| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
| |
The problem was that some defaults were nil but had
to be 'false', because xmlrpc can't serialize 'nil'
as an rpc argument.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
This keeps the destination directory from getting
purged if the remote source is invalid.
This mostly just removes an optimization that worked
fine when we queried the server for every directory,
but doesn't work now that we do one big query.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
I found some cases where duplicate resources
weren't correctly skipped, but I couldn't get
the test to really demonstrate them.
The code at least is demonstrated to work,
anyway.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
We had a common pattern for creating a temporary
file during integration tests, and this just
makes that common pattern explicit by
moving it to a module in the newly-created
lib directory in the spec directory.
We definitely don't want to go overboard in
using libraries in our tests, but sometimes
it gets a bit excessive to completely avoid them.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
| |
Previously any changed file got loaded; now we only try to
load files that are still present.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
| |
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
It now correctly purges files whether we're recursing
locally or remotely.
*Please* test various scenarios you can think of with
this. I've tested:
* Local recursion with no remote source
* Remote recursion with a source
* Recursion with an extra locally managed file
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
| |
This is the big win, because it causes us to just
skip the whole loading infrastructure, including
skipping looking through the modulepath.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The cache isn't actually used yet - this just adds
all of the plumbing.
It was found that stat'ing files that didn't exist
could take up to 85% of a run, so this is progress
toward getting rid of those stats.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
| |
There's more caching to add, but this simplifies
the interface to the list of paths and then caches
that list so we aren't constantly searching the
filesystem.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Caching the module path (because we check which
directories exist, and this method can get called
often), and the complete list of modules.
The cache ttl uses the filetimeout, which defaults to
15 seconds.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
| |
Previously you had to have an Expirer, but now
you can declare a TTL for a cached attribute
and it will be expired automatically when the
cached value is older than the ttl.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
| |
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
| |
Apparently the stomp client is really unhelpful with
failures; this attempts to provide at least a bit
more information.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The main goal of this refactor is to tell the client to
be resilient to failures (configured at initialization time),
and to send all messages as persistent messages (configured
for each message).
In the process, the client now parses the queue source URI
and handles each argument separately. The tests are more
thorough, also.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
| |
We previously manually slept, but this uses
the queue client to handle keeping the process running,
by just joining all running threads.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This changes the behaviour of template searching a bit -
we previously usually returned a file name, whether the template
existed or not. Now we only return a path if it
exists.
Refactoring a few of the the tests for TemplateWrapper, also.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
| |
It's set to 'only' instead of 'local'.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Previously, when you created a module you had to specify
the path. Now Module instances can use the module path
to look up their paths, and there are methods for determining
whether the module is present (if the path is present).
Also cleaned up the methods for figuring out what's in
the module (plugins, etc.).
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
|
| |
The Module class had a bunch of code for finding
manifests and templates even when not in a module,
and it complicated the class unnecessarily. This
moves that code to a new, hackish-but-sufficient
module for just that purpose.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
| |
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
| |
We weren't splitting on whitespace, which is necessary
since the settings don't support arrays but files
expect them.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
On ruby 1.8.7 file.close! nils the internal file path.
So the following pattern:
file = temp
file.close!
file = file.path
doesn't work.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |
|
|
| |
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |
|
|
| |
defined
|
| |
|
|
|
|
|
| |
"user doesn't exit" error appeared once again after the changes which were
applied in order to fix #2004.
Validation must only check attributes presence, not their value.
|
| |
|
|
|
|
|
|
|
|
|
| |
I *swear* I wrote tests for the daemon, but I
can't find them in any of my branches so I rewrote
them.
In the course of writing them, I also fixed the
usage of Daemon.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
| |
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
| |
The Server class has all of the logic now,
instead of doing weird things in the defaults.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
This lays the ground: a wrapper for the REST handler, and an application
confirming to the Rack standard. Also includes a base class for Rack
handlers, as RackREST will not stay the only one, and there needs to be
a central place where client authentication data can be checked.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Unmunge is the reverse of munge.
While munge allows the type to return a different parameter value
or properties should than the one it was created with, unmunge
does the reverse.
It can be used for instance to store a value in a different
representation but still be able to return genuine value to the
outside world.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Because of ruby bug:
http://rubyforge.org/tracker/?group_id=426&atid=1698&func=detail&aid=8886
and
http://redmine.ruby-lang.org/issues/show/1331
YAML dump of hashes using ruby objects as keys is incorrect leading
to an error when deserializing the YAML in puppetd.
The error is easy to correct by a post-process fix-up of
the generated YAML, which transforms:
&id004 !ruby/object:Puppet::Relationship ?
to the correct:
? &id004 !ruby/object:Puppet::Relationship
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |
|
|
|
|
|
|
|
| |
This patch moves Type to use Puppet::Util::Tagging as the other
part of Puppet. This brings uniformity and consistency in the
way the tags are used and/or compared to each other.
Type was storing tags in Symbol format, which produced #2207.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |
|
|
| |
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
We previously used and expected Puppet::Parser::Resource
instances, but 0.25 converts them all to Puppet::Resource
instances before they're passed out of the compiler,
so the Rails integration had to be changed to expect that.
There's still some muddling, because the rails resources
only generate parser resources, but that works for now
because that's what we expect when collecting resources.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
| |
This is required for Rails support.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The cert name should be searched first in default
circumstances, even if it disagrees with the hostname.
Brice's change to the way catalogs are searched for didn't
quite work when the hostname and certname didn't agree *and*
the certname was fully qualified.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
| |
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
| |
If we don't do this, there's a chance we'll get hit
by the ruby yaml bug again.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
| |
This is the last step to fixing #2189.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
| |
I'd made the argument no longer optional
because I thought the method was rarely used,
but it's used in puppetd a good bit.
Signed-off-by: Luke Kanies <luke@madstop.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rationale:
Before this change, the catalog was retrived with this uri:
/catalog/hostname
On the server side, the corresponding node was found by using the
request node, then finding if this node also match hostname
(which it does of course).
But it is not possible to have an ACL matching the hostname part
of the uri, because it:
* it would be compared to the node name (certname), which obviously
is not the same
* it is not possible to create a dynamic allow/deny rule on a non-fqdn
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Before this change, unauthenticated REST requests where inconditionnaly
allowed, as long as they were to the certificate terminus.
This could be a security hole, so now the REST requests, authenticated
or unauthenticated are all submitted to the REST authorization
layer.
The default authorizations now contains directives to allow unauthenticated
requests to the various certificate terminus to allow new hosts.
The conf/auth.conf file has been modified to match such defaults.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
unauthenticated request
Introduces a new auth.conf directive (auth or authenticated) which
takes an argument (on,yes/off,no/all,any).
This can be used to restrict an ACL to only some state of
authentication of a REST request, or any.
If no auth directive is given, the ACL will only trigger for
authenticated requests.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |
|
|
| |
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The idea is to raise an AuthorizationException at the same place
we check the authorization instead of in an upper level to be
able to spot where the authorization took place in the exception
backtrace.
Moreover, this changes also makes Rights::allowed? to return
the matching acl so that the upper layer can have a chance to
report which ACL resulted in the match.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
|
