puppet 7.8.0 → 7.12.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CONTRIBUTING.md +5 -5
- data/Gemfile +2 -2
- data/Gemfile.lock +15 -15
- data/README.md +4 -4
- data/{ext → examples/enc}/regexp_nodes/classes/databases +0 -0
- data/{ext → examples/enc}/regexp_nodes/classes/webservers +0 -0
- data/{ext → examples/enc}/regexp_nodes/environment/development +0 -0
- data/{ext → examples/enc}/regexp_nodes/parameters/service/prod +0 -0
- data/{ext → examples/enc}/regexp_nodes/parameters/service/qa +0 -0
- data/{ext → examples/enc}/regexp_nodes/parameters/service/sandbox +0 -0
- data/{ext → examples/enc}/regexp_nodes/regexp_nodes.rb +0 -0
- data/{ext → examples}/nagios/check_puppet.rb +2 -2
- data/ext/README.md +13 -0
- data/ext/project_data.yaml +1 -0
- data/install.rb +0 -4
- data/lib/puppet/application/agent.rb +4 -0
- data/lib/puppet/application/apply.rb +20 -2
- data/lib/puppet/application/filebucket.rb +1 -0
- data/lib/puppet/application/resource.rb +30 -15
- data/lib/puppet/application/ssl.rb +1 -0
- data/lib/puppet/concurrent/thread_local_singleton.rb +1 -0
- data/lib/puppet/configurer.rb +176 -58
- data/lib/puppet/confine/variable.rb +1 -1
- data/lib/puppet/defaults.rb +67 -29
- data/lib/puppet/environments.rb +75 -25
- data/lib/puppet/face/help/action.erb +1 -0
- data/lib/puppet/face/help/face.erb +1 -0
- data/lib/puppet/face/node/clean.rb +1 -1
- data/lib/puppet/facter_impl.rb +96 -0
- data/lib/puppet/file_serving/configuration/parser.rb +2 -0
- data/lib/puppet/file_serving/configuration.rb +2 -0
- data/lib/puppet/file_serving/mount/file.rb +4 -4
- data/lib/puppet/file_serving/mount/scripts.rb +24 -0
- data/lib/puppet/file_system/file_impl.rb +3 -1
- data/lib/puppet/file_system/windows.rb +2 -2
- data/lib/puppet/file_system.rb +2 -1
- data/lib/puppet/forge/cache.rb +1 -1
- data/lib/puppet/forge.rb +4 -4
- data/lib/puppet/functions/empty.rb +8 -0
- data/lib/puppet/functions/find_template.rb +2 -2
- data/lib/puppet/functions/strftime.rb +1 -0
- data/lib/puppet/functions/unwrap.rb +17 -2
- data/lib/puppet/http/service/compiler.rb +6 -1
- data/lib/puppet/indirector/catalog/compiler.rb +24 -6
- data/lib/puppet/indirector/catalog/rest.rb +1 -0
- data/lib/puppet/indirector/facts/facter.rb +6 -6
- data/lib/puppet/indirector/indirection.rb +1 -1
- data/lib/puppet/indirector/resource/ral.rb +6 -1
- data/lib/puppet/indirector/terminus.rb +4 -0
- data/lib/puppet/interface/documentation.rb +1 -0
- data/lib/puppet/module/plan.rb +0 -1
- data/lib/puppet/module/task.rb +1 -1
- data/lib/puppet/module_tool/applications/installer.rb +12 -4
- data/lib/puppet/module_tool/applications/uninstaller.rb +1 -1
- data/lib/puppet/module_tool/applications/upgrader.rb +1 -1
- data/lib/puppet/module_tool/errors/shared.rb +17 -0
- data/lib/puppet/module_tool/tar/mini.rb +1 -1
- data/lib/puppet/network/http/api/indirected_routes.rb +1 -1
- data/lib/puppet/node/environment.rb +10 -11
- data/lib/puppet/pal/pal_impl.rb +1 -1
- data/lib/puppet/parser/scope.rb +8 -7
- data/lib/puppet/parser/templatewrapper.rb +1 -0
- data/lib/puppet/pops/evaluator/closure.rb +7 -5
- data/lib/puppet/pops/lookup/lookup_adapter.rb +3 -2
- data/lib/puppet/pops/model/ast.rb +1 -0
- data/lib/puppet/pops/model/factory.rb +14 -13
- data/lib/puppet/pops/parser/egrammar.ra +2 -2
- data/lib/puppet/pops/parser/eparser.rb +752 -753
- data/lib/puppet/pops/parser/lexer2.rb +69 -68
- data/lib/puppet/pops/parser/slurp_support.rb +1 -0
- data/lib/puppet/pops/serialization/to_data_converter.rb +18 -6
- data/lib/puppet/pops/serialization/to_stringified_converter.rb +1 -1
- data/lib/puppet/pops/types/type_formatter.rb +7 -6
- data/lib/puppet/pops/types/type_mismatch_describer.rb +1 -1
- data/lib/puppet/pops/types/types.rb +1 -1
- data/lib/puppet/provider/aix_object.rb +1 -1
- data/lib/puppet/provider/exec/posix.rb +16 -4
- data/lib/puppet/provider/group/groupadd.rb +5 -2
- data/lib/puppet/provider/package/pip.rb +15 -3
- data/lib/puppet/provider/package/pkg.rb +19 -2
- data/lib/puppet/provider/package/puppet_gem.rb +1 -1
- data/lib/puppet/provider/package/puppetserver_gem.rb +1 -1
- data/lib/puppet/provider/package/windows/exe_package.rb +30 -1
- data/lib/puppet/provider/package/windows/package.rb +2 -1
- data/lib/puppet/provider/package/windows.rb +14 -1
- data/lib/puppet/provider/package/yum.rb +1 -1
- data/lib/puppet/provider/parsedfile.rb +3 -0
- data/lib/puppet/provider/service/base.rb +1 -1
- data/lib/puppet/provider/service/init.rb +5 -5
- data/lib/puppet/provider/service/launchd.rb +2 -2
- data/lib/puppet/provider/service/redhat.rb +1 -1
- data/lib/puppet/provider/service/smf.rb +3 -3
- data/lib/puppet/provider/service/systemd.rb +2 -2
- data/lib/puppet/provider/service/upstart.rb +5 -5
- data/lib/puppet/provider/user/aix.rb +44 -1
- data/lib/puppet/provider/user/directoryservice.rb +1 -1
- data/lib/puppet/provider/user/useradd.rb +72 -16
- data/lib/puppet/provider.rb +1 -1
- data/lib/puppet/reference/providers.rb +2 -2
- data/lib/puppet/resource/type_collection.rb +4 -1
- data/lib/puppet/runtime.rb +11 -1
- data/lib/puppet/settings/config_file.rb +1 -8
- data/lib/puppet/settings/file_setting.rb +3 -8
- data/lib/puppet/settings/value_translator.rb +0 -1
- data/lib/puppet/settings.rb +32 -9
- data/lib/puppet/test/test_helper.rb +4 -1
