RubyGems - puppet - Versions diffs - 6.11.1-x64-mingw32 → 6.16.0-x64-mingw32 - Mend

puppet 6.11.1-x64-mingw32 → 6.16.0-x64-mingw32

Potentially problematic release.

This version of puppet might be problematic. Click here for more details.

Files changed (395) hide show

checksums.yaml +4 -4
data/CODEOWNERS +3 -8
data/CONTRIBUTING.md +7 -13
data/Gemfile +1 -0
data/Gemfile.lock +39 -36
data/README.md +17 -24
data/ext/build_defaults.yaml +1 -0
data/ext/project_data.yaml +1 -1
data/ext/windows/service/daemon.rb +25 -20
data/lib/puppet.rb +52 -13
data/lib/puppet/agent.rb +20 -14
data/lib/puppet/application/agent.rb +12 -14
data/lib/puppet/application/describe.rb +7 -5
data/lib/puppet/application/device.rb +2 -2
data/lib/puppet/application/filebucket.rb +19 -15
data/lib/puppet/application/plugin.rb +1 -0
data/lib/puppet/application/resource.rb +1 -1
data/lib/puppet/application/ssl.rb +4 -4
data/lib/puppet/concurrent.rb +2 -0
data/lib/puppet/concurrent/lock.rb +16 -0
data/lib/puppet/concurrent/synchronized.rb +15 -0
data/lib/puppet/concurrent/thread_local_singleton.rb +14 -0
data/lib/puppet/configurer.rb +85 -83
data/lib/puppet/configurer/plugin_handler.rb +10 -1
data/lib/puppet/context/trusted_information.rb +14 -8
data/lib/puppet/daemon.rb +13 -27
data/lib/puppet/defaults.rb +158 -40
data/lib/puppet/environments.rb +30 -20
data/lib/puppet/error.rb +9 -1
data/lib/puppet/face/facts.rb +8 -5
data/lib/puppet/face/help.rb +29 -3
data/lib/puppet/face/module/search.rb +5 -0
data/lib/puppet/face/plugin.rb +2 -2
data/lib/puppet/file_serving/http_metadata.rb +1 -1
data/lib/puppet/file_system/file_impl.rb +13 -9
data/lib/puppet/file_system/memory_file.rb +6 -0
data/lib/puppet/file_system/memory_impl.rb +13 -0
data/lib/puppet/file_system/uniquefile.rb +4 -0
data/lib/puppet/file_system/windows.rb +7 -10
data/lib/puppet/forge.rb +3 -3
data/lib/puppet/forge/errors.rb +2 -2
data/lib/puppet/forge/repository.rb +31 -86
data/lib/puppet/functions/call.rb +1 -1
data/lib/puppet/functions/camelcase.rb +2 -2
data/lib/puppet/functions/epp.rb +4 -4
data/lib/puppet/functions/eyaml_lookup_key.rb +13 -8
data/lib/puppet/functions/filter.rb +1 -0
data/lib/puppet/functions/find_file.rb +9 -9
data/lib/puppet/functions/find_template.rb +63 -0
data/lib/puppet/functions/inline_epp.rb +5 -5
data/lib/puppet/functions/reduce.rb +2 -4
data/lib/puppet/http.rb +7 -0
data/lib/puppet/http/client.rb +341 -54
data/lib/puppet/http/errors.rb +2 -0
data/lib/puppet/http/external_client.rb +90 -0
data/lib/puppet/http/redirector.rb +34 -0
data/lib/puppet/http/resolver.rb +57 -1
data/lib/puppet/http/resolver/server_list.rb +98 -0
data/lib/puppet/http/resolver/settings.rb +23 -2
data/lib/puppet/http/resolver/srv.rb +36 -4
data/lib/puppet/http/response.rb +68 -1
data/lib/puppet/http/retry_after_handler.rb +39 -0
data/lib/puppet/http/service.rb +179 -3
data/lib/puppet/http/service/ca.rb +84 -21
data/lib/puppet/http/service/compiler.rb +319 -0
data/lib/puppet/http/service/file_server.rb +206 -0
data/lib/puppet/http/service/report.rb +66 -0
data/lib/puppet/http/session.rb +106 -31
data/lib/puppet/indirector/catalog/compiler.rb +10 -0
data/lib/puppet/indirector/catalog/rest.rb +34 -0
