I've seen a number of times the following error displayed to the end
user:
validate_re(): "" does not match "^true$|^false$" at /p/t/f.pp:40
This is an absolutely horrific error message. I'm to blame for it.
Users stumble over this quite often and they shouldn't have to go read
the code to sort out what's happening.
This patch makes an effort to fix the problem by adding a third,
optional, argument to validate_re(). This third argument will be the
message thrown back in the exception which will be displayed to the end
user.
This sets the stage for nicer error messages coming from modules we
write.
This patch is backwards compatible but is a new feature.
This patch adds a new function to validate if a string is an absolute
filesystem path or not.
The intent of this is to make this functionality generic and reusable.
Josh left a comment in another pull request I had:
If node_installdir or $node_vardir is not defined, then we should
raise an error, otherwise we may create a scheduled task to an
untrusted directory.
One solution to this comment is to validate the Puppet variable is an
absolute path.
Examples of this function look like:
function_validate_absolute_path
Using Puppet::Parser::Scope.new
Garbage inputs
validate_absolute_path(nil) should fail
validate_absolute_path([nil]) should fail
validate_absolute_path({"foo"=>"bar"}) should fail
validate_absolute_path({}) should fail
validate_absolute_path("") should fail
relative paths
validate_absolute_path("relative1") should fail
validate_absolute_path(".") should fail
validate_absolute_path("..") should fail
validate_absolute_path("./foo") should fail
validate_absolute_path("../foo") should fail
validate_absolute_path("etc/puppetlabs/puppet") should fail
validate_absolute_path("opt/puppet/bin") should fail
absolute paths
validate_absolute_path("C:/") should not fail
validate_absolute_path("C:\\") should not fail
validate_absolute_path("C:\\WINDOWS\\System32") should not fail
validate_absolute_path("C:/windows/system32") should not fail
validate_absolute_path("X:/foo/bar") should not fail
validate_absolute_path("X:\\foo\\bar") should not fail
validate_absolute_path("/var/tmp") should not fail
validate_absolute_path("/var/lib/puppet") should not fail
validate_absolute_path("/var/opt/../lib/puppet") should not fail
validate_absolute_path("C:\\Program Files (x86)\\Puppet Labs\\Puppet Enterprise") should not fail
validate_absolute_path("C:/Program Files (x86)/Puppet Labs/Puppet Enterprise") should not fail
Finished in 0.05637 seconds
23 examples, 0 failures
On Windows, we have no folders that match up to the default set of
directories the facter_dot_d fact looks in by default. This is a
problem because the Puppet Enterprise installer writes out the following
facts by default, and our modules require them to be present:
% cat /etc/puppetlabs/facter/facts.d/puppet_enterprise_installer.txt
fact_stomp_port=61613
fact_stomp_server=puppetmaster
fact_is_puppetagent=true
fact_is_puppetmaster=true
fact_is_puppetconsole=true
On windows, the Puppet confdir is quite variable. On 2003 systems we
default to the All Users application data directory. On 2008 systems we
default to the ProgramData directory. The actual configuration
directory varies depending on the Puppet or Puppet Enterprise branding.
In order to simplify all of this variable behavior, this patch fixes the
problem by automatically looking for facts in
`%COMMON_APPDATA%/PuppetLabs/facter/facts.d`
This patch paves the way for the MSI installer to use an IniFile element
to write custom facts during installation.
Without this patch the PE modules don't have a way to identify a
filesystem path where it's OK to place variable data related to managing
the target node. This is a problem when a module like pe_compliance
needs to write a wrapper script to the node's filesystem.
This patch addresses the problem by exposing the node's Puppet[:vardir]
setting as a Facter fact.
This fact value will be set to `nil` if Puppet is not loaded into
memory. If Puppet is loaded, e.g. using `facter --puppet` or using
`puppet agent` or `puppet apply` then the fact will automatically set
the value to Puppet[:vardir]
The value of this setting is subject to Puppet's run_mode.
This patch implements a new utility method in the standard library
module named `Facter::Util::PuppetSettings.with_puppet`. The method
accepts a block and will only invoke the block if the Puppet library is
loaded into the Ruby process. If Puppet is not loaded, the method
always returns nil. This makes it easy to define Facter facts that only
give values if Puppet is loaded in memory.
Without this patch the root_home fact fails on windows. This patch
fixes the problem by only calling methods on the object returned by the
`getent passwd root` command if the object evaluates to true.
Because there is no root account on Windows the code block simply
returns `nil` which makes the Facter fact undefined on Windows
platforms.
The root cause of the failure is that we always expected the command to
succeed and return something useful, and it may not on all supported
platforms.
