bolt 0.20.3 → 0.20.5

data/vendored/puppet/lib/puppet/provider/service/systemd.rb

@@ -25,7 +25,7 @@ Puppet::Type.type(:service).provide :systemd, :parent => :base do
   defaultfor :osfamily => :coreos
   defaultfor :operatingsystem => :amazon, :operatingsystemmajrelease => ["2"]
   defaultfor :operatingsystem => :debian, :operatingsystemmajrelease => ["8", "stretch/sid", "9", "buster/sid"]
-  defaultfor :operatingsystem => :ubuntu, :operatingsystemmajrelease => ["15.04","15.10","16.04","16.10"]
+  defaultfor :operatingsystem => :ubuntu, :operatingsystemmajrelease => ["15.04","15.10","16.04","16.10","17.04","17.10","18.04"]
   defaultfor :operatingsystem => :cumuluslinux, :operatingsystemmajrelease => ["3"]
 
   def self.instances

data/vendored/puppet/lib/puppet/provider/user/aix.rb

@@ -7,7 +7,7 @@
 #   but puppet does not allow it. There is a ticket open for that (#5431)
 # - AIX maximum password age is in WEEKs, not days
 #
-# See  https://docs.puppetlabs.com/guides/provider_development.html
+# See https://puppet.com/docs/puppet/latest/provider_development.html
 # for more information
 #
 # Author::    Hector Rivas Gandara <keymon@gmail.com>
@@ -276,7 +276,7 @@ Puppet::Type.type(:user).provide :aix, :parent => Puppet::Provider::AixObject do
     # Must receive "user:enc_password" as input
     # command, arguments = {:failonfail => true, :combine => true}
     # Fix for bugs #11200 and #10915
-    cmd = [self.class.command(:chpasswd), get_ia_module_args, '-e', '-c', user].flatten
+    cmd = [self.class.command(:chpasswd), get_ia_module_args, '-e', '-c'].flatten
     begin
       output = execute(cmd, {:failonfail => false, :combine => true, :stdinfile => tmpfile.path })
       # chpasswd can return 1, even on success (at least on AIX 6.1); empty output indicates success

data/vendored/puppet/lib/puppet/provider/yumrepo/inifile.rb

@@ -164,15 +164,7 @@ Puppet::Type.type(:yumrepo).provide(:inifile) do
     result = self.virtual_inifile[name]
     # Create a new section if not found.
     unless result
-      dirs = reposdir()
-      if dirs.empty?
-        # If no repo directories are present, default to using yum.conf.
-        path = '/etc/yum.conf'
-      else
-        # The ordering of reposdir is [defaults, custom], and we want to use
-        # the custom directory if present.
-        path = File.join(dirs.last, "#{name}.repo")
-      end
+      path = getRepoPath(name)
       result = self.virtual_inifile.add_section(name, path)
     end
     result
@@ -187,6 +179,7 @@ Puppet::Type.type(:yumrepo).provide(:inifile) do
 
     target_mode = 0644
     inifile.each_file do |file|
+      next unless Puppet::FileSystem.exist?(file)
       current_mode = Puppet::FileSystem.stat(file).mode & 0777
       unless current_mode == target_mode
         resource.info _("changing mode of %{file} from %{current_mode} to %{target_mode}") %
@@ -196,6 +189,19 @@ Puppet::Type.type(:yumrepo).provide(:inifile) do
     end
   end
 
+  def self.getRepoPath(name)
+    dirs = reposdir()
+    if dirs.empty?
+      # If no repo directories are present, default to using yum.conf.
+      path = '/etc/yum.conf'
+    else
+      # The ordering of reposdir is [defaults, custom], and we want to use
+      # the custom directory if present.
+      path = File.join(dirs.last, "#{name}.repo")
+    end
+    path
+  end
+
   # Create a new section for the given repository and set all the specified
   # properties in the section.
   #
@@ -204,6 +210,12 @@ Puppet::Type.type(:yumrepo).provide(:inifile) do
   def create
     @property_hash[:ensure] = :present
 
