puppet 7.10.0-universal-darwin → 7.13.1-universal-darwin
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +3 -3
- data/Gemfile.lock +20 -15
- data/ext/project_data.yaml +1 -1
- data/lib/puppet/application/agent.rb +4 -0
- data/lib/puppet/application/apply.rb +20 -2
- data/lib/puppet/application/lookup.rb +72 -24
- data/lib/puppet/application/resource.rb +15 -13
- data/lib/puppet/concurrent/thread_local_singleton.rb +6 -3
- data/lib/puppet/configurer.rb +98 -29
- data/lib/puppet/confine/variable.rb +1 -1
- data/lib/puppet/defaults.rb +17 -3
- data/lib/puppet/facter_impl.rb +96 -0
- data/lib/puppet/file_serving/metadata.rb +3 -0
- data/lib/puppet/file_serving/mount/file.rb +4 -4
- data/lib/puppet/file_system/file_impl.rb +10 -8
- data/lib/puppet/file_system/jruby.rb +1 -1
- data/lib/puppet/file_system/path_pattern.rb +10 -15
- data/lib/puppet/file_system/uniquefile.rb +1 -1
- data/lib/puppet/file_system/windows.rb +4 -4
- data/lib/puppet/file_system.rb +3 -2
- data/lib/puppet/forge.rb +1 -1
- data/lib/puppet/functions/versioncmp.rb +6 -2
- data/lib/puppet/graph/simple_graph.rb +2 -1
- data/lib/puppet/http/client.rb +1 -1
- data/lib/puppet/http/redirector.rb +5 -0
- data/lib/puppet/indirector/catalog/compiler.rb +3 -3
- data/lib/puppet/indirector/facts/facter.rb +6 -6
- data/lib/puppet/indirector/indirection.rb +1 -1
- data/lib/puppet/module_tool/applications/uninstaller.rb +1 -1
- data/lib/puppet/module_tool/applications/upgrader.rb +1 -1
- data/lib/puppet/pal/pal_impl.rb +1 -1
- data/lib/puppet/parser/resource.rb +1 -1
- data/lib/puppet/parser/scope.rb +8 -7
- data/lib/puppet/parser/templatewrapper.rb +1 -0
- data/lib/puppet/pops/evaluator/closure.rb +7 -5
- data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +1 -0
- data/lib/puppet/pops/lookup/lookup_adapter.rb +3 -2
- data/lib/puppet/pops/model/ast.rb +1 -0
- data/lib/puppet/pops/model/factory.rb +14 -13
- data/lib/puppet/pops/parser/code_merger.rb +4 -4
- data/lib/puppet/pops/parser/egrammar.ra +4 -2
- data/lib/puppet/pops/parser/eparser.rb +909 -894
- data/lib/puppet/pops/parser/lexer2.rb +69 -68
- data/lib/puppet/pops/parser/slurp_support.rb +1 -0
- data/lib/puppet/pops/serialization/to_data_converter.rb +6 -18
- data/lib/puppet/pops/serialization/to_stringified_converter.rb +1 -1
- data/lib/puppet/pops/types/type_formatter.rb +7 -6
- data/lib/puppet/pops/types/types.rb +1 -1
- data/lib/puppet/pops/validation/checker4_0.rb +7 -2
- data/lib/puppet/provider/aix_object.rb +1 -1
- data/lib/puppet/provider/group/groupadd.rb +5 -2
- data/lib/puppet/provider/package/pkg.rb +11 -1
- data/lib/puppet/provider/package/puppet_gem.rb +1 -1
- data/lib/puppet/provider/package/puppetserver_gem.rb +1 -1
- data/lib/puppet/provider/package/yum.rb +1 -1
- data/lib/puppet/provider/service/base.rb +1 -1
- data/lib/puppet/provider/service/init.rb +10 -9
- data/lib/puppet/provider/service/launchd.rb +1 -1
- data/lib/puppet/provider/service/redhat.rb +1 -1
- data/lib/puppet/provider/service/smf.rb +3 -3
- data/lib/puppet/provider/service/systemd.rb +1 -1
- data/lib/puppet/provider/service/upstart.rb +5 -5
- data/lib/puppet/provider/user/aix.rb +44 -1
- data/lib/puppet/provider/user/directoryservice.rb +1 -1
- data/lib/puppet/provider/user/useradd.rb +30 -7
- data/lib/puppet/provider.rb +1 -1
- data/lib/puppet/reference/providers.rb +2 -2
- data/lib/puppet/resource/catalog.rb +1 -1
- data/lib/puppet/resource/type_collection.rb +2 -1
- data/lib/puppet/resource.rb +38 -5
- data/lib/puppet/runtime.rb +11 -1
- data/lib/puppet/settings/file_setting.rb +3 -8
- data/lib/puppet/settings.rb +2 -2
- data/lib/puppet/ssl/verifier.rb +3 -1
- data/lib/puppet/test/test_helper.rb +4 -1
- data/lib/puppet/transaction/persistence.rb +22 -12
- data/lib/puppet/type/exec.rb +9 -1
- data/lib/puppet/type/file/data_sync.rb +1 -1
- data/lib/puppet/type/file/group.rb +8 -1
- data/lib/puppet/type/file/owner.rb +8 -1
- data/lib/puppet/type/group.rb +0 -1
- data/lib/puppet/type/resources.rb +1 -1
- data/lib/puppet/type/service.rb +8 -3
- data/lib/puppet/type/user.rb +40 -39
- data/lib/puppet/util/autoload.rb +1 -1
- data/lib/puppet/util/command_line.rb +1 -1
- data/lib/puppet/util/filetype.rb +2 -2
- data/lib/puppet/util/json.rb +20 -0
- data/lib/puppet/util/log.rb +8 -4
- data/lib/puppet/util/logging.rb +1 -25
- data/lib/puppet/util/monkey_patches.rb +26 -2
- data/lib/puppet/util/package.rb +25 -16
- data/lib/puppet/util/pidlock.rb +1 -1
