puppet 6.24.0-universal-darwin → 6.25.0-universal-darwin

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of puppet might be problematic. Click here for more details.

Files changed (279) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +2 -2
  3. data/Gemfile.lock +12 -12
  4. data/{ext → examples/enc}/regexp_nodes/classes/databases +0 -0
  5. data/{ext → examples/enc}/regexp_nodes/classes/webservers +0 -0
  6. data/{ext → examples/enc}/regexp_nodes/environment/development +0 -0
  7. data/{ext → examples/enc}/regexp_nodes/parameters/service/prod +0 -0
  8. data/{ext → examples/enc}/regexp_nodes/parameters/service/qa +0 -0
  9. data/{ext → examples/enc}/regexp_nodes/parameters/service/sandbox +0 -0
  10. data/{ext → examples/enc}/regexp_nodes/regexp_nodes.rb +0 -0
  11. data/{ext → examples}/nagios/check_puppet.rb +2 -2
  12. data/ext/README.md +13 -0
  13. data/lib/puppet/application/agent.rb +4 -0
  14. data/lib/puppet/application/apply.rb +20 -2
  15. data/lib/puppet/application/resource.rb +15 -13
  16. data/lib/puppet/concurrent/thread_local_singleton.rb +1 -0
  17. data/lib/puppet/configurer.rb +85 -57
  18. data/lib/puppet/confine/variable.rb +1 -1
  19. data/lib/puppet/defaults.rb +36 -30
  20. data/lib/puppet/environments.rb +66 -26
  21. data/lib/puppet/face/facts.rb +1 -1
  22. data/lib/puppet/facter_impl.rb +96 -0
  23. data/lib/puppet/file_serving/configuration/parser.rb +2 -0
  24. data/lib/puppet/file_serving/configuration.rb +3 -0
  25. data/lib/puppet/file_serving/mount/file.rb +4 -4
  26. data/lib/puppet/file_serving/mount/scripts.rb +24 -0
  27. data/lib/puppet/file_system/file_impl.rb +3 -1
  28. data/lib/puppet/forge.rb +1 -1
  29. data/lib/puppet/functions/find_template.rb +2 -2
  30. data/lib/puppet/http/service/compiler.rb +6 -1
  31. data/lib/puppet/indirector/catalog/compiler.rb +24 -6
  32. data/lib/puppet/indirector/catalog/rest.rb +1 -0
  33. data/lib/puppet/indirector/facts/facter.rb +6 -6
  34. data/lib/puppet/indirector/indirection.rb +1 -1
  35. data/lib/puppet/indirector/terminus.rb +4 -0
  36. data/lib/puppet/module/plan.rb +0 -1
  37. data/lib/puppet/module/task.rb +1 -1
  38. data/lib/puppet/module.rb +1 -0
  39. data/lib/puppet/module_tool/applications/installer.rb +8 -4
  40. data/lib/puppet/module_tool/applications/uninstaller.rb +1 -1
  41. data/lib/puppet/module_tool/applications/upgrader.rb +1 -1
  42. data/lib/puppet/network/http/api/indirected_routes.rb +1 -1
  43. data/lib/puppet/node/environment.rb +10 -11
  44. data/lib/puppet/pal/pal_impl.rb +1 -1
  45. data/lib/puppet/parser/scope.rb +1 -0
  46. data/lib/puppet/parser/templatewrapper.rb +1 -0
  47. data/lib/puppet/pops/lookup/lookup_adapter.rb +3 -2
  48. data/lib/puppet/pops/model/ast.rb +1 -0
  49. data/lib/puppet/pops/model/factory.rb +2 -1
  50. data/lib/puppet/pops/parser/eparser.rb +201 -201
  51. data/lib/puppet/pops/parser/lexer2.rb +92 -91
  52. data/lib/puppet/pops/parser/slurp_support.rb +1 -0
  53. data/lib/puppet/pops/serialization/to_data_converter.rb +18 -6
  54. data/lib/puppet/pops/serialization/to_stringified_converter.rb +1 -1
  55. data/lib/puppet/pops/types/type_formatter.rb +4 -3
  56. data/lib/puppet/pops/types/types.rb +1 -1
  57. data/lib/puppet/provider/aix_object.rb +1 -1
  58. data/lib/puppet/provider/group/groupadd.rb +5 -2
  59. data/lib/puppet/provider/package/pkg.rb +19 -2
  60. data/lib/puppet/provider/package/puppetserver_gem.rb +1 -1
  61. data/lib/puppet/provider/package/yum.rb +1 -1
  62. data/lib/puppet/provider/service/base.rb +1 -1
  63. data/lib/puppet/provider/service/init.rb +5 -5
  64. data/lib/puppet/provider/service/launchd.rb +2 -2
  65. data/lib/puppet/provider/service/redhat.rb +1 -1
  66. data/lib/puppet/provider/service/smf.rb +3 -3
  67. data/lib/puppet/provider/service/systemd.rb +2 -2
  68. data/lib/puppet/provider/service/upstart.rb +5 -5
  69. data/lib/puppet/provider/user/aix.rb +44 -1
  70. data/lib/puppet/provider/user/directoryservice.rb +1 -1
  71. data/lib/puppet/provider/user/useradd.rb +72 -16
  72. data/lib/puppet/provider.rb +1 -1
  73. data/lib/puppet/reference/providers.rb +2 -2
  74. data/lib/puppet/resource/type_collection.rb +1 -0
  75. data/lib/puppet/runtime.rb +11 -1
  76. data/lib/puppet/settings.rb +2 -2
  77. data/lib/puppet/test/test_helper.rb +4 -1
  78. data/lib/puppet/transaction/persistence.rb +11 -1
  79. data/lib/puppet/transaction/report.rb +15 -1
  80. data/lib/puppet/type/exec.rb +19 -2
  81. data/lib/puppet/type/file.rb +6 -6
  82. data/lib/puppet/type/filebucket.rb +3 -3
  83. data/lib/puppet/type/group.rb +0 -1
  84. data/lib/puppet/type/resources.rb +1 -1
  85. data/lib/puppet/type/service.rb +8 -3
  86. data/lib/puppet/type/user.rb +0 -1
  87. data/lib/puppet/type.rb +1 -1
  88. data/lib/puppet/util/command_line.rb +1 -1
  89. data/lib/puppet/util/filetype.rb +2 -2
  90. data/lib/puppet/util/json.rb +3 -0
  91. data/lib/puppet/util/log.rb +1 -2
  92. data/lib/puppet/util/logging.rb +1 -25
