puppet-lint 3.0.1 → 3.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 780fb18c627fc4498cfbd056762846a70b2240619c52a23121d522b56aaec062
-  data.tar.gz: 59068f03812ef0d9b622fa6b9440567ba4e12f33a5349c1ddc9c642ac7dd51a5
+  metadata.gz: 4fce16244bedd61b8ca330f4dd9c2947e8111382830ebd63b22d9f2af8d2a50b
+  data.tar.gz: 727de95b4de5c2c2ee24172eea4f9e2551c816e31f3898bcc20e498e4ee7d614
 SHA512:
-  metadata.gz: 32fb18937f47636f80535bcc8db5884aa63a6af9a86f148ee25a37b65890d13f275094ab2a81012a5ef7385d696195c59632d234eca805c94a2bc2d3b4d77905
-  data.tar.gz: 124a921b4ad50b3f923f7180d330a89f313f70c5b77d1dcf8060611a124171e1bf3ef06f8b3d4b27421cad4157c69699c12bc8acc8dd63461a61fb1aecacc14c
+  metadata.gz: cb7870bfd9fd0a5bc5a616c651b0d614e6134761b15149c2db34f8796358b23dee66ae465c47f8361f37c9066286d49a619e764277acd6a49aa9ba7c68e2842c
+  data.tar.gz: fc2ea5694a8dd0660018d2a8cd1fbee55bb813fd68b052c06127a3857ba00b99e6e67970e9fb58ae1681f34cb4ddb8d6fda8c74690b9bf7c403f37ba80cc024e

data/README.md

@@ -9,7 +9,9 @@ guide](http://puppet.com/docs/puppet/latest/style_guide.html). Puppet Lint valid
 
 ## Compatibility warning
 
-Puppet Lint version 2 is the last planned version with support for Puppet 3 and Ruby 1.8.7. The next major version of Puppet Lint will drop support for these versions.
+Version 3.0.0 and above will no longer support Puppet 6 environments.
+
+In cases where Puppet Lint is required in an environment with Puppet 6, we recommend pinning to version 2.5.2.
 
 ## Installation
 

data/lib/puppet-lint/data.rb

@@ -155,6 +155,18 @@ class PuppetLint::Data
       end
     end
 
+    # Internal: Determine if the given token contains a CLASSREF in
+    # the token chain..
+    #
+    # Returns a Boolean.
+    def classref?(token)
+      current_token = token
+      while (current_token = current_token.prev_code_token)
+        return true if current_token.type == :CLASSREF
+        return false if current_token.type == :NAME
+      end
+    end
+
     # Internal: Calculate the positions of all resource declarations within the
     # tokenised manifest. These positions only point to the content of the
     # resource declarations, they do not include resource types or titles.
@@ -170,6 +182,7 @@ class PuppetLint::Data
         result = []
         tokens.select { |t| t.type == :COLON }.each do |colon_token|
           next unless colon_token.next_code_token && colon_token.next_code_token.type != :LBRACE
+          next if classref?(colon_token)
 
           rel_start_idx = tokens[marker..-1].index(colon_token)
           break if rel_start_idx.nil?

data/lib/puppet-lint/plugins/check_whitespace/trailing_whitespace.rb

@@ -30,7 +30,7 @@ PuppetLint.new_check(:trailing_whitespace) do
 
     prev_token = problem[:token].prev_token
     next_token = problem[:token].next_token
-    prev_token.next_token = next_token
+    prev_token.next_token = next_token unless prev_token.nil?
     next_token.prev_token = prev_token unless next_token.nil?
     tokens.delete(problem[:token])
   end