data/lib/puppet/indirector/facts/rest.rb +42 -0
data/lib/puppet/indirector/file_bucket_file/file.rb +1 -1
data/lib/puppet/indirector/file_bucket_file/rest.rb +48 -0
data/lib/puppet/indirector/file_content/http.rb +5 -0
data/lib/puppet/indirector/file_content/rest.rb +30 -0
data/lib/puppet/indirector/file_metadata/http.rb +4 -4
data/lib/puppet/indirector/file_metadata/rest.rb +52 -0
data/lib/puppet/indirector/json.rb +1 -1
data/lib/puppet/indirector/msgpack.rb +1 -1
data/lib/puppet/indirector/node/rest.rb +24 -0
data/lib/puppet/indirector/report/rest.rb +19 -0
data/lib/puppet/indirector/report/yaml.rb +23 -0
data/lib/puppet/indirector/rest.rb +12 -0
data/lib/puppet/indirector/status/rest.rb +18 -0
data/lib/puppet/loaders.rb +6 -0
data/lib/puppet/metatype/manager.rb +80 -80
data/lib/puppet/network/http/base_pool.rb +19 -1
data/lib/puppet/network/http/compression.rb +7 -0
data/lib/puppet/network/http/connection.rb +6 -0
data/lib/puppet/network/http/connection_adapter.rb +182 -0
data/lib/puppet/network/http/nocache_pool.rb +2 -0
data/lib/puppet/network/http/pool.rb +13 -6
data/lib/puppet/network/http_pool.rb +2 -1
data/lib/puppet/node/environment.rb +24 -8
data/lib/puppet/pal/catalog_compiler.rb +5 -0
data/lib/puppet/pal/pal_impl.rb +9 -29
data/lib/puppet/parser/ast/pops_bridge.rb +6 -11
data/lib/puppet/parser/compiler.rb +42 -32
data/lib/puppet/parser/functions.rb +18 -13
data/lib/puppet/parser/functions/epp.rb +3 -3
data/lib/puppet/parser/functions/filter.rb +1 -0
data/lib/puppet/parser/functions/inline_epp.rb +5 -5
data/lib/puppet/pops/evaluator/access_operator.rb +2 -2
data/lib/puppet/pops/evaluator/evaluator_impl.rb +1 -1
data/lib/puppet/pops/evaluator/runtime3_support.rb +1 -1
data/lib/puppet/pops/loader/puppet_plan_instantiator.rb +12 -3
data/lib/puppet/pops/loaders.rb +7 -5
data/lib/puppet/pops/lookup/invocation.rb +10 -3
data/lib/puppet/pops/model/pn_transformer.rb +5 -9
data/lib/puppet/pops/parser/evaluating_parser.rb +8 -11
data/lib/puppet/pops/serialization/json_path.rb +3 -3
data/lib/puppet/pops/time/timespan.rb +3 -5
data/lib/puppet/pops/types/p_object_type_extension.rb +10 -0
data/lib/puppet/pops/types/string_converter.rb +6 -9
data/lib/puppet/pops/types/type_calculator.rb +30 -10
data/lib/puppet/pops/types/type_formatter.rb +9 -11
data/lib/puppet/pops/types/type_parser.rb +3 -3
data/lib/puppet/pops/validation/checker4_0.rb +1 -1
data/lib/puppet/pops/validation/tasks_checker.rb +5 -1
data/lib/puppet/provider/aix_object.rb +4 -2
data/lib/puppet/provider/group/aix.rb +1 -0
data/lib/puppet/provider/group/groupadd.rb +57 -24
data/lib/puppet/provider/group/windows_adsi.rb +3 -3
data/lib/puppet/provider/package/aix.rb +17 -2
data/lib/puppet/provider/package/apt.rb +78 -4
data/lib/puppet/provider/package/dnfmodule.rb +69 -15
data/lib/puppet/provider/package/dpkg.rb +14 -7
data/lib/puppet/provider/package/fink.rb +20 -3
data/lib/puppet/provider/package/gem.rb +41 -7
data/lib/puppet/provider/package/openbsd.rb +13 -1
data/lib/puppet/provider/package/pacman.rb +2 -5
data/lib/puppet/provider/package/pip.rb +143 -48
data/lib/puppet/provider/package/pip3.rb +0 -2
data/lib/puppet/provider/package/pkg.rb +18 -5
data/lib/puppet/provider/package/pkgdmg.rb +1 -1
