Merge branch 'maint'

Conflicts:
	doc/client/tools/actions.txt
	schemas/authorizedkeys.xsd
	src/lib/Bcfg2/Client/Frame.py
	src/lib/Bcfg2/Server/Plugin/helpers.py
	src/lib/Bcfg2/Server/Plugins/Bundler.py
	testsuite/Testsrc/Testlib/TestServer/TestPlugin/Testhelpers.py

2 files changed, 62 insertions, 11 deletions

diff --git a/schemas/authorizedkeys.xsd b/schemas/authorizedkeys.xsd
index 20e568a07..c3cd50181 100644
--- a/schemas/authorizedkeys.xsd
+++ b/schemas/authorizedkeys.xsd
@@ -49,6 +49,42 @@
     <xsd:attributeGroup ref="py:genshiAttrs"/>
   </xsd:complexType>
 
+  <xsd:complexType name="OptionContainerType">
+    <xsd:annotation>
+      <xsd:documentation>
+        An **OptionContainerType** is a tag used to provide logic.
+        Child entries of an OptionContainerType tag only apply to
+        machines that match the condition specified -- either
+        membership in a group, or a matching client name.
+        :xml:attribute:`OptionContainerType:negate` can be set to
+        negate the sense of the match.
+      </xsd:documentation>
+    </xsd:annotation>
+    <xsd:choice minOccurs="0" maxOccurs="unbounded">
+      <xsd:element name="Group" type="OptionContainerType"/>
+      <xsd:element name="Client" type="OptionContainerType"/>
+      <xsd:element name="Option" type="AuthorizedKeysOptionType"/>
+    </xsd:choice>
+    <xsd:attribute name='name' type='xsd:string'>
+      <xsd:annotation>
+        <xsd:documentation>
+          The name of the client or group to match on.  Child entries
+          will only apply to this client or group (unless
+          :xml:attribute:`OptionContainerType:negate` is set).
+        </xsd:documentation>
+      </xsd:annotation>
+    </xsd:attribute>
+    <xsd:attribute name='negate' type='xsd:boolean'>
+      <xsd:annotation>
+        <xsd:documentation>
+          Negate the sense of the match, so that child entries only
+          apply to a client if it is not a member of the given group
+          or does not have the given name.
+        </xsd:documentation>
+      </xsd:annotation>
+    </xsd:attribute>
+  </xsd:complexType>
+
   <xsd:complexType name="AllowType" mixed="true">
     <xsd:annotation>
       <xsd:documentation>
@@ -58,7 +94,9 @@
     </xsd:annotation>
     <xsd:choice minOccurs="0" maxOccurs="unbounded">
       <xsd:group ref="py:genshiElements"/>
-      <xsd:element name="Params" type="AuthorizedKeysParamsType"/>
+      <xsd:element name="Group" type="OptionContainerType"/>
+      <xsd:element name="Client" type="OptionContainerType"/>
+      <xsd:element name="Option" type="AuthorizedKeysOptionType"/>
     </xsd:choice>
     <xsd:attribute name="from" type="xsd:string">
       <xsd:annotation>
@@ -86,16 +124,28 @@
     <xsd:attributeGroup ref="py:genshiAttrs"/>
   </xsd:complexType>
 
-  <xsd:complexType name="AuthorizedKeysParamsType">
+  <xsd:complexType name="AuthorizedKeysOptionType">
     <xsd:annotation>
       <xsd:documentation>
-        Specify parameters for public key authentication and
-        connection.  See :manpage:`sshd(8)` for details on allowable
-        parameters.
+        Specify options for public key authentication and connection.
+        See :manpage:`sshd(8)` for details on allowable options.
       </xsd:documentation>
     </xsd:annotation>
-    <xsd:attributeGroup ref="py:genshiAttrs"/>
-    <xsd:anyAttribute processContents="lax"/>
+    <xsd:attribute name="name" type="xsd:string" use="required">
+      <xsd:annotation>
+        <xsd:documentation>
+          The name of the sshd option.
+        </xsd:documentation>
+      </xsd:annotation>
+    </xsd:attribute>
+    <xsd:attribute name="value" type="xsd:string">
+      <xsd:annotation>
+        <xsd:documentation>
+          The value of the sshd option.  This can be omitted for
+          options that take no value.
+        </xsd:documentation>
+      </xsd:annotation>
+    </xsd:attribute>
   </xsd:complexType>
 
   <xsd:complexType name="AuthorizedKeysType">
diff --git a/schemas/types.xsd b/schemas/types.xsd
index 5dec03cdb..5abc35144 100644
--- a/schemas/types.xsd
+++ b/schemas/types.xsd
@@ -115,7 +115,10 @@
     <xsd:attribute type='ActionTimingEnum' name='timing'>
       <xsd:annotation>
         <xsd:documentation>
-          When the action is run.
+          When the action is run. Actions with "pre" timing are run
+          after important entries have been installed and before
+          bundle entries are installed. Actions with "post" timing
+          are run after bundle entries are installed.
         </xsd:documentation>
       </xsd:annotation>
     </xsd:attribute>
@@ -123,9 +126,7 @@
       <xsd:annotation>
         <xsd:documentation>
           If the action is always run, or is only run when a bundle
-          has been modified.  Actions that run before bundle
-          installation ("pre" and "both") ignore the setting of
-          ``when`` and are always run regardless.
+          has been modified.  
         </xsd:documentation>
       </xsd:annotation>
     </xsd:attribute>