bolt 0.21.1 → 0.21.2

data/vendored/puppet/lib/puppet/pops/parser/lexer2.rb

@@ -662,7 +662,7 @@ class Lexer2
       :line_lexical_start => 0
     }
     # Use of --tasks introduces the new keyword 'plan'
-    @taskm_keywords = Puppet[:tasks] ? { 'plan' => [:PLAN, 'plan',  4] }.freeze : EMPTY_HASH
+    @taskm_keywords = Puppet[:tasks] ? { 'plan' => [:PLAN, 'plan',  4], 'apply' => [:APPLY, 'apply', 5] }.freeze : EMPTY_HASH
   end
 
   # Scans all of the content and returns it in an array

data/vendored/puppet/lib/puppet/pops/puppet_stack.rb

@@ -18,7 +18,7 @@ module Puppet::Pops
 #
 module PuppetStack
   # Pattern matching an entry in the ruby stack that is a puppet entry
-  PP_ENTRY_PATTERN = /^(.*\.pp)?:([0-9]+):in (`stack'|`block in call_function')/
+  PP_ENTRY_PATTERN = /^(.*\.pp)?:([0-9]+):in (`stack'|`block in call_function'|`<eval>')/
 
   # Sends a message to an obj such that it appears to come from
   # file, line when calling stacktrace.

data/vendored/puppet/lib/puppet/pops/serialization/to_data_converter.rb

@@ -96,7 +96,7 @@ module Serialization
         end
       elsif value.instance_of?(Hash)
         process(value) do
-          if value.keys.all? { |key| key.is_a?(String) }
+          if value.keys.all? { |key| key.is_a?(String) && key != PCORE_TYPE_KEY }
             result = {}
             value.each_pair { |key, elem| with(key) { result[key] = to_data(elem) } }
             result

data/vendored/puppet/lib/puppet/pops/types/p_binary_type.rb

@@ -91,8 +91,7 @@ class PBinaryType < PAnyType
     # @api private
     #
     def initialize(bin)
-      # TODO: When Ruby 1.9.3 support is dropped change this to `bin.b` for binary encoding instead of force_encoding
-      @binary_buffer = (bin.encoding.name == "ASCII-8BIT" ? bin : bin.dup.force_encoding("ASCII-8BIT")).freeze
+      @binary_buffer = (bin.encoding.name == "ASCII-8BIT" ? bin : bin.b).freeze
     end
 
     # Presents the binary content as a string base64 encoded string (without line breaks).

data/vendored/puppet/lib/puppet/pops/types/types.rb

@@ -1703,30 +1703,7 @@ class PRegexpType < PScalarType
   # @param regexp [Regexp] the regular expression
   # @return [String] the Regexp as a string without escaped slash
   def self.regexp_to_s(regexp)
-    # Rubies < 2.0.0 retains escaped delimiters in the source string.
-    @source_retains_escaped_slash ||= Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.0.0')
-    source = regexp.source
-    if @source_retains_escaped_slash && source.include?('\\')
-      # Restore corrupt string in rubies <2.0.0, i.e. turn '\/' into '/' but
-      # don't touch valid escapes such as '\s', '\{' etc.
-      escaped = false
-      bld = ''
-      source.each_codepoint do |codepoint|
-        if escaped
-          bld << 0x5c unless codepoint == 0x2f # '/'
-          bld << codepoint
-          escaped = false
-        elsif codepoint == 0x5c # '\'
-          escaped = true
-        elsif codepoint <= 0x7f
-          bld << codepoint
-        else
-          bld << [codepoint].pack('U')
-        end
-      end
-      source = bld
-    end
-    append_flags_group(source, regexp.options)
+    append_flags_group(regexp.source, regexp.options)
   end
 
   def self.append_flags_group(rx_string, options)

data/vendored/puppet/lib/puppet/pops/validation/checker4_0.rb

@@ -1036,6 +1036,11 @@ class Checker4_0 < Evaluator::LiteralEvaluator
     true
   end
 
