bolt 0.17.1 → 0.17.2

data/vendored/puppet/lib/puppet/util/windows/com.rb

@@ -76,8 +76,9 @@ module Puppet::Util::Windows::COM
           vtable_hash = Hash[(ifaces.map { |iface| iface::VTBL::SPEC.to_a } << spec.to_a).flatten(1)]
           const_set(:SPEC, vtable_hash)
 
-          layout \
+          layout(
             *self::SPEC.map { |name, signature| [name, callback(*signature)] }.flatten
+          )
         end
 
         const_set(:VTBL, vtable)

data/vendored/puppet/lib/puppet/util/windows/file.rb

@@ -393,8 +393,6 @@ module Puppet::Util::Windows::File
   end
   module_function :lstat
 
-  private
-
   # https://msdn.microsoft.com/en-us/library/windows/desktop/aa364571(v=vs.85).aspx
   FSCTL_GET_REPARSE_POINT = 0x900a8
 
@@ -410,6 +408,7 @@ module Puppet::Util::Windows::File
 
     path
   end
+  private_class_method :resolve_symlink
 
   # these reparse point types are the only ones Puppet currently understands
   # so rather than raising an exception in readlink, prefer to not consider
@@ -426,6 +425,7 @@ module Puppet::Util::Windows::File
 
     symlink
   end
+  private_class_method :symlink_reparse_point?
 
   ffi_convention :stdcall
 

data/vendored/puppet/lib/puppet/util/windows/principal.rb

@@ -32,9 +32,10 @@ module Puppet::Util::Windows::SID
         @sid_bytes == compare.sid_bytes
     end
 
-    # added for backward compatibility
+    # returns authority qualified account name
+    # prefer to compare Principal instances with == operator or by #sid
     def to_s
-      @sid
+      @domain_account
     end
 
     # = 8 + max sub identifiers (15) * 4
@@ -64,14 +65,14 @@ module Puppet::Util::Windows::SID
                 last_error = FFI.errno
 
                 if (success == FFI::WIN32_FALSE && last_error != ERROR_INSUFFICIENT_BUFFER)
-                  raise Puppet::Util::Windows::Error.new(_('Failed to call LookupAccountNameW'), last_error)
+                  raise Puppet::Util::Windows::Error.new(_('Failed to call LookupAccountNameW with account: %{account_name}') % { account_name: account_name}, last_error)
                 end
 
                 FFI::MemoryPointer.new(:lpwstr, domain_length_ptr.read_dword) do |domain_ptr|
                   if LookupAccountNameW(system_name_ptr, account_name_ptr,
                       sid_ptr, sid_length_ptr,
                       domain_ptr, domain_length_ptr, name_use_enum_ptr) == FFI::WIN32_FALSE
-                   raise Puppet::Util::Windows::Error.new(_('Failed to call LookupAccountNameW'))
+                  raise Puppet::Util::Windows::Error.new(_('Failed to call LookupAccountNameW with account: %{account_name}') % { account_name: account_name} )
                   end
 
                   # with a SID returned, loop back through lookup_account_sid to retrieve official name
@@ -116,14 +117,14 @@ module Puppet::Util::Windows::SID
                 last_error = FFI.errno
 
                 if (success == FFI::WIN32_FALSE && last_error != ERROR_INSUFFICIENT_BUFFER)
-                  raise Puppet::Util::Windows::Error.new(_('Failed to call LookupAccountSidW'), last_error)
+                  raise Puppet::Util::Windows::Error.new(_('Failed to call LookupAccountSidW with bytes: %{sid_bytes}') % { sid_bytes: sid_bytes}, last_error)
                 end
 
                 FFI::MemoryPointer.new(:lpwstr, name_length_ptr.read_dword) do |name_ptr|
                   FFI::MemoryPointer.new(:lpwstr, domain_length_ptr.read_dword) do |domain_ptr|
                     if LookupAccountSidW(system_name_ptr, sid_ptr, name_ptr, name_length_ptr,
                         domain_ptr, domain_length_ptr, name_use_enum_ptr) == FFI::WIN32_FALSE
-                     raise Puppet::Util::Windows::Error.new(_('Failed to call LookupAccountSidW'))
+                     raise Puppet::Util::Windows::Error.new(_('Failed to call LookupAccountSidW with bytes: %{sid_bytes}') % { sid_bytes: sid_bytes} )
                     end
 