- data/lib/puppet/transaction/persistence.rb +11 -1
- data/lib/puppet/transaction/report.rb +15 -1
- data/lib/puppet/type/exec.rb +35 -5
- data/lib/puppet/type/file/mode.rb +6 -0
- data/lib/puppet/type/file.rb +6 -6
- data/lib/puppet/type/filebucket.rb +2 -2
- data/lib/puppet/type/group.rb +0 -1
- data/lib/puppet/type/resources.rb +1 -1
- data/lib/puppet/type/service.rb +8 -3
- data/lib/puppet/type/tidy.rb +1 -1
- data/lib/puppet/type/user.rb +1 -2
- data/lib/puppet/type.rb +1 -1
- data/lib/puppet/util/autoload.rb +1 -1
- data/lib/puppet/util/command_line.rb +1 -1
- data/lib/puppet/util/filetype.rb +2 -2
- data/lib/puppet/util/json.rb +3 -0
- data/lib/puppet/util/log.rb +1 -2
- data/lib/puppet/util/logging.rb +1 -25
- data/lib/puppet/util/monkey_patches.rb +2 -17
- data/lib/puppet/util/pidlock.rb +1 -1
- data/lib/puppet/util/rdoc/parser/puppet_parser_core.rb +1 -1
- data/lib/puppet/util/suidmanager.rb +1 -2
- data/lib/puppet/util/symbolic_file_mode.rb +29 -17
- data/lib/puppet/util/tagging.rb +1 -0
- data/lib/puppet/util/windows/sid.rb +3 -1
- data/lib/puppet/util/windows/user.rb +0 -1
- data/lib/puppet/util.rb +4 -3
- data/lib/puppet/version.rb +1 -1
- data/lib/puppet/x509/cert_provider.rb +3 -21
- data/lib/puppet.rb +5 -9
- data/locales/puppet.pot +409 -329
- data/man/man5/puppet.conf.5 +73 -25
- data/man/man8/puppet-agent.8 +4 -1
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +9 -9
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +7 -7
- data/man/man8/puppet-filebucket.8 +1 -1
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-module.8 +3 -3
- data/man/man8/puppet-node.8 +5 -5
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +5 -5
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +1 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/integration/application/agent/lib/facter/agent_spec_role.rb +3 -0
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/Gemfile +4 -0
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/Rakefile +3 -0
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/lib/puppet/functions/l10n.rb +8 -0
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/config.yaml +25 -0
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/ja/puppet-l10n.po +19 -0
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/locales/puppet-l10n.pot +20 -0
- data/spec/fixtures/integration/l10n/envs/prod/modules/demo/metadata.json +8 -0
- data/spec/fixtures/ssl/127.0.0.1-key.pem +106 -106
- data/spec/fixtures/ssl/127.0.0.1.pem +48 -48
- data/spec/fixtures/ssl/bad-basic-constraints.pem +54 -54
- data/spec/fixtures/ssl/bad-int-basic-constraints.pem +51 -51
- data/spec/fixtures/ssl/ca.pem +52 -52
- data/spec/fixtures/ssl/crl.pem +25 -25
- data/spec/fixtures/ssl/ec-key-openssl.pem +8 -0
- data/spec/fixtures/ssl/ec-key-pk8.pem +5 -0
- data/spec/fixtures/ssl/ec-key.pem +11 -11
- data/spec/fixtures/ssl/ec.pem +32 -32
- data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
- data/spec/fixtures/ssl/encrypted-key.pem +107 -107
- data/spec/fixtures/ssl/intermediate-agent-crl.pem +25 -25
- data/spec/fixtures/ssl/intermediate-agent.pem +54 -54
- data/spec/fixtures/ssl/intermediate-crl.pem +28 -28
- data/spec/fixtures/ssl/intermediate.pem +51 -51
- data/spec/fixtures/ssl/oid-key.pem +117 -0
- data/spec/fixtures/ssl/oid.pem +69 -0
- data/spec/fixtures/ssl/pluto-key.pem +106 -106
- data/spec/fixtures/ssl/pluto.pem +50 -50
- data/spec/fixtures/ssl/request-key.pem +106 -106
- data/spec/fixtures/ssl/request.pem +45 -45
- data/spec/fixtures/ssl/revoked-key.pem +106 -106
- data/spec/fixtures/ssl/revoked.pem +49 -49
- data/spec/fixtures/ssl/signed-key.pem +106 -106
- data/spec/fixtures/ssl/signed.pem +47 -47
- data/spec/fixtures/ssl/tampered-cert.pem +49 -49
- data/spec/fixtures/ssl/tampered-csr.pem +45 -45
- data/spec/fixtures/ssl/trusted_oid_mapping.yaml +5 -0
- data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +106 -106
- data/spec/fixtures/ssl/unknown-127.0.0.1.pem +48 -48
- data/spec/fixtures/ssl/unknown-ca-key.pem +106 -106
- data/spec/fixtures/ssl/unknown-ca.pem +52 -52
- data/spec/integration/application/agent_spec.rb +118 -52
- data/spec/integration/application/filebucket_spec.rb +16 -0
- data/spec/integration/application/module_spec.rb +21 -0
- data/spec/integration/application/resource_spec.rb +35 -1
- data/spec/integration/application/ssl_spec.rb +20 -0
- data/spec/integration/configurer_spec.rb +18 -2
- data/spec/integration/defaults_spec.rb +5 -0
- data/spec/integration/environments/settings_interpolation_spec.rb +0 -4
- data/spec/integration/indirector/facts/facter_spec.rb +93 -39
- data/spec/integration/l10n/compiler_spec.rb +37 -0
- data/spec/integration/transaction/report_spec.rb +1 -1
- data/spec/integration/type/exec_spec.rb +70 -45
- data/spec/integration/type/file_spec.rb +2 -2
- data/spec/integration/type/package_spec.rb +6 -6
- data/spec/integration/util/rdoc/parser_spec.rb +1 -1
- data/spec/integration/util/windows/process_spec.rb +1 -9
- data/spec/lib/puppet/test_ca.rb +5 -0
- data/spec/lib/puppet_spec/modules.rb +13 -2
- data/spec/lib/puppet_spec/puppetserver.rb +15 -0
- data/spec/lib/puppet_spec/settings.rb +1 -0
- data/spec/shared_behaviours/documentation_on_faces.rb +0 -2
- data/spec/shared_contexts/l10n.rb +27 -0