- data/lib/puppet/util/rdoc/parser/puppet_parser_core.rb +1 -1
- data/lib/puppet/util/suidmanager.rb +1 -2
- data/lib/puppet/util/tagging.rb +1 -0
- data/lib/puppet/util/windows/service.rb +0 -5
- data/lib/puppet/util/windows/user.rb +0 -1
- data/lib/puppet/util/windows.rb +3 -0
- data/lib/puppet/util/yaml.rb +11 -0
- data/lib/puppet/util.rb +4 -3
- data/lib/puppet/version.rb +1 -1
- data/lib/puppet.rb +3 -6
- data/locales/puppet.pot +265 -239
- data/man/man5/puppet.conf.5 +18 -2
- data/man/man8/puppet-agent.8 +4 -1
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +1 -1
- data/man/man8/puppet-filebucket.8 +1 -1
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-lookup.8 +9 -6
- data/man/man8/puppet-module.8 +1 -1
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +1 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/integration/application/agent/cached_deferred_catalog.json +2 -1
- data/spec/fixtures/unit/forge/bacula.json +1 -1
- data/spec/integration/application/agent_spec.rb +44 -0
- data/spec/integration/application/lookup_spec.rb +29 -6
- data/spec/integration/configurer_spec.rb +1 -1
- data/spec/integration/indirector/facts/facter_spec.rb +3 -3
- data/spec/integration/parser/pcore_resource_spec.rb +20 -0
- data/spec/integration/transaction/report_spec.rb +1 -1
- data/spec/integration/type/file_spec.rb +2 -2
- data/spec/integration/type/package_spec.rb +6 -6
- data/spec/integration/util/rdoc/parser_spec.rb +1 -1
- data/spec/integration/util/windows/process_spec.rb +1 -9
- data/spec/shared_contexts/l10n.rb +5 -0
- data/spec/unit/application/apply_spec.rb +76 -56
- data/spec/unit/application/lookup_spec.rb +131 -10
- data/spec/unit/application/resource_spec.rb +29 -0
- data/spec/unit/concurrent/thread_local_singleton_spec.rb +39 -0
- data/spec/unit/configurer_spec.rb +113 -28
- data/spec/unit/facter_impl_spec.rb +31 -0
- data/spec/unit/file_bucket/dipper_spec.rb +2 -2
- data/spec/unit/file_system/uniquefile_spec.rb +7 -1
- data/spec/unit/file_system_spec.rb +41 -4
- data/spec/unit/forge/module_release_spec.rb +3 -3
- data/spec/unit/functions/lookup_spec.rb +64 -0
- data/spec/unit/functions/versioncmp_spec.rb +40 -4
- data/spec/unit/http/client_spec.rb +58 -1
- data/spec/unit/indirector/indirection_spec.rb +10 -3
- data/spec/unit/network/formats_spec.rb +6 -0
- data/spec/unit/pops/parser/parse_containers_spec.rb +2 -2
- data/spec/unit/pops/serialization/to_from_hr_spec.rb +0 -58
- data/spec/unit/pops/serialization/to_stringified_spec.rb +5 -0
- data/spec/unit/pops/types/type_calculator_spec.rb +6 -0
- data/spec/unit/pops/validator/validator_spec.rb +5 -0
- data/spec/unit/provider/package/gem_spec.rb +1 -1
- data/spec/unit/provider/package/pip2_spec.rb +1 -1
- data/spec/unit/provider/package/pip3_spec.rb +1 -1
- data/spec/unit/provider/package/pip_spec.rb +1 -1
- data/spec/unit/provider/package/pkg_spec.rb +15 -0
- data/spec/unit/provider/package/puppet_gem_spec.rb +1 -1
- data/spec/unit/provider/package/puppetserver_gem_spec.rb +1 -1
- data/spec/unit/provider/service/gentoo_spec.rb +6 -5
- data/spec/unit/provider/service/init_spec.rb +15 -9
- data/spec/unit/provider/service/openwrt_spec.rb +21 -29
- data/spec/unit/provider/service/redhat_spec.rb +3 -2
- data/spec/unit/provider/user/aix_spec.rb +100 -0
- data/spec/unit/provider/user/directoryservice_spec.rb +1 -1
- data/spec/unit/provider/user/useradd_spec.rb +40 -0
- data/spec/unit/provider_spec.rb +4 -4
- data/spec/unit/puppet_spec.rb +12 -4
- data/spec/unit/resource/catalog_spec.rb +14 -1
- data/spec/unit/resource_spec.rb +58 -2
- data/spec/unit/settings/file_setting_spec.rb +10 -7
- data/spec/unit/transaction/persistence_spec.rb +51 -0
- data/spec/unit/type/file/group_spec.rb +7 -0
- data/spec/unit/type/file/owner_spec.rb +7 -0
- data/spec/unit/type/service_spec.rb +27 -0
- data/spec/unit/type/user_spec.rb +0 -45
- data/spec/unit/type_spec.rb +2 -2
- data/spec/unit/util/autoload_spec.rb +25 -8
- data/spec/unit/util/json_spec.rb +126 -0
- data/spec/unit/util/logging_spec.rb +2 -0
- data/spec/unit/util/yaml_spec.rb +37 -13
- data/tasks/parallel.rake +3 -3
- metadata +17 -4
@@ -7,7 +7,10 @@ require_relative '../../../puppet/error'
|
|
7
7
|
Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameService::ObjectAdd do
|
8
8
|
desc "User management via `useradd` and its ilk. Note that you will need to
|
9
9
|
install Ruby's shadow password library (often known as `ruby-libshadow`)
|
10
|
-
if you wish to manage user passwords.