data/lib/puppet-lint/plugins/legacy_facts/legacy_facts.rb

@@ -0,0 +1,189 @@
+# Public: A puppet-lint custom check to detect legacy facts.
+#
+# This check will optionally convert from legacy facts like $::operatingsystem
+# or legacy hashed facts like $facts['operatingsystem'] to the
+# new structured facts like $facts['os']['name'].
+#
+# This plugin was adopted in to puppet-lint from https://github.com/mmckinst/puppet-lint-legacy_facts-check
+# Thanks to @mmckinst, @seanmil, @rodjek, @baurmatt, @bart2 and @joshcooper for the original work.
+PuppetLint.new_check(:legacy_facts) do
+  LEGACY_FACTS_VAR_TYPES = Set[:VARIABLE, :UNENC_VARIABLE]
+
+  # These facts that can't be converted to new facts.
+  UNCONVERTIBLE_FACTS = ['memoryfree_mb', 'memorysize_mb', 'swapfree_mb',
+                         'swapsize_mb', 'blockdevices', 'interfaces', 'zones',
+                         'sshfp_dsa', 'sshfp_ecdsa', 'sshfp_ed25519',
+                         'sshfp_rsa'].freeze
+
+  # These facts will depend on how a system is set up and can't just be
+  # enumerated like the EASY_FACTS below.
+  #
+  # For example a server might have two block devices named 'sda' and 'sdb' so
+  # there would be a $blockdeivce_sda_vendor and $blockdeivce_sdb_vendor fact
+  # for each device. Or it could have 26 block devices going all the way up to
+  # 'sdz'. There is no way to know what the possibilities are so we have to use
+  # a regex to match them.
+  REGEX_FACTS = [%r{^blockdevice_(?<devicename>.*)_(?<attribute>model|size|vendor)$},
+                 %r{^(?<attribute>ipaddress|ipaddress6|macaddress|mtu|netmask|netmask6|network|network6)_(?<interface>.*)$},
+                 %r{^processor(?<id>[0-9]+)$},
+                 %r{^sp_(?<name>.*)$},
+                 %r{^ssh(?<algorithm>dsa|ecdsa|ed25519|rsa)key$},
+                 %r{^ldom_(?<name>.*)$},
+                 %r{^zone_(?<name>.*)_(?<attribute>brand|iptype|name|uuid|id|path|status)$}].freeze
+
+  # These facts have a one to one correlation between a legacy fact and a new
+  # structured fact.
+  EASY_FACTS = {
+    'architecture'                => "facts['os']['architecture']",
+    'augeasversion'               => "facts['augeas']['version']",
+    'bios_release_date'           => "facts['dmi']['bios']['release_date']",
+    'bios_vendor'                 => "facts['dmi']['bios']['vendor']",
+    'bios_version'                => "facts['dmi']['bios']['version']",
+    'boardassettag'               => "facts['dmi']['board']['asset_tag']",
+    'boardmanufacturer'           => "facts['dmi']['board']['manufacturer']",
+    'boardproductname'            => "facts['dmi']['board']['product']",
+    'boardserialnumber'           => "facts['dmi']['board']['serial_number']",
+    'chassisassettag'             => "facts['dmi']['chassis']['asset_tag']",
+    'chassistype'                 => "facts['dmi']['chassis']['type']",
+    'domain'                      => "facts['networking']['domain']",
+    'fqdn'                        => "facts['networking']['fqdn']",
+    'gid'                         => "facts['identity']['group']",
+    'hardwareisa'                 => "facts['processors']['isa']",
+    'hardwaremodel'               => "facts['os']['hardware']",
+    'hostname'                    => "facts['networking']['hostname']",
+    'id'                          => "facts['identity']['user']",
+    'ipaddress'                   => "facts['networking']['ip']",
+    'ipaddress6'                  => "facts['networking']['ip6']",
+    'lsbdistcodename'             => "facts['os']['distro']['codename']",
+    'lsbdistdescription'          => "facts['os']['distro']['description']",
+    'lsbdistid'                   => "facts['os']['distro']['id']",
+    'lsbdistrelease'              => "facts['os']['distro']['release']['full']",
+    'lsbmajdistrelease'           => "facts['os']['distro']['release']['major']",
+    'lsbminordistrelease'         => "facts['os']['distro']['release']['minor']",
+    'lsbrelease'                  => "facts['os']['distro']['release']['specification']",
+    'macaddress'                  => "facts['networking']['mac']",
+    'macosx_buildversion'         => "facts['os']['build']",
+    'macosx_productname'          => "facts['os']['product']",
+    'macosx_productversion'       => "facts['os']['version']['full']",
+    'macosx_productversion_major' => "facts['os']['version']['major']",
+    'macosx_productversion_minor' => "facts['os']['version']['minor']",
+    'manufacturer'                => "facts['dmi']['manufacturer']",
+    'memoryfree'                  => "facts['memory']['system']['available']",
+    'memorysize'                  => "facts['memory']['system']['total']",
+    'netmask'                     => "facts['networking']['netmask']",
+    'netmask6'                    => "facts['networking']['netmask6']",
+    'network'                     => "facts['networking']['network']",
+    'network6'                    => "facts['networking']['network6']",
+    'operatingsystem'             => "facts['os']['name']",
+    'operatingsystemmajrelease'   => "facts['os']['release']['major']",
+    'operatingsystemrelease'      => "facts['os']['release']['full']",
+    'osfamily'                    => "facts['os']['family']",
+    'physicalprocessorcount'      => "facts['processors']['physicalcount']",
