From 89100c43d6be6cad16e8b51cbeb2d5695e353719 Mon Sep 17 00:00:00 2001 From: Luke Kanies Date: Mon, 26 May 2008 13:31:11 -0500 Subject: Moving the majority of the pkgdmg docs to the wiki, fixing #1264. Signed-off-by: Luke Kanies --- lib/puppet/provider/package/pkgdmg.rb | 61 +---------------------------------- 1 file changed, 1 insertion(+), 60 deletions(-) (limited to 'lib') diff --git a/lib/puppet/provider/package/pkgdmg.rb b/lib/puppet/provider/package/pkgdmg.rb index 2614d0950..134be5a65 100644 --- a/lib/puppet/provider/package/pkgdmg.rb +++ b/lib/puppet/provider/package/pkgdmg.rb @@ -28,66 +28,7 @@ require 'puppet/provider/package' Puppet::Type.type(:package).provide :pkgdmg, :parent => Puppet::Provider::Package do - desc "Package management based on Apple's Installer.app and DiskUtility.app - -Author: Jeff McCune - -Please direct questions about this provider to the puppet-users mailing list. - -This package works by checking the contents of a DMG image for Apple pkg or -mpkg files. Any number of pkg or mpkg files may exist in the root directory of -the DMG file system. Sub directories are not checked for packages. - -This provider always assumes the label (formerly called 'name') attribute -declared in the manifest will always exactly match the file name (without -path) of the DMG file itself. Therefore, if you want to install packages in -'Foobar.pkg.dmg' you must explicitly specify the label:: - - package { Foobar.pkg.dmg: ensure => installed, provider => pkgdmg } - -Only the dmg file name itself is used when puppet determines if the packages -contained within are currently installed. For example, if a package resource -named 'Foobar.pkg.dmg' is named for installation and contains multiple -packages, this provider will install all packages in the root directory of -this file system, then create a small cookie for the whole bundle, located at -/var/db/.puppet_pkgdmg_installed_Foobar.pkg.dmg - -As a result, if you change the contents of the DMG file in any way, Puppet -will not update or re-install the packages contained within unless you change -the file name of the DMG wrapper itself. Therefore, if you use this provider, -I recommend you name the DMG wrapper files in a manner that lends itself to -incremental version changes. I include some version or date string in the DMG -name, like so:: - - Firefox-2.0.0.3-1.pkg.dmg - -If I realize I've mis-packaged this DMG, then I have the option to increment -the package version, yielding Firefox-2.0.0.3-2.pkg.dmg. - -This provider allows you to host DMG files within an FTP or HTTP server. This -is primarily how the author provider distributes software. Any URL mechanism -curl or Ruby's open-uri module supports is supported by this provider. Curl -supported URL's yield much faster data throughput than open-uri, so I -recommend HTTP, HTTPS, or FTP for source package repositories. - -Because the provider assumes packages will be transfered via CURL, a two stage -process occurs. First, if a URL is detected, curl is invoked to transfer the -file into a temporary directory. If no URL is present, the provider skips -straight to step 2. In step two, the source file is mounted, then packages -installed, and finally the DMG file is removed. - -If this is a problem for you, please patch the code, or bug Jeff to fix this. - -Example usage:: - - package { Thunderbird-2.0.0.4-1.pkg.dmg: - provider => pkgdmg, ensure => present - source => 'http://0.0.0.0:8000/packages/Thunderbird-2.0.0.4-1.pkg.dmg', - } - -**WARNING**: Because I assume files will be downloaded to /tmp, the current -implementation attempts to delete DMG files if you install directly from the -file system and not via a URL method." + desc "Package management based on Apple's Installer.app and DiskUtility.app. This package works by checking the contents of a DMG image for Apple pkg or mpkg files. Any number of pkg or mpkg files may exist in the root directory of the DMG file system. Sub directories are not checked for packages. See `the wiki docs ` for more detail." confine :exists => "/Library/Receipts" commands :installer => "/usr/sbin/installer" -- cgit From 02411f5d74e9f437acdba9c75eb811b9976174c7 Mon Sep 17 00:00:00 2001 From: Luke Kanies Date: Mon, 26 May 2008 17:41:38 -0500 Subject: Always using the cert name to store yaml files, which fixes #1178. The Master handler previously provided the support for the :node_name setting, and that functionality has now been moved into the Node class. At the same time, the names to search through have been changed somewhat: Previously, the certificate name and the hostname were both used for searching, but now, the cert name is