|
10
|
+
if you wish to manage user passwords.
|
11
|
+
|
12
|
+
To use the `forcelocal` parameter, you need to install the `libuser` package (providing
|
13
|
+
`/usr/sbin/lgroupadd` and `/usr/sbin/luseradd`)."
|
11
14
|
|
12
15
|
commands :add => "useradd", :delete => "userdel", :modify => "usermod", :password => "chage", :chpasswd => "chpasswd"
|
13
16
|
|
@@ -21,13 +24,13 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
|
|
21
24
|
options :expiry, :method => :sp_expire,
|
22
25
|
:munge => proc { |value|
|
23
26
|
if value == :absent
|
24
|
-
if
|
27
|
+
if Puppet.runtime[:facter].value(:operatingsystem)=='SLES' && Puppet.runtime[:facter].value(:operatingsystemmajrelease) == "11"
|
25
28
|
-1
|
26
29
|
else
|
27
30
|
''
|
28
31
|
end
|
29
32
|
else
|
30
|
-
case
|
33
|
+
case Puppet.runtime[:facter].value(:operatingsystem)
|
31
34
|
when 'Solaris'
|
32
35
|
# Solaris uses %m/%d/%Y for useradd/usermod
|
33
36
|
expiry_year, expiry_month, expiry_day = value.split('-')
|
@@ -69,6 +72,16 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
|
|
69
72
|
get(:comment)
|
70
73
|
end
|
71
74
|
|
75
|
+
def shell
|
76
|
+
return localshell if @resource.forcelocal?
|
77
|
+
get(:shell)
|
78
|
+
end
|
79
|
+
|
80
|
+
def home
|
81
|
+
return localhome if @resource.forcelocal?
|
82
|
+
get(:home)
|
83
|
+
end
|
84
|
+
|
72
85
|
def groups
|
73
86
|
return localgroups if @resource.forcelocal?
|
74
87
|
super
|
@@ -120,6 +133,16 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
|
|
120
133
|
user[:gecos]
|
121
134
|
end
|
122
135
|
|
136
|
+
def localshell
|
137
|
+
user = finduser(:account, resource[:name])
|
138
|
+
user[:shell]
|
139
|
+
end
|
140
|
+
|
141
|
+
def localhome
|
142
|
+
user = finduser(:account, resource[:name])
|
143
|
+
user[:directory]
|
144
|
+
end
|
145
|
+
|
123
146
|
def localgroups
|
124
147
|
@groups_of ||= {}
|
125
148
|
group_file = '/etc/group'
|
@@ -193,7 +216,7 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
|
|
193
216
|
end
|
194
217
|
|
195
218
|
has_features :manages_homedir, :allows_duplicates, :manages_expiry
|
196
|
-
has_features :system_users unless %w{HP-UX Solaris}.include?
|
219
|
+
has_features :system_users unless %w{HP-UX Solaris}.include? Puppet.runtime[:facter].value(:operatingsystem)
|
197
220
|
|
198
221
|
has_features :manages_passwords, :manages_password_age if Puppet.features.libshadow?
|
199
222
|
has_features :manages_shell
|
@@ -228,8 +251,8 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
|
|
228
251
|
# libuser does not implement the -m flag
|
229
252
|
cmd << "-m" unless @resource.forcelocal?
|
230
253
|
else
|
231
|
-
osfamily =
|
232
|
-
osversion =
|
254
|
+
osfamily = Puppet.runtime[:facter].value(:osfamily)
|
255
|
+
osversion = Puppet.runtime[:facter].value(:operatingsystemmajrelease).to_i
|
233
256
|
# SLES 11 uses pwdutils instead of shadow, which does not have -M
|
234
257
|
# Solaris and OpenBSD use different useradd flavors
|
235
258
|
unless osfamily =~ /Solaris|OpenBSD/ || osfamily == 'Suse' && osversion <= 11
|
@@ -327,7 +350,7 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
|
|
327
350
|
cmd = [command(:delete)]
|
328
351
|
end
|
329
352
|
# Solaris `userdel -r` will fail if the homedir does not exist.
|
330
|
-
if @resource.managehome? && (('Solaris' !=
|
353
|
+
if @resource.managehome? && (('Solaris' != Puppet.runtime[:facter].value(:operatingsystem)) || Dir.exist?(Dir.home(@resource[:name])))
|
331
354
|
cmd << '-r'
|
332
355
|
end
|
333
356
|
cmd << @resource[:name]
|
data/lib/puppet/provider.rb
CHANGED
@@ -289,7 +289,7 @@ class Puppet::Provider
|
|
289
289
|
# values. Given one or more Regexp instances, fact is compared via the basic
|
290
290
|
# pattern-matching operator.
|
291
291
|
def self.fact_match(fact, values)
|
292
|
-
fact_val =
|
292
|
+
fact_val = Puppet.runtime[:facter].value(fact).to_s.downcase
|
293
293
|
if fact_val.empty?