data/lib/puppet/provider/package/pkgng.rb +16 -4
data/lib/puppet/provider/package/portage.rb +5 -5
data/lib/puppet/provider/package/puppet_gem.rb +6 -2
data/lib/puppet/provider/package/rpm.rb +6 -213
data/lib/puppet/provider/package/yum.rb +108 -24
data/lib/puppet/provider/package/zypper.rb +59 -1
data/lib/puppet/provider/package_targetable.rb +5 -4
data/lib/puppet/provider/service/systemd.rb +23 -5
data/lib/puppet/provider/user/aix.rb +1 -0
data/lib/puppet/provider/user/directoryservice.rb +30 -5
data/lib/puppet/provider/user/hpux.rb +1 -1
data/lib/puppet/provider/user/useradd.rb +11 -8
data/lib/puppet/reports/http.rb +13 -9
data/lib/puppet/reports/store.rb +1 -1
data/lib/puppet/resource/type_collection.rb +20 -16
data/lib/puppet/runtime.rb +32 -1
data/lib/puppet/settings.rb +4 -0
data/lib/puppet/settings/http_extra_headers_setting.rb +25 -0
data/lib/puppet/ssl.rb +1 -0
data/lib/puppet/ssl/certificate.rb +2 -1
data/lib/puppet/ssl/host.rb +4 -4
data/lib/puppet/ssl/oids.rb +1 -0
data/lib/puppet/ssl/ssl_provider.rb +20 -0
data/lib/puppet/ssl/state_machine.rb +81 -35
data/lib/puppet/ssl/verifier_adapter.rb +9 -1
data/lib/puppet/test/test_helper.rb +7 -1
data/lib/puppet/transaction.rb +33 -11
data/lib/puppet/transaction/report.rb +2 -2
data/lib/puppet/transaction/resource_harness.rb +1 -1
data/lib/puppet/type.rb +7 -2
data/lib/puppet/type/file.rb +13 -0
data/lib/puppet/type/file/data_sync.rb +5 -1
data/lib/puppet/type/file/source.rb +49 -58
data/lib/puppet/type/group.rb +5 -4
data/lib/puppet/type/package.rb +102 -10
data/lib/puppet/type/service.rb +6 -8
data/lib/puppet/type/user.rb +6 -30
data/lib/puppet/util.rb +34 -11
data/lib/puppet/util/at_fork.rb +1 -1
data/lib/puppet/util/autoload.rb +4 -18
data/lib/puppet/util/instance_loader.rb +14 -10
data/lib/puppet/util/log/destinations.rb +2 -11
data/lib/puppet/util/logging.rb +30 -18
data/lib/puppet/util/package/version/debian.rb +175 -0
data/lib/puppet/util/package/version/gem.rb +15 -0
data/lib/puppet/util/package/version/pip.rb +167 -0
data/lib/puppet/util/package/version/range.rb +53 -0
data/lib/puppet/util/package/version/range/eq.rb +14 -0
data/lib/puppet/util/package/version/range/gt.rb +14 -0
data/lib/puppet/util/package/version/range/gt_eq.rb +14 -0
data/lib/puppet/util/package/version/range/lt.rb +14 -0
data/lib/puppet/util/package/version/range/lt_eq.rb +14 -0
data/lib/puppet/util/package/version/range/min_max.rb +21 -0
data/lib/puppet/util/package/version/range/simple.rb +11 -0
data/lib/puppet/util/package/version/rpm.rb +73 -0
data/lib/puppet/util/pidlock.rb +36 -10
data/lib/puppet/util/platform.rb +5 -0
data/lib/puppet/util/plist.rb +6 -0
data/lib/puppet/util/rpm_compare.rb +193 -0
data/lib/puppet/util/storage.rb +0 -1
data/lib/puppet/util/windows/adsi.rb +50 -20
data/lib/puppet/util/windows/process.rb +15 -14
data/lib/puppet/util/windows/security.rb +1 -0
data/lib/puppet/util/windows/sid.rb +3 -3
data/lib/puppet/util/yaml.rb +1 -1
data/lib/puppet/version.rb +1 -1
data/lib/puppet/x509/cert_provider.rb +9 -5
data/locales/puppet.pot +640 -521
data/man/man5/puppet.conf.5 +88 -9
data/man/man8/puppet-agent.8 +6 -6
data/man/man8/puppet-apply.8 +1 -1
data/man/man8/puppet-catalog.8 +1 -1