- data/spec/spec_helper.rb +1 -10
- data/spec/unit/application/apply_spec.rb +76 -56
- data/spec/unit/application/resource_spec.rb +29 -0
- data/spec/unit/configurer_spec.rb +291 -56
- data/spec/unit/environments_spec.rb +184 -0
- data/spec/unit/facter_impl_spec.rb +31 -0
- data/spec/unit/file_bucket/dipper_spec.rb +2 -2
- data/spec/unit/file_serving/configuration/parser_spec.rb +23 -0
- data/spec/unit/file_serving/configuration_spec.rb +12 -4
- data/spec/unit/file_serving/mount/scripts_spec.rb +69 -0
- data/spec/unit/file_system_spec.rb +13 -0
- data/spec/unit/functions/assert_type_spec.rb +1 -1
- data/spec/unit/functions/empty_spec.rb +10 -0
- data/spec/unit/functions/logging_spec.rb +1 -0
- data/spec/unit/functions/lookup_spec.rb +87 -0
- data/spec/unit/functions/unwrap_spec.rb +8 -0
- data/spec/unit/functions4_spec.rb +2 -2
- data/spec/unit/http/service/compiler_spec.rb +8 -0
- data/spec/unit/indirector/catalog/compiler_spec.rb +87 -0
- data/spec/unit/indirector/catalog/rest_spec.rb +8 -0
- data/spec/unit/indirector/indirection_spec.rb +10 -3
- data/spec/unit/indirector/resource/ral_spec.rb +40 -75
- data/spec/unit/interface/action_spec.rb +0 -9
- data/spec/unit/module_spec.rb +14 -0
- data/spec/unit/module_tool/applications/installer_spec.rb +52 -14
- data/spec/unit/network/formats_spec.rb +6 -0
- data/spec/unit/parser/compiler_spec.rb +29 -0
- data/spec/unit/parser/templatewrapper_spec.rb +12 -2
- data/spec/unit/pops/loaders/dependency_loader_spec.rb +0 -9
- data/spec/unit/pops/parser/lexer2_spec.rb +0 -4
- data/spec/unit/pops/parser/parse_containers_spec.rb +0 -11
- data/spec/unit/pops/serialization/to_from_hr_spec.rb +58 -0
- data/spec/unit/pops/serialization/to_stringified_spec.rb +5 -0
- data/spec/unit/pops/types/type_calculator_spec.rb +6 -0
- data/spec/unit/provider/package/gem_spec.rb +1 -1
- data/spec/unit/provider/package/pip2_spec.rb +1 -1
- data/spec/unit/provider/package/pip3_spec.rb +1 -1
- data/spec/unit/provider/package/pip_spec.rb +38 -1
- data/spec/unit/provider/package/pkg_spec.rb +34 -5
- data/spec/unit/provider/package/puppet_gem_spec.rb +1 -1
- data/spec/unit/provider/package/puppetserver_gem_spec.rb +1 -1
- data/spec/unit/provider/package/windows/exe_package_spec.rb +17 -0
- data/spec/unit/provider/parsedfile_spec.rb +10 -0
- data/spec/unit/provider/service/launchd_spec.rb +11 -0
- data/spec/unit/provider/service/systemd_spec.rb +1 -1
- data/spec/unit/provider/user/aix_spec.rb +100 -0
- data/spec/unit/provider/user/directoryservice_spec.rb +1 -1
- data/spec/unit/provider/user/useradd_spec.rb +43 -2
- data/spec/unit/provider_spec.rb +4 -4
- data/spec/unit/puppet_spec.rb +12 -4
- data/spec/unit/resource/type_collection_spec.rb +16 -0
- data/spec/unit/resource/type_spec.rb +2 -2
- data/spec/unit/settings/config_file_spec.rb +1 -11
- data/spec/unit/settings/file_setting_spec.rb +10 -7
- data/spec/unit/settings/value_translator_spec.rb +4 -5
- data/spec/unit/settings_spec.rb +120 -79
- data/spec/unit/ssl/ssl_provider_spec.rb +18 -16
- data/spec/unit/type/exec_spec.rb +76 -29
- data/spec/unit/type/file/source_spec.rb +4 -4
- data/spec/unit/type/service_spec.rb +27 -0
- data/spec/unit/type/tidy_spec.rb +7 -0
- data/spec/unit/type_spec.rb +2 -2
- data/spec/unit/util/autoload_spec.rb +25 -8
- data/spec/unit/util/ldap/connection_spec.rb +10 -10
- data/spec/unit/util/ldap/manager_spec.rb +2 -2
- data/spec/unit/util/logging_spec.rb +2 -0
- data/spec/unit/util/windows/sid_spec.rb +39 -4
- data/spec/unit/util_spec.rb +1 -3
- data/spec/unit/x509/cert_provider_spec.rb +9 -1
- data/tasks/generate_cert_fixtures.rake +10 -1
- data/tasks/parallel.rake +3 -3
- metadata +51 -95
- data/ext/README.environment +0 -8
- data/ext/dbfix.sql +0 -132
- data/ext/debian/README.Debian +0 -8
- data/ext/debian/README.source +0 -2
- data/ext/debian/TODO.Debian +0 -1
- data/ext/debian/changelog.erb +0 -1122
- data/ext/debian/compat +0 -1
- data/ext/debian/control +0 -144
- data/ext/debian/copyright +0 -339
- data/ext/debian/docs +0 -1
- data/ext/debian/fileserver.conf +0 -41
- data/ext/debian/puppet-common.dirs +0 -13
- data/ext/debian/puppet-common.install +0 -3
- data/ext/debian/puppet-common.lintian-overrides +0 -5
- data/ext/debian/puppet-common.manpages +0 -28
- data/ext/debian/puppet-common.postinst +0 -35
- data/ext/debian/puppet-common.postrm +0 -33
- data/ext/debian/puppet-el.dirs +0 -1
- data/ext/debian/puppet-el.emacsen-install +0 -25
- data/ext/debian/puppet-el.emacsen-remove +0 -11
- data/ext/debian/puppet-el.emacsen-startup +0 -9
- data/ext/debian/puppet-el.install +0 -1
- data/ext/debian/puppet-testsuite.install +0 -2
- data/ext/debian/puppet-testsuite.lintian-overrides +0 -4
- data/ext/debian/puppet.lintian-overrides +0 -3
- data/ext/debian/puppet.logrotate +0 -20
- data/ext/debian/puppet.postinst +0 -20
- data/ext/debian/puppet.postrm +0 -20
- data/ext/debian/puppet.preinst +0 -20
- data/ext/debian/puppetmaster-common.install +0 -2
- data/ext/debian/puppetmaster-common.manpages +0 -2
- data/ext/debian/puppetmaster-common.postinst +0 -6
- data/ext/debian/puppetmaster-passenger.dirs +0 -4
- data/ext/debian/puppetmaster-passenger.postinst +0 -162
- data/ext/debian/puppetmaster-passenger.postrm +0 -61
- data/ext/debian/puppetmaster.README.debian +0 -17