This function is used to validate a string is less than a maximum length. The
string, or array of strings, is passed as the first argument to the function.
The maximum length of the string is passed as the second argument.
It is useful to validate, for example, that Puppet is not sending a username
to a downstream system that the system cannot cope with, but that might not
cause an error message - for example, MySQL will not accept a username of
more than 16 characters. This enables a Puppet administrator to validate
the data that it may have been passed from upstream through, for example,
Hiera.
* Implement a simple destroy method.
* Add tests for it
* Refactor code, so file is actually read only once. However, due
to the nature how provider tests are run, we need to ensure that
the file is read before we open it to write it.
Without this patch an infinite loop will be entered if the json and
rubygems libraries are not available.
This patch fixes the problem by retrying the `require 'json'` only if
rubygems was successfully loaded for the first time. Subsequent
attempts to load rubygems will cause the LoadError exception from a
missing json library to be re-raised.
Thanks to Krzysztof Wilczynski for pointing out this issue.
OS X 10.7 introduced salted-SHA512 password hashes as opposed to the
older LANMAN + SHA1 hashes. To assist in generating properly-formatted
password hashes, this commit adds the str2saltedsha512() function which
accepts a single string argument (the password) and returns a
salted-SHA512 password hash which can be fed as the password attribute
of a user resource in OS X 10.7.
Spec tests are also added to ensure that functionality isn't broken with
future commits.
* v2.1.x:
(maint) Add semantic versioning info to README
Docs: Clarify the use case for the anchor type
Docs: Remove author emails from stdlib functions
Docs: Copyedit function doc strings
Docs: Correct indentation of markdown code examples
Docs: Update documentation of stdlib classes
Docs: Update file_line documentation
Docs: Improve example in merge function
* v2.x:
Docs: Clarify the use case for the anchor type
Docs: Remove author emails from stdlib functions
Docs: Copyedit function doc strings
Docs: Correct indentation of markdown code examples
Docs: Update documentation of stdlib classes
Docs: Update file_line documentation
Docs: Improve example in merge function
This commit adds a new function called get_module_path.
get_module_path returns the absolute path of a specified module. The
code and functionality is very similar to how templates and files
are detected inside of modules.
the function has been tested against puppet 2.6.10 and 2.7.x
Without this patch applied, the stdlib module does not provide a
root_home fact. This fact is necessary to easily determine the root
account home directory on platforms Puppet is supported on.
The major variations this fact address are:
---
solaris: /
linux: /root
macosx: /var/root
Spec tests using rspec have been provided as well to cover these three
general cases. Windows tests are marked as pending.
Author email addresses were included in the doc strings for some (but not all)
stdlib functions. This commit removes them in the interest of consistency.
Code examples in several function doc strings were only indented by two
spaces, which would not result in proper display when rendered as HTML. This
commit corrects the indentation to four spaces.
This commit replaces the example in the merge function with a much clearer
one. It also mentions that the rightmost value wins in the event of duplicated
hash keys.
Based on feedback from Luke, the facts.d directory should at least match
the directory that will be used by Facter 2.0.
Reading #2157 I believe the Facter 2.0 facts.d feature is reasonably API
compatible with this custom fact from R.I. so I'm comfortable using the
same filesystem path.
Change in behavior: Now look for facts in:
* /etc/facter/facts.d
* /etc/puppetlabs/facter/facts.d
This fact is a direct copy of R.I.'s work at
https://github.com/ripienaar/facter-facts
This is necessary plumbing to allow the installer to write a simple text
file based on the role the node is receiving. For example:
$ cat /etc/puppetlabs/facts.d/puppet_enterprise_mcollective.txt
fact_stomp_port=61613
fact_stomp_server=puppetmaster
fact_is_puppetagent=true
fact_is_puppetmaster=true
The mcollectivepe module relies on these facts being set and we need a
persistent place to write them during the interview process and later
read them when puppet agent runs to configure MCollective on the agent
systems.
Since stdlib is a public module, both /etc/facts.d and
/etc/puppetlabs/facts.d are scanned for static facts.
certificates from a CA (or locally).
This function works by either obtaining the file locally
or remotely based on Puppets configuration.
Also added get_pubkey which wraps get_certificate and extracts the
public key.
Closes pull request #12
Reviewed-by: Jeff McCune
Verified all spec tests pass using rspec **/*_spec.rb
* issue/master/8797_puppetlabs-functions_merge: (164 commits)
* Moved kwalify to puppetlabs-kwalify project * Re-arranged tests in line with puppetlabs-stdlib
Prep for stdlib merge * Renamed load_yaml & load_json to parseyaml & parsejson * Renamed is_valid_* functions and remove the 'valid_'
Fix some ruby 1.9.2 issues.