|
294
294
|
return false
|
295
295
|
else
|
@@ -15,7 +15,7 @@ providers = Puppet::Util::Reference.newreference :providers, :title => "Provider
|
|
15
15
|
# Throw some facts in there, so we know where the report is from.
|
16
16
|
["Ruby Version", "Puppet Version", "Operating System", "Operating System Release"].each do |label|
|
17
17
|
name = label.gsub(/\s+/, '')
|
18
|
-
value =
|
18
|
+
value = Puppet.runtime[:facter].value(name)
|
19
19
|
ret << option(label, value)
|
20
20
|
end
|
21
21
|
ret << "\n"
|
@@ -61,7 +61,7 @@ providers = Puppet::Util::Reference.newreference :providers, :title => "Provider
|
|
61
61
|
if Puppet.settings.valid?(name)
|
62
62
|
details << _(" - Setting %{name} (currently %{value}) not in list %{facts}\n") % { name: name, value: Puppet.settings.value(name).inspect, facts: facts.join(", ") }
|
63
63
|
else
|
64
|
-
details << _(" - Fact %{name} (currently %{value}) not in list %{facts}\n") % { name: name, value:
|
64
|
+
details << _(" - Fact %{name} (currently %{value}) not in list %{facts}\n") % { name: name, value: Puppet.runtime[:facter].value(name).inspect, facts: facts.join(", ") }
|
65
65
|
end
|
66
66
|
end
|
67
67
|
when :true
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# frozen_string_literal: true
|
1
2
|
require_relative '../../puppet/parser/type_loader'
|
2
3
|
require_relative '../../puppet/util/file_watcher'
|
3
4
|
require_relative '../../puppet/util/warnings'
|
@@ -179,7 +180,7 @@ class Puppet::Resource::TypeCollection
|
|
179
180
|
|
180
181
|
private
|
181
182
|
|
182
|
-
COLON_COLON = "::"
|
183
|
+
COLON_COLON = "::"
|
183
184
|
|
184
185
|
# Resolve namespaces and find the given object. Autoload it if
|
185
186
|
# necessary.
|
data/lib/puppet/resource.rb
CHANGED
@@ -11,7 +11,7 @@ class Puppet::Resource
|
|
11
11
|
include Puppet::Util::PsychSupport
|
12
12
|
|
13
13
|
include Enumerable
|
14
|
-
attr_accessor :file, :line, :catalog, :exported, :virtual, :strict
|
14
|
+
attr_accessor :file, :line, :catalog, :exported, :virtual, :strict, :kind
|
15
15
|
attr_reader :type, :title, :parameters
|
16
16
|
|
17
17
|
# @!attribute [rw] sensitive_parameters
|
@@ -29,10 +29,15 @@ class Puppet::Resource
|
|
29
29
|
EMPTY_ARRAY = [].freeze
|
30
30
|
EMPTY_HASH = {}.freeze
|
31
31
|
|
32
|
-
ATTRIBUTES = [:file, :line, :exported].freeze
|
32
|
+
ATTRIBUTES = [:file, :line, :exported, :kind].freeze
|
33
33
|
TYPE_CLASS = 'Class'.freeze
|
34
34
|
TYPE_NODE = 'Node'.freeze
|
35
35
|
|
36
|
+
CLASS_STRING = 'class'.freeze
|
37
|
+
DEFINED_TYPE_STRING = 'defined_type'.freeze
|
38
|
+
COMPILABLE_TYPE_STRING = 'compilable_type'.freeze
|
39
|
+
UNKNOWN_TYPE_STRING = 'unknown'.freeze
|
40
|
+
|
36
41
|
PCORE_TYPE_KEY = '__ptype'.freeze
|
37
42
|
VALUE_KEY = 'value'.freeze
|
38
43
|
|
@@ -193,6 +198,18 @@ class Puppet::Resource
|
|
193
198
|
resource_type.is_a?(Puppet::CompilableResourceType)
|
194
199
|
end
|
195
200
|
|
201
|
+
def self.to_kind(resource_type)
|
202
|
+
if resource_type == CLASS_STRING
|
203
|
+
CLASS_STRING
|
204
|
+
elsif resource_type.is_a?(Puppet::Resource::Type) && resource_type.type == :definition
|
205
|
+
DEFINED_TYPE_STRING
|
206
|
+
elsif resource_type.is_a?(Puppet::CompilableResourceType)
|
207
|
+
COMPILABLE_TYPE_STRING
|
208
|
+
else
|
209
|
+
UNKNOWN_TYPE_STRING
|
210
|
+
end
|
211
|
+
end
|
212
|
+
|
196
213
|
# Iterate over each param/value pair, as required for Enumerable.
|
197
214
|
def each
|
198
215
|
parameters.each { |p,v| yield p, v }
|
@@ -247,6 +264,7 @@ class Puppet::Resource
|
|
247
264
|
src = type
|
248
265
|
self.file = src.file
|
249
266
|
self.line = src.line
|
267
|
+
self.kind = src.kind
|
250
268
|
self.exported = src.exported
|
251
269
|
self.virtual = src.virtual
|
252
270
|
self.set_tags(src)
|
@@ -309,6 +327,7 @@ class Puppet::Resource
|
|
309
327
|
|
310
328
|
rt = resource_type
|
311
329
|
|
330
|
+
self.kind = self.class.to_kind(rt) unless kind
|
312
331
|
if strict? && rt.nil?