  93. data/lib/puppet/util/pidlock.rb +1 -1
  94. data/lib/puppet/util/rdoc/parser/puppet_parser_core.rb +1 -1
  95. data/lib/puppet/util/suidmanager.rb +1 -2
  96. data/lib/puppet/util/tagging.rb +1 -0
  97. data/lib/puppet/util/windows/user.rb +0 -2
  98. data/lib/puppet/util.rb +4 -3
  99. data/lib/puppet/version.rb +1 -1
  100. data/lib/puppet.rb +2 -6
  101. data/locales/puppet.pot +246 -230
  102. data/man/man5/puppet.conf.5 +33 -25
  103. data/man/man8/puppet-agent.8 +4 -1
  104. data/man/man8/puppet-apply.8 +1 -1
  105. data/man/man8/puppet-catalog.8 +1 -1
  106. data/man/man8/puppet-config.8 +1 -1
  107. data/man/man8/puppet-describe.8 +1 -1
  108. data/man/man8/puppet-device.8 +1 -1
  109. data/man/man8/puppet-doc.8 +1 -1
  110. data/man/man8/puppet-epp.8 +1 -1
  111. data/man/man8/puppet-facts.8 +1 -1
  112. data/man/man8/puppet-filebucket.8 +1 -1
  113. data/man/man8/puppet-generate.8 +1 -1
  114. data/man/man8/puppet-help.8 +1 -1
  115. data/man/man8/puppet-key.8 +1 -1
  116. data/man/man8/puppet-lookup.8 +1 -1
  117. data/man/man8/puppet-man.8 +1 -1
  118. data/man/man8/puppet-module.8 +3 -3
  119. data/man/man8/puppet-node.8 +1 -1
  120. data/man/man8/puppet-parser.8 +1 -1
  121. data/man/man8/puppet-plugin.8 +1 -1
  122. data/man/man8/puppet-report.8 +1 -1
  123. data/man/man8/puppet-resource.8 +1 -1
  124. data/man/man8/puppet-script.8 +1 -1
  125. data/man/man8/puppet-ssl.8 +1 -1
  126. data/man/man8/puppet-status.8 +1 -1
  127. data/man/man8/puppet.8 +2 -2
  128. data/spec/fixtures/integration/application/agent/lib/facter/agent_spec_role.rb +3 -0
  129. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/Gemfile +4 -0
  130. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/Rakefile +3 -0
  131. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/lib/puppet/functions/l10n.rb +8 -0
  132. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/config.yaml +25 -0
  133. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/ja/puppet-l10n.po +19 -0
  134. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/puppet-l10n.pot +20 -0
  135. data/spec/fixtures/integration/l10n/envs/prod/modules/demo/metadata.json +8 -0
  136. data/spec/integration/application/agent_spec.rb +113 -37
  137. data/spec/integration/application/filebucket_spec.rb +5 -0
  138. data/spec/integration/configurer_spec.rb +18 -2
  139. data/spec/integration/indirector/facts/facter_spec.rb +3 -3
  140. data/spec/integration/l10n/compiler_spec.rb +37 -0
  141. data/spec/integration/transaction/report_spec.rb +1 -1
  142. data/spec/integration/type/file_spec.rb +2 -2
  143. data/spec/integration/type/package_spec.rb +6 -6
  144. data/spec/integration/util/rdoc/parser_spec.rb +1 -1
  145. data/spec/integration/util/windows/process_spec.rb +1 -9
  146. data/spec/lib/puppet_spec/modules.rb +13 -2
  147. data/spec/lib/puppet_spec/puppetserver.rb +15 -0
  148. data/spec/shared_behaviours/documentation_on_faces.rb +0 -2
  149. data/spec/shared_contexts/l10n.rb +27 -0
  150. data/spec/spec_helper.rb +1 -10
  151. data/spec/unit/application/apply_spec.rb +76 -56
  152. data/spec/unit/application/resource_spec.rb +29 -0
  153. data/spec/unit/configurer_spec.rb +171 -56
  154. data/spec/unit/defaults_spec.rb +1 -0
  155. data/spec/unit/environments_spec.rb +150 -1
  156. data/spec/unit/facter_impl_spec.rb +31 -0
  157. data/spec/unit/file_bucket/dipper_spec.rb +2 -2
  158. data/spec/unit/file_serving/configuration/parser_spec.rb +23 -0
  159. data/spec/unit/file_serving/configuration_spec.rb +14 -4
  160. data/spec/unit/file_serving/mount/scripts_spec.rb +69 -0
  161. data/spec/unit/file_system_spec.rb +7 -0
  162. data/spec/unit/functions/logging_spec.rb +1 -0
  163. data/spec/unit/functions/lookup_spec.rb +64 -0
  164. data/spec/unit/http/service/compiler_spec.rb +8 -0
  165. data/spec/unit/indirector/catalog/compiler_spec.rb +87 -0
  166. data/spec/unit/indirector/catalog/rest_spec.rb +8 -0
  167. data/spec/unit/indirector/indirection_spec.rb +10 -3
  168. data/spec/unit/interface/action_spec.rb +0 -9
  169. data/spec/unit/module_spec.rb +15 -1
  170. data/spec/unit/module_tool/applications/installer_spec.rb +39 -12
  171. data/spec/unit/network/authstore_spec.rb +0 -15
  172. data/spec/unit/network/formats_spec.rb +6 -0
  173. data/spec/unit/pops/parser/parse_containers_spec.rb +0 -11
  174. data/spec/unit/pops/serialization/to_from_hr_spec.rb +58 -0
  175. data/spec/unit/pops/serialization/to_stringified_spec.rb +5 -0
  176. data/spec/unit/pops/types/type_calculator_spec.rb +6 -0
  177. data/spec/unit/provider/package/gem_spec.rb +1 -1
  178. data/spec/unit/provider/package/pip2_spec.rb +1 -1
  179. data/spec/unit/provider/package/pip3_spec.rb +1 -1
  180. data/spec/unit/provider/package/pip_spec.rb +1 -1
  181. data/spec/unit/provider/package/pkg_spec.rb +29 -4
  182. data/spec/unit/provider/package/puppet_gem_spec.rb +1 -1
  183. data/spec/unit/provider/package/puppetserver_gem_spec.rb +1 -1
