data/spec/unit/provider/package/pip2_spec.rb +1 -1
- data/spec/unit/provider/package/pip3_spec.rb +1 -1
- data/spec/unit/provider/package/pip_spec.rb +38 -1
- data/spec/unit/provider/package/pkg_spec.rb +29 -4
- data/spec/unit/provider/package/puppet_gem_spec.rb +1 -1
- data/spec/unit/provider/package/puppetserver_gem_spec.rb +1 -1
- data/spec/unit/provider/parsedfile_spec.rb +10 -0
- data/spec/unit/provider/service/init_spec.rb +1 -0
- data/spec/unit/provider/service/launchd_spec.rb +11 -0
- data/spec/unit/provider/service/openwrt_spec.rb +3 -1
- data/spec/unit/provider/service/systemd_spec.rb +43 -9
- data/spec/unit/provider/service/windows_spec.rb +202 -0
- data/spec/unit/provider/user/aix_spec.rb +100 -0
- data/spec/unit/provider/user/directoryservice_spec.rb +68 -36
- data/spec/unit/provider/user/useradd_spec.rb +43 -2
- data/spec/unit/provider_spec.rb +4 -4
- data/spec/unit/puppet_spec.rb +12 -4
- data/spec/unit/resource/catalog_spec.rb +14 -1
- data/spec/unit/resource_spec.rb +58 -2
- data/spec/unit/settings_spec.rb +97 -56
- data/spec/unit/ssl/certificate_request_spec.rb +8 -14
- data/spec/unit/ssl/state_machine_spec.rb +19 -5
- data/spec/unit/transaction/additional_resource_generator_spec.rb +0 -2
- data/spec/unit/transaction_spec.rb +18 -20
- data/spec/unit/type/exec_spec.rb +76 -29
- data/spec/unit/type/file/selinux_spec.rb +3 -3
- data/spec/unit/type/file/source_spec.rb +4 -4
- data/spec/unit/type/service_spec.rb +86 -188
- data/spec/unit/type/tidy_spec.rb +24 -7
- data/spec/unit/type/user_spec.rb +45 -0
- data/spec/unit/type_spec.rb +2 -2
- data/spec/unit/util/logging_spec.rb +2 -0
- data/spec/unit/util/selinux_spec.rb +87 -16
- data/spec/unit/util/windows/sid_spec.rb +39 -4
- data/tasks/generate_cert_fixtures.rake +12 -3
- data/tasks/parallel.rake +3 -3
- metadata +49 -95
- data/ext/README.environment +0 -8
- data/ext/dbfix.sql +0 -132
- data/ext/debian/README.Debian +0 -8
- data/ext/debian/README.source +0 -2
- data/ext/debian/TODO.Debian +0 -1
- data/ext/debian/changelog.erb +0 -1122
- data/ext/debian/compat +0 -1
- data/ext/debian/control +0 -144
- data/ext/debian/copyright +0 -339
- data/ext/debian/docs +0 -1
- data/ext/debian/fileserver.conf +0 -41
- data/ext/debian/puppet-common.dirs +0 -13
- data/ext/debian/puppet-common.install +0 -3
- data/ext/debian/puppet-common.lintian-overrides +0 -5
- data/ext/debian/puppet-common.manpages +0 -28
- data/ext/debian/puppet-common.postinst +0 -35
- data/ext/debian/puppet-common.postrm +0 -33
- data/ext/debian/puppet-el.dirs +0 -1
- data/ext/debian/puppet-el.emacsen-install +0 -25
- data/ext/debian/puppet-el.emacsen-remove +0 -11
- data/ext/debian/puppet-el.emacsen-startup +0 -9
- data/ext/debian/puppet-el.install +0 -1
- data/ext/debian/puppet-testsuite.install +0 -2
- data/ext/debian/puppet-testsuite.lintian-overrides +0 -4
- data/ext/debian/puppet.lintian-overrides +0 -3
- data/ext/debian/puppet.logrotate +0 -20
- data/ext/debian/puppet.postinst +0 -20
- data/ext/debian/puppet.postrm +0 -20
- data/ext/debian/puppet.preinst +0 -20
- data/ext/debian/puppetmaster-common.install +0 -2
- data/ext/debian/puppetmaster-common.manpages +0 -2
- data/ext/debian/puppetmaster-common.postinst +0 -6
- data/ext/debian/puppetmaster-passenger.dirs +0 -4
- data/ext/debian/puppetmaster-passenger.postinst +0 -162
- data/ext/debian/puppetmaster-passenger.postrm +0 -61
- data/ext/debian/puppetmaster.README.debian +0 -17
- data/ext/debian/puppetmaster.default +0 -14
- data/ext/debian/puppetmaster.init +0 -137
- data/ext/debian/puppetmaster.lintian-overrides +0 -3
- data/ext/debian/puppetmaster.postinst +0 -20
- data/ext/debian/puppetmaster.postrm +0 -5
- data/ext/debian/puppetmaster.preinst +0 -22
- data/ext/debian/rules +0 -132
- data/ext/debian/source/format +0 -1
- data/ext/debian/source/options +0 -1
- data/ext/debian/vim-puppet.README.Debian +0 -13
- data/ext/debian/vim-puppet.dirs +0 -5
- data/ext/debian/vim-puppet.yaml +0 -7