|
313
332
|
if self.class?
|
314
333
|
raise ArgumentError, _("Could not find declared class %{title}") % { title: title }
|
@@ -468,10 +487,24 @@ class Puppet::Resource
|
|
468
487
|
ref
|
469
488
|
end
|
470
489
|
|
471
|
-
# Convert our resource to a RAL resource instance.
|
472
|
-
# instances for resource types that
|
490
|
+
# Convert our resource to a RAL resource instance. Creates component
|
491
|
+
# instances for resource types that are not of a compilable_type kind. In case
|
492
|
+
# the resource doesn’t exist and it’s compilable_type kind, raise an error.
|
493
|
+
# There are certain cases where a resource won't be in a catalog, such as
|
494
|
+
# when we create a resource directly by using Puppet::Resource.new(...), so we
|
495
|
+
# must check its kind before deciding whether the catalog format is of an older
|
496
|
+
# version or not.
|
473
497
|
def to_ral
|
474
|
-
|
498
|
+
if self.kind == COMPILABLE_TYPE_STRING
|
499
|
+
typeklass = Puppet::Type.type(self.type)
|
500
|
+
elsif self.catalog && self.catalog.catalog_format >= 2
|
501
|
+
typeklass = Puppet::Type.type(:component)
|
502
|
+
else
|
503
|
+
typeklass = Puppet::Type.type(self.type) || Puppet::Type.type(:component)
|
504
|
+
end
|
505
|
+
|
506
|
+
raise(Puppet::Error, "Resource type '#{self.type}' was not found") unless typeklass
|
507
|
+
|
475
508
|
typeklass.new(self)
|
476
509
|
end
|
477
510
|
|
data/lib/puppet/runtime.rb
CHANGED
@@ -1,4 +1,5 @@
|
|
1
1
|
require_relative '../puppet/http'
|
2
|
+
require_relative '../puppet/facter_impl'
|
2
3
|
require 'singleton'
|
3
4
|
|
4
5
|
# Provides access to runtime implementations.
|
@@ -16,11 +17,20 @@ class Puppet::Runtime
|
|
16
17
|
else
|
17
18
|
Puppet::HTTP::ExternalClient.new(klass)
|
18
19
|
end
|
19
|
-
end
|
20
|
+
end,
|
21
|
+
facter: proc { Puppet::FacterImpl.new }
|
20
22
|
}
|
21
23
|
end
|
22
24
|
private :initialize
|
23
25
|
|
26
|
+
# Loads all runtime implementations.
|
27
|
+
#
|
28
|
+
# @return Array[Symbol] the names of loaded implementations
|
29
|
+
# @api private
|
30
|
+
def load_services
|
31
|
+
@runtime_services.keys.each { |key| self[key] }
|
32
|
+
end
|
33
|
+
|
24
34
|
# Get a runtime implementation.
|
25
35
|
#
|
26
36
|
# @param name [Symbol] the name of the implementation
|
@@ -53,7 +53,7 @@ class Puppet::Settings::FileSetting < Puppet::Settings::StringSetting
|
|
53
53
|
end
|
54
54
|
end
|
55
55
|
|
56
|
-
attr_accessor :mode
|
56
|
+
attr_accessor :mode
|
57
57
|
|
58
58
|
def initialize(args)
|
59
59
|
@group = Unspecified.new
|
@@ -61,11 +61,6 @@ class Puppet::Settings::FileSetting < Puppet::Settings::StringSetting
|
|
61
61
|
super(args)
|
62
62
|
end
|
63
63
|
|
64
|
-
# Should we create files, rather than just directories?
|
65
|
-
def create_files?
|
66
|
-
create
|
67
|
-
end
|
68
|
-
|
69
64
|
# @param value [String] the group to use on the created file (can only be "root" or "service")
|
70
65
|
# @api public
|
71
66
|
def group=(value)
|
@@ -135,8 +130,8 @@ class Puppet::Settings::FileSetting < Puppet::Settings::StringSetting
|
|
135
130
|
# Make sure the paths are fully qualified.
|
136
131
|
path = File.expand_path(path)
|
137
132
|
|
138
|
-
return nil unless type == :directory
|
139
|
-
return nil if path =~ /^\/dev/
|
133
|
+
return nil unless type == :directory || Puppet::FileSystem.exist?(path)
|
134
|
+
return nil if path =~ /^\/dev/ || path =~ /^[A-Z]:\/dev/i
|
140
135
|
|
141
136
|
resource = Puppet::Resource.new(:file, path)
|
142
137
|
|
data/lib/puppet/settings.rb
CHANGED
@@ -79,11 +79,11 @@ class Puppet::Settings
|
|
79
79
|
end
|
80
80
|
|
81
81
|
def self.hostname_fact()
|
82
|
-
|
82
|
+
Puppet.runtime[:facter].value :hostname
|
83
83
|
end
|
84
84
|
|
85
85
|
def self.domain_fact()
|
86
|
-
|
86
|
+
Puppet.runtime[:facter].value :domain
|
87
87
|
end
|
88
88
|
|
89
89
|
def self.default_config_file_name
|
data/lib/puppet/ssl/verifier.rb
CHANGED
@@ -117,7 +117,9 @@ class Puppet::SSL::Verifier
|
|
117
117
|
return false
|
118
118
|
end
|
119
119
|
|
120
|
-
|
120
|
+
# ruby-openssl#74ef8c0cc56b840b772240f2ee2b0fc0aafa2743 now sets the
|
121
|
+
# store_context error when the cert is mismatched
|
122
|
+
when OpenSSL::X509::V_ERR_HOSTNAME_MISMATCH
|
121
123
|
@last_error = Puppet::SSL::CertMismatchError.new(peer_cert, @hostname)
|
122
124
|
return false
|
123
125
|
|
@@ -142,7 +142,9 @@ module Puppet::Test
|
|
142
142
|
},
|
143
143
|
"Context for specs")
|
144
144
|
|
145
|
-
|
145
|
+
# trigger `require 'facter'`
|
146
|
+
Puppet.runtime[:facter]
|
147
|
+
|
146
148
|
Puppet::Parser::Functions.reset
|
147
149
|
Puppet::Application.clear!
