puppet 8.8.1 → 8.9.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +2 -0
- data/Gemfile.lock +37 -29
- data/ext/project_data.yaml +12 -0
- data/install.rb +3 -74
- data/lib/puppet/application/apply.rb +1 -0
- data/lib/puppet/application/filebucket.rb +6 -4
- data/lib/puppet/application/ssl.rb +4 -4
- data/lib/puppet/defaults.rb +62 -52
- data/lib/puppet/face/catalog.rb +24 -8
- data/lib/puppet/face/help.rb +43 -23
- data/lib/puppet/functions/capitalize.rb +1 -1
- data/lib/puppet/functions/find_file.rb +4 -0
- data/lib/puppet/functions/hiera.rb +1 -0
- data/lib/puppet/functions/index.rb +2 -2
- data/lib/puppet/functions/lookup.rb +1 -1
- data/lib/puppet/functions/new.rb +1 -1
- data/lib/puppet/functions/regsubst.rb +1 -1
- data/lib/puppet/functions/unique.rb +3 -2
- data/lib/puppet/functions/yaml_data.rb +1 -0
- data/lib/puppet/interface/action_manager.rb +1 -1
- data/lib/puppet/provider/package/pacman.rb +9 -10
- data/lib/puppet/reference/configuration.rb +6 -1
- data/lib/puppet/resource/type.rb +15 -1
- data/lib/puppet/settings.rb +2 -2
- data/lib/puppet/transaction/resource_harness.rb +7 -3
- data/lib/puppet/type/exec.rb +3 -4
- data/lib/puppet/type/file/checksum.rb +4 -2
- data/lib/puppet/type/file/ctime.rb +2 -2
- data/lib/puppet/type/file/mtime.rb +2 -2
- data/lib/puppet/type/file/selcontext.rb +6 -6
- data/lib/puppet/type/package.rb +4 -3
- data/lib/puppet/type/user.rb +1 -1
- data/lib/puppet/util/checksums.rb +1 -0
- data/lib/puppet/util/profiler/aggregate.rb +2 -2
- data/lib/puppet/util/profiler/wall_clock.rb +2 -2
- data/lib/puppet/util/reference.rb +0 -1
- data/lib/puppet/util/selinux.rb +26 -14
- data/lib/puppet/version.rb +1 -1
- data/locales/puppet.pot +71 -71
- data/man/man5/puppet.conf.5 +18 -18
- data/man/man8/puppet-agent.8 +1 -1
- data/man/man8/puppet-apply.8 +2 -1
- data/man/man8/puppet-catalog.8 +5 -2
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +1 -1
- data/man/man8/puppet-filebucket.8 +10 -1
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-module.8 +1 -1
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +3 -3
- data/man/man8/puppet.8 +128 -9
- metadata +1 -1
data/lib/puppet/face/catalog.rb
CHANGED
@@ -25,13 +25,27 @@ Puppet::Indirector::Face.define(:catalog, '0.0.1') do
|
|
25
25
|
|
26
26
|
deactivate_action(:destroy)
|
27
27
|
deactivate_action(:search)
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
28
|
+
action(:find) do
|
29
|
+
summary _("Retrieve the catalog for the node from which the command is run.")
|
30
|
+
arguments "<certname>, <facts>"
|
31
|
+
option("--facts_for_catalog") do
|
32
|
+
summary _("Not implemented for the CLI; facts are collected internally.")
|
33
|
+
end
|
34
|
+
returns <<-'EOT'
|
35
|
+
A serialized catalog. When used from the Ruby API, returns a
|
36
|
+
Puppet::Resource::Catalog object.
|
37
|
+
EOT
|
38
|
+
|
39
|
+
when_invoked do |*args|
|
40
|
+
# Default the key to Puppet[:certname] if none is supplied
|
41
|
+
if args.length == 1
|
42
|
+
key = Puppet[:certname]
|
43
|
+
else
|
44
|
+
key = args.shift
|
45
|
+
end
|
46
|
+
call_indirection_method :find, key, args.first
|
47
|
+
end
|
48
|
+
end
|
35
49
|
|
36
50
|
action(:apply) do
|
37
51
|
summary "Find and apply a catalog."
