puppet 5.5.19-x64-mingw32 → 5.5.20-x64-mingw32

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bbdc9022ebb6dbcddbb1a017377a155518f1089956012b5127ed981c98b093a1
-  data.tar.gz: 40de149caf35ef7ef37568c01c7a877d14c9ca5a7fdaccf47ec9abd0a8886786
+  metadata.gz: 4b08a25a4dcd9ec30abc71dc865d34ef9f9bd9868db27c478e9110cc6a95d0ef
+  data.tar.gz: 4727e82928817dec0943a38c0892c825040845be5139f05b2f21f52eef52e12f
 SHA512:
-  metadata.gz: d602ae394d659619c5edd0809e38b64b2a50fad708f54f585762d57292c67af24773019e03e558ba43740b8305bb22cf63406b4cb7f4cf1e823ea782db031249
-  data.tar.gz: 4a47a57a806efe97093bc4d37912e8898bc610269885ab7bda6279b1afbd8170ccb7c3b5999fb2db63bdc0dbcaa922d6ffb4be5e7d854334859cc62b10a66d8f
+  metadata.gz: 57f735ccdce45aca09dc5a3290cdece2d670f926f1a80d4040fe5d614cac7f71e19636c76a8b56a8aa15a3dbdcbce9d386588f3399372c6b156177be37d72429
+  data.tar.gz: 707e45ecc4abee5f16b1e60008b882e9816a1f658137a9bfcd98a1af5682717eb74619d37cfeec5e4d21c7f5a44007ca621591c32be9ee422b99d5618949ca34

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    puppet (5.5.19)
+    puppet (5.5.20)
       CFPropertyList (~> 2.2)
       facter (>= 2.4.0, < 4)
       fast_gettext (~> 1.1.2)
@@ -46,25 +46,25 @@ GEM
       addressable (>= 2.4)
     locale (2.1.3)
     memory_profiler (0.9.14)
-    method_source (0.9.2)
+    method_source (1.0.0)
     mocha (1.11.2)
     msgpack (1.3.3)
     multi_json (1.14.1)
     mustache (1.1.1)
     net-ssh (4.2.0)
-    optimist (3.0.0)
-    packaging (0.99.58)
+    optimist (3.0.1)
+    packaging (0.99.61)
       artifactory (~> 2)
       rake (>= 12.3)
       release-metrics
     parallel (1.19.1)
-    parser (2.7.0.4)
+    parser (2.7.1.1)
       ast (~> 2.4.0)
     pathspec (0.2.1)
     powerpack (0.1.2)
-    pry (0.12.2)
-      coderay (~> 1.1.0)
-      method_source (~> 0.9.0)
+    pry (0.13.1)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
     puppet-lint (2.4.2)
     puppet-syntax (2.6.1)
       puppet (>= 5)
@@ -97,7 +97,7 @@ GEM
       rspec-expectations (>= 2.99.0.beta1)
     rspec-core (3.9.1)
       rspec-support (~> 3.9.1)
-    rspec-expectations (3.9.0)
+    rspec-expectations (3.9.1)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.9.0)
     rspec-its (1.3.0)
@@ -120,11 +120,11 @@ GEM
       unicode-display_width (~> 1.0, >= 1.0.1)
     rubocop-i18n (1.2.0)
       rubocop (~> 0.49.0)
-    ruby-prof (1.3.0)
+    ruby-prof (1.3.2)
     ruby-progressbar (1.10.1)
     safe_yaml (1.0.5)
     text (1.3.1)
-    unicode-display_width (1.6.1)
+    unicode-display_width (1.7.0)
     vcr (2.9.3)
     webmock (1.24.6)
       addressable (>= 2.3.6)

data/lib/puppet/agent.rb

@@ -95,11 +95,9 @@ class Puppet::Agent
         atForkHandler.child
         $0 = _("puppet agent: applying configuration")
         begin
-          exit(yield)
-        rescue SystemExit
-          exit(-1)
+          exit(yield || 1)
         rescue NoMemoryError
-          exit(-2)
+          exit(254)
         end
       end
     ensure
@@ -107,12 +105,6 @@ class Puppet::Agent
     end
 
