puppet 2.7.5 → 2.7.6

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of puppet might be problematic. Click here for more details.

Files changed (140) hide show
  1. data/CHANGELOG +121 -0
  2. data/conf/redhat/puppet.spec +16 -7
  3. data/lib/puppet.rb +1 -1
  4. data/lib/puppet/application/cert.rb +17 -3
  5. data/lib/puppet/application/device.rb +1 -0
  6. data/lib/puppet/application/kick.rb +0 -2
  7. data/lib/puppet/application/resource.rb +73 -66
  8. data/lib/puppet/configurer/plugin_handler.rb +6 -2
  9. data/lib/puppet/defaults.rb +60 -5
  10. data/lib/puppet/face/ca.rb +11 -2
  11. data/lib/puppet/face/certificate.rb +33 -4
  12. data/lib/puppet/file_serving/fileset.rb +1 -1
  13. data/lib/puppet/file_serving/indirection_hooks.rb +2 -2
  14. data/lib/puppet/file_serving/metadata.rb +43 -4
  15. data/lib/puppet/indirector.rb +0 -1
  16. data/lib/puppet/indirector/request.rb +3 -4
  17. data/lib/puppet/indirector/resource/active_record.rb +3 -10
  18. data/lib/puppet/indirector/resource/ral.rb +2 -2
  19. data/lib/puppet/indirector/rest.rb +1 -1
  20. data/lib/puppet/network/handler/ca.rb +16 -106
  21. data/lib/puppet/network/handler/master.rb +0 -3
  22. data/lib/puppet/network/handler/runner.rb +1 -0
  23. data/lib/puppet/parser/scope.rb +10 -0
  24. data/lib/puppet/provider/file/posix.rb +72 -34
  25. data/lib/puppet/provider/file/windows.rb +100 -0
  26. data/lib/puppet/provider/group/windows_adsi.rb +2 -2
  27. data/lib/puppet/provider/user/windows_adsi.rb +19 -4
  28. data/lib/puppet/resource.rb +16 -0
  29. data/lib/puppet/resource/catalog.rb +1 -1
  30. data/lib/puppet/ssl/certificate.rb +2 -2
  31. data/lib/puppet/ssl/certificate_authority.rb +86 -10
  32. data/lib/puppet/ssl/certificate_authority/interface.rb +64 -19
  33. data/lib/puppet/ssl/certificate_factory.rb +112 -91
  34. data/lib/puppet/ssl/certificate_request.rb +88 -1
  35. data/lib/puppet/ssl/host.rb +20 -3
  36. data/lib/puppet/type/file.rb +15 -34
  37. data/lib/puppet/type/file/group.rb +11 -91
  38. data/lib/puppet/type/file/mode.rb +11 -41
  39. data/lib/puppet/type/file/owner.rb +18 -34
  40. data/lib/puppet/type/file/source.rb +22 -7
  41. data/lib/puppet/type/group.rb +4 -3
  42. data/lib/puppet/type/user.rb +4 -1
  43. data/lib/puppet/util.rb +59 -6
  44. data/lib/puppet/util/adsi.rb +11 -0
  45. data/lib/puppet/util/log.rb +4 -0
  46. data/lib/puppet/util/log/destinations.rb +7 -1
  47. data/lib/puppet/util/monkey_patches.rb +19 -0
  48. data/lib/puppet/util/network_device/config.rb +4 -5
  49. data/lib/puppet/util/settings.rb +5 -0
  50. data/lib/puppet/util/suidmanager.rb +0 -1
  51. data/lib/puppet/util/windows.rb +4 -0
  52. data/lib/puppet/util/windows/error.rb +16 -0
  53. data/lib/puppet/util/windows/security.rb +593 -0
  54. data/spec/integration/defaults_spec.rb +27 -0
  55. data/spec/integration/network/handler_spec.rb +1 -1
  56. data/spec/integration/type/file_spec.rb +382 -145
  57. data/spec/integration/util/windows/security_spec.rb +468 -0
  58. data/spec/shared_behaviours/file_serving.rb +4 -3
  59. data/spec/unit/application/agent_spec.rb +1 -0
  60. data/spec/unit/application/device_spec.rb +5 -0
  61. data/spec/unit/application/resource_spec.rb +62 -101
  62. data/spec/unit/configurer/downloader_spec.rb +2 -2
  63. data/spec/unit/configurer/plugin_handler_spec.rb +15 -8
  64. data/spec/unit/configurer_spec.rb +2 -2
  65. data/spec/unit/face/ca_spec.rb +34 -0
  66. data/spec/unit/face/certificate_spec.rb +168 -1
  67. data/spec/unit/file_serving/fileset_spec.rb +1 -1
  68. data/spec/unit/file_serving/indirection_hooks_spec.rb +1 -1
  69. data/spec/unit/file_serving/metadata_spec.rb +151 -107