  184. data/spec/unit/provider/service/launchd_spec.rb +11 -0
  185. data/spec/unit/provider/service/systemd_spec.rb +1 -1
  186. data/spec/unit/provider/user/aix_spec.rb +100 -0
  187. data/spec/unit/provider/user/directoryservice_spec.rb +1 -1
  188. data/spec/unit/provider/user/useradd_spec.rb +43 -2
  189. data/spec/unit/provider_spec.rb +4 -4
  190. data/spec/unit/puppet_spec.rb +12 -4
  191. data/spec/unit/ssl/certificate_request_spec.rb +8 -14
  192. data/spec/unit/type/service_spec.rb +27 -0
  193. data/spec/unit/type_spec.rb +2 -2
  194. data/spec/unit/util/logging_spec.rb +2 -0
  195. data/tasks/parallel.rake +3 -3
  196. metadata +37 -94
  197. data/ext/README.environment +0 -8
  198. data/ext/dbfix.sql +0 -132
  199. data/ext/debian/README.Debian +0 -8
  200. data/ext/debian/README.source +0 -2
  201. data/ext/debian/TODO.Debian +0 -1
  202. data/ext/debian/changelog.erb +0 -1122
  203. data/ext/debian/compat +0 -1
  204. data/ext/debian/control +0 -144
  205. data/ext/debian/copyright +0 -339
  206. data/ext/debian/docs +0 -1
  207. data/ext/debian/fileserver.conf +0 -41
  208. data/ext/debian/puppet-common.dirs +0 -13
  209. data/ext/debian/puppet-common.install +0 -3
  210. data/ext/debian/puppet-common.lintian-overrides +0 -5
  211. data/ext/debian/puppet-common.manpages +0 -28
  212. data/ext/debian/puppet-common.postinst +0 -35
  213. data/ext/debian/puppet-common.postrm +0 -33
  214. data/ext/debian/puppet-el.dirs +0 -1
  215. data/ext/debian/puppet-el.emacsen-install +0 -25
  216. data/ext/debian/puppet-el.emacsen-remove +0 -11
  217. data/ext/debian/puppet-el.emacsen-startup +0 -9
  218. data/ext/debian/puppet-el.install +0 -1
  219. data/ext/debian/puppet-testsuite.install +0 -2
  220. data/ext/debian/puppet-testsuite.lintian-overrides +0 -4
  221. data/ext/debian/puppet.lintian-overrides +0 -3
  222. data/ext/debian/puppet.logrotate +0 -20
  223. data/ext/debian/puppet.postinst +0 -20
  224. data/ext/debian/puppet.postrm +0 -20
  225. data/ext/debian/puppet.preinst +0 -20
  226. data/ext/debian/puppetmaster-common.install +0 -2
  227. data/ext/debian/puppetmaster-common.manpages +0 -2
  228. data/ext/debian/puppetmaster-common.postinst +0 -6
  229. data/ext/debian/puppetmaster-passenger.dirs +0 -4
  230. data/ext/debian/puppetmaster-passenger.postinst +0 -162
  231. data/ext/debian/puppetmaster-passenger.postrm +0 -61
  232. data/ext/debian/puppetmaster.README.debian +0 -17
  233. data/ext/debian/puppetmaster.default +0 -14
  234. data/ext/debian/puppetmaster.init +0 -137
  235. data/ext/debian/puppetmaster.lintian-overrides +0 -3
  236. data/ext/debian/puppetmaster.postinst +0 -20
  237. data/ext/debian/puppetmaster.postrm +0 -5
  238. data/ext/debian/puppetmaster.preinst +0 -22
  239. data/ext/debian/rules +0 -132
  240. data/ext/debian/source/format +0 -1
  241. data/ext/debian/source/options +0 -1
  242. data/ext/debian/vim-puppet.README.Debian +0 -13
  243. data/ext/debian/vim-puppet.dirs +0 -5
  244. data/ext/debian/vim-puppet.yaml +0 -7
  245. data/ext/debian/watch +0 -2
  246. data/ext/freebsd/puppetd +0 -26
  247. data/ext/freebsd/puppetmasterd +0 -26
  248. data/ext/gentoo/conf.d/puppet +0 -5
  249. data/ext/gentoo/conf.d/puppetmaster +0 -12
  250. data/ext/gentoo/init.d/puppet +0 -38
  251. data/ext/gentoo/init.d/puppetmaster +0 -51
  252. data/ext/gentoo/puppet/fileserver.conf +0 -41
  253. data/ext/ips/puppet-agent +0 -44
  254. data/ext/ips/puppet-master +0 -44
  255. data/ext/ips/puppet.p5m.erb +0 -12
  256. data/ext/ips/puppetagent.xml +0 -42
  257. data/ext/ips/puppetmaster.xml +0 -42
  258. data/ext/ips/rules +0 -19
  259. data/ext/ips/transforms +0 -34
  260. data/ext/ldap/puppet.schema +0 -24
  261. data/ext/logcheck/puppet +0 -23
  262. data/ext/osx/file_mapping.yaml +0 -33
  263. data/ext/osx/postflight.erb +0 -109
  264. data/ext/osx/preflight.erb +0 -52
  265. data/ext/osx/prototype.plist.erb +0 -38
  266. data/ext/redhat/fileserver.conf +0 -41
  267. data/ext/redhat/logrotate +0 -21
  268. data/ext/redhat/puppet.spec.erb +0 -842
  269. data/ext/redhat/server.init +0 -128
  270. data/ext/redhat/server.sysconfig +0 -13
  271. data/ext/solaris/pkginfo +0 -6
  272. data/ext/solaris/smf/puppetd.xml +0 -77
  273. data/ext/solaris/smf/puppetmasterd.xml +0 -77
  274. data/ext/solaris/smf/svc-puppetd +0 -71
  275. data/ext/solaris/smf/svc-puppetmasterd +0 -67
  276. data/ext/suse/puppet.spec +0 -310
  277. data/ext/suse/server.init +0 -173
  278. data/ext/yaml_nodes.rb +0 -105
  279. data/spec/unit/indirector/store_configs_spec.rb +0 -7
@@ -7,9 +7,12 @@ require 'puppet/error'
7
7
  Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameService::ObjectAdd do
8
8
  desc "User management via `useradd` and its ilk. Note that you will need to
9
9
  install Ruby's shadow password library (often known as `ruby-libshadow`)
10
- if you wish to manage user passwords."
10
+ if you wish to manage user passwords.
11
11
 