     exit_code = Process.waitpid2(child_pid)
-    case exit_code[1].exitstatus
-    when -1
-      raise SystemExit
-    when -2
-      raise NoMemoryError
-    end
     exit_code[1].exitstatus
   end
 

data/lib/puppet/functions/reduce.rb

@@ -39,11 +39,9 @@
 # values to the lambda.
 #
 # Puppet calls the lambda for each of the data structure's remaining values. For each
-# call, it passes the result of the previous call as the first parameter ($memo in the
+# call, it passes the result of the previous call as the first parameter (`$memo` in the
 # above examples) and the next value from the data structure as the second parameter
-# ($value).
-#
-# If the structure has one value, Puppet returns the value and does not call the lambda.
+# (`$value`).
 #
 # @example Using the `reduce` function
 #

data/lib/puppet/provider/group/windows_adsi.rb

@@ -24,7 +24,7 @@ Puppet::Type.type(:group).provide :windows_adsi do
     # since the default array_matching comparison is not commutative
 
     # dupes automatically weeded out when hashes built
-    current_members = Puppet::Util::Windows::ADSI::Group.name_sid_hash(current)
+    current_members = Puppet::Util::Windows::ADSI::Group.name_sid_hash(current, true)
     specified_members = Puppet::Util::Windows::ADSI::Group.name_sid_hash(should)
 
     current_sids = current_members.keys.to_a
@@ -52,7 +52,7 @@ Puppet::Type.type(:group).provide :windows_adsi do
         account = sid.account
       end
       resource.debug("#{sid.domain}\\#{account} (#{sid.sid})")
-      "#{sid.domain}\\#{account}"
+      sid.domain ? "#{sid.domain}\\#{account}" : account
     end
     return users.join(',')
   end
@@ -66,7 +66,7 @@ Puppet::Type.type(:group).provide :windows_adsi do
   end
 
   def members
-    @members ||= Puppet::Util::Windows::ADSI::Group.name_sid_hash(group.members)
+    @members ||= Puppet::Util::Windows::ADSI::Group.name_sid_hash(group.members, true)
 
     # @members.keys returns an array of SIDs. We need to convert those SIDs into
     # names so that `puppet resource` prints the right output.

data/lib/puppet/provider/package/aix.rb

@@ -29,6 +29,15 @@ Puppet::Type.type(:package).provide :aix, :parent => Puppet::Provider::Package d
 
   attr_accessor   :latest_info
 
+  STATE_CODE = {
+    'A' => :applied,
+    'B' => :broken,
+    'C' => :committed,
+    'E' => :efix_locked,
+    'O' => :obsolete,
+    '?' => :inconsistent,
+  }.freeze
+
   def self.srclistcmd(source)
     [ command(:installp), "-L", "-d", source ]
   end
@@ -96,6 +105,11 @@ Puppet::Type.type(:package).provide :aix, :parent => Puppet::Provider::Package d
     if output =~ /^#{Regexp.escape(@resource[:name])}\s+.*\s+Already superseded by.*$/
       self.fail _("aix package provider is unable to downgrade packages")
     end
+
+    pkg_info = query
+    if pkg_info && [:broken, :inconsistent].include?(pkg_info[:status])
+      self.fail _("Package '%{name}' is in a %{status} state and requires manual intervention") % { name: @resource[:name], status: pkg_info[:status] }
+    end
   end
 
   def self.pkglist(hash = {})
@@ -106,8 +120,9 @@ Puppet::Type.type(:package).provide :aix, :parent => Puppet::Provider::Package d
     end
 
     begin
-      list = execute(cmd).scan(/^[^#][^:]*:([^:]*):([^:]*)/).collect { |n,e|
-        { :name => n, :ensure => e, :provider => self.name }
+      list = execute(cmd).scan(/^[^#][^:]*:([^:]*):([^:]*):[^:]*:[^:]*:([^:])/).collect { |n,e,s|
+        e = :absent if [:broken, :inconsistent].include?(STATE_CODE[s])
+        { :name => n, :ensure => e, :status => STATE_CODE[s], :provider => self.name }
       }
     rescue Puppet::ExecutionFailure => detail
       if hash[:pkgname]

data/lib/puppet/provider/package/dnfmodule.rb

@@ -34,14 +34,22 @@ Puppet::Type.type(:package).provide :dnfmodule, :parent => :dnf do
 
