bolt 0.17.1 → 0.17.2

data/vendored/puppet/lib/puppet/indirector/facts/yaml.rb

@@ -5,10 +5,6 @@ class Puppet::Node::Facts::Yaml < Puppet::Indirector::Yaml
   desc "Store client facts as flat files, serialized using YAML, or
     return deserialized facts from disk."
 
-  def allow_remote_requests?
-    false
-  end
-
   def search(request)
     node_names = []
     Dir.glob(yaml_dir_path).each do |file|

data/vendored/puppet/lib/puppet/indirector/file_content/http.rb

@@ -1,15 +1,17 @@
 require 'puppet/file_serving/metadata'
 require 'puppet/indirector/generic_http'
+require 'puppet/network/http'
 
 class Puppet::Indirector::FileContent::Http < Puppet::Indirector::GenericHttp
   desc "Retrieve file contents from a remote HTTP server."
 
   include Puppet::FileServing::TerminusHelper
+  include Puppet::Network::HTTP::Compression.module
 
   @http_method = :get
 
   def find(request)
     response = super
-    model.from_binary(response.body)
+    model.from_binary(uncompress_body(response))
   end
 end

data/vendored/puppet/lib/puppet/indirector/indirection.rb

@@ -163,7 +163,9 @@ class Puppet::Indirector::Indirection
   # remove it, we expire it and write it back out to disk.  This way people
   # can still use the expired object if they want.
   def expire(key, options={})
-    return nil unless cache?
+    request = request(:expire, key, nil, options)
+
+    return nil unless cache? && !request.ignore_cache_save?
 
     return nil unless instance = cache.find(request(:find, key, nil, options))
 
@@ -196,7 +198,7 @@ class Puppet::Indirector::Indirection
       result = terminus.find(request)
       if not result.nil?
         result.expiration ||= self.expiration if result.respond_to?(:expiration)
-        if cache?
+        if cache? && !request.ignore_cache_save?
           Puppet.info _("Caching %{indirection} for %{request}") % { indirection: self.name, request: request.key }
           begin
             cache.save request(:save, key, result, options)
@@ -287,7 +289,7 @@ class Puppet::Indirector::Indirection
     result = terminus.save(request)
 
     # If caching is enabled, save our document there
-    cache.save(request) if cache?
+    cache.save(request) if cache? && !request.ignore_cache_save?
 
     result
   end

data/vendored/puppet/lib/puppet/indirector/request.rb

@@ -10,7 +10,7 @@ require 'puppet/util/psych_support'
 class Puppet::Indirector::Request
   include Puppet::Util::PsychSupport
 
-  attr_accessor :key, :method, :options, :instance, :node, :ip, :authenticated, :ignore_cache, :ignore_terminus
+  attr_accessor :key, :method, :options, :instance, :node, :ip, :authenticated, :ignore_cache, :ignore_cache_save, :ignore_terminus
 
   attr_accessor :server, :port, :uri, :protocol
 
@@ -18,7 +18,7 @@ class Puppet::Indirector::Request
 
   # trusted_information is specifically left out because we can't serialize it
   # and keep it "trusted"
-  OPTION_ATTRIBUTES = [:ip, :node, :authenticated, :ignore_terminus, :ignore_cache, :instance, :environment]
+  OPTION_ATTRIBUTES = [:ip, :node, :authenticated, :ignore_terminus, :ignore_cache, :ignore_cache_save, :instance, :environment]
 
   # Is this an authenticated request?
   def authenticated?
@@ -50,6 +50,10 @@ class Puppet::Indirector::Request
     ignore_cache
   end
 
+  def ignore_cache_save?
+    ignore_cache_save
+  end
+
   def ignore_terminus?
     ignore_terminus
   end

data/vendored/puppet/lib/puppet/module/task.rb

@@ -72,8 +72,6 @@ class Puppet::Module
       self.module == other.module
     end
 
