Adding #408.

git-svn-id: https://reductivelabs.com/svn/puppet/trunk@2055 980ebf18-57e1-0310-9a29-db15c13687c0

4 files changed, 160 insertions, 7 deletions

diff --git a/lib/puppet/provider/nameservice/netinfo.rb b/lib/puppet/provider/nameservice/netinfo.rb
index 8f1a4ee07..3cac8f0a7 100644
--- a/lib/puppet/provider/nameservice/netinfo.rb
+++ b/lib/puppet/provider/nameservice/netinfo.rb
@@ -79,6 +79,8 @@ class NetInfo < Puppet::Provider::NameService
     def self.report(*params)
         dir = self.netinfodir()
         cmd = [command(:nireport), "/", "/%s" % dir]
+        
+        params.flatten!
 
         # We require the name in order to know if we match.  There's no
         # way to just report on our individual object, we have to get the
diff --git a/lib/puppet/type/resources.rb b/lib/puppet/type/resources.rb
index 5171cb58f..4796435bf 100644
--- a/lib/puppet/type/resources.rb
+++ b/lib/puppet/type/resources.rb
@@ -18,6 +18,8 @@ Puppet::Type.newtype(:resources) do
                 raise ArgumentError, "Could not find resource type '%s'" % name
             end
         end
+        
+        munge { |v| v.to_s }
     end
     
     newparam(:purge, :boolean => true) do
@@ -30,7 +32,7 @@ Puppet::Type.newtype(:resources) do
         validate do |value|
             if [:true, true, "true"].include?(value)
                 unless @parent.resource_type.respond_to?(:list)
-                    raise ArgumentError, "Purging resources of type %s is not supported" % @parent[:name]
+                    raise ArgumentError, "Purging resources of type %s is not supported, since they cannot be listed" % @parent[:name]
                 end
                 unless @parent.resource_type.validstate?(:ensure)
                     raise ArgumentError, "Purging is only supported on types that accept 'ensure'"
@@ -39,10 +41,60 @@ Puppet::Type.newtype(:resources) do
         end
     end
     
-    # Generate any new resources we need to manage.
+    newparam(:unless_system_user) do
+        desc "This keeps system users from being purged.  By default, it
+            does not purge users whose UIDs are less than or equal to 500, but you can specify
+            a different UID as the inclusive limit."
+        
+        newvalues(:true, :false, /^\d+$/)
+        
+        munge do |value|
+            case value
+            when /^\d+/
+                Integer(value)
+            when :true, true
+                500
+            when :false, false
+                false
+            when Integer: value
+            else
+                raise ArgumentError, "Invalid value %s" % value.inspect
+            end
+        end
+        
+        defaultto {
+            if @parent[:name] == "user"
+                500
+            else
+                nil
+            end
+        }
+    end
+    
+    def check(resource)
+        unless defined? @checkmethod
+            @checkmethod = "%s_check" % self[:name]
+        end
+        unless defined? @hascheck
+            @hascheck = respond_to?(@checkmethod)
+        end
+        if @hascheck
+            return send(@checkmethod, resource)
+        else
+            return true
+        end
+    end
+    
+    # Generate any new resources we need to manage.  This is pretty hackish right now,
+    # because it only supports purging.
     def generate
+        return [] unless self.purge?
+        hascheck = false
+        method = 
         resource_type.list.find_all do |resource|
             ! resource.managed?
+        end.find_all do |resource|
+            check(resource)
         end.each do |resource|
             begin
                 resource[:ensure] = :absent
@@ -66,6 +118,24 @@ Puppet::Type.newtype(:resources) do
         end
         @resource_type
     end
+    
+    def user_check(resource)
+        return true unless self[:name] == "user"
+        return true unless self[:unless_system_user]
+        
+        resource[:check] = :uid
+        resource.retrieve
+        
+        if %w{root nobody bin noaccess daemon sys}.include?(resource[:name])
+            return false
+        end
+        
+        if resource.is(:uid) <= self[:unless_system_user]
+            return false
+        else
+            return true
+        end
+    end
 end
 
 # $Id$
\ No newline at end of file
diff --git a/lib/puppet/type/user.rb b/lib/puppet/type/user.rb
index e3bd6eb98..5aa7c4f4b 100755
--- a/lib/puppet/type/user.rb
+++ b/lib/puppet/type/user.rb
@@ -38,7 +38,6 @@ module Puppet
 