|
@@ -135,9 +149,11 @@ Puppet::Indirector::Face.define(:catalog, '0.0.1') do
|
|
135
149
|
when_invoked do |_options|
|
136
150
|
Puppet::Resource::Catalog.indirection.terminus_class = :rest
|
137
151
|
Puppet::Resource::Catalog.indirection.cache_class = nil
|
152
|
+
facts = Puppet::Face[:facts, '0.0.1'].find(Puppet[:certname])
|
138
153
|
catalog = nil
|
139
154
|
retrieval_duration = thinmark do
|
140
|
-
catalog = Puppet::Face[:catalog, '0.0.1'].find(Puppet[:certname]
|
155
|
+
catalog = Puppet::Face[:catalog, '0.0.1'].find(Puppet[:certname],
|
156
|
+
{ facts_for_catalog: facts })
|
141
157
|
end
|
142
158
|
catalog.retrieval_duration = retrieval_duration
|
143
159
|
catalog.write_class_file
|
data/lib/puppet/face/help.rb
CHANGED
@@ -151,6 +151,33 @@ Puppet::Face.define(:help, '0.0.1') do
|
|
151
151
|
end.sort
|
152
152
|
end
|
153
153
|
|
154
|
+
def generate_summary(appname)
|
155
|
+
if is_face_app?(appname)
|
156
|
+
begin
|
157
|
+
face = Puppet::Face[appname, :current]
|
158
|
+
# Add deprecation message to summary if the face is deprecated
|
159
|
+
summary = face.deprecated? ? face.summary + ' ' + _("(Deprecated)") : face.summary
|
160
|
+
[appname, summary, ' ']
|
161
|
+
rescue StandardError, LoadError
|
162
|
+
error_message = _("!%{sub_command}! Subcommand unavailable due to error.") % { sub_command: appname }
|
163
|
+
error_message += ' ' + _("Check error logs.")
|
164
|
+
[error_message, '', ' ']
|
165
|
+
end
|
166
|
+
else
|
167
|
+
begin
|
168
|
+
summary = Puppet::Application[appname].summary
|
169
|
+
if summary.empty?
|
170
|
+
summary = horribly_extract_summary_from(appname)
|
171
|
+
end
|
172
|
+
[appname, summary, ' ']
|
173
|
+
rescue StandardError, LoadError
|
174
|
+
error_message = _("!%{sub_command}! Subcommand unavailable due to error.") % { sub_command: appname }
|
175
|
+
error_message += ' ' + _("Check error logs.")
|
176
|
+
[error_message, '', ' ']
|
177
|
+
end
|
178
|
+
end
|
179
|
+
end
|
180
|
+
|
154
181
|
# Return a list of all applications (both legacy and Face applications), along with a summary
|
155
182
|
# of their functionality.
|
156
183
|
# @return [Array] An Array of Arrays. The outer array contains one entry per application; each
|
@@ -162,29 +189,8 @@ Puppet::Face.define(:help, '0.0.1') do
|
|
162
189
|
|
163
190
|
if appname == COMMON || appname == SPECIALIZED || appname == BLANK
|
164
191
|
result << appname
|
165
|
-
elsif is_face_app?(appname)
|
166
|
-
begin
|
167
|
-
face = Puppet::Face[appname, :current]
|
168
|
-
# Add deprecation message to summary if the face is deprecated
|
169
|
-
summary = face.deprecated? ? face.summary + ' ' + _("(Deprecated)") : face.summary
|
170
|
-
result << [appname, summary, ' ']
|
171
|
-
rescue StandardError, LoadError
|
172
|
-
error_message = _("!%{sub_command}! Subcommand unavailable due to error.") % { sub_command: appname }
|
173
|
-
error_message += ' ' + _("Check error logs.")
|
174
|
-
result << [error_message, '', ' ']
|
175
|
-
end
|
176
192
|
else
|
177
|
-
|
178
|
-
summary = Puppet::Application[appname].summary
|
179
|
-
if summary.empty?
|
180
|
-
summary = horribly_extract_summary_from(appname)
|
181
|
-
end
|
182
|
-
result << [appname, summary, ' ']
|
183
|
-
rescue StandardError, LoadError
|
184
|
-
error_message = _("!%{sub_command}! Subcommand unavailable due to error.") % { sub_command: appname }
|
185
|
-
error_message += ' ' + _("Check error logs.")