12
- commands :add => "useradd", :delete => "userdel", :modify => "usermod", :password => "chage"
12
+ To use the `forcelocal` parameter, you need to install the `libuser` package (providing
13
+ `/usr/sbin/lgroupadd` and `/usr/sbin/luseradd`)."
14
+
15
+ commands :add => "useradd", :delete => "userdel", :modify => "usermod", :password => "chage", :chpasswd => "chpasswd"
13
16
 
14
17
  options :home, :flag => "-d", :method => :dir
15
18
  options :comment, :method => :gecos
@@ -21,13 +24,13 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
21
24
  options :expiry, :method => :sp_expire,
22
25
  :munge => proc { |value|
23
26
  if value == :absent
24
- if Facter.value(:operatingsystem)=='SLES' && Facter.value(:operatingsystemmajrelease) == "11"
27
+ if Puppet.runtime[:facter].value(:operatingsystem)=='SLES' && Puppet.runtime[:facter].value(:operatingsystemmajrelease) == "11"
25
28
  -1
26
29
  else
27
30
  ''
28
31
  end
29
32
  else
30
- case Facter.value(:operatingsystem)
33
+ case Puppet.runtime[:facter].value(:operatingsystem)
31
34
  when 'Solaris'
32
35
  # Solaris uses %m/%d/%Y for useradd/usermod
33
36
  expiry_year, expiry_month, expiry_day = value.split('-')
@@ -69,6 +72,16 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
69
72
  get(:comment)
70
73
  end
71
74
 
75
+ def shell
76
+ return localshell if @resource.forcelocal?
77
+ get(:shell)
78
+ end
79
+
80
+ def home
81
+ return localhome if @resource.forcelocal?
82
+ get(:home)
83
+ end
84
+
72
85
  def groups
73
86
  return localgroups if @resource.forcelocal?
74
87
  super
@@ -120,6 +133,16 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
120
133
  user[:gecos]
121
134
  end
122
135
 
136
+ def localshell
137
+ user = finduser(:account, resource[:name])
138
+ user[:shell]
139
+ end
140
+
141
+ def localhome
142
+ user = finduser(:account, resource[:name])
143
+ user[:directory]
144
+ end
145
+
123
146
  def localgroups
124
147
  @groups_of ||= {}
125
148
  group_file = '/etc/group'
@@ -152,6 +175,38 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
152
175
  set(:groups, value)
153
176
  end
154
177
 
178
+ def password=(value)
179
+ user = @resource[:name]
180
+ tempfile = Tempfile.new('puppet', :encoding => Encoding::UTF_8)
181
+ begin
182
+ # Puppet execute does not support strings as input, only files.
183
+ # The password is expected to be in an encrypted format given -e is specified:
184
+ tempfile << "#{user}:#{value}\n"
185
+ tempfile.flush
186
+
187
+ # Options '-e' use encrypted password
188
+ # Must receive "user:enc_password" as input
189
+ # command, arguments = {:failonfail => true, :combine => true}
190
+ cmd = [command(:chpasswd), '-e']
191
+ execute_options = {
192
+ :failonfail => false,
193
+ :combine => true,
194
+ :stdinfile => tempfile.path,
195
+ :sensitive => has_sensitive_data?
196
+ }
197
+ output = execute(cmd, execute_options)
198
+
199
+ rescue => detail
200
+ tempfile.close
201
+ tempfile.delete
202
+ raise Puppet::Error, "Could not set password on #{@resource.class.name}[#{@resource.name}]: #{detail}", detail.backtrace
203
+ end
204
+
205
+ # chpasswd can return 1, even on success (at least on AIX 6.1); empty output
206
+ # indicates success
207
+ raise Puppet::ExecutionFailure, "chpasswd said #{output}" if output != ''
208
+ end
209
+
155
210
  verify :gid, "GID must be an integer" do |value|
156
211
  value.is_a? Integer
157
212
  end
@@ -161,7 +216,7 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
161
216
  end
162
217
 
163
218
  has_features :manages_homedir, :allows_duplicates, :manages_expiry
164
- has_features :system_users unless %w{HP-UX Solaris}.include? Facter.value(:operatingsystem)
219
+ has_features :system_users unless %w{HP-UX Solaris}.include? Puppet.runtime[:facter].value(:operatingsystem)
165
220
 