+    # Check to see if the file that would be created in the
+    # default location for the yumrepo already exists on disk.
+    # If it does, read it in to the virtual inifile
+    path = self.class.getRepoPath(name)
+    self.class.virtual_inifile.read(path) if Puppet::FileSystem.file?(path)
+
     # We fetch a list of properties from the type, then iterate
     # over them, avoiding ensure.  We're relying on .should to
     # check if the property has been set and should be modified,

data/vendored/puppet/lib/puppet/reference/providers.rb

@@ -90,7 +90,7 @@ providers = Puppet::Util::Reference.newreference :providers, :title => "Provider
 
     ret << markdown_header(type.name.to_s + "_", 2)
 
-    ret << "[#{type.name}](https://docs.puppetlabs.com/puppet/latest/reference/type.html##{type.name})\n\n"
+    ret << "[#{type.name}](https://puppet.com/docs/puppet/latest/type.html##{type.name})\n\n"
     ret << option("Default provider", default)
     ret << doctable(headers, table_data)
 

data/vendored/puppet/lib/puppet/reference/report.rb

@@ -14,7 +14,7 @@ Puppet master and Puppet apply will handle every report with a set of report
 processors, configurable with the `reports` setting in puppet.conf. This page
 documents the built-in report processors.
 
-See [About Reporting](https://docs.puppetlabs.com/puppet/latest/reference/reporting_about.html)
+See [About Reporting](https://puppet.com/docs/puppet/latest/reporting_about.html)
 for more details.
 
 "

data/vendored/puppet/lib/puppet/resource.rb

@@ -34,7 +34,7 @@ class Puppet::Resource
   TYPE_NODE  = 'Node'.freeze
   TYPE_SITE  = 'Site'.freeze
 
-  PCORE_TYPE_KEY = '__pcore_type__'.freeze
+  PCORE_TYPE_KEY = '__ptype'.freeze
   VALUE_KEY = 'value'.freeze
 
   def self.from_data_hash(data)

data/vendored/puppet/lib/puppet/resource/capability_finder.rb

@@ -7,7 +7,7 @@
 
 require 'net/http'
 require 'cgi'
-require 'json'
+require 'puppet/util/json'
 
 # @api private
 module Puppet::Resource::CapabilityFinder
@@ -92,11 +92,11 @@ module Puppet::Resource::CapabilityFinder
         response = Puppet::Util::Puppetdb::Http.action(url) do |conn, uri|
           conn.get(uri, { 'Accept' => 'application/json'})
         end
-        JSON.parse(response.body)
+        Puppet::Util::Json.load(response.body)
       end
 
       # The format of the response body is documented at
-      #   https://docs.puppetlabs.com/puppetdb/3.0/api/query/v4/resources.html#response-format
+      #   https://puppet.com/docs/puppetdb/3.0/api/query/v4/resources.html#response-format
       unless result.is_a?(Array)
         #TRANSLATOR PuppetDB is a product name and should not be translated
         raise Puppet::DevError, _("Unexpected response from PuppetDB when looking up %{capability}: expected an Array but got %{result}") %
@@ -104,7 +104,7 @@ module Puppet::Resource::CapabilityFinder
       end
 
       result
-    rescue JSON::JSONError => e
+    rescue Puppet::Util::Json::ParseError => e
       #TRANSLATOR PuppetDB is a product name and should not be translated
       raise Puppet::DevError, _("Invalid JSON from PuppetDB when looking up %{capability}\n%{detail}") % { capability: cap, detail: e }
     end

data/vendored/puppet/lib/puppet/resource/catalog.rb

@@ -235,7 +235,10 @@ class Puppet::Resource::Catalog < Puppet::Graph::SimpleGraph
 