+    'processorcount'              => "facts['processors']['count']",
+    'productname'                 => "facts['dmi']['product']['name']",
+    'rubyplatform'                => "facts['ruby']['platform']",
+    'rubysitedir'                 => "facts['ruby']['sitedir']",
+    'rubyversion'                 => "facts['ruby']['version']",
+    'selinux'                     => "facts['os']['selinux']['enabled']",
+    'selinux_config_mode'         => "facts['os']['selinux']['config_mode']",
+    'selinux_config_policy'       => "facts['os']['selinux']['config_policy']",
+    'selinux_current_mode'        => "facts['os']['selinux']['current_mode']",
+    'selinux_enforced'            => "facts['os']['selinux']['enforced']",
+    'selinux_policyversion'       => "facts['os']['selinux']['policy_version']",
+    'serialnumber'                => "facts['dmi']['product']['serial_number']",
+    'swapencrypted'               => "facts['memory']['swap']['encrypted']",
+    'swapfree'                    => "facts['memory']['swap']['available']",
+    'swapsize'                    => "facts['memory']['swap']['total']",
+    'system32'                    => "facts['os']['windows']['system32']",
+    'uptime'                      => "facts['system_uptime']['uptime']",
+    'uptime_days'                 => "facts['system_uptime']['days']",
+    'uptime_hours'                => "facts['system_uptime']['hours']",
+    'uptime_seconds'              => "facts['system_uptime']['seconds']",
+    'uuid'                        => "facts['dmi']['product']['uuid']",
+    'xendomains'                  => "facts['xen']['domains']",
+    'zonename'                    => "facts['solaris_zones']['current']",
+  }.freeze
+
+  # A list of valid hash key token types
+  HASH_KEY_TYPES = Set[
+    :STRING,  # Double quoted string
+    :SSTRING, # Single quoted string
+    :NAME,    # Unquoted single word
+  ].freeze
+
+  def check
+    tokens.select { |x| LEGACY_FACTS_VAR_TYPES.include?(x.type) }.each do |token|
+      fact_name = ''
+
+      # Get rid of the top scope before we do our work. We don't need to
+      # preserve it because it won't work with the new structured facts.
+      if token.value.start_with?('::')
+        fact_name = token.value.sub(%r{^::}, '')
+
+      # This matches using legacy facts in a the new structured fact. For
+      # example this would match 'uuid' in $facts['uuid'] so it can be converted
+      # to facts['dmi']['product']['uuid']"
+      elsif token.value == 'facts'
+        fact_name = hash_key_for(token)
+
+      elsif token.value.start_with?("facts['")
+        fact_name = token.value.match(%r{facts\['(.*)'\]})[1]
+      end
+
+      next unless EASY_FACTS.include?(fact_name) || UNCONVERTIBLE_FACTS.include?(fact_name) || fact_name.match(Regexp.union(REGEX_FACTS))
+      notify :warning, {
+        message: "legacy fact '#{fact_name}'",
+        line: token.line,
+        column: token.column,
+        token: token,
+        fact_name: fact_name,
+      }
+    end
+  end
+
+  # If the variable is using the $facts hash represented internally by multiple
+  # tokens, this helper simplifies accessing the hash key.
+  def hash_key_for(token)
+    lbrack_token = token.next_code_token
+    return '' unless lbrack_token && lbrack_token.type == :LBRACK
+
+    key_token = lbrack_token.next_code_token
+    return '' unless key_token && HASH_KEY_TYPES.include?(key_token.type)
+
+    key_token.value
+  end
+
+  def fix(problem)
+    fact_name = problem[:fact_name]
+
+    # Check if the variable is using the $facts hash represented internally by
+    # multiple tokens and remove the tokens for the old legacy key if so.
+    if problem[:token].value == 'facts'
+      loop do
+        t = problem[:token].next_token
+        remove_token(t)
+        break if t.type == :RBRACK
+      end
+    end
+
+    if EASY_FACTS.include?(fact_name)
+      problem[:token].value = EASY_FACTS[fact_name]
+    elsif fact_name.match(Regexp.union(REGEX_FACTS))
+      if (m = fact_name.match(%r{^blockdevice_(?<devicename>.*)_(?<attribute>model|size|vendor)$}))
+        problem[:token].value = "facts['disks']['" << m['devicename'] << "']['" << m['attribute'] << "']"
+      elsif (m = fact_name.match(%r{^(?<attribute>ipaddress|ipaddress6|macaddress|mtu|netmask|netmask6|network|network6)_(?<interface>.*)$}))
+        problem[:token].value = "facts['networking']['interfaces']['" << m['interface'] << "']['" << m['attribute'].sub('address', '') << "']"
+      elsif (m = fact_name.match(%r{^processor(?<id>[0-9]+)$}))
+        problem[:token].value = "facts['processors']['models'][" << m['id'] << ']'
+      elsif (m = fact_name.match(%r{^sp_(?<name>.*)$}))
+        problem[:token].value = "facts['system_profiler']['" << m['name'] << "']"
+      elsif (m = fact_name.match(%r{^ssh(?<algorithm>dsa|ecdsa|ed25519|rsa)key$}))
+        problem[:token].value = "facts['ssh']['" << m['algorithm'] << "']['key']"
+      elsif (m = fact_name.match(%r{^ldom_(?<name>.*)$}))
+        problem[:token].value = "facts['ldom']['" << m['name'] << "']"
+      elsif (m = fact_name.match(%r{^zone_(?<name>.*)_(?<attribute>brand|iptype|name|uuid|id|path|status)$}))
+        problem[:token].value = "facts['solaris_zones']['zones']['" << m['name'] << "']['" << m['attribute'] << "']"
+      end
+    end
+  end
+end