166
221
  has_features :manages_passwords, :manages_password_age if Puppet.features.libshadow?
167
222
  has_features :manages_shell
@@ -196,8 +251,8 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
196
251
  # libuser does not implement the -m flag
197
252
  cmd << "-m" unless @resource.forcelocal?
198
253
  else
199
- osfamily = Facter.value(:osfamily)
200
- osversion = Facter.value(:operatingsystemmajrelease).to_i
254
+ osfamily = Puppet.runtime[:facter].value(:osfamily)
255
+ osversion = Puppet.runtime[:facter].value(:operatingsystemmajrelease).to_i
201
256
  # SLES 11 uses pwdutils instead of shadow, which does not have -M
202
257
  # Solaris and OpenBSD use different useradd flavors
203
258
  unless osfamily =~ /Solaris|OpenBSD/ || osfamily == 'Suse' && osversion <= 11
@@ -215,13 +270,15 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
215
270
  end
216
271
  end
217
272
 
273
+ # Add properties and flags but skipping password related properties due to
274
+ # security risks
218
275
  def add_properties
219
276
  cmd = []
220
277
  # validproperties is a list of properties in undefined order
221
278
  # sort them to have a predictable command line in tests
222
279
  Puppet::Type.type(:user).validproperties.sort.each do |property|
223
280
  value = get_value_for_property(property)
224
- next if value.nil?
281
+ next if value.nil? || property == :password
225
282
  # the value needs to be quoted, mostly because -c might
226
283
  # have spaces in it
227
284
  cmd << flag(property) << munge(property, value)
@@ -293,7 +350,7 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
293
350
  cmd = [command(:delete)]
294
351
  end
295
352
  # Solaris `userdel -r` will fail if the homedir does not exist.
296
- if @resource.managehome? && (('Solaris' != Facter.value(:operatingsystem)) || Dir.exist?(Dir.home(@resource[:name])))
353
+ if @resource.managehome? && (('Solaris' != Puppet.runtime[:facter].value(:operatingsystem)) || Dir.exist?(Dir.home(@resource[:name])))
297
354
  cmd << '-r'
298
355
  end
299
356
  cmd << @resource[:name]
@@ -331,13 +388,12 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
331
388
  if @resource[:shell]
332
389
  check_valid_shell
333
390
  end
334
- super
335
- if @resource.forcelocal? && self.groups?
336
- set(:groups, @resource[:groups])
337
- end
338
- if @resource.forcelocal? && @resource[:expiry]
339
- set(:expiry, @resource[:expiry])
340
- end
391
+ super
392
+ if @resource.forcelocal?
393
+ set(:groups, @resource[:groups]) if self.groups?
394
+ set(:expiry, @resource[:expiry]) if @resource[:expiry]
395
+ end
396
+ set(:password, @resource[:password]) if @resource[:password]
341
397
  end
342
398
 
343
399
  def groups?
@@ -302,7 +302,7 @@ class Puppet::Provider
302
302
  # values. Given one or more Regexp instances, fact is compared via the basic
303
303
  # pattern-matching operator.
304
304
  def self.fact_match(fact, values)
305
- fact_val = Facter.value(fact).to_s.downcase
305
+ fact_val = Puppet.runtime[:facter].value(fact).to_s.downcase
306
306
  if fact_val.empty?
307
307
  return false
308
308
  else
@@ -15,7 +15,7 @@ providers = Puppet::Util::Reference.newreference :providers, :title => "Provider
15
15
  # Throw some facts in there, so we know where the report is from.
16
16
  ["Ruby Version", "Puppet Version", "Operating System", "Operating System Release"].each do |label|
17
17
  name = label.gsub(/\s+/, '')
18
- value = Facter.value(name)
18
+ value = Puppet.runtime[:facter].value(name)
19
19
  ret << option(label, value)
20
20
  end
21
21
  ret << "\n"
@@ -61,7 +61,7 @@ providers = Puppet::Util::Reference.newreference :providers, :title => "Provider
61
61
  if Puppet.settings.valid?(name)
62
62
  details << _(" - Setting %{name} (currently %{value}) not in list %{facts}\n") % { name: name, value: Puppet.settings.value(name).inspect, facts: facts.join(", ") }
63
63
  else
64
- details << _(" - Fact %{name} (currently %{value}) not in list %{facts}\n") % { name: name, value: Facter.value(name).inspect, facts: facts.join(", ") }
64
+ details << _(" - Fact %{name} (currently %{value}) not in list %{facts}\n") % { name: name, value: Puppet.runtime[:facter].value(name).inspect, facts: facts.join(", ") }
65
65
  end
66
66
  end
67
67
  when :true
@@ -1,3 +1,4 @@
1
+ # frozen_string_literal: true
1
2
  require 'puppet/parser/type_loader'
2
3
  require 'puppet/util/file_watcher'
3
4
  require 'puppet/util/warnings'
@@ -1,4 +1,5 @@
1
1
  require 'puppet/http'
2
+ require 'puppet/facter_impl'
2
3
  require 'singleton'
3
4
 
4
5
  # Provides access to runtime implementations.
@@ -17,11 +18,20 @@ class Puppet::Runtime
17
18
  else
18
19
  Puppet::HTTP::ExternalClient.new(klass)
19
20
  end
20
- end
21
+ end,
22
+ facter: proc { Puppet::FacterImpl.new }
21
23
  }
22
24
  end
23
25
  private :initialize
24
26
 
27
+ # Loads all runtime implementations.
28
+ #
29
+ # @return Array[Symbol] the names of loaded implementations
30
+ # @api private
31
+ def load_services
32
+ @runtime_services.keys.each { |key| self[key] }
33
+ end
34
+
25
35
  # Get a runtime implementation.
26
36
  #
27
37
  # @param name [Symbol] the name of the implementation
@@ -75,11 +75,11 @@ class Puppet::Settings
75
75
  end
76
76
 
77
77
  def self.hostname_fact()
78
- Facter.value :hostname
78
+ Puppet.runtime[:facter].value :hostname
79
79
  end
80
80
 
81
81
  def self.domain_fact()
82
- Facter.value :domain
82
+ Puppet.runtime[:facter].value :domain
83
83
  end
84
84
 