- data/ext/debian/puppetmaster.default +0 -14
- data/ext/debian/puppetmaster.init +0 -137
- data/ext/debian/puppetmaster.lintian-overrides +0 -3
- data/ext/debian/puppetmaster.postinst +0 -20
- data/ext/debian/puppetmaster.postrm +0 -5
- data/ext/debian/puppetmaster.preinst +0 -22
- data/ext/debian/rules +0 -132
- data/ext/debian/source/format +0 -1
- data/ext/debian/source/options +0 -1
- data/ext/debian/vim-puppet.README.Debian +0 -13
- data/ext/debian/vim-puppet.dirs +0 -5
- data/ext/debian/vim-puppet.yaml +0 -7
- data/ext/debian/watch +0 -2
- data/ext/freebsd/puppetd +0 -26
- data/ext/freebsd/puppetmasterd +0 -26
- data/ext/gentoo/conf.d/puppet +0 -5
- data/ext/gentoo/conf.d/puppetmaster +0 -12
- data/ext/gentoo/init.d/puppet +0 -38
- data/ext/gentoo/init.d/puppetmaster +0 -51
- data/ext/gentoo/puppet/fileserver.conf +0 -41
- data/ext/ips/puppet-agent +0 -44
- data/ext/ips/puppet-master +0 -44
- data/ext/ips/puppet.p5m.erb +0 -12
- data/ext/ips/puppetagent.xml +0 -42
- data/ext/ips/puppetmaster.xml +0 -42
- data/ext/ips/rules +0 -19
- data/ext/ips/transforms +0 -34
- data/ext/ldap/puppet.schema +0 -24
- data/ext/logcheck/puppet +0 -23
- data/ext/osx/file_mapping.yaml +0 -28
- data/ext/osx/postflight.erb +0 -109
- data/ext/osx/preflight.erb +0 -52
- data/ext/osx/prototype.plist.erb +0 -38
- data/ext/redhat/fileserver.conf +0 -41
- data/ext/redhat/logrotate +0 -21
- data/ext/redhat/puppet.spec.erb +0 -841
- data/ext/redhat/server.init +0 -128
- data/ext/redhat/server.sysconfig +0 -13
- data/ext/solaris/pkginfo +0 -6
- data/ext/solaris/smf/puppetd.xml +0 -77
- data/ext/solaris/smf/puppetmasterd.xml +0 -77
- data/ext/solaris/smf/svc-puppetd +0 -71
- data/ext/solaris/smf/svc-puppetmasterd +0 -67
- data/ext/suse/puppet.spec +0 -310
- data/ext/suse/server.init +0 -173
- data/ext/yaml_nodes.rb +0 -105
- data/spec/unit/indirector/store_configs_spec.rb +0 -7
data/lib/puppet/type/exec.rb
CHANGED
@@ -11,7 +11,10 @@ module Puppet
|
|
11
11
|
|
12
12
|
* The command itself is already idempotent. (For example, `apt-get update`.)
|
13
13
|
* The exec has an `onlyif`, `unless`, or `creates` attribute, which prevents
|
14
|
-
Puppet from running the command unless some condition is met.
|
14
|
+
Puppet from running the command unless some condition is met. The
|
15
|
+
`onlyif` and `unless` commands of an `exec` are used in the process of
|
16
|
+
determining whether the `exec` is already in sync, therefore they must be run
|
17
|
+
during a noop Puppet run.
|
15
18
|
* The exec has `refreshonly => true`, which allows Puppet to run the
|
16
19
|
command only when some other resource is changed. (See the notes on refreshing
|
17
20
|
below.)
|
@@ -198,10 +201,20 @@ module Puppet
|
|
198
201
|
any output is logged at the `err` log level.
|
199
202
|
|
200
203
|
Multiple `exec` resources can use the same `command` value; Puppet
|
201
|
-
only uses the resource title to ensure `exec`s are unique.
|
204
|
+
only uses the resource title to ensure `exec`s are unique.
|
205
|
+
|
206
|
+
On *nix platforms, the command can be specified as an array of
|
207
|
+
strings and Puppet will invoke it using the more secure method of
|
208
|
+
parameterized system calls. For example, rather than executing the
|
209
|
+
malicious injected code, this command will echo it out:
|
210
|
+
|
211
|
+
command => ['/bin/echo', 'hello world; rm -rf /']
|
212
|
+
"
|
202
213
|
|
203
214
|
validate do |command|
|
204
|
-
|
215
|
+
unless command.is_a?(String) || command.is_a?(Array)
|
216
|
+
raise ArgumentError, _("Command must be a String or Array<String>, got value of class %{klass}") % { klass: command.class }
|
217
|
+
end
|
205
218
|
end
|
206
219
|
end
|
207
220
|
|
@@ -454,10 +467,17 @@ module Puppet
|
|
454
467
|
`user`, `cwd`, and `group` as the main command. If the `path` isn't set, you
|
455
468
|
must fully qualify the command's name.
|
456
469
|
|
470
|
+
Since this command is used in the process of determining whether the
|
471
|
+
`exec` is already in sync, it must be run during a noop Puppet run.
|
472
|
+
|
457
473
|
This parameter can also take an array of commands. For example:
|
458
474
|
|
459
475
|
unless => ['test -f /tmp/file1', 'test -f /tmp/file2'],
|
460
476
|
|
477
|
+
or an array of arrays. For example:
|
478
|
+
|
479
|
+
unless => [['test', '-f', '/tmp/file1'], 'test -f /tmp/file2']
|
480
|
+
|
461
481
|
This `exec` would only run if every command in the array has a
|
462
482
|
non-zero exit code.
|
463
483
|
EOT
|
@@ -510,10 +530,17 @@ module Puppet
|
|
510
530
|
`user`, `cwd`, and `group` as the main command. If the `path` isn't set, you
|
511
531
|
must fully qualify the command's name.
|
512
532
|
|
533
|
+
Since this command is used in the process of determining whether the
|
534
|
+
`exec` is already in sync, it must be run during a noop Puppet run.
|
535
|
+
|
513
536
|
This parameter can also take an array of commands. For example:
|
514
537
|
|
515
538
|
onlyif => ['test -f /tmp/file1', 'test -f /tmp/file2'],
|
516
539
|
|
540
|
+
or an array of arrays. For example:
|
541
|
+
|
542
|
+
onlyif => [['test', '-f', '/tmp/file1'], 'test -f /tmp/file2']
|
543
|
+
|
517
544
|
This `exec` would only run if every command in the array has an
|
518
545
|
exit code of 0 (success).