data/lib/puppet-lint/plugins/top_scope_facts/top_scope_facts.rb

@@ -0,0 +1,38 @@
+# Public: A puppet-lint plugin that will check for the use of top scope facts.
+# For example, the fact `$facts['kernel']` should be used over
+# `$::kernel`.
+#
+# The check only finds facts using the top-scope: ie it will find $::operatingsystem
+# but not $operatingsystem. It also all top scope variables are facts.
+# If you have top scope variables that aren't facts you should configure the
+# linter to ignore them.
+#
+# You can whitelist top scope variables to ignore via the Rake task.
+# You should insert the following line to your Rakefile.
+# `PuppetLint.configuration.top_scope_variables = ['location', 'role']`
+#
+# This plugin was adopted in to puppet-lint from https://github.com/mmckinst/puppet-lint-top_scope_facts-check
+# Thanks to @mmckinst, @seanmil and @alexjfisher for the original work.
+PuppetLint.new_check(:top_scope_facts) do
+  TOP_SCOPE_FACTS_VAR_TYPES = Set[:VARIABLE, :UNENC_VARIABLE]
+  def check
+    whitelist = ['trusted', 'facts'] + (PuppetLint.configuration.top_scope_variables || [])
+    whitelist = whitelist.join('|')
+    tokens.select { |x| TOP_SCOPE_FACTS_VAR_TYPES.include?(x.type) }.each do |token|
+      next unless %r{^::}.match?(token.value)
+      next if %r{^::(#{whitelist})\[?}.match?(token.value)
+      next if %r{^::[a-z0-9_][a-zA-Z0-9_]+::}.match?(token.value)
+
+      notify :warning, {
+        message: 'top scope fact instead of facts hash',
+        line: token.line,
+        column: token.column,
+        token: token,
+      }
+    end
+  end
+
+  def fix(problem)
+    problem[:token].value = "facts['" + problem[:token].value.sub(%r{^::}, '') + "']"
+  end
+end

data/lib/puppet-lint/version.rb

@@ -1,3 +1,3 @@
 class PuppetLint
-  VERSION = '3.0.1'.freeze
+  VERSION = '3.1.0'.freeze
 end

data/{.rubocop.yml → rubocop_baseline.yml}

@@ -1,24 +1,22 @@
 ---
 require:
-- rubocop-performance
-- rubocop-rspec
+  - rubocop-performance
+  - rubocop-rspec
 AllCops:
+  TargetRubyVersion: '2.7'
   DisplayCopNames: true
-  TargetRubyVersion: '2.6'
   SuggestExtensions: false
-  Include:
-  - "**/*.rb"
   Exclude:
-  - bin/*
-  - ".vendor/**/*"
-  - "**/Gemfile"
-  - "**/Rakefile"
-  - pkg/**/*
-  - spec/fixtures/**/*
-  - vendor/**/*
-  - "**/Puppetfile"
-  - "**/Vagrantfile"
-  - "**/Guardfile"
+    - "bin/*"
+    - ".vendor/**/*"
+    - "**/Gemfile"
+    - "**/Rakefile"
+    - "pkg/**/*"
+    - "spec/fixtures/**/*"
+    - "vendor/**/*"
+    - "**/Puppetfile"
+    - "**/Vagrantfile"
+    - "**/Guardfile"
 Layout/LineLength:
   Description: People have wide screens, use them.
   Max: 200

data/spec/unit/puppet-lint/bin_spec.rb

@@ -378,7 +378,7 @@ describe PuppetLint::Bin do
       if respond_to?(:include_json)
         is_expected.to include_json([[{ 'KIND' => 'WARNING' }]])
       else
-        is_expected.to match(%r{\[\n  \{})
+        is_expected.to match(%r{\[\n  \[\n    \{})
       end
     end
   end
@@ -397,7 +397,7 @@ describe PuppetLint::Bin do
       if respond_to?(:include_json)
         is_expected.to include_json([[{ 'KIND' => 'ERROR' }], [{ 'KIND' => 'WARNING' }]])
       else
-        is_expected.to match(%r{\[\n  \{})
+        is_expected.to match(%r{\[\n  \[\n    \{})
       end
     end
   end

data/spec/unit/puppet-lint/data_spec.rb

@@ -33,6 +33,42 @@ describe PuppetLint::Data do
         }
       end
     end
+
+    context 'when given a defaults declaration' do
+      let(:manifest) { "Service { 'foo': }" }
+
+      it 'returns an empty array' do
+        expect(data.resource_indexes).to eq([])
+      end
+    end
+
+    context 'when given a set of resource declarations' do
+      let(:manifest) { <<-MANIFEST }
+        service {
+          'foo':
+            ensure => running,
+        }
+
+        service {
+          'bar':
+            ensure => running;
+          'foobar':
+            ensure => stopped;
+        }
+
+        service { ['first', 'second']:
+          ensure => running,
+        }
+
+        service { 'third':
+          ensure => running,
+        }
+      MANIFEST
+
+      it 'returns an array of resource indexes' do
+        expect(data.resource_indexes.length).to eq(5)
+      end
+    end
   end
 
   describe '.insert' do

data/spec/unit/puppet-lint/plugins/check_whitespace/trailing_whitespace_spec.rb

@@ -105,5 +105,17 @@ describe 'trailing_whitespace' do
         expect(manifest).to eq(fixed)
       end
     end
+
+    context 'empty lines with nothing but whitespace' do
+      let(:code) { " \n " }
+
+      it 'detects problems with both empty lines' do
+        expect(problems).to have(2).problem
+      end
+
+      it 'fixes the manifest' do
+        expect(manifest).to eq("\n")
+      end
+    end
   end
 end