                     return new(

data/vendored/puppet/lib/puppet/util/windows/sid.rb

@@ -52,18 +52,18 @@ module Puppet::Util::Windows
     # 'BUILTIN\Administrators', or 'S-1-5-32-544', and will return the
     # SID. Returns nil if the account doesn't exist.
     def name_to_sid(name)
-      sid = name_to_sid_object(name)
+      sid = name_to_principal(name)
 
       sid ? sid.sid : nil
     end
     module_function :name_to_sid
 
-    # Convert an account name, e.g. 'Administrators' into a SID object,
+    # Convert an account name, e.g. 'Administrators' into a Principal::SID object,
     # e.g. 'S-1-5-32-544'. The name can be specified as 'Administrators',
     # 'BUILTIN\Administrators', or 'S-1-5-32-544', and will return the
     # SID object. Returns nil if the account doesn't exist.
     # This method returns a SID::Principal with the account, domain, SID, etc
-    def name_to_sid_object(name)
+    def name_to_principal(name)
       # Apparently, we accept a symbol..
       name = name.to_s.strip if name
 
@@ -80,21 +80,50 @@ module Puppet::Util::Windows
     rescue
       nil
     end
-    module_function :name_to_sid_object
+    module_function :name_to_principal
+    class << self; alias name_to_sid_object name_to_principal; end
 
-    # Converts an octet string array of bytes to a SID object,
+    # Converts an octet string array of bytes to a SID::Principal object,
     # e.g. [1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0] is the representation for
     # S-1-5-18, the local 'SYSTEM' account.
     # Raises an Error for nil or non-array input.
     # This method returns a SID::Principal with the account, domain, SID, etc
-    def octet_string_to_sid_object(bytes)
+    def octet_string_to_principal(bytes)
       if !bytes || !bytes.respond_to?('pack') || bytes.empty?
         raise Puppet::Util::Windows::Error.new(_("Octet string must be an array of bytes"))
       end
 
       Principal.lookup_account_sid(bytes)
     end
-    module_function :octet_string_to_sid_object
+    module_function :octet_string_to_principal
+    class << self; alias octet_string_to_sid_object octet_string_to_principal; end
+
+    # Converts a COM instance of IAdsUser or IAdsGroup to a SID::Principal object,
+    # Raises an Error for nil or an object without an objectSID / Name property.
+    # This method returns a SID::Principal with the account, domain, SID, etc
+    # This method will return instances even when the SID is unresolvable, as
+    # may be the case when domain users have been added to local groups, but
+    # removed from the domain
+    def ads_to_principal(ads_object)
+      if !ads_object || !ads_object.respond_to?(:ole_respond_to?) ||
+        !ads_object.ole_respond_to?(:objectSID) || !ads_object.ole_respond_to?(:Name)
+        raise Puppet::Error.new("ads_object must be an IAdsUser or IAdsGroup instance")
+      end
+      octet_string_to_principal(ads_object.objectSID)
+    rescue Puppet::Util::Windows::Error => e
+      # if the error is not a lookup / mapping problem, immediately re-raise
+      raise if e.code != ERROR_NONE_MAPPED
+
+      # if the Name property isn't formatted like a SID, OR
+      if !valid_sid?(ads_object.Name) ||
+        # if the objectSID doesn't match the Name property, also raise
+        ((converted = octet_string_to_sid_string(ads_object.objectSID)) != ads_object.Name)
+        raise Puppet::Error.new("ads_object Name: #{ads_object.Name} invalid or does not match objectSID: #{ads_object.objectSID} (#{converted})", e)
+      end
+
+      unresolved_principal(ads_object.Name, ads_object.objectSID)
+    end
+    module_function :ads_to_principal
 
     # Convert a SID string, e.g. "S-1-5-32-544" to a name,
     # e.g. 'BUILTIN\Administrators'. Returns nil if an account
@@ -191,6 +220,30 @@ module Puppet::Util::Windows
     end
     module_function :get_length_sid
 