|
186
|
-
result << [error_message, '', ' ']
|
187
|
-
end
|
193
|
+
result << generate_summary(appname)
|
188
194
|
end
|
189
195
|
end
|
190
196
|
end
|
@@ -192,15 +198,29 @@ Puppet::Face.define(:help, '0.0.1') do
|
|
192
198
|
COMMON = 'Common:'
|
193
199
|
SPECIALIZED = 'Specialized:'
|
194
200
|
BLANK = "\n"
|
201
|
+
COMMON_APPS = %w[apply agent config help lookup module resource]
|
195
202
|
def available_application_names_special_sort
|
196
203
|
full_list = Puppet::Application.available_application_names
|
197
|
-
a_list = full_list &
|
204
|
+
a_list = full_list & COMMON_APPS
|
198
205
|
a_list = a_list.sort
|
199
206
|
also_ran = full_list - a_list
|
200
207
|
also_ran = also_ran.sort
|
201
208
|
[[COMMON], a_list, [BLANK], [SPECIALIZED], also_ran].flatten(1)
|
202
209
|
end
|
203
210
|
|
211
|
+
def common_app_summaries
|
212
|
+
COMMON_APPS.map do |appname|
|
213
|
+
generate_summary(appname)
|
214
|
+
end
|
215
|
+
end
|
216
|
+
|
217
|
+
def specialized_app_summaries
|
218
|
+
specialized_apps = Puppet::Application.available_application_names - COMMON_APPS
|
219
|
+
specialized_apps.filter_map do |appname|
|
220
|
+
generate_summary(appname) unless exclude_from_docs?(appname)
|
221
|
+
end
|
222
|
+
end
|
223
|
+
|
204
224
|
def horribly_extract_summary_from(appname)
|
205
225
|
help = Puppet::Application[appname].help.split("\n")
|
206
226
|
# Now we find the line with our summary, extract it, and return it. This
|
@@ -5,7 +5,7 @@
|
|
5
5
|
# This function is compatible with the stdlib function with the same name.
|
6
6
|
#
|
7
7
|
# The function does the following:
|
8
|
-
# * For a `String`, a string
|
8
|
+
# * For a `String`, a string is returned in which the first character is uppercase.
|
9
9
|
# This is done using Ruby system locale which handles some, but not all
|
10
10
|
# special international up-casing rules (for example German double-s ß is capitalized to "Ss").
|
11
11
|
# * For an `Iterable[Variant[String, Numeric]]` (for example an `Array`) each value is capitalized and the conversion is not recursive.