data/spec/unit/puppet-lint/plugins/legacy_facts/legacy_facts_spec.rb

@@ -0,0 +1,414 @@
+require 'spec_helper'
+
+describe 'legacy_facts' do
+  context 'with fix disabled' do
+    context "fact variable using modern $facts['os']['family'] hash" do
+      let(:code) { "$facts['os']['family']" }
+
+      it 'does not detect any problems' do
+        expect(problems).to have(0).problem
+      end
+    end
+
+    context "fact variable using modern $facts['ssh']['rsa']['key'] hash" do
+      let(:code) { "$facts['ssh']['rsa']['key']" }
+
+      it 'does not detect any problems' do
+        expect(problems).to have(0).problem
+      end
+    end
+
+    context 'fact variable using legacy $osfamily' do
+      let(:code) { '$osfamily' }
+
+      it 'does not detect any problems' do
+        expect(problems).to have(0).problem
+      end
+    end
+
+    context "fact variable using legacy $facts['osfamily']" do
+      let(:code) { "$facts['osfamily']" }
+
+      it 'onlies detect a single problem' do
+        expect(problems).to have(1).problem
+      end
+    end
+
+    context 'fact variable using legacy $::osfamily' do
+      let(:code) { '$::osfamily' }
+
+      it 'onlies detect a single problem' do
+        expect(problems).to have(1).problem
+      end
+    end
+
+    context 'fact variable using legacy $::blockdevice_sda_model' do
+      let(:code) { '$::blockdevice_sda_model' }
+
+      it 'onlies detect a single problem' do
+        expect(problems).to have(1).problem
+      end
+    end
+
+    context "fact variable using legacy $facts['ipaddress6_em2']" do
+      let(:code) { "$facts['ipaddress6_em2']" }
+
+      it 'onlies detect a single problem' do
+        expect(problems).to have(1).problem
+      end
+    end
+
+    context 'fact variable using legacy $::zone_foobar_uuid' do
+      let(:code) { '$::zone_foobar_uuid' }
+
+      it 'onlies detect a single problem' do
+        expect(problems).to have(1).problem
+      end
+    end
+
+    context 'fact variable using legacy $::processor314' do
+      let(:code) { '$::processor314' }
+
+      it 'onlies detect a single problem' do
+        expect(problems).to have(1).problem
+      end
+    end
+
+    context 'fact variable using legacy $::sp_l3_cache' do
+      let(:code) { '$::sp_l3_cache' }
+
+      it 'onlies detect a single problem' do
+        expect(problems).to have(1).problem
+      end
+    end
+
+    context 'fact variable using legacy $::sshrsakey' do
+      let(:code) { '$::sshrsakey' }
+
+      it 'onlies detect a single problem' do
+        expect(problems).to have(1).problem
+      end
+    end
+
+    context 'fact variable in interpolated string "${::osfamily}"' do
+      let(:code) { '"start ${::osfamily} end"' }
+
+      it 'onlies detect a single problem' do
+        expect(problems).to have(1).problem
+      end
+    end
+
+    context 'fact variable using legacy variable in double quotes "$::osfamily"' do
+      let(:code) { '"$::osfamily"' }
+
+      it 'onlies detect a single problem' do
+        expect(problems).to have(1).problem
+      end
+    end
+
+    context 'fact variable using legacy facts hash variable in interpolation' do
+      let(:code) { %("${facts['osfamily']}") }
+
+      it 'detects a single problem' do
+        expect(problems).to have(1).problem
+      end
+    end
+  end
+
+  context 'with fix enabled' do
+    before(:each) do
+      PuppetLint.configuration.fix = true
+    end
+
+    after(:each) do
+      PuppetLint.configuration.fix = false
+    end
+
+    context "fact variable using modern $facts['os']['family'] hash" do
+      let(:code) { "$facts['os']['family']" }
+
+      it 'does not detect any problems' do
+        expect(problems).to have(0).problem
+      end
+    end
+
+    context "fact variable using modern $facts['ssh']['rsa']['key'] hash" do
+      let(:code) { "$facts['ssh']['rsa']['key']" }
+
+      it 'does not detect any problems' do
+        expect(problems).to have(0).problem
+      end
+    end
+
+    context 'fact variable using legacy $osfamily' do
+      let(:code) { '$osfamily' }
+
+      it 'does not detect any problems' do
+        expect(problems).to have(0).problem