+  def idem_ApplyExpression(o)
+    return false if o.arguments.any? { |value| !idem(value) }
+    idem(o.body)
+  end
+
   def idem_IfExpression(o)
     [o.test, o.then_expr, o.else_expr].all? {|e| idem(e) }
   end

data/vendored/puppet/lib/puppet/pops/validation/tasks_checker.rb

@@ -4,6 +4,15 @@ module Validation
 # Validator that limits the set of allowed expressions to not include catalog related operations
 # @api private
 class TasksChecker < Checker4_0
+  def in_ApplyExpression?
+    top = container(0)
+    step = -1
+    until container(step) == top do
+      return true if container(step).is_a? Puppet::Pops::Model::ApplyBlockExpression
+      step -= 1
+    end
+  end
+
   def check_Application(o)
     illegalTasksExpression(o)
   end
@@ -25,15 +34,27 @@ class TasksChecker < Checker4_0
   end
 
   def check_RelationshipExpression(o)
-    illegalTasksExpression(o)
+    if in_ApplyExpression?
+      super(o)
+    else
+      illegalTasksExpression(o)
+    end
   end
 
   def check_ResourceDefaultsExpression(o)
-    illegalTasksExpression(o)
+    if in_ApplyExpression?
+      super(o)
+    else
+      illegalTasksExpression(o)
+    end
   end
 
   def check_ResourceExpression(o)
-    illegalTasksExpression(o)
+    if in_ApplyExpression?
+      super(o)
+    else
+      illegalTasksExpression(o)
+    end
   end
 
   def check_ResourceOverrideExpression(o)
@@ -48,8 +69,14 @@ class TasksChecker < Checker4_0
     illegalTasksExpression(o)
   end
 
+  def check_ApplyExpression(o)
+    if in_ApplyExpression?
+      acceptor.accept(Issues::TASK_OPERATION_NOT_SUPPORTED_WHEN_COMPILING, o, {:operation => o.class.to_s})
+    end
+  end
+
   def illegalTasksExpression(o)
-    acceptor.accept(Issues::CATALOG_OPERATION_NOT_SUPPORTED_WHEN_SCRIPTING, o)
+    acceptor.accept(Issues::CATALOG_OPERATION_NOT_SUPPORTED_WHEN_SCRIPTING, o, {:operation => o.class.to_s})
   end
 
   def resource_without_title?(o)

data/vendored/puppet/lib/puppet/provider.rb

@@ -278,7 +278,12 @@ class Puppet::Provider
   # @see Provider.defaultfor
   # @api private
   def self.default_match
-    @defaults.find do |default|
+    return nil if some_default_match(@notdefaults) # Blacklist means this provider cannot be a default
+    some_default_match(@defaults)
+  end
+
+  def self.some_default_match(defaultlist)
+    defaultlist.find do |default|
       default.all? do |key, values|
         case key
           when :feature
@@ -329,6 +334,10 @@ class Puppet::Provider
     @defaults << hash
   end
 
+  def self.notdefaultfor(hash)
+    @notdefaults << hash
+  end
+
   # @return [Integer] Returns a numeric specificity for this provider based on how many requirements it has
   #  and number of _ancestors_. The higher the number the more specific the provider.
   # The number of requirements is based on the hash size of the matching {Provider.defaultfor}.
@@ -346,6 +355,7 @@ class Puppet::Provider
     # complexity of a provider).
     match = default_match
     length = match ? match.length : 0
+
     (length * 100) + ancestors.select { |a| a.is_a? Class }.length
   end
 
@@ -353,6 +363,7 @@ class Puppet::Provider
   # @return [void]
   def self.initvars
     @defaults = []
+    @notdefaults = []
     @commands = {}
   end
 

data/vendored/puppet/lib/puppet/provider/package/dnf.rb

@@ -28,7 +28,8 @@ Puppet::Type.type(:package).provide :dnf, :parent => :yum do
       end
   end
 