     begin
       transaction.report.as_logging_destination do
-        transaction.evaluate
+        transaction_evaluate_time = Puppet::Util.thinmark do
+          transaction.evaluate
+        end
+        transaction.report.add_times(:transaction_evaluation, transaction_evaluate_time)
       end
     ensure
       # Don't try to store state unless we're a host config
@@ -539,7 +542,7 @@ class Puppet::Resource::Catalog < Puppet::Graph::SimpleGraph
   # Store the classes in the classfile.
   def write_class_file
     # classfile paths may contain UTF-8
-    # https://docs.puppet.com/puppet/latest/reference/configuration.html#classfile
+    # https://puppet.com/docs/puppet/latest/configuration.html#classfile
     classfile = Puppet.settings.setting(:classfile)
     Puppet::FileSystem.open(classfile.value, classfile.mode.to_i(8), "w:UTF-8") do |f|
       f.puts classes.join("\n")
@@ -551,7 +554,7 @@ class Puppet::Resource::Catalog < Puppet::Graph::SimpleGraph
   # Store the list of resources we manage
   def write_resource_file
     # resourcefile contains resources that may be UTF-8 names
-    # https://docs.puppet.com/puppet/latest/reference/configuration.html#resourcefile
+    # https://puppet.com/docs/puppet/latest/configuration.html#resourcefile
     resourcefile = Puppet.settings.setting(:resourcefile)
     Puppet::FileSystem.open(resourcefile.value, resourcefile.mode.to_i(8), "w:UTF-8") do |f|
       to_print = resources.map do |resource|

data/vendored/puppet/lib/puppet/resource/type.rb

@@ -189,8 +189,12 @@ class Puppet::Resource::Type
   def merge(other)
     fail _("%{name} is not a class; cannot add code to it") % { name: name } unless type == :hostclass
     fail _("%{name} is not a class; cannot add code from it") % { name: other.name } unless other.type == :hostclass
-    fail _("Cannot have code outside of a class/node/define because 'freeze_main' is enabled") if name == "" and Puppet.settings[:freeze_main]
-
+    if name == "" && Puppet.settings[:freeze_main]
+      # It is ok to merge definitions into main even if freeze is on (definitions are nodes, classes, defines, functions, and types)
+      unless other.code.is_definitions_only?
+        fail _("Cannot have code outside of a class/node/define because 'freeze_main' is enabled")
+      end
+    end
     if parent and other.parent and parent != other.parent
       fail _("Cannot merge classes with different parent classes (%{name} => %{parent} vs. %{other_name} => %{other_parent})") % { name: name, parent: parent, other_name: other.name, other_parent: other.parent }
     end