always searched first (unless node_name == facter), but only the Facter hostname, domain, and fqdn are used otherwise. We no longer split the cert name, only the hostname/domain/fqdn. In the general case, this provides no behaviour change, because people's hostname is the same as their certname. This only results in a change in behaviour if you specify a certificate name that is a normal node name, and you want to look that node up by something other than the full name in the certificate. Signed-off-by: Luke Kanies --- lib/puppet/network/handler/master.rb | 24 ++------------- lib/puppet/node.rb | 59 +++++++++++++++++++----------------- 2 files changed, 33 insertions(+), 50 deletions(-) (limited to 'lib') diff --git a/lib/puppet/network/handler/master.rb b/lib/puppet/network/handler/master.rb index 851ccc7b2..a050b089b 100644 --- a/lib/puppet/network/handler/master.rb +++ b/lib/puppet/network/handler/master.rb @@ -56,7 +56,8 @@ class Puppet::Network::Handler # Call our various handlers; this handler is getting deprecated. def getconfig(facts, format = "marshal", client = nil, clientip = nil) facts = decode_facts(facts) - client, clientip = clientname(client, clientip, facts) + + client ||= facts["hostname"] # Pass the facts to the fact handler Puppet::Node::Facts.new(client, facts).save unless local? @@ -66,27 +67,6 @@ class Puppet::Network::Handler return translate(catalog.extract) end - private - - # Manipulate the client name as appropriate. - def clientname(name, ip, facts) - # Always use the hostname from Facter. - client = facts["hostname"] - clientip = facts["ipaddress"] - if Puppet[:node_name] == 'cert' - if name - client = name - facts["fqdn"] = client - facts["hostname"], facts["domain"] = client.split('.', 2) - end - if ip - clientip = ip - end - end - - return client, clientip - end - # def decode_facts(facts) if @local diff --git a/lib/puppet/node.rb b/lib/puppet/node.rb index c0628ecdc..576e2265d 100644 --- a/lib/puppet/node.rb +++ b/lib/puppet/node.rb @@ -18,9 +18,8 @@ class Puppet::Node def self.find_by_any_name(key) return nil unless key - facts = node_facts(key) node = nil - names = node_names(key, facts) + names = node_names(key) names.each do |name| name = name.to_s if name.is_a?(Symbol) break if node = find(name) @@ -34,13 +33,16 @@ class Puppet::Node end end - if node - node.names = names + return nil unless node - return node - else - return nil - end + node.names = names + + # This is critical, because it forces our node's name to always + # be the key, which is nearly always the node's certificate. + # This is how the node instance is linked to the Facts instance, + # so it quite matters. + node.name = key + return node end private @@ -60,33 +62,34 @@ class Puppet::Node facts ||= node_facts(key) names = [] - if hostname = facts["hostname"] - unless hostname == key - names << hostname + # First, get the fqdn + unless fqdn = facts["fqdn"] + if domain = facts["domain"] + fqdn = facts["hostname"] + "." + facts["domain"] end - else - hostname = key - end - - if fqdn = facts["fqdn"] - hostname = fqdn - names << fqdn end - # Make sure both the fqdn and the short name of the - # host can be used in the manifest - if hostname =~ /\./ - names << hostname.sub(/\..+/,'') - elsif domain = facts['domain'] - names << hostname + "." + domain + # Now that we (might) have the fqdn, add each piece to the name + # list to search, in order of longest to shortest. + if fqdn + list = fqdn.split(".") + tmp = [] + list.each_with_index do |short, i| + tmp << list[0..i].join(".") + end + names += tmp.reverse end - # Sort the names inversely by name length. - names.sort! { |a,b| b.length <=> a.length } - # And make sure the key is first, since that's the most # likely usage. - ([key] + names).uniq + # The key is usually the Certificate CN, but it can be + # set to the 'facter' hostname instead. + if Puppet[:node_name] == 'cert' + names.unshift key + else + names.unshift facts["hostname"] + end + names.uniq end public -- cgit From 65c1889f09e83601b30f303294bff38621d77ab1 Mon Sep 17 00:00:00 2001 From: Luke Kanies Date: Mon, 26 May 2008 22:33:26 -0500 Subject: Fixing #1242 -- lack of storeconfigs only produces warning, not exception. Exporting or collecting resources no longer raises an exception when no storeconfigs is enabled, it just produces a warning. --- lib/puppet/parser/collector.rb | 6 ++++++ lib/puppet/parser/grammar.ra | 4 ++-- lib/puppet/parser/parser.rb | 8 ++++---- 3 files changed, 12 insertions(+), 6 deletions(-) (limited to 'lib') diff --git a/lib/puppet/parser/collector.rb b/lib/puppet/parser/collector.rb index 2699dc6e1..bcba9528e 100644 --- a/lib/puppet/parser/collector.rb +++ b/lib/puppet/parser/collector.rb @@ -6,6 +6,12 @@ class Puppet::Parser::Collector # Call the collection method, mark all of the returned objects as non-virtual, # and then delete this object from the list of collections to evaluate. def evaluate + # Shortcut if we're not using storeconfigs and they're trying to collect + # exported resources. + if form == :exported and Puppet[:storeconfigs] != true + Puppet.warning "Not collecting exported resources without storeconfigs" + return false + end if self.resources if objects = collect_resources and ! objects.empty? return objects diff --git a/lib/puppet/parser/grammar.ra b/lib/puppet/parser/grammar.ra index 484efe83c..a2f6729ee 100644 --- a/lib/puppet/parser/grammar.ra +++ b/lib/puppet/parser/grammar.ra @@ -152,7 +152,7 @@ virtualresource: at resource { type = val[0] if (type == :exported and ! Puppet[:storeconfigs]) and ! Puppet[:parseonly] - error "You cannot collect without storeconfigs being set" + Puppet.warning addcontext("You cannot collect without storeconfigs being set") end if val[1].is_a? AST::ResourceDefaults @@ -193,7 +193,7 @@ collection: classref collectrhand { args[:form] = val[1] end if args[:form] == :exported and ! Puppet[:storeconfigs] and ! Puppet[:parseonly] - error "You cannot collect exported resources without storeconfigs being set" + Puppet.warning addcontext("You cannot collect exported resources without storeconfigs being set; the collection will be ignored") end result = ast AST::Collection, args } diff --git a/lib/puppet/parser/parser.rb b/lib/puppet/parser/parser.rb index e27a209fc..3d7f21dca 100644 --- a/lib/puppet/parser/parser.rb +++ b/lib/puppet/parser/parser.rb @@ -29,7 +29,7 @@ module Puppet class Parser < Racc::Parser -module_eval <<'..end grammar.ra modeval..idfef5d70c9f', 'grammar.ra', 638 +module_eval <<'..end grammar.ra modeval..id9145566289', 'grammar.ra', 638 # It got too annoying having code in a file that needs to be compiled. require 'puppet/parser/parser_support' @@ -41,7 +41,7 @@ require 'puppet/parser/parser_support' # $Id$ -..end grammar.ra modeval..idfef5d70c9f +..end grammar.ra modeval..id9145566289 ##### racc 1.4.5 generates ### @@ -958,7 +958,7 @@ module_eval <<'.,.,', 'grammar.ra', 174 type = val[0] if (type == :exported and ! Puppet[:storeconfigs]) and ! Puppet[:parseonly] - error "You cannot collect without storeconfigs being set" + Puppet.warning addcontext("You cannot collect without storeconfigs being set") end if val[1].is_a? AST::ResourceDefaults @@ -1011,7 +1011,7 @@ module_eval <<'.,.,', 'grammar.ra', 199 args[:form] = val[1] end if args[:form] == :exported and ! Puppet[:storeconfigs] and ! Puppet[:parseonly] - error "You cannot collect exported resources without storeconfigs being set" + Puppet.warning addcontext("You cannot collect exported resources without storeconfigs being set; the collection will be ignored") end result = ast AST::Collection, args result -- cgit From cf3b98e14ce015b60338d963ba62d28af4e4755e Mon Sep 17 00:00:00 2001 From: James Turnbull Date: Fri, 30 May 2008 14:37:38 +1000 Subject: Applied patch for ticket #1271 --- lib/puppet/sslcertificates/ca.rb | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/puppet/sslcertificates/ca.rb b/lib/puppet/sslcertificates/ca.rb index 7386318f4..2237849f6 100644 --- a/lib/puppet/sslcertificates/ca.rb +++ b/lib/puppet/sslcertificates/ca.rb @@ -379,9 +379,14 @@ class Puppet::SSLCertificates::CA def sign_with_key(signable, digest = OpenSSL::Digest::SHA1.new) cakey = nil if @config[:password] - cakey = OpenSSL::PKey::RSA.new( - File.read(@config[:cakey]), @config[:password] - ) + begin + cakey = OpenSSL::PKey::RSA.new( + File.read(@config[:cakey]), @config[:password] + ) + rescue + raise Puppet::Error, + "Decrypt of CA private key with password stored in @config[:capass] not possible" + end else cakey = OpenSSL::PKey::RSA.new( File.read(@config[:cakey]) -- cgit From dbd9b40c6537c261f01976238ef9ccfd6a6d6d08 Mon Sep 17 00:00:00 2001 From: James Turnbull Date: Sat, 31 May 2008 12:32:04 +1000 Subject: Updated fix for ticket #1271 --- lib/puppet/sslcertificates/ca.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/puppet/sslcertificates/ca.rb b/lib/puppet/sslcertificates/ca.rb index 2237849f6..2a16a32ba 100644 --- a/lib/puppet/sslcertificates/ca.rb +++ b/lib/puppet/sslcertificates/ca.rb @@ -97,7 +97,7 @@ class Puppet::SSLCertificates::CA if @config[:capass] and File.readable?