| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This class was previously using a cached_attr for its 'localhost' attribute,
representing the Puppet::SSL::Host entry corresponding to the cert in
Puppet[:certname]. We now no longer expire this attribute. This has the effect
that a change to certname during the lifetime of an agent will not be reflected
in the certificate it uses. If this behavior is desired, it will need to be
reimplemented another way.
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
(cherry picked from commit 7048b4c4d8c4a8ad45caf6a02b263ac0a9fa333e)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In the past, Puppet::Util::Autoload used a cached_attr for its 'searchpath'.
However, it no longer does that, so its references to Puppet::Util::Cacher are
unnecessary.
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
(cherry picked from commit ce08cba9eb92abce7f7ab77dcf7eb9f9435d4040)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Previously, indirections were storing their termini in a cached_attr, so that
they could be easily cleared for tests. Because this provides no value outside
of testing, we instead simply create an attr_reader for termini, and expire
them manually in tests.
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
(cherry picked from commit e74090468192697a6a2447dc6fcece3dd09a46f1)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Types and parameters were registering their catalog as their expirer, so that
the catalog could expire them between uses. However, because catalogs are never
reused (and neither are types or parameters), there is no need to expire
anything. Thus, we remove the entire cleanup/expire logic from catalog, type,
and parameter.
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
(cherry picked from commit e2ea023f809c2bdc53b5259047c28f8061f57e54)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
These values needn't be cached_attrs, because they can be managed manually.
'stat' does need to be cached, so that we avoid statting the file for each
property we want to check from disk. The 'content' attribute of 'source' also
needs to be cached, because it's retrieved from the server, which we certainly
don't want to do multiple times.
We need a mechanism for invalidating the 'stat' after we've written the file,
so we use a special value :needs_stat, which essentially represented
"undefined". We use this rather than nil so that we can store a failed stat
if it occurs.
Because the content and metadata of our source file will never change, there is
no need to be able to similarly expire the values of those attributes.
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
(cherry picked from commit 4b0c847f19d5db81758b5561bdc8196591209ef0)
Conflicts:
lib/puppet/type/file/source.rb
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The path attribute was being unnecessarily cached. The value is a LoadedFile
instance, which already knows how to check whether it needs to be reloaded. The
act of reparsing was being triggered separately from the cacher mechanism.
The comment indicated this value was only being cached so it could be easily
cleared for tests, but it wasn't being cleared for tests. Thus, there is no
reason for this attribute to be cached, so remove it.
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
(cherry picked from commit bdcb9be3b5d7cd54548cbeb7b13bee6fe4e730f7)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Allowing the singleton_instance value to be expirable is unnecessary, because
there will never be a need for a different CA instance in the lifetime of a
master. Additionally, the master never expired its cache anyway. This was only
using the cacher so it could be expired for tests, so it can safely be removed.
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
(cherry picked from commit fac867c7bdbfbd431b089eb1bfb6eb73230e912c)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The use of Puppet::Util::Cacher in this module was removed previously, and this
stray, unnecessary require was left around.
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
(cherry picked from commit 93299e90e231bb407923e3534a0e33d841b95355)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Allowing this value to be expirable is superfluous; it is only used on the
master, which never expires its cache. Additionally, it was providing partial
support for an event we don't fully support already (hostname and domain
changing during the lifetime of a master).
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
(cherry picked from commit 6a1b65760a0d8c6299d5c6d260dc37b5e0637706)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This class was using Util::Cacher for its singleton instance, when that was
unnecessary. The FileServing::Configuration instance already manages whether or
not to reparse its config file, based on whether it has changed. Thus, there is
no need for it to be manually expired via the cacher.
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
(cherry picked from commit 4bad729f56c26d8154cd0f20614fa4e478de9d40)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Keep alive has been disabled since 2008, and seems to have caused problems when
it was enabled before then. Since there doesn't seem to be any push to get it
working again, just remove it to simplify this code.
This also allows us to entirely remove the usage of Puppet::Util::Cacher from
HttpPool.
Paired-With: Jacob Helwig <jacob@puppetlabs.com>
(cherry picked from commit 185a666018c0cf0b2c497f655f942a82cd22e49e)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The previous set of windows patches accidentally changed %w{/one}
to make_absolute("/one"). This commit changes it back to
[make_absolute("/one")].