|
148
150
|
Puppet::Util::Profiler.clear
|
@@ -166,6 +168,7 @@ module Puppet::Test
|
|
166
168
|
|
167
169
|
Puppet::Util::Storage.clear
|
168
170
|
Puppet::Util::ExecutionStub.reset
|
171
|
+
Puppet.runtime.clear
|
169
172
|
|
170
173
|
Puppet.clear_deprecation_warnings
|
171
174
|
|
@@ -6,6 +6,26 @@ require_relative '../../puppet/util/yaml'
|
|
6
6
|
# as calculating corrective_change).
|
7
7
|
# @api private
|
8
8
|
class Puppet::Transaction::Persistence
|
9
|
+
|
10
|
+
def self.allowed_classes
|
11
|
+
@allowed_classes ||= [
|
12
|
+
Symbol,
|
13
|
+
Time,
|
14
|
+
Regexp,
|
15
|
+
# URI is excluded, because it serializes all instance variables including the
|
16
|
+
# URI parser. Better to serialize the URL encoded representation.
|
17
|
+
SemanticPuppet::Version,
|
18
|
+
# SemanticPuppet::VersionRange has many nested classes and is unlikely to be
|
19
|
+
# used directly, so ignore it
|
20
|
+
Puppet::Pops::Time::Timestamp,
|
21
|
+
Puppet::Pops::Time::TimeData,
|
22
|
+
Puppet::Pops::Time::Timespan,
|
23
|
+
Puppet::Pops::Types::PBinaryType::Binary,
|
24
|
+
# Puppet::Pops::Types::PSensitiveType::Sensitive values are excluded from
|
25
|
+
# the persistence store, ignore it.
|
26
|
+
].freeze
|
27
|
+
end
|
28
|
+
|
9
29
|
def initialize
|
10
30
|
@old_data = {}
|
11
31
|
@new_data = {"resources" => {}}
|
@@ -62,7 +82,7 @@ class Puppet::Transaction::Persistence
|
|
62
82
|
result = nil
|
63
83
|
Puppet::Util.benchmark(:debug, _("Loaded transaction store file in %{seconds} seconds")) do
|
64
84
|
begin
|
65
|
-
result = Puppet::Util::Yaml.safe_load_file(filename,
|
85
|
+
result = Puppet::Util::Yaml.safe_load_file(filename, self.class.allowed_classes)
|
66
86
|
rescue Puppet::Util::Yaml::YamlLoadError => detail
|
67
87
|
Puppet.log_exception(detail, _("Transaction store file %{filename} is corrupt (%{detail}); replacing") % { filename: filename, detail: detail })
|
68
88
|
|
@@ -87,17 +107,7 @@ class Puppet::Transaction::Persistence
|
|
87
107
|
|
88
108
|
# Save data from internal class to persistence store on disk.
|
89
109
|
def save
|
90
|
-
|
91
|
-
@new_data, {
|
92
|
-
symbol_as_string: false,
|
93
|
-
local_reference: false,
|
94
|
-
type_by_reference: true,
|
95
|
-
force_symbol: true,
|
96
|
-
silence_warnings: true,
|
97
|
-
message_prefix: to_s
|
98
|
-
}
|
99
|
-
)
|
100
|
-
Puppet::Util::Yaml.dump(converted_data, Puppet[:transactionstorefile])
|
110
|
+
Puppet::Util::Yaml.dump(@new_data, Puppet[:transactionstorefile])
|
101
111
|
end
|
102
112
|
|
103
113
|
# Use the catalog and run_mode to determine if persistence should be enabled or not
|
data/lib/puppet/type/exec.rb
CHANGED
@@ -201,7 +201,15 @@ module Puppet
|
|
201
201
|
any output is logged at the `err` log level.
|
202
202
|
|
203
203
|
Multiple `exec` resources can use the same `command` value; Puppet
|
204
|
-
only uses the resource title to ensure `exec`s are unique.
|
204
|
+
only uses the resource title to ensure `exec`s are unique.
|
205
|
+
|
206
|
+
On *nix platforms, the command can be specified as an array of
|
207
|
+
strings and Puppet will invoke it using the more secure method of
|
208
|
+
parameterized system calls. For example, rather than executing the
|
209
|
+
malicious injected code, this command will echo it out:
|
210
|
+
|
211
|
+
command => ['/bin/echo', 'hello world; rm -rf /']
|
212
|
+
"
|
205
213
|
|
206
214
|
validate do |command|
|
207
215
|
unless command.is_a?(String) || command.is_a?(Array)
|
@@ -79,7 +79,7 @@ module Puppet
|
|
79
79
|
return :absent unless stat
|
80
80
|
ftype = stat.ftype
|
81
81
|
# Don't even try to manage the content on directories or links
|
82
|
-
return nil if [
|
82
|
+
return nil if ['directory', 'link', 'fifo', 'socket'].include?(ftype)
|
83
83
|
|
84
84
|
begin
|
85
85
|
resource.parameter(:checksum).sum_file(resource[:path])
|
@@ -23,7 +23,14 @@ module Puppet
|
|
23
23
|
# evaluate this property, because they might be added during the catalog
|
24
24
|
# apply.
|
25
25
|
@should.map! do |val|
|
26
|
-
provider.name2gid(val)
|
26
|
+
gid = provider.name2gid(val)
|
27
|
+
if gid
|
28
|
+
gid
|
29
|
+
elsif provider.resource.noop?
