puppet 6.23.0 → 6.26.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of puppet might be problematic. Click here for more details.

Files changed (397) hide show
  1. checksums.yaml +4 -4
  2. data/CONTRIBUTING.md +5 -5
  3. data/Gemfile +4 -4
  4. data/Gemfile.lock +32 -25
  5. data/README.md +4 -4
  6. data/{ext → examples/enc}/regexp_nodes/classes/databases +0 -0
  7. data/{ext → examples/enc}/regexp_nodes/classes/webservers +0 -0
  8. data/{ext → examples/enc}/regexp_nodes/environment/development +0 -0
  9. data/{ext → examples/enc}/regexp_nodes/parameters/service/prod +0 -0
  10. data/{ext → examples/enc}/regexp_nodes/parameters/service/qa +0 -0
  11. data/{ext → examples/enc}/regexp_nodes/parameters/service/sandbox +0 -0
  12. data/{ext → examples/enc}/regexp_nodes/regexp_nodes.rb +0 -0
  13. data/{ext → examples}/nagios/check_puppet.rb +2 -2
  14. data/ext/README.md +13 -0
  15. data/ext/project_data.yaml +1 -0
  16. data/lib/puppet/application/agent.rb +4 -0
  17. data/lib/puppet/application/apply.rb +20 -2
  18. data/lib/puppet/application/filebucket.rb +1 -0
  19. data/lib/puppet/application/lookup.rb +78 -24
  20. data/lib/puppet/application/resource.rb +30 -15
  21. data/lib/puppet/application/ssl.rb +1 -0
  22. data/lib/puppet/concurrent/thread_local_singleton.rb +6 -3
  23. data/lib/puppet/configurer.rb +134 -56
  24. data/lib/puppet/confine/variable.rb +1 -1
  25. data/lib/puppet/defaults.rb +55 -32
  26. data/lib/puppet/environments.rb +75 -25
  27. data/lib/puppet/face/facts.rb +1 -1
  28. data/lib/puppet/face/generate.rb +2 -0
  29. data/lib/puppet/face/help/action.erb +1 -0
  30. data/lib/puppet/face/help/face.erb +1 -0
  31. data/lib/puppet/face/node/clean.rb +11 -0
  32. data/lib/puppet/facter_impl.rb +96 -0
  33. data/lib/puppet/file_serving/configuration/parser.rb +2 -0
  34. data/lib/puppet/file_serving/configuration.rb +3 -0
  35. data/lib/puppet/file_serving/metadata.rb +3 -0
  36. data/lib/puppet/file_serving/mount/file.rb +4 -4
  37. data/lib/puppet/file_serving/mount/scripts.rb +24 -0
  38. data/lib/puppet/file_system/file_impl.rb +10 -8
  39. data/lib/puppet/file_system/jruby.rb +1 -1
  40. data/lib/puppet/file_system/windows.rb +6 -6
  41. data/lib/puppet/file_system.rb +1 -1
  42. data/lib/puppet/forge.rb +4 -4
  43. data/lib/puppet/functions/empty.rb +8 -0
  44. data/lib/puppet/functions/find_template.rb +2 -2
  45. data/lib/puppet/functions/strftime.rb +1 -0
  46. data/lib/puppet/functions/unwrap.rb +17 -2
  47. data/lib/puppet/functions/versioncmp.rb +6 -2
  48. data/lib/puppet/generate/type.rb +9 -0
  49. data/lib/puppet/http/client.rb +1 -1
  50. data/lib/puppet/http/redirector.rb +5 -0
  51. data/lib/puppet/http/service/compiler.rb +6 -1
  52. data/lib/puppet/indirector/catalog/compiler.rb +24 -6
  53. data/lib/puppet/indirector/catalog/rest.rb +1 -0
  54. data/lib/puppet/indirector/facts/facter.rb +6 -6
  55. data/lib/puppet/indirector/indirection.rb +1 -1
  56. data/lib/puppet/indirector/resource/ral.rb +6 -1
  57. data/lib/puppet/indirector/terminus.rb +4 -0
  58. data/lib/puppet/interface/documentation.rb +1 -0
  59. data/lib/puppet/module/plan.rb +0 -1
  60. data/lib/puppet/module/task.rb +1 -1
  61. data/lib/puppet/module.rb +1 -0
  62. data/lib/puppet/module_tool/applications/installer.rb +12 -4
  63. data/lib/puppet/module_tool/applications/uninstaller.rb +1 -1
  64. data/lib/puppet/module_tool/applications/upgrader.rb +1 -1
  65. data/lib/puppet/module_tool/errors/shared.rb +17 -0
  66. data/lib/puppet/network/http/api/indirected_routes.rb +1 -1
  67. data/lib/puppet/node/environment.rb +10 -11
  68. data/lib/puppet/node.rb +1 -1
  69. data/lib/puppet/pal/pal_impl.rb +1 -1
  70. data/lib/puppet/parser/resource.rb +1 -1
  71. data/lib/puppet/parser/scope.rb +1 -0
  72. data/lib/puppet/parser/templatewrapper.rb +1 -0
  73. data/lib/puppet/pops/evaluator/closure.rb +7 -5
  74. data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +1 -0
  75. data/lib/puppet/pops/lookup/lookup_adapter.rb +3 -2
  76. data/lib/puppet/pops/model/ast.rb +1 -0
  77. data/lib/puppet/pops/model/factory.rb +2 -1
  78. data/lib/puppet/pops/parser/code_merger.rb +4 -4
  79. data/lib/puppet/pops/parser/egrammar.ra +2 -0
  80. data/lib/puppet/pops/parser/eparser.rb +1014 -995
  81. data/lib/puppet/pops/parser/lexer2.rb +92 -91
  82. data/lib/puppet/pops/parser/slurp_support.rb +1 -0
  83. data/lib/puppet/pops/serialization/to_stringified_converter.rb +1 -1
  84. data/lib/puppet/pops/types/type_formatter.rb +4 -3
  85. data/lib/puppet/pops/types/type_mismatch_describer.rb +1 -1
  86. data/lib/puppet/pops/types/types.rb +1 -1
  87. data/lib/puppet/provider/aix_object.rb +1 -1
  88. data/lib/puppet/provider/exec/posix.rb +16 -4
  89. data/lib/puppet/provider/group/groupadd.rb +5 -2
  90. data/lib/puppet/provider/package/pip.rb +15 -3
  91. data/lib/puppet/provider/package/pkg.rb +19 -2
  92. data/lib/puppet/provider/package/puppetserver_gem.rb +1 -1
  93. data/lib/puppet/provider/package/yum.rb +1 -1
  94. data/lib/puppet/provider/parsedfile.rb +3 -0
  95. data/lib/puppet/provider/service/base.rb +1 -1
  96. data/lib/puppet/provider/service/init.rb +10 -9
  97. data/lib/puppet/provider/service/launchd.rb +2 -2
  98. data/lib/puppet/provider/service/redhat.rb +1 -1
  99. data/lib/puppet/provider/service/smf.rb +3 -3
  100. data/lib/puppet/provider/service/systemd.rb +2 -2
  101. data/lib/puppet/provider/service/upstart.rb +5 -5
  102. data/lib/puppet/provider/user/aix.rb +44 -1
  103. data/lib/puppet/provider/user/directoryservice.rb +1 -1
  104. data/lib/puppet/provider/user/useradd.rb +72 -16
  105. data/lib/puppet/provider.rb +1 -1
  106. data/lib/puppet/reference/providers.rb +2 -2
  107. data/lib/puppet/resource/catalog.rb +1 -1
  108. data/lib/puppet/resource/type_collection.rb +1 -0
  109. data/lib/puppet/resource.rb +38 -5
  110. data/lib/puppet/runtime.rb +11 -1
  111. data/lib/puppet/settings.rb +32 -9
  112. data/lib/puppet/ssl/verifier.rb +6 -0
  113. data/lib/puppet/test/test_helper.rb +4 -1
  114. data/lib/puppet/transaction/persistence.rb +21 -1
  115. data/lib/puppet/transaction/report.rb +15 -1
  116. data/lib/puppet/type/exec.rb +35 -5
  117. data/lib/puppet/type/file/data_sync.rb +1 -1
  118. data/lib/puppet/type/file/mode.rb +6 -0
  119. data/lib/puppet/type/file.rb +6 -6
  120. data/lib/puppet/type/filebucket.rb +3 -3
  121. data/lib/puppet/type/group.rb +0 -1
  122. data/lib/puppet/type/resources.rb +1 -1
  123. data/lib/puppet/type/service.rb +8 -3
  124. data/lib/puppet/type/tidy.rb +1 -1
  125. data/lib/puppet/type/user.rb +40 -39
  126. data/lib/puppet/type.rb +1 -1
  127. data/lib/puppet/util/command_line.rb +1 -1
  128. data/lib/puppet/util/filetype.rb +2 -2
  129. data/lib/puppet/util/json.rb +20 -0
  130. data/lib/puppet/util/log.rb +8 -4
  131. data/lib/puppet/util/logging.rb +1 -25
  132. data/lib/puppet/util/monkey_patches.rb +6 -0
  133. data/lib/puppet/util/package.rb +25 -16