|
@@ -7,6 +7,10 @@
|
|
7
7
|
# directory. (For example, the reference `mysql/mysqltuner.pl` will search for the
|
8
8
|
# file `<MODULES DIRECTORY>/mysql/files/mysqltuner.pl`.)
|
9
9
|
#
|
10
|
+
# If this function is run via puppet agent, it checks for file existence on the
|
11
|
+
# Puppet Primary server. If run via puppet apply, it checks on the local host.
|
12
|
+
# In both cases, the check is performed before any resources are changed.
|
13
|
+
#
|
10
14
|
# This function can also accept:
|
11
15
|
#
|
12
16
|
# * An absolute String path, which checks for the existence of a file from anywhere on disk.
|
@@ -40,8 +40,8 @@
|
|
40
40
|
# Note that the lambda gets the value and not an array with `[key, value]` as in other
|
41
41
|
# iterative functions.
|
42
42
|
#
|
43
|
-
# Using a lambda that accepts two values works the same way
|
44
|
-
# as the first parameter
|
43
|
+
# Using a lambda that accepts two values works the same way. The lambda gets the index/key
|
44
|
+
# as the first parameter and the value as the second parameter.
|
45
45
|
#
|
46
46
|
# @example Using the `index` function with an Array and a two-parameter lambda
|
47
47
|
#
|
@@ -97,7 +97,7 @@
|
|
97
97
|
# or `{'strategy' => 'hash'}` --- Same as the string versions of these merge behaviors.
|
98
98
|
# * `{'strategy' => 'deep', <DEEP OPTION> => <VALUE>, ...}` --- Same as `'deep'`,
|
99
99
|
# but can adjust the merge with additional options. The available options are:
|
100
|
-
# * `'knockout_prefix'` (string
|
100
|
+
# * `'knockout_prefix'` (string) --- A string prefix to indicate a
|
101
101
|
# value should be _removed_ from the final result. If a value is exactly equal
|
102
102
|
# to the prefix, it will knockout the entire element. Defaults to `undef`, which
|
103
103
|
# disables this feature.
|
data/lib/puppet/functions/new.rb
CHANGED
@@ -557,7 +557,7 @@
|
|
557
557
|
# @example Simple Conversion to String specifying the format for the given value directly
|
558
558
|
#
|
559
559
|
# ```puppet
|
560
|
-
# $str = String(10, "%#x") # produces '
|
560
|
+
# $str = String(10, "%#x") # produces '0xa'
|
561
561
|
# $str = String([10], "%(a") # produces '("10")'
|
562
562
|
# ```
|
563
563
|
#
|
@@ -20,7 +20,7 @@ Puppet::Functions.create_function(:regsubst) do
|
|
20
20
|
# - *M* Multiline regexps
|
21
21
|
# - *G* Global replacement; all occurrences of the regexp in each target string will be replaced. Without this, only the first occurrence will be replaced.
|
22
22
|
# @param encoding [Enum['N','E','S','U']]
|
23
|
-
# Deprecated and ignored parameter, only
|
23
|
+
# Deprecated and ignored parameter, included only for compatibility.
|
24
24
|
# @return [Array[String], String] The result of the substitution. Result type is the same as for the target parameter.
|
25
25
|
# @deprecated
|
26
26
|
# This method has the optional encoding parameter, which is ignored.
|
@@ -65,8 +65,9 @@
|
|
65
65
|
# *first-found* unique value, but for `Hash` it contains associations from a set of keys to the set of values clustered by the
|
66
66
|
# equality lambda (or the default value equality if no lambda was given). This makes the `unique` function more versatile for hashes
|
67
67
|
# in general, while requiring that the simple computation of "hash's unique set of values" is performed as `$hsh.map |$k, $v| { $v }.unique`.
|
68
|
-
# (
|
69
|
-
#
|
68
|
+
# (Generally, it's meaningless to compute the unique set of hash keys because they are unique by definition. However, the
|
69
|
+
# situation can change if the hash keys are processed with a different lambda for equality. For this unique computation,
|
70
|
+
# first map the hash to an array of its keys.)
|
70
71
|
# If the more advanced clustering is wanted for one of the other data types, simply transform it into a `Hash` as shown in the
|
71
72
|
# following example.
|
72
73
|
#
|
@@ -1,6 +1,7 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require 'yaml'
|
4
|
+
|
4
5
|
# The `yaml_data` is a hiera 5 `data_hash` data provider function.
|
5
6
|
# See [the configuration guide documentation](https://puppet.com/docs/puppet/latest/hiera_config_yaml_5.html#configuring-a-hierarchy-level-built-in-backends) for
|
6
7
|
# how to use this function.
|
@@ -19,7 +19,7 @@ module Puppet::Interface::ActionManager
|
|
19
19
|
# @dsl Faces
|
20
20
|
def action(name, &block)
|
21
21
|
@actions ||= {}
|
22
|
-
Puppet.
|
22
|
+
Puppet.debug _("Redefining action %{name} for %{self}") % { name: name, self: self } if action?(name)
|
23
23
|
|
24
24
|
action = Puppet::Interface::ActionBuilder.build(self, name, &block)
|
25
25
|
|
@@ -29,7 +29,7 @@ Puppet::Type.type(:package).provide :pacman, :parent => Puppet::Provider::Packag
|
|
29
29
|
|
30
30
|
# Checks if a given name is a group
|
31
31
|
def self.group?(name)
|
32
|
-
!pacman(
|
32
|
+
!pacman('--sync', '--groups', name).empty?