-  defaultfor :operatingsystem => :fedora, :operatingsystemmajrelease => (22..30).to_a
+  defaultfor :operatingsystem => :fedora
+  notdefaultfor :operatingsystem => :fedora, :operatingsystemmajrelease => (19..21).to_a
 
   def self.update_command
     # In DNF, update is deprecated for upgrade

data/vendored/puppet/lib/puppet/provider/selmodule/semodule.rb

@@ -22,7 +22,7 @@ Puppet::Type.type(:selmodule).provide(:semodule) do
     self.debug "Checking for module #{@resource[:name]}"
     execpipe("#{command(:semodule)} --list") do |out|
       out.each_line do |line|
-        if line =~ /#{@resource[:name]}\b/
+        if line =~ /^#{@resource[:name]}\b/
           return :true
         end
       end

data/vendored/puppet/lib/puppet/provider/service/base.rb

@@ -46,7 +46,7 @@ Puppet::Type.type(:service).provide :base, :parent => :service do
     # If that fails, force to UTF-8 and then scrub as most uses are scanning
     # for ACII-compatible program names.
     table.force_encoding(Encoding::UTF_8) unless table.encoding == Encoding::UTF_8
-    table = Puppet::Util::CharacterEncoding.scrub(table) unless table.valid_encoding?
+    table = table.scrub unless table.valid_encoding?
 
     table.each_line { |line|
       if regex.match(line)

data/vendored/puppet/lib/puppet/provider/service/systemd.rb

@@ -25,7 +25,9 @@ Puppet::Type.type(:service).provide :systemd, :parent => :base do
   defaultfor :osfamily => :coreos
   defaultfor :operatingsystem => :amazon, :operatingsystemmajrelease => ["2"]
   defaultfor :operatingsystem => :debian, :operatingsystemmajrelease => ["8", "stretch/sid", "9", "buster/sid"]
-  defaultfor :operatingsystem => :ubuntu, :operatingsystemmajrelease => ["15.04","15.10","16.04","16.10","17.04","17.10","18.04"]
+
+  defaultfor :operatingsystem => :ubuntu
+  notdefaultfor :operatingsystem => :ubuntu, :operatingsystemmajrelease => ["10.04", "12.04", "14.04", "14.10"] # These are using upstart
   defaultfor :operatingsystem => :cumuluslinux, :operatingsystemmajrelease => ["3"]
 
   def self.instances

data/vendored/puppet/lib/puppet/provider/service/upstart.rb

@@ -16,6 +16,8 @@ Puppet::Type.type(:service).provide :upstart, :parent => :debian do
     Facter.value(:operatingsystem) == 'LinuxMint',
   ]
 
+  confine :exists => "/var/run/upstart-socket-bridge.pid"
+
   defaultfor :operatingsystem => :ubuntu, :operatingsystemmajrelease => ["10.04", "12.04", "14.04", "14.10"]
 
   commands :start   => "/sbin/start",

data/vendored/puppet/lib/puppet/reference/configuration.rb

@@ -54,6 +54,12 @@ config.header = <<EOT
 
 * Each of these settings can be specified in `puppet.conf` or on the
   command line.
+* Puppet Enterprise (PE) and open source Puppet share the configuration settings
+  that are documented here. However, PE defaults for some settings differ from
+  the open source Puppet defaults. Some examples of settings that have different
+  PE defaults include `disable18n`, `environment_timeout`, `always_retry_plugins`,
+  and the Puppet Server JRuby `max-active-instances` setting. To verify PE
+  configuration defaults, check the `puppet.conf` file after installation.
 * When using boolean settings on the command line, use `--setting` and
   `--no-setting` instead of `--setting (true|false)`. (Using `--setting false`
   results in "Error: Could not parse application options: needless argument".)

data/vendored/puppet/lib/puppet/reports.rb

@@ -73,7 +73,7 @@ class Puppet::Reports
     docs = ""
 
     # Use this method so they all get loaded
-    instance_loader(:report).loadall
+    instance_loader(:report).loadall(Puppet.lookup(:current_environment))
     loaded_instances(:report).sort { |a,b| a.to_s <=> b.to_s }.each do |name|
       mod = self.report(name)
       docs << "#{name}\n#{"-" * name.to_s.length}\n"
@@ -87,7 +87,7 @@ class Puppet::Reports
   # Lists each of the reports.
   # @api private
   def self.reports
-    instance_loader(:report).loadall
+    instance_loader(:report).loadall(Puppet.lookup(:current_environment))
     loaded_instances(:report)
   end
 end