  134. data/lib/puppet/util/pidlock.rb +1 -1
  135. data/lib/puppet/util/rdoc/parser/puppet_parser_core.rb +1 -1
  136. data/lib/puppet/util/suidmanager.rb +1 -2
  137. data/lib/puppet/util/symbolic_file_mode.rb +29 -17
  138. data/lib/puppet/util/tagging.rb +1 -0
  139. data/lib/puppet/util/windows/service.rb +0 -5
  140. data/lib/puppet/util/windows/sid.rb +3 -1
  141. data/lib/puppet/util/windows/user.rb +0 -2
  142. data/lib/puppet/util/windows.rb +3 -0
  143. data/lib/puppet/util/yaml.rb +21 -2
  144. data/lib/puppet/util.rb +4 -3
  145. data/lib/puppet/version.rb +1 -1
  146. data/lib/puppet.rb +6 -9
  147. data/locales/puppet.pot +5 -10418
  148. data/man/man5/puppet.conf.5 +52 -25
  149. data/man/man8/puppet-agent.8 +4 -1
  150. data/man/man8/puppet-apply.8 +1 -1
  151. data/man/man8/puppet-catalog.8 +9 -9
  152. data/man/man8/puppet-config.8 +1 -1
  153. data/man/man8/puppet-describe.8 +1 -1
  154. data/man/man8/puppet-device.8 +1 -1
  155. data/man/man8/puppet-doc.8 +1 -1
  156. data/man/man8/puppet-epp.8 +1 -1
  157. data/man/man8/puppet-facts.8 +8 -8
  158. data/man/man8/puppet-filebucket.8 +1 -1
  159. data/man/man8/puppet-generate.8 +1 -1
  160. data/man/man8/puppet-help.8 +1 -1
  161. data/man/man8/puppet-key.8 +7 -7
  162. data/man/man8/puppet-lookup.8 +9 -6
  163. data/man/man8/puppet-man.8 +1 -1
  164. data/man/man8/puppet-module.8 +3 -3
  165. data/man/man8/puppet-node.8 +5 -5
  166. data/man/man8/puppet-parser.8 +1 -1
  167. data/man/man8/puppet-plugin.8 +1 -1
  168. data/man/man8/puppet-report.8 +5 -5
  169. data/man/man8/puppet-resource.8 +1 -1
  170. data/man/man8/puppet-script.8 +1 -1
  171. data/man/man8/puppet-ssl.8 +1 -1
  172. data/man/man8/puppet-status.8 +4 -4
  173. data/man/man8/puppet.8 +2 -2
  174. data/spec/fixtures/integration/application/agent/cached_deferred_catalog.json +2 -1
  175. data/spec/fixtures/integration/application/agent/lib/facter/agent_spec_role.rb +3 -0
  176. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/Gemfile +4 -0
  177. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/Rakefile +3 -0
  178. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/lib/puppet/functions/l10n.rb +8 -0
  179. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/config.yaml +25 -0
  180. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/ja/puppet-l10n.po +19 -0
  181. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/puppet-l10n.pot +20 -0
  182. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/metadata.json +8 -0
  183. data/spec/fixtures/ssl/127.0.0.1-key.pem +106 -106
  184. data/spec/fixtures/ssl/127.0.0.1.pem +48 -48
  185. data/spec/fixtures/ssl/bad-basic-constraints.pem +54 -54
  186. data/spec/fixtures/ssl/bad-int-basic-constraints.pem +51 -51
  187. data/spec/fixtures/ssl/ca.pem +52 -52
  188. data/spec/fixtures/ssl/crl.pem +25 -25
  189. data/spec/fixtures/ssl/ec-key.pem +11 -11
  190. data/spec/fixtures/ssl/ec.pem +32 -32
  191. data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
  192. data/spec/fixtures/ssl/encrypted-key.pem +107 -107
  193. data/spec/fixtures/ssl/intermediate-agent-crl.pem +25 -25
  194. data/spec/fixtures/ssl/intermediate-agent.pem +54 -54
  195. data/spec/fixtures/ssl/intermediate-crl.pem +28 -28
  196. data/spec/fixtures/ssl/intermediate.pem +51 -51
  197. data/spec/fixtures/ssl/oid-key.pem +117 -0
  198. data/spec/fixtures/ssl/oid.pem +69 -0
  199. data/spec/fixtures/ssl/pluto-key.pem +106 -106
  200. data/spec/fixtures/ssl/pluto.pem +50 -50
  201. data/spec/fixtures/ssl/request-key.pem +106 -106
  202. data/spec/fixtures/ssl/request.pem +45 -45
  203. data/spec/fixtures/ssl/revoked-key.pem +106 -106
  204. data/spec/fixtures/ssl/revoked.pem +49 -49
  205. data/spec/fixtures/ssl/signed-key.pem +106 -106
  206. data/spec/fixtures/ssl/signed.pem +47 -47
  207. data/spec/fixtures/ssl/tampered-cert.pem +49 -49
  208. data/spec/fixtures/ssl/tampered-csr.pem +45 -45
  209. data/spec/fixtures/ssl/trusted_oid_mapping.yaml +5 -0
  210. data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +106 -106
  211. data/spec/fixtures/ssl/unknown-127.0.0.1.pem +48 -48
  212. data/spec/fixtures/ssl/unknown-ca-key.pem +106 -106
  213. data/spec/fixtures/ssl/unknown-ca.pem +52 -52
  214. data/spec/fixtures/unit/forge/bacula.json +1 -1
  215. data/spec/integration/application/agent_spec.rb +141 -37
  216. data/spec/integration/application/filebucket_spec.rb +16 -0
  217. data/spec/integration/application/lookup_spec.rb +32 -6
  218. data/spec/integration/application/module_spec.rb +21 -0
  219. data/spec/integration/application/resource_spec.rb +35 -1
  220. data/spec/integration/application/ssl_spec.rb +20 -0
  221. data/spec/integration/configurer_spec.rb +18 -2
  222. data/spec/integration/environments/settings_interpolation_spec.rb +0 -4
  223. data/spec/integration/indirector/facts/facter_spec.rb +93 -39
  224. data/spec/integration/l10n/compiler_spec.rb +37 -0
  225. data/spec/integration/parser/pcore_resource_spec.rb +10 -0
  226. data/spec/integration/transaction/report_spec.rb +1 -1
  227. data/spec/integration/type/exec_spec.rb +70 -45
  228. data/spec/integration/type/file_spec.rb +2 -2
  229. data/spec/integration/type/package_spec.rb +6 -6
  230. data/spec/integration/util/rdoc/parser_spec.rb +1 -1
  231. data/spec/integration/util/windows/process_spec.rb +1 -9
  232. data/spec/lib/puppet/test_ca.rb +5 -0
  233. data/spec/lib/puppet_spec/modules.rb +13 -2
  234. data/spec/lib/puppet_spec/puppetserver.rb +15 -0
  235. data/spec/lib/puppet_spec/settings.rb +1 -0
  236. data/spec/shared_behaviours/documentation_on_faces.rb +0 -2
  237. data/spec/shared_contexts/l10n.rb +32 -0
  238. data/spec/spec_helper.rb +1 -10
  239. data/spec/unit/application/apply_spec.rb +76 -56
  240. data/spec/unit/application/lookup_spec.rb +131 -10
  241. data/spec/unit/application/resource_spec.rb +29 -0
  242. data/spec/unit/concurrent/thread_local_singleton_spec.rb +39 -0
  243. data/spec/unit/configurer_spec.rb +265 -57
  244. data/spec/unit/defaults_spec.rb +1 -0
  245. data/spec/unit/environments_spec.rb +184 -0
  246. data/spec/unit/face/generate_spec.rb +64 -0
  247. data/spec/unit/facter_impl_spec.rb +31 -0
  248. data/spec/unit/file_bucket/dipper_spec.rb +2 -2
  249. data/spec/unit/file_serving/configuration/parser_spec.rb +23 -0
  250. data/spec/unit/file_serving/configuration_spec.rb +14 -4
  251. data/spec/unit/file_serving/mount/scripts_spec.rb +69 -0
  252. data/spec/unit/file_system_spec.rb +47 -4
  253. data/spec/unit/forge/module_release_spec.rb +3 -3
  254. data/spec/unit/functions/assert_type_spec.rb +1 -1
  255. data/spec/unit/functions/empty_spec.rb +10 -0
  256. data/spec/unit/functions/logging_spec.rb +1 -0
  257. data/spec/unit/functions/lookup_spec.rb +64 -0
  258. data/spec/unit/functions/unwrap_spec.rb +8 -0
  259. data/spec/unit/functions/versioncmp_spec.rb +40 -4
  260. data/spec/unit/functions4_spec.rb +2 -2
  261. data/spec/unit/http/client_spec.rb +58 -1