|
33
33
|
rescue Puppet::ExecutionFailure
|
34
34
|
# pacman returns an expected non-zero exit code when the name is not a group
|
35
35
|
false
|
@@ -74,7 +74,7 @@ Puppet::Type.type(:package).provide :pacman, :parent => Puppet::Provider::Packag
|
|
74
74
|
# returns a hash package => version of installed packages
|
75
75
|
def self.get_installed_packages
|
76
76
|
packages = {}
|
77
|
-
execpipe([command(:pacman), "
|
77
|
+
execpipe([command(:pacman), "--query"]) do |pipe|
|
78
78
|
# pacman -Q output is 'packagename version-rel'
|
79
79
|
regex = /^(\S+)\s(\S+)/
|
80
80
|
pipe.each_line do |line|
|
@@ -96,7 +96,7 @@ Puppet::Type.type(:package).provide :pacman, :parent => Puppet::Provider::Packag
|
|
96
96
|
groups = {}
|
97
97
|
begin
|
98
98
|
# Build a hash of group name => list of packages
|
99
|
-
command = [command(:pacman),
|
99
|
+
command = [command(:pacman), '--sync', '-gg']
|
100
100
|
command << filter if filter
|
101
101
|
execpipe(command) do |pipe|
|
102
102
|
pipe.each_line do |line|
|
@@ -134,14 +134,14 @@ Puppet::Type.type(:package).provide :pacman, :parent => Puppet::Provider::Packag
|
|
134
134
|
resource_name = @resource[:name]
|
135
135
|
|
136
136
|
# If target is a group, construct the group version
|
137
|
-
return pacman("
|
137
|
+
return pacman("--sync", "--print", "--print-format", "%n %v", resource_name).lines.map(&:chomp).sort.join(', ') if self.class.group?(resource_name)
|
138
138
|
|
139
139
|
# Start by querying with pacman first
|
140
140
|
# If that fails, retry using yaourt against the AUR
|
141
141
|
pacman_check = true
|
142
142
|
begin
|
143
143
|
if pacman_check
|
144
|
-
output = pacman "
|
144
|
+
output = pacman "--sync", "--print", "--print-format", "%v", resource_name
|
145
145
|
output.chomp
|
146
146
|
else
|
147
147
|
output = yaourt "-Qma", resource_name
|
@@ -210,8 +210,8 @@ Puppet::Type.type(:package).provide :pacman, :parent => Puppet::Provider::Packag
|
|
210
210
|
|
211
211
|
cmd = %w[--noconfirm --noprogressbar]
|
212
212
|
cmd += uninstall_options if @resource[:uninstall_options]
|
213
|
-
cmd << "
|
214
|
-
cmd << '
|
213
|
+
cmd << "--remove"
|
214
|
+
cmd << '--recursive' if is_group
|
215
215
|
cmd << '--nosave' if purge_configs
|
216
216
|
cmd << resource_name
|
217
217
|
|
@@ -248,8 +248,7 @@ Puppet::Type.type(:package).provide :pacman, :parent => Puppet::Provider::Packag
|
|
248
248
|
else
|
249
249
|
fail _("Source %{source} is not supported by pacman") % { source: source }
|
250
250
|
end
|
251
|
-
pacman "--noconfirm", "--noprogressbar", "
|
252
|
-
pacman "--noconfirm", "--noprogressbar", "-U", source
|
251
|
+
pacman "--noconfirm", "--noprogressbar", "--update", source
|
253
252
|
end
|
254
253
|
|
255
254
|
def install_from_repo
|
@@ -260,7 +259,7 @@ Puppet::Type.type(:package).provide :pacman, :parent => Puppet::Provider::Packag
|
|
260
259
|
|
261
260
|
cmd = %w[--noconfirm --needed --noprogressbar]
|
262
261
|
cmd += install_options if @resource[:install_options]
|
263
|
-
cmd << "
|
262
|
+
cmd << "--sync" << resource_name
|
264
263
|
|
265
264
|
if self.class.yaourt?
|
266
265
|
yaourt(*cmd)
|
@@ -41,8 +41,14 @@ config = Puppet::Util::Reference.newreference(:configuration, :depth => 1, :doc
|
|
41
41
|
val = '$confdir/hiera.yaml. However, for backwards compatibility, if a file exists at $codedir/hiera.yaml, Puppet uses that instead.'