   def self.instances
     packages = []
-    cmd = "#{command(:dnf)} module list --installed -d 0 -e #{error_level}"
+    cmd = "#{command(:dnf)} module list --enabled -d 0 -e #{error_level}"
     execute(cmd).each_line do |line|
-      next unless line =~ /\[i\][, ]/  # get rid of non-package lines (including last Hint line)
-      line.gsub!(/\[[de]\]/, '')  # we don't care about default/enabled flags
+      # select only lines with actual packages since DNF clutters the output
+      next unless line =~ /\[[ei]\][, ]/
+      line.gsub!(/\[d\]/, '')  # we don't care about the default flag
+
+      flavor = if line.include?('[i]')
+                 line.split('[i]').first.split.last
+               else
+                 :absent
+               end
+
       packages << new(
         name: line.split[0],
         ensure: line.split[1],
-        flavor: line.split('[i]').first.split.last,  # this is nasty
+        flavor: flavor,
         provider: name
       )
     end
@@ -55,28 +63,43 @@ Puppet::Type.type(:package).provide :dnfmodule, :parent => :dnf do
     pkg ? pkg.properties : nil
   end
 
-  def reset
-    execute([command(:dnf), 'module', 'reset', '-d', '0', '-e', self.class.error_level, '-y', @resource[:name]])
-  end
-
   # to install specific streams and profiles:
   # $ dnf module install module-name:stream/profile
   # $ dnf module install perl:5.24/minimal
   # if unspecified, they will be defaulted (see [d] param in dnf module list output)
   def install
-    args = @resource[:name]
     # ensure we start fresh (remove existing stream)
     uninstall unless [:absent, :purged].include?(@property_hash[:ensure])
+
+    args = @resource[:name].dup
     case @resource[:ensure]
     when true, false, Symbol
       # pass
     else
       args << ":#{@resource[:ensure]}"
     end
-    if @resource[:flavor]
-      args << "/#{@resource[:flavor]}"
+    args << "/#{@resource[:flavor]}" if @resource[:flavor]
+
+    if @resource[:enable_only] == true
+      enable(args)
+    else
+      begin
+        execute([command(:dnf), 'module', 'install', '-d', '0', '-e', self.class.error_level, '-y', args])
+      rescue Puppet::ExecutionFailure => e
+        # module has no default profile and no profile was requested, so just enable the stream
+        # DNF versions prior to 4.2.8 do not need this workaround
+        # see https://bugzilla.redhat.com/show_bug.cgi?id=1669527
+        if @resource[:flavor] == nil && e.message =~ /^missing groups or modules: #{Regexp.quote(@resource[:name])}$/
+          enable(args)
+        else
+          raise
+        end
+      end
     end
-    execute([command(:dnf), 'module', 'install', '-d', '0', '-e', self.class.error_level, '-y', args])
+  end
+
+  def enable(args = @resource[:name])
+    execute([command(:dnf), 'module', 'enable', '-d', '0', '-e', self.class.error_level, '-y', args])
   end
 
   def uninstall
@@ -84,6 +107,10 @@ Puppet::Type.type(:package).provide :dnfmodule, :parent => :dnf do
     reset  # reset module to the default stream
   end
 
+  def reset
+    execute([command(:dnf), 'module', 'reset', '-d', '0', '-e', self.class.error_level, '-y', @resource[:name]])
+  end
+
   def flavor
     @property_hash[:flavor]
   end

data/lib/puppet/provider/package/pkgdmg.rb

@@ -102,7 +102,7 @@ Puppet::Type.type(:package).provide :pkgdmg, :parent => Puppet::Provider::Packag
       if source =~ /\.dmg$/i
         # If you fix this to use open-uri again, you must update the docs above. -NF
         File.open(cached_source) do |dmg|
-          xml_str = hdiutil "mount", "-plist", "-nobrowse", "-readonly", "-noidme", "-mountrandom", "/tmp", dmg.path
+          xml_str = hdiutil "mount", "-plist", "-nobrowse", "-readonly", "-mountrandom", "/tmp", dmg.path
           hdiutil_info = Puppet::Util::Plist.parse_plist(xml_str)
           raise Puppet::Error.new(_("No disk entities returned by mount at %{path}") % { path: dmg.path }) unless hdiutil_info.has_key?("system-entities")
           mounts = hdiutil_info["system-entities"].collect { |entity|