- data/ext/debian/watch +0 -2
- data/ext/freebsd/puppetd +0 -26
- data/ext/freebsd/puppetmasterd +0 -26
- data/ext/gentoo/conf.d/puppet +0 -5
- data/ext/gentoo/conf.d/puppetmaster +0 -12
- data/ext/gentoo/init.d/puppet +0 -38
- data/ext/gentoo/init.d/puppetmaster +0 -51
- data/ext/gentoo/puppet/fileserver.conf +0 -41
- data/ext/ips/puppet-agent +0 -44
- data/ext/ips/puppet-master +0 -44
- data/ext/ips/puppet.p5m.erb +0 -12
- data/ext/ips/puppetagent.xml +0 -42
- data/ext/ips/puppetmaster.xml +0 -42
- data/ext/ips/rules +0 -19
- data/ext/ips/transforms +0 -34
- data/ext/ldap/puppet.schema +0 -24
- data/ext/logcheck/puppet +0 -23
- data/ext/osx/file_mapping.yaml +0 -33
- data/ext/osx/postflight.erb +0 -109
- data/ext/osx/preflight.erb +0 -52
- data/ext/osx/prototype.plist.erb +0 -38
- data/ext/redhat/fileserver.conf +0 -41
- data/ext/redhat/logrotate +0 -21
- data/ext/redhat/puppet.spec.erb +0 -842
- data/ext/redhat/server.init +0 -128
- data/ext/redhat/server.sysconfig +0 -13
- data/ext/solaris/pkginfo +0 -6
- data/ext/solaris/smf/puppetd.xml +0 -77
- data/ext/solaris/smf/puppetmasterd.xml +0 -77
- data/ext/solaris/smf/svc-puppetd +0 -71
- data/ext/solaris/smf/svc-puppetmasterd +0 -67
- data/ext/suse/puppet.spec +0 -310
- data/ext/suse/server.init +0 -173
- data/ext/yaml_nodes.rb +0 -105
- data/spec/unit/indirector/store_configs_spec.rb +0 -7
|
@@ -4,7 +4,7 @@ Puppet::Type.type(:service).provide :init, :parent => :base do
|
|
|
4
4
|
desc "Standard `init`-style service management."
|
|
5
5
|
|
|
6
6
|
def self.defpath
|
|
7
|
-
case
|
|
7
|
+
case Puppet.runtime[:facter].value(:operatingsystem)
|
|
8
8
|
when "FreeBSD", "DragonFly"
|
|
9
9
|
["/etc/rc.d", "/usr/local/etc/rc.d"]
|
|
10
10
|
when "HP-UX"
|
|
@@ -21,8 +21,8 @@ Puppet::Type.type(:service).provide :init, :parent => :base do
|
|
|
21
21
|
# Debian and Ubuntu should use the Debian provider.
|
|
22
22
|
# RedHat systems should use the RedHat provider.
|
|
23
23
|
confine :true => begin
|
|
24
|
-
os =
|
|
25
|
-
family =
|
|
24
|
+
os = Puppet.runtime[:facter].value(:operatingsystem).downcase
|
|
25
|
+
family = Puppet.runtime[:facter].value(:osfamily).downcase
|
|
26
26
|
!(os == 'debian' || os == 'ubuntu' || family == 'redhat')
|
|
27
27
|
end
|
|
28
28
|
|
|
@@ -54,7 +54,7 @@ Puppet::Type.type(:service).provide :init, :parent => :base do
|
|
|
54
54
|
# these excludes were found with grep -r -L start /etc/init.d
|
|
55
55
|
excludes += %w{rcS module-init-tools}
|
|
56
56
|
# Prevent puppet failing on unsafe scripts from Yocto Linux
|
|
57
|
-
if
|
|
57
|
+
if Puppet.runtime[:facter].value(:osfamily) == "cisco-wrlinux"
|
|
58
58
|
excludes += %w{banner.sh bootmisc.sh checkroot.sh devpts.sh dmesg.sh
|
|
59
59
|
hostname.sh mountall.sh mountnfs.sh populate-volatile.sh
|
|
60
60
|
rmnologin.sh save-rtc.sh sendsigs sysfs.sh umountfs
|
|
@@ -171,7 +171,7 @@ Puppet::Type.type(:service).provide :init, :parent => :base do
|
|
|
171
171
|
end
|
|
172
172
|
|
|
173
173
|
def texecute(type, command, fof = true, squelch = false, combine = true)
|
|
174
|
-
if type == :start &&
|
|
174
|
+
if type == :start && Puppet.runtime[:facter].value(:osfamily) == "Solaris"
|
|
175
175
|
command = ["/usr/bin/ctrun -l child", command].flatten.join(" ")
|
|
176
176
|
end
|
|
177
177
|
super(type, command, fof, squelch, combine)
|
|
@@ -70,7 +70,7 @@ Puppet::Type.type(:service).provide :launchd, :parent => :base do
|
|
|
70
70
|
#
|
|
71
71
|
# @api private
|
|
72
72
|
def self.get_os_version
|
|
73
|
-
@os_version ||=
|
|
73
|
+
@os_version ||= Puppet.runtime[:facter].value(:operatingsystemmajrelease).to_i
|
|
74
74
|
end
|
|
75
75
|
|
|
76
76
|
# Defines the path to the overrides plist file where service enabling
|
|
@@ -138,7 +138,7 @@ Puppet::Type.type(:service).provide :launchd, :parent => :base do
|
|
|
138
138
|
Puppet.debug("Reading launchd plist #{filepath}")
|
|
139
139
|
job = read_plist(filepath)
|
|
140
140
|
next if job.nil?
|
|
141
|
-
if job.
