| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The windows file type requires that the path start with either a drive
letter or UNC style path. Also Ruby's File implementation on windows
only supports 0644 and 0444 permission bits (it doesn't differentiate
between group and other, and it doesn't know about the execute bit).
This commit maps the path and permissions used in the test to sensible
values when running on windows.
Paired-with: Jacob Helwig <jacob@puppetlabs.com>
(cherry picked from commit 06e0208ec34285e0749c366c8a12817044d7d513)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Running the Puppet master on Windows is not supported, so instead of
failing with what can be cryptic error messages about failed resources
we fail with an explicit error message about the master on Windows not
being supported. This way a user isn't mistakenly given the
impression that running a master on Windows will work, and they just
have something mis-configured.
Signed-off-by: Jacob Helwig <jacob@puppetlabs.com>
Reviewed-by: Max Martin <max@puppetlabs.com>
(cherry picked from commit 3a70503b60f9fd51177df4e9267c5ac28b06fb2d)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
For a while Luke, and other authors, injected a created tag, copyright
statement, and "All rights reserved" into every new file they added to the
Puppet project.
This isn't really true, and we have a global license covering the code, so
we have now stripped out all those old tags.
Signed-off-by: Daniel Pittman <daniel@puppetlabs.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
The resource_spec was failing because /etc is not considered a
fully-qualified path on Windows. Using File.expand_path fixes that.
The suidmanager_spec was failing because we weren't stubbing the
microsoft_windows feature, so SUIDManager.asuser was a no-op when
running as root, and our expectations weren't being met.
|
| |\| |
|
| | |\
| | |
| | |
| | | |
into 2.7.x
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The spec tests failed when running spec/unit/face/node_spec.rb
followed by spec/unit/ssl/certificate_request_spec.rb, because the
clean action for the node face was leaving
Puppet::SSL::Host.ca_location set to :local instead of its default
:none state.
This commit resets the ca_location back to :none in the top-level
after :all block.
|
| | |\ \
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* 2.6.x:
Reset indirector state after configurer tests.
(#8770) Don't fail to set supplementary groups when changing user to root
(#8770) Always fully drop privileges when changing user
(#8662) Migrate suidmanager test case to rspec
(#8740) Do not enumerate files in the root directory.
(#3553) Explain that cron resources require time attributes
Conflicts:
lib/puppet/application/resource.rb
test/puppet/tc_suidmanager.rb
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Because the indirector state persists across tests, we need to make
sure that we clean up after ourselves whenever we explicitly set a
non-default configuration. We now reset the terminus class after all
the tests have run in the context with the modified configuration.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Previously, Puppet::Util::SUIDManager.change_user would always try to set
supplementary groups (Process.initgroups) before changing its EUID.
Process.initgroups requires the calling process to have EUID 0 in order to
succeed.
This worked fine in the case where the process was changing from root to a
normal user, as it would set groups as root and then change EUID to 0.
However, in the case where the process was changing back to root from a normal
user, it would attempt to set groups as the normal user, and fail.
Now, we check Process.euid before changing, and will set groups first if root,
and will set euid first if not root. This ensures we can freely switch back
and forth between root.
This behavior is maintained inside of the change_user, rather than being broken
into eg. raise_privilege and lower_privilege, because it is a relatively minor
behavior difference, and the helper methods on their own would not have been
generically useful.
|
| | | |\
| | | |
| | | |
| | | |
| | | |
| | | | |
* nicklewis/ticket/2.6.x/8770:
(#8770) Always fully drop privileges when changing user
(#8662) Migrate suidmanager test case to rspec
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
On Mac OS X, it is only possible to directly change the euid of a process, and
not the uid. Thus, when a puppet master started as root on OS X would change to
the service user (puppet), it would leave the uid of its process set to 0.
This allowed any type of Ruby plugin executed on the master (a type, provider,
function, etc.) to trivially regain root privileges (by setting the euid of
its process back to 0) and potentially compromise the master.
Now, when permanently changing user, we will first try
Process::UID.change_privilege, before falling back to setting the euid/uid
ourselves. change_privilege correctly sets the uid of the process to the
desired new uid, preventing the process from later escalating itself back to
root. Similar behavior is also used when changing group. This has no effect on
the behavior when temporarily changing user/group (for instance, to execute a
single command or create a file as a particular user).
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
We're trying to move away from the legacy Test::Unit tests, and toward rspec
specs, so rewrite this file as specs.
Reviewed-By: Jacob Helwig <jacob@puppetlabs.com>
|
| | | |/
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Previously the command 'puppet resource file' would enumerate all files
in the root directory, and generate an exception if the file type was
not a directory, file, or link. Worse, it would also do this when a file
or directory was specified, e.g. 'puppet resource file /etc/hosts'.