Reviewed-by: Jacob Helwig <jacob@puppetlabs.com>
(cherry picked from commit 62a3e2296b872ee9f0ee3c03c9c77215dcd215c5)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Several tests were broken due to pecularities of Windows
and Ruby on Windows:
* Ruby on windows does not differentiate between group and
other file permissions.
* All open file handles must be closed before the file can
be deleted
* Sometimes the current working directory (Dir.getwd) is
reported as C:/foo and other times as C:\\foo, which
confuses the spec tests.
* Ruby's sprintf formats floating point values differently
on Windows vs Unix. The Windows exponent has an extra
leading zero.
* Needed to stub execution of security command with the
SMF service provider.
Reviewed-by: Jacob Helwig <jacob@puppetlabs.com>
(cherry picked from commit 0e4ae653c0628cb0df9ccace98bca4bc7478fb7c)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The signals HUP, USR1, and USR2 are not supported on Windows. The
Puppet::Daemon code already skipped trapping these on Windows,
but the spec test was expecting them to be trapped. This commit
just updates the spec test to match the existing daemon code.
Reviewed-by: Jacob Helwig <jacob@puppetlabs.com>
(cherry picked from commit 8d56355981961fd1c4a358992930bbb80325fea7)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Many spec tests fail on Windows because there are no default
providers implemented for Windows yet. Several others are
failing due to Puppet::Util::Cacher not working correctly,
so for now the tests that are known to fail are marked with
:fails_on_windows => true. To skip these tests, you can run:
rspec --tag ~fails_on_windows spec
Reviewed-by: Jacob Helwig <jacob@puppetlabs.com>
(cherry picked from commit 255c5b4663bd389d2c87a2d39ec350034421a6f0)
Conflicts:
spec/unit/resource/catalog_spec.rb
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Absolute paths on Unix, e.g. /foo/bar, are not absolute on Windows,
which breaks many test cases. This commit adds a method to
PuppetSpec::Files.make_absolute that makes the path absolute in
test cases.
On Unix (Puppet.features.posix?) it is a no-op. On Windows,
(Puppet.features.microsoft_windows?) the drive from the current
working directory is prepended.
Reviewed-by: Jacob Helwig <jacob@puppetlabs.com>
(cherry picked from commit 462a95e3d077b1915a919399b846068816c84583)
Conflicts:
spec/unit/parser/functions/extlookup_spec.rb
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When testing whether a file path is absolute, the regexp was only
handling POSIX style file paths. This commit requires Windows
style file paths to start with a drive letter. A future commit
will refacter the various places we do path validation to
support both Windows drive letters and UNC paths.
Reviewed-by: Jacob Helwig <jacob@puppetlabs.com>
(cherry picked from commit 45ae5b4a9ced26dfcd3e324391f9a26cb02bf93d)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Puppet uses both colon and File::PATH_SEPARATOR in various places, which
does not work on Windows, where File::PATH_SEPARATOR is a semi-colon. This
commit changes the code and tests to consistently use File::PATH_SEPARATOR.
Reviewed-by: Jacob Helwig <jacob@puppetlabs.com>
(cherry picked from commit 26ee468e8b963d63933d9a27a65d55510ff87618)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Because we default the color setting to "false" on Microsoft Windows,
the heuristics used to detect which type of setting we're using were
getting confused, and mis-detected color as being a BooleanSetting
rather than just a Setting.
By specifying that color is a "Setting", we can skip the
auto-detection, and avoid this problem entirely.
Reviewed-by: Josh Cooper <josh@puppetlabs.com>
(cherry picked from commit b84bdbf31bbb0c5d5501bf6f32a9c0d0dc6acc94)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The windows file type requires that the path start with either a drive
letter or UNC style path. Also Ruby's File implementation on windows
only supports 0644 and 0444 permission bits (it doesn't differentiate
between group and other, and it doesn't know about the execute bit).
This commit maps the path and permissions used in the test to sensible
values when running on windows.
Paired-with: Jacob Helwig <jacob@puppetlabs.com>
(cherry picked from commit 06e0208ec34285e0749c366c8a12817044d7d513)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Windows consoles do not support ansi escape sequences for colorizing
output. This commit changes the default setting of 'color' to false when
the "microsoft_windows" feature is present.
