4 files changed, 126 insertions, 8 deletions

diff --git a/lib/puppet/parser/functions/fqdn_rand_string.rb b/lib/puppet/parser/functions/fqdn_rand_string.rb
new file mode 100644
index 0000000..785c9fd
--- /dev/null
+++ b/lib/puppet/parser/functions/fqdn_rand_string.rb
@@ -0,0 +1,34 @@
+Puppet::Parser::Functions::newfunction(
+  :fqdn_rand_string,
+  :arity => -2,
+  :type => :rvalue,
+  :doc => "Usage: `fqdn_rand_string(LENGTH, [CHARSET], [SEED])`. LENGTH is
+  required and must be a positive integer. CHARSET is optional and may be
+  `undef` or a string. SEED is optional and may be any number or string.
+
+  Generates a random string LENGTH characters long using the character set
+  provided by CHARSET, combining the `$fqdn` fact and the value of SEED for
+  repeatable randomness. (That is, each node will get a different random
+  string from this function, but a given node's result will be the same every
+  time unless its hostname changes.) Adding a SEED can be useful if you need
+  more than one unrelated string. CHARSET will default to alphanumeric if
+  `undef` or an empty string.") do |args|
+    raise(ArgumentError, "fqdn_rand_string(): wrong number of arguments (0 for 1)") if args.size == 0
+    Puppet::Parser::Functions.function('is_integer')
+    raise(ArgumentError, "fqdn_rand_base64(): first argument must be a positive integer") unless function_is_integer([args[0]]) and args[0].to_i > 0
+    raise(ArgumentError, "fqdn_rand_base64(): second argument must be undef or a string") unless args[1].nil? or args[1].is_a? String
+
+    Puppet::Parser::Functions.function('fqdn_rand')
+
+    length = args.shift.to_i
+    charset = args.shift.to_s.chars.to_a
+
+    charset = (0..9).map { |i| i.to_s } + ('A'..'Z').to_a + ('a'..'z').to_a if charset.empty?
+
+    rand_string = ''
+    for current in 1..length
+      rand_string << charset[function_fqdn_rand([charset.size, (args + [current.to_s]).join(':')]).to_i]
+    end
+
+    rand_string
+end
diff --git a/lib/puppet/parser/functions/pw_hash.rb b/lib/puppet/parser/functions/pw_hash.rb
new file mode 100644
index 0000000..ad3e393
--- /dev/null
+++ b/lib/puppet/parser/functions/pw_hash.rb
@@ -0,0 +1,56 @@
+Puppet::Parser::Functions::newfunction(
+  :pw_hash,
+  :type => :rvalue,
+  :arity => 3,
+  :doc => "Hashes a password using the crypt function. Provides a hash
+  usable on most POSIX systems.
+
+  The first argument to this function is the password to hash. If it is
+  undef or an empty string, this function returns undef.
+
+  The second argument to this function is which type of hash to use. It
+  will be converted into the appropriate crypt(3) hash specifier. Valid
+  hash types are:
+
+  |Hash type            |Specifier|
+  |---------------------|---------|
+  |MD5                  |1        |
+  |SHA-256              |5        |
+  |SHA-512 (recommended)|6        |
+
+  The third argument to this function is the salt to use.
+
+  Note: this uses the Puppet Master's implementation of crypt(3). If your
+  environment contains several different operating systems, ensure that they
+  are compatible before using this function.") do |args|
+    raise ArgumentError, "pw_hash(): wrong number of arguments (#{args.size} for 3)" if args.size != 3
+    raise ArgumentError, "pw_hash(): first argument must be a string" unless args[0].is_a? String or args[0].nil?
+    raise ArgumentError, "pw_hash(): second argument must be a string" unless args[1].is_a? String
+    hashes = { 'md5'     => '1',
+               'sha-256' => '5',
+               'sha-512' => '6' }
+    hash_type = hashes[args[1].downcase]
+    raise ArgumentError, "pw_hash(): #{args[1]} is not a valid hash type" if hash_type.nil?
+    raise ArgumentError, "pw_hash(): third argument must be a string" unless args[2].is_a? String
+    raise ArgumentError, "pw_hash(): third argument must not be empty" if args[2].empty?
+    raise ArgumentError, "pw_hash(): characters in salt must be in the set [a-zA-Z0-9./]" unless args[2].match(/\A[a-zA-Z0-9.\/]+\z/)
+
+    password = args[0]
+    return nil if password.nil? or password.empty?
+
+    # handle weak implementations of String#crypt
+    if 'test'.crypt('$1$1') != '$1$1$Bp8CU9Oujr9SSEw53WV6G.'
+      # JRuby < 1.7.17
+      if RUBY_PLATFORM == 'java'
+        # override String#crypt for password variable
+        def password.crypt(salt)
+          # puppetserver bundles Apache Commons Codec
+          org.apache.commons.codec.digest.Crypt.crypt(self.to_java_bytes, salt)
+        end
+      else
+        # MS Windows and other systems that don't support enhanced salts
+        raise Puppet::ParseError, 'system does not support enhanced salts'
+      end
+    end
+    password.crypt("$#{hash_type}$#{args[2]}")
+end
diff --git a/lib/puppet/provider/file_line/ruby.rb b/lib/puppet/provider/file_line/ruby.rb
index ae1a8b3..e7854f0 100644
--- a/lib/puppet/provider/file_line/ruby.rb
+++ b/lib/puppet/provider/file_line/ruby.rb
@@ -34,13 +34,22 @@ Puppet::Type.type(:file_line).provide(:ruby) do
 