Ideally, the find method of the ral terminus should not need to call the
type's instances class method, instead just creating an instance of the
type with the specified name and parameters. However, some types, like
package, depend on this behavior. The type walks all providers and all
instances that they provide, checking to see if the provider provides an
instance with that name, and also warning if another provider provides
an instance with the same name.
Also, ideally, puppet should not blow up when encountering an
unsupported file type, e.g. Unix domain socket, but that would be too
big of a change for 2.6.x.
This commit changes 'puppet resource file' to return a message saying
that the operation is not supported:
Listing all file instances is not supported. Please specify a file
or directory, e.g. puppet resource file /etc
The change is bit of a hack, as ideally, the file type's instances
method could raise an exception when called in a 'search' context, but
return an empty array in a 'find' context. But that also would be too
big of a change for 2.6.x.
This commit also adds spec tests for the resource application and file
type, as well as an acceptance test, which creates a Unix domain socket
in the root directory, while running 'puppet resource file'.
Paired-with: Nick Lewis <nick@puppetlabs.com>
Reviewed-by: Jacob Helwig <jacob@puppetlabs.com>
|
| |\| | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
These specs were assuming that paths such as /foo were always absolute, which
is not the case on Windows. Thus, when run on Windows, the provider was
complaining about receiving relative paths when it expected absolute, rather
than succeeding or failing in the intended way. Now we expand all paths we want
to be absolute, to guarantee they will be absolute everywhere.
Also, some specs were failing because they were trying to test the case where a
file isn't executable. That's not something we can reliably check on Windows,
so instead just stub the appropriate executable? methods.
Reviewed-By: Matt Robinson <matt@puppetlabs.com>
|
| |\| |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
lib/puppet/provider/augeas/augeas.rb
spec/unit/node_spec.rb
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Because this provider only applies when the posix feature is present (and thus
not the windows feature), it can never be used on Windows. Thus, the
Windows-specific command handling is unnecessary and unused.
Also added more specific error messages for the cases where a command doesn't
exist, isn't a file, and isn't executable. These only apply when the command
path is absolute (otherwise the message is simply command not found).
Reviewed-By: Matt Robinson <matt@puppetlabs.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Since the indirector state persists across tests, we were seeing order
dependent test failures with tests that assumed the default indirector
settings.
Specifically, if the following tests were run in order, the first
would cause failures in the second two:
spec/unit/application/apply_spec.rb
spec/unit/node_spec.rb
spec/integration/node_spec.rb
To protect against this state leakage, we now:
- reset the Puppet::Node terminus before each test in
spec/integration/node_spec.rb to ensure we are testing a clean
environment.
- reset the Puppet::Node, and Puppet::Node::Facts terminus, and
cache class after each test in spec/unit/application/apply_spec.rb
to prevent leakage into other tests.
Since the cache class has the same state leakage problem as the
terminus class, but does not have the same ability to lazily populate
the default when set to nil, we remove the test. Testing the default
for the cache class would require running the test before all other
tests to ensure there is no state pollution.n
|
| | |\ \
| | | |
| | | | |
(#8808) Fail Augeas resource when unable to save changes
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Raise a failure when Augeas changes cannot be saved (due to invalid layout of
the tree, permissions etc). Fixes a regression.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Since the cacher was removed in master the indirection's terminus class
no longer gets reset between tests by clearing the cache. This meant
that one spec was setting the cache_class and affecting another spec,
causing failures.
Now that test manually resets its indirection related info.
Reviewed-by: Nick Lewis <nick@puppetlabs.com>
|
| |\| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* 2.7.x: (25 commits)
(#4411) Explain that runinterval = 0 does not mean "never run"
Maint: Fix missing option text in puppet agent and arrange options alphabetically
(#8302) Improve documentation of exec providers
(#7853) Clarify and complete docs for the tagmail report processor
Maint: Mention that audit metaparameter will accept "all"
Maint: Adjust wording for file type's content parameter
Maint: Fix poor documentation for versioncmp function.
maint: Fix case sensitive require
maint: Add inspect app options to help
maint: Fix inspect help
Increment lib/puppet.rb VERSION string
Updated CHANGELOG for 2.7.3rc1
(#4762) Ensure that clients on the moon can successfully connect.
Add document outlining preferred contribution methods
Add document outlining preferred contribution methods
Add document outlining preferred contribution methods
Revert "Merge branch 'vcsrepo'"
Revert "Merge branch 'vcsrepo'"
Updating CHANGELOG for 2.7.2rc3
(#8704) Give better errors for invalid fileserver.conf
...