|
|
141
|
+
if job.respond_to?(:key) && job.key?("Label")
|
|
142
142
|
@label_to_path_map[job["Label"]] = filepath
|
|
143
143
|
else
|
|
144
144
|
#TRANSLATORS 'plist' and label' should not be translated
|
|
@@ -35,7 +35,7 @@ Puppet::Type.type(:service).provide :redhat, :parent => :init, :source => :init
|
|
|
35
35
|
# For Suse OS family, chkconfig returns 0 even if the service is disabled or non-existent
|
|
36
36
|
# Therefore, check the output for '<name> on' (or '<name> B for boot services)
|
|
37
37
|
# to see if it is enabled
|
|
38
|
-
return :false unless
|
|
38
|
+
return :false unless Puppet.runtime[:facter].value(:osfamily) != 'Suse' || output =~ /^#{name}\s+(on|B)$/
|
|
39
39
|
|
|
40
40
|
:true
|
|
41
41
|
end
|
|
@@ -73,14 +73,14 @@ Puppet::Type.type(:service).provide :smf, :parent => :base do
|
|
|
73
73
|
|
|
74
74
|
# Returns true if the provider supports incomplete services.
|
|
75
75
|
def supports_incomplete_services?
|
|
76
|
-
Puppet::Util::Package.versioncmp(
|
|
76
|
+
Puppet::Util::Package.versioncmp(Puppet.runtime[:facter].value(:operatingsystemrelease), '11.1') >= 0
|
|
77
77
|
end
|
|
78
78
|
|
|
79
79
|
# Returns true if the service is complete. A complete service is a service that
|
|
80
80
|
# has the general/complete property defined.
|
|
81
81
|
def complete_service?
|
|
82
82
|
unless supports_incomplete_services?
|
|
83
|
-
raise Puppet::Error, _("Cannot query if the %{service} service is complete: The concept of complete/incomplete services was introduced in Solaris 11.1. You are on a Solaris %{release} machine.") % { service: @resource[:name], release:
|
|
83
|
+
raise Puppet::Error, _("Cannot query if the %{service} service is complete: The concept of complete/incomplete services was introduced in Solaris 11.1. You are on a Solaris %{release} machine.") % { service: @resource[:name], release: Puppet.runtime[:facter].value(:operatingsystemrelease) }
|
|
84
84
|
end
|
|
85
85
|
|
|
86
86
|
return @complete_service if @complete_service
|
|
@@ -113,7 +113,7 @@ Puppet::Type.type(:service).provide :smf, :parent => :base do
|
|
|
113
113
|
end
|
|
114
114
|
|
|
115
115
|
def restartcmd
|
|
116
|
-
if Puppet::Util::Package.versioncmp(
|
|
116
|
+
if Puppet::Util::Package.versioncmp(Puppet.runtime[:facter].value(:operatingsystemrelease), '11.2') >= 0
|
|
117
117
|
[command(:adm), :restart, "-s", @resource[:name]]
|
|
118
118
|
else
|
|
119
119
|
# Synchronous restart only supported in Solaris 11.2 and above
|
|
@@ -14,7 +14,7 @@ Puppet::Type.type(:service).provide :systemd, :parent => :base do
|
|
|
14
14
|
confine :true => Puppet::FileSystem.exist?('/proc/1/comm') && Puppet::FileSystem.read('/proc/1/comm').include?('systemd')
|
|
15
15
|
|
|
16
16
|
defaultfor :osfamily => [:archlinux]
|
|
17
|
-
defaultfor :osfamily => :redhat, :operatingsystemmajrelease => ["7", "8"]
|
|
17
|
+
defaultfor :osfamily => :redhat, :operatingsystemmajrelease => ["7", "8", "9"]
|
|
18
18
|
defaultfor :osfamily => :redhat, :operatingsystem => :fedora
|
|
19
19
|
defaultfor :osfamily => :suse
|
|
20
20
|
defaultfor :osfamily => :coreos
|
|
@@ -45,8 +45,13 @@ Puppet::Type.type(:service).provide :systemd, :parent => :base do
|
|
|
45
45
|
def enabled_insync?(current)
|
|
46
46
|
case cached_enabled?[:output]
|
|
47
47
|
when 'static'
|
|
48
|
-
|
|
49
|
-
|
|
48
|
+
# masking static services is OK, but enabling/disabling them is not
|
|
49
|
+
if @resource[:enable] == :mask
|
|
50
|
+
current == @resource[:enable]
|
|
51
|
+
else
|
|
52
|
+
Puppet.debug("Unable to enable or disable static service #{@resource[:name]}")
|
|
53
|
+
return true
|
|
54
|
+
end
|
|
50
55
|
when 'indirect'
|
|
51
56
|
Puppet.debug("Service #{@resource[:name]} is in 'indirect' state and cannot be enabled/disabled")
|
|
52
57
|
return true
|
|
@@ -105,7 +110,7 @@ Puppet::Type.type(:service).provide :systemd, :parent => :base do
|
|
|
105
110
|
# The indirect state indicates that the unit is not enabled.
|
|
106
111
|
return :false if output == 'indirect'
|
|
107
112
|
return :true if (code == 0)
|
|
108
|
-
if (output.empty?) && (code > 0) && (
|
|
113
|
+
if (output.empty?) && (code > 0) && (Puppet.runtime[:facter].value(:osfamily).casecmp('debian').zero?)
|
|
109
114
|
ret = debian_enabled?
|
|
110
115
|
return ret if ret
|
|
111
116
|
end
|
|
@@ -159,10 +164,15 @@ Puppet::Type.type(:service).provide :systemd, :parent => :base do
|
|
|
159
164
|
end
|
|
160
165
|
|
|
161
166
|
def mask
|
|
162
|
-
|
|
167
|
+
disable if exist?
|
|
163
168
|
systemctl_change_enable(:mask)
|
|
164
169
|
end
|
|
165
170
|
|
|
171
|
+
def exist?