  70. data/spec/unit/indirector/certificate_request/ca_spec.rb +0 -3
  71. data/spec/unit/indirector/direct_file_server_spec.rb +10 -9
  72. data/spec/unit/indirector/file_metadata/file_spec.rb +6 -4
  73. data/spec/unit/indirector/request_spec.rb +13 -3
  74. data/spec/unit/indirector/resource/active_record_spec.rb +4 -10
  75. data/spec/unit/indirector/resource/ral_spec.rb +6 -4
  76. data/spec/unit/indirector/rest_spec.rb +5 -6
  77. data/spec/unit/network/handler/ca_spec.rb +86 -0
  78. data/spec/unit/parser/collector_spec.rb +7 -7
  79. data/spec/unit/parser/scope_spec.rb +20 -0
  80. data/spec/unit/provider/file/posix_spec.rb +226 -0
  81. data/spec/unit/provider/file/windows_spec.rb +136 -0
  82. data/spec/unit/provider/group/windows_adsi_spec.rb +7 -2
  83. data/spec/unit/provider/user/windows_adsi_spec.rb +36 -3
  84. data/spec/unit/resource/catalog_spec.rb +20 -10
  85. data/spec/unit/resource_spec.rb +55 -8
  86. data/spec/unit/ssl/certificate_authority/interface_spec.rb +97 -54
  87. data/spec/unit/ssl/certificate_authority_spec.rb +133 -23
  88. data/spec/unit/ssl/certificate_factory_spec.rb +90 -70
  89. data/spec/unit/ssl/certificate_request_spec.rb +62 -1
  90. data/spec/unit/ssl/certificate_spec.rb +20 -14
  91. data/spec/unit/ssl/host_spec.rb +52 -6
  92. data/spec/unit/type/file/content_spec.rb +4 -4
  93. data/spec/unit/type/file/group_spec.rb +34 -96
  94. data/spec/unit/type/file/mode_spec.rb +88 -0
  95. data/spec/unit/type/file/owner_spec.rb +32 -123
  96. data/spec/unit/type/file/source_spec.rb +120 -41
  97. data/spec/unit/type/file_spec.rb +1033 -753
  98. data/spec/unit/type_spec.rb +19 -1
  99. data/spec/unit/util/adsi_spec.rb +19 -0
  100. data/spec/unit/util/log/destinations_spec.rb +75 -0
  101. data/spec/unit/util/log_spec.rb +15 -0
  102. data/spec/unit/util/network_device/config_spec.rb +7 -0
  103. data/spec/unit/util/settings_spec.rb +10 -0
  104. data/spec/unit/util_spec.rb +126 -13
  105. data/test/language/functions.rb +0 -1
  106. data/test/language/snippets.rb +0 -9
  107. data/test/lib/puppettest/exetest.rb +1 -1
  108. data/test/lib/puppettest/servertest.rb +0 -1
  109. data/test/rails/rails.rb +0 -1
  110. data/test/ral/type/filesources.rb +0 -60
  111. metadata +13 -33
  112. data/lib/puppet/network/client.rb +0 -174
  113. data/lib/puppet/network/client/ca.rb +0 -56
  114. data/lib/puppet/network/client/file.rb +0 -6
  115. data/lib/puppet/network/client/proxy.rb +0 -27
  116. data/lib/puppet/network/client/report.rb +0 -26
  117. data/lib/puppet/network/client/runner.rb +0 -10
  118. data/lib/puppet/network/client/status.rb +0 -4
  119. data/lib/puppet/network/http_server.rb +0 -3
  120. data/lib/puppet/network/http_server/mongrel.rb +0 -130
  121. data/lib/puppet/network/http_server/webrick.rb +0 -155
  122. data/lib/puppet/network/xmlrpc/client.rb +0 -211
  123. data/lib/puppet/provider/file/win32.rb +0 -72
  124. data/lib/puppet/sslcertificates.rb +0 -146
  125. data/lib/puppet/sslcertificates/ca.rb +0 -375
  126. data/lib/puppet/sslcertificates/certificate.rb +0 -255
  127. data/lib/puppet/sslcertificates/inventory.rb +0 -38
  128. data/lib/puppet/sslcertificates/support.rb +0 -146
  129. data/spec/integration/network/client_spec.rb +0 -18
  130. data/spec/unit/network/xmlrpc/client_spec.rb +0 -172
  131. data/spec/unit/sslcertificates/ca_spec.rb +0 -106
  132. data/test/certmgr/certmgr.rb +0 -308
  133. data/test/certmgr/inventory.rb +0 -69
  134. data/test/certmgr/support.rb +0 -105
  135. data/test/network/client/ca.rb +0 -69
  136. data/test/network/client/dipper.rb +0 -34
  137. data/test/network/handler/ca.rb +0 -273
  138. data/test/network/server/mongrel_test.rb +0 -99