  262. data/spec/unit/http/service/compiler_spec.rb +8 -0
  263. data/spec/unit/indirector/catalog/compiler_spec.rb +87 -0
  264. data/spec/unit/indirector/catalog/rest_spec.rb +8 -0
  265. data/spec/unit/indirector/indirection_spec.rb +10 -3
  266. data/spec/unit/indirector/resource/ral_spec.rb +40 -75
  267. data/spec/unit/interface/action_spec.rb +0 -9
  268. data/spec/unit/module_spec.rb +15 -1
  269. data/spec/unit/module_tool/applications/installer_spec.rb +51 -12
  270. data/spec/unit/network/authstore_spec.rb +0 -15
  271. data/spec/unit/network/formats_spec.rb +6 -0
  272. data/spec/unit/node_spec.rb +6 -0
  273. data/spec/unit/parser/templatewrapper_spec.rb +12 -2
  274. data/spec/unit/pops/parser/parse_containers_spec.rb +2 -13
  275. data/spec/unit/pops/serialization/to_stringified_spec.rb +5 -0
  276. data/spec/unit/pops/types/type_calculator_spec.rb +6 -0
  277. data/spec/unit/pops/validator/validator_spec.rb +5 -0
  278. data/spec/unit/provider/package/gem_spec.rb +1 -1
  279. data/spec/unit/provider/package/pip2_spec.rb +1 -1
  280. data/spec/unit/provider/package/pip3_spec.rb +1 -1
  281. data/spec/unit/provider/package/pip_spec.rb +38 -1
  282. data/spec/unit/provider/package/pkg_spec.rb +29 -4
  283. data/spec/unit/provider/package/puppet_gem_spec.rb +1 -1
  284. data/spec/unit/provider/package/puppetserver_gem_spec.rb +1 -1
  285. data/spec/unit/provider/parsedfile_spec.rb +10 -0
  286. data/spec/unit/provider/service/gentoo_spec.rb +6 -5
  287. data/spec/unit/provider/service/init_spec.rb +15 -9
  288. data/spec/unit/provider/service/launchd_spec.rb +11 -0
  289. data/spec/unit/provider/service/openwrt_spec.rb +21 -29
  290. data/spec/unit/provider/service/redhat_spec.rb +3 -2
  291. data/spec/unit/provider/service/systemd_spec.rb +1 -1
  292. data/spec/unit/provider/user/aix_spec.rb +100 -0
  293. data/spec/unit/provider/user/directoryservice_spec.rb +1 -1
  294. data/spec/unit/provider/user/useradd_spec.rb +43 -2
  295. data/spec/unit/provider_spec.rb +4 -4
  296. data/spec/unit/puppet_spec.rb +12 -4
  297. data/spec/unit/resource/catalog_spec.rb +14 -1
  298. data/spec/unit/resource_spec.rb +58 -2
  299. data/spec/unit/settings_spec.rb +97 -56
  300. data/spec/unit/ssl/certificate_request_spec.rb +8 -14
  301. data/spec/unit/transaction/persistence_spec.rb +51 -0
  302. data/spec/unit/type/exec_spec.rb +76 -29
  303. data/spec/unit/type/file/source_spec.rb +4 -4
  304. data/spec/unit/type/service_spec.rb +27 -0
  305. data/spec/unit/type/tidy_spec.rb +7 -0
  306. data/spec/unit/type/user_spec.rb +0 -45
  307. data/spec/unit/type_spec.rb +2 -2
  308. data/spec/unit/util/json_spec.rb +126 -0
  309. data/spec/unit/util/logging_spec.rb +2 -0
  310. data/spec/unit/util/windows/sid_spec.rb +39 -4
  311. data/spec/unit/util/yaml_spec.rb +54 -29
  312. data/tasks/generate_cert_fixtures.rake +10 -1
  313. data/tasks/parallel.rake +3 -3
  314. metadata +52 -96
  315. data/ext/README.environment +0 -8
  316. data/ext/dbfix.sql +0 -132
  317. data/ext/debian/README.Debian +0 -8
  318. data/ext/debian/README.source +0 -2
  319. data/ext/debian/TODO.Debian +0 -1
  320. data/ext/debian/changelog.erb +0 -1122
  321. data/ext/debian/compat +0 -1
  322. data/ext/debian/control +0 -144
  323. data/ext/debian/copyright +0 -339
  324. data/ext/debian/docs +0 -1
  325. data/ext/debian/fileserver.conf +0 -41
  326. data/ext/debian/puppet-common.dirs +0 -13
  327. data/ext/debian/puppet-common.install +0 -3
  328. data/ext/debian/puppet-common.lintian-overrides +0 -5
  329. data/ext/debian/puppet-common.manpages +0 -28
  330. data/ext/debian/puppet-common.postinst +0 -35
  331. data/ext/debian/puppet-common.postrm +0 -33
  332. data/ext/debian/puppet-el.dirs +0 -1
  333. data/ext/debian/puppet-el.emacsen-install +0 -25
  334. data/ext/debian/puppet-el.emacsen-remove +0 -11
  335. data/ext/debian/puppet-el.emacsen-startup +0 -9
  336. data/ext/debian/puppet-el.install +0 -1
  337. data/ext/debian/puppet-testsuite.install +0 -2
  338. data/ext/debian/puppet-testsuite.lintian-overrides +0 -4
  339. data/ext/debian/puppet.lintian-overrides +0 -3
  340. data/ext/debian/puppet.logrotate +0 -20
  341. data/ext/debian/puppet.postinst +0 -20
  342. data/ext/debian/puppet.postrm +0 -20
  343. data/ext/debian/puppet.preinst +0 -20
  344. data/ext/debian/puppetmaster-common.install +0 -2
  345. data/ext/debian/puppetmaster-common.manpages +0 -2
  346. data/ext/debian/puppetmaster-common.postinst +0 -6
  347. data/ext/debian/puppetmaster-passenger.dirs +0 -4
  348. data/ext/debian/puppetmaster-passenger.postinst +0 -162
  349. data/ext/debian/puppetmaster-passenger.postrm +0 -61
  350. data/ext/debian/puppetmaster.README.debian +0 -17
  351. data/ext/debian/puppetmaster.default +0 -14
  352. data/ext/debian/puppetmaster.init +0 -137
  353. data/ext/debian/puppetmaster.lintian-overrides +0 -3
  354. data/ext/debian/puppetmaster.postinst +0 -20
  355. data/ext/debian/puppetmaster.postrm +0 -5
  356. data/ext/debian/puppetmaster.preinst +0 -22
  357. data/ext/debian/rules +0 -132
  358. data/ext/debian/source/format +0 -1
  359. data/ext/debian/source/options +0 -1
  360. data/ext/debian/vim-puppet.README.Debian +0 -13
  361. data/ext/debian/vim-puppet.dirs +0 -5
  362. data/ext/debian/vim-puppet.yaml +0 -7
  363. data/ext/debian/watch +0 -2
  364. data/ext/freebsd/puppetd +0 -26
  365. data/ext/freebsd/puppetmasterd +0 -26
  366. data/ext/gentoo/conf.d/puppet +0 -5
  367. data/ext/gentoo/conf.d/puppetmaster +0 -12
  368. data/ext/gentoo/init.d/puppet +0 -38
  369. data/ext/gentoo/init.d/puppetmaster +0 -51
  370. data/ext/gentoo/puppet/fileserver.conf +0 -41
  371. data/ext/ips/puppet-agent +0 -44
  372. data/ext/ips/puppet-master +0 -44
  373. data/ext/ips/puppet.p5m.erb +0 -12
  374. data/ext/ips/puppetagent.xml +0 -42
  375. data/ext/ips/puppetmaster.xml +0 -42
  376. data/ext/ips/rules +0 -19
  377. data/ext/ips/transforms +0 -34
  378. data/ext/ldap/puppet.schema +0 -24
  379. data/ext/logcheck/puppet +0 -23
  380. data/ext/osx/file_mapping.yaml +0 -33
  381. data/ext/osx/postflight.erb +0 -109
  382. data/ext/osx/preflight.erb +0 -52
  383. data/ext/osx/prototype.plist.erb +0 -38
  384. data/ext/redhat/fileserver.conf +0 -41
  385. data/ext/redhat/logrotate +0 -21
  386. data/ext/redhat/puppet.spec.erb +0 -842
  387. data/ext/redhat/server.init +0 -128
  388. data/ext/redhat/server.sysconfig +0 -13
  389. data/ext/solaris/pkginfo +0 -6
  390. data/ext/solaris/smf/puppetd.xml +0 -77
  391. data/ext/solaris/smf/puppetmasterd.xml +0 -77
  392. data/ext/solaris/smf/svc-puppetd +0 -71
  393. data/ext/solaris/smf/svc-puppetmasterd +0 -67
  394. data/ext/suse/puppet.spec +0 -310
  395. data/ext/suse/server.init +0 -173
  396. data/ext/yaml_nodes.rb +0 -105
  397. data/spec/unit/indirector/store_configs_spec.rb +0 -7
@@ -265,6 +265,50 @@ Puppet::Type.type(:user).provide :aix, :parent => Puppet::Provider::AixObject do
265
265
  end
266
266
  end
267
267
 