(#3) Provide documentation for remaining functions.
(#3) Apply missing documentation to more functions.
Remove rand.
Some improvements to values_at tests.
(#1) provide some more detailed tests for a number of functions.
Removed date stub since this functinality is available in strftime anyway.
(#2) fix is_string finally so it also makes sure numbers return false.
(#2) unstub is_valid_domain_name
Added doc strings for first five functions
Removed join_with_prefix.
(#2) unstub is_valid_mac_address.
Allow sort for strings.
Count functionality overlaps with size - so removing it.
Removed crontab functions instead of unstubbing them.
Removed load_variables. load_yaml is sufficient to solve this problem on its own.
Remove is_valid_netmask instead of unstubbing. Doesn't seem like a sensible function on its own.
(#2) unstub is_numeric function.
...
It was decided that maintaining puppetlabs-functions and
puppetlabs-stdlib was duplication as both are trying to
achieve the same goal.
This patch provides a merge of the puppetlabs-functions
into the puppetlabs-stdlib repository, with history
preservation.
The following conflicts were found and resolved:
* LICENSE file from functions was used as it aligns with
ASL usage instructions and contains relevant copyright
information:
http://www.apache.org/licenses/LICENSE-2.0.html
* Used spec_helper.rb from functions - this is what
Puppet core uses and doesn't break tests.
* Merged .gitignore and spec.opts options.
Without this patch the resource whole_line would be included in the
stable stdlib module shipping in PE 1.2. Ideally the name will be
stable and unchanging in the future.
There was quite a bit of concern over whole_line being an unwise name.
file_line appears to be the most suitable name and least likely to need
another rename in the future.
The accounts module is making use of validate_array() and
validate_string() which do not exist int he stdlib module without this
patch.
This patch adds the two functions to the stdlib with unit tests.
Reviewed-by: Dan Bode
The previous behavior of the merge() function used Array#inject with two
arguments. Ruby 1.8.5 only supports inject being used with one
argument.
This change initializes and empty Hash object and merges each argument
into the accumulator. The last argument still "wins" in the merge.
rspec tests (cd spec; rspec **/*_spec.rb) verified as passing with this
change.
Reviewed-by: Dan Bode
In Puppet, it is not possible to reassign hash
values.
This function allows a reasonable way to perform
hash munging in Puppet.
Reviewed-by: Jeff McCune
It is difficult to use existance of keys in a hash
as a boolean condition in Puppet (see #8705)
This function provides a working solution until
the underlying issue in Puppet can be resolved.
Reviewed-by: Jeff McCune
This change adds a loadyaml() puppet function that takes a path to a
YAML data file and returns the contents as a Puppet variable. There is
currently no validation of the contents of the file.
This commit is intentionally lacking unit tests because of time
constraints.
Reviewed-by: Dan Bode
This commit adds a native type that can check if
a line exists and append it to a file.
This use case seems common enough to warrant its
inclusion into stdlib.
Reviewed-by: Jeff McCune
This isn't directly related to #8010, but rather indirectly fills the
need to allow the end user to configure where data values are looked up.
This allows the namespace to be passed as a class parameter. A module
may then quickly and easily look up data from the user-defined
namespace.
With Puppet 2.6.x we do not have a way to specify containment
relationships. In the use case of class ntp { } declaring
ntp::{package,config,service} classes, the ntp class itself should allow
the user to specify before and require relationships to the main ntp
class.
The anchor resource type allows module authors to close the loop on
classes composing the main top level module. For example:
class ntp {
class { 'ntp::package': }
-> class { 'ntp::config': }
-> class { 'ntp::service': }
# These two resources "anchor" the composed classes
# such that the end user may use "require" and "before"
# relationships with Class['ntp']
anchor { 'ntp::begin': } -> class { 'ntp::package': }
class { 'ntp::service': } -> anchor { 'ntp::end': }
}
Using this pattern, the module user may then simply declare relationships to
the ntp class as they expect:
class { 'ntp': } -> class { 'mcollective': }
# OR
class { 'mcollective': } -> class { 'ntp': }
This function aborts catalog compilation if any of the passed
values are not true or false. Note, this catches the string
values of true and false correct and will abort catalog
compilation if they are not boolean values.
Paired-with: Dan Bode <dan@puppetlabs.com>
While developing Puppet Modules with class parameters, data from the
user should be validated as per the Style Guide. Puppet should fail
early and hard in the situation of invalid data being passed into the
module.
This function provides a more concise method to the alternative of using
if statements in the Puppet manifests.