|
42
42
|
when 'certname'
|
43
43
|
val = "the Host's fully qualified domain name, as determined by Facter"
|
44
|
+
when 'hostname'
|
45
|
+
val = "(the system's fully qualified hostname)"
|
46
|
+
when 'domain'
|
47
|
+
val = "(the system's own domain)"
|
44
48
|
when 'srv_domain'
|
45
49
|
val = 'example.com'
|
50
|
+
when 'http_user_agent'
|
51
|
+
val = 'Puppet/<version> Ruby/<version> (<architecture>)'
|
46
52
|
end
|
47
53
|
|
48
54
|
# Leave out the section information; it was apparently confusing people.
|
@@ -95,6 +101,5 @@ config.header = <<~EOT
|
|
95
101
|
|
96
102
|
[confguide]: https://puppet.com/docs/puppet/latest/config_about_settings.html
|
97
103
|
|
98
|
-
* * *
|
99
104
|
|
100
105
|
EOT
|
data/lib/puppet/resource/type.rb
CHANGED
@@ -33,6 +33,16 @@ class Puppet::Resource::Type
|
|
33
33
|
DOUBLE_COLON = '::'
|
34
34
|
EMPTY_ARRAY = [].freeze
|
35
35
|
|
36
|
+
LOOKAROUND_OPERATORS = {
|
37
|
+
"(" => 'LP',
|
38
|
+
"?" => "QU",
|
39
|
+
"<" => "LT",
|
40
|
+
">" => "GT",
|
41
|
+
"!" => "EX",
|
42
|
+
"=" => "EQ",
|
43
|
+
")" => 'RP'
|
44
|
+
}.freeze
|
45
|
+
|
36
46
|
attr_accessor :file, :line, :doc, :code, :parent, :resource_type_collection, :override
|
37
47
|
attr_reader :namespace, :arguments, :behaves_like, :module_name
|
38
48
|
|
@@ -196,7 +206,11 @@ class Puppet::Resource::Type
|
|
196
206
|
|
197
207
|
def name
|
198
208
|
if type == :node && name_is_regex?
|
199
|
-
|
209
|
+
# Normalize lookarround regex patthern
|
210
|
+
internal_name = @name.source.downcase.gsub(/\(\?[^)]*\)/) do |str|
|
211
|
+
str.gsub(/./) { |ch| LOOKAROUND_OPERATORS[ch] || ch }
|
212
|
+
end
|
213
|
+
"__node_regexp__#{internal_name.gsub(/[^-\w:.]/, '').sub(/^\.+/, '')}"
|
200
214
|
else
|
201
215
|
@name
|
202
216
|
end
|
data/lib/puppet/settings.rb
CHANGED
@@ -81,11 +81,11 @@ class Puppet::Settings
|
|
81
81
|
end
|
82
82
|
|
83
83
|
def self.hostname_fact
|
84
|
-
Puppet.runtime[:facter].value
|
84
|
+
Puppet.runtime[:facter].value('networking.hostname')
|
85
85
|
end
|
86
86
|
|
87
87
|
def self.domain_fact
|
88
|
-
Puppet.runtime[:facter].value
|
88
|
+
Puppet.runtime[:facter].value('networking.domain')
|
89
89
|
end
|
90
90
|
|
91
91
|
def self.default_config_file_name
|
@@ -235,9 +235,13 @@ class Puppet::Transaction::ResourceHarness
|
|
235
235
|
end
|
236
236
|
|
237
237
|
def noop(event, param, current_value, audit_message)
|
238
|
-
|
239
|
-
|
240
|
-
|
238
|
+
if param.sensitive
|
239
|
+
event.message = param.format(_("current_value %s, should be %s (noop)"),
|
240
|
+
param.is_to_s(current_value),
|
241
|
+
param.should_to_s(param.should)) + audit_message.to_s
|
242
|
+
else
|
243
|
+
event.message = "#{param.change_to_s(current_value, param.should)} (noop)#{audit_message}"
|
244
|
+
end
|
241
245
|
event.status = "noop"
|
242
246
|
end
|
243
247
|
|
data/lib/puppet/type/exec.rb
CHANGED
@@ -437,13 +437,12 @@ module Puppet
|
|
437
437
|
actually contain `myfile`, the exec will keep running every time
|
438
438
|
Puppet runs.
|
439
439
|
|
440
|
-
This parameter can also take an array of files and the command will
|
441
|
-
not run if **any** of these files exist.
|
440
|
+
This parameter can also take an array of files, and the command will
|
441
|
+
not run if **any** of these files exist. Consider this example:
|
442
442
|
|
443
443
|
creates => ['/tmp/file1', '/tmp/file2'],
|
444
444
|
|
445
|
-
|
446
|
-
|
445
|
+
The command is only run if both files don't exist.