data/vendored/puppet/lib/puppet/rest/client.rb

@@ -0,0 +1,79 @@
+require 'httpclient'
+
+require 'puppet'
+require 'puppet/rest/response'
+require 'puppet/rest/errors'
+
+module Puppet::Rest
+  class Client
+    attr_reader :dns_resolver
+
+    # Create a new HTTP client for querying the given API.
+    # @param [OpenSSL::X509::Store] ssl_store the SSL configuration for this client
+    # @param [Integer] receive_timeout how long in seconds this client will wait
+    #                  for a response after making a request
+    # @param [HTTPClient] client the third-party HTTP client wrapped by this
+    #                     class. This param is only used for testing.
+    def initialize(ssl_store: OpenSSL::X509::Store.new,
+                   receive_timeout: Puppet[:http_read_timeout],
+                   client: HTTPClient.new(agent_name: nil,
+                                          default_header: {
+                                            'User-Agent' => Puppet[:http_user_agent],
+                                            'X-PUPPET-VERSION' => Puppet::PUPPETVERSION
+                                          }))
+      @client = client
+      @client.tcp_keepalive = true
+      @client.connect_timeout = Puppet[:http_connect_timeout]
+      @client.receive_timeout = receive_timeout
+      @client.transparent_gzip_decompression = true
+
+      if Puppet[:http_debug]
+        @client.debug_dev = $stderr
+      end
+
+      @client.ssl_config.cert_store = ssl_store
+
+      configure_verify_mode(@client.ssl_config)
+
+      @dns_resolver = Puppet::Network::Resolver.new
+    end
+
+    # Make a GET request to the specified URL with the specified params.
+    # @param [String] url the full path to query
+    # @param [Hash] query any URL params to add to send to the endpoint
+    # @param [Hash] header any additional entries to add to the default header
+    # @yields [String] chunks of the response body
+    # @raise [Puppet::Rest::ResponseError] if the response status is not OK
+    def get(url, query: nil, header: nil, &block)
+      begin
+        @client.get_content(url, { query: query, header: header }) do |chunk|
+          block.call(chunk)
+        end
+      rescue HTTPClient::BadResponseError => e
+        raise Puppet::Rest::ResponseError.new(e.message, Puppet::Rest::Response.new(e.res))
+      end
+    end
+
+    private
+
+    # Checks for SSL certificates on disk and sets VERIFY_PEER
+    # if they are found. Otherwise, sets VERIFY_NONE.
+    def configure_verify_mode(ssl_config)
+      # Either the path to an external CA or to our CA cert from the Puppet master
+      # TODO We may be able to consolidate this with the current intermediate CA work?
+      ca_path = Puppet[:ssl_client_ca_auth] || Puppet[:localcacert]
+
+      if ssl_certificates_are_present?(ca_path)
+        ssl_config.verify_mode = OpenSSL::SSL::VERIFY_PEER
+        ssl_config.add_trust_ca(ca_path)
+        ssl_config.set_client_cert_file(Puppet[:hostcert], Puppet[:hostprivkey])
+      else
+        ssl_config.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      end
+    end
+
+    def ssl_certificates_are_present?(ca_path)
+      Puppet::FileSystem.exist?(Puppet[:hostcert]) && Puppet::FileSystem.exist?(ca_path)
+    end
+  end
+end

data/vendored/puppet/lib/puppet/rest/errors.rb

@@ -0,0 +1,14 @@
+module Puppet::Rest
+  class ResponseError < Puppet::Error
+    attr_reader :response
+
+    # Error thrown when request status is not OK.
+    # @param [String] msg the error message
+    # @param [Puppet::Rest::Response] response the response from the failed
+    #                                 request
+    def initialize(msg, response = nil)
+      super(msg)
+      @response = response
+    end
+  end
+end

data/vendored/puppet/lib/puppet/rest/response.rb

@@ -0,0 +1,29 @@
+module Puppet::Rest
+  # This is a wrapper for the HTTP::Message class of the HTTPClient
+  # gem. It is designed to wrap a message sent as an HTTP response.
+  class Response
+    def initialize(message)
+      @message = message
+    end
+
+    def body
+      @message.body
+    end
+
+    def content_type
+      @message.content_type
+    end
+
+    def content_encoding
+      @message.headers['Content-Encoding']
+    end
+
+    def status_code
+      @message.status
+    end
+
+    def ok?
+      @message.ok?
+    end
+  end
+end