data/vendored/puppet/lib/puppet/resource/status.rb

@@ -193,6 +193,7 @@ module Puppet
         @changed = data['changed']
         @skipped = data['skipped']
         @failed = data['failed']
+        @failed_to_restart = data['failed_to_restart']
         @corrective_change = data['corrective_change']
         @events = data['events'].map do |event|
           # Older versions contain tags that causes Psych to create instances directly
@@ -213,6 +214,7 @@ module Puppet
           'tags' => @tags.to_a,
           'time' => @time.iso8601(9),
           'failed' => @failed,
+          'failed_to_restart' => self.failed_to_restart?,
           'changed' => @changed,
           'out_of_sync' => @out_of_sync,
           'skipped' => @skipped,

data/vendored/puppet/lib/puppet/resource/type_collection.rb

@@ -208,7 +208,7 @@ class Puppet::Resource::TypeCollection
       if environment.config_version.nil? || environment.config_version == ""
         @version = Time.now.to_i
       else
-        @version = Puppet::Util::Execution.execute([environment.config_version]).strip
+        @version = Puppet::Util::Execution.execute([environment.config_version]).to_s.strip
       end
     end
 

data/vendored/puppet/lib/puppet/rest/client.rb

@@ -3,18 +3,19 @@ require 'httpclient'
 require 'puppet'
 require 'puppet/rest/response'
 require 'puppet/rest/errors'
+require 'puppet/util/ssl'
 
 module Puppet::Rest
   class Client
     attr_reader :dns_resolver
 
     # Create a new HTTP client for querying the given API.
-    # @param [OpenSSL::X509::Store] ssl_store the SSL configuration for this client
+    # @param [Puppet::Rest::SSLContext] ssl_context the SSL configuration for this client
     # @param [Integer] receive_timeout how long in seconds this client will wait
     #                  for a response after making a request
     # @param [HTTPClient] client the third-party HTTP client wrapped by this
     #                     class. This param is only used for testing.
-    def initialize(ssl_store: OpenSSL::X509::Store.new,
+    def initialize(ssl_context:,
                    receive_timeout: Puppet[:http_read_timeout],
                    client: HTTPClient.new(agent_name: nil,
                                           default_header: {
@@ -31,49 +32,52 @@ module Puppet::Rest
         @client.debug_dev = $stderr
       end
 
-      @client.ssl_config.cert_store = ssl_store
-
-      configure_verify_mode(@client.ssl_config)
+      @ca_path = Puppet[:ssl_client_ca_auth] || Puppet[:localcacert]
+      @verifier = Puppet::SSL::Validator::DefaultValidator.new(@ca_path)
+      configure_verify_mode(ssl_context)
 
       @dns_resolver = Puppet::Network::Resolver.new
     end
 
     # Make a GET request to the specified URL with the specified params.
-    # @param [String] url the full path to query
+    # @param [URI::HTTPS] url the full path to query
     # @param [Hash] query any URL params to add to send to the endpoint
     # @param [Hash] header any additional entries to add to the default header
     # @yields [String] chunks of the response body
     # @raise [Puppet::Rest::ResponseError] if the response status is not OK
     def get(url, query: nil, header: nil, &block)
       begin
-        @client.get_content(url, { query: query, header: header }) do |chunk|
+        @client.get_content(url.to_s, { query: query, header: header }) do |chunk|
           block.call(chunk)
         end
       rescue HTTPClient::BadResponseError => e
         raise Puppet::Rest::ResponseError.new(e.message, Puppet::Rest::Response.new(e.res))
+      rescue OpenSSL::OpenSSLError => e
+        Puppet::Util::SSL.handle_connection_error(e, @verifier, url.host)
       end
     end
 