|
519
546
|
EOT
|
@@ -562,12 +589,14 @@ module Puppet
|
|
562
589
|
reqs << self[:cwd] if self[:cwd]
|
563
590
|
|
564
591
|
file_regex = Puppet::Util::Platform.windows? ? %r{^([a-zA-Z]:[\\/]\S+)} : %r{^(/\S+)}
|
592
|
+
cmd = self[:command]
|
593
|
+
cmd = cmd[0] if cmd.is_a? Array
|
565
594
|
|
566
|
-
|
595
|
+
cmd.scan(file_regex) { |str|
|
567
596
|
reqs << str
|
568
597
|
}
|
569
598
|
|
570
|
-
|
599
|
+
cmd.scan(/^"([^"]+)"/) { |str|
|
571
600
|
reqs << str
|
572
601
|
}
|
573
602
|
|
@@ -583,6 +612,7 @@ module Puppet
|
|
583
612
|
# fully qualified. It might not be a bad idea to add
|
584
613
|
# unqualified files, but, well, that's a bit more annoying
|
585
614
|
# to do.
|
615
|
+
line = line[0] if line.is_a? Array
|
586
616
|
reqs += line.scan(file_regex)
|
587
617
|
end
|
588
618
|
}
|
@@ -90,9 +90,15 @@ module Puppet
|
|
90
90
|
raise Puppet::Error, "The file mode specification is invalid: #{value.inspect}"
|
91
91
|
end
|
92
92
|
|
93
|
+
# normalizes to symbolic form, e.g. u+a, an octal string without leading 0
|
93
94
|
normalize_symbolic_mode(value)
|
94
95
|
end
|
95
96
|
|
97
|
+
unmunge do |value|
|
98
|
+
# return symbolic form or octal string *with* leading 0's
|
99
|
+
display_mode(value) if value
|
100
|
+
end
|
101
|
+
|
96
102
|
def desired_mode_from_current(desired, current)
|
97
103
|
current = current.to_i(8) if current.is_a? String
|
98
104
|
is_a_directory = @resource.stat && @resource.stat.directory?
|
data/lib/puppet/type/file.rb
CHANGED
@@ -91,23 +91,23 @@ Puppet::Type.newtype(:file) do
|
|
91
91
|
|
92
92
|
Backing up to a local filebucket isn't particularly useful. If you want
|
93
93
|
to make organized use of backups, you will generally want to use the
|
94
|
-
|
94
|
+
primary Puppet server's filebucket service. This requires declaring a
|
95
95
|
filebucket resource and a resource default for the `backup` attribute
|
96
96
|
in site.pp:
|
97
97
|
|
98
98
|
# /etc/puppetlabs/puppet/manifests/site.pp
|
99
99
|
filebucket { 'main':
|
100
100
|
path => false, # This is required for remote filebuckets.
|
101
|
-
server => 'puppet.example.com', # Optional; defaults to the configured
|
101
|
+
server => 'puppet.example.com', # Optional; defaults to the configured primary Puppet server.
|
102
102
|
}
|
103
103
|
|
104
104
|
File { backup => main, }
|
105
105
|
|
106
|
-
If you are using multiple
|
106
|
+
If you are using multiple primary servers, you will want to
|
107
107
|
centralize the contents of the filebucket. Either configure your load
|
108
|
-
balancer to direct all filebucket traffic to a single
|
108
|
+
balancer to direct all filebucket traffic to a single primary server, or use
|
109
109
|
something like an out-of-band rsync task to synchronize the content on all
|
110
|
-
|
110
|
+
primary servers.
|
111
111
|
|
112
112
|
> **Note**: Enabling and using the backup option, and by extension the
|
113
113
|
filebucket resource, requires appropriate planning and management to ensure
|
@@ -359,7 +359,7 @@ Puppet::Type.newtype(:file) do
|
|
359
359
|
This command must have a fully qualified path, and should contain a
|
360
360
|
percent (`%`) token where it would expect an input file. It must exit `0`
|
361
361
|
if the syntax is correct, and non-zero otherwise. The command will be
|
362
|
-
run on the target system while applying the catalog, not on the
|
362
|
+
run on the target system while applying the catalog, not on the primary Puppet server.
|
363
363
|
|
364
364
|
Example:
|
365
365
|
|
@@ -4,7 +4,7 @@ module Puppet
|
|
4
4
|
Type.newtype(:filebucket) do
|
5
5
|
@doc = <<-EOT
|
6
6
|
A repository for storing and retrieving file content by MD5 checksum. Can
|
7
|
-
be local to each agent node, or centralized on a
|
7
|
+
be local to each agent node, or centralized on a primary Puppet server. All
|
8
8
|
puppet servers provide a filebucket service that agent nodes can access
|
9
9
|
via HTTP, but you must declare a filebucket resource before any agents
|
10
10
|
will do so.
|
@@ -25,7 +25,7 @@ module Puppet
|
|
25
25
|
# /etc/puppetlabs/puppet/manifests/site.pp
|
26
26
|
filebucket { 'main':
|
27
27
|
path => false, # This is required for remote filebuckets.
|
28
|
-
server => 'puppet.example.com', # Optional; defaults to the configured
|
28
|
+
server => 'puppet.example.com', # Optional; defaults to the configured primary server.
|
29
29
|
}
|
30
30
|
|
31
31
|
File { backup => main, }
|
data/lib/puppet/type/group.rb
CHANGED
@@ -175,7 +175,7 @@ Puppet::Type.newtype(:resources) do
|
|
175
175
|
end
|
176
176
|
|
177
177
|
# Otherwise, use a sensible default based on the OS family
|
178
|
-
@system_users_max_uid ||= case
|
178
|
+
@system_users_max_uid ||= case Puppet.runtime[:facter].value(:osfamily)
|
179
179
|
when 'OpenBSD', 'FreeBSD'
|
180
180
|
999
|
181
181
|
else
|
data/lib/puppet/type/service.rb
CHANGED
@@ -272,9 +272,14 @@ module Puppet
|
|
272
272
|
|
273
273
|
newparam(:timeout, :required_features => :configurable_timeout) do
|
274
274
|
desc "Specify an optional minimum timeout (in seconds) for puppet to wait when syncing service properties"
|
275
|
-
defaultto { provider.
|
276
|
-
|
277
|
-
|
275
|
+
defaultto { provider.respond_to?(:default_timeout) ? provider.default_timeout : 10 }
|
276
|
+
|
277
|
+
munge do |value|
|
278
|
+
begin
|
279
|
+
value = value.to_i
|
280
|
+
raise if value < 1
|
281
|
+
value
|
282
|
+
rescue
|
278
283
|
raise Puppet::Error.new(_("\"%{value}\" is not a positive integer: the timeout parameter must be specified as a positive integer") % { value: value })
|
279
284
|
end
|
280
285
|
end
|
data/lib/puppet/type/tidy.rb
CHANGED
@@ -144,7 +144,7 @@ Puppet::Type.newtype(:tidy) do
|
|
144
144
|
|
145
145
|
def tidy?(path, stat)
|
146
146
|
# If the file's older than we allow, we should get rid of it.
|
147
|
-
(Time.now.to_i - stat.send(resource[:type]).to_i)
|
147
|
+
(Time.now.to_i - stat.send(resource[:type]).to_i) >= value
|
148
148
|
end
|
149
149
|
|
150
150
|
munge do |age|
|
data/lib/puppet/type/user.rb
CHANGED
@@ -1,5 +1,4 @@
|
|
1
1
|
require 'etc'
|
2
|
-
require 'facter'
|
3
2
|
require_relative '../../puppet/parameter/boolean'
|
4
3
|
require_relative '../../puppet/property/list'
|
5
4
|
require_relative '../../puppet/property/ordered_list'
|
@@ -695,7 +694,7 @@ module Puppet
|
|
695
694
|
end
|
696
695
|
|
697
696
|
def generate
|
698
|
-
if !self[:purge_ssh_keys].empty?