268
+ # Lists all instances of the given object, taking in an optional set
269
+ # of ia_module arguments. Returns an array of hashes, each hash
270
+ # having the schema
271
+ # {
272
+ # :name => <object_name>
273
+ # :home => <object_home>
274
+ # }
275
+ def list_all_homes(ia_module_args = [])
276
+ cmd = [command(:list), '-c', *ia_module_args, '-a', 'home', 'ALL']
277
+ parse_aix_objects(execute(cmd)).to_a.map do |object|
278
+ name = object[:name]
279
+ home = object[:attributes].delete(:home)
280
+
281
+ { name: name, home: home }
282
+ end
283
+ rescue => e
284
+ Puppet.debug("Could not list home of all users: #{e.message}")
285
+ {}
286
+ end
287
+
288
+ # Deletes this instance resource
289
+ def delete
290
+ homedir = home
291
+ super
292
+ return unless @resource.managehome?
293
+
294
+ if !Puppet::Util.absolute_path?(homedir) || File.realpath(homedir) == '/' || Puppet::FileSystem.symlink?(homedir)
295
+ Puppet.debug("Can not remove home directory '#{homedir}' of user '#{@resource[:name]}'. Please make sure the path is not relative, symlink or '/'.")
296
+ return
297
+ end
298
+
299
+ affected_home = list_all_homes.find { |info| info[:home].start_with?(File.realpath(homedir)) }
300
+ if affected_home
301
+ Puppet.debug("Can not remove home directory '#{homedir}' of user '#{@resource[:name]}' as it would remove the home directory '#{affected_home[:home]}' of user '#{affected_home[:name]}' also.")
302
+ return
303
+ end
304
+
305
+ FileUtils.remove_entry_secure(homedir, true)
306
+ end
307
+
308
+ def deletecmd
309
+ [self.class.command(:delete), '-p'] + ia_module_args + [@resource[:name]]
310
+ end
311
+
268
312
  # UNSUPPORTED
269
313
  #- **profile_membership**
270
314
  # Whether specified roles should be treated as the only roles
@@ -314,5 +358,4 @@ Puppet::Type.type(:user).provide :aix, :parent => Puppet::Provider::AixObject do
314
358
  # be treated as the minimum membership list. Valid values are
315
359
  # `inclusive`, `minimum`.
316
360
  # UNSUPPORTED
317
-
318
361
  end
@@ -159,7 +159,7 @@ Puppet::Type.type(:user).provide :directoryservice do
159
159
  end
160
160
 