  139. data/test/network/server/webrick.rb +0 -111
  140. data/test/network/xmlrpc/client.rb +0 -45
data/CHANGELOG CHANGED
@@ -1,3 +1,110 @@
1
+ 2.7.6 (includes CVE-2011-3872 see http://puppetlabs.com/security/hotfixes/cve-2011-3872/
2
+ ===
3
+ c09517a Improve the error message when a CSR is rejected
4
+ 9346530 Allow a master to bootstrap itself with dns_alt_names and autosign
5
+ 7679c66 (maint) Remove ssl dir before starting a master with DNS alt names
6
+ e4c64c7 Fix failing CA Interface specs on Ruby 1.9
7
+ 9ee1215 Fix some inconsistencies from merging
8
+ 8144939 Add support for DNS alt names to `puppet ca`
9
+ 2ba56e3 More 1.8.5 compatibility fixes.
10
+ 6257188 Better 1.8.5 compatible implementation of `lines`.
11
+ 4ba4db7 (#2848) Config options require '_', not '-'.
12
+ 493f8d1 Add --allow-dns-alt-names option to `puppet certificate sign`
13
+ 0cc8936 Add support for dns-alt-names option to `puppet certificate generate`
14
+ c65236d Ruby 1.8.5 compatibility changes in tests and code.
15
+ 6c37623 Add `lines` alias for `each_line` in Ruby 1.8.5.
16
+ e29eb6a s/not_to/should_not/ for older versions of RSpec 2.
17
+ f1f5298 (#2848) Eliminate redundant `master_dns_alt_names`.
18
+ 3a8b376 (#2848) Remove the legacy SSLCertificates code
19
+ 28dead0 (#2848) Rework the xmlrpc CA handler to use the modern SSL code
20
+ a644514 (#2848) Remove unused xmlrpc code
21
+ 2b1ad43 (#2848) Consistent return values from `subject_alt_names` accessors.
22
+ d8516d9 (#2848) Consistently use `subject_alt_names` as accessor name.
23
+ 0b45f4c (#2848) Don't strip the subjectAltName label when listing.
24
+ 99488f3 (#2848) Don't enable `emailProtection` for server keys.
25
+ f1285a4 (#2848) Only mark `subjectAltName` critical if `subject` is empty.
26
+ e65a88e (#2848) Migrate `dns-alt-names` back to settings.
27
+ b876c39 Wire up the `setbycli` slot in Puppet settings.
28
+ a53f2f2 (#2848) rename subject-alt-name option to dns-alt-names
29
+ bc2267a (#2848) Rename `certdnsnames` to match new behaviour.
30
+ a720499 (#2848) Use `certdnsnames` when bootstrapping a local master.
31
+ 6e3f529 (#2848) CSR subjectAltNames handling while signing.
32
+ 978b65c (#2848) List subject alt names in output of puppet cert --list
33
+ 7460a5e (#7224) Add a helper to Puppet::SSL::Certificate to retrieve alternate names
34
+ 94345eb (#2848) Rewrite SSL Certificate Factory, fixing `subjectAltName` leak.
35
+ a729d90 (#2848) Reject unknown (== all) extensions on the CSR.
36
+ f4fc11d (#2848) extract the subjectAltName value from the CSR.
37
+ d64b01b (#2848) Set `certdnsnames` values into the CSR.
38
+ 78a01a2 (#6928) Don't blow up when the method is undefined...
39
+ 43d1e38 (#9996) Restore functionality for multi-line commands in exec resources
40
+ d457763 (#9832) General StoreConfigs regression.
41
+ 2958b05 maint: Deal with [].to_s problem in 1.9.2
42
+ 9c25af4 (#9027) Get rid of spurious info messages in groupadd
43
+ 1f25c20 (#8411) Fix change group for POSIX file provider
44
+ 599642d Fix problem with set_mode (chmod) behavior on different test environments.
45
+ b43765d Undo change to failing test on 1.8.5
46
+ c275a51 Resist directory traversal attacks through indirections.
47
+ d759f84 (#9838) Return the tranaction report when doing a ral save
48
+ 127f83e (#9837) Split parameter pruning from manifest formatting
49
+ 9d5ce00 (#9837) Move resource formatting method to Puppet::Resource
50
+ 86230d8 (#9837) Move properties in prep to move proc to method
51
+ bf952e1 (#9837) Make a clearer variable name in the specs
52
+ 6885c36 (#9837) Call puppet apply to avoid deprecation warning
53