|
|
172
|
+
result = execute([command(:systemctl), 'cat', '--', @resource[:name]], :failonfail => false)
|
|
173
|
+
result.exitstatus == 0
|
|
174
|
+
end
|
|
175
|
+
|
|
166
176
|
def unmask
|
|
167
177
|
systemctl_change_enable(:unmask)
|
|
168
178
|
end
|
|
@@ -10,10 +10,10 @@ Puppet::Type.type(:service).provide :upstart, :parent => :debian do
|
|
|
10
10
|
"
|
|
11
11
|
|
|
12
12
|
confine :any => [
|
|
13
|
-
|
|
14
|
-
(
|
|
15
|
-
(
|
|
16
|
-
|
|
13
|
+
Puppet.runtime[:facter].value(:operatingsystem) == 'Ubuntu',
|
|
14
|
+
(Puppet.runtime[:facter].value(:osfamily) == 'RedHat' and Puppet.runtime[:facter].value(:operatingsystemrelease) =~ /^6\./),
|
|
15
|
+
(Puppet.runtime[:facter].value(:operatingsystem) == 'Amazon' and Puppet.runtime[:facter].value(:operatingsystemmajrelease) =~ /\d{4}/),
|
|
16
|
+
Puppet.runtime[:facter].value(:operatingsystem) == 'LinuxMint',
|
|
17
17
|
]
|
|
18
18
|
|
|
19
19
|
defaultfor :operatingsystem => :ubuntu, :operatingsystemmajrelease => ["10.04", "12.04", "14.04", "14.10"]
|
|
@@ -57,7 +57,7 @@ Puppet::Type.type(:service).provide :upstart, :parent => :debian do
|
|
|
57
57
|
|
|
58
58
|
def self.excludes
|
|
59
59
|
excludes = super
|
|
60
|
-
if
|
|
60
|
+
if Puppet.runtime[:facter].value(:osfamily) == 'RedHat'
|
|
61
61
|
# Puppet cannot deal with services that have instances, so we have to
|
|
62
62
|
# ignore these services using instances on redhat based systems.
|
|
63
63
|
excludes += %w[serial tty]
|
|
@@ -128,17 +128,55 @@ Puppet::Type.type(:service).provide :windows, :parent => :service do
|
|
|
128
128
|
services
|
|
129
129
|
end
|
|
130
130
|
|
|
131
|
+
def logonaccount_insync?(current)
|
|
132
|
+
@normalized_logon_account ||= normalize_logonaccount
|
|
133
|
+
@resource[:logonaccount] = @normalized_logon_account
|
|
134
|
+
|
|
135
|
+
insync = @resource[:logonaccount] == current
|
|
136
|
+
self.logonpassword = @resource[:logonpassword] if insync
|
|
137
|
+
insync
|
|
138
|
+
end
|
|
139
|
+
|
|
131
140
|
def logonaccount
|
|
132
141
|
return unless Puppet::Util::Windows::Service.exists?(@resource[:name])
|
|
133
142
|
Puppet::Util::Windows::Service.logon_account(@resource[:name])
|
|
134
143
|
end
|
|
135
144
|
|
|
136
145
|
def logonaccount=(value)
|
|
146
|
+
validate_logon_credentials
|
|
137
147
|
Puppet::Util::Windows::Service.set_startup_configuration(@resource[:name], options: {logon_account: value, logon_password: @resource[:logonpassword]})
|
|
138
148
|
restart if @resource[:ensure] == :running && [:running, :paused].include?(status)
|
|
139
149
|
end
|
|
140
150
|
|
|
141
151
|
def logonpassword=(value)
|
|
152
|
+
validate_logon_credentials
|
|
142
153
|
Puppet::Util::Windows::Service.set_startup_configuration(@resource[:name], options: {logon_password: value})
|
|
143
154
|
end
|
|
155
|
+
|
|
156
|
+
private
|
|
157
|
+
|
|
158
|
+
def normalize_logonaccount
|
|
159
|
+
logon_account = @resource[:logonaccount].sub(/^\.\\/, "#{Puppet::Util::Windows::ADSI.computer_name}\\")
|
|
160
|
+
return 'LocalSystem' if Puppet::Util::Windows::User::localsystem?(logon_account)
|
|
161
|
+
|
|
162
|
+
@logonaccount_information ||= Puppet::Util::Windows::SID.name_to_principal(logon_account)
|
|
163
|
+
return logon_account unless @logonaccount_information
|
|
164
|
+
return ".\\#{@logonaccount_information.account}" if @logonaccount_information.domain == Puppet::Util::Windows::ADSI.computer_name
|
|
165
|
+
@logonaccount_information.domain_account
|
|
166
|
+
end
|
|
167
|
+
|
|
168
|
+
def validate_logon_credentials
|
|
169
|
+
unless Puppet::Util::Windows::User::localsystem?(@normalized_logon_account)
|
|
170
|
+