161
161
  def self.get_os_version
162
- @os_version ||= Facter.value(:macosx_productversion_major)
162
+ @os_version ||= Puppet.runtime[:facter].value(:macosx_productversion_major)
163
163
  end
164
164
 
165
165
  # Use dscl to retrieve an array of hashes containing attributes about all
@@ -7,9 +7,12 @@ require 'puppet/error'
7
7
  Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameService::ObjectAdd do
8
8
  desc "User management via `useradd` and its ilk. Note that you will need to
9
9
  install Ruby's shadow password library (often known as `ruby-libshadow`)
10
- if you wish to manage user passwords."
10
+ if you wish to manage user passwords.
11
11
 
12
- commands :add => "useradd", :delete => "userdel", :modify => "usermod", :password => "chage"
12
+ To use the `forcelocal` parameter, you need to install the `libuser` package (providing
13
+ `/usr/sbin/lgroupadd` and `/usr/sbin/luseradd`)."
14
+
15
+ commands :add => "useradd", :delete => "userdel", :modify => "usermod", :password => "chage", :chpasswd => "chpasswd"
13
16
 
14
17
  options :home, :flag => "-d", :method => :dir
15
18
  options :comment, :method => :gecos
@@ -21,13 +24,13 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
21
24
  options :expiry, :method => :sp_expire,
22
25
  :munge => proc { |value|
23
26
  if value == :absent
24
- if Facter.value(:operatingsystem)=='SLES' && Facter.value(:operatingsystemmajrelease) == "11"
27
+ if Puppet.runtime[:facter].value(:operatingsystem)=='SLES' && Puppet.runtime[:facter].value(:operatingsystemmajrelease) == "11"
25
28
  -1
26
29
  else
27
30
  ''
28
31
  end
29
32
  else
30
- case Facter.value(:operatingsystem)
33
+ case Puppet.runtime[:facter].value(:operatingsystem)
31
34
  when 'Solaris'
32
35
  # Solaris uses %m/%d/%Y for useradd/usermod
33
36
  expiry_year, expiry_month, expiry_day = value.split('-')
@@ -69,6 +72,16 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
69
72
  get(:comment)
70
73
  end
71
74
 
75
+ def shell
76
+ return localshell if @resource.forcelocal?
77
+ get(:shell)
78
+ end
79
+
80
+ def home
81
+ return localhome if @resource.forcelocal?
82
+ get(:home)
83
+ end
84
+
72
85
  def groups
73
86
  return localgroups if @resource.forcelocal?
74
87
  super
@@ -120,6 +133,16 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
120
133
  user[:gecos]
121
134
  end
122
135
 
136
+ def localshell
137
+ user = finduser(:account, resource[:name])
138
+ user[:shell]
139
+ end
140
+
141
+ def localhome
142
+ user = finduser(:account, resource[:name])
143
+ user[:directory]
144
+ end
145
+
123
146
  def localgroups
124
147
  @groups_of ||= {}
125
148
  group_file = '/etc/group'
@@ -152,6 +175,38 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
152
175
  set(:groups, value)
153
176
  end
154
177
 
178
+ def password=(value)
179
+ user = @resource[:name]
180
+ tempfile = Tempfile.new('puppet', :encoding => Encoding::UTF_8)
181
+ begin
182
+ # Puppet execute does not support strings as input, only files.
183
+ # The password is expected to be in an encrypted format given -e is specified:
184
+ tempfile << "#{user}:#{value}\n"
185
+ tempfile.flush
186
+
187
+ # Options '-e' use encrypted password
188
+ # Must receive "user:enc_password" as input
189
+ # command, arguments = {:failonfail => true, :combine => true}
190
+ cmd = [command(:chpasswd), '-e']
191
+ execute_options = {
192
+ :failonfail => false,
193
+ :combine => true,
194
+ :stdinfile => tempfile.path,
195
+ :sensitive => has_sensitive_data?
196
+ }
197
+ output = execute(cmd, execute_options)
198
+
199
+ rescue => detail
200
+ tempfile.close
201
+ tempfile.delete
202
+ raise Puppet::Error, "Could not set password on #{@resource.class.name}[#{@resource.name}]: #{detail}", detail.backtrace
203
+ end
204
+
205
+ # chpasswd can return 1, even on success (at least on AIX 6.1); empty output
206
+ # indicates success
207
+ raise Puppet::ExecutionFailure, "chpasswd said #{output}" if output != ''
208
+ end
209
+
155
210
  verify :gid, "GID must be an integer" do |value|
156
211
  value.is_a? Integer
157
212
  end
@@ -161,7 +216,7 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
161
216
  end
162
217
 
163
218
  has_features :manages_homedir, :allows_duplicates, :manages_expiry
164
- has_features :system_users unless %w{HP-UX Solaris}.include? Facter.value(:operatingsystem)
219
+ has_features :system_users unless %w{HP-UX Solaris}.include? Puppet.runtime[:facter].value(:operatingsystem)
165
220
 
166
221
  has_features :manages_passwords, :manages_password_age if Puppet.features.libshadow?
167
222
  has_features :manages_shell
@@ -196,8 +251,8 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
196
251
  # libuser does not implement the -m flag
197
252
  cmd << "-m" unless @resource.forcelocal?
198
253
  else
199
- osfamily = Facter.value(:osfamily)
200
- osversion = Facter.value(:operatingsystemmajrelease).to_i
254
+ osfamily = Puppet.runtime[:facter].value(:osfamily)
255
+ osversion = Puppet.runtime[:facter].value(:operatingsystemmajrelease).to_i
201
256
  # SLES 11 uses pwdutils instead of shadow, which does not have -M
202
257
  # Solaris and OpenBSD use different useradd flavors
203
258
  unless osfamily =~ /Solaris|OpenBSD/ || osfamily == 'Suse' && osversion <= 11
@@ -215,13 +270,15 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
215
270
  end
216
271
  end
217
272
 