+ 93f8057 (#9837) Extract methods from the main section of the resource application
54
+ 5d33214 (#9837) Start the cleanup of the puppet resource application
55
+ 54a2565 (#9832) Test failures with some ActiveRecord versions.
56
+ 2bf8004 Updates for 2.6.11
57
+ 8343077 (#9832) 2.7.4 StoreConfigs regression with PostgreSQL.
58
+ dce82ea (#9458) Require main puppet module
59
+ e158b26 (#9793) "secure" indirector file backed terminus base class.
60
+ 343c7bd (#9792) Predictable temporary filename in ralsh.
61
+ 88512e8 Drop privileges before creating and chmodding SSH keys.
62
+ 6533292 (#9328) Retrieve user and group SIDs on windows.
63
+ 2775c21 (#9794) k5login can overwrite arbitrary files as root
64
+ e7a6995 (#9794) k5login can overwrite arbitrary files as root
65
+ 408d117 Updated CHANGELOG for 2.6.10
66
+ ec5a32a Update spec and lib/puppet.rb for 2.6.10 release
67
+ 4e8d3a1 (#9775) Only list managed resources in the resources file
68
+ 51b33d1 (#9326) Support plaintext passwords in Windows 'user' provider.
69
+ fe2de81 Resist directory traversal attacks through indirections.
70
+ 5fea1dc Fix issues with Windows based file URIs
71
+ 1a13d24 Simplify absolute path detection
72
+ a163cd5 Eliminate duplicate absolute path detection
73
+ 0ce60a5 Added methods for manipulating URI and file paths
74
+ 71ba92c Restrict the absolute path regex to the start of the string
75
+ 1edf767 Move group management into providers
76
+ 15149c1 Remove duplicate SID resolution code
77
+ f932511 Move owner management into providers
78
+ f05fc83 Add platform-specific metadata collectors
79
+ db0b4fb Make string_to_sid_ptr block optional
80
+ 7fc6baf Add the ability to retrieve user and group SIDs
81
+ 22bfd9c Move mode management into the providers
82
+ 4c3aae8 Fix typo bug that prevented FILE_DELETE_CHILD from being set
83
+ 7de0a80 Sub away trailing backslashes at the end of sources on Windows
84
+ 44cb1f1 Refactor autorequire of parent to use pathname with ancestors
85
+ 1300e0a Remove unnecessary Windows-on-non-Windows-master code for path parameter
86
+ 1f9b57f Cleanup file type integration tests
87
+ 8d21262 Cleanup and improve coverage of file type unit tests
88
+ 0a92a70 Resist directory traversal attacks through indirections.
89
+ 8b6a775 Call Array#join explicitly on command
90
+ ae74c68 Fix failing SSL Host test introduced by b6a67edc
91
+ 37a1975 (#4549) Fix templates to be able to call all functions
92
+ a74e56d Expand paths in catalog_spec for windows testing
93
+ 8d86e5a (9547) Minor mods to acceptance tests
94
+ 8ec3c7b (#4135) Update pluginsync to only load ruby files.
95
+ 0c8a0c7 Fix order dependent test failures relating to ADSI
96
+ c0edb76 (#9186) Fix tests that fail on 2008 when running as SYSTEM
97
+ 8e14de6 (#9186) Handle when running under non 'user' contexts
98
+ 7595475 Fix device.conf error reporting
99
+ 1d3a3a7 Fix #9164 - allow '-' in device certificate names
100
+ b6a67ed Fix #7982 - puppet device doesn't reset all cached attributes
101
+ ba1f469 (#9186) Change to shared_examples_for
102
+ b27b013 (#8410) Fix child exit status on Windows
103
+ 42c9982 (#9186) Add the ability to get/set windows permissions
104
+ d34d28d (#9435) Gracefully handle when syslog feature is unavailable
105
+ f013c65 (#9435) Fix absolute path matching for file log destinations
106
+ ea88745 (#9329) Disable agent daemonizing on Windows
107
+
1
108
  2.7.5
2
109
  ===
3
110
  a36f39d Updating version numbers for 2.7.5
@@ -1090,6 +1197,20 @@ d532e6d Fixing #3185 Rakefile is loading puppet.rb twice
1090
1197
  5aa596c Fix #3150 - require function doesn't like ::class syntax
1091
1198
  3457b87 Added time module to tagmail report
1092
1199
 