raise Puppet::Error.new("\"#{@normalized_logon_account}\" is not a valid account") unless @logonaccount_information && [:SidTypeUser, :SidTypeWellKnownGroup].include?(@logonaccount_information.account_type)
|
|
171
|
+
|
|
172
|
+
user_rights = Puppet::Util::Windows::User::get_rights(@logonaccount_information.domain_account) unless Puppet::Util::Windows::User::default_system_account?(@normalized_logon_account)
|
|
173
|
+
raise Puppet::Error.new("\"#{@normalized_logon_account}\" has the 'Log On As A Service' right set to denied.") if user_rights =~ /SeDenyServiceLogonRight/
|
|
174
|
+
raise Puppet::Error.new("\"#{@normalized_logon_account}\" is missing the 'Log On As A Service' right.") unless user_rights.nil? || user_rights =~ /SeServiceLogonRight/
|
|
175
|
+
end
|
|
176
|
+
|
|
177
|
+
is_a_predefined_local_account = Puppet::Util::Windows::User::default_system_account?(@normalized_logon_account) || @normalized_logon_account == 'LocalSystem'
|
|
178
|
+
account_info = @normalized_logon_account.split("\\")
|
|
179
|
+
able_to_logon = Puppet::Util::Windows::User.password_is?(account_info[1], @resource[:logonpassword], account_info[0]) unless is_a_predefined_local_account
|
|
180
|
+
raise Puppet::Error.new("The given password is invalid for user '#{@normalized_logon_account}'.") unless is_a_predefined_local_account || able_to_logon
|
|
181
|
+
end
|
|
144
182
|
end
|
|
@@ -265,6 +265,50 @@ Puppet::Type.type(:user).provide :aix, :parent => Puppet::Provider::AixObject do
|
|
|
265
265
|
end
|
|
266
266
|
end
|
|
267
267
|
|
|
268
|
+
# Lists all instances of the given object, taking in an optional set
|
|
269
|
+
# of ia_module arguments. Returns an array of hashes, each hash
|
|
270
|
+
# having the schema
|
|
271
|
+
# {
|
|
272
|
+
# :name => <object_name>
|
|
273
|
+
# :home => <object_home>
|
|
274
|
+
# }
|
|
275
|
+
def list_all_homes(ia_module_args = [])
|
|
276
|
+
cmd = [command(:list), '-c', *ia_module_args, '-a', 'home', 'ALL']
|
|
277
|
+
parse_aix_objects(execute(cmd)).to_a.map do |object|
|
|
278
|
+
name = object[:name]
|
|
279
|
+
home = object[:attributes].delete(:home)
|
|
280
|
+
|
|
281
|
+
{ name: name, home: home }
|
|
282
|
+
end
|
|
283
|
+
rescue => e
|
|
284
|
+
Puppet.debug("Could not list home of all users: #{e.message}")
|
|
285
|
+
{}
|
|
286
|
+
end
|
|
287
|
+
|
|
288
|
+
# Deletes this instance resource
|
|
289
|
+
def delete
|
|
290
|
+
homedir = home
|
|
291
|
+
super
|
|
292
|
+
return unless @resource.managehome?
|
|
293
|
+
|
|
294
|
+
if !Puppet::Util.absolute_path?(homedir) || File.realpath(homedir) == '/' || Puppet::FileSystem.symlink?(homedir)
|
|
295
|
+
Puppet.debug("Can not remove home directory '#{homedir}' of user '#{@resource[:name]}'. Please make sure the path is not relative, symlink or '/'.")
|
|
296
|
+
return
|
|
297
|
+
end
|
|
298
|
+
|
|
299
|
+
affected_home = list_all_homes.find { |info| info[:home].start_with?(File.realpath(homedir)) }
|
|
300
|
+
if affected_home
|
|
301
|
+
Puppet.debug("Can not remove home directory '#{homedir}' of user '#{@resource[:name]}' as it would remove the home directory '#{affected_home[:home]}' of user '#{affected_home[:name]}' also.")
|
|
302
|
+
return
|
|
303
|
+
end
|
|
304
|
+
|
|
305
|
+
FileUtils.remove_entry_secure(homedir, true)
|
|
306
|
+
end
|
|
307
|
+
|
|
308
|
+
def deletecmd
|
|
309
|
+
[self.class.command(:delete), '-p'] + ia_module_args + [@resource[:name]]
|
|
310
|
+
end
|
|
311
|
+
|
|
268
312
|
# UNSUPPORTED
|
|
269
313
|
#- **profile_membership**
|
|
270
314
|
# Whether specified roles should be treated as the only roles
|
|
@@ -314,5 +358,4 @@ Puppet::Type.type(:user).provide :aix, :parent => Puppet::Provider::AixObject do