273
+ # Add properties and flags but skipping password related properties due to
274
+ # security risks
218
275
  def add_properties
219
276
  cmd = []
220
277
  # validproperties is a list of properties in undefined order
221
278
  # sort them to have a predictable command line in tests
222
279
  Puppet::Type.type(:user).validproperties.sort.each do |property|
223
280
  value = get_value_for_property(property)
224
- next if value.nil?
281
+ next if value.nil? || property == :password
225
282
  # the value needs to be quoted, mostly because -c might
226
283
  # have spaces in it
227
284
  cmd << flag(property) << munge(property, value)
@@ -293,7 +350,7 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
293
350
  cmd = [command(:delete)]
294
351
  end
295
352
  # Solaris `userdel -r` will fail if the homedir does not exist.
296
- if @resource.managehome? && (('Solaris' != Facter.value(:operatingsystem)) || Dir.exist?(Dir.home(@resource[:name])))
353
+ if @resource.managehome? && (('Solaris' != Puppet.runtime[:facter].value(:operatingsystem)) || Dir.exist?(Dir.home(@resource[:name])))
297
354
  cmd << '-r'
298
355
  end
299
356
  cmd << @resource[:name]
@@ -331,13 +388,12 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
331
388
  if @resource[:shell]
332
389
  check_valid_shell
333
390
  end
334
- super
335
- if @resource.forcelocal? && self.groups?
336
- set(:groups, @resource[:groups])
337
- end
338
- if @resource.forcelocal? && @resource[:expiry]
339
- set(:expiry, @resource[:expiry])
340
- end
391
+ super
392
+ if @resource.forcelocal?
393
+ set(:groups, @resource[:groups]) if self.groups?
394
+ set(:expiry, @resource[:expiry]) if @resource[:expiry]
395
+ end
396
+ set(:password, @resource[:password]) if @resource[:password]
341
397
  end
342
398
 
343
399
  def groups?
@@ -302,7 +302,7 @@ class Puppet::Provider
302
302
  # values. Given one or more Regexp instances, fact is compared via the basic
303
303
  # pattern-matching operator.
304
304
  def self.fact_match(fact, values)
305
- fact_val = Facter.value(fact).to_s.downcase
305
+ fact_val = Puppet.runtime[:facter].value(fact).to_s.downcase
306
306
  if fact_val.empty?
307
307
  return false
308
308
  else
@@ -15,7 +15,7 @@ providers = Puppet::Util::Reference.newreference :providers, :title => "Provider
15
15
  # Throw some facts in there, so we know where the report is from.
16
16
  ["Ruby Version", "Puppet Version", "Operating System", "Operating System Release"].each do |label|
17
17
  name = label.gsub(/\s+/, '')
18
- value = Facter.value(name)
18
+ value = Puppet.runtime[:facter].value(name)
19
19
  ret << option(label, value)
20
20
  end
21
21
  ret << "\n"
@@ -61,7 +61,7 @@ providers = Puppet::Util::Reference.newreference :providers, :title => "Provider
61
61
  if Puppet.settings.valid?(name)
62
62
  details << _(" - Setting %{name} (currently %{value}) not in list %{facts}\n") % { name: name, value: Puppet.settings.value(name).inspect, facts: facts.join(", ") }
63
63
  else
64
- details << _(" - Fact %{name} (currently %{value}) not in list %{facts}\n") % { name: name, value: Facter.value(name).inspect, facts: facts.join(", ") }
64
+ details << _(" - Fact %{name} (currently %{value}) not in list %{facts}\n") % { name: name, value: Puppet.runtime[:facter].value(name).inspect, facts: facts.join(", ") }
65
65
  end
66
66
  end
67
67
  when :true
@@ -315,7 +315,7 @@ class Puppet::Resource::Catalog < Puppet::Graph::SimpleGraph
315
315
  super()
316
316
  @name = name
317
317
  @catalog_uuid = SecureRandom.uuid
318
- @catalog_format = 1
318
+ @catalog_format = 2
319
319
  @metadata = {}
320
320
  @recursive_metadata = {}
321
321
  @classes = []
@@ -1,3 +1,4 @@
1
+ # frozen_string_literal: true
1
2
  require 'puppet/parser/type_loader'
2
3
  require 'puppet/util/file_watcher'
3
4
  require 'puppet/util/warnings'
@@ -11,7 +11,7 @@ class Puppet::Resource
11
11
  include Puppet::Util::PsychSupport
12
12
 
13
13
  include Enumerable
14
- attr_accessor :file, :line, :catalog, :exported, :virtual, :strict
14
+ attr_accessor :file, :line, :catalog, :exported, :virtual, :strict, :kind
15
15
  attr_reader :type, :title, :parameters
16
16
 
17
17
  # @!attribute [rw] sensitive_parameters
@@ -29,11 +29,16 @@ class Puppet::Resource
29
29
  EMPTY_ARRAY = [].freeze
30
30
  EMPTY_HASH = {}.freeze
31
31
 
32
- ATTRIBUTES = [:file, :line, :exported].freeze
32
+ ATTRIBUTES = [:file, :line, :exported, :kind].freeze
33
33
  TYPE_CLASS = 'Class'.freeze
34
34
  TYPE_NODE = 'Node'.freeze
35
35
  TYPE_SITE = 'Site'.freeze
36
36
 
37
+ CLASS_STRING = 'class'.freeze
38
+ DEFINED_TYPE_STRING = 'defined_type'.freeze
39
+ COMPILABLE_TYPE_STRING = 'compilable_type'.freeze
40
+ UNKNOWN_TYPE_STRING = 'unknown'.freeze
41
+
37
42
  PCORE_TYPE_KEY = '__ptype'.freeze
38
43
  VALUE_KEY = 'value'.freeze
39
44
 
@@ -194,6 +199,18 @@ class Puppet::Resource
194
199
  resource_type.is_a?(Puppet::CompilableResourceType)
195
200
  end
196
201
 
202
+ def self.to_kind(resource_type)
203
+ if resource_type == CLASS_STRING
204
+ CLASS_STRING
205
+ elsif resource_type.is_a?(Puppet::Resource::Type) && resource_type.type == :definition
206
+ DEFINED_TYPE_STRING
207
+ elsif resource_type.is_a?(Puppet::CompilableResourceType)
208
+ COMPILABLE_TYPE_STRING
209
+ else
210
+ UNKNOWN_TYPE_STRING
211
+ end
212
+ end
213
+
197
214
  # Iterate over each param/value pair, as required for Enumerable.
198
215
  def each
199
216
  parameters.each { |p,v| yield p, v }
@@ -248,6 +265,7 @@ class Puppet::Resource
248
265
  src = type
249
266
  self.file = src.file
250
267
  self.line = src.line
268
+ self.kind = src.kind
251
269
  self.exported = src.exported
252
270
  self.virtual = src.virtual
253
271
  self.set_tags(src)
@@ -310,6 +328,7 @@ class Puppet::Resource
310
328
 
311
329
  rt = resource_type
312
330
 
331
+ self.kind = self.class.to_kind(rt) unless kind
313
332
  if strict? && rt.nil?
314
333
  if self.class?
315
334
  raise ArgumentError, _("Could not find declared class %{title}") % { title: title }
@@ -493,10 +512,24 @@ class Puppet::Resource
493
512
  ref
494
513
  end
495
514
 