-    private
-
     def self.new_with_files(pup_module, name, tasks_files)
       files = tasks_files.map do |filename|
         File.join(pup_module.tasks_directory, File.basename(filename))
@@ -82,9 +80,11 @@ class Puppet::Module
       metadata_files, exe_files = files.partition { |f| is_tasks_metadata_filename?(f) }
       Puppet::Module::Task.new(pup_module, name, exe_files, metadata_files.first)
     end
+    private_class_method :new_with_files
 
     def self.task_name_from_path(path)
       return File.basename(path, '.*')
     end
+    private_class_method :task_name_from_path
   end
 end

data/vendored/puppet/lib/puppet/module_tool/tar/mini.rb

@@ -3,24 +3,77 @@ class Puppet::ModuleTool::Tar::Mini
     Zlib::GzipReader.open(sourcefile) do |reader|
       Archive::Tar::Minitar.unpack(reader, destdir, find_valid_files(reader)) do |action, name, stats|
         case action
-        when :file_done
-          File.chmod(0644, "#{destdir}/#{name}")
-        when :dir, :file_start
+        when :dir
           validate_entry(destdir, name)
+          set_dir_mode!(stats)
+          Puppet.debug("Extracting: #{destdir}/#{name}")
+        when :file_start
+          # Octal string of the old file mode.
+          validate_entry(destdir, name)
+          set_file_mode!(stats)
           Puppet.debug("Extracting: #{destdir}/#{name}")
         end
+        set_default_user_and_group!(stats)
+        stats
       end
     end
   end
 
   def pack(sourcedir, destfile)
     Zlib::GzipWriter.open(destfile) do |writer|
-      Archive::Tar::Minitar.pack(sourcedir, writer)
+      Archive::Tar::Minitar.pack(sourcedir, writer) do |step, name, stats|
+        # TODO smcclellan 2017-10-31 Set permissions here when this yield block
+        # executes before the header is written. As it stands, the `stats`
+        # argument isn't mutable in a way that will effect the desired mode for
+        # the file.
+      end
     end
   end
 
   private
 
+  EXECUTABLE = 0755
+  NOT_EXECUTABLE = 0644
+  USER_EXECUTE = 0100
+
+  def set_dir_mode!(stats)
+    if stats.key?(:mode)
+      # This is only the case for `pack`, so this code will not run.
+      stats[:mode] = EXECUTABLE
+    elsif stats.key?(:entry)
+      old_mode = stats[:entry].instance_variable_get(:@mode)
+      if old_mode.is_a?(Integer)
+        stats[:entry].instance_variable_set(:@mode, EXECUTABLE)
+      end
+    end
+  end
+
+  # Sets a file mode to 0755 if the file is executable by the user.
+  # Sets a file mode to 0644 if the file mode is set (non-Windows).
+  def sanitized_mode(old_mode)
+    old_mode & USER_EXECUTE != 0 ? EXECUTABLE : NOT_EXECUTABLE
+  end
+
+  def set_file_mode!(stats)
+    if stats.key?(:mode)
+      # This is only the case for `pack`, so this code will not run.
+      stats[:mode] = sanitized_mode(stats[:mode])
+    elsif stats.key?(:entry)
+      old_mode = stats[:entry].instance_variable_get(:@mode)
+      # If the user can execute the file, set 0755, otherwise 0644.
+      if old_mode.is_a?(Integer)
+        new_mode = sanitized_mode(old_mode)
+        stats[:entry].instance_variable_set(:@mode, new_mode)
+      end
+    end
+  end
+
+  # Sets UID and GID to 0 for standardization.
+  def set_default_user_and_group!(stats)
+    stats[:uid] = 0
+    stats[:gid] = 0
+  end
+
   # Find all the valid files in tarfile.
   #
   # This check was mainly added to ignore 'x' and 'g' flags from the PAX

data/vendored/puppet/lib/puppet/network/authconfig.rb

@@ -38,7 +38,7 @@ module Puppet
       { :acl => "#{ca_url_prefix}/v1/certificate/", :method => :find, :authenticated => :any },
       { :acl => "#{ca_url_prefix}/v1/certificate_request", :method => [:find, :save], :authenticated => :any },
       ]
-      end
+    end
 