+      end
+    end
+
+    context "fact variable using legacy $facts['osfamily']" do
+      let(:code) { "$facts['osfamily']" }
+      let(:msg) { "legacy fact 'osfamily'" }
+
+      it 'onlies detect a single problem' do
+        expect(problems).to have(1).problem
+      end
+
+      it 'fixes the problem' do
+        expect(problems).to contain_fixed(msg).on_line(1).in_column(1)
+      end
+
+      it 'uses the facts hash' do
+        expect(manifest).to eq("$facts['os']['family']")
+      end
+    end
+
+    context 'fact variable using legacy $::osfamily' do
+      let(:code) { '$::osfamily' }
+      let(:msg) { "legacy fact 'osfamily'" }
+
+      it 'onlies detect a single problem' do
+        expect(problems).to have(1).problem
+      end
+
+      it 'fixes the problem' do
+        expect(problems).to contain_fixed(msg).on_line(1).in_column(1)
+      end
+
+      it 'uses the facts hash' do
+        expect(manifest).to eq("$facts['os']['family']")
+      end
+    end
+
+    context 'fact variable using legacy $::sshrsakey' do
+      let(:code) { '$::sshrsakey' }
+      let(:msg) { "legacy fact 'sshrsakey'" }
+
+      it 'onlies detect a single problem' do
+        expect(problems).to have(1).problem
+      end
+
+      it 'fixes the problem' do
+        expect(problems).to contain_fixed(msg).on_line(1).in_column(1)
+      end
+
+      it 'uses the facts hash' do
+        expect(manifest).to eq("$facts['ssh']['rsa']['key']")
+      end
+    end
+
+    context 'fact variable using legacy $::memoryfree_mb' do
+      let(:code) { '$::memoryfree_mb' }
+
+      it 'onlies detect a single problem' do
+        expect(problems).to have(1).problem
+      end
+
+      it 'continues to use the legacy fact' do
+        expect(manifest).to eq('$::memoryfree_mb')
+      end
+    end
+
+    context 'fact variable using legacy $::blockdevice_sda_model' do
+      let(:code) { '$::blockdevice_sda_model' }
+
+      it 'onlies detect a single problem' do
+        expect(problems).to have(1).problem
+      end
+      it 'uses the facts hash' do
+        expect(manifest).to eq("$facts['disks']['sda']['model']")
+      end
+    end
+
+    context "fact variable using legacy $facts['ipaddress6_em2']" do
+      let(:code) { "$facts['ipaddress6_em2']" }
+
+      it 'onlies detect a single problem' do
+        expect(problems).to have(1).problem
+      end
+      it 'uses the facts hash' do
+        expect(manifest).to eq("$facts['networking']['interfaces']['em2']['ip6']")
+      end
+    end
+
+    context 'fact variable using legacy $::zone_foobar_uuid' do
+      let(:code) { '$::zone_foobar_uuid' }
+
+      it 'onlies detect a single problem' do
+        expect(problems).to have(1).problem
+      end
+      it 'uses the facts hash' do
+        expect(manifest).to eq("$facts['solaris_zones']['zones']['foobar']['uuid']")
+      end
+    end
+
+    context 'fact variable using legacy $::processor314' do
+      let(:code) { '$::processor314' }
+
+      it 'onlies detect a single problem' do
+        expect(problems).to have(1).problem
+      end
+      it 'uses the facts hash' do
+        expect(manifest).to eq("$facts['processors']['models'][314]")
+      end
+    end
+
+    context 'fact variable using legacy $::sp_l3_cache' do
+      let(:code) { '$::sp_l3_cache' }
+
+      it 'onlies detect a single problem' do
+        expect(problems).to have(1).problem
+      end
+      it 'uses the facts hash' do
+        expect(manifest).to eq("$facts['system_profiler']['l3_cache']")
+      end
+    end
+
+    context 'fact variable using legacy $::sshrsakey' do
+      let(:code) { '$::sshrsakey' }
+
+      it 'onlies detect a single problem' do
+        expect(problems).to have(1).problem
+      end
+      it 'uses the facts hash' do
+        expect(manifest).to eq("$facts['ssh']['rsa']['key']")
+      end
+    end
+
+    context 'fact variable in interpolated string "${::osfamily}"' do
+      let(:code) { '"start ${::osfamily} end"' }
+
+      it 'onlies detect a single problem' do
+        expect(problems).to have(1).problem
+      end
+
+      it 'uses the facts hash' do