|
|
|
314
358
|
# be treated as the minimum membership list. Valid values are
|
|
315
359
|
# `inclusive`, `minimum`.
|
|
316
360
|
# UNSUPPORTED
|
|
317
|
-
|
|
318
361
|
end
|
|
@@ -159,7 +159,7 @@ Puppet::Type.type(:user).provide :directoryservice do
|
|
|
159
159
|
end
|
|
160
160
|
|
|
161
161
|
def self.get_os_version
|
|
162
|
-
@os_version ||=
|
|
162
|
+
@os_version ||= Puppet.runtime[:facter].value(:macosx_productversion_major)
|
|
163
163
|
end
|
|
164
164
|
|
|
165
165
|
# Use dscl to retrieve an array of hashes containing attributes about all
|
|
@@ -435,7 +435,7 @@ Puppet::Type.type(:user).provide :directoryservice do
|
|
|
435
435
|
['home', 'uid', 'gid', 'comment', 'shell'].each do |setter_method|
|
|
436
436
|
define_method("#{setter_method}=") do |value|
|
|
437
437
|
if @property_hash[setter_method.intern]
|
|
438
|
-
if
|
|
438
|
+
if %w(home uid).include?(setter_method)
|
|
439
439
|
raise Puppet::Error, "OS X version #{self.class.get_os_version} does not allow changing #{setter_method} using puppet"
|
|
440
440
|
end
|
|
441
441
|
begin
|
|
@@ -536,6 +536,14 @@ Puppet::Type.type(:user).provide :directoryservice do
|
|
|
536
536
|
if (shadow_hash_data.class == Hash) && (shadow_hash_data.has_key?('SALTED-SHA512'))
|
|
537
537
|
shadow_hash_data.delete('SALTED-SHA512')
|
|
538
538
|
end
|
|
539
|
+
|
|
540
|
+
# Starting with macOS 11 Big Sur, the AuthenticationAuthority field
|
|
541
|
+
# could be missing entirely and without it the managed user cannot log in
|
|
542
|
+
if needs_sha512_pbkdf2_authentication_authority_to_be_added?(users_plist)
|
|
543
|
+
Puppet.debug("Adding 'SALTED-SHA512-PBKDF2' AuthenticationAuthority key for ShadowHash to user '#{@resource.name}'")
|
|
544
|
+
merge_attribute_with_dscl('Users', @resource.name, 'AuthenticationAuthority', ERB::Util.html_escape(SHA512_PBKDF2_AUTHENTICATION_AUTHORITY))
|
|
545
|
+
end
|
|
546
|
+
|
|
539
547
|
set_salted_pbkdf2(users_plist, shadow_hash_data, 'entropy', value)
|
|
540
548
|
end
|
|
541
549
|
end
|
|
@@ -562,6 +570,17 @@ Puppet::Type.type(:user).provide :directoryservice do
|
|
|
562
570
|
end
|
|
563
571
|
end
|
|
564
572
|
|
|
573
|
+
# This method will check if authentication_authority key of a user's plist
|
|
574
|
+
# needs SALTED_SHA512_PBKDF2 to be added. This is a valid case for macOS 11 (Big Sur)
|
|
575
|
+
# where users created with `dscl` started to have this field missing
|
|
576
|
+
def needs_sha512_pbkdf2_authentication_authority_to_be_added?(users_plist)
|
|
577
|
+
authority = users_plist['authentication_authority']
|
|
578
|
+
return false if Puppet::Util::Package.versioncmp(self.class.get_os_version, '11.0.0') < 0 && authority && authority.include?(SHA512_PBKDF2_AUTHENTICATION_AUTHORITY)
|
|
579
|
+
|
|
580
|
+
Puppet.debug("User '#{@resource.name}' is missing the 'SALTED-SHA512-PBKDF2' AuthenticationAuthority key for ShadowHash")
|
|
581
|
+
true
|
|
582
|
+
end
|
|
583
|
+
|
|
565
584
|
# This method will embed the binary plist data comprising the user's
|
|
566
585
|
# password hash (and Salt/Iterations value if the OS is 10.8 or greater)
|
|
567
586
|
# into the ShadowHashData key of the user's plist.
|
|
@@ -572,11 +591,7 @@ Puppet::Type.type(:user).provide :directoryservice do
|
|
|
572
591
|
else
|
|
573
592
|
users_plist['ShadowHashData'] = [binary_plist]
|
|
574
593
|
end
|
|
575
|
-
|
|
576
|
-
write_users_plist_to_disk(users_plist)
|
|
577
|
-
else
|
|
578
|
-
write_and_import_shadow_hash_data(users_plist['ShadowHashData'].first)
|
|
579
|
-
end
|
|
594
|
+
write_and_import_shadow_hash_data(users_plist['ShadowHashData'].first)
|
|
580
595
|
end
|
|
581
596
|
|
|
582
597
|
# This method writes the ShadowHashData plist in a temporary file,
|
|
@@ -652,12 +667,6 @@ Puppet::Type.type(:user).provide :directoryservice do
|
|
|
652
667
|
set_shadow_hash_data(users_plist, binary_plist)
|
|
653
668
|
end
|
|
654
669
|
|
|
655
|
-
# This method will accept a plist in XML format, save it to disk, convert
|
|
656
|
-
# the plist to a binary format, and flush the dscl cache.
|
|
657
|
-
def write_users_plist_to_disk(users_plist)
|
|
658
|
-
Puppet::Util::Plist.write_plist_file(users_plist, "#{users_plist_dir}/#{@resource.name}.plist", :binary)
|
|
659
|
-
end
|
|
660
|
-
|
|
661
670
|
# This is a simple wrapper method for writing values to a file.
|
|
662
671
|
def write_to_file(filename, value)
|
|
663
672
|
Puppet.deprecation_warning("Puppet::Type.type(:user).provider(:directoryservice).write_to_file is deprecated and will be removed in Puppet 5.")
|
|
@@ -667,4 +676,8 @@ Puppet::Type.type(:user).provide :directoryservice do
|
|
|
667
676
|
raise Puppet::Error, "Could not write to file #{filename}: #{detail}", detail.backtrace
|
|
668
677
|
end
|
|
669
678
|
end
|
|
679
|
+
|
|
680
|
+
private
|
|
681
|
+
|
|
682
|
+
SHA512_PBKDF2_AUTHENTICATION_AUTHORITY = ';ShadowHash;HASHLIST:<SALTED-SHA512-PBKDF2,SRP-RFC5054-4096-SHA512-PBKDF2>'
|
|
670
683
|
end
|
|
@@ -7,9 +7,12 @@ require 'puppet/error'
|
|
|
7
7
|
Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameService::ObjectAdd do
|
|
8
8
|
desc "User management via `useradd` and its ilk. Note that you will need to
|
|
9
9
|
install Ruby's shadow password library (often known as `ruby-libshadow`)
|
|
10
|
-
if you wish to manage user passwords.
|
|
10
|
+
if you wish to manage user passwords.
|
|
11
11
|
|
|
12
|
-
|
|
12
|
+
To use the `forcelocal` parameter, you need to install the `libuser` package (providing
|
|
13
|
+
`/usr/sbin/lgroupadd` and `/usr/sbin/luseradd`)."