85
85
  def self.default_config_file_name
@@ -142,7 +142,9 @@ module Puppet::Test
142
142
  },
143
143
  "Context for specs")
144
144
 
145
- Puppet.runtime.clear
145
+ # trigger `require 'facter'`
146
+ Puppet.runtime[:facter]
147
+
146
148
  Puppet::Parser::Functions.reset
147
149
  Puppet::Application.clear!
148
150
  Puppet::Util::Profiler.clear
@@ -169,6 +171,7 @@ module Puppet::Test
169
171
 
170
172
  Puppet::Util::Storage.clear
171
173
  Puppet::Util::ExecutionStub.reset
174
+ Puppet.runtime.clear
172
175
 
173
176
  Puppet.clear_deprecation_warnings
174
177
 
@@ -87,7 +87,17 @@ class Puppet::Transaction::Persistence
87
87
 
88
88
  # Save data from internal class to persistence store on disk.
89
89
  def save
90
- Puppet::Util::Yaml.dump(@new_data, Puppet[:transactionstorefile])
90
+ converted_data = Puppet::Pops::Serialization::ToDataConverter.convert(
91
+ @new_data, {
92
+ symbol_as_string: false,
93
+ local_reference: false,
94
+ type_by_reference: true,
95
+ force_symbol: true,
96
+ silence_warnings: true,
97
+ message_prefix: to_s
98
+ }
99
+ )
100
+ Puppet::Util::Yaml.dump(converted_data, Puppet[:transactionstorefile])
91
101
  end
92
102
 
93
103
  # Use the catalog and run_mode to determine if persistence should be enabled or not
@@ -77,6 +77,10 @@ class Puppet::Transaction::Report
77
77
  # @return [String] the environment name
78
78
  attr_accessor :environment
79
79
 
80
+ # The name of the environment the agent initially started in
81
+ # @return [String] the environment name
82
+ attr_accessor :initial_environment
83
+
80
84
  # Whether there are changes that we decided not to apply because of noop
81
85
  # @return [Boolean]
82
86
  #
@@ -377,7 +381,17 @@ class Puppet::Transaction::Report
377
381
  # @api public
378
382
  #
379
383
  def raw_summary
380
- report = { "version" => { "config" => configuration_version, "puppet" => Puppet.version } }
384
+ report = {
385
+ "version" => {
386
+ "config" => configuration_version,
387
+ "puppet" => Puppet.version
388
+ },
389
+ "application" => {
390
+ "run_mode" => Puppet.run_mode.name.to_s,
391
+ "initial_environment" => initial_environment,
392
+ "converged_environment" => environment
393
+ }
394
+ }
381
395
 
382
396
  @metrics.each do |name, metric|
383
397
  key = metric.name.to_s
@@ -11,7 +11,10 @@ module Puppet
11
11
 
12
12
  * The command itself is already idempotent. (For example, `apt-get update`.)
13
13
  * The exec has an `onlyif`, `unless`, or `creates` attribute, which prevents
14
- Puppet from running the command unless some condition is met.
14
+ Puppet from running the command unless some condition is met. The
15
+ `onlyif` and `unless` commands of an `exec` are used in the process of
16
+ determining whether the `exec` is already in sync, therefore they must be run
17
+ during a noop Puppet run.
15
18
  * The exec has `refreshonly => true`, which allows Puppet to run the
16
19
  command only when some other resource is changed. (See the notes on refreshing
17
20
  below.)
@@ -198,7 +201,15 @@ module Puppet
198
201
  any output is logged at the `err` log level.
199
202
 
200
203
  Multiple `exec` resources can use the same `command` value; Puppet
201
- only uses the resource title to ensure `exec`s are unique."
204
+ only uses the resource title to ensure `exec`s are unique.
205
+
206
+ On *nix platforms, the command can be specified as an array of
207
+ strings and Puppet will invoke it using the more secure method of
208
+ parameterized system calls. For example, rather than executing the
209
+ malicious injected code, this command will echo it out:
210
+
211
+ command => ['/bin/echo', 'hello world; rm -rf /']
212
+ "
202
213
 
203
214
  validate do |command|
204
215
  unless command.is_a?(String) || command.is_a?(Array)
@@ -456,6 +467,9 @@ module Puppet
456
467
  `user`, `cwd`, and `group` as the main command. If the `path` isn't set, you
457
468
  must fully qualify the command's name.
458
469
 
470
+ Since this command is used in the process of determining whether the
471
+ `exec` is already in sync, it must be run during a noop Puppet run.
472
+
459
473
  This parameter can also take an array of commands. For example:
460
474
 
461
475
  unless => ['test -f /tmp/file1', 'test -f /tmp/file2'],
@@ -516,6 +530,9 @@ module Puppet
516
530
  `user`, `cwd`, and `group` as the main command. If the `path` isn't set, you
517
531
  must fully qualify the command's name.
518
532
 
533
+ Since this command is used in the process of determining whether the
534
+ `exec` is already in sync, it must be run during a noop Puppet run.
535
+
519
536
  This parameter can also take an array of commands. For example:
520
537
 
521
538
  onlyif => ['test -f /tmp/file1', 'test -f /tmp/file2'],
@@ -93,23 +93,23 @@ Puppet::Type.newtype(:file) do
93
93
 
94
94
  Backing up to a local filebucket isn't particularly useful. If you want
95
95
  to make organized use of backups, you will generally want to use the
96
- puppet master server's filebucket service. This requires declaring a
96
+ primary Puppet server's filebucket service. This requires declaring a
97
97
  filebucket resource and a resource default for the `backup` attribute
98
98
  in site.pp:
99
99
 
100
100
  # /etc/puppetlabs/puppet/manifests/site.pp
101
101
  filebucket { 'main':
102
102
  path => false, # This is required for remote filebuckets.
103
- server => 'puppet.example.com', # Optional; defaults to the configured puppet master.
103
+ server => 'puppet.example.com', # Optional; defaults to the configured primary Puppet server.
104
104
  }
105
105
 