data/man/man8/puppet-config.8 +1 -1
data/man/man8/puppet-describe.8 +1 -1
data/man/man8/puppet-device.8 +2 -2
data/man/man8/puppet-doc.8 +1 -1
data/man/man8/puppet-epp.8 +1 -1
data/man/man8/puppet-facts.8 +1 -1
data/man/man8/puppet-filebucket.8 +17 -2
data/man/man8/puppet-generate.8 +1 -1
data/man/man8/puppet-help.8 +6 -3
data/man/man8/puppet-key.8 +1 -1
data/man/man8/puppet-lookup.8 +1 -1
data/man/man8/puppet-man.8 +1 -1
data/man/man8/puppet-module.8 +4 -1
data/man/man8/puppet-node.8 +1 -1
data/man/man8/puppet-parser.8 +1 -1
data/man/man8/puppet-plugin.8 +1 -1
data/man/man8/puppet-report.8 +1 -1
data/man/man8/puppet-resource.8 +1 -1
data/man/man8/puppet-script.8 +1 -1
data/man/man8/puppet-ssl.8 +2 -2
data/man/man8/puppet-status.8 +1 -1
data/man/man8/puppet.8 +2 -2
data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +67 -0
data/spec/fixtures/ssl/unknown-127.0.0.1.pem +48 -0
data/spec/fixtures/ssl/unknown-ca-key.pem +67 -0
data/spec/fixtures/ssl/unknown-ca.pem +59 -0
data/spec/fixtures/unit/forge/bacula.json +76 -0
data/spec/fixtures/unit/provider/package/dnfmodule/{dnf-module-list-installed.txt → dnf-module-list.txt} +8 -0
data/spec/fixtures/unit/provider/package/pkgng/pkg.version +2 -0
data/spec/fixtures/unit/provider/package/yum/yum-check-update-subscription-manager.txt +9 -0
data/spec/fixtures/unit/provider/package/zypper/zypper-search-uninstalled.out +13 -0
data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services +9 -0
data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_md5/should_fetch_if_not_on_the_local_disk.yml +1 -102
data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_md5/should_not_update_if_content_on_disk_is_up-to-date.yml +1 -106
data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_md5/should_update_if_content_differs_on_disk.yml +1 -106
data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_mtime/should_fetch_if_mtime_is_older_on_disk.yml +1 -102
data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_mtime/should_fetch_if_no_header_specified.yml +1 -98
data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_mtime/should_fetch_if_not_on_the_local_disk.yml +1 -102
data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_mtime/should_not_update_if_mtime_is_newer_on_disk.yml +1 -102
data/spec/integration/application/agent_spec.rb +394 -0
data/spec/integration/application/apply_spec.rb +132 -3
data/spec/integration/application/filebucket_spec.rb +190 -0
data/spec/integration/application/plugin_spec.rb +73 -0
data/spec/integration/configurer_spec.rb +26 -7
data/spec/integration/http/client_spec.rb +154 -0
data/spec/integration/indirector/facts/facter_spec.rb +4 -0
data/spec/integration/indirector/report/yaml.rb +83 -0
data/spec/integration/module_tool/forge_spec.rb +51 -0
data/spec/integration/network/http_pool_spec.rb +76 -20
data/spec/integration/node/environment_spec.rb +15 -0
data/spec/integration/util/windows/adsi_spec.rb +6 -1
data/spec/lib/puppet/test_ca.rb +2 -2
data/spec/lib/puppet_spec/https.rb +20 -9
data/spec/lib/puppet_spec/puppetserver.rb +119 -0
data/spec/shared_contexts/https.rb +29 -0
data/spec/spec_helper.rb +6 -2
data/spec/unit/agent_spec.rb +80 -26
data/spec/unit/application/agent_spec.rb +9 -5