|
|
14
|
+
|
|
15
|
+
commands :add => "useradd", :delete => "userdel", :modify => "usermod", :password => "chage", :chpasswd => "chpasswd"
|
|
13
16
|
|
|
14
17
|
options :home, :flag => "-d", :method => :dir
|
|
15
18
|
options :comment, :method => :gecos
|
|
@@ -21,13 +24,13 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
|
|
|
21
24
|
options :expiry, :method => :sp_expire,
|
|
22
25
|
:munge => proc { |value|
|
|
23
26
|
if value == :absent
|
|
24
|
-
if
|
|
27
|
+
if Puppet.runtime[:facter].value(:operatingsystem)=='SLES' && Puppet.runtime[:facter].value(:operatingsystemmajrelease) == "11"
|
|
25
28
|
-1
|
|
26
29
|
else
|
|
27
30
|
''
|
|
28
31
|
end
|
|
29
32
|
else
|
|
30
|
-
case
|
|
33
|
+
case Puppet.runtime[:facter].value(:operatingsystem)
|
|
31
34
|
when 'Solaris'
|
|
32
35
|
# Solaris uses %m/%d/%Y for useradd/usermod
|
|
33
36
|
expiry_year, expiry_month, expiry_day = value.split('-')
|
|
@@ -69,6 +72,16 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
|
|
|
69
72
|
get(:comment)
|
|
70
73
|
end
|
|
71
74
|
|
|
75
|
+
def shell
|
|
76
|
+
return localshell if @resource.forcelocal?
|
|
77
|
+
get(:shell)
|
|
78
|
+
end
|
|
79
|
+
|
|
80
|
+
def home
|
|
81
|
+
return localhome if @resource.forcelocal?
|
|
82
|
+
get(:home)
|
|
83
|
+
end
|
|
84
|
+
|
|
72
85
|
def groups
|
|
73
86
|
return localgroups if @resource.forcelocal?
|
|
74
87
|
super
|
|
@@ -120,6 +133,16 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
|
|
|
120
133
|
user[:gecos]
|
|
121
134
|
end
|
|
122
135
|
|
|
136
|
+
def localshell
|
|
137
|
+
user = finduser(:account, resource[:name])
|
|
138
|
+
user[:shell]
|
|
139
|
+
end
|
|
140
|
+
|
|
141
|
+
def localhome
|
|
142
|
+
user = finduser(:account, resource[:name])
|
|
143
|
+
user[:directory]
|
|
144
|
+
end
|
|
145
|
+
|
|
123
146
|
def localgroups
|
|
124
147
|
@groups_of ||= {}
|
|
125
148
|
group_file = '/etc/group'
|
|
@@ -152,6 +175,38 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
|
|
|
152
175
|
set(:groups, value)
|
|
153
176
|
end
|
|
154
177
|
|
|
178
|
+
def password=(value)
|
|
179
|
+
user = @resource[:name]
|
|
180
|
+
tempfile = Tempfile.new('puppet', :encoding => Encoding::UTF_8)
|
|
181
|
+
begin
|
|
182
|
+
# Puppet execute does not support strings as input, only files.
|
|
183
|
+
# The password is expected to be in an encrypted format given -e is specified:
|
|
184
|
+
tempfile << "#{user}:#{value}\n"
|
|
185
|
+
tempfile.flush
|
|
186
|
+
|
|
187
|
+
# Options '-e' use encrypted password
|
|
188
|
+
# Must receive "user:enc_password" as input
|
|
189
|
+
# command, arguments = {:failonfail => true, :combine => true}
|
|
190
|
+
cmd = [command(:chpasswd), '-e']
|
|
191
|
+
execute_options = {
|
|
192
|
+
:failonfail => false,
|
|
193
|
+
:combine => true,
|
|
194
|
+
:stdinfile => tempfile.path,
|
|
195
|
+
:sensitive => has_sensitive_data?
|
|
196
|
+
}
|
|
197
|
+
output = execute(cmd, execute_options)
|
|
198
|
+
|
|
199
|
+
rescue => detail
|
|
200
|
+
tempfile.close
|
|
201
|
+
tempfile.delete
|
|
202
|
+
raise Puppet::Error, "Could not set password on #{@resource.class.name}[#{@resource.name}]: #{detail}", detail.backtrace
|
|
203
|
+
end
|
|
204
|
+
|
|
205
|
+
# chpasswd can return 1, even on success (at least on AIX 6.1); empty output
|
|
206
|
+
# indicates success
|
|
207
|
+
raise Puppet::ExecutionFailure, "chpasswd said #{output}" if output != ''
|
|
208
|
+
end
|
|
209
|
+
|
|
155
210
|
verify :gid, "GID must be an integer" do |value|
|
|
156
211
|
value.is_a? Integer
|
|
157
212
|
end
|
|
@@ -161,7 +216,7 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
|
|
|
161
216
|
end
|
|
162
217
|
|
|
163
218
|
has_features :manages_homedir, :allows_duplicates, :manages_expiry
|
|
164
|
-
has_features :system_users unless %w{HP-UX Solaris}.include?
|
|
219
|
+
has_features :system_users unless %w{HP-UX Solaris}.include? Puppet.runtime[:facter].value(:operatingsystem)
|
|
165
220
|
|
|
166
221
|
has_features :manages_passwords, :manages_password_age if Puppet.features.libshadow?
|
|
167
222
|
has_features :manages_shell
|
|
@@ -196,8 +251,8 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
|
|
|
196
251
|
# libuser does not implement the -m flag
|
|
197
252
|
cmd << "-m" unless @resource.forcelocal?