Paired-with: Jacob Helwig <jacob@puppetlabs.com>
(cherry picked from commit d7d384ec0b7f28a8f0be20defcc2eebd0550aff0)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Running the Puppet master on Windows is not supported, so instead of
failing with what can be cryptic error messages about failed resources
we fail with an explicit error message about the master on Windows not
being supported. This way a user isn't mistakenly given the
impression that running a master on Windows will work, and they just
have something mis-configured.
Signed-off-by: Jacob Helwig <jacob@puppetlabs.com>
Reviewed-by: Max Martin <max@puppetlabs.com>
(cherry picked from commit 3a70503b60f9fd51177df4e9267c5ac28b06fb2d)
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Running Puppet on Windows requires the sys-admin, win32-process &
win32-dir gems. If any of these gems were missing, Puppet would fail
with the message "Cannot determine basic system flavour".
When trying to determine if we are on Windows, we now warn with the
message "Cannot run on Microsoft Windows without the sys-admin,
win32-process & win32-dir gems: #{err}", where err is the normal ruby
load error message stating which gem could not be loaded.
We also only warn if the POSIX feature is not present.
Signed-off-by: James Turnbull <james@puppetlabs.com>
Signed-off-by: Jacob Helwig <jacob@puppetlabs.com>
Reviewed-by: Cameron Thomas <cameron@puppetlabs.com>
(cherry picked from commit faf8a5c05f50d98835a1db05b96146618f485a04)
|
| |\
| | |
| | |
| | |
| | | |
daniel-pittman/maint/2.7.x/strip-incorrect-rights-statements
Maint/2.7.x/strip incorrect rights statements
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
For a while Luke, and other authors, injected a created tag, copyright
statement, and "All rights reserved" into every new file they added to the
Puppet project.
This isn't really true, and we have a global license covering the code, so
we have now stripped out all those old tags.
Signed-off-by: Daniel Pittman <daniel@puppetlabs.com>
|
| |\ \
| | |/
| |/| |
Maint/2.7.x/filebucket type and wrapping
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
There's a known bug that prevents remote filebucket resources from working
unless you set path => false. Until this bug is fixed, the docs should reflect
reality as she is played. This commit mentions the bug in both areas where it
is relevant.
|
| |/
| |
| |
| |
| | |
This is a cosmetic commit improving the line wrapping in the create_resources
function's documentation string.
|
| |\
| | |
| | |
| | |
| | | |
nfagerlund/maint/2.7.x/create_resources_documentation
Maint: Improve create_resources function's doc string
|
| |/
| |
| |
| |
| |
| |
| | |
The create_resources function's doc string was not particularly clear and had
incorrect markdown formatting. This commit adds a more complete example which
demonstrates the necessary hash format, and changes the doc string to a
heredoc to simplify escaping.
|
|\ \ |
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| | |
The resource_spec was failing because /etc is not considered a
fully-qualified path on Windows. Using File.expand_path fixes that.
The suidmanager_spec was failing because we weren't stubbing the
microsoft_windows feature, so SUIDManager.asuser was a no-op when
running as root, and our expectations weren't being met.
|
|\| |
|
| |\
| | |
| | |
| | | |
into 2.7.x
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The spec tests failed when running spec/unit/face/node_spec.rb
followed by spec/unit/ssl/certificate_request_spec.rb, because the
clean action for the node face was leaving
Puppet::SSL::Host.ca_location set to :local instead of its default
:none state.
This commit resets the ca_location back to :none in the top-level
after :all block.
|
| |\ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* 2.6.x:
Reset indirector state after configurer tests.
(#8770) Don't fail to set supplementary groups when changing user to root
(#8770) Always fully drop privileges when changing user
(#8662) Migrate suidmanager test case to rspec
(#8740) Do not enumerate files in the root directory.
(#3553) Explain that cron resources require time attributes
Conflicts:
lib/puppet/application/resource.rb
test/puppet/tc_suidmanager.rb
|
| | |\ \
| | | | |
| | | | | |
Do not leak indirector state
|
| | |/ /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Because the indirector state persists across tests, we need to make
sure that we clean up after ourselves whenever we explicitly set a
non-default configuration. We now reset the terminus class after all
the tests have run in the context with the modified configuration.
|
| | |\ \
| | | | |
| | | | |
| | | | |
| | | | | |
* nicklewis/ticket/2.6.x/8770:
(#8770) Don't fail to set supplementary groups when changing user to root
|
| | |/ /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Previously, Puppet::Util::SUIDManager.change_user would always try to set
supplementary groups (Process.initgroups) before changing its EUID.