             # If they're talking about the thing at all, they generally want to
             # say it should exist.
-            #defaultto :present
             defaultto do
                 if @parent.managed?
                     :present
@@ -175,7 +174,9 @@ module Puppet
             desc "A description of the user.  Generally is a user's full name."
             
             defaultto do
-                "%s User" % @parent.title.capitalize
+                if @parent.managed?
+                    "%s User" % @parent.title.capitalize
+                end
             end
         end
 
@@ -184,7 +185,10 @@ module Puppet
                 separately and is not currently checked for existence."
             
             defaultto do
-                if Facter.value(:operatingsystem) == "Darwin"
+                unless defined? @@os
+                    @@os = Facter.value(:operatingsystem)
+                end
+                if @parent.managed? and @@os == "Darwin"
                     "/var/empty"
                 end
             end
@@ -195,7 +199,10 @@ module Puppet
                 executable."
             
             defaultto do
-                if Facter.value(:operatingsystem) == "Darwin"
+                unless defined? @@os
+                    @@os = Facter.value(:operatingsystem)
+                end
+                if @@os == "Darwin" and @parent.managed?
                     "/usr/bin/false"
                 end
             end
diff --git a/test/types/resources.rb b/test/types/resources.rb
index 0cb28377d..5da04e71c 100755
--- a/test/types/resources.rb
+++ b/test/types/resources.rb
@@ -120,13 +120,22 @@ class TestResources < Test::Unit::TestCase
             assert(! u.managed?, "unmanaged resource was considered managed")
         end
         
+        # First make sure we get nothing back when purge is false
         genned = nil
+        purger[:purge] = false
+        assert_nothing_raised do
+            genned = purger.generate
+        end
+        assert_equal([], genned, "Purged even when purge is false")
+        
+        # Now make sure we can purge
+        purger[:purge] = true
         assert_nothing_raised do
             genned = purger.generate
         end
         assert(genned, "Did not get any generated resources")
         assert(! genned.empty?, "generated resource list was empty")
-
+        
         # Now make sure the generate method only finds the unmanaged resources
         assert_equal(unmanned.collect { |r| r.title }.sort, genned.collect { |r| r.title },
             "Did not return correct purge list")
@@ -138,6 +147,71 @@ class TestResources < Test::Unit::TestCase
             end
         end
     end
+    
+    # Part of #408.
+    def test_check
+        # First check a non-user
+        res = Puppet::Type.type(:resources).create :name => :package
+        assert_nil(res[:unless_system_user], "got bad default for package")
+        
+        
+        assert_nothing_raised {
+            assert(res.check("A String"), "String failed check")
+            assert(res.check(Puppet::Type.newfile(:path => tempfile())), "File failed check")
+            assert(res.check(Puppet::Type.type(:user).create(:name => "yayness")), "User failed check in package")
+        }
+        
+        # Now create a user manager
+        res = Puppet::Type.type(:resources).create :name => :user
+        
+        # Make sure the default is 500
+        assert_equal(500, res[:unless_system_user], "got bad default")
+        
+        # Now make sure root fails the test
+        @user = Puppet::Type.type(:user)
+        assert_nothing_raised {
+            assert(! res.check(@user.create(:name => "root")), "root passed check")
+            assert(! res.check(@user.create(:name => "nobody")), "nobody passed check")
+        }
+        
+        # Now find a user between 0 and the limit
+        low = high = nil
+        Etc.passwd { |entry|
+            if ! low and (entry.uid > 10 and entry.uid < 500)
+                low = entry.name
+            else
+                # We'll reset the limit, since we can't really guarantee that
+                # there are any users with uid > 500
+                if ! high and entry.uid > 50
+                    high = entry.name
+                    break
+                end
+            end
+        }
+        
+        if low
+            assert(! res.check(@user.create(:name => low)), "low user %s passed check" % low)
+        end
+        if high
+            res[:unless_system_user] = 50
+            assert(res.check(@user.create(:name => high)), "high user %s failed check" % high)
+        end
+    end
+    
+    # The other half of #408.
+    def test_check_is_called
+        res = Puppet::Type.type(:resources).create :name => :user, :purge => true
+        
+        list = nil
+        assert_nothing_raised { list = res.generate }
+        
+        assert(! list.empty?, "did not get any users")
+        
+        bad = list.find_all { |u|
+                %w{root bin nobody}.include?(u[:name]) or (u.retrieve and u.is(:uid) < 500)
+            }
+        assert(bad.empty?, "incorrectly passed users %s" % bad.collect { |u| u[:name]}.join(", "))
+    end
 end
 
 # $Id$
\ No newline at end of file