     # Just proxy the setting methods to our rights stuff
     [:allow, :deny].each do |method|

data/vendored/puppet/lib/puppet/network/http/api/indirected_routes.rb

@@ -265,6 +265,7 @@ class Puppet::Network::HTTP::API::IndirectedRoutes
     # NOTE These specific hooks for paths are ridiculous, but it's a *many*-line
     # fix to not need this, and our goal is to move away from the complication
     # that leads to the fix being too long.
+    return :singular if indirection == "facts"
     return :singular if indirection == "status"
     return :singular if indirection == "certificate_status"
 

data/vendored/puppet/lib/puppet/network/resolver.rb

@@ -40,8 +40,6 @@ module Puppet::Network::Resolver
     end
   end
 
-  private
-
   def self.each_priority(records)
     pri_hash = records.inject({}) do |groups, element|
       groups[element.priority] ||= []
@@ -53,6 +51,7 @@ module Puppet::Network::Resolver
       yield key, pri_hash[key]
     end
   end
+  private_class_method :each_priority
 
   def self.find_weighted_server(records)
     return nil if records.nil? || records.empty?

data/vendored/puppet/lib/puppet/node.rb

@@ -28,9 +28,10 @@ class Puppet::Node
     @classes    = data['classes']    || []
     @parameters = data['parameters'] || {}
     env_name = data['environment'] || @parameters[ENVIRONMENT]
-    env_name = env_name.intern unless env_name.nil?
-    @environment_name = env_name
-    self.environment = env_name
+    unless env_name.nil?
+      @parameters[ENVIRONMENT] = env_name
+      @environment_name = env_name.intern
+    end
   end
 
   def self.from_data_hash(data)

data/vendored/puppet/lib/puppet/parser/compiler.rb

@@ -41,7 +41,7 @@ class Puppet::Parser::Compiler
     message = _("%{message} on node %{node}") % { message: detail, node: node.name }
     Puppet.log_exception(detail, message)
     raise Puppet::Error, message, detail.backtrace
- end
+  end
 
   attr_reader :node, :facts, :collections, :catalog, :resources, :relationships, :topscope
   attr_reader :qualified_variables
@@ -460,10 +460,10 @@ class Puppet::Parser::Compiler
       component_ref = args['component']
       kind = args['kind']
 
-      # That component_ref is either a QNAME or a Class['literal'|QREF] is asserted during validation so no
+      # That component_ref is either a QREF or a Class['literal'|QREF] is asserted during validation so no
       # need to check that here
-      if component_ref.is_a?(Puppet::Pops::Model::QualifiedName)
-        component_name = component_ref.value
+      if component_ref.is_a?(Puppet::Pops::Model::QualifiedReference)
+        component_name = component_ref.cased_value
         component_type = 'type'
         component = krt.find_definition(component_name)
       else
@@ -664,7 +664,7 @@ class Puppet::Parser::Compiler
         data[target] = source_data.merge(metaparams_as_data(target, names))
       end
 
-      target.tag(*(source.tags))
+      target.merge_tags_from(source)
     end
   end
 
@@ -747,9 +747,16 @@ class Puppet::Parser::Compiler
   # Set the node's parameters into the top-scope as variables.
   def set_node_parameters
     node.parameters.each do |param, value|
+      # We don't want to set @topscope['environment'] from the parameters,
+      # instead we want to get that from the node's environment itself in
+      # case a custom node terminus has done any mucking about with
+      # node.parameters.
+      next if param.to_s == 'environment'
       # Ensure node does not leak Symbol instances in general
       @topscope[param.to_s] = value.is_a?(Symbol) ? value.to_s : value
     end
+    @topscope['environment'] = node.environment.name.to_s
+
     # These might be nil.
     catalog.client_version = node.parameters["clientversion"]
     catalog.server_version = node.parameters["serverversion"]

data/vendored/puppet/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb

@@ -1,7 +1,7 @@
 class Puppet::Parser::Compiler
   # Validator that asserts that all capability resources that are referenced by 'consume' or 'require' has
   # been exported by some other resource in the environment
- class CatalogValidator::EnvironmentRelationshipValidator < CatalogValidator
+  class CatalogValidator::EnvironmentRelationshipValidator < CatalogValidator
 
     def validate
       assumed_exports = {}

data/vendored/puppet/lib/puppet/parser/functions/fqdn_rand.rb

@@ -1,3 +1,4 @@
+require 'digest/md5'
 require 'digest/sha2'
 