(@config[:capass]) return File.read(@config[:capass]) else - raise Puppet::Error, "Could not read CA passfile %s" % @config[:capass] + raise Puppet::Error, "Could not decrypt CA key with password: %s" % detail end end -- cgit From e8044f93efd29fab87d67f55461df371dec8bdff Mon Sep 17 00:00:00 2001 From: Luke Kanies Date: Tue, 27 May 2008 07:20:56 -0500 Subject: Adding to the indirection request support for authentication information. This basically consists of the node name (i.e., the certificate name), the IP, and whether the request is authenticated (which is determined by whether it provided a valid certificate). Now the two REST classes (mongrel and webrick) need to correctly pass this information to the indirection calls they make. --- lib/puppet/indirector/request.rb | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/puppet/indirector/request.rb b/lib/puppet/indirector/request.rb index 68b7ee160..45c06670b 100644 --- a/lib/puppet/indirector/request.rb +++ b/lib/puppet/indirector/request.rb @@ -3,10 +3,28 @@ require 'puppet/indirector' # Provide any attributes or functionality needed for indirected # instances. class Puppet::Indirector::Request - attr_accessor :indirection_name, :key, :method, :options, :instance + attr_accessor :indirection_name, :key, :method, :options, :instance, :node, :ip, :authenticated + + # Is this an authenticated request? + def authenticated? + # Double negative, so we just get true or false + ! ! authenticated + end def initialize(indirection_name, method, key, options = {}) - @indirection_name, @method, @options = indirection_name, method, (options || {}) + options ||= {} + raise ArgumentError, "Request options must be a hash, not %s" % options.class unless options.is_a?(Hash) + + @indirection_name, @method = indirection_name, method + + @options = options.inject({}) do |result, ary| + param, value = ary + if respond_to?(param.to_s + "=") + send(param.to_s + "=", value) + else + result[param] = value + end + end if key.is_a?(String) or key.is_a?(Symbol) @key = key @@ -14,8 +32,6 @@ class Puppet::Indirector::Request @instance = key @key = @instance.name end - - raise ArgumentError, "Request options must be a hash, not %s" % @options.class unless @options.is_a?(Hash) end # Look up the indirection based on the name provided. -- cgit From 1205881c8f022cd0dd26ed896976f9451549c571 Mon Sep 17 00:00:00 2001 From: Luke Kanies Date: Tue, 27 May 2008 10:36:16 -0600 Subject: The mongrel and webrick REST handlers now extract certificate information. All requests should now have an ipaddress add to them, they should always be marked authenticated or not, and they should have the certificate name set as their 'node' if a certificate is present. They both use the same methods they use for xmlrpc, although there's no common code, to facilitate deprecation of xmlrpc. --- lib/puppet/network/http/handler.rb | 56 +++++++++++++++------------------ lib/puppet/network/http/mongrel/rest.rb | 49 ++++++++++++++++++++--------- lib/puppet/network/http/webrick/rest.rb | 51 +++++++++++++++++++++--------- 3 files changed, 96 insertions(+), 60 deletions(-) (limited to 'lib') diff --git a/lib/puppet/network/http/handler.rb b/lib/puppet/network/http/handler.rb index 7113c92d3..8c6abde8a 100644 --- a/lib/puppet/network/http/handler.rb +++ b/lib/puppet/network/http/handler.rb @@ -1,30 +1,30 @@ module Puppet::Network::HTTP::Handler - + def initialize_for_puppet(args = {}) raise ArgumentError unless @server = args[:server] raise ArgumentError unless @handler = args[:handler] @model = find_model_for_handler(@handler) end - + # handle an HTTP request def process(request, response) return do_find(request, response) if get?(request) and singular?(request) return do_search(request, response) if get?(request) and plural?(request) return do_destroy(request, response) if delete?(request) and singular?(request) - return do_save(request, response) if put?(request) and singular?(request) + return do_save(request, response) if put?(request) and singular?(request) raise ArgumentError, "Did not understand HTTP #{http_method(request)} request for '#{path(request)}'" rescue Exception => e return do_exception(request, response, e) end - + private def model - @model + @model end - + def do_find(request, response) - key = request_key(request) || raise(ArgumentError, "Could not locate lookup key in request path [#{path}]") + key = request_key(request) || raise(ArgumentError, "Could not locate lookup key in request path [#{path(request)}]") args = params(request) result = model.find(key, args).to_yaml encode_result(request, response, result) @@ -37,7 +37,7 @@ module Puppet::Network::HTTP::Handler end def do_destroy(request, response) - key = request_key(request) || raise(ArgumentError, "Could not locate lookup key in request path [#{path}]") + key = request_key(request) || raise(ArgumentError, "Could not locate