bolt 0.10.0 → 0.11.0

data/vendored/puppet/lib/puppet/pops/loader/static_loader.rb

@@ -6,7 +6,7 @@ module Loader
 class StaticLoader < Loader
 
   BUILTIN_TYPE_NAMES = %w{
-      Auegas
+      Augeas
       Component
       Computer
       Cron

data/vendored/puppet/lib/puppet/pops/loader/task_instantiator.rb

@@ -4,7 +4,6 @@ module Puppet::Pops
 module Loader
 class TaskInstantiator
   def self.create(loader, typed_name, source_refs)
-    ensure_initialized
     name = typed_name.name
     metadata = nil
     task_source = nil
@@ -23,95 +22,47 @@ class TaskInstantiator
       raise ArgumentError, _('No source besides task metadata was found in directory %{directory} for task %{name}') %
         { name: name, directory: File.dirname(source_refs[0]) }
     end
-    create_task_type(loader, typed_name, task_source, metadata)
+    create_task(loader, name, task_source, metadata)
   end
 
-  def self.create_task_type(loader, typed_name, task_source, metadata)
+  def self.create_task(loader, name, task_source, metadata)
     if metadata.nil?
-      create_task_type_from_hash(loader, typed_name, task_source, EMPTY_HASH)
+      create_task_from_hash(loader, name, task_source, EMPTY_HASH)
     else
       json_text = loader.get_contents(metadata)
       begin
-        hash = JSON.parse(json_text) || EMPTY_HASH
-        Types::TypeAsserter.assert_instance_of(nil, @type_hash_t, hash) { _('The metadata for task %{name}') % { name: typed_name.name } }
-        create_task_type_from_hash(loader, typed_name, task_source, hash)
+        create_task_from_hash(loader, name, task_source, JSON.parse(json_text) || EMPTY_HASH)
       rescue JSON::ParserError => ex
         raise Puppet::ParseError.new(ex.message, metadata)
       rescue Types::TypeAssertionError => ex
         # Not strictly a parser error but from the users perspective, the file content didn't parse properly. The
         # ParserError also conveys file info (even though line is unknown)
-        raise Puppet::ParseError.new(ex.message, metadata)
+        msg = _('Failed to load metadata for task %{name}: %{reason}') % { :name => name, :reason => ex.message }
+        raise Puppet::ParseError.new(msg, metadata)
       end
     end
   end
 
-  def self.ensure_initialized
-    return if @initialized
-    @initialized = true
-
-    tf = Types::TypeFactory
-    params_t = tf.hash_kv(
-      Types::Task::PARAMETER_NAME_PATTERN,
-      tf.struct(
-        tf.optional('description') => tf.string,
-        tf.optional('type') => Types::PStringType::NON_EMPTY,
-        tf.optional('sensitive') => tf.boolean
-      )
-    )
-
-    @type_hash_t = tf.struct(
-      tf.optional('description') => tf.string,
-      tf.optional('puppet_task_version') => tf.integer,
-      tf.optional('supports_noop') => tf.boolean,
-      tf.optional('input_method') => tf.enum('stdin', 'environment'),
-      'parameters' => params_t,
-      tf.optional('output') => params_t
-    )
-  end
-
-  def self.create_task_type_from_hash(loader, typed_name, task_source, hash)
-    attributes = {}
-    constants = {}
-    parameters_entry_found = false
+  def self.create_task_from_hash(loader, name, task_source, hash)
+    arguments = {
+      'name' => name,
+      'executable' => task_source
+    }
     hash.each_pair do |key, value|
-      if 'parameters' == key
-        parameters_entry_found = true
-        value.each_pair do |param_name, param_decl|
-          attributes[param_name] = create_attribute(loader, param_decl)
+      if 'parameters' == key || 'output' == key
+        ps = {}
+        value.each_pair do |k, v|
+          pd = v.dup
+          t = v['type']
+          pd['type'] = t.nil? ? Types::TypeFactory.data : Types::TypeParser.singleton.parse(t, loader)
+          ps[k] = pd
         end
-      else
-        constants[key] = value
+        value = ps
       end
+      arguments[key] = value
     end
 