 Puppet::Parser::Functions::newfunction(:fqdn_rand, :arity => -2, :type => :rvalue, :doc =>
@@ -17,9 +18,19 @@ Puppet::Parser::Functions::newfunction(:fqdn_rand, :arity => -2, :type => :rvalu
   `fqdn_rand(30, 'expensive job 2')` will produce totally different numbers.)") do |args|
     max = args.shift.to_i
  
-    # We are consciously not using different hash algs based on fips mode here
-    # since the randomness is not guaranteed to be predictable for a given node
-    # It just needs to be unique for a given node
-    seed = Digest::SHA256.hexdigest([self['::fqdn'],max,args].join(':')).hex
+    # Puppet 5.4's fqdn_rand function produces a different value than earlier versions
+    # for the same set of inputs.
+    # This causes problems because the values are often written into service configuration files.
+    # When they change, services get notified and restart.
+
+    # Restoring previous fqdn_rand behavior of calculating its seed value using MD5
+    # when running on a non-FIPS enabled platform and only using SHA256 on FIPS enabled
+    # platforms.
+    if Puppet::Util::Platform.fips_enabled?
+      seed = Digest::SHA256.hexdigest([self['::fqdn'],max,args].join(':')).hex
+    else
+      seed = Digest::MD5.hexdigest([self['::fqdn'],max,args].join(':')).hex
+    end
+
     Puppet::Util.deterministic_rand_int(seed,max)
 end

data/vendored/puppet/lib/puppet/parser/functions/new.rb

@@ -56,16 +56,14 @@ Would fail with an assertion error (since value is less than 0).
 The following sections show the arguments and conversion rules
 per data type built into the Puppet Type System.
 
-Conversion to Optional[T] and NotUndef[T]
------------------------------------------
+### Conversion to Optional[T] and NotUndef[T]
 
 Conversion to these data types is the same as a conversion to the type argument `T`.
 In the case of `Optional[T]` it is accepted that the argument to convert may be `undef`.
 It is however not acceptable to give other arguments (than `undef`) that cannot be
 converted to `T`.
 
-Conversion to Integer
----------------------
+### Conversion to Integer
 
 A new `Integer` can be created from `Integer`, `Float`, `Boolean`, and `String` values.
 For conversion from `String` it is possible to specify the radix (base).
@@ -113,8 +111,7 @@ $a_number = Integer(true)          # results in 1
 $a_number = Integer(-38, 10, true) # results in 38
 ```
 
-Conversion to Float
--------------------
+### Conversion to Float
 
 A new `Float` can be created from `Integer`, `Float`, `Boolean`, and `String` values.
 For conversion from `String` both float and integer formats are supported.
@@ -126,15 +123,13 @@ function Float.new(
 )
 ```
 
-
 * For an integer, the floating point fraction of `.0` is added to the value.
 * A `Boolean` `true` is converted to 1.0, and a `false` to 0.0
 * In `String` format, integer prefixes for hex and binary are understood (but not octal since
   floating point in string format may start with a '0').
 * When `abs` is set to `true`, the result will be an absolute floating point value.
 