lookup key in request path [#{path(request)}]") args = params(request) result = model.destroy(key, args) encode_result(request, response, YAML.dump(result)) @@ -46,71 +46,67 @@ module Puppet::Network::HTTP::Handler def do_save(request, response) data = body(request).to_s raise ArgumentError, "No data to save" if !data or data.empty? - # args = params(request) + args = params(request) obj = model.from_yaml(data) - result = save_object(obj).to_yaml + result = obj.save(args).to_yaml encode_result(request, response, result) end - - def save_object(obj) - obj.save - end - + def do_exception(request, response, exception, status=404) encode_result(request, response, exception.to_yaml, status) end - + def find_model_for_handler(handler) Puppet::Indirector::Indirection.model(handler) || raise(ArgumentError, "Cannot locate indirection [#{handler}].") end - + def get?(request) http_method(request) == 'GET' end - + def put?(request) http_method(request) == 'PUT' end - + def delete?(request) http_method(request) == 'DELETE' end - + def singular?(request) %r{/#{@handler.to_s}$}.match(path(request)) end - + def plural?(request) %r{/#{@handler.to_s}s$}.match(path(request)) end - - # methods to be overridden by the including web server class - + + # methods to be overridden by the including web server class + def register_handler raise NotImplementedError end - + def http_method(request) raise NotImplementedError end - + def path(request) raise NotImplementedError end - + def request_key(request) raise NotImplementedError end - + def body(request) raise NotImplementedError end - + def params(request) raise NotImplementedError end - + def encode_result(request, response, result, status = 200) raise NotImplementedError end diff --git a/lib/puppet/network/http/mongrel/rest.rb b/lib/puppet/network/http/mongrel/rest.rb index 2a3d4f143..d1257d5cb 100644 --- a/lib/puppet/network/http/mongrel/rest.rb +++ b/lib/puppet/network/http/mongrel/rest.rb @@ -3,45 +3,64 @@ require 'puppet/network/http/handler' class Puppet::Network::HTTP::MongrelREST < Mongrel::HttpHandler include Puppet::Network::HTTP::Handler - - def initialize(args={}) - super() - initialize_for_puppet(args) - end + + def initialize(args={}) + super() + initialize_for_puppet(args) + end + + # Return the query params for this request. We had to expose this method for + # testing purposes. + def params(request) + Mongrel::HttpRequest.query_parse(request.params["QUERY_STRING"]).merge(client_info(request)) + end private - + # which HTTP verb was used in this request def http_method(request) request.params[Mongrel::Const::REQUEST_METHOD] end - + # what path was requested? def path(request) # LAK:NOTE See http://snurl.com/21zf8 [groups_google_com] x = '/' + request.params[Mongrel::Const::REQUEST_PATH].split('/')[1] end - + # return the key included in the request path def request_key(request) # LAK:NOTE See http://snurl.com/21zf8 [groups_google_com] x = request.params[Mongrel::Const::REQUEST_PATH].split('/')[2] end - + # return the request body def body(request) request.body end - - # return the query params for this request - def params(request) - Mongrel::HttpRequest.query_parse(request.params["QUERY_STRING"]) - end - + # produce the body of the response def encode_result(request, response, result, status = 200) response.start(status) do |head, body| body.write(result) end end + + def client_info(request) + result = {} + params = request.params + result[:ip] = params["REMOTE_ADDR"] + + # JJM #906 The following dn.match regular expression is forgiving + # enough to match the two Distinguished Name string contents + # coming from Apache, Pound or other reverse SSL proxies. + if dn = params[Puppet[:ssl_client_header]] and dn_matchdata = dn.match(/^.*?CN\s*=\s*(.*)/) + result[:node] = dn_matchdata[1].to_str + result[:authenticated] = (params[Puppet[:ssl_client_verify_header]] == 'SUCCESS') + else + result[:authenticated] = false + end + + return result + end end diff --git a/lib/puppet/network/http/webrick/rest.rb b/lib/puppet/network/http/webrick/rest.rb index b43912196..a235fb4f3 100644 --- a/lib/puppet/network/http/webrick/rest.rb +++ b/lib/puppet/network/http/webrick/rest.rb @@ -1,46 +1,67 @@ require 'puppet/network/http/handler' class Puppet::Network::HTTP::WEBrickREST < WEBrick::HTTPServlet::AbstractServlet - + include Puppet::Network::HTTP::Handler - + def initialize(server, handler) - raise ArgumentError, "server is required" unless server - super(server) - initialize_for_puppet(:server => server, :handler => handler) + raise ArgumentError, "server is required" unless server + super(server) + initialize_for_puppet(:server => server, :handler => handler) + end + + # We had to expose this method for testing purposes. + def params(request) + result = request.query + result.merge(client_information(request)) end # WEBrick uses a service() method to respond to requests. Simply delegate to the handler response() method. def service(request, response) process(request, response) end - + private - + def http_method(request) request.request_method end - + def path(request) # LAK:NOTE See http://snurl.com/21zf8 [groups_google_com] x = '/' + request.path.split('/')[1] end - + def request_key(request) # LAK:NOTE See http://snurl.com/21zf8 [groups_google_com] x = request.path.split('/')[2] end - + def body(request) request.body end - - def params(request) - request.query - end - + def encode_result(request, response, result, status = 200) response.status = status response.body = result end + + # Retrieve node/cert/ip information from the request object. + def client_information(request) + result = {} + if peer = request.peeraddr and ip = peer[3] + result[:ip] = ip + end + + # If they have a certificate (which will almost always be true) + # then we get the hostname from the cert, instead of via IP + # info + result[:authenticated] = false + if cert = request.client_cert and nameary = cert.subject.to_a.find { |ary| ary[0] == "CN" } + result[:node] = nameary[1] + result[:authenticated] = true + end + + result + end end -- cgit From 29c840ae8f2d4e81df1154b1099ce3ca92e348e3 Mon Sep 17 00:00:00 2001 From: Luke Kanies Date: Mon, 26 May 2008 00:24:57 -0500 Subject: Adding a class for using templates directly within resources (i.e., client-side templates). This would really only be used for composite resources that pass the results of the template on to generated resources. --- lib/puppet/util/resource_template.rb | 38 ++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 lib/puppet/util/resource_template.rb (limited to 'lib') diff --git a/lib/puppet/util/resource_template.rb b/lib/puppet/util/resource_template.rb new file mode 100644 index 000000000..f85078005 --- /dev/null +++ b/lib/puppet/util/resource_template.rb @@ -0,0 +1,38 @@ +require 'puppet/util' +require 'puppet/util/logging' +require 'erb' + +# A template wrapper that evaluates a template in the +# context of a resource, allowing the resource attributes +# to be looked up from within the template. +# This provides functionality essentially equivalent to +# the language's template() function. You pass your file +# path and the resource you want to use into the initialization +# method, then call result() on the instance, and you get back +# a chunk of text. +# The resource's parameters are available as instance variables +# (as opposed to the language, where we use a method_missing trick). +class Puppet::Util::ResourceTemplate + include Puppet::Util::Logging + + def evaluate + set_resource_variables + ERB.new(File.read(@file), 0, "-").result(binding) + end + + def initialize(file, resource) + raise ArgumentError, "Template %s does not exist" % file unless FileTest.exist?(file) + @file = file + @resource = resource + end + + private + + def set_resource_variables + @resource.to_hash.each do |param, value| + var = "@#{param.to_s}" + instance_variable_set(var, value) + end + end +end + -- cgit From 886c984cfc3b944a1c482c1e360bb4fed86a7ed4 Mon Sep 17 00:00:00 2001 From: Luke Kanies Date: Mon, 26 May 2008 13:55:02 -0500 Subject: Updating the docs for ResourceTemplate. Signed-off-by: Luke Kanies --- lib/puppet/util/resource_template.rb | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) (limited to 'lib') diff --git a/lib/puppet/util/resource_template.rb b/lib/puppet/util/resource_template.rb index f85078005..cd588902d 100644 --- a/lib/puppet/util/resource_template.rb +++ b/lib/puppet/util/resource_template.rb @@ -12,6 +12,29 @@ require 'erb' # a chunk of text. # The resource's parameters are available as instance variables # (as opposed to the language, where we use a method_missing trick). +# For example, say you have a resource that generates a file. You would +# need to implement the following style of `generate` method: +# +# def generate +# template = Puppet::Util::ResourceTemplate.new(self, "/path/to/template") +# +# return Puppet::Type.type(:file).create :path => "/my/file", +# :content => template.evaluate +# end +# +# This generated file gets added to the catalog (which is what `generate` does), +# and its content is the result of the template. You need to use instance +# variables in your template, so if your template just needs to have the name +# of the generating resource, it would just have: +# +# <%= @name %> +# +# Since the ResourceTemplate class sets as instance variables all of the resource's +# parameters. +# +# Note that it sets the generating resource's parameters, which is generally most +# useful, since it allows you to configure the generated resource via the +# generating resource. class Puppet::Util::ResourceTemplate include Puppet::Util::Logging -- cgit From bdc578adec306d0b2b842af5d62662cd1ac76308 Mon Sep 17 00:00:00 2001 From: Luke Kanies Date: Sat, 31 May 2008 14:29:01 -0700 Subject: Applying the fixes recommended by David Schmitt to the inline documentation of the ResourceTemplate class. --- lib/puppet/util/resource_template.