puppet 6.10.1 → 6.11.0

data/lib/puppet/functions.rb

@@ -624,8 +624,7 @@ module Puppet::Functions
       # Get location to use in case of error - this produces ruby filename and where call to 'type' occurred
       # but strips off the rest of the internal "where" as it is not meaningful to user.
       #
-      rb_location = caller[0]
-
+      rb_location = caller(1, 1).first
       begin
         result = parser.parse_string("type #{assignment_string}", nil)
       rescue StandardError => e

data/lib/puppet/gettext/module_translations.rb

@@ -11,7 +11,7 @@ module Puppet::ModuleTranslations
     modules.each do |mod|
       next unless mod.forge_name && mod.has_translations?(Puppet::GettextConfig.current_locale)
 
-      module_name = mod.forge_name.gsub('/', '-')
+      module_name = mod.forge_name.tr('/', '-')
       if Puppet::GettextConfig.load_translations(module_name, mod.locale_directory, :po)
         Puppet.debug "Loaded translations for #{module_name}."
       elsif Puppet::GettextConfig.gettext_loaded?

data/lib/puppet/graph/rb_tree_map.rb

@@ -213,8 +213,8 @@ class Puppet::Graph::RbTreeMap
           :color => @color,
         }
       }
-      h.merge!(:left => left.to_hash) if @left
-      h.merge!(:right => right.to_hash) if @right
+      h[:left] = left.to_hash if @left
+      h[:right] = right.to_hash if @right
       h
     end
 

data/lib/puppet/graph/simple_graph.rb

@@ -133,11 +133,12 @@ class Puppet::Graph::SimpleGraph
         else
           if s[:lowlink][vertex] == s[:index][vertex] then
             this_scc = []
-            begin
+            loop do
               top = s[:stack].pop
               s[:seen][top] = false
               this_scc << top
-            end until top == vertex
+              break if top == vertex
+            end
             s[:scc] << this_scc
           end
           recur.pop               # done with this node, finally.
@@ -438,7 +439,7 @@ class Puppet::Graph::SimpleGraph
   # rdot.rb. If an edge or vertex label is a kind of Hash then the keys
   # which match +dot+ properties will be used as well.
   def to_dot_graph(params = {})
-    params['name'] ||= self.class.name.gsub(/:/,'_')
+    params['name'] ||= self.class.name.tr(':','_')
     fontsize   = params['fontsize'] ? params['fontsize'] : '8'
     graph      = (directed? ? DOT::DOTDigraph : DOT::DOTSubgraph).new(params)
     edge_klass = directed? ? DOT::DOTDirectedEdge : DOT::DOTEdge

data/lib/puppet/http.rb

@@ -0,0 +1,29 @@
+module Puppet
+  module Network
+    module HTTP
+      require 'puppet/network/http/site'
+      require 'puppet/network/http/session'
+      require 'puppet/network/http/factory'
+      require 'puppet/network/http/base_pool'
+      require 'puppet/network/http/nocache_pool'
+      require 'puppet/network/http/pool'
+      require 'puppet/network/resolver'
+    end
+  end
+
+  module HTTP
+    ACCEPT_ENCODING = "gzip;q=1.0,deflate;q=0.6,identity;q=0.3".freeze
+
+    require 'puppet/http/errors'
+    require 'puppet/http/response'
+    require 'puppet/http/service'
+    require 'puppet/http/service/ca'
+    require 'puppet/http/session'
+    require 'puppet/http/resolver'
+    require 'puppet/http/resolver/settings'
+    require 'puppet/http/resolver/srv'
+    require 'puppet/http/client'
+    require 'puppet/http/redirector'
+    require 'puppet/http/retry_after_handler'
+  end
+end