|
447
446
|
EOT
|
448
447
|
|
449
448
|
accept_arrays
|
@@ -7,11 +7,13 @@ require_relative '../../../puppet/util/checksums'
|
|
7
7
|
Puppet::Type.type(:file).newparam(:checksum) do
|
8
8
|
include Puppet::Util::Checksums
|
9
9
|
|
10
|
+
# The default is defined in Puppet.default_digest_algorithm
|
10
11
|
desc "The checksum type to use when determining whether to replace a file's contents.
|
11
12
|
|
12
|
-
The default checksum type is
|
13
|
+
The default checksum type is sha256."
|
13
14
|
|
14
|
-
|
15
|
+
# The values are defined in Puppet::Util::Checksums.known_checksum_types
|
16
|
+
newvalues(:sha256, :sha256lite, :md5, :md5lite, :sha1, :sha1lite, :sha512, :sha384, :sha224, :mtime, :ctime, :none)
|
15
17
|
|
16
18
|
defaultto do
|
17
19
|
Puppet[:digest_algorithm].to_sym
|
@@ -2,9 +2,9 @@
|
|
2
2
|
|
3
3
|
module Puppet
|
4
4
|
Puppet::Type.type(:file).newproperty(:ctime) do
|
5
|
-
desc
|
5
|
+
desc "A read-only state to check the file ctime. On most modern \*nix-like
|
6
6
|
systems, this is the time of the most recent change to the owner, group,
|
7
|
-
permissions, or content of the file.
|
7
|
+
permissions, or content of the file."
|
8
8
|
|
9
9
|
def retrieve
|
10
10
|
current_value = :absent
|
@@ -2,8 +2,8 @@
|
|
2
2
|
|
3
3
|
module Puppet
|
4
4
|
Puppet::Type.type(:file).newproperty(:mtime) do
|
5
|
-
desc
|
6
|
-
is the time of the most recent change to the content of the file.
|
5
|
+
desc "A read-only state to check the file mtime. On \*nix-like systems, this
|
6
|
+
is the time of the most recent change to the content of the file."
|
7
7
|
|
8
8
|
def retrieve
|
9
9
|
current_value = :absent
|
@@ -45,7 +45,7 @@ module Puppet
|
|
45
45
|
return nil
|
46
46
|
end
|
47
47
|
|
48
|
-
context = get_selinux_default_context_with_handle(@resource[:path], provider.class.selinux_handle)
|
48
|
+
context = get_selinux_default_context_with_handle(@resource[:path], provider.class.selinux_handle, @resource[:ensure])
|
49
49
|
unless context
|
50
50
|
return nil
|
51
51
|
end
|
@@ -86,7 +86,7 @@ module Puppet
|
|
86
86
|
end
|
87
87
|
|
88
88
|
Puppet::Type.type(:file).newparam(:selinux_ignore_defaults) do
|
89
|
-
desc "If this is set
|
89
|
+
desc "If this is set, Puppet will not call the SELinux function selabel_lookup to
|
90
90
|
supply defaults for the SELinux attributes (seluser, selrole,
|
91
91
|
seltype, and selrange). In general, you should leave this set at its
|
92
92
|
default and only set it to true when you need Puppet to not try to fix
|
@@ -99,7 +99,7 @@ module Puppet
|
|
99
99
|
Puppet::Type.type(:file).newproperty(:seluser, :parent => Puppet::SELFileContext) do
|
100
100
|
desc "What the SELinux user component of the context of the file should be.
|
101
101
|
Any valid SELinux user component is accepted. For example `user_u`.
|
102
|
-
If not specified it defaults to the value returned by selabel_lookup for
|
102
|
+
If not specified, it defaults to the value returned by selabel_lookup for
|
103
103
|
the file, if any exists. Only valid on systems with SELinux support
|
104
104
|
enabled."
|
105
105
|
|
@@ -110,7 +110,7 @@ module Puppet
|
|
110
110
|
Puppet::Type.type(:file).newproperty(:selrole, :parent => Puppet::SELFileContext) do
|
111
111
|
desc "What the SELinux role component of the context of the file should be.
|
112
112
|
Any valid SELinux role component is accepted. For example `role_r`.
|
113
|
-
If not specified it defaults to the value returned by selabel_lookup for
|
113
|
+
If not specified, it defaults to the value returned by selabel_lookup for
|
114
114
|
the file, if any exists. Only valid on systems with SELinux support
|
115
115
|
enabled."