-Conversion to Numeric
----------------------
+### Conversion to Numeric
 
 A new `Integer` or `Float` can be created from `Integer`, `Float`, `Boolean` and
 `String` values.
@@ -163,8 +158,7 @@ $a_number = Numeric(-42.3, true) # results in 42.3
 $a_number = Numeric(-42, true)   # results in 42
 ```
 
-Conversion to Timespan
--------------------
+### Conversion to Timespan
 
 A new `Timespan` can be created from `Integer`, `Float`, `String`, and `Hash` values. Several variants of the constructor are provided.
 
@@ -281,8 +275,7 @@ $duration = Timespan('10:03.5', '%M:%S.%L') # 10 minutes, 3 seconds, and 5 milli
 $duration = Timespan('10:03.5', '%M:%S.%N') # 10 minutes, 3 seconds, and 5 nano-seconds
 ```
 
-Conversion to Timestamp
--------------------
+### Conversion to Timestamp
 
 A new `Timestamp` can be created from `Integer`, `Float`, `String`, and `Hash` values. Several variants of the constructor are provided.
 
@@ -475,8 +468,8 @@ $ts = Timestamp('2016-08-24T12:13:14', default, 'PST')   # 2016-08-24 20:13:14.0
 
 ```
 
-Conversion to Type
-------------------
+### Conversion to Type
+
 A new `Type` can be create from its `String` representation.
 
 **Example:** Creating a type from a string
@@ -485,8 +478,7 @@ A new `Type` can be create from its `String` representation.
 $t = Type.new('Integer[10]')
 ```
 
-Conversion to String
---------------------
+### Conversion to String
 
 Conversion to `String` is the most comprehensive conversion as there are many
 use cases where a string representation is wanted. The defaults for the many options
@@ -529,7 +521,7 @@ included in a string format.
 Note that all data type supports the formats `s` and `p` with the meaning "default string representation" and
 "default programmatic string representation" (which for example means that a String is quoted in 'p' format).
 