data/spec/unit/application/apply_spec.rb +2 -12
data/spec/unit/application/describe_spec.rb +88 -50
data/spec/unit/application/device_spec.rb +2 -2
data/spec/unit/application/filebucket_spec.rb +22 -2
data/spec/unit/application/resource_spec.rb +2 -2
data/spec/unit/concurrent/lock_spec.rb +29 -0
data/spec/unit/configurer/fact_handler_spec.rb +0 -4
data/spec/unit/configurer/plugin_handler_spec.rb +36 -19
data/spec/unit/configurer_spec.rb +400 -406
data/spec/unit/context/trusted_information_spec.rb +17 -0
data/spec/unit/daemon_spec.rb +5 -64
data/spec/unit/defaults_spec.rb +38 -4
data/spec/unit/environments_spec.rb +65 -28
data/spec/unit/face/facts_spec.rb +24 -20
data/spec/unit/face/module/search_spec.rb +17 -0
data/spec/unit/face/plugin_spec.rb +12 -10
data/spec/unit/file_system/uniquefile_spec.rb +11 -0
data/spec/unit/file_system_spec.rb +26 -2
data/spec/unit/forge/errors_spec.rb +1 -1
data/spec/unit/forge/forge_spec.rb +12 -54
data/spec/unit/forge/module_release_spec.rb +19 -6
data/spec/unit/forge/repository_spec.rb +63 -157
data/spec/unit/forge_spec.rb +46 -116
data/spec/unit/functions/find_template_spec.rb +69 -0
data/spec/unit/functions/lookup_spec.rb +13 -0
data/spec/unit/http/client_spec.rb +395 -27
data/spec/unit/http/external_client_spec.rb +201 -0
data/spec/unit/http/resolver_spec.rb +81 -12
data/spec/unit/http/response_spec.rb +69 -0
data/spec/unit/http/service/ca_spec.rb +100 -7
data/spec/unit/http/service/compiler_spec.rb +627 -0
data/spec/unit/http/service/file_server_spec.rb +308 -0
data/spec/unit/http/service/report_spec.rb +118 -0
data/spec/unit/http/service_spec.rb +117 -4
data/spec/unit/http/session_spec.rb +237 -19
data/spec/unit/indirector/catalog/compiler_spec.rb +47 -29
data/spec/unit/indirector/catalog/rest_spec.rb +59 -2
data/spec/unit/indirector/facts/rest_spec.rb +79 -24
data/spec/unit/indirector/file_bucket_file/rest_spec.rb +82 -2
data/spec/unit/indirector/file_content/rest_spec.rb +53 -2
data/spec/unit/indirector/file_metadata/http_spec.rb +167 -0
data/spec/unit/indirector/file_metadata/rest_spec.rb +110 -2
data/spec/unit/indirector/node/rest_spec.rb +57 -2
data/spec/unit/indirector/report/rest_spec.rb +58 -51
data/spec/unit/indirector/resource/ral_spec.rb +7 -8
data/spec/unit/indirector/rest_spec.rb +13 -0
data/spec/unit/indirector/status/rest_spec.rb +43 -2
data/spec/unit/network/http/connection_spec.rb +549 -176
data/spec/unit/network/http/nocache_pool_spec.rb +25 -3
data/spec/unit/network/http/pool_spec.rb +89 -11
data/spec/unit/network/http_pool_spec.rb +63 -57
data/spec/unit/network/http_spec.rb +1 -1
data/spec/unit/node/environment_spec.rb +16 -0
data/spec/unit/node/facts_spec.rb +2 -1
data/spec/unit/node_spec.rb +7 -4
data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +8 -3
data/spec/unit/pops/serialization/to_from_hr_spec.rb +6 -1
data/spec/unit/pops/validator/validator_spec.rb +7 -2
data/spec/unit/provider/aix_object_spec.rb +16 -2
data/spec/unit/provider/group/groupadd_spec.rb +181 -56
data/spec/unit/provider/group/windows_adsi_spec.rb +43 -10
data/spec/unit/provider/package/aix_spec.rb +29 -0
data/spec/unit/provider/package/apt_spec.rb +43 -2
data/spec/unit/provider/package/aptitude_spec.rb +1 -0