496
- # Convert our resource to a RAL resource instance. Creates component
497
- # instances for resource types that don't exist.
515
+ # Convert our resource to a RAL resource instance. Creates component
516
+ # instances for resource types that are not of a compilable_type kind. In case
517
+ # the resource doesn’t exist and it’s compilable_type kind, raise an error.
518
+ # There are certain cases where a resource won't be in a catalog, such as
519
+ # when we create a resource directly by using Puppet::Resource.new(...), so we
520
+ # must check its kind before deciding whether the catalog format is of an older
521
+ # version or not.
498
522
  def to_ral
499
- typeklass = Puppet::Type.type(self.type) || Puppet::Type.type(:component)
523
+ if self.kind == COMPILABLE_TYPE_STRING
524
+ typeklass = Puppet::Type.type(self.type)
525
+ elsif self.catalog && self.catalog.catalog_format >= 2
526
+ typeklass = Puppet::Type.type(:component)
527
+ else
528
+ typeklass = Puppet::Type.type(self.type) || Puppet::Type.type(:component)
529
+ end
530
+
531
+ raise(Puppet::Error, "Resource type '#{self.type}' was not found") unless typeklass
532
+
500
533
  typeklass.new(self)
501
534
  end
502
535
 
@@ -1,4 +1,5 @@
1
1
  require 'puppet/http'
2
+ require 'puppet/facter_impl'
2
3
  require 'singleton'
3
4
 
4
5
  # Provides access to runtime implementations.
@@ -17,11 +18,20 @@ class Puppet::Runtime
17
18
  else
18
19
  Puppet::HTTP::ExternalClient.new(klass)
19
20
  end
20
- end
21
+ end,
22
+ facter: proc { Puppet::FacterImpl.new }
21
23
  }
22
24
  end
23
25
  private :initialize
24
26
 
27
+ # Loads all runtime implementations.
28
+ #
29
+ # @return Array[Symbol] the names of loaded implementations
30
+ # @api private
31
+ def load_services
32
+ @runtime_services.keys.each { |key| self[key] }
33
+ end
34
+
25
35
  # Get a runtime implementation.
26
36
  #
27
37
  # @param name [Symbol] the name of the implementation
@@ -75,11 +75,11 @@ class Puppet::Settings
75
75
  end
76
76
 
77
77
  def self.hostname_fact()
78
- Facter.value :hostname
78
+ Puppet.runtime[:facter].value :hostname
79
79
  end
80
80
 
81
81
  def self.domain_fact()
82
- Facter.value :domain
82
+ Puppet.runtime[:facter].value :domain
83
83
  end
84
84
 
85
85
  def self.default_config_file_name
@@ -862,7 +862,11 @@ class Puppet::Settings
862
862
  if self[:user]
863
863
  user = Puppet::Type.type(:user).new :name => self[:user], :audit => :ensure
864
864
 
865
- @service_user_available = user.exists?
865
+ if user.suitable?
866
+ @service_user_available = user.exists?
867
+ else
868
+ raise Puppet::Error, (_("Cannot manage owner permissions, because the provider for '%{name}' is not functional") % { name: user })
869
+ end
866
870
  else
867
871
  @service_user_available = false
868
872
  end
@@ -874,7 +878,11 @@ class Puppet::Settings
874
878
  if self[:group]
875
879
  group = Puppet::Type.type(:group).new :name => self[:group], :audit => :ensure
876
880
 
877
- @service_group_available = group.exists?
881
+ if group.suitable?
882
+ @service_group_available = group.exists?
883
+ else
884
+ raise Puppet::Error, (_("Cannot manage group permissions, because the provider for '%{name}' is not functional") % { name: group })
885
+ end
878
886
  else
879
887
  @service_group_available = false
880
888
  end
@@ -883,9 +891,16 @@ class Puppet::Settings
883
891
  # Allow later inspection to determine if the setting was set on the
884
892
  # command line, or through some other code path. Used for the
885
893
  # `dns_alt_names` option during cert generate. --daniel 2011-10-18
886
- def set_by_cli?(param)
894
+ #
895
+ # @param param [String, Symbol] the setting to look up
896
+ # @return [Object, nil] the value of the setting or nil if unset
897
+ def set_by_cli(param)
887
898
  param = param.to_sym
888
- !@value_sets[:cli].lookup(param).nil?
899
+ @value_sets[:cli].lookup(param)
900
+ end
901
+
902
+ def set_by_cli?(param)
903
+ !!set_by_cli(param)
889
904
  end
890
905
 
891
906
  # Get values from a search path entry.
@@ -918,9 +933,13 @@ class Puppet::Settings
918
933
  end
919
934
  end
920
935
 
921
- # Allow later inspection to determine if the setting was set by user
922
- # config, rather than a default setting.
923
- def set_in_section?(param, section)
936
+ # Allow later inspection to determine if the setting was set in a specific
937
+ # section
938
+ #
939
+ # @param param [String, Symbol] the setting to look up
940
+ # @param section [Symbol] the section in which to look up the setting
941
+ # @return [Object, nil] the value of the setting or nil if unset
942
+ def set_in_section(param, section)
924
943
  param = param.to_sym
925
944
  vals = searchpath_values(SearchPathElement.new(section, :section))
926
945
  if vals
@@ -928,6 +947,10 @@ class Puppet::Settings
928
947
  end
929
948
  end
930
949
 
950
+ def set_in_section?(param, section)
951
+ !!set_in_section(param, section)
952
+ end
953
+
931
954
  # Patches the value for a param in a section.
932
955
  # This method is required to support the use case of unifying --dns-alt-names and
933
956
  # --dns_alt_names in the certificate face. Ideally this should be cleaned up.
@@ -115,6 +115,12 @@ class Puppet::SSL::Verifier
115
115
  return false
116
116
  end
117
117
 
118
+ # ruby-openssl#74ef8c0cc56b840b772240f2ee2b0fc0aafa2743 now sets the
119
+ # store_context error when the cert is mismatched
120
+ when OpenSSL::X509::V_ERR_HOSTNAME_MISMATCH
121
+ @last_error = Puppet::SSL::CertMismatchError.new(peer_cert, @hostname)
122
+ return false
123
+
118
124
  when OpenSSL::X509::V_ERR_CRL_NOT_YET_VALID
119
125
  crl = store_context.current_crl
120
126
  if crl && crl.last_update && crl.last_update < Time.now + FIVE_MINUTES_AS_SECONDS
@@ -142,7 +142,9 @@ module Puppet::Test
142
142
  },
143
143
  "Context for specs")
144
144
 
145
- Puppet.runtime.clear
145
+ # trigger `require 'facter'`
146
+ Puppet.runtime[:facter]
147
+
146
148
  Puppet::Parser::Functions.reset
147
149
  Puppet::Application.clear!
148
150
  Puppet::Util::Profiler.clear
@@ -169,6 +171,7 @@ module Puppet::Test
169
171
 
170
172
  Puppet::Util::Storage.clear
171
173
  Puppet::Util::ExecutionStub.reset
174
+ Puppet.runtime.clear
172
175
 