   def handle_create_with_match()
     regex = resource[:match] ? Regexp.new(resource[:match]) : nil
+    regex_after = resource[:after] ? Regexp.new(resource[:after]) : nil
     match_count = count_matches(regex)
+
     if match_count > 1 && resource[:multiple].to_s != 'true'
      raise Puppet::Error, "More than one line in file '#{resource[:path]}' matches pattern '#{resource[:match]}'"
     end
+
     File.open(resource[:path], 'w') do |fh|
       lines.each do |l|
         fh.puts(regex.match(l) ? resource[:line] : l)
+        if (match_count == 0 and regex_after)
+          if regex_after.match(l)
+            fh.puts(resource[:line])
+            match_count += 1 #Increment match_count to indicate that the new line has been inserted.
+          end
+        end
       end
 
       if (match_count == 0)
@@ -78,7 +87,10 @@ Puppet::Type.type(:file_line).provide(:ruby) do
   #
   # @api private
   def append_line
-    File.open(resource[:path], 'a') do |fh|
+    File.open(resource[:path], 'w') do |fh|
+      lines.each do |l|
+        fh.puts(l)
+      end
       fh.puts resource[:line]
     end
   end
diff --git a/lib/puppet/type/file_line.rb b/lib/puppet/type/file_line.rb
index df263e6..29f9538 100644
--- a/lib/puppet/type/file_line.rb
+++ b/lib/puppet/type/file_line.rb
@@ -3,9 +3,9 @@ Puppet::Type.newtype(:file_line) do
   desc <<-EOT
     Ensures that a given line is contained within a file.  The implementation
     matches the full line, including whitespace at the beginning and end.  If
-    the line is not contained in the given file, Puppet will add the line to
-    ensure the desired state.  Multiple resources may be declared to manage
-    multiple lines in the same file.
+    the line is not contained in the given file, Puppet will append the line to
+    the end of the file to ensure the desired state.  Multiple resources may 
+    be declared to manage multiple lines in the same file.
 
     Example:
 
@@ -13,6 +13,7 @@ Puppet::Type.newtype(:file_line) do
           path => '/etc/sudoers',
           line => '%sudo ALL=(ALL) ALL',
         }
+
         file_line { 'sudo_rule_nopw':
           path => '/etc/sudoers',
           line => '%sudonopw ALL=(ALL) NOPASSWD: ALL',
@@ -21,6 +22,18 @@ Puppet::Type.newtype(:file_line) do
     In this example, Puppet will ensure both of the specified lines are
     contained in the file /etc/sudoers.
 
+    Match Example:
+
+        file_line { 'bashrc_proxy':
+          ensure => present,
+          path   => '/etc/bashrc',
+          line   => 'export HTTP_PROXY=http://squid.puppetlabs.vm:3128',
+          match  => '^export\ HTTP_PROXY\=',
+        }
+
+    In this code example match will look for a line beginning with export 
+    followed by HTTP_PROXY and replace it with the value in line.
+
     **Autorequires:** If Puppet is managing the file that will contain the line
     being managed, the file_line resource will autorequire that file.
 
@@ -36,12 +49,15 @@ Puppet::Type.newtype(:file_line) do
   end
 
   newparam(:match) do
-    desc 'An optional regular expression to run against existing lines in the file;\n' +
-        'if a match is found, we replace that line rather than adding a new line.'
+    desc 'An optional ruby regular expression to run against existing lines in the file.' + 
+         ' If a match is found, we replace that line rather than adding a new line.' +
+         ' A regex comparisson is performed against the line value and if it does not' +
+         ' match an exception will be raised. '
   end
 
   newparam(:multiple) do
-    desc 'An optional value to determine if match can change multiple lines.'
+    desc 'An optional value to determine if match can change multiple lines.' +
+         ' If set to false, an exception will be raised if more than one line matches'
     newvalues(true, false)
   end
 
@@ -50,7 +66,7 @@ Puppet::Type.newtype(:file_line) do
   end
 
   newparam(:line) do
-    desc 'The line to be appended to the file located by the path parameter.'
+    desc 'The line to be appended to the file or used to replace matches found by the match attribute.'
   end
 
   newparam(:path) do