-    if parameters_entry_found
-      parent_type = 'Task'
-    else
-      # No entry means any parameters
-      attributes = EMPTY_HASH
-      parent_type = 'GenericTask'
-    end
-
-    constants['executable'] = Pathname(task_source).relative_path_from(Pathname(loader.path) + 'tasks').to_s
-
-    Types::TypeFactory.object(
-      {
-        'name' => Types::TypeFormatter.singleton.capitalize_segments(typed_name.name),
-        'parent' => Types::TypeParser.singleton.parse(parent_type, loader),
-        'attributes' => attributes,
-        'constants' => constants
-      }, loader)
-  end
-
-  def self.create_attribute(loader, param_decl)
-    result = {}
-    type = Types::TypeParser.singleton.parse(param_decl['type'] || 'Data', loader)
-
-    # Treat OptionalType as optional attribute entry, i.e. provide a default of undef
-    result['value'] = nil if type.is_a?(Types::POptionalType)
-
-    result['type'] = type
-    result
+    Types::TypeFactory.task.from_hash(arguments)
   end
 end
 end

data/vendored/puppet/lib/puppet/pops/lookup/hiera_config.rb

@@ -543,8 +543,8 @@ class HieraConfigV5 < HieraConfig
     tf = Types::TypeFactory
     nes_t = Types::PStringType::NON_EMPTY
 
-    # Need alias here to avoid ridiculously long regexp burp in case of validation errors.
-    uri_t = Pcore::TYPE_URI_ALIAS
+    # Validated using Ruby URI implementation
+    uri_t = Types::PStringType::NON_EMPTY
 
     # The option name must start with a letter and end with a letter or digit. May contain underscore and dash.
     option_name_t = tf.pattern(/\A[A-Za-z](:?[0-9A-Za-z_-]*[0-9A-Za-z])?\z/)

data/vendored/puppet/lib/puppet/pops/parser/parser_support.rb

@@ -91,7 +91,7 @@ class Parser
   #
   def on_error(token,value,stack)
     if token == 0 # denotes end of file
-      value_at = 'end of file'
+      value_at = 'end of input'
     else
       value_at = "'#{value[:value]}'"
     end

data/vendored/puppet/lib/puppet/pops/pcore.rb

@@ -40,7 +40,6 @@ module Pcore
     add_alias('Pcore::QRef', TYPE_QUALIFIED_REFERENCE, loader)
 
     if Puppet[:tasks]
-      require_relative 'types/task'
       require_relative 'types/execution_result'
 
       add_object_type('Target', <<-PUPPET, loader)
@@ -51,6 +50,49 @@ module Pcore
         }
       }
       PUPPET
+
+      add_object_type('Task', <<-PUPPET, loader)
+        {
+          attributes => {   
+            # Fully qualified name of the task
+            name => { type => Pattern[/\\A[a-z][a-z0-9_]*(?:::[a-z][a-z0-9_]*)*\\z/] },
+
+            # Full path to executable
+            executable => { type => String },
+
+            # Task description
+            description => { type => Optional[String], value => undef },
+
+            # Puppet Task version
+            puppet_task_version => { type => Integer, value => 1 },
+  
+            # Type, description, and sensitive property of each parameter 
+            parameters => {
+              type => Optional[Hash[
+                Pattern[/\\A[a-z][a-z0-9_]*\\z/],
+                Struct[
+                  Optional[description] => String,
+                  Optional[sensitive] => Boolean,
+                  type => Type[Optional[Data]]]]],
+              value => undef
+            },
+
+             # Type, description, and sensitive property of each output 
+            output => {
+              type => Optional[Hash[
+                Pattern[/\\A[a-z][a-z0-9_]*\\z/],
+                Struct[
+                  Optional[description] => String,
+                  Optional[sensitive] => Boolean,
+                  type => Type[Optional[Data]]]]],
+              value => undef
+            },
+ 
+            supports_noop => { type => Boolean, value => false },
+            input_method => { type => String, value => 'both' },
+          }
+        }
+      PUPPET
     end
     Types::TypedModelObject.register_ptypes(loader, ir)
 

data/vendored/puppet/lib/puppet/pops/types/type_factory.rb

@@ -528,6 +528,10 @@ module TypeFactory
     @target_t ||= TypeParser.singleton.parse('Target')
   end
 
+  def self.task
+    @task_t ||= TypeParser.singleton.parse('Task')
+  end
+
   # Produces a type for URI[String or Hash]
   # @api public
   #

data/vendored/puppet/lib/puppet/pops/types/types.rb

@@ -60,8 +60,6 @@ class TypedModelObject < Object
       RubyMethod.register_ptype(loader, ir),
     ]
     if Puppet[:tasks]
-      types << Task.register_ptype(loader, ir)
-      types << GenericTask.register_ptype(loader, ir)
       types << ExecutionResult.register_ptype(loader, ir)
     end
 