+        expect(manifest).to eq('"start '"${facts['os']['family']}"' end"') # rubocop:disable Lint/ImplicitStringConcatenation
+      end
+    end
+
+    context 'fact variable using legacy variable in double quotes "$::osfamily"' do
+      let(:code) { '"$::osfamily"' }
+
+      it 'onlies detect a single problem' do
+        expect(problems).to have(1).problem
+      end
+
+      it 'uses the facts hash' do
+        expect(manifest).to eq("\"$facts['os']['family']\"")
+      end
+    end
+    context 'fact variable using legacy variable in double quotes "$::gid"' do
+      let(:code) { '"$::gid"' }
+
+      it 'onlies detect a single problem' do
+        expect(problems).to have(1).problem
+      end
+
+      it 'uses the facts hash' do
+        expect(manifest).to eq("\"$facts['identity']['group']\"")
+      end
+    end
+    context 'fact variable using legacy variable in double quotes "$::id"' do
+      let(:code) { '"$::id"' }
+
+      it 'onlies detect a single problem' do
+        expect(problems).to have(1).problem
+      end
+
+      it 'uses the facts hash' do
+        expect(manifest).to eq("\"$facts['identity']['user']\"")
+      end
+    end
+    context 'fact variable using legacy variable in double quotes "$::lsbdistcodename"' do
+      let(:code) { '"$::lsbdistcodename"' }
+
+      it 'onlies detect a single problem' do
+        expect(problems).to have(1).problem
+      end
+
+      it 'uses the facts hash' do
+        expect(manifest).to eq("\"$facts['os']['distro']['codename']\"")
+      end
+    end
+    context 'fact variable using legacy variable in double quotes "$::lsbdistdescription"' do
+      let(:code) { '"$::lsbdistdescription"' }
+
+      it 'onlies detect a single problem' do
+        expect(problems).to have(1).problem
+      end
+
+      it 'uses the facts hash' do
+        expect(manifest).to eq("\"$facts['os']['distro']['description']\"")
+      end
+    end
+    context 'fact variable using legacy variable in double quotes "$::lsbdistid"' do
+      let(:code) { '"$::lsbdistid"' }
+
+      it 'onlies detect a single problem' do
+        expect(problems).to have(1).problem
+      end
+
+      it 'uses the facts hash' do
+        expect(manifest).to eq("\"$facts['os']['distro']['id']\"")
+      end
+    end
+    context 'fact variable using legacy variable in double quotes "$::lsbdistrelease"' do
+      let(:code) { '"$::lsbdistrelease"' }
+
+      it 'onlies detect a single problem' do
+        expect(problems).to have(1).problem
+      end
+
+      it 'uses the facts hash' do
+        expect(manifest).to eq("\"$facts['os']['distro']['release']['full']\"")
+      end
+    end
+    context 'fact variable using legacy variable in double quotes "$::lsbmajdistrelease"' do
+      let(:code) { '"$::lsbmajdistrelease"' }
+
+      it 'onlies detect a single problem' do
+        expect(problems).to have(1).problem
+      end
+
+      it 'uses the facts hash' do
+        expect(manifest).to eq("\"$facts['os']['distro']['release']['major']\"")
+      end
+    end
+    context 'fact variable using legacy variable in double quotes "$::lsbminordistrelease"' do
+      let(:code) { '"$::lsbminordistrelease"' }
+
+      it 'onlies detect a single problem' do
+        expect(problems).to have(1).problem
+      end
+
+      it 'uses the facts hash' do
+        expect(manifest).to eq("\"$facts['os']['distro']['release']['minor']\"")
+      end
+    end
+    context 'fact variable using legacy variable in double quotes "$::lsbrelease"' do
+      let(:code) { '"$::lsbrelease"' }
+
+      it 'onlies detect a single problem' do
+        expect(problems).to have(1).problem
+      end
+
+      it 'uses the facts hash' do
+        expect(manifest).to eq("\"$facts['os']['distro']['release']['specification']\"")
+      end
+    end
+    context "fact variable using facts hash in double quotes \"$facts['lsbrelease']\"" do
+      let(:code) { "\"${facts['lsbrelease']}\"" }
+
+      it 'onlies detect a single problem' do
+        expect(problems).to have(1).problem
+      end
+
+      it 'uses the facts hash' do
+        expect(manifest).to eq("\"${facts['os']['distro']['release']['specification']}\"")
+      end
+    end
+  end
+end