106
106
  File { backup => main, }
107
107
 
108
- If you are using multiple puppet master servers, you will want to
108
+ If you are using multiple primary servers, you will want to
109
109
  centralize the contents of the filebucket. Either configure your load
110
- balancer to direct all filebucket traffic to a single master, or use
110
+ balancer to direct all filebucket traffic to a single primary server, or use
111
111
  something like an out-of-band rsync task to synchronize the content on all
112
- masters.
112
+ primary servers.
113
113
 
114
114
  > **Note**: Enabling and using the backup option, and by extension the
115
115
  filebucket resource, requires appropriate planning and management to ensure
@@ -361,7 +361,7 @@ Puppet::Type.newtype(:file) do
361
361
  This command must have a fully qualified path, and should contain a
362
362
  percent (`%`) token where it would expect an input file. It must exit `0`
363
363
  if the syntax is correct, and non-zero otherwise. The command will be
364
- run on the target system while applying the catalog, not on the puppet master.
364
+ run on the target system while applying the catalog, not on the primary Puppet server.
365
365
 
366
366
  Example:
367
367
 
@@ -4,8 +4,8 @@ module Puppet
4
4
  Type.newtype(:filebucket) do
5
5
  @doc = <<-EOT
6
6
  A repository for storing and retrieving file content by MD5 checksum. Can
7
- be local to each agent node, or centralized on a puppet master server. All
8
- puppet masters provide a filebucket service that agent nodes can access
7
+ be local to each agent node, or centralized on a primary Puppet server. All
8
+ puppet servers provide a filebucket service that agent nodes can access
9
9
  via HTTP, but you must declare a filebucket resource before any agents
10
10
  will do so.
11
11
 
@@ -25,7 +25,7 @@ module Puppet
25
25
  # /etc/puppetlabs/puppet/manifests/site.pp
26
26
  filebucket { 'main':
27
27
  path => false, # This is required for remote filebuckets.
28
- server => 'puppet.example.com', # Optional; defaults to the configured puppet master.
28
+ server => 'puppet.example.com', # Optional; defaults to the configured primary server.
29
29
  }
30
30
 
31
31
  File { backup => main, }
@@ -1,5 +1,4 @@
1
1
  require 'etc'
2
- require 'facter'
3
2
  require 'puppet/property/keyvalue'
4
3
  require 'puppet/parameter/boolean'
5
4
 
@@ -175,7 +175,7 @@ Puppet::Type.newtype(:resources) do
175
175
  end
176
176
 
177
177
  # Otherwise, use a sensible default based on the OS family
178
- @system_users_max_uid ||= case Facter.value(:osfamily)
178
+ @system_users_max_uid ||= case Puppet.runtime[:facter].value(:osfamily)
179
179
  when 'OpenBSD', 'FreeBSD'
180
180
  999
181
181
  else
@@ -272,9 +272,14 @@ module Puppet
272
272
 
273
273
  newparam(:timeout, :required_features => :configurable_timeout) do
274
274
  desc "Specify an optional minimum timeout (in seconds) for puppet to wait when syncing service properties"
275
- defaultto { provider.class.respond_to?(:default_timeout) ? provider.default_timeout : 10 }
276
- validate do |value|
277
- if (not value.is_a? Integer) || value < 1
275
+ defaultto { provider.respond_to?(:default_timeout) ? provider.default_timeout : 10 }
276
+
277
+ munge do |value|
278
+ begin
279
+ value = value.to_i
280
+ raise if value < 1
281
+ value
282
+ rescue
278
283
  raise Puppet::Error.new(_("\"%{value}\" is not a positive integer: the timeout parameter must be specified as a positive integer") % { value: value })
279
284
  end
280
285
  end
@@ -1,5 +1,4 @@
1
1
  require 'etc'
2
- require 'facter'
3
2
  require 'puppet/parameter/boolean'
4
3
  require 'puppet/property/list'
5
4
  require 'puppet/property/ordered_list'
data/lib/puppet/type.rb CHANGED
@@ -1295,7 +1295,7 @@ class Type
1295
1295
  like it does when running normally. However, if a resource attribute is not in
1296
1296
  the desired state (as declared in the catalog), Puppet will take no
1297
1297
  action, and will instead report the changes it _would_ have made. These
1298
- simulated changes will appear in the report sent to the puppet master, or
1298
+ simulated changes will appear in the report sent to the primary Puppet server, or
1299
1299
  be shown on the console if running puppet agent or puppet apply in the
1300
1300
  foreground. The simulated changes will not send refresh events to any
1301
1301
  subscribing or notified resources, although Puppet will log that a refresh
@@ -135,7 +135,7 @@ module Puppet
135
135
 
136
136
  # Puppet requires Facter, which initializes its lookup paths. Reset Facter to
137
137
  # pickup the new $LOAD_PATH.
138
- Facter.reset
138
+ Puppet.runtime[:facter].reset
139
139
  end
140
140
  end
141
141
 
@@ -215,7 +215,7 @@ class Puppet::Util::FileType
215
215
  # Remove a specific @path's cron tab.
216
216
  def remove
217
217
  cmd = "#{cmdbase} -r"
218
- if %w{Darwin FreeBSD DragonFly}.include?(Facter.value("operatingsystem"))
218
+ if %w{Darwin FreeBSD DragonFly}.include?(Puppet.runtime[:facter].value("operatingsystem"))
219
219
  cmd = "/bin/echo yes | #{cmd}"
220
220
  end
221
221
 