|
116
116
|
|
@@ -121,7 +121,7 @@ module Puppet
|
|
121
121
|
Puppet::Type.type(:file).newproperty(:seltype, :parent => Puppet::SELFileContext) do
|
122
122
|
desc "What the SELinux type component of the context of the file should be.
|
123
123
|
Any valid SELinux type component is accepted. For example `tmp_t`.
|
124
|
-
If not specified it defaults to the value returned by selabel_lookup for
|
124
|
+
If not specified, it defaults to the value returned by selabel_lookup for
|
125
125
|
the file, if any exists. Only valid on systems with SELinux support
|
126
126
|
enabled."
|
127
127
|
|
@@ -132,7 +132,7 @@ module Puppet
|
|
132
132
|
Puppet::Type.type(:file).newproperty(:selrange, :parent => Puppet::SELFileContext) do
|
133
133
|
desc "What the SELinux range component of the context of the file should be.
|
134
134
|
Any valid SELinux range component is accepted. For example `s0` or
|
135
|
-
`SystemHigh`. If not specified it defaults to the value returned by
|
135
|
+
`SystemHigh`. If not specified, it defaults to the value returned by
|
136
136
|
selabel_lookup for the file, if any exists. Only valid on systems with
|
137
137
|
SELinux support enabled and that have support for MCS (Multi-Category
|
138
138
|
Security)."
|
data/lib/puppet/type/package.rb
CHANGED
@@ -301,12 +301,13 @@ module Puppet
|
|
301
301
|
command => '/opt/ruby/bin/gem',
|
302
302
|
}
|
303
303
|
|
304
|
-
Each provider defines a package management command
|
304
|
+
Each provider defines a package management command and uses the first
|
305
305
|
instance of the command found in the PATH.
|
306
306
|
|
307
307
|
Providers supporting the targetable feature allow you to specify the
|
308
|
-
absolute path of the package management command
|
309
|
-
instances of the command are installed, or
|
308
|
+
absolute path of the package management command. Specifying the absolute
|
309
|
+
path is useful when multiple instances of the command are installed, or
|
310
|
+
the command is not in the PATH.
|
310
311
|
EOT
|
311
312
|
|
312
313
|
isnamevar
|
data/lib/puppet/type/user.rb
CHANGED
@@ -231,7 +231,7 @@ module Puppet
|
|
231
231
|
* OS X 10.8 and higher use salted SHA512 PBKDF2 hashes. When managing passwords
|
232
232
|
on these systems, the `salt` and `iterations` attributes need to be specified as
|
233
233
|
well as the password.
|
234
|
-
* macOS 10.15 and
|
234
|
+
* macOS 10.15 and later require the salt to be 32 bytes. Because Puppet's user
|
235
235
|
resource requires the value to be hex encoded, the length of the salt's
|
236
236
|
string must be 64.
|
237
237
|
* Windows passwords can be managed only in cleartext, because there is no Windows
|
@@ -72,11 +72,11 @@ class Puppet::Util::Profiler::Aggregate < Puppet::Util::Profiler::WallClock
|
|
72
72
|
|
73
73
|
class Timer
|
74
74
|
def initialize
|
75
|
-
@start =
|
75
|
+
@start = Process.clock_gettime(Process::CLOCK_MONOTONIC, :float_second)
|
76
76
|
end
|
77
77
|
|
78
78
|
def stop
|
79
|
-
|
79
|
+
Process.clock_gettime(Process::CLOCK_MONOTONIC, :float_second) - @start
|
80
80
|
end
|
81
81
|
end
|
82
82
|
end
|
@@ -21,11 +21,11 @@ class Puppet::Util::Profiler::WallClock < Puppet::Util::Profiler::Logging
|
|
21
21
|
FOUR_DECIMAL_DIGITS = '%0.4f'
|
22
22
|
|
23
23
|
def initialize
|
24
|
-
@start =
|
24
|
+
@start = Process.clock_gettime(Process::CLOCK_MONOTONIC, :float_second)
|
25
25
|
end
|
26
26
|
|
27
27
|
def stop
|
28
|
-
@time =
|
28
|
+
@time = Process.clock_gettime(Process::CLOCK_MONOTONIC, :float_second) - @start
|
29
29
|
@time
|
30
30
|
end
|
31
31
|
|