@@ -135,8 +133,11 @@ class PAnyType < TypedModelObject
         assignable?(o.resolved_type, guard)
       end
     when PVariantType
-      # Assignable if all contained types are assignable
-      o.types.all? { |vt| assignable?(vt, guard) }
+      # Assignable if all contained types are assignable, or if this is exactly Any
+      return true if self.class == PAnyType
+      # An empty variant may be assignable to NotUndef[T] if T is assignable to empty variant
+      return _assignable?(o, guard) if is_a?(PNotUndefType) && o.types.empty?
+      !o.types.empty? && o.types.all? { |vt| assignable?(vt, guard) }
     when POptionalType
       # Assignable if undef and contained type is assignable
       assignable?(PUndefType::DEFAULT) && (o.type.nil? || assignable?(o.type))
@@ -655,7 +656,12 @@ class PUnitType < PAnyType
 
   DEFAULT = PUnitType.new
 
+  def assignable?(o, guard=nil)
+    true
+  end
+
   protected
+
   # @api private
   def _assignable?(o, guard)
     true
@@ -2443,7 +2449,7 @@ class PCallableType < PAnyType
 
   # @api private
   def callable_args?(required_callable_t, guard)
-    # If the required callable is euqal or more specific than self, self is acceptable arguments
+    # If the required callable is equal or more specific than self, self is acceptable arguments
     required_callable_t.assignable?(self, guard)
   end
 
@@ -3020,6 +3026,20 @@ class PVariantType < PAnyType
 
   DEFAULT = PVariantType.new(EMPTY_ARRAY)
 
+  def assignable?(o, guard = nil)
+    # an empty Variant does not match Undef (it is void - not even undef)
+    if o.is_a?(PUndefType) && types.empty?
+      return false
+    end
+
+    return super unless o.is_a?(PVariantType)
+    # If empty, all Variant types match irrespective of the types they hold (including being empty)
+    return true if types.empty?
+    # Since this variant is not empty, an empty Variant cannot match, because it matches nothing
+    # otherwise all types in o must be assignable to this
+    !o.types.empty? && o.types.all? { |vt| super(vt, guard) }
+  end
+
   protected
 
   # @api private

data/vendored/puppet/lib/puppet/provider/selmodule/semodule.rb

@@ -118,11 +118,13 @@ Puppet::Type.type(:selmodule).provide(:semodule) do
   end
 
   def selmodversion_loaded
-    lines = ()
+    selmod_output = []
+    selmodule_cmd = "#{command(:semodule)} --list"
     begin
-      execpipe("#{command(:semodule)} --list") do |output|
+      execpipe(selmodule_cmd) do |output|
         output.each_line do |line|
           line.chomp!
+          selmod_output << line
           bits = line.split
           if bits[0] == @resource[:name]
             self.debug "load version #{bits[1]}"
@@ -131,7 +133,7 @@ Puppet::Type.type(:selmodule).provide(:semodule) do
         end
       end
     rescue Puppet::ExecutionFailure
-      raise Puppet::ExecutionFailure, "Could not list policy modules: #{lines.join(' ').chomp!}", $!.backtrace
+      raise Puppet::ExecutionFailure, _("Could not list policy modules: \"%{selmodule_command}\" failed with \"%{selmod_output}\"") % { selmodule_command: selmodule_cmd, selmod_output: selmod_output.join(' ') }
     end
     nil
   end

data/vendored/puppet/lib/puppet/provider/service/smf.rb

@@ -107,6 +107,8 @@ Puppet::Type.type(:service).provide :smf, :parent => :base do
   end
 
   def stop
+    # Don't try to stop non-existing services (PUP-8167)
+    return if self.status == :absent
     # Wait for the service to actually stop before returning.
     super
     self.wait('offline', 'disabled', 'uninitialized')