data/lib/puppet/provider/package/pkgng.rb

@@ -11,6 +11,7 @@ Puppet::Type.type(:package).provide :pkgng, :parent => Puppet::Provider::Package
 
   has_feature :versionable
   has_feature :upgradeable
+  has_feature :install_options
 
   def self.get_query
     pkg(['query', '-a', '%n %v %o'])
@@ -22,7 +23,11 @@ Puppet::Type.type(:package).provide :pkgng, :parent => Puppet::Provider::Package
 
   def self.get_latest_version(origin, version_list)
     if latest_version = version_list.lines.find { |l| l =~ /^#{origin} / }
-      latest_version = latest_version.split(' ').last.split(')').first
+      _name, compare, status = latest_version.chomp.split(' ', 3)
+      if ['!', '?'].include?(compare)
+        return nil
+      end
+      latest_version = status.split(' ').last.split(')').first
       return latest_version
     end
     nil
@@ -97,13 +102,16 @@ Puppet::Type.type(:package).provide :pkgng, :parent => Puppet::Provider::Package
     end
 
     if not source # install using default repo logic
-      args = ['install', '-qy', installname]
+      args = ['install', '-qy']
     elsif source.scheme == 'urn' # install from repo named in URN
       tag = repo_tag_from_urn(source.to_s)
-      args = ['install', '-qy', '-r', tag, installname]
+      args = ['install', '-qy', '-r', tag]
     else # add package located at URL
-      args = ['add', '-q', source.to_s]
+      args = ['add', '-q']
+      installname = source.to_s
     end
+    args += install_options if @resource[:install_options]
+    args << installname
 
     pkg(args)
   end
@@ -140,4 +148,8 @@ Puppet::Type.type(:package).provide :pkgng, :parent => Puppet::Provider::Package
     @property_hash[:origin]
   end
 
+  def install_options
+    join_options(@resource[:install_options])
+  end
+
 end

data/lib/puppet/provider/package/yum.rb

@@ -25,6 +25,8 @@ Puppet::Type.type(:package).provide :yum, :parent => :rpm, :source => :rpm do
 
   defaultfor :osfamily => :redhat
 
+  VERSION_REGEX = /^(?:(\d+):)?(\S+)-(\S+)$/
+
   def self.prefetch(packages)
     raise Puppet::Error, _("The yum provider can only be used as root") if Process.euid != 0
     super
@@ -86,23 +88,24 @@ Puppet::Type.type(:package).provide :yum, :parent => :rpm, :source => :rpm do
   end
 
   def self.parse_updates(str)
-    # Strip off all content before the first blank line
-    body = str.partition(/^\s*\n/m).last
+    # Strip off all content that contains Obsoleting, Security: or Update
+    body = str.partition(/^(Obsoleting|Security:|Update)/).first
 
     updates = Hash.new { |h, k| h[k] = [] }
-    body.split.each_slice(3) do |tuple|
-      break if tuple[0] =~ /^(Obsoleting|Security:|Update)/
-      break unless tuple[1] =~ /^(?:(\d+):)?(\S+)-(\S+)$/
-      hash = update_to_hash(*tuple[0..1])
-      # Create entries for both the package name without a version and a
-      # version since yum considers those as mostly interchangeable.
-      short_name = hash[:name]
-      long_name  = "#{hash[:name]}.#{hash[:arch]}"
-
-      updates[short_name] << hash
-      updates[long_name] << hash
-    end
 
+    body.split(/^\s*\n/).each do |line|
+      line.split.each_slice(3) do |tuple|
+        next unless tuple[0].include?('.') && tuple[1] =~ VERSION_REGEX
+
+        hash = update_to_hash(*tuple[0..1])
+        # Create entries for both the package name without a version and a
+        # version since yum considers those as mostly interchangeable.
+        short_name = hash[:name]
+        long_name  = "#{hash[:name]}.#{hash[:arch]}"
+        updates[short_name] << hash
+        updates[long_name] << hash
+      end
+    end
     updates
   end
 