data/spec/unit/provider/package/dnfmodule_spec.rb +76 -15
data/spec/unit/provider/package/dpkg_spec.rb +28 -6
data/spec/unit/provider/package/gem_spec.rb +40 -0
data/spec/unit/provider/package/openbsd_spec.rb +17 -0
data/spec/unit/provider/package/pacman_spec.rb +6 -21
data/spec/unit/provider/package/pip_spec.rb +68 -19
data/spec/unit/provider/package/pkg_spec.rb +15 -1
data/spec/unit/provider/package/pkgdmg_spec.rb +1 -1
data/spec/unit/provider/package/pkgng_spec.rb +38 -0
data/spec/unit/provider/package/portage_spec.rb +9 -4
data/spec/unit/provider/package/puppet_gem_spec.rb +8 -0
data/spec/unit/provider/package/rpm_spec.rb +0 -212
data/spec/unit/provider/package/yum_spec.rb +292 -0
data/spec/unit/provider/package/zypper_spec.rb +84 -0
data/spec/unit/provider/package_targetable_spec.rb +60 -0
data/spec/unit/provider/service/init_spec.rb +1 -0
data/spec/unit/provider/service/openbsd_spec.rb +9 -0
data/spec/unit/provider/service/openwrt_spec.rb +1 -0
data/spec/unit/provider/service/redhat_spec.rb +9 -0
data/spec/unit/provider/service/systemd_spec.rb +92 -12
data/spec/unit/provider/user/directoryservice_spec.rb +41 -0
data/spec/unit/provider/user/hpux_spec.rb +2 -2
data/spec/unit/provider/user/useradd_spec.rb +21 -8
data/spec/unit/provider/user/windows_adsi_spec.rb +3 -3
data/spec/unit/puppet_pal_2pec.rb +0 -26
data/spec/unit/puppet_pal_catalog_spec.rb +46 -0
data/spec/unit/puppet_spec.rb +47 -0
data/spec/unit/reports/http_spec.rb +70 -52
data/spec/unit/settings/autosign_setting_spec.rb +1 -1
data/spec/unit/settings/http_extra_headers_spec.rb +64 -0
data/spec/unit/ssl/certificate_spec.rb +7 -0
data/spec/unit/ssl/host_spec.rb +4 -2
data/spec/unit/ssl/oids_spec.rb +1 -0
data/spec/unit/ssl/ssl_provider_spec.rb +71 -0
data/spec/unit/ssl/state_machine_spec.rb +99 -13
data/spec/unit/transaction/persistence_spec.rb +1 -10
data/spec/unit/transaction/report_spec.rb +4 -0
data/spec/unit/transaction_spec.rb +45 -1
data/spec/unit/type/file/content_spec.rb +9 -3
data/spec/unit/type/file/ensure_spec.rb +1 -2
data/spec/unit/type/file/source_spec.rb +86 -35
data/spec/unit/type/package_spec.rb +8 -0
data/spec/unit/type/service_spec.rb +9 -8
data/spec/unit/type/user_spec.rb +1 -2
data/spec/unit/util/at_fork_spec.rb +3 -2
data/spec/unit/util/autoload_spec.rb +2 -1
data/spec/unit/util/log/destinations_spec.rb +1 -29
data/spec/unit/util/log_spec.rb +0 -138
data/spec/unit/util/logging_spec.rb +200 -0
data/spec/unit/util/package/version/debian_spec.rb +83 -0
data/spec/unit/util/package/version/pip_spec.rb +464 -0
data/spec/unit/util/package/version/range_spec.rb +175 -0
data/spec/unit/util/package/version/rpm_spec.rb +121 -0
data/spec/unit/util/pidlock_spec.rb +112 -42
data/spec/unit/util/plist_spec.rb +20 -0
data/spec/unit/util/rpm_compare_spec.rb +196 -0
data/spec/unit/util/storage_spec.rb +1 -8
data/spec/unit/util/windows/adsi_spec.rb +55 -4
data/spec/unit/util/windows/sid_spec.rb +2 -2
data/spec/unit/x509/cert_provider_spec.rb +24 -4
data/tasks/generate_cert_fixtures.rake +15 -1
data/tasks/manpages.rake +6 -35
metadata +92 -12
data/COMMITTERS.md +0 -244
data/spec/integration/faces/plugin_spec.rb +0 -61
data/spec/lib/puppet_spec/validators.rb +0 -37