data/vendored/puppet/lib/puppet/settings/environment_conf.rb

@@ -138,13 +138,25 @@ class Puppet::Settings::EnvironmentConf
     section_keys = config.sections.keys
     main = config.sections[:main]
     if section_keys.size > 1
-      Puppet.warning(_("Invalid sections in environment.conf at '%{path_to_conf_file}'. Environment conf may not have sections. The following sections are being ignored: '%{sections}'") % { path_to_conf_file: path_to_conf_file, sections: (section_keys - [:main]).join(',') })
+      # warn once per config file path
+      Puppet.warn_once(
+        :invalid_settings_section, "EnvironmentConf-section:#{path_to_conf_file}",
+        _("Invalid sections in environment.conf at '%{path_to_conf_file}'. Environment conf may not have sections. The following sections are being ignored: '%{sections}'") % {
+          path_to_conf_file: path_to_conf_file,
+          sections: (section_keys - [:main]).join(',')
+        })
       valid = false
     end
 
     extraneous_settings = main.settings.map(&:name) - VALID_SETTINGS
     if !extraneous_settings.empty?
-      Puppet.warning(_("Invalid settings in environment.conf at '%{path_to_conf_file}'. The following unknown setting(s) are being ignored: %{ignored_settings}") % { path_to_conf_file: path_to_conf_file, ignored_settings: extraneous_settings.join(', ') })
+      # warn once per config file path
+      Puppet.warn_once(
+        :invalid_settings, "EnvironmentConf-settings:#{path_to_conf_file}",
+        _("Invalid settings in environment.conf at '%{path_to_conf_file}'. The following unknown setting(s) are being ignored: %{ignored_settings}") % {
+          path_to_conf_file: path_to_conf_file,
+          ignored_settings: extraneous_settings.join(', ')
+        })
       valid = false
     end
 

data/vendored/puppet/lib/puppet/ssl/certificate_authority.rb

@@ -399,7 +399,7 @@ class Puppet::SSL::CertificateAuthority
 
       # Check for wildcards in the subjectAltName fields too.
       if csr.subject_alt_names.any? {|x| x.include? '*' }
-        raise CertificateSigningError.new(hostname), _("CSR '%{csr}' subjectAltName contains a wildcard, which is not allowed: %{alt_names}  To continue, this CSR needs to be cleaned.") % { csr: csr.name, alt_names: csr.subject_alt_names.join(', ') }
+        raise CertificateSigningError.new(hostname), _("CSR '%{csr}' subjectAltName contains a wildcard, which is not allowed: %{alt_names}.  To continue, this CSR needs to be cleaned.") % { csr: csr.name, alt_names: csr.subject_alt_names.join(', ') }
       end
     end
 

data/vendored/puppet/lib/puppet/ssl/certificate_signer.rb

@@ -14,6 +14,12 @@ class Puppet::SSL::CertificateSigner
       @digest = OpenSSL::Digest::SHA256
     elsif OpenSSL::Digest.const_defined?('SHA1')
       @digest = OpenSSL::Digest::SHA1
+    elsif OpenSSL::Digest.const_defined?('SHA512')
+      @digest = OpenSSL::Digest::SHA512
+    elsif OpenSSL::Digest.const_defined?('SHA384')
+      @digest = OpenSSL::Digest::SHA384
+    elsif OpenSSL::Digest.const_defined?('SHA224')
+      @digest = OpenSSL::Digest::SHA224
     else
       raise Puppet::Error,
         "No FIPS 140-2 compliant digest algorithm in OpenSSL::Digest"

data/vendored/puppet/lib/puppet/ssl/host.rb

@@ -320,7 +320,7 @@ ERROR_STRING
   # configurable
   # --jeffweiss 29 aug 2012
   def suitable_message_digest_algorithms
-    [:SHA1, :SHA256, :SHA512]
+    [:SHA1, :SHA224, :SHA256, :SHA384, :SHA512]
   end
 
   # Attempt to retrieve a cert, if we don't already have one.

data/vendored/puppet/lib/puppet/type/file/checksum.rb

@@ -9,7 +9,7 @@ Puppet::Type.type(:file).newparam(:checksum) do
 
     The default checksum type is md5."
 
-  newvalues "md5", "md5lite", "sha256", "sha256lite", "mtime", "ctime", "none"
+  newvalues "md5", "md5lite", "sha224", "sha256", "sha256lite", "sha384", "sha512", "mtime", "ctime", "none"
 
   defaultto do
     Puppet[:digest_algorithm].to_sym

data/vendored/puppet/lib/puppet/type/file/checksum_value.rb

@@ -6,9 +6,10 @@ module Puppet
     include Puppet::Util::Checksums
     include Puppet::DataSync
 