@@ -117,7 +120,7 @@ Puppet::Type.type(:package).provide :yum, :parent => :rpm, :source => :rpm do
       raise _("Failed to parse package name and architecture from '%{pkgname}'") % { pkgname: pkgname }
     end
 
-    match = pkgversion.match(/^(?:(\d+):)?(\S+)-(\S+)$/)
+    match = pkgversion.match(VERSION_REGEX)
     epoch = match[1] || '0'
     version = match[2]
     release = match[3]

data/lib/puppet/provider/selmodule/semodule.rb

@@ -20,14 +20,7 @@ Puppet::Type.type(:selmodule).provide(:semodule) do
 
   def exists?
     self.debug "Checking for module #{@resource[:name]}"
-    execpipe("#{command(:semodule)} --list") do |out|
-      out.each_line do |line|
-        if line =~ /^#{@resource[:name]}\b/
-          return :true
-        end
-      end
-    end
-    nil
+    return selmodules_loaded.has_key?(@resource[:name])
   end
 
   def syncversion
@@ -35,7 +28,7 @@ Puppet::Type.type(:selmodule).provide(:semodule) do
 
     loadver = selmodversion_loaded
 
-    if(loadver) then
+    if (loadver) then
       filever = selmodversion_file
       if (filever == loadver)
         return :true
@@ -44,7 +37,7 @@ Puppet::Type.type(:selmodule).provide(:semodule) do
     :false
   end
 
-  def syncversion= (dosync)
+  def syncversion=(dosync)
       execoutput("#{command(:semodule)} --upgrade #{selmod_name_to_filename}")
   rescue Puppet::ExecutionFailure => detail
       raise Puppet::Error, "Could not upgrade policy module: #{detail}", detail.backtrace
@@ -52,7 +45,7 @@ Puppet::Type.type(:selmodule).provide(:semodule) do
 
   # Helper functions
 
-  def execoutput (cmd)
+  def execoutput(cmd)
     output = ''
     begin
       execpipe(cmd) do |out|
@@ -72,7 +65,7 @@ Puppet::Type.type(:selmodule).provide(:semodule) do
     end
   end
 
-  def selmod_readnext (handle)
+  def selmod_readnext(handle)
     len = handle.read(4).unpack('V')[0]
     handle.read(len)
   end
@@ -118,23 +111,47 @@ Puppet::Type.type(:selmodule).provide(:semodule) do
   end
 
   def selmodversion_loaded
-    selmod_output = []
-    selmodule_cmd = "#{command(:semodule)} --list"
-    begin
-      execpipe(selmodule_cmd) do |output|
-        output.each_line do |line|
-          line.chomp!
-          selmod_output << line
-          bits = line.split
-          if bits[0] == @resource[:name]
-            self.debug "load version #{bits[1]}"
-            return bits[1]
+    selmodules_loaded[@resource[:name]]
+  end
+
+  def selmodules_loaded
+    self.class.selmodules_loaded
+  end
+
+  # Extend Class
+
+  class << self
+    attr_accessor :loaded_modules
+  end
+
+  # Prefetch loaded selinux modules.
+  def self.prefetch(resources)
+    selmodules_loaded
+  end
+
+  def self.selmodules_loaded
+    if self.loaded_modules.nil?
+      self.debug "Fetching loaded selinux modules"
+      modules = {}
+      selmodule_cmd = "#{command(:semodule)} --list"
+      output = []
+      begin
+        execpipe(selmodule_cmd) do |pipe|
+          pipe.each_line do |line|
+            line.chomp!
+            output << line
+            name, version = line.split
+            modules[name] = version
           end
         end
+        self.loaded_modules = modules
+      rescue Puppet::ExecutionFailure
+        raise Puppet::Error,
+              _('Could not list policy modules: "%{selmodule_command}" failed with "%{selmod_output}"') %
+                { selmodule_command: selmodule_cmd, selmod_output: output.join(' ') },
+              $ERROR_INFO.backtrace
       end
-    rescue Puppet::ExecutionFailure
-      raise Puppet::ExecutionFailure, _("Could not list policy modules: \"%{selmodule_command}\" failed with \"%{selmod_output}\"") % { selmodule_command: selmodule_cmd, selmod_output: selmod_output.join(' ') }
     end
-    nil
+    self.loaded_modules
   end
 end