|
697
|
+
if !self[:purge_ssh_keys].empty? && self[:purge_ssh_keys] != :false
|
699
698
|
return [] if self[:ensure] == :present && !provider.exists?
|
700
699
|
if Puppet::Type.type(:ssh_authorized_key).nil?
|
701
700
|
warning _("Ssh_authorized_key type is not available. Cannot purge SSH keys.")
|
data/lib/puppet/type.rb
CHANGED
@@ -1272,7 +1272,7 @@ class Type
|
|
1272
1272
|
like it does when running normally. However, if a resource attribute is not in
|
1273
1273
|
the desired state (as declared in the catalog), Puppet will take no
|
1274
1274
|
action, and will instead report the changes it _would_ have made. These
|
1275
|
-
simulated changes will appear in the report sent to the
|
1275
|
+
simulated changes will appear in the report sent to the primary Puppet server, or
|
1276
1276
|
be shown on the console if running puppet agent or puppet apply in the
|
1277
1277
|
foreground. The simulated changes will not send refresh events to any
|
1278
1278
|
subscribing or notified resources, although Puppet will log that a refresh
|
data/lib/puppet/util/autoload.rb
CHANGED
@@ -117,7 +117,7 @@ class Puppet::Util::Autoload
|
|
117
117
|
|
118
118
|
# @api private
|
119
119
|
def files_in_dir(dir, path)
|
120
|
-
dir = Pathname.new(
|
120
|
+
dir = Pathname.new(Puppet::FileSystem.expand_path(dir))
|
121
121
|
Dir.glob(File.join(dir, path, "*.rb")).collect do |file|
|
122
122
|
Pathname.new(file).relative_path_from(dir).to_s
|
123
123
|
end
|
data/lib/puppet/util/filetype.rb
CHANGED
@@ -215,7 +215,7 @@ class Puppet::Util::FileType
|
|
215
215
|
# Remove a specific @path's cron tab.
|
216
216
|
def remove
|
217
217
|
cmd = "#{cmdbase} -r"
|
218
|
-
if %w{Darwin FreeBSD DragonFly}.include?(
|
218
|
+
if %w{Darwin FreeBSD DragonFly}.include?(Puppet.runtime[:facter].value("operatingsystem"))
|
219
219
|
cmd = "/bin/echo yes | #{cmd}"
|
220
220
|
end
|
221
221
|
|
@@ -244,7 +244,7 @@ class Puppet::Util::FileType
|
|
244
244
|
# Only add the -u flag when the @path is different. Fedora apparently
|
245
245
|
# does not think I should be allowed to set the @path to my own user name
|
246
246
|
def cmdbase
|
247
|
-
if @uid == Puppet::Util::SUIDManager.uid ||
|
247
|
+
if @uid == Puppet::Util::SUIDManager.uid || Puppet.runtime[:facter].value(:operatingsystem) == "HP-UX"
|
248
248
|
return "crontab"
|
249
249
|
else
|
250
250
|
return "crontab -u #{@path}"
|
data/lib/puppet/util/json.rb
CHANGED
@@ -60,6 +60,9 @@ module Puppet::Util
|
|
60
60
|
def self.dump(object, options = {})
|
61
61
|
if defined? MultiJson
|
62
62
|
MultiJson.dump(object, options)
|
63
|
+
elsif options.is_a?(JSON::State)
|
64
|
+
# we're being called recursively
|
65
|
+
object.to_json(options)
|
63
66
|
else
|
64
67
|
options.merge!(::JSON::PRETTY_STATE_PROTOTYPE.to_h) if options.delete(:pretty)
|
65
68
|
object.to_json(options)
|
data/lib/puppet/util/log.rb
CHANGED
@@ -2,7 +2,6 @@ require_relative '../../puppet/util/tagging'
|
|
2
2
|
require_relative '../../puppet/util/classgen'
|
3
3
|
require_relative '../../puppet/util/psych_support'
|
4
4
|
require_relative '../../puppet/network/format_support'
|
5
|
-
require 'facter'
|
6
5
|
|
7
6
|
# Pass feedback to the user. Log levels are modeled after syslog's, and it is
|
8
7
|
# expected that that will be the most common log destination. Supports
|
@@ -111,7 +110,7 @@ class Puppet::Util::Log
|
|
111
110
|
@loglevel = @levels.index(level)
|
112
111
|
|
113
112
|
# Enable or disable Facter debugging
|
114
|
-
|
113
|
+
Puppet.runtime[:facter].debugging(level == :debug)
|
115
114
|
end
|
116
115
|
|
117
116
|
def Log.levels
|
data/lib/puppet/util/logging.rb
CHANGED
@@ -2,8 +2,6 @@
|
|
2
2
|
require_relative '../../puppet/util/log'
|
3
3
|
require_relative '../../puppet/error'
|
4
4
|
|
5
|
-
require 'facter'
|
6
|
-
|
7
5
|
module Puppet::Util
|
8
6
|
module Logging
|
9
7
|
|
@@ -254,29 +252,7 @@ module Logging
|
|
254
252
|
# Sets up Facter logging.
|
255
253
|
# This method causes Facter output to be forwarded to Puppet.
|
256
254
|
def self.setup_facter_logging!
|
257
|
-
|
258
|
-
return false unless Facter.respond_to? :on_message
|
259
|
-
|
260
|
-
# The current Facter log levels are: :trace, :debug, :info, :warn, :error, and :fatal.
|
261
|
-
# Convert to the corresponding levels in Puppet
|
262
|
-
Facter.on_message do |level, message|
|
263
|
-
case level
|
264
|
-
when :trace, :debug
|
265
|
-
level = :debug
|
266
|
-
when :info
|
267
|
-
# Same as Puppet
|
268
|
-
when :warn
|
269
|
-
level = :warning
|
270
|
-
when :error
|
271
|
-
level = :err
|
272
|
-
when :fatal
|
273
|
-
level = :crit
|
274
|
-
else
|
275
|
-
next
|
276
|
-
end
|
277
|
-
Puppet::Util::Log.create({:level => level, :source => 'Facter', :message => message})
|
278
|
-
nil
|
279
|
-
end
|
255
|
+
Puppet.runtime[:facter]
|
280
256
|
true
|
281
257
|
end
|
282
258
|
|
@@ -32,13 +32,6 @@ end
|
|
32
32
|
# (#19151) Reject all SSLv2 ciphers and handshakes
|
33
33
|
require_relative '../../puppet/ssl/openssl_loader'
|
34
34
|
unless Puppet::Util::Platform.jruby_fips?