@@ -30,6 +30,7 @@ class Puppet::Settings
   require 'puppet/settings/value_translator'
   require 'puppet/settings/environment_conf'
   require 'puppet/settings/server_list_setting'
+  require 'puppet/settings/http_extra_headers_setting'
   require 'puppet/settings/certificate_revocation_setting'
   # local reference for convenience
@@ -727,6 +728,7 @@ class Puppet::Settings
       :priority   => PrioritySetting,
       :autosign   => AutosignSetting,
       :server_list => ServerListSetting,
+      :http_extra_headers => HttpExtraHeadersSetting,
       :certificate_revocation => CertificateRevocationSetting
   }
@@ -1239,6 +1241,8 @@ Generated on #{Time.now}.
     configured_environment = self[:environment]
     if configured_environment == "production" && envdir && Puppet::FileSystem.exist?(envdir)
       configured_environment_path = File.join(envdir, configured_environment)
+      # If configured_environment_path is a symlink, assume the source path is being managed
+      # elsewhere, so don't do any of this configuration
       if !Puppet::FileSystem.symlink?(configured_environment_path)
         parameters = { :ensure => 'directory' }
         unless Puppet::FileSystem.exist?(configured_environment_path)

data/lib/puppet/settings/http_extra_headers_setting.rb ADDED

@@ -0,0 +1,25 @@
+class Puppet::Settings::HttpExtraHeadersSetting < Puppet::Settings::BaseSetting
+  def type
+    :http_extra_headers
+  end
+  def munge(headers)
+    return headers if headers.is_a?(Hash)
+    headers = headers.split(/\s*,\s*/) if headers.is_a?(String)
+    raise ArgumentError, _("Expected an Array, String, or Hash, got a %{klass}") % { klass: headers.class } unless headers.is_a?(Array)
+    headers.map! { |header|
+      case header
+      when String
+        header.split(':')
+      when Array
+        header
+      else
+        raise ArgumentError, _("Expected an Array or String, got a %{klass}") % { klass: header.class }
+      end
+    }
+  end
+end

data/lib/puppet/ssl.rb CHANGED

@@ -2,6 +2,7 @@
 require 'puppet'
 require 'puppet/ssl/openssl_loader'
+# @api private
 module Puppet::SSL # :nodoc:
   CA_NAME = "ca".freeze
   require 'puppet/ssl/host'

data/lib/puppet/ssl/certificate.rb CHANGED

@@ -56,7 +56,8 @@ DOC
   def custom_extensions
     custom_exts = content.extensions.select do |ext|
       Puppet::SSL::Oids.subtree_of?('ppRegCertExt', ext.oid) or
-        Puppet::SSL::Oids.subtree_of?('ppPrivCertExt', ext.oid)
+        Puppet::SSL::Oids.subtree_of?('ppPrivCertExt', ext.oid) or
+        Puppet::SSL::Oids.subtree_of?('ppAuthCertExt', ext.oid)
     end
     custom_exts.map do |ext|

data/lib/puppet/ssl/host.rb CHANGED

@@ -22,9 +22,9 @@ class Puppet::SSL::Host
   attr_writer :key, :certificate, :certificate_request, :crl_usage
-  def self.localhost
+  def self.localhost(suppress_warning = false)
     return @localhost if @localhost
-    @localhost = new
+    @localhost = new(nil, false, suppress_warning)
     @localhost.generate unless @localhost.certificate
     @localhost.key
     @localhost
@@ -225,14 +225,14 @@ ERROR_STRING
   end
   private :validate_csr_with_key
-  def initialize(name = nil, device = false)
+  def initialize(name = nil, device = false, suppress_warning = false)
     @name = (name || Puppet[:certname]).downcase
     @device = device
     Puppet::SSL::Base.validate_certname(@name)
     @key = @certificate = @certificate_request = nil
     @crl_usage = Puppet.settings[:certificate_revocation]
     @crl_path = Puppet.settings[:hostcrl]
-    Puppet.deprecation_warning(_("Puppet::SSL::Host is deprecated and will be removed in a future release of Puppet."));
+    Puppet.deprecation_warning(_("Puppet::SSL::Host is deprecated and will be removed in a future release of Puppet.")) unless suppress_warning
   end
   # Extract the public key from the private key.

data/lib/puppet/ssl/oids.rb CHANGED

@@ -61,6 +61,7 @@ module Puppet::SSL::Oids
     ["1.3.6.1.4.1.34380.1.1.23", 'pp_cloudplatform', 'Puppet Node Cloud Platform Name'],
     ["1.3.6.1.4.1.34380.1.1.24", 'pp_apptier', 'Puppet Node Application Tier'],
     ["1.3.6.1.4.1.34380.1.1.25", 'pp_hostname', 'Puppet Node Hostname'],
+    ["1.3.6.1.4.1.34380.1.1.26", 'pp_owner', 'Puppet Node Owner'],
     ["1.3.6.1.4.1.34380.1.2", 'ppPrivCertExt', 'Puppet Private Certificate Extension'],

data/lib/puppet/ssl/ssl_provider.rb CHANGED

@@ -36,6 +36,26 @@ class Puppet::SSL::SSLProvider
     Puppet::SSL::SSLContext.new(store: store, cacerts: cacerts, crls: crls, revocation: revocation).freeze
   end
+  # Create an `SSLContext` using the trusted `cacerts` and any certs in OpenSSL's
+  # default verify path locations. When running puppet as a gem, the location is
+  # system dependent. When running puppet from puppet-agent packages, the location
+  # refers to the cacerts bundle in the puppet-agent package.
+  #
+  # Connections made from the returned context will authenticate the server,
+  # i.e. `VERIFY_PEER`, but will not use a client certificate and will not
+  # perform revocation checking.
+  #
+  # @param cacerts [Array<OpenSSL::X509::Certificate>] Array of trusted CA certs
+  # @return [Puppet::SSL::SSLContext] A context to use to create connections
+  # @raise (see #create_context)
+  # @api private
+  def create_system_context(cacerts:)
+    store = create_x509_store(cacerts, [], false)
+    store.set_default_paths
+    Puppet::SSL::SSLContext.new(store: store, cacerts: cacerts, crls: [], revocation: false).freeze
+  end
   # Create an `SSLContext` using the trusted `cacerts`, `crls`, `private_key`,
   # `client_cert`, and `revocation` mode. Connections made from the returned
   # context will be mutually authenticated.