data/vendored/puppet/lib/puppet/rest/route.rb

@@ -0,0 +1,102 @@
+require 'uri'
+
+module Puppet::Rest
+  class Route
+    # Create a Route containing information for querying the given API,
+    # hosted at a server determined either by SRV service or by the
+    # fallback server on the fallback port.
+    # @param [String] api the path leading to the root of the API. Must
+    #                 contain a trailing slash for proper endpoint path
+    #                 construction
+    # @param [String] default_server the fqdn of the fallback server
+    # @param [Integer] port the fallback port
+    # @param [Symbol] srv_service the name of the service when using SRV
+    #                 records
+    def initialize(api:, default_server:, default_port:, srv_service:)
+      @api = api
+      @default_server = default_server
+      @default_port = default_port
+      @srv_service = srv_service
+    end
+
+    # Select a server and port to create a base URL for the API specified by this
+    # route. If the connection fails and SRV records are in use, the next suitable
+    # server will be tried. If SRV records are not in use or no successful connection
+    # could be made, fall back to the configured server and port for this API, taking
+    # into account failover settings.
+    # @parma [Puppet::Network::Resolver] dns_resolver the DNS resolver to use to check
+    #                                    SRV records
+    # @yield [URI] supply a base URL to make a request with
+    # @raise [Puppet::Error] if connection to selected server and port fails, and SRV
+    #                        records are not in use
+    def with_base_url(dns_resolver)
+      if @server && @port
+        # First try connecting to the previously selected server and port.
+        begin
+          return yield(base_url)
+        rescue SystemCallError => e
+          if Puppet[:use_srv_records]
+            Puppet.debug "Connection to cached server and port #{@server}:#{@port} failed, reselecting."
+          else
+            raise Puppet::Error, _("Connection to cached server and port %{server}:%{port} failed: %{message}") %
+              { server: @server, port: @port, message: e.message }
+          end
+        end
+      end
+
+      if Puppet[:use_srv_records]
+        dns_resolver.each_srv_record(@srv_service) do |srv_server, srv_port|
+          # Try each of the servers for this service in weighted order
+          # until a working one is found.
+          begin
+            @server = srv_server
+            @port = srv_port
+            return yield(base_url)
+          rescue SystemCallError
+            Puppet.debug "Connection to selected server and port #{@server}:#{@port} failed. Trying next cached SRV record."
+            @server = nil
+            @port = nil
+          end
+        end
+      end
+
+      # If we have provided a specific server and port, use those.
+      if @default_server && @default_port
+        @server = @default_server
+        @port = @default_port
+      else
+        # Otherwise, get server and port from default settings, taking
+        # into account the server list for HA.
+        bound_server = Puppet.lookup(:server) do
+          if primary_server = Puppet.settings[:server_list][0]
+            primary_server[0]
+          else
+            Puppet.settings[:server]
+          end
+        end
+
+        bound_port = Puppet.lookup(:serverport) do
+          if primary_server = Puppet.settings[:server_list][0]
+            primary_server[1]
+          else
+            Puppet.settings[:masterport]
+          end
+        end
+
+        @server = bound_server
+        @port = bound_port
+      end
+
+      Puppet.debug "No more servers in SRV record, falling back to #{@server}:#{@port}" if Puppet[:use_srv_records]
+      return yield(base_url)
+    end
+
+    private
+
+    # Returns a URI built from the information stored by this route,
+    # e.g. 'https://myserver.com:555/myapi/v1/'
+    def base_url
+      URI::HTTPS.build(host: @server, port: @port, path: @api)
+    end
+  end
+end

data/vendored/puppet/lib/puppet/rest/routes.rb

@@ -0,0 +1,31 @@
+require 'puppet/rest/route'
+
+module Puppet::Rest
+  module Routes
+    ACCEPT_ENCODING = 'gzip;q=1.0,deflate;q=0.6,identity;q=0.3'
+
+    def self.ca
+      @ca ||= Route.new(api: '/puppet-ca/v1/',
+                        default_server: Puppet[:ca_server],
+                        default_port: Puppet[:ca_port],
+                        srv_service: :ca)
+    end
+
+    # Make an HTTP request to fetch the named certificate, using the given
+    # HTTP client.
+    # @param [Puppet::Rest::Client] client the HTTP client to use to make the request
+    # @param [String] name the name of the certificate to fetch
+    # @raise [Puppet::Rest::ResponseError] if the response status is not OK
+    # @return [String] the PEM-encoded certificate or certificate bundle
+    def self.get_certificate(client, name)
+      ca.with_base_url(client.dns_resolver) do |base_url|
+        header = { 'Accept' => 'text/plain', 'accept-encoding' => ACCEPT_ENCODING }
+        body = ''
+        client.get(base_url + "certificate/#{name}", header: header) do |chunk|
+          body << chunk
+        end
+        body
+      end
+    end
+  end
+end