+    def octet_string_to_sid_string(sid_bytes)
+      sid_string = nil
+
+      FFI::MemoryPointer.new(:byte, sid_bytes.length) do |sid_ptr|
+        sid_ptr.write_array_of_uchar(sid_bytes)
+        sid_string = Puppet::Util::Windows::SID.sid_ptr_to_string(sid_ptr)
+      end
+
+      sid_string
+    end
+    module_function :octet_string_to_sid_string
+
+    # @api private
+    def self.unresolved_principal(name, sid_bytes)
+      Principal.new(
+        name + " (unresolvable)", # account
+        sid_bytes, # sid_bytes
+        name, # sid string
+        nil, #domain
+        # https://msdn.microsoft.com/en-us/library/cc245534.aspx?f=255&MSPPError=-2147217396
+        # Indicates that the type of object could not be determined. For example, no object with that SID exists.
+        :SidTypeUnknown)
+    end
+
     ffi_convention :stdcall
 
     # https://msdn.microsoft.com/en-us/library/windows/desktop/aa379151(v=vs.85).aspx

data/vendored/puppet/lib/puppet/util/windows/taskscheduler.rb

@@ -12,8 +12,6 @@ module Win32
     # The error class raised if any task scheduler specific calls fail.
     class Error < Puppet::Util::Windows::Error; end
 
-    private
-
     class << self
       attr_accessor :com_initialized
     end
@@ -92,8 +90,6 @@ module Win32
     # No mapping between account names and security IDs was done.
     ERROR_NONE_MAPPED                     = -2147023564 # 0x80070534  WIN32 Error CODE 1332 (0x534)
 
-    public
-
     # :startdoc:
 
     # Shorthand constants
@@ -935,8 +931,6 @@ module Win32
       new_hash
     end
 
-    private
-
     def reset_current_task
       # Ensure that COM reference is decremented properly
       @pITask.Release if @pITask && ! @pITask.null?
@@ -1052,12 +1046,9 @@ module Win32
 
     module COM
       extend FFI::Library
-      private
 
       com = Puppet::Util::Windows::COM
 
-      public
-
       # https://msdn.microsoft.com/en-us/library/windows/desktop/aa381811(v=vs.85).aspx
       ITaskScheduler = com::Interface[com::IUnknown,
         FFI::WIN32::GUID['148BD527-A2AB-11CE-B11F-00AA00530503'],

data/vendored/puppet/lib/puppet/version.rb

@@ -6,7 +6,7 @@
 # Raketasks and such to set the version based on the output of `git describe`
 
 module Puppet
-  PUPPETVERSION = '5.3.5'
+  PUPPETVERSION = '5.5.0'
 
   ##
   # version is a public API method intended to always provide a fast and

data/vendored/puppet/lib/puppet_pal.rb

@@ -680,8 +680,6 @@ module Pal
     in_environment_context(environments, env, facts, variables, &block)
   end
 
-  private
-
   # Prepares the puppet context with pal information - and delegates to the block
   # No set up is performed at this step - it is delayed until it is known what the
   # operation is going to be (for example - using a ScriptCompiler).
@@ -701,6 +699,7 @@ module Pal
       return block.call(self)
     end
   end
+  private_class_method :in_environment_context
 
   # Prepares the node for use by giving it node_facts (if given)
   # If a hash of facts values is given, then the operation of creating a node with facts is much
@@ -717,6 +716,7 @@ module Pal
       node.add_server_facts({})
     end
   end
+  private_class_method :prepare_node_facts
 
   def self.add_variables(scope, variables)
     return if variables.nil?
@@ -737,6 +737,7 @@ module Pal
       scope.setvar(k, v)
     end
   end
+  private_class_method :add_variables
 
   # The main routine for script compiler
   # Picks up information from the puppet context and configures a script compiler which is given to
@@ -784,59 +785,60 @@ module Pal
 