data/lib/puppet/http/client.rb

@@ -0,0 +1,156 @@
+class Puppet::HTTP::Client
+  def initialize(pool: Puppet::Network::HTTP::Pool.new, ssl_context: nil, redirect_limit: 10, retry_limit: 100)
+    @pool = pool
+    @default_headers = {
+      'X-Puppet-Version' => Puppet.version,
+      'User-Agent' => Puppet[:http_user_agent],
+    }.freeze
+    @default_ssl_context = ssl_context
+    @redirector = Puppet::HTTP::Redirector.new(redirect_limit)
+    @retry_after_handler = Puppet::HTTP::RetryAfterHandler.new(retry_limit, Puppet[:runinterval])
+    @resolvers = build_resolvers
+  end
+
+  def create_session
+    Puppet::HTTP::Session.new(self, @resolvers)
+  end
+
+  def connect(uri, ssl_context: nil, &block)
+    ctx = ssl_context ? ssl_context : default_ssl_context
+    site = Puppet::Network::HTTP::Site.from_uri(uri)
+    verifier = Puppet::SSL::Verifier.new(site.host, ctx)
+
+    @pool.with_connection(site, verifier) do |http|
+      if block_given?
+        handle_post_connect(uri, http, &block)
+      end
+    end
+  rescue Puppet::HTTP::HTTPError
+    raise
+  rescue => e
+    raise Puppet::HTTP::ConnectionError.new(_("Failed to connect to %{uri}: %{message}") % {uri: uri, message: e.message}, e)
+  end
+
+  def get(url, headers: {}, params: {}, ssl_context: nil, user: nil, password: nil, &block)
+    query = encode_params(params)
+    unless query.empty?
+      url = url.dup
+      url.query = query
+    end
+
+    request = Net::HTTP::Get.new(url, @default_headers.merge(headers))
+
+    execute_streaming(request, ssl_context: ssl_context, user: user, password: password) do |response|
+      if block_given?
+        yield response
+      else
+        response.read_body
+      end
+    end
+  end
+
+  def put(url, headers: {}, params: {}, content_type:, body:, ssl_context: nil, user: nil, password: nil)
+    query = encode_params(params)
+    unless query.empty?
+      url = url.dup
+      url.query = query
+    end
+
+    request = Net::HTTP::Put.new(url, @default_headers.merge(headers))
+    request.body = body
+    request['Content-Length'] = body.bytesize
+    request['Content-Type'] = content_type
+
+    execute_streaming(request, ssl_context: ssl_context, user: user, password: password) do |response|
+      response.read_body
+    end
+  end
+
+  def close
+    @pool.close
+  end
+
+  private
+
+  def execute_streaming(request, ssl_context:, user: nil, password: nil, &block)
+    redirects = 0
+    retries = 0
+
+    loop do
+      connect(request.uri, ssl_context: ssl_context) do |http|
+        apply_auth(request, user, password)
+
+        http.request(request) do |nethttp|
+          response = Puppet::HTTP::Response.new(nethttp)
+          begin
+            Puppet.debug("HTTP #{request.method.upcase} #{request.uri} returned #{response.code} #{response.reason}")
+
+            if @redirector.redirect?(request, response)
+              request = @redirector.redirect_to(request, response, redirects)
+              redirects += 1
+              next
+            elsif @retry_after_handler.retry_after?(request, response)
+              interval = @retry_after_handler.retry_after_interval(request, response, retries)
+              retries += 1
+              if interval
+                Puppet.warning(_("Sleeping for %{interval} seconds before retrying the request") % { interval: interval })
+                ::Kernel.sleep(interval)
+                next
+              end
+            end
+
+            yield response
+          ensure
+            response.drain
+          end
+
+          return response
+        end
+      end
+    end
+  end
+
+  def encode_params(params)
+    params.map do |key, value|
+      "#{key}=#{Puppet::Util.uri_query_encode(value.to_s)}"
+    end.join('&')
+  end
+
+  def handle_post_connect(uri, http, &block)
+    start = Time.now
+    yield http
+  rescue Puppet::HTTP::HTTPError
+    raise
+  rescue EOFError => e
+    raise Puppet::HTTP::HTTPError.new(_("Request to %{uri} interrupted after %{elapsed} seconds") % {uri: uri, elapsed: elapsed(start)}, e)
+  rescue Timeout::Error => e
+    raise Puppet::HTTP::HTTPError.new(_("Request to %{uri} timed out after %{elapsed} seconds") % {uri: uri, elapsed: elapsed(start)}, e)
+  rescue => e
+    raise Puppet::HTTP::HTTPError.new(_("Request to %{uri} failed after %{elapsed} seconds: %{message}") % {uri: uri, elapsed: elapsed(start), message: e.message}, e)
+  end
+
+  def elapsed(start)
+    (Time.now - start).to_f.round(3)
+  end
+
+  def default_ssl_context
+    @default_ssl_context || Puppet.lookup(:ssl_context)
+  end
+
+  def apply_auth(request, user, password)
+    if user && password
+      request.basic_auth(user, password)
+    end
+  end
+
+  def build_resolvers
+    resolvers = []
+
+    if Puppet[:use_srv_records]
+      resolvers << Puppet::HTTP::Resolver::SRV.new(domain: Puppet[:srv_domain])
+    end
+
+    resolvers << Puppet::HTTP::Resolver::Settings.new
+    resolvers.freeze
+  end
+end

data/lib/puppet/http/errors.rb

@@ -0,0 +1,30 @@
+module Puppet::HTTP
+  class HTTPError < Puppet::Error; end
+
+  class ConnectionError < HTTPError; end
+
+  class RouteError < HTTPError; end
+
+  class ProtocolError < HTTPError; end
+
+  class ResponseError < HTTPError
+    attr_reader :response
+
+    def initialize(response)
+      super(response.reason)
+      @response = response
+    end
+  end
+
+  class TooManyRedirects < HTTPError
+    def initialize(addr)
+      super(_("Too many HTTP redirections for %{addr}") % { addr: addr})
+    end
+  end
+
+  class TooManyRetryAfters < HTTPError
+    def initialize(addr)
+      super(_("Too many HTTP retries for %{addr}") % { addr: addr})
+    end
+  end
+end