-### Signatures of String conversion
+#### Signatures of String conversion
 
 ```puppet
 type Format = Pattern[/^%([\s\+\-#0\[\{<\(\|]*)([1-9][0-9]*)?(?:\.([0-9]+))?([a-zA-Z])/]
@@ -587,7 +579,7 @@ $str = String([1,2,3], $formats) # produces '(0x1, 0x2, 0x3)'
 The given formats are merged with the default formats, and matching of values to convert against format is based on
 the specificity of the mapped type; for example, different formats can be used for short and long arrays.
 
-### Integer to String
+#### Integer to String
 
 | Format  | Integer Formats
 | ------  | ---------------
@@ -602,7 +594,7 @@ the specificity of the mapped type; for example, different formats can be used f
 
 Defaults to `d`.
 
-### Float to String
+#### Float to String
 
 | Format  | Float formats
 | ------  | -------------
@@ -616,7 +608,7 @@ Defaults to `d`.
 
 Defaults to `p`.
 
-### String to String
+#### String to String
 
 | Format | String
 | ------ | ------
@@ -630,7 +622,7 @@ Defaults to `p`.
 
 Defaults to `s` at top level and `p` inside array or hash.
 
-### Boolean to String
+#### Boolean to String
 
 | Format    | Boolean Formats
 | ----      | -------------------
@@ -641,14 +633,14 @@ Defaults to `s` at top level and `p` inside array or hash.
 | s         | String 'true' / 'false'.
 | p         | String 'true' / 'false'.
 
-### Regexp to String
+#### Regexp to String
 
 | Format    | Regexp Formats
 | ----      | --------------
 | s         | No delimiters, quoted if alternative flag `#` is used.
 | p         | Delimiters `/ /`.
 
-### Undef to String
+#### Undef to String
 
 | Format    | Undef formats
 | ------    | -------------
@@ -661,7 +653,7 @@ Defaults to `s` at top level and `p` inside array or hash.
 | V         | String 'N/A'.
 | u         | String 'undef', or 'undefined' if alternative `#` flag is used.
 
-### Default value to String
+#### Default value to String
 
 | Format    | Default formats
 | ------    | ---------------
@@ -669,7 +661,7 @@ Defaults to `s` at top level and `p` inside array or hash.
 | s         | Same as d.
 | p         | Same as d.
 
-### Binary value to String
+#### Binary value to String
 
 | Format    | Default formats
 | ------    | ---------------
@@ -686,7 +678,7 @@ Defaults to `s` at top level and `p` inside array or hash.
   as hex escaped characters on the form `\\xHH` where `H` is a hex digit.
 * The width and precision values are applied to the text part only in `%p` format.
 
-### Array & Tuple to String
+#### Array & Tuple to String
 
 | Format    | Array/Tuple Formats
 | ------    | -------------
@@ -701,7 +693,7 @@ The alternate form flag `#` will cause indentation of nested array or hash conta
 it is taken as the maximum allowed length of a sequence of elements (not including delimiters). If this max length
 is exceeded, each element will be indented.
 
-### Hash & Struct to String
+#### Hash & Struct to String
 
 | Format    | Hash/Struct Formats
 | ------    | -------------
@@ -715,14 +707,14 @@ more information about options.
 
 The alternate form flag `#` will format each hash key/value entry indented on a separate line.
 
-### Type to String
+#### Type to String
 
 | Format    | Array/Tuple Formats
 | ------    | -------------
 | s         | The same as `p`, quoted if alternative flag `#` is used.
 | p         | Outputs the type in string form as specified by the Puppet Language.
 
-### Flags
+#### Flags
 
 | Flag     | Effect
 | ------   | ------
@@ -733,8 +725,7 @@ The alternate form flag `#` will format each hash key/value entry indented on a
 | 0        | Pad with 0 instead of space for widths larger than value.
 | <[({\|   | Defines an enclosing pair <> [] () {} or \| \| when used with a container type.
 
-Conversion to Boolean
----
+### Conversion to Boolean
 
 Accepts a single value as argument:
 
@@ -745,8 +736,7 @@ Accepts a single value as argument:
   * `false` if 'false', 'no', 'n' (case independent compare)
 * Boolean is already boolean and is simply returned
 
-Conversion to Array and Tuple
----
+### Conversion to Array and Tuple
 
 When given a single value as argument:
 
@@ -771,8 +761,7 @@ $arr = Array($value, true)
 Conversion to a `Tuple` works exactly as conversion to an `Array`, only that the constructed array is
 asserted against the given tuple type.
 
-Conversion to Hash and Struct
----
+### Conversion to Hash and Struct
 
 Accepts a single value as argument:
 
@@ -811,8 +800,8 @@ Would notice the hash `{a => {b => {x => wine}}, b => {y => wine}}`
 Conversion to a `Struct` works exactly as conversion to a `Hash`, only that the constructed hash is
 asserted against the given struct type.
 
-Conversion to a Regexp
----
+### Conversion to a Regexp
+
 A `String` can be converted into a `Regexp`
 
 **Example**: Converting a String into a Regexp
@@ -824,8 +813,7 @@ if('foo.com' =~ $r) {
 }
 ```
 
-Creating a SemVer
----
+### Creating a SemVer
 
 A SemVer object represents a single [Semantic Version](http://semver.org/).
 It can be created from a String, individual values for its parts, or a hash specifying the value per part.
@@ -874,8 +862,7 @@ notice(SemVer('2.3.4') =~ $t) # false
 notice(SemVer('3.4.5') =~ $t) # true
 ```
 
-Creating a SemVerRange
----
+### Creating a SemVerRange
 
 A `SemVerRange` object represents a range of `SemVer`. It can be created from
 a `String`, or from two `SemVer` instances, where either end can be given as
@@ -909,10 +896,9 @@ function SemVerRange.new(
 )
 ```
 
-For examples of `SemVerRange` use see "Creating a SemVer"
+For examples of `SemVerRange` use, see "Creating a SemVer".
 
-Creating a Binary
----
+### Creating a Binary
 
 A `Binary` object represents a sequence of bytes and it can be created from a String in Base64 format,
 an Array containing byte values. A Binary can also be created from a Hash containing the value to convert to
@@ -932,7 +918,6 @@ function Binary.new(
   Optional[Base64Format] $format
 )
 
-
 function Binary.new(
   Array[ByteInteger] $byte_array
 }