1200
+ 2.6.11
1201
+ ===
1202
+ e158b26 (#9793) "secure" indirector file backed terminus base class.
1203
+ 343c7bd (#9792) Predictable temporary filename in ralsh.
1204
+ 88512e8 Drop privileges before creating and chmodding SSH keys.
1205
+ 2775c21 (#9794) k5login can overwrite arbitrary files as root
1206
+
1207
+ 2.6.10
1208
+ ===
1209
+ ec5a32a Update spec and lib/puppet.rb for 2.6.10 release
1210
+ fe2de81 Resist directory traversal attacks through indirections. (CVE-2011-3484)
1211
+ 243aaa9 (#7956) Porting cron tests
1212
+ 3e3fc69 (#7956) Port resource acceptance tests
1213
+
1093
1214
  2.6.9
1094
1215
  ====
1095
1216
  db1a392 (#7506) Organize READMEs; specify supported Ruby versions in README.md
@@ -5,13 +5,13 @@
5
5
  %global confdir conf/redhat
6
6
 
7
7
  Name: puppet
8
- Version: 2.7.5
8
+ Version: 2.7.6
9
9
  Release: 1%{?dist}
10
10
  Summary: A network tool for managing many disparate systems
11
11
  License: ASL 2.0
12
12
  URL: http://puppetlabs.com
13
- Source0: http://puppetlabs.com/downloads/%{name}/%{name}-%{version}rc1.tar.gz
14
- Source1: http://puppetlabs.com/downloads/%{name}/%{name}-%{version}rc1.tar.gz.asc
13
+ Source0: http://puppetlabs.com/downloads/%{name}/%{name}-%{version}.tar.gz
14
+ Source1: http://puppetlabs.com/downloads/%{name}/%{name}-%{version}.tar.gz.asc
15
15
 