Manually Resolved Conflicts:
lib/puppet/parser/functions/versioncmp.rb
spec/integration/node/facts_spec.rb
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Mac's filesystems aren't case sensitive, so developing this change
didn't catch the issue with requiring filenames that had been
uppercased.
Reviewed-by: Nick Lewis <nick@puppetlabs.com>
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Running `puppet help inspect` did not result in help:
Unable to find application 'inspect'.
err: exit
err: Try 'puppet help help help' for usage
It turned out that the only reason applications were getting required so
that their help could be found was the LegacyName conversion table in
lib/puppet/util/command_line.rb:7. Inspect never had a legacy name, so
the help system couldn't find it since it never got required. Now
instead of checking for the class constant to see if the application has
been loaded, we try to require the application and exit if it's not
found.
Reviewed-by: Nick Lewis <nick@puppetlabs.com>
|
| | |\ \
| | | |
| | | |
| | | |
| | | | |
* ticket/2.7.x/8704-fileserverconf_parse_errors:
(#8704) Give better errors for invalid fileserver.conf
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
If you tried to just put an allow or deny line in the fileserver.conf
without a mount point, you got a really confusing error message:
lib/puppet/network/handler/fileserver.rb:285:in `readconfig': undefined method `info' for nil:NilClass (NoMethodError)
Now instead we give an error saying no mount point was specified.
Reviewed-by: Josh Cooper <josh@puppetlabs.com>
|
| | |\ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
* tickets/2.7.x/1886:
(Maint.) Disable cleaning of storeconfigs.
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This feature (and the corresponding tests) were causing intermittent
failures which we were unable to trace. We will reintroduce this
behavior when we can do so without test fragility.
Reviewed-By: Matt Robinson
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When we introduced verification of options, we forgot to handle the case that
global options from the Puppet settings system could be passed to the face.
This, in turn, means that the system would fail if you used any of those.
This remediates that, and now these work as expected.
Reviewed-By: Pieter van de Bruggen <pieter@puppetlabs.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The `node clean` code has introduced a systematic change in
state which is not uniformly protected against by the tests.
As these order dependent failures arise, we should refactor
the tests to be more robust.
Reviewed-By: Matt Robinson
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
This includes various style changes, and assorted fixes to testing.
Paired-With: Matt Robinson
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Here is a changeset that adds a new action to the puppet node face.
This application removes all traces of a node on the puppetmaster
(including certs, cached facts and nodes, reports, and storedconfig
entries).
Furthermore it is capable of unexporting exported resources of a
host so that consumers of these resources can remove the exported
resources and we will safely remove the node from our
infrastructure.
Usage:
puppet node clean [--unexport] <host> [<host2> ...]
To achieve this we add different destroy methods to the different
parts of the indirector. So for example for yaml indirections we
already offer read access for the yaml, this changeset adds
the destroy handler which only removes the yaml file for
a request. This can be used to remove cached entries.
This work is based on the initial work of Brice Figureau
<brice-puppet@daysofwonder.com>
|
| |\ \ \
| | | |
| | | | |
(#5606) Print Augeas' /augeas//error info to debug on save failure
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When saving fails, the contents of /augeas//error (for put_failed) are printed
to the debug log. Should help users track down the issue without needing to
replicate it with augtool.
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Raise a failure when Augeas changes cannot be saved (due to invalid layout of
the tree, permissions etc). Fixes a regression.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Added missing spec tests for Windows service provider methods:
:stop, :enable, :disable, and :manual_start
Refactored to match Nick's previous work.
Reviewed By: Nick Lewis [nick@puppetlabs.com]
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This provider, windows_adsi, uses the Puppet::Util::ADSI module to manage
groups. It can only manage group existence and memberships, but is fully
functional in those regards.
Based on work by: Joel Rosario <joel.r@.internal.directi.com>
Based on work by: Cameron Thomas <cameron@puppetlabs.com>
Reviewed-By: Matt Robinson <matt@puppetlabs.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This provider, windows_adsi, uses the Puppet::Util::ADSI module to manage
users. It can currently only manage group memberships, comments, and home
directories, which are the only fields that can be managed via ADSI.
Based on work by: Joel Rosario <joel.r@.internal.directi.com>
Based on work by: Cameron Thomas <cameron@puppetlabs.com>
Reviewed-By: Matt Robinson <matt@puppetlabs.com>
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This module (Puppet::Util::ADSI) provides access to Active Directory Services
Interfaces, using win32ole. The base module has methods for generating resource
URIs and connecting to ADSI.