-    private
-
-    # Checks for SSL certificates on disk and sets VERIFY_PEER
-    # if they are found. Otherwise, sets VERIFY_NONE.
-    def configure_verify_mode(ssl_config)
-      # Either the path to an external CA or to our CA cert from the Puppet master
-      # TODO We may be able to consolidate this with the current intermediate CA work?
-      ca_path = Puppet[:ssl_client_ca_auth] || Puppet[:localcacert]
-
-      if ssl_certificates_are_present?(ca_path)
-        ssl_config.verify_mode = OpenSSL::SSL::VERIFY_PEER
-        ssl_config.add_trust_ca(ca_path)
-        ssl_config.set_client_cert_file(Puppet[:hostcert], Puppet[:hostprivkey])
-      else
-        ssl_config.verify_mode = OpenSSL::SSL::VERIFY_NONE
+    # Make a PUT request to the specified URL with the specified params.
+    # @param [URI::HTTPS] url the full path to query
+    # @param [String/Hash] body the contents of the PUT request
+    # @param [Hash] query any URL params to add to send to the endpoint
+    # @param [Hash] header any additional entries to add to the default header
+    # @return [Puppet::Rest::Response]
+    def put(url, body:, query: nil, header: nil)
+      begin
+        response = @client.put(url.to_s, body: body, query: query, header: header)
+        Puppet::Rest::Response.new(response)
+      rescue OpenSSL::OpenSSLError => e
+        Puppet::Util::SSL.handle_connection_error(e, @verifier, url.host)
       end
     end
 
-    def ssl_certificates_are_present?(ca_path)
-      Puppet::FileSystem.exist?(Puppet[:hostcert]) && Puppet::FileSystem.exist?(ca_path)
+    private
+
+    def configure_verify_mode(ssl_context)
+      @client.ssl_config.verify_callback = @verifier
+      @client.ssl_config.cert_store = ssl_context.cert_store
+      @client.ssl_config.verify_mode = ssl_context.verify_mode
     end
   end
 end

data/vendored/puppet/lib/puppet/rest/response.rb

@@ -25,5 +25,10 @@ module Puppet::Rest
     def ok?
       @message.ok?
     end
+
+    def to_exception
+      message = _("Error %{code} on SERVER: %{returned_message}") % { code: status_code, returned_message: body }
+      Puppet::Rest::ResponseError.new(message, self)
+    end
   end
 end

data/vendored/puppet/lib/puppet/rest/route.rb

@@ -1,21 +1,26 @@
 require 'uri'
+require 'puppet/util/connection'
 
 module Puppet::Rest
   class Route
+    attr_reader :server
+
     # Create a Route containing information for querying the given API,
     # hosted at a server determined either by SRV service or by the
     # fallback server on the fallback port.
     # @param [String] api the path leading to the root of the API. Must
     #                 contain a trailing slash for proper endpoint path
     #                 construction
-    # @param [String] default_server the fqdn of the fallback server
-    # @param [Integer] port the fallback port
+    # @param [Symbol] server_setting the setting to check for special
+    #                 server configuration
+    # @param [Symbol] port_setting the setting to check for speical
+    #                  port configuration
     # @param [Symbol] srv_service the name of the service when using SRV
     #                 records
-    def initialize(api:, default_server:, default_port:, srv_service:)
+    def initialize(api:, server_setting: :server, port_setting: :masterport, srv_service: :puppet)
       @api = api
-      @default_server = default_server
-      @default_port = default_port
+      @default_server = Puppet::Util::Connection.determine_server(server_setting)
+      @default_port = Puppet::Util::Connection.determine_port(port_setting, server_setting)
       @srv_service = srv_service
     end
 
@@ -60,32 +65,9 @@ module Puppet::Rest
         end
       end
 
-      # If we have provided a specific server and port, use those.
-      if @default_server && @default_port
-        @server = @default_server
-        @port = @default_port
-      else
-        # Otherwise, get server and port from default settings, taking
-        # into account the server list for HA.
-        bound_server = Puppet.lookup(:server) do
-          if primary_server = Puppet.settings[:server_list][0]
-            primary_server[0]
-          else
-            Puppet.settings[:server]
-          end
-        end
-
-        bound_port = Puppet.lookup(:serverport) do
-          if primary_server = Puppet.settings[:server_list][0]
-            primary_server[1]
-          else
-            Puppet.settings[:masterport]
-          end
-        end
-
-        @server = bound_server
-        @port = bound_port
-      end
+      # If not using SRV records, fall back to the defaults calculated above
+      @server = @default_server
+      @port = @default_port
 
       Puppet.debug "No more servers in SRV record, falling back to #{@server}:#{@port}" if Puppet[:use_srv_records]
       return yield(base_url)