|
35
|
-
unless defined?(OpenSSL::SSL::TLS1_VERSION)
|
36
|
-
module OpenSSL::SSL
|
37
|
-
# see https://github.com/ruby/ruby/commit/609103dbb5fb182eec12f052226c43e39b907682#diff-09f822c26289f5347111795ca22ed7ed1cfadd6ebd28f987991d1d414eef565aR2755-R2759
|
38
|
-
OpenSSL::SSL::TLS1_VERSION = 0x301
|
39
|
-
end
|
40
|
-
end
|
41
|
-
|
42
35
|
class OpenSSL::SSL::SSLContext
|
43
36
|
if DEFAULT_PARAMS[:options]
|
44
37
|
DEFAULT_PARAMS[:options] |= OpenSSL::SSL::OP_NO_SSLv2 | OpenSSL::SSL::OP_NO_SSLv3
|
@@ -94,20 +87,12 @@ unless Puppet::Util::Platform.jruby_fips?
|
|
94
87
|
OpenSSL::X509.const_set(:V_ERR_HOSTNAME_MISMATCH, 62)
|
95
88
|
end
|
96
89
|
|
90
|
+
# jruby-openssl doesn't support this
|
97
91
|
unless OpenSSL::X509::Name.instance_methods.include?(:to_utf8)
|
98
92
|
class OpenSSL::X509::Name
|
99
|
-
# https://github.com/openssl/openssl/blob/OpenSSL_1_1_0j/include/openssl/asn1.h#L362
|
100
|
-
ASN1_STRFLGS_ESC_MSB = 4
|
101
|
-
|
102
|
-
FLAGS = if RUBY_PLATFORM == 'java'
|
103
|
-
OpenSSL::X509::Name::RFC2253
|
104
|
-
else
|
105
|
-
OpenSSL::X509::Name::RFC2253 & ~ASN1_STRFLGS_ESC_MSB
|
106
|
-
end
|
107
|
-
|
108
93
|
def to_utf8
|
109
94
|
# https://github.com/ruby/ruby/blob/v2_5_5/ext/openssl/ossl_x509name.c#L317
|
110
|
-
str = to_s(
|
95
|
+
str = to_s(OpenSSL::X509::Name::RFC2253)
|
111
96
|
str.force_encoding(Encoding::UTF_8)
|
112
97
|
end
|
113
98
|
end
|
data/lib/puppet/util/pidlock.rb
CHANGED
@@ -154,7 +154,7 @@ module RDoc::PuppetParserCore
|
|
154
154
|
# fetch comments
|
155
155
|
if line =~ /^[ \t]*# ?(.*)$/
|
156
156
|
comments += $1 + "\n"
|
157
|
-
elsif line =~ /^[ \t]*Facter.add\(['"](.*?)['"]\)/
|
157
|
+
elsif line =~ /^[ \t]*(Facter.add|Puppet\.runtime\[:facter\].add)\(['"](.*?)['"]\)/
|
158
158
|
current_fact = RDoc::Fact.new($1,{})
|
159
159
|
look_for_directives_in(container, comments) unless comments.empty?
|
160
160
|
current_fact.comment = comments
|
@@ -1,4 +1,3 @@
|
|
1
|
-
require 'facter'
|
2
1
|
require_relative '../../puppet/util/warnings'
|
3
2
|
require 'forwardable'
|
4
3
|
require 'etc'
|
@@ -18,7 +17,7 @@ module Puppet::Util::SUIDManager
|
|
18
17
|
|
19
18
|
def osx_maj_ver
|
20
19
|
return @osx_maj_ver unless @osx_maj_ver.nil?
|
21
|
-
@osx_maj_ver =
|
20
|
+
@osx_maj_ver = Puppet.runtime[:facter].value('macosx_productversion_major') || false
|
22
21
|
end
|
23
22
|
module_function :osx_maj_ver
|
24
23
|
|
@@ -19,25 +19,37 @@ module SymbolicFileMode
|
|
19
19
|
return false
|
20
20
|
end
|
21
21
|
|
22
|
+
def display_mode(value)
|
23
|
+
if value =~ /^0?[0-7]{1,4}$/
|
24
|
+
value.rjust(4, "0")
|
25
|
+
else
|
26
|
+
value
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
22
30
|
def normalize_symbolic_mode(value)
|
23
31
|
return nil if value.nil?
|
24
32
|
|
25
33
|
# We need to treat integers as octal numbers.
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
34
|
+
#
|
35
|
+
# "A numeric mode is from one to four octal digits (0-7), derived by adding
|
36
|
+
# up the bits with values 4, 2, and 1. Omitted digits are assumed to be
|
37
|
+
# leading zeros."
|
38
|
+
if value.is_a? Numeric
|
39
|
+
value.to_s(8)
|
40
|
+
elsif value =~ /^0?[0-7]{1,4}$/
|
41
|
+
value.to_i(8).to_s(8) # strip leading 0's
|
30
42
|
else
|
31
|
-
|
43
|
+
value
|
32
44
|
end
|
33
45
|
end
|
34
46
|
|
35
47
|
def symbolic_mode_to_int(modification, to_mode = 0, is_a_directory = false)
|
36
|
-
if modification.nil? or modification == ''
|
48
|
+
if modification.nil? or modification == ''
|
37
49
|
raise Puppet::Error, _("An empty mode string is illegal")
|
38
|
-
|
39
|
-
|
40
|
-
|
50
|
+
elsif modification =~ /^[0-7]+$/
|
51
|
+
return modification.to_i(8)
|
52
|
+
elsif modification =~ /^\d+$/
|
41
53
|
raise Puppet::Error, _("Numeric modes must be in octal, not decimal!")
|
42
54
|
end
|
43
55
|
|
@@ -84,31 +96,31 @@ module SymbolicFileMode
|
|
84
96
|
|
85
97
|
dsl.split('').each do |op|
|
86
98
|
case op
|
87
|
-
when /[-+=]/
|
99
|
+
when /[-+=]/
|
88
100
|
action = op
|
89
101
|
# Clear all bits, if this is assignment
|
90
102
|
value = 0 if op == '='
|
91
103
|
|
92
|
-
when /[ugo]/
|
104
|
+
when /[ugo]/
|
93
105
|
value = actions[action].call(value, snapshot_mode[op])
|
94
106
|
|
95
|
-
when /[rwx]/
|
107
|
+
when /[rwx]/
|
96
108
|
value = actions[action].call(value, SymbolicMode[op])
|
97
109
|
|
98
|
-
when 'X'
|
110
|
+
when 'X'
|
99
111
|
# Only meaningful in combination with "set" actions.
|
100
|
-
if action != '+'
|
112
|
+
if action != '+'
|
101
113
|
raise Puppet::Error, _("X only works with the '+' operator")
|
102
114
|
end
|
103
115
|
|
104
116
|
# As per the BSD manual page, set if this is a directory, or if
|
105
117
|
# any execute bit is set on the original (unmodified) mode.
|
106
118
|
# Ignored otherwise; it is "add if", not "add or clear".
|
107
|
-
if is_a_directory or original_mode['any x?']