@@ -244,7 +244,7 @@ class Puppet::Util::FileType
244
244
  # Only add the -u flag when the @path is different. Fedora apparently
245
245
  # does not think I should be allowed to set the @path to my own user name
246
246
  def cmdbase
247
- if @uid == Puppet::Util::SUIDManager.uid || Facter.value(:operatingsystem) == "HP-UX"
247
+ if @uid == Puppet::Util::SUIDManager.uid || Puppet.runtime[:facter].value(:operatingsystem) == "HP-UX"
248
248
  return "crontab"
249
249
  else
250
250
  return "crontab -u #{@path}"
@@ -60,6 +60,9 @@ module Puppet::Util
60
60
  def self.dump(object, options = {})
61
61
  if defined? MultiJson
62
62
  MultiJson.dump(object, options)
63
+ elsif options.is_a?(JSON::State)
64
+ # we're being called recursively
65
+ object.to_json(options)
63
66
  else
64
67
  options.merge!(::JSON::PRETTY_STATE_PROTOTYPE.to_h) if options.delete(:pretty)
65
68
  object.to_json(options)
@@ -2,7 +2,6 @@ require 'puppet/util/tagging'
2
2
  require 'puppet/util/classgen'
3
3
  require 'puppet/util/psych_support'
4
4
  require 'puppet/network/format_support'
5
- require 'facter'
6
5
 
7
6
  # Pass feedback to the user. Log levels are modeled after syslog's, and it is
8
7
  # expected that that will be the most common log destination. Supports
@@ -111,7 +110,7 @@ class Puppet::Util::Log
111
110
  @loglevel = @levels.index(level)
112
111
 
113
112
  # Enable or disable Facter debugging
114
- Facter.debugging(level == :debug) if Facter.respond_to? :debugging
113
+ Puppet.runtime[:facter].debugging(level == :debug)
115
114
  end
116
115
 
117
116
  def Log.levels
@@ -2,8 +2,6 @@
2
2
  require 'puppet/util/log'
3
3
  require 'puppet/error'
4
4
 
5
- require 'facter'
6
-
7
5
  module Puppet::Util
8
6
  module Logging
9
7
 
@@ -254,29 +252,7 @@ module Logging
254
252
  # Sets up Facter logging.
255
253
  # This method causes Facter output to be forwarded to Puppet.
256
254
  def self.setup_facter_logging!
257
- # Only recent versions of Facter support this feature
258
- return false unless Facter.respond_to? :on_message
259
-
260
- # The current Facter log levels are: :trace, :debug, :info, :warn, :error, and :fatal.
261
- # Convert to the corresponding levels in Puppet
262
- Facter.on_message do |level, message|
263
- case level
264
- when :trace, :debug
265
- level = :debug
266
- when :info
267
- # Same as Puppet
268
- when :warn
269
- level = :warning
270
- when :error
271
- level = :err
272
- when :fatal
273
- level = :crit
274
- else
275
- next
276
- end
277
- Puppet::Util::Log.create({:level => level, :source => 'Facter', :message => message})
278
- nil
279
- end
255
+ Puppet.runtime[:facter]
280
256
  true
281
257
  end
282
258
 
@@ -46,7 +46,7 @@ class Puppet::Util::Pidlock
46
46
  private
47
47
 
48
48
  def ps_argument_for_current_kernel
49
- case Facter.value(:kernel)
49
+ case Puppet.runtime[:facter].value(:kernel)
50
50
  when "Linux"
51
51
  "-eq"
52
52
  when "AIX"
@@ -154,7 +154,7 @@ module RDoc::PuppetParserCore
154
154
  # fetch comments
155
155
  if line =~ /^[ \t]*# ?(.*)$/
156
156
  comments += $1 + "\n"
157
- elsif line =~ /^[ \t]*Facter.add\(['"](.*?)['"]\)/
157
+ elsif line =~ /^[ \t]*(Facter.add|Puppet\.runtime\[:facter\].add)\(['"](.*?)['"]\)/
158
158
  current_fact = RDoc::Fact.new($1,{})
159
159
  look_for_directives_in(container, comments) unless comments.empty?
160
160
  current_fact.comment = comments
@@ -1,4 +1,3 @@
1
- require 'facter'
2
1
  require 'puppet/util/warnings'
3
2
  require 'forwardable'
4
3
  require 'etc'
@@ -18,7 +17,7 @@ module Puppet::Util::SUIDManager
18
17
 
19
18
  def osx_maj_ver
20
19
  return @osx_maj_ver unless @osx_maj_ver.nil?
21
- @osx_maj_ver = Facter.value('macosx_productversion_major') || false
20
+ @osx_maj_ver = Puppet.runtime[:facter].value('macosx_productversion_major') || false
22
21
  end
23
22
  module_function :osx_maj_ver
24
23
 
@@ -1,3 +1,4 @@
1
+ # frozen_string_literal: true
1
2
  require 'puppet/util/tag_set'
2
3
 
3
4
  module Puppet::Util::Tagging
@@ -1,6 +1,4 @@
1
1
  require 'puppet/util/windows'
2
-
3
- require 'facter'
4
2
  require 'ffi'
5
3
 
6
4
  module Puppet::Util::Windows::User
data/lib/puppet/util.rb CHANGED
@@ -763,12 +763,13 @@ module Util
763
763
  # Executes a block of code, wrapped around Facter.load_external(false) and
764
764
  # Facter.load_external(true) which will cause Facter to not evaluate external facts.
765
765
  def skip_external_facts
766
- return yield unless Facter.respond_to? :load_external
766
+ return yield unless Puppet.runtime[:facter].load_external?
767
+
767
768
  begin
768
- Facter.load_external(false)
769
+ Puppet.runtime[:facter].load_external(false)
769
770
  yield
770
771
  ensure
771
- Facter.load_external(true)
772
+ Puppet.runtime[:facter].load_external(true)
772
773
  end
773
774
  end
774
775
  module_function :skip_external_facts
@@ -6,7 +6,7 @@
6
6
  # Raketasks and such to set the version based on the output of `git describe`
7
7
 
8
8
  module Puppet
9
- PUPPETVERSION = '6.24.0'
9
+ PUPPETVERSION = '6.25.0'
10
10
 
11
11
  ##
12
12
  # version is a public API method intended to always provide a fast and