data/lib/puppet/http/redirector.rb

@@ -0,0 +1,48 @@
+class Puppet::HTTP::Redirector
+  def initialize(redirect_limit)
+    @redirect_limit = redirect_limit
+  end
+
+  def redirect?(request, response)
+    # Net::HTTPRedirection is not used because historically puppet
+    # has only handled these, and we're not a browser
+    case response.code
+    when 301, 302, 307
+      true
+    else
+      false
+    end
+  end
+
+  def redirect_to(request, response, redirects)
+    raise Puppet::HTTP::TooManyRedirects.new(request.uri) if redirects >= @redirect_limit
+
+    location = parse_location(response)
+    if location.relative?
+      url = request.uri.dup
+      url.path = location.path
+    else
+      url = location.dup
+    end
+    url.query = request.uri.query
+
+    new_request = request.class.new(url)
+    new_request.body = request.body
+    request.each do |header, value|
+      new_request[header] = value
+    end
+
+    new_request
+  end
+
+  private
+
+  def parse_location(response)
+    location = response['location']
+    raise Puppet::HTTP::ProtocolError.new(_("Location response header is missing")) unless location
+
+    URI.parse(location)
+  rescue URI::InvalidURIError => e
+    raise Puppet::HTTP::ProtocolError.new(_("Location URI is invalid: %{detail}") % { detail: e.message}, e)
+  end
+end

data/lib/puppet/http/resolver.rb

@@ -0,0 +1,5 @@
+class Puppet::HTTP::Resolver
+  def resolve(session, name, &block)
+    raise NotImplementedError
+  end
+end

data/lib/puppet/http/resolver/settings.rb

@@ -0,0 +1,5 @@
+class Puppet::HTTP::Resolver::Settings < Puppet::HTTP::Resolver
+  def resolve(session, name, &block)
+    yield session.create_service(name)
+  end
+end

data/lib/puppet/http/resolver/srv.rb

@@ -0,0 +1,13 @@
+class Puppet::HTTP::Resolver::SRV < Puppet::HTTP::Resolver
+  def initialize(domain: srv_domain, dns: Resolv::DNS.new)
+    @srv_domain = domain
+    @delegate = Puppet::Network::Resolver.new(dns)
+  end
+
+  def resolve(session, name, &block)
+    # This assumes the route name is the same as the DNS SRV name
+    @delegate.each_srv_record(@srv_domain, name) do |server, port|
+      yield session.create_service(name, server, port)
+    end
+  end
+end

data/lib/puppet/http/response.rb

@@ -0,0 +1,34 @@
+class Puppet::HTTP::Response
+  def initialize(nethttp)
+    @nethttp = nethttp
+  end
+
+  def code
+    @nethttp.code.to_i
+  end
+
+  def reason
+    @nethttp.message
+  end
+
+  def body
+    @nethttp.body
+  end
+
+  def read_body(&block)
+    @nethttp.read_body(&block)
+  end
+
+  def success?
+    @nethttp.is_a?(Net::HTTPSuccess)
+  end
+
+  def [](name)
+    @nethttp[name]
+  end
+
+  def drain
+    body
+    true
+  end
+end

data/lib/puppet/http/retry_after_handler.rb

@@ -0,0 +1,47 @@
+require 'date'
+require 'time'
+
+class Puppet::HTTP::RetryAfterHandler
+  def initialize(retry_limit, max_sleep)
+    @retry_limit = retry_limit
+    @max_sleep = max_sleep
+  end
+
+  def retry_after?(request, response)
+    case response.code
+    when 429, 503
+      true
+    else
+      false
+    end
+  end
+
+  def retry_after_interval(request, response, retries)
+    raise Puppet::HTTP::TooManyRetryAfters.new(request.uri) if retries >= @retry_limit
+
+    retry_after = response['Retry-After']
+    return nil unless retry_after
+
+    seconds = parse_retry_after(retry_after)
+
+    # if retry-after is far in the future, we could end up sleeping repeatedly
+    # for 30 minutes, effectively waiting indefinitely, seems like we should wait
+    # in total for 30 minutes, in which case this upper limit needs to be enforced
+    # by the client.
+    [seconds, @max_sleep].min
+  end
+
+  private
+
+  def parse_retry_after(retry_after)
+    Integer(retry_after)
+  rescue TypeError, ArgumentError
+    begin
+      tm = DateTime.rfc2822(retry_after)
+      seconds = (tm.to_time - DateTime.now.to_time).to_i
+      [seconds, 0].max
+    rescue ArgumentError
+      raise Puppet::HTTP::ProtocolError.new(_("Failed to parse Retry-After header '%{retry_after}' as an integer or RFC 2822 date") % { retry_after: retry_after })
+    end
+  end
+end

data/lib/puppet/http/service.rb

@@ -0,0 +1,18 @@
+class Puppet::HTTP::Service
+  attr_reader :url
+
+  def initialize(client, url)
+    @client = client
+    @url = url
+  end
+
+  def with_base_url(path)
+    u = @url.dup
+    u.path += path
+    u
+  end
+
+  def connect(ssl_context: nil)
+    @client.connect(@url, ssl_context: ssl_context)
+  end
+end