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/puppet/util/resource_template.rb b/lib/puppet/util/resource_template.rb index cd588902d..53066a192 100644 --- a/lib/puppet/util/resource_template.rb +++ b/lib/puppet/util/resource_template.rb @@ -16,7 +16,7 @@ require 'erb' # need to implement the following style of `generate` method: # # def generate -# template = Puppet::Util::ResourceTemplate.new(self, "/path/to/template") +# template = Puppet::Util::ResourceTemplate.new("/path/to/template", self) # # return Puppet::Type.type(:file).create :path => "/my/file", # :content => template.evaluate @@ -32,9 +32,9 @@ require 'erb' # Since the ResourceTemplate class sets as instance variables all of the resource's # parameters. # -# Note that it sets the generating resource's parameters, which is generally most -# useful, since it allows you to configure the generated resource via the -# generating resource. +# Note that this example uses the generating resource as its source of +# parameters, which is generally most useful, since it allows you to configure +# the generated resource via the generating resource. class Puppet::Util::ResourceTemplate include Puppet::Util::Logging -- cgit From 946081b3c0bf24dc68a3a08fbcb6b5347e01de8f Mon Sep 17 00:00:00 2001 From: Andrew Shafer Date: Tue, 10 Jun 2008 23:19:37 -0600 Subject: Try again Add the class to handle certs, specs and modify puppetd should fix 1190, 1199, 1200 --- lib/puppet/executables/client/certhandler.rb | 68 ++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 lib/puppet/executables/client/certhandler.rb (limited to 'lib') diff --git a/lib/puppet/executables/client/certhandler.rb b/lib/puppet/executables/client/certhandler.rb new file mode 100644 index 000000000..d2ead3950 --- /dev/null +++ b/lib/puppet/executables/client/certhandler.rb @@ -0,0 +1,68 @@ + +module Puppet + module Executables + module Client + class CertHandler + attr_writer :wait_for_cert, :one_time + + def initialize(wait_time, is_one_time) + @wait_for_cert = wait_time + @one_time = is_one_time + @new_cert = false + end + + def read_retrieve + #NOTE: ACS this is checking that a file exists, maybe next time just do that? + unless read_cert + # If we don't already have the certificate, then create a client to + # request one. Use the special ca stuff, don't use the normal server and port. + retrieve_cert + end + + !@new_cert + end + + def retrieve_cert + caclient = Puppet::Network::Client.ca.new() + + while true do + begin + if caclient.request_cert + break if read_new_cert + else + Puppet.notice "Did not receive certificate" + if @one_time + Puppet.notice "Set to run 'one time'; exiting with no certificate" + exit(1) + end + end + rescue StandardError => detail + Puppet.err "Could not request certificate: %s" % detail.to_s + exit(23) if @one_time + end + + sleep @wait_for_cert + end + end + + def read_cert + Puppet::Network::HttpPool.read_cert + end + + def read_new_cert + if Puppet::Network::HttpPool.read_cert + # If we read it in, then we need to get rid of our existing http connection. + # The @new_cert flag will help us do that + @new_cert = true + Puppet.notice "Got signed certificate" + else + Puppet.err "Could not read certificates after retrieving them" + exit(34) if @one_time + end + + return @new_cert + end + end + end + end +end -- cgit From 4b29a5ea234e2c0c36ab5fca8fa0f6dee0085a7e Mon Sep 17 00:00:00 2001 From: Luke Kanies Date: Wed, 11 Jun 2008 18:52:05 -0500 Subject: Fixing how the indirection tests for whether the request has node info. My request authorization code changed the request to set its 'node' instance variable, rather than using its options, and I apparently didn't change the Indirection class to do this. I have *no* idea how these tests were passing before -- they passed for me yesterday but failed for Andrew, and today they started failing for me. Frightening. --- lib/puppet/indirector/indirection.