|
30
|
+
return false
|
31
|
+
else
|
32
|
+
raise "Could not find group #{val}"
|
33
|
+
end
|
27
34
|
end
|
28
35
|
|
29
36
|
@should.include?(current)
|
@@ -18,7 +18,14 @@ module Puppet
|
|
18
18
|
# evaluate this property, because they might be added during the catalog
|
19
19
|
# apply.
|
20
20
|
@should.map! do |val|
|
21
|
-
provider.name2uid(val)
|
21
|
+
uid = provider.name2uid(val)
|
22
|
+
if uid
|
23
|
+
uid
|
24
|
+
elsif provider.resource.noop?
|
25
|
+
return false
|
26
|
+
else
|
27
|
+
raise "Could not find user #{val}"
|
28
|
+
end
|
22
29
|
end
|
23
30
|
|
24
31
|
return true if @should.include?(current)
|
data/lib/puppet/type/group.rb
CHANGED
@@ -175,7 +175,7 @@ Puppet::Type.newtype(:resources) do
|
|
175
175
|
end
|
176
176
|
|
177
177
|
# Otherwise, use a sensible default based on the OS family
|
178
|
-
@system_users_max_uid ||= case
|
178
|
+
@system_users_max_uid ||= case Puppet.runtime[:facter].value(:osfamily)
|
179
179
|
when 'OpenBSD', 'FreeBSD'
|
180
180
|
999
|
181
181
|
else
|
data/lib/puppet/type/service.rb
CHANGED
@@ -272,9 +272,14 @@ module Puppet
|
|
272
272
|
|
273
273
|
newparam(:timeout, :required_features => :configurable_timeout) do
|
274
274
|
desc "Specify an optional minimum timeout (in seconds) for puppet to wait when syncing service properties"
|
275
|
-
defaultto { provider.
|
276
|
-
|
277
|
-
|
275
|
+
defaultto { provider.respond_to?(:default_timeout) ? provider.default_timeout : 10 }
|
276
|
+
|
277
|
+
munge do |value|
|
278
|
+
begin
|
279
|
+
value = value.to_i
|
280
|
+
raise if value < 1
|
281
|
+
value
|
282
|
+
rescue
|
278
283
|
raise Puppet::Error.new(_("\"%{value}\" is not a positive integer: the timeout parameter must be specified as a positive integer") % { value: value })
|
279
284
|
end
|
280
285
|
end
|
data/lib/puppet/type/user.rb
CHANGED
@@ -1,5 +1,4 @@
|
|
1
1
|
require 'etc'
|
2
|
-
require 'facter'
|
3
2
|
require_relative '../../puppet/parameter/boolean'
|
4
3
|
require_relative '../../puppet/property/list'
|
5
4
|
require_relative '../../puppet/property/ordered_list'
|
@@ -67,7 +66,6 @@ module Puppet
|
|
67
66
|
newproperty(:ensure, :parent => Puppet::Property::Ensure) do
|
68
67
|
newvalue(:present, :event => :user_created) do
|
69
68
|
provider.create
|
70
|
-
@resource.generate
|
71
69
|
end
|
72
70
|
|
73
71
|
newvalue(:absent, :event => :user_removed) do
|
@@ -696,7 +694,6 @@ module Puppet
|
|
696
694
|
|
697
695
|
def generate
|
698
696
|
if !self[:purge_ssh_keys].empty? && self[:purge_ssh_keys] != :false
|
699
|
-
return [] if self[:ensure] == :present && !provider.exists?
|
700
697
|
if Puppet::Type.type(:ssh_authorized_key).nil?
|
701
698
|
warning _("Ssh_authorized_key type is not available. Cannot purge SSH keys.")
|
702
699
|
else
|
@@ -745,6 +742,45 @@ module Puppet
|
|
745
742
|
end
|
746
743
|
raise ArgumentError, _("purge_ssh_keys must be true, false, or an array of file names, not %{value}") % { value: value.inspect }