|
119
|
+
if is_a_directory or original_mode['any x?']
|
108
120
|
value = actions[action].call(value, ExecBit)
|
109
121
|
end
|
110
122
|
|
111
|
-
when /[st]/
|
123
|
+
when /[st]/
|
112
124
|
bit = SymbolicSpecialToBit[op][who] or fail _("internal error")
|
113
125
|
final_mode['s'] = actions[action].call(final_mode['s'], bit)
|
114
126
|
|
@@ -122,7 +134,7 @@ module SymbolicFileMode
|
|
122
134
|
end
|
123
135
|
|
124
136
|
rescue Puppet::Error => e
|
125
|
-
if part.inspect != modification.inspect
|
137
|
+
if part.inspect != modification.inspect
|
126
138
|
rest = " at #{part.inspect}"
|
127
139
|
else
|
128
140
|
rest = ''
|
data/lib/puppet/util/tagging.rb
CHANGED
@@ -75,7 +75,9 @@ module Puppet::Util::Windows
|
|
75
75
|
raw_sid_bytes = sid_ptr.read_array_of_uchar(get_length_sid(sid_ptr))
|
76
76
|
end
|
77
77
|
rescue => e
|
78
|
-
|
78
|
+
# Avoid debug logs pollution with valid account names
|
79
|
+
# https://docs.microsoft.com/en-us/windows/win32/api/sddl/nf-sddl-convertstringsidtosidw#return-value
|
80
|
+
Puppet.debug("Could not retrieve raw SID bytes from '#{name}': #{e.message}") unless e.code == ERROR_INVALID_SID_STRUCTURE
|
79
81
|
end
|
80
82
|
|
81
83
|
raw_sid_bytes ? Principal.lookup_account_sid(raw_sid_bytes) : Principal.lookup_account_name(name)
|
data/lib/puppet/util.rb
CHANGED
@@ -772,12 +772,13 @@ module Util
|
|
772
772
|
# Executes a block of code, wrapped around Facter.load_external(false) and
|
773
773
|
# Facter.load_external(true) which will cause Facter to not evaluate external facts.
|
774
774
|
def skip_external_facts
|
775
|
-
return yield unless
|
775
|
+
return yield unless Puppet.runtime[:facter].load_external?
|
776
|
+
|
776
777
|
begin
|
777
|
-
|
778
|
+
Puppet.runtime[:facter].load_external(false)
|
778
779
|
yield
|
779
780
|
ensure
|
780
|
-
|
781
|
+
Puppet.runtime[:facter].load_external(true)
|
781
782
|
end
|
782
783
|
end
|
783
784
|
module_function :skip_external_facts
|
data/lib/puppet/version.rb
CHANGED
@@ -15,7 +15,6 @@ class Puppet::X509::CertProvider
|
|
15
15
|
VALID_CERTNAME = /\A[ -.0-~]+\Z/
|
16
16
|
CERT_DELIMITERS = /-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----/m
|
17
17
|
CRL_DELIMITERS = /-----BEGIN X509 CRL-----.*?-----END X509 CRL-----/m
|
18
|
-
EC_HEADER = /-----BEGIN EC PRIVATE KEY-----/
|
19
18
|
|
20
19
|
def initialize(capath: Puppet[:localcacert],
|
21
20
|
crlpath: Puppet[:hostcrl],
|
@@ -207,26 +206,9 @@ class Puppet::X509::CertProvider
|
|
207
206
|
# @api private
|
208
207
|
def load_private_key_from_pem(pem, password: nil)
|
209
208
|
# set a non-nil password to ensure openssl doesn't prompt
|
210
|
-
|
211
|
-
|
212
|
-
|
213
|
-
password ||= ' '
|
214
|
-
|
215
|
-
# Can't use OpenSSL::PKey.read, because it's broken in MRI 2.3, doesn't exist
|
216
|
-
# in JRuby 9.1, and is broken in JRuby 9.2
|
217
|
-
begin
|
218
|
-
if pem =~ EC_HEADER
|
219
|
-
OpenSSL::PKey::EC.new(pem, password)
|
220
|
-
else
|
221
|
-
OpenSSL::PKey::RSA.new(pem, password)
|
222
|
-
end
|
223
|
-
rescue OpenSSL::PKey::PKeyError => e
|
224
|
-
if e.message =~ /Neither PUB key nor PRIV key/
|
225
|
-
raise OpenSSL::PKey::PKeyError, "Could not parse PKey: no start line"
|
226
|
-
else
|
227
|
-
raise e
|
228
|
-
end
|
229
|
-
end
|
209
|
+
password ||= ''
|
210
|
+
|
211
|
+
OpenSSL::PKey.read(pem, password)
|
230
212
|
end
|
231
213
|
|
232
214
|
# Load the private key password.
|
data/lib/puppet.rb
CHANGED
@@ -12,7 +12,6 @@ $LOAD_PATH.extend(Puppet::Concurrent::Synchronized)
|
|
12
12
|
# see the bottom of the file for further inclusions
|
13
13
|
# Also see the new Vendor support - towards the end
|
14
14
|
#
|
15
|
-
require 'facter'
|
16
15
|
require_relative 'puppet/error'
|
17
16
|
require_relative 'puppet/util'
|
18
17
|
require_relative 'puppet/util/autoload'
|
@@ -88,9 +87,6 @@ module Puppet
|
|
88
87
|
require_relative 'puppet/util/logging'
|
89
88
|
extend Puppet::Util::Logging
|
90
89
|
|
91
|
-
# Setup facter's logging
|
92
|
-
Puppet::Util::Logging.setup_facter_logging!
|
93
|
-
|
94
90
|
# The feature collection
|
95
91
|
@features = Puppet::Util::Feature.new('puppet/feature')
|
96
92
|
|
@@ -193,15 +189,15 @@ module Puppet
|
|
193
189
|
def self.initialize_facts
|
194
190
|
# Add the puppetversion fact; this is done before generating the hash so it is
|
195
191
|
# accessible to custom facts.
|
196
|
-
|
192
|
+
Puppet.runtime[:facter].add(:puppetversion) do
|
197
193
|
setcode { Puppet.version.to_s }
|
198
194
|
end
|
199
195
|
|
200
|
-
|
196
|
+
Puppet.runtime[:facter].add(:agent_specified_environment) do
|
201
197
|
setcode do
|
202
|
-
|
203
|
-
Puppet
|
204
|
-
|
198
|
+
Puppet.settings.set_by_cli(:environment) ||
|
199
|
+
Puppet.settings.set_in_section(:environment, :agent) ||
|
200
|
+
Puppet.settings.set_in_section(:environment, :main)
|
205
201
|
end
|
206
202
|
end
|
207
203
|
end
|