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/puppet/indirector/indirection.rb b/lib/puppet/indirector/indirection.rb index 05464f8c9..4841ec532 100644 --- a/lib/puppet/indirector/indirection.rb +++ b/lib/puppet/indirector/indirection.rb @@ -267,7 +267,7 @@ class Puppet::Indirector::Indirection def check_authorization(request, terminus) # At this point, we're assuming authorization makes no sense without # client information. - return unless request.options[:node] + return unless request.node # This is only to authorize via a terminus-specific authorization hook. return unless terminus.respond_to?(:authorized?) -- cgit From fb5f09bc347553b2744e5d3b24ddfa26bc0b3c9e Mon Sep 17 00:00:00 2001 From: Luke Kanies Date: Wed, 11 Jun 2008 18:56:36 -0500 Subject: Fixing how the Indirector::Request sets its options. I wasn't testing whether the options where still a hash, and an 'inject' loop wasn't returning correctly, so the options weren't being set correctly. --- lib/puppet/indirector/request.rb | 1 + 1 file changed, 1 insertion(+) (limited to 'lib') diff --git a/lib/puppet/indirector/request.rb b/lib/puppet/indirector/request.rb index 45c06670b..98fa38885 100644 --- a/lib/puppet/indirector/request.rb +++ b/lib/puppet/indirector/request.rb @@ -24,6 +24,7 @@ class Puppet::Indirector::Request else result[param] = value end + result end if key.is_a?(String) or key.is_a?(Symbol) -- cgit From 087480bf6368edffcc0e8c6ea22d018e186bcab8 Mon Sep 17 00:00:00 2001 From: Luke Kanies Date: Fri, 13 Jun 2008 11:39:04 -0500 Subject: Replacing all two-space indents with four-space --- lib/puppet/network/http/mongrel/rest.rb | 2 +- .../database/001_add_created_at_to_all_tables.rb | 28 +++++++++++----------- 2 files changed, 15 insertions(+), 15 deletions(-) (limited to 'lib') diff --git a/lib/puppet/network/http/mongrel/rest.rb b/lib/puppet/network/http/mongrel/rest.rb index d1257d5cb..520ad67f0 100644 --- a/lib/puppet/network/http/mongrel/rest.rb +++ b/lib/puppet/network/http/mongrel/rest.rb @@ -2,7 +2,7 @@ require 'puppet/network/http/handler' class Puppet::Network::HTTP::MongrelREST < Mongrel::HttpHandler - include Puppet::Network::HTTP::Handler + include Puppet::Network::HTTP::Handler def initialize(args={}) super() diff --git a/lib/puppet/rails/database/001_add_created_at_to_all_tables.rb b/lib/puppet/rails/database/001_add_created_at_to_all_tables.rb index 71ee6aeed..d1035b0db 100644 --- a/lib/puppet/rails/database/001_add_created_at_to_all_tables.rb +++ b/lib/puppet/rails/database/001_add_created_at_to_all_tables.rb @@ -1,17 +1,17 @@ class AddCreatedAtToAllTables < ActiveRecord::Migration - def self.up - ActiveRecord::Base.connection.tables.each do |t| - unless ActiveRecord::Base.connection.columns(t).collect {|c| c.name}.include?("created_at") - add_column t.to_s, :created_at, :datetime - end - end - end + def self.up + ActiveRecord::Base.connection.tables.each do |t| + unless ActiveRecord::Base.connection.columns(t).collect {|c| c.name}.include?("created_at") + add_column t.to_s, :created_at, :datetime + end + end + end - def self.down - ActiveRecord::Base.connection.tables.each do |t| - unless ActiveRecord::Base.connection.columns(t).collect {|c| c.name}.include?("created_at") - remove_column t.to_s, :created_at - end - end - end + def self.down + ActiveRecord::Base.connection.tables.each do |t| + unless ActiveRecord::Base.connection.columns(t).collect {|c| c.name}.include?("created_at") + remove_column t.to_s, :created_at + end + end + end end -- cgit From d816614a151a4c74751d569e8d2ac48b941d5f46 Mon Sep 17 00:00:00 2001 From: Luke Kanies Date: Fri, 13 Jun 2008 13:40:13 -0500 Subject: Fixing #1362 -- I had previously removed a stub point needed for testing. There was a save_object method in the http/handler module, but it seemed unnecessary and was undocumented. I don't know I missed it causing failures, but I've added it back with appropriate documention. --- lib/puppet/network/http/handler.rb | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/puppet/network/http/handler.rb b/lib/puppet/network/http/handler.rb index 8c6abde8a..3c14c8a40 100644 --- a/lib/puppet/network/http/handler.rb +++ b/lib/puppet/network/http/handler.rb @@ -48,10 +48,16 @@ module Puppet::Network::HTTP::Handler raise ArgumentError, "No data to save" if !data or data.empty? args = params(request) obj = model.from_yaml(data) - result = obj.save(args).to_yaml + result = save_object(obj, args).to_yaml encode_result(request, response, result) end + # LAK:NOTE This has to be here for testing; it's a stub-point so + # we keep infinite recursion from happening. + def save_object(object, args) + object.save(args) + end + def do_exception(request, response, exception, status=404) encode_result(request, response, exception.to_yaml, status) end -- cgit