data/spec/unit/puppet-lint/plugins/top_scope_facts/top_scope_facts_spec.rb

@@ -0,0 +1,194 @@
+require 'spec_helper'
+
+describe 'top_scope_facts' do
+  let(:msg) { 'top scope fact instead of facts hash' }
+
+  context 'with fix disabled' do
+    context 'fact variable using $facts hash' do
+      let(:code) { "$facts['operatingsystem']" }
+
+      it 'does not detect any problems' do
+        expect(problems).to have(0).problem
+      end
+    end
+    context 'non-fact variable with two colons' do
+      let(:code) { '$foo::bar' }
+
+      it 'does not detect any problems' do
+        expect(problems).to have(0).problem
+      end
+    end
+
+    context 'top scope $::facts hash' do
+      let(:code) { "$::facts['os']['family']" }
+
+      it 'does not detect any problems' do
+        expect(problems).to have(0).problem
+      end
+    end
+
+    context 'top scope $::trusted hash' do
+      let(:code) { "$::trusted['certname']" }
+
+      it 'does not detect any problems' do
+        expect(problems).to have(0).problem
+      end
+    end
+
+    context 'fact variable using top scope' do
+      let(:code) { '$::operatingsystem' }
+
+      it 'onlies detect a single problem' do
+        expect(problems).to have(1).problem
+      end
+
+      it 'creates a warning' do
+        expect(problems).to contain_warning(msg).on_line(1).in_column(1)
+      end
+    end
+
+    context 'fact variable using top scope with curly braces in double quote' do
+      let(:code) { '"${::operatingsystem}"' }
+
+      it 'onlies detect a single problem' do
+        expect(problems).to have(1).problem
+      end
+
+      it 'creates a warning' do
+        expect(problems).to contain_warning(msg).on_line(1).in_column(4)
+      end
+    end
+
+    context 'out of scope namespaced variable with leading ::' do
+      let(:code) { '$::profile::foo::bar' }
+
+      it 'does not detect any problems' do
+        expect(problems).to have(0).problem
+      end
+
+      context 'inside double quotes' do
+        let(:code) { '"$::profile::foo::bar"' }
+
+        it 'does not detect any problems' do
+          expect(problems).to have(0).problem
+        end
+      end
+
+      context 'with curly braces in double quote' do
+        let(:code) { '"${::profile::foo::bar}"' }
+
+        it 'does not detect any problems' do
+          expect(problems).to have(0).problem
+        end
+      end
+    end
+  end
+
+  context 'with fix enabled' do
+    before(:each) do
+      PuppetLint.configuration.fix = true
+    end
+
+    after(:each) do
+      PuppetLint.configuration.fix = false
+    end
+
+    context 'fact variable using $facts hash' do
+      let(:code) { "$facts['operatingsystem']" }
+
+      it 'does not detect any problems' do
+        expect(problems).to have(0).problem
+      end
+    end
+
+    context 'non-fact variable with two colons' do
+      let(:code) { '$foo::bar' }
+
+      it 'does not detect any problems' do
+        expect(problems).to have(0).problem
+      end
+    end
+
+    context 'top scope $::facts hash' do
+      let(:code) { "$::facts['os']['family']" }
+
+      it 'does not detect any problems' do
+        expect(problems).to have(0).problem
+      end
+    end
+
+    context 'top scope $::trusted hash' do
+      let(:code) { "$::trusted['certname']" }
+
+      it 'does not detect any problems' do
+        expect(problems).to have(0).problem
+      end
+    end
+
+    context 'fact variable using top scope' do
+      let(:code) { '$::operatingsystem' }
+
+      it 'onlies detect a single problem' do
+        expect(problems).to have(1).problem
+      end
+
+      it 'fixes the problem' do
+        expect(problems).to contain_fixed(msg).on_line(1).in_column(1)
+      end
+
+      it 'shoulds use the facts hash' do
+        expect(manifest).to eq("$facts['operatingsystem']")
+      end
+    end
+
+    context 'fact variable using top scope with curly braces in double quote' do
+      let(:code) { '"${::operatingsystem}"' }
+
+      it 'fixes the problem' do
+        expect(problems).to contain_fixed(msg).on_line(1).in_column(4)
+      end
+
+      it 'shoulds use the facts hash' do
+        expect(manifest).to eq('"${facts[\'operatingsystem\']}"')
+      end
+    end
+
+    context 'with custom top scope fact variables' do
+      before(:each) do
+        PuppetLint.configuration.top_scope_variables = ['location', 'role']
+      end
+
+      context 'fact variable using $facts hash' do
+        let(:code) { "$facts['operatingsystem']" }
+
+        it 'does not detect any problems' do
+          expect(problems).to have(0).problem
+        end
+      end
+
+      context 'fact variable using $trusted hash' do
+        let(:code) { "$trusted['certname']" }
+
+        it 'does not detect any problems' do
+          expect(problems).to have(0).problem
+        end
+      end
+
+      context 'whitelisted top scope variable $::location' do
+        let(:code) { '$::location' }
+
+        it 'does not detect any problems' do
+          expect(problems).to have(0).problem
+        end
+      end
+
+      context 'non-whitelisted top scope variable $::application' do
+        let(:code) { '$::application' }
+
+        it 'does not detect any problems' do
+          expect(problems).to have(1).problem
+        end
+      end
+    end
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: puppet-lint
 version: !ruby/object:Gem::Version
-  version: 3.0.1
+  version: 3.1.0
 platform: ruby
 authors:
 - Tim Sharpe
@@ -10,10 +10,10 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-10-20 00:00:00.000000000 Z
+date: 2023-02-28 00:00:00.000000000 Z
 dependencies: []
 description: "    Checks your Puppet manifests against the Puppetlabs style guide
-  and alerts you to any discrepancies.'\n"
+  and alerts you to any discrepancies.\n"
 email:
 - tim@sharpe.id.au
 - modules-team@puppet.com
@@ -22,7 +22,6 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
-- ".rubocop.yml"
 - LICENSE
 - README.md
 - bin/puppet-lint
@@ -76,12 +75,15 @@ files:
 - lib/puppet-lint/plugins/check_whitespace/hard_tabs.rb
 - lib/puppet-lint/plugins/check_whitespace/line_length.rb
 - lib/puppet-lint/plugins/check_whitespace/trailing_whitespace.rb
+- lib/puppet-lint/plugins/legacy_facts/legacy_facts.rb
+- lib/puppet-lint/plugins/top_scope_facts/top_scope_facts.rb
 - lib/puppet-lint/report/github.rb
 - lib/puppet-lint/report/sarif_template.json
 - lib/puppet-lint/tasks/gemfile_rewrite.rb
 - lib/puppet-lint/tasks/puppet-lint.rb
 - lib/puppet-lint/tasks/release_test.rb
 - lib/puppet-lint/version.rb
+- rubocop_baseline.yml
 - spec/acceptance/puppet_lint_spec.rb
 - spec/fixtures/test/manifests/fail.pp
 - spec/fixtures/test/manifests/ignore.pp
@@ -143,6 +145,8 @@ files:
 - spec/unit/puppet-lint/plugins/check_whitespace/arrow_alignment_spec.rb
 - spec/unit/puppet-lint/plugins/check_whitespace/hard_tabs_spec.rb
 - spec/unit/puppet-lint/plugins/check_whitespace/trailing_whitespace_spec.rb
+- spec/unit/puppet-lint/plugins/legacy_facts/legacy_facts_spec.rb
+- spec/unit/puppet-lint/plugins/top_scope_facts/top_scope_facts_spec.rb
 - spec/unit/puppet-lint/puppet-lint_spec.rb
 homepage: https://github.com/puppetlabs/puppet-lint/
 licenses:
@@ -156,7 +160,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.7'
+      version: '2.5'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="