Process.initgroups requires the calling process to have EUID 0 in order to
succeed.
This worked fine in the case where the process was changing from root to a
normal user, as it would set groups as root and then change EUID to 0.
However, in the case where the process was changing back to root from a normal
user, it would attempt to set groups as the normal user, and fail.
Now, we check Process.euid before changing, and will set groups first if root,
and will set euid first if not root. This ensures we can freely switch back
and forth between root.
This behavior is maintained inside of the change_user, rather than being broken
into eg. raise_privilege and lower_privilege, because it is a relatively minor
behavior difference, and the helper methods on their own would not have been
generically useful.
|
| | |\ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* nicklewis/ticket/2.6.x/8770:
(#8770) Always fully drop privileges when changing user
(#8662) Migrate suidmanager test case to rspec
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
On Mac OS X, it is only possible to directly change the euid of a process, and
not the uid. Thus, when a puppet master started as root on OS X would change to
the service user (puppet), it would leave the uid of its process set to 0.
This allowed any type of Ruby plugin executed on the master (a type, provider,
function, etc.) to trivially regain root privileges (by setting the euid of
its process back to 0) and potentially compromise the master.
Now, when permanently changing user, we will first try
Process::UID.change_privilege, before falling back to setting the euid/uid
ourselves. change_privilege correctly sets the uid of the process to the
desired new uid, preventing the process from later escalating itself back to
root. Similar behavior is also used when changing group. This has no effect on
the behavior when temporarily changing user/group (for instance, to execute a
single command or create a file as a particular user).
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
We're trying to move away from the legacy Test::Unit tests, and toward rspec
specs, so rewrite this file as specs.
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
|
| | |\ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
joshcooper/ticket/2.6.x/8740-cannot-manage-files-of-type-socket
Ticket/2.6.x/8740 cannot manage files of type socket
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Previously the command 'puppet resource file' would enumerate all files
in the root directory, and generate an exception if the file type was
not a directory, file, or link. Worse, it would also do this when a file
or directory was specified, e.g. 'puppet resource file /etc/hosts'.
Ideally, the find method of the ral terminus should not need to call the
type's instances class method, instead just creating an instance of the
type with the specified name and parameters. However, some types, like
package, depend on this behavior. The type walks all providers and all
instances that they provide, checking to see if the provider provides an
instance with that name, and also warning if another provider provides
an instance with the same name.
Also, ideally, puppet should not blow up when encountering an
unsupported file type, e.g. Unix domain socket, but that would be too
big of a change for 2.6.x.
This commit changes 'puppet resource file' to return a message saying
that the operation is not supported:
Listing all file instances is not supported. Please specify a file
or directory, e.g. puppet resource file /etc
The change is bit of a hack, as ideally, the file type's instances
method could raise an exception when called in a 'search' context, but
return an empty array in a 'find' context. But that also would be too
big of a change for 2.6.x.
This commit also adds spec tests for the resource application and file
type, as well as an acceptance test, which creates a Unix domain socket
in the root directory, while running 'puppet resource file'.
Paired-with: Nick Lewis <nick@puppetlabs.com>
Reviewed-by: Jacob Helwig <jacob@puppetlabs.com>
|
| | |\ \ \ \
| | | |_|/ /
| | |/| | | |
Ticket/2.6.x/3553 cron requires time
|
| | |/ / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The cron resource docs previously read, "All fields except the command and the
user are optional, although specifying no periodic fields would result in the
command being executed every minute." This was factually incorrect; instead,
specifying no periodic fields results in a failure and an unhelpful error on
Puppet 2.6 and 2.7.
Although the issue will remain open as a behavior bug, this commit corrects
the documentation of which attributes are required. It also changes the @doc
string to a heredoc to simplify quote escaping.
|
| |\ \ \ \
| | | | | |
| | | | | | |
(#9039) Update Augeas commands documentation
|
| | | |_|/
| | |/| |
| | | | |
| | | | |
| | | | | |
Added documentation on commands added as part of #6494 and clarified existing
commands documentation.
|
| |\ \ \ \
| | |/ / /
| |/| | |
| | | | |
| | | | | |
nfagerlund/ticket/2.7.x/8037_incorrect_augeas_example
(#8037) Fix incorrect example in Augeas type reference
|