|
|
198
253
|
else
|
|
199
|
-
osfamily =
|
|
200
|
-
osversion =
|
|
254
|
+
osfamily = Puppet.runtime[:facter].value(:osfamily)
|
|
255
|
+
osversion = Puppet.runtime[:facter].value(:operatingsystemmajrelease).to_i
|
|
201
256
|
# SLES 11 uses pwdutils instead of shadow, which does not have -M
|
|
202
257
|
# Solaris and OpenBSD use different useradd flavors
|
|
203
258
|
unless osfamily =~ /Solaris|OpenBSD/ || osfamily == 'Suse' && osversion <= 11
|
|
@@ -215,13 +270,15 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
|
|
|
215
270
|
end
|
|
216
271
|
end
|
|
217
272
|
|
|
273
|
+
# Add properties and flags but skipping password related properties due to
|
|
274
|
+
# security risks
|
|
218
275
|
def add_properties
|
|
219
276
|
cmd = []
|
|
220
277
|
# validproperties is a list of properties in undefined order
|
|
221
278
|
# sort them to have a predictable command line in tests
|
|
222
279
|
Puppet::Type.type(:user).validproperties.sort.each do |property|
|
|
223
280
|
value = get_value_for_property(property)
|
|
224
|
-
next if value.nil?
|
|
281
|
+
next if value.nil? || property == :password
|
|
225
282
|
# the value needs to be quoted, mostly because -c might
|
|
226
283
|
# have spaces in it
|
|
227
284
|
cmd << flag(property) << munge(property, value)
|
|
@@ -293,7 +350,7 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
|
|
|
293
350
|
cmd = [command(:delete)]
|
|
294
351
|
end
|
|
295
352
|
# Solaris `userdel -r` will fail if the homedir does not exist.
|
|
296
|
-
if @resource.managehome? && (('Solaris' !=
|
|
353
|
+
if @resource.managehome? && (('Solaris' != Puppet.runtime[:facter].value(:operatingsystem)) || Dir.exist?(Dir.home(@resource[:name])))
|
|
297
354
|
cmd << '-r'
|
|
298
355
|
end
|
|
299
356
|
cmd << @resource[:name]
|
|
@@ -331,13 +388,12 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
|
|
|
331
388
|
if @resource[:shell]
|
|
332
389
|
check_valid_shell
|
|
333
390
|
end
|
|
334
|
-
|
|
335
|
-
|
|
336
|
-
|
|
337
|
-
|
|
338
|
-
|
|
339
|
-
|
|
340
|
-
end
|
|
391
|
+
super
|
|
392
|
+
if @resource.forcelocal?
|
|
393
|
+
set(:groups, @resource[:groups]) if self.groups?
|
|
394
|
+
set(:expiry, @resource[:expiry]) if @resource[:expiry]
|
|
395
|
+
end
|
|
396
|
+
set(:password, @resource[:password]) if @resource[:password]
|
|
341
397
|
end
|
|
342
398
|
|
|
343
399
|
def groups?
|
data/lib/puppet/provider.rb
CHANGED
|
@@ -302,7 +302,7 @@ class Puppet::Provider
|
|
|
302
302
|
# values. Given one or more Regexp instances, fact is compared via the basic
|
|
303
303
|
# pattern-matching operator.
|
|
304
304
|
def self.fact_match(fact, values)
|
|
305
|
-
fact_val =
|
|
305
|
+
fact_val = Puppet.runtime[:facter].value(fact).to_s.downcase
|
|
306
306
|
if fact_val.empty?
|
|
307
307
|
return false
|
|
308
308
|
else
|
|
@@ -41,7 +41,7 @@ config = Puppet::Util::Reference.newreference(:configuration, :depth => 1, :doc
|
|
|
41
41
|
# Leave out the section information; it was apparently confusing people.
|
|
42
42
|
#str << "- **Section**: #{object.section}\n"
|
|
43
43
|
unless val == ""
|
|
44
|
-
str << "- *Default*:
|
|
44
|
+
str << "- *Default*: `#{val}`\n"
|
|
45
45
|
end
|
|
46
46
|
str << "\n"
|
|
47
47
|
end
|
|
@@ -15,7 +15,7 @@ providers = Puppet::Util::Reference.newreference :providers, :title => "Provider
|
|
|
15
15
|
# Throw some facts in there, so we know where the report is from.
|
|
16
16
|
["Ruby Version", "Puppet Version", "Operating System", "Operating System Release"].each do |label|
|
|
17
17
|
name = label.gsub(/\s+/, '')
|
|
18
|
-
value =
|
|
18
|
+
value = Puppet.runtime[:facter].value(name)
|
|
19
19
|
ret << option(label, value)
|
|
20
20
|
end
|
|
21
21
|
ret << "\n"
|
|
@@ -61,7 +61,7 @@ providers = Puppet::Util::Reference.newreference :providers, :title => "Provider
|
|
|
61
61
|
if Puppet.settings.valid?(name)
|
|
62
62
|
details << _(" - Setting %{name} (currently %{value}) not in list %{facts}\n") % { name: name, value: Puppet.settings.value(name).inspect, facts: facts.join(", ") }
|
|
63
63
|
else
|
|
64
|
-
details << _(" - Fact %{name} (currently %{value}) not in list %{facts}\n") % { name: name, value:
|
|
64
|
+
details << _(" - Fact %{name} (currently %{value}) not in list %{facts}\n") % { name: name, value: Puppet.runtime[:facter].value(name).inspect, facts: facts.join(", ") }
|
|
65
65
|
end
|
|
66
66
|
end
|
|
67
67
|
when :true
|