16
16
  Group: System Environment/Base
17
17
 
@@ -65,7 +65,7 @@ Provides the central puppet server daemon which provides manifests to clients.
65
65
  The server can also function as a certificate authority and file server.
66
66
 
67
67
  %prep
68
- %setup -q -n %{name}-%{version}rc1
68
+ %setup -q -n %{name}-%{version}
69
69
  patch -s -p1 < conf/redhat/rundir-perms.patch
70
70
 
71
71
 
@@ -282,6 +282,18 @@ fi
282
282
  rm -rf %{buildroot}
283
283
 
284
284
  %changelog
285
+ * Fri Oct 21 2011 Michael Stahnke <stahnma@puppetlabs.com> - 2.7.6-1
286
+ - 2.7.6 final
287
+
288
+ * Thu Oct 13 2011 Michael Stahnke <stahnma@puppetlabs.com> - 2.7.6-.1rc3
289
+ - New RC
290
+
291
+ * Fri Oct 07 2011 Michael Stahnke <stahnma@puppetlabs.com> - 2.7.6-0.1rc2
292
+ - New RC
293
+
294
+ * Mon Oct 03 2011 Michael Stahnke <stahnma@puppetlabs.com> - 2.7.6-0.1rc1
295
+ - New RC
296
+
285
297
  * Fri Sep 30 2011 Michael Stahnke <stahnma@puppetlabs.com> - 2.7.5-1
286
298
  - Fixes for CVE-2011-3869, 3870, 3871
287
299
 
@@ -295,9 +307,6 @@ rm -rf %{buildroot}
295
307
  * Wed Jul 06 2011 Michael Stahnke <stahnma@puppetlabs.com> - 2.7.2-0.1.rc1
296
308
  - Update to 2.7.2rc1
297
309
 
298
- * Tue Jun 21 2011 Michael Stahnke <stahnma@puppetlabs.com> - 2.6.9-1
299
- - Release of 2.6.9
300
-
301
310
  * Wed Jun 15 2011 Todd Zullinger <tmz@pobox.com> - 2.6.9-0.1.rc1
302
311
  - Update rc versioning to ensure 2.6.9 final is newer to rpm
303
312
  - sync changes with Fedora/EPEL
@@ -24,7 +24,7 @@ require 'puppet/util/run_mode'
24
24
  # it's also a place to find top-level commands like 'debug'
25
25
 
26
26
  module Puppet
27
- PUPPETVERSION = '2.7.5'
27
+ PUPPETVERSION = '2.7.6'
28
28
 
29
29
  def Puppet.version
30
30
  PUPPETVERSION
@@ -10,6 +10,7 @@ class Puppet::Application::Cert < Puppet::Application
10
10
  def subcommand
11
11
  @subcommand
12
12
  end
13
+
13
14
  def subcommand=(name)
14
15
  # Handle the nasty, legacy mapping of "clean" to "destroy".
15
16
  sub = name.to_sym
@@ -38,11 +39,15 @@ class Puppet::Application::Cert < Puppet::Application
38
39
 
39
40
  require 'puppet/ssl/certificate_authority/interface'
40
41
  Puppet::SSL::CertificateAuthority::Interface::INTERFACE_METHODS.reject {|m| m == :destroy }.each do |method|
41
- option("--#{method}", "-#{method.to_s[0,1]}") do
42
+ option("--#{method.to_s.gsub('_','-')}", "-#{method.to_s[0,1]}") do
42
43
  self.subcommand = method
43
44
  end
44
45
  end
45
46
 
47
+ option("--[no-]allow-dns-alt-names") do |value|
48
+ options[:allow_dns_alt_names] = value
49
+ end
50
+
46
51
  option("--verbose", "-v") do
47
52
  Puppet::Util::Log.level = :info
48
53
  end
@@ -181,8 +186,8 @@ Copyright (c) 2011 Puppet Labs, LLC Licensed under the Apache 2.0 License
181
186
  hosts = command_line.args.collect { |h| h.downcase }
182
187
  end
183
188
  begin
184
- @ca.apply(:revoke, :to => hosts) if subcommand == :destroy
185
- @ca.apply(subcommand, :to => hosts, :digest => @digest)
189
+ @ca.apply(:revoke, options.merge(:to => hosts)) if subcommand == :destroy
190
+ @ca.apply(subcommand, options.merge(:to => hosts, :digest => @digest))
186
191
  rescue => detail
187
192
  puts detail.backtrace if Puppet[:trace]
188
193
  puts detail.to_s
@@ -202,6 +207,15 @@ Copyright (c) 2011 Puppet Labs, LLC Licensed under the Apache 2.0 License
202
207
  Puppet::SSL::Host.ca_location = :only
203
208
  end
204
209
 