     # TRANSLATORS, the string "For puppet PAL" is not user facing
     Puppet.override({:current_environment => apply_environment}, "For puppet PAL") do
-        begin
-          # support the following features when evaluating puppet code
-          # * $facts with facts from host running the script
-          # * $settings with 'settings::*' namespace populated, and '$settings::all_local' hash
-          # * $trusted as setup when using puppet apply
-          # * an environment
-          #
-
-          # fixup trusted information
-          node.sanitize()
-
-          compiler = Puppet::Parser::ScriptCompiler.new(node.environment, node.name)
-          topscope = compiler.topscope
-
-          # When scripting the trusted data are always local, but set them anyway
-          topscope.set_trusted(node.trusted_data)
-
-          # Server facts are always about the local node's version etc.
-          topscope.set_server_facts(node.server_facts)
-
-          # Set $facts for the node running the script
-          facts_hash = node.facts.nil? ? {} : node.facts.values
-          topscope.set_facts(facts_hash)
-
-          # create the $settings:: variables
-          topscope.merge_settings(node.environment.name, false)
-
-          add_variables(topscope, pal_variables)
-
-          # compiler.compile(&block)
-          compiler.compile do | internal_compiler |
-            # wrap the internal compiler to prevent it from leaking in the PAL API
-            if block_given?
-              script_compiler = ScriptCompiler.new(internal_compiler)
-
-              # Make compiler available to Puppet#lookup
-              overrides[:pal_script_compiler] = script_compiler
-              Puppet.override(overrides, "PAL::with_script_compiler") do # TRANSLATORS: Do not translate, symbolic name
-                yield(script_compiler)
-              end
+      begin
+        # support the following features when evaluating puppet code
+        # * $facts with facts from host running the script
+        # * $settings with 'settings::*' namespace populated, and '$settings::all_local' hash
+        # * $trusted as setup when using puppet apply
+        # * an environment
+        #
+
+        # fixup trusted information
+        node.sanitize()
+
+        compiler = Puppet::Parser::ScriptCompiler.new(node.environment, node.name)
+        topscope = compiler.topscope
+
+        # When scripting the trusted data are always local, but set them anyway
+        topscope.set_trusted(node.trusted_data)
+
+        # Server facts are always about the local node's version etc.
+        topscope.set_server_facts(node.server_facts)
+
+        # Set $facts for the node running the script
+        facts_hash = node.facts.nil? ? {} : node.facts.values
+        topscope.set_facts(facts_hash)
+
+        # create the $settings:: variables
+        topscope.merge_settings(node.environment.name, false)
+
+        add_variables(topscope, pal_variables)
+
+        # compiler.compile(&block)
+        compiler.compile do | internal_compiler |
+          # wrap the internal compiler to prevent it from leaking in the PAL API
+          if block_given?
+            script_compiler = ScriptCompiler.new(internal_compiler)
+
+            # Make compiler available to Puppet#lookup
+            overrides[:pal_script_compiler] = script_compiler
+            Puppet.override(overrides, "PAL::with_script_compiler") do # TRANSLATORS: Do not translate, symbolic name
+              yield(script_compiler)
             end
           end
+        end
 
-        rescue Puppet::ParseErrorWithIssue, Puppet::Error
-          # already logged and handled by the compiler for these two cases
-          raise
+      rescue Puppet::ParseErrorWithIssue, Puppet::Error
+        # already logged and handled by the compiler for these two cases
+        raise
 
-        rescue => detail
-          Puppet.log_exception(detail)
-          raise
+      rescue => detail
+        Puppet.log_exception(detail)
+        raise
       end
     end
   end
+  private_class_method :main
 
   T_STRING = Puppet::Pops::Types::PStringType::NON_EMPTY
   T_STRING_ARRAY = Puppet::Pops::Types::TypeFactory.array_of(T_STRING)
@@ -857,18 +859,21 @@ module Pal
   def self.assert_optionally_empty_array(a, what, allow_nil=false)
     assert_type(T_STRING_ARRAY, a, what, allow_nil)
   end
+  private_class_method :assert_optionally_empty_array
 
   def self.assert_mutually_exclusive(a, b, a_term, b_term)
     if a && b
       raise ArgumentError, _("Cannot use '%{a_term}' and '%{b_term}' at the same time") % { a_term: a_term, b_term: b_term }
     end
   end
+  private_class_method :assert_mutually_exclusive
 