-    desc "The checksum of the source contents. Only md5 and sha256 are supported when
-      specifying this parameter. If this parameter is set, source_permissions will be
-      assumed to be false, and ownership and permissions will not be read from source."
+    desc "The checksum of the source contents. Only md5, sha256, sha224, sha384 and sha512
+      are supported when specifying this parameter. If this parameter is set, 
+      source_permissions will be assumed to be false, and ownership and permissions
+      will not be read from source."
 
     def insync?(is)
       # If checksum_value and source are specified, manage the file contents.

data/vendored/puppet/lib/puppet/type/k5login.rb

@@ -1,5 +1,6 @@
 # Plug-in type for handling k5login files
 require 'puppet/util'
+require 'puppet/util/selinux'
 
 Puppet::Type.newtype(:k5login) do
   @doc = "Manage the `.k5login` file for a user.  Specify the full path to
@@ -31,10 +32,60 @@ Puppet::Type.newtype(:k5login) do
     defaultto { "644" }
   end
 
+  # To manage the selinux user of the file
+  newproperty(:seluser) do
+    desc "What the SELinux user component of the context of the file should be.
+      Any valid SELinux user component is accepted.  For example `user_u`.
+      If not specified it defaults to the value returned by matchpathcon for
+      the file, if any exists.  Only valid on systems with SELinux support
+      enabled."
+
+    defaultto { "user_u" }
+  end
+
+  # To manage the selinux role of the file
+  newproperty(:selrole) do
+    desc "What the SELinux role component of the context of the file should be.
+      Any valid SELinux role component is accepted.  For example `role_r`.
+      If not specified it defaults to the value returned by matchpathcon for
+      the file, if any exists.  Only valid on systems with SELinux support
+      enabled."
+
+    defaultto { "object_r" }
+  end
+
+  # To manage the selinux type of the file
+  newproperty(:seltype) do
+    desc "What the SELinux type component of the context of the file should be.
+      Any valid SELinux type component is accepted.  For example `tmp_t`.
+      If not specified it defaults to the value returned by matchpathcon for
+      the file, if any exists.  Only valid on systems with SELinux support
+      enabled."
+
+    # to my knowledge, `krb5_home_t` is the only valid type for .k5login
+    defaultto { "krb5_home_t" }
+  end
+
+  # To manage the selinux range of the file
+  newproperty(:selrange) do
+    desc "What the SELinux range component of the context of the file should be.
+      Any valid SELinux range component is accepted.  For example `s0` or
+      `SystemHigh`.  If not specified it defaults to the value returned by
+      matchpathcon for the file, if any exists.  Only valid on systems with
+      SELinux support enabled and that have support for MCS (Multi-Category
+      Security)."
+
+    defaultto { "s0" }
+  end
+
+  # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 
+
   provide(:k5login) do
     desc "The k5login provider is the only provider for the k5login
       type."
 
+    include Puppet::Util::SELinux
+
     # Does this file exist?
     def exists?
       Puppet::FileSystem.exist?(@resource[:name])
@@ -78,6 +129,56 @@ Puppet::Type.newtype(:k5login) do
       File.chmod(Integer("0#{value}"), @resource[:name])
     end
 
+    # Set the file seluser
+    def seluser
+      if selinux_support?
+        context = get_selinux_current_context(@resource[:name])
+        return parse_selinux_context(:seluser, context)
+      end
+    end
+
+    def seluser=(value)
+      set_selinux_context(@resource[:name], value, :seluser)
+    end
+
+    # Set the file selrole
+    def selrole
+      if selinux_support?
+        context = get_selinux_current_context(@resource[:name])
+        return parse_selinux_context(:selrole, context)
+      end
+    end
+
+    # Set the file seltype
+    def selrole=(value)
+      set_selinux_context(@resource[:name], value, :selrole)
+    end
+
+    # Set the file seltype
+    def seltype
+      if selinux_support?
+        context = get_selinux_current_context(@resource[:name])
+        return parse_selinux_context(:seltype, context)
+      end
+    end
+
+    # Set the file selrange
+    def seltype=(value)
+      set_selinux_context(@resource[:name], value, :seltype)
+    end
+
+    # Set the file selrange
+    def selrange
+      if selinux_support?
+        context = get_selinux_current_context(@resource[:name])
+        return parse_selinux_context(:selrange, context)
+      end
+    end
+
+    def selrange=(value)
+      set_selinux_context(@resource[:name], value, :selrange)
+    end
+
     private
     def write(value)
       Puppet::Util.replace_file(@resource[:name], 0644) do |f|