210
+ # If we are generating, and the option came from the CLI, it gets added to
211
+ # the data. This will do the right thing for non-local certificates, in
212
+ # that the command line but *NOT* the config file option will apply.
213
+ if subcommand == :generate
214
+ if Puppet.settings.setting(:dns_alt_names).setbycli
215
+ options[:dns_alt_names] = Puppet[:dns_alt_names]
216
+ end
217
+ end
218
+
205
219
  begin
206
220
  @ca = Puppet::SSL::CertificateAuthority.new
207
221
  rescue => detail
@@ -196,6 +196,7 @@ Licensed under the Apache 2.0 License
196
196
  Puppet.settings.set_value(:vardir, vardir, :cli)
197
197
  Puppet.settings.set_value(:confdir, confdir, :cli)
198
198
  Puppet.settings.set_value(:certname, certname, :cli)
199
+ Puppet::SSL::Host.reset
199
200
  end
200
201
  end
201
202
  end
@@ -173,8 +173,6 @@ Copyright (c) 2011 Puppet Labs, LLC Licensed under the Apache 2.0 License
173
173
  end
174
174
 
175
175
  def main
176
- require 'puppet/network/client'
177
-
178
176
  Puppet.warning "Failed to load ruby LDAP library. LDAP functionality will not be available" unless Puppet.features.ldap?
179
177
  require 'puppet/util/ldap/connection'
180
178
 
@@ -8,7 +8,6 @@ class Puppet::Application::Resource < Puppet::Application
8
8
 
9
9
  def preinit
10
10
  @extra_params = []
11
- @host = nil
12
11
  Facter.loadfacts
13
12
  end
14
13
 
@@ -138,9 +137,70 @@ Copyright (c) 2011 Puppet Labs, LLC Licensed under the Apache 2.0 License
138
137
  end
139
138
 
140
139
  def main
141
- args = command_line.args
140
+ type, name, params = parse_args(command_line.args)
141
+
142
+ raise "You cannot edit a remote host" if options[:edit] and @host
143
+
144
+ resources = find_or_save_resources(type, name, params)
145
+ text = resources.
146
+ map { |resource| resource.prune_parameters(:parameters_to_include => @extra_params).to_manifest }.
147
+ join("\n")
148
+
149
+ options[:edit] ?
150
+ handle_editing(text) :
151
+ (puts text)
152
+ end
153
+
154
+ def setup
155
+ Puppet::Util::Log.newdestination(:console)
156
+
157
+ Puppet.parse_config
158
+
159
+ if options[:debug]
160
+ Puppet::Util::Log.level = :debug
161
+ elsif options[:verbose]
162
+ Puppet::Util::Log.level = :info
163
+ end
164
+ end
165
+
166
+ private
167
+
168
+ def remote_key(type, name)
169
+ Puppet::Resource.indirection.terminus_class = :rest
170
+ port = Puppet[:puppetport]
171
+ ["https://#{@host}:#{port}", "production", "resources", type, name].join('/')
172
+ end
173
+
174
+ def local_key(type, name)
175
+ [type, name].join('/')
176
+ end
177
+
178
+ def handle_editing(text)
179
+ require 'tempfile'
180
+ # Prefer the current directory, which is more likely to be secure
181
+ # and, in the case of interactive use, accessible to the user.
182
+ tmpfile = Tempfile.new('x2puppet', Dir.pwd)
183
+ begin
184
+ # sync write, so nothing buffers before we invoke the editor.
185
+ tmpfile.sync = true
186
+ tmpfile.puts text
187
+
188
+ # edit the content
189
+ system(ENV["EDITOR"] || 'vi', tmpfile.path)
190
+
191
+ # ...and, now, pass that file to puppet to apply. Because
192
+ # many editors rename or replace the original file we need to
193
+ # feed the pathname, not the file content itself, to puppet.
194
+ system('puppet apply -v ' + tmpfile.path)
195
+ ensure
196
+ # The temporary file will be safely removed.
197
+ tmpfile.close(true)
198
+ end
199
+ end
200
+
201
+ def parse_args(args)
142
202
  type = args.shift or raise "You must specify the type to display"
143
- typeobj = Puppet::Type.type(type) or raise "Could not find type #{type}"
203
+ Puppet::Type.type(type) or raise "Could not find type #{type}"
144
204
  name = args.shift
145
205
  params = {}
146
206
  args.each do |setting|
@@ -151,80 +211,27 @@ Copyright (c) 2011 Puppet Labs, LLC Licensed under the Apache 2.0 License
151
211
  end
152
212
  end
153
213
 