   def self.assert_block_given(block)
     if block.nil?
       raise ArgumentError, _("A block must be given")
     end
   end
+  private_class_method :assert_block_given
 end
 end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: bolt
 version: !ruby/object:Gem::Version
-  version: 0.17.1
+  version: 0.17.2
 platform: ruby
 authors:
 - Puppet
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2018-03-07 00:00:00.000000000 Z
+date: 2018-03-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -349,6 +349,9 @@ files:
 - lib/bolt/outputter/human.rb
 - lib/bolt/outputter/json.rb
 - lib/bolt/pal.rb
+- lib/bolt/puppetdb.rb
+- lib/bolt/puppetdb/client.rb
+- lib/bolt/puppetdb/config.rb
 - lib/bolt/result.rb
 - lib/bolt/result_set.rb
 - lib/bolt/target.rb
@@ -697,11 +700,13 @@ files:
 - vendored/puppet/lib/puppet/functions/dig.rb
 - vendored/puppet/lib/puppet/functions/each.rb
 - vendored/puppet/lib/puppet/functions/emerg.rb
+- vendored/puppet/lib/puppet/functions/empty.rb
 - vendored/puppet/lib/puppet/functions/epp.rb
 - vendored/puppet/lib/puppet/functions/err.rb
 - vendored/puppet/lib/puppet/functions/eyaml_lookup_key.rb
 - vendored/puppet/lib/puppet/functions/filter.rb
 - vendored/puppet/lib/puppet/functions/find_file.rb
+- vendored/puppet/lib/puppet/functions/flatten.rb
 - vendored/puppet/lib/puppet/functions/hiera.rb
 - vendored/puppet/lib/puppet/functions/hiera_array.rb
 - vendored/puppet/lib/puppet/functions/hiera_hash.rb
@@ -711,7 +716,10 @@ files:
 - vendored/puppet/lib/puppet/functions/include.rb
 - vendored/puppet/lib/puppet/functions/info.rb
 - vendored/puppet/lib/puppet/functions/inline_epp.rb
+- vendored/puppet/lib/puppet/functions/join.rb
 - vendored/puppet/lib/puppet/functions/json_data.rb
+- vendored/puppet/lib/puppet/functions/keys.rb
+- vendored/puppet/lib/puppet/functions/length.rb
 - vendored/puppet/lib/puppet/functions/lest.rb
 - vendored/puppet/lib/puppet/functions/lookup.rb
 - vendored/puppet/lib/puppet/functions/map.rb
@@ -735,6 +743,7 @@ files:
 - vendored/puppet/lib/puppet/functions/type.rb
 - vendored/puppet/lib/puppet/functions/unique.rb
 - vendored/puppet/lib/puppet/functions/unwrap.rb
+- vendored/puppet/lib/puppet/functions/values.rb
 - vendored/puppet/lib/puppet/functions/versioncmp.rb
 - vendored/puppet/lib/puppet/functions/warning.rb
 - vendored/puppet/lib/puppet/functions/with.rb
@@ -788,6 +797,7 @@ files:
 - vendored/puppet/lib/puppet/indirector/facts/facter.rb
 - vendored/puppet/lib/puppet/indirector/facts/memory.rb
 - vendored/puppet/lib/puppet/indirector/facts/network_device.rb
+- vendored/puppet/lib/puppet/indirector/facts/rest.rb
 - vendored/puppet/lib/puppet/indirector/facts/store_configs.rb
 - vendored/puppet/lib/puppet/indirector/facts/yaml.rb
 - vendored/puppet/lib/puppet/indirector/file_bucket_file/file.rb
@@ -1102,6 +1112,7 @@ files:
 - vendored/puppet/lib/puppet/pops/model/factory.rb
 - vendored/puppet/lib/puppet/pops/model/model_label_provider.rb
 - vendored/puppet/lib/puppet/pops/model/model_tree_dumper.rb
+- vendored/puppet/lib/puppet/pops/model/pn_transformer.rb
 - vendored/puppet/lib/puppet/pops/model/tree_dumper.rb
 - vendored/puppet/lib/puppet/pops/parser/code_merger.rb
 - vendored/puppet/lib/puppet/pops/parser/eparser.rb
@@ -1115,9 +1126,11 @@ files:
 - vendored/puppet/lib/puppet/pops/parser/locatable.rb
 - vendored/puppet/lib/puppet/pops/parser/locator.rb
 - vendored/puppet/lib/puppet/pops/parser/parser_support.rb
+- vendored/puppet/lib/puppet/pops/parser/pn_parser.rb
 - vendored/puppet/lib/puppet/pops/parser/slurp_support.rb
 - vendored/puppet/lib/puppet/pops/patterns.rb
 - vendored/puppet/lib/puppet/pops/pcore.rb
+- vendored/puppet/lib/puppet/pops/pn.rb
 - vendored/puppet/lib/puppet/pops/puppet_stack.rb
 - vendored/puppet/lib/puppet/pops/resource/param.rb
 - vendored/puppet/lib/puppet/pops/resource/resource_type_impl.rb