173
176
  Puppet.clear_deprecation_warnings
174
177
 
@@ -6,6 +6,26 @@ require 'puppet/util/yaml'
6
6
  # as calculating corrective_change).
7
7
  # @api private
8
8
  class Puppet::Transaction::Persistence
9
+
10
+ def self.allowed_classes
11
+ @allowed_classes ||= [
12
+ Symbol,
13
+ Time,
14
+ Regexp,
15
+ # URI is excluded, because it serializes all instance variables including the
16
+ # URI parser. Better to serialize the URL encoded representation.
17
+ SemanticPuppet::Version,
18
+ # SemanticPuppet::VersionRange has many nested classes and is unlikely to be
19
+ # used directly, so ignore it
20
+ Puppet::Pops::Time::Timestamp,
21
+ Puppet::Pops::Time::TimeData,
22
+ Puppet::Pops::Time::Timespan,
23
+ Puppet::Pops::Types::PBinaryType::Binary,
24
+ # Puppet::Pops::Types::PSensitiveType::Sensitive values are excluded from
25
+ # the persistence store, ignore it.
26
+ ].freeze
27
+ end
28
+
9
29
  def initialize
10
30
  @old_data = {}
11
31
  @new_data = {"resources" => {}}
@@ -62,7 +82,7 @@ class Puppet::Transaction::Persistence
62
82
  result = nil
63
83
  Puppet::Util.benchmark(:debug, _("Loaded transaction store file in %{seconds} seconds")) do
64
84
  begin
65
- result = Puppet::Util::Yaml.safe_load_file(filename, [Symbol, Time])
85
+ result = Puppet::Util::Yaml.safe_load_file(filename, self.class.allowed_classes)
66
86
  rescue Puppet::Util::Yaml::YamlLoadError => detail
67
87
  Puppet.log_exception(detail, _("Transaction store file %{filename} is corrupt (%{detail}); replacing") % { filename: filename, detail: detail })
68
88
 
@@ -77,6 +77,10 @@ class Puppet::Transaction::Report
77
77
  # @return [String] the environment name
78
78
  attr_accessor :environment
79
79
 
80
+ # The name of the environment the agent initially started in
81
+ # @return [String] the environment name
82
+ attr_accessor :initial_environment
83
+
80
84
  # Whether there are changes that we decided not to apply because of noop
81
85
  # @return [Boolean]
82
86
  #
@@ -377,7 +381,17 @@ class Puppet::Transaction::Report
377
381
  # @api public
378
382
  #
379
383
  def raw_summary
380
- report = { "version" => { "config" => configuration_version, "puppet" => Puppet.version } }
384
+ report = {
385
+ "version" => {
386
+ "config" => configuration_version,
387
+ "puppet" => Puppet.version
388
+ },
389
+ "application" => {
390
+ "run_mode" => Puppet.run_mode.name.to_s,
391
+ "initial_environment" => initial_environment,
392
+ "converged_environment" => environment
393
+ }
394
+ }
381
395
 
382
396
  @metrics.each do |name, metric|
383
397
  key = metric.name.to_s
@@ -11,7 +11,10 @@ module Puppet
11
11
 
12
12
  * The command itself is already idempotent. (For example, `apt-get update`.)
13
13
  * The exec has an `onlyif`, `unless`, or `creates` attribute, which prevents
14
- Puppet from running the command unless some condition is met.
14
+ Puppet from running the command unless some condition is met. The
15
+ `onlyif` and `unless` commands of an `exec` are used in the process of
16
+ determining whether the `exec` is already in sync, therefore they must be run
17
+ during a noop Puppet run.
15
18
  * The exec has `refreshonly => true`, which allows Puppet to run the
16
19
  command only when some other resource is changed. (See the notes on refreshing
17
20
  below.)
@@ -198,10 +201,20 @@ module Puppet
198
201
  any output is logged at the `err` log level.
199
202
 
200
203
  Multiple `exec` resources can use the same `command` value; Puppet
201
- only uses the resource title to ensure `exec`s are unique."
204
+ only uses the resource title to ensure `exec`s are unique.
205
+
206
+ On *nix platforms, the command can be specified as an array of
207
+ strings and Puppet will invoke it using the more secure method of
208
+ parameterized system calls. For example, rather than executing the
209
+ malicious injected code, this command will echo it out:
210
+
211
+ command => ['/bin/echo', 'hello world; rm -rf /']
212
+ "
202
213
 
203
214
  validate do |command|
204
- raise ArgumentError, _("Command must be a String, got value of class %{klass}") % { klass: command.class } unless command.is_a? String
215
+ unless command.is_a?(String) || command.is_a?(Array)
216
+ raise ArgumentError, _("Command must be a String or Array<String>, got value of class %{klass}") % { klass: command.class }
217
+ end
205
218
  end
206
219
  end
207
220
 
@@ -454,10 +467,17 @@ module Puppet
454
467
  `user`, `cwd`, and `group` as the main command. If the `path` isn't set, you
455
468
  must fully qualify the command's name.
456
469
 
470
+ Since this command is used in the process of determining whether the
471
+ `exec` is already in sync, it must be run during a noop Puppet run.
472
+
457
473
  This parameter can also take an array of commands. For example:
458
474
 
459
475
  unless => ['test -f /tmp/file1', 'test -f /tmp/file2'],
460
476
 
477
+ or an array of arrays. For example:
478
+
479
+ unless => [['test', '-f', '/tmp/file1'], 'test -f /tmp/file2']
480
+
461
481
  This `exec` would only run if every command in the array has a
462
482
  non-zero exit code.
463
483
  EOT
@@ -510,10 +530,17 @@ module Puppet
510
530
  `user`, `cwd`, and `group` as the main command. If the `path` isn't set, you
511
531
  must fully qualify the command's name.
512
532
 
533
+ Since this command is used in the process of determining whether the
534
+ `exec` is already in sync, it must be run during a noop Puppet run.
535
+
513
536
  This parameter can also take an array of commands. For example:
514
537
 
515
538
  onlyif => ['test -f /tmp/file1', 'test -f /tmp/file2'],
516
539
 
540
+ or an array of arrays. For example:
541
+
542
+ onlyif => [['test', '-f', '/tmp/file1'], 'test -f /tmp/file2']
543
+
517
544
  This `exec` would only run if every command in the array has an
518
545
  exit code of 0 (success).
519
546
  EOT
@@ -562,12 +589,14 @@ module Puppet
562
589
  reqs << self[:cwd] if self[:cwd]
563
590
 
564
591
  file_regex = Puppet::Util::Platform.windows? ? %r{^([a-zA-Z]:[\\/]\S+)} : %r{^(/\S+)}
592
+ cmd = self[:command]
593
+ cmd = cmd[0] if cmd.is_a? Array
565
594
 
566
- self[:command].scan(file_regex) { |str|
595
+ cmd.scan(file_regex) { |str|
567
596
  reqs << str
568
597
  }
569
598
 
570
- self[:command].scan(/^"([^"]+)"/) { |str|
599
+ cmd.scan(/^"([^"]+)"/) { |str|
571
600
  reqs << str
572
601
  }
573
602
 
@@ -583,6 +612,7 @@ module Puppet
583
612
  # fully qualified. It might not be a bad idea to add
584
613
  # unqualified files, but, well, that's a bit more annoying
585
614
  # to do.
615
+ line = line[0] if line.is_a? Array
586
616
  reqs += line.scan(file_regex)
587
617
  end
588
618
  }