|
747
744
|
end
|
745
|
+
|
746
|
+
munge do |value|
|
747
|
+
# Resolve string, boolean and symbol forms of true and false to a
|
748
|
+
# single representation.
|
749
|
+
case value
|
750
|
+
when :false, false, "false"
|
751
|
+
[]
|
752
|
+
when :true, true, "true"
|
753
|
+
home = homedir
|
754
|
+
home ? [ "#{home}/.ssh/authorized_keys" ] : []
|
755
|
+
else
|
756
|
+
# value can be a string or array - munge each value
|
757
|
+
[ value ].flatten.map do |entry|
|
758
|
+
authorized_keys_path(entry)
|
759
|
+
end.compact
|
760
|
+
end
|
761
|
+
end
|
762
|
+
|
763
|
+
private
|
764
|
+
|
765
|
+
def homedir
|
766
|
+
resource[:home] || Dir.home(resource[:name])
|
767
|
+
rescue ArgumentError
|
768
|
+
Puppet.debug("User '#{resource[:name]}' does not exist")
|
769
|
+
nil
|
770
|
+
end
|
771
|
+
|
772
|
+
def authorized_keys_path(entry)
|
773
|
+
return entry unless entry.match?(%r{^(?:~|%h)/})
|
774
|
+
|
775
|
+
# if user doesn't exist (yet), ignore nonexistent homedir
|
776
|
+
home = homedir
|
777
|
+
return nil unless home
|
778
|
+
|
779
|
+
# compiler freezes "value" so duplicate using a gsub, second mutating gsub! is then ok
|
780
|
+
entry = entry.gsub(%r{^~/}, "#{home}/")
|
781
|
+
entry.gsub!(%r{^%h/}, "#{home}/")
|
782
|
+
entry
|
783
|
+
end
|
748
784
|
end
|
749
785
|
|
750
786
|
newproperty(:loginclass, :required_features => :manages_loginclass) do
|
@@ -766,7 +802,7 @@ module Puppet
|
|
766
802
|
# @see generate
|
767
803
|
# @api private
|
768
804
|
def find_unmanaged_keys
|
769
|
-
|
805
|
+
self[:purge_ssh_keys].
|
770
806
|
select { |f| File.readable?(f) }.
|
771
807
|
map { |f| unknown_keys_in_file(f) }.
|
772
808
|
flatten.each do |res|
|
@@ -778,41 +814,6 @@ module Puppet
|
|
778
814
|
end
|
779
815
|
end
|
780
816
|
|
781
|
-
def munged_unmanaged_keys
|
782
|
-
value = self[:purge_ssh_keys]
|
783
|
-
|
784
|
-
# Resolve string, boolean and symbol forms of true and false to a
|
785
|
-
# single representation.
|
786
|
-
test_sym = value.to_s.intern
|
787
|
-
value = test_sym if [:true, :false].include? test_sym
|
788
|
-
|
789
|
-
return [] if value == :false
|
790
|
-
|
791
|
-
home = self[:home]
|
792
|
-
begin
|
793
|
-
home ||= provider.home
|
794
|
-
rescue
|
795
|
-
Puppet.debug("User '#{self[:name]}' does not exist")
|
796
|
-
end
|
797
|
-
|
798
|
-
if home.to_s.empty? || !Dir.exist?(home.to_s)
|
799
|
-
if value == :true || [ value ].flatten.any? { |v| v.start_with?('~/', '%h/') }
|
800
|
-
Puppet.debug("User '#{self[:name]}' has no home directory set to purge ssh keys from.")
|
801
|
-
return []
|
802
|
-
end
|
803
|
-
end
|
804
|
-
|
805
|
-
return [ "#{home}/.ssh/authorized_keys" ] if value == :true
|
806
|
-
|
807
|
-
# value is an array - munge each value
|
808
|
-
[ value ].flatten.map do |entry|
|
809
|
-
# make sure frozen value is duplicated by using a gsub, second mutating gsub! is then ok
|
810
|
-
entry = entry.gsub(/^~\//, "#{home}/")
|
811
|
-
entry.gsub!(/^%h\//, "#{home}/")
|
812
|
-
entry
|
813
|
-
end
|
814
|
-
end
|
815
|
-
|
816
817
|
# Parse an ssh authorized keys file superficially, extract the comments
|
817
818
|
# on the keys. These are considered names of possible ssh_authorized_keys
|
818
819
|
# resources. Keys that are managed by the present catalog are ignored.
|
data/lib/puppet/util/autoload.rb
CHANGED
@@ -117,7 +117,7 @@ class Puppet::Util::Autoload
|
|
117
117
|
|
118
118
|
# @api private
|
119
119
|
def files_in_dir(dir, path)
|
120
|
-
dir = Pathname.new(
|
120
|
+
dir = Pathname.new(Puppet::FileSystem.expand_path(dir))
|
121
121
|
Dir.glob(File.join(dir, path, "*.rb")).collect do |file|
|
122
122
|
Pathname.new(file).relative_path_from(dir).to_s
|
123
123
|
end
|
data/lib/puppet/util/filetype.rb
CHANGED
@@ -215,7 +215,7 @@ class Puppet::Util::FileType
|
|
215
215
|
# Remove a specific @path's cron tab.
|
216
216
|
def remove
|
217
217
|
cmd = "#{cmdbase} -r"
|
218
|
-
if %w{Darwin FreeBSD DragonFly}.include?(
|
218
|
+
if %w{Darwin FreeBSD DragonFly}.include?(Puppet.runtime[:facter].value("operatingsystem"))
|
219
219
|
cmd = "/bin/echo yes | #{cmd}"
|
220
220
|
end
|
221
221
|
|
@@ -244,7 +244,7 @@ class Puppet::Util::FileType
|
|
244
244
|
# Only add the -u flag when the @path is different. Fedora apparently
|
245
245
|
# does not think I should be allowed to set the @path to my own user name
|
246
246
|
def cmdbase
|
247
|
-
if @uid == Puppet::Util::SUIDManager.uid ||
|
247
|
+
if @uid == Puppet::Util::SUIDManager.uid || Puppet.runtime[:facter].value(:operatingsystem) == "HP-UX"
|
248
248
|
return "crontab"
|
249
249
|
else
|
250
250
|
return "crontab -u #{@path}"
|