It also provides classes Puppet::Util::ADSI::User and Puppet::Util::ADSI::Group
for managing Active Directory users and groups, along with their properties and
group memberships. This will be used to implement the Windows ADSI user and
group providers.
Based on work by: Joel Rosario <joel.r@.internal.directi.com>
Based on work by: Cameron Thomas <cameron@puppetlabs.com>
Reviewed-By: Matt Robinson <matt@puppetlabs.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The exec provider is not yet supported for Windows and this test relies
on /bin/sleep. And due to #8410 it attempts to execute the program named
"sleep 1", with variations of "sleep 1".bat, etc. This test needs to be
reworked for Windows when the exec provider is implemented.
Reviewed-by: Nick Lewis <nick@puppetlabs.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
The diffing ability of the file bucket is purely master functionality,
and not supported on Windows.
Reviewed-by: Nick Lewis <nick@puppetlabs.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Since absolute paths on Windows do not always start with /, we need to
make sure that there is always a slash between the checksum and the
path, or the drive letter will end up being considered as part of the
checksum.
On systems where absolute paths always start with /, the extra slash
is removed by the parsing done to the constructed URL.
Reviewed-by: Nick Lewis <nick@puppetlabs.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Previously, we only considered files that matched the *nix concept of
'absolute' as being absolute paths. Since absolute paths on Windows
look more like URLs with this world-view, we need to specifically look
for the Windows absolute paths, and treat them as such.
We will still treat *nix absolute paths as absolute on Windows, even
though they are actually relative to the "current" drive. We do not
currently limit which "style" of absolute path is allowed based on
what the agent is.
Reviewed-by: Nick Lewis <nick@puppetlabs.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Rather than stating the logic as 'if !thing', the two checks done when
initializing a new Puppet::FileBucket::File are now phrased as 'unless
thing', which should lessen the likelihood of overlooking the '!'.
We also now provide a reason for the ArgumentError being raised, which
should help users of Puppet::FileBucket::File quickly figure out what
is the problem when these exceptions are raised.
In addition to updating the tests to look for these new error
messages, we update the existing tests to specify which type of
exception, and what message it should have, when something is raised.
Reviewed-by: Nick Lewis <nick@puppetlabs.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The host provider did not work on Windows because it didn't know where
to find its hosts file. The provider now uses Win32::Resolv, which is
part of the standard ruby library, to find it.
Several host type/provider spec tests were marked as fails_on_windows,
but now that the provider is working, I removed the tag from those
tests, and verified that the tests now pass. There are two tests in
resources_spec that fail because the user and exec providers are not
supported on Windows yet, so those tests are marked as fails_on_windows.
Reviewed-by: Pieter van de Bruggen <pieter@puppetlabs.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The puppet install.rb script now defaults the config directory to
%PROGRAMDATA%\PuppetLabs\puppet\etc on Windows. This is more inline
with Windows best-practices, as this directory is used to store
application data across all users. The PROGRAMDATA environment
variable also takes into account alternate system drives, by using the
SYSTEMDRIVE environment variable.
Note that the Dir::COMMON_APPDATA constant is so named because it
corresponds to the CSIDL_COMMON_APPDATA constant, which on 2000, XP,
and 2003 is %ALLUSERSPROFILE%\Application Data, and on Vista, Win7 and
2008 is %SYSTEMDRIVE%\ProgramData.
This commit also updates puppet's default run_mode var and conf
directories when running as "root" to match the install script, and
fixes the spec test, which was looking in the Dir::WINDOWS directory.
Reviewed-by: Cameron Thomas <cameron@puppetlabs.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The mount, shell, and ssh_authorized_key types are not supported on
Windows, so these spec tests have been disabled when running on
Windows.
One of the compiler spec tests fails on Windows because
Puppet::Util.execute attempts to execute a program named "git rev-parse
HEAD". This has different semantics than Unix, where the command is
splatted, Kernel.exec(*command). Since this truly is a Windows bug, I
removed the fails_on_windows tag and updated ticket #8410.
Reviewed-by: Jacob Helwig <jacob@puppetlabs.com>
|
| |\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* ticket/master/8663-windows-spec-tests:
(#8663) Drive letters are not valid absolute paths on Windows
(#8663) Update the run_mode spec test on Windows to match the code
(#8663) The ssh_authorized_key type is not supported on Windows
(#8663) Reenable spec tests on Windows that now pass
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
One of the file spec tests was attempting to use X: as a fully
qualified file path, and the file type was correctly rejecting it,
since it is a relative path. This commit changes the spec test to
expect the file type to raise an exception.
Reviewed-by: Jacob Helwig <jacob@puppetlabs.com>
|