154
- raise "You cannot edit a remote host" if options[:edit] and @host
155
-
156
- properties = typeobj.properties.collect { |s| s.name }
157
-
158
- format = proc {|trans|
159
- trans.dup.collect do |param, value|
160
- if value.nil? or value.to_s.empty?
161
- trans.delete(param)
162
- elsif value.to_s == "absent" and param.to_s != "ensure"
163
- trans.delete(param)
164
- end
165
-
166
- trans.delete(param) unless properties.include?(param) or @extra_params.include?(param)
167
- end
168
- trans.to_manifest
169
- }
214
+ [type, name, params]
215
+ end
170
216
 
171
- if @host
172
- Puppet::Resource.indirection.terminus_class = :rest
173
- port = Puppet[:puppetport]
174
- key = ["https://#{host}:#{port}", "production", "resources", type, name].join('/')
175
- else
176
- key = [type, name].join('/')
177
- end
217
+ def find_or_save_resources(type, name, params)
218
+ key = @host ? remote_key(type, name) : local_key(type, name)
178
219
 
179
- text = if name
220
+ if name
180
221
  if params.empty?
181
222
  [ Puppet::Resource.indirection.find( key ) ]
182
223
  else
183
- [ Puppet::Resource.indirection.save(Puppet::Resource.new( type, name, :parameters => params ), key) ]
224
+ resource = Puppet::Resource.new( type, name, :parameters => params )
225
+
226
+ # save returns [resource that was saved, transaction log from applying the resource]
227
+ save_result = Puppet::Resource.indirection.save(resource, key)
228
+ [ save_result.first ]
184
229
  end
185
230
  else
186
231
  if type == "file"
187
232
  raise "Listing all file instances is not supported. Please specify a file or directory, e.g. puppet resource file /etc"
188
233
  end
189
234
  Puppet::Resource.indirection.search( key, {} )
190
- end.map(&format).join("\n")
191
-
192
- if options[:edit]
193
- require 'tempfile'
194
- # Prefer the current directory, which is more likely to be secure
195
- # and, in the case of interactive use, accessible to the user.
196
- tmpfile = Tempfile.new('x2puppet', Dir.pwd)
197
- begin
198
- # sync write, so nothing buffers before we invoke the editor.
199
- tmpfile.sync = true
200
- tmpfile.puts text
201
-
202
- # edit the content
203
- system(ENV["EDITOR"] || 'vi', tmpfile.path)
204
-
205
- # ...and, now, pass that file to puppet to apply. Because
206
- # many editors rename or replace the original file we need to
207
- # feed the pathname, not the file content itself, to puppet.
208
- system('puppet -v ' + tmpfile.path)
209
- ensure
210
- # The temporary file will be safely removed.
211
- tmpfile.close(true)
212
- end
213
- else
214
- puts text
215
- end
216
- end
217
-
218
- def setup
219
- Puppet::Util::Log.newdestination(:console)
220
-
221
- # Now parse the config
222
- Puppet.parse_config
223
-
224
- if options[:debug]
225
- Puppet::Util::Log.level = :debug
226
- elsif options[:verbose]
227
- Puppet::Util::Log.level = :info
228
235
  end
229
236
  end
230
237
  end
@@ -24,8 +24,12 @@ module Puppet::Configurer::PluginHandler
24
24
  return if FileTest.directory?(file)
25
25
 
26
26
  begin
27
- Puppet.info "Loading downloaded plugin #{file}"
28
- load file
27
+ if file =~ /.rb$/
28
+ Puppet.info "Loading downloaded plugin #{file}"
29
+ load file
30
+ else
31
+ Puppet.debug "Skipping downloaded plugin #{file}"
32
+ end
29
33
  rescue Exception => detail
30
34
  Puppet.err "Could not load downloaded file #{file}: #{detail}"
31
35
  end