data/lib/puppet/ssl/state_machine.rb CHANGED

@@ -45,7 +45,7 @@ class Puppet::SSL::StateMachine
         next_ctx = @ssl_provider.create_root_context(cacerts: cacerts, revocation: false)
       else
         route = @machine.session.route_to(:ca, ssl_context: @ssl_context)
-        pem = route.get_certificate(Puppet::SSL::CA_NAME, ssl_context: @ssl_context)
+        _, pem = route.get_certificate(Puppet::SSL::CA_NAME, ssl_context: @ssl_context)
         if @machine.ca_fingerprint
           actual_digest = Puppet::SSL::Digest.new(@machine.digest, pem).to_hex
           expected_digest = @machine.ca_fingerprint.scan(/../).join(':').upcase
@@ -146,7 +146,7 @@ class Puppet::SSL::StateMachine
     def download_crl(ssl_ctx, last_update)
       route = @machine.session.route_to(:ca, ssl_context: ssl_ctx)
-      pem = route.get_certificate_revocation_list(if_modified_since: last_update, ssl_context: ssl_ctx)
+      _, pem = route.get_certificate_revocation_list(if_modified_since: last_update, ssl_context: ssl_ctx)
       crls = @cert_provider.load_crls_from_pem(pem)
       # verify crls before saving
       next_ctx = @ssl_provider.create_root_context(cacerts: ssl_ctx[:cacerts], crls: crls)
@@ -234,7 +234,7 @@ class Puppet::SSL::StateMachine
       route = @machine.session.route_to(:ca, ssl_context: @ssl_context)
       cert = OpenSSL::X509::Certificate.new(
-        route.get_certificate(Puppet[:certname], ssl_context: @ssl_context)
+        route.get_certificate(Puppet[:certname], ssl_context: @ssl_context)[1]
       )
       Puppet.info _("Downloaded certificate for %{name} from %{url}") % { name: Puppet[:certname], url: route.url }
       # verify client cert before saving
@@ -278,16 +278,55 @@ class Puppet::SSL::StateMachine
       else
         Puppet.info(_("Will try again in %{time} seconds.") % {time: time})
+        # close persistent connections and session state before sleeping
+        Puppet.runtime[:http].close
+        @machine.session = Puppet.runtime[:http].create_session
+        @machine.unlock
         Kernel.sleep(time)
+        NeedLock.new(@machine)
+      end
+    end
+  end
+  # Acquire the ssl lock or return LockFailure causing us to exit.
+  #
+  class NeedLock < SSLState
+    def initialize(machine)
+      super(machine, nil)
+    end
+    def next_state
+      if @machine.lock
         # our ssl directory may have been cleaned while we were
         # sleeping, start over from the top
-        @machine.session = Puppet.runtime['http'].create_session
         NeedCACerts.new(@machine)
+      elsif @machine.waitforlock < 1
+        LockFailure.new(@machine, _("Another puppet instance is already running and the waitforlock setting is set to 0; exiting"))
+      elsif Time.now.to_i >= @machine.waitlock_deadline
+        LockFailure.new(@machine, _("Another puppet instance is already running and the maxwaitforlock timeout has been exceeded; exiting"))
+      else
+        Puppet.info _("Another puppet instance is already running; waiting for it to finish")
+        Puppet.info _("Will try again in %{time} seconds.") % {time: @machine.waitforlock}
+        Kernel.sleep @machine.waitforlock
+        # try again
+        self
       end
     end
   end
+  # We failed to acquire the lock, so exit
+  #
+  class LockFailure < SSLState
+    attr_reader :message
+    def initialize(machine, message)
+      super(machine, nil)
+      @message = message
+    end
+  end
   # We cannot make progress due to an error.
   #
   class Error < SSLState
@@ -310,7 +349,7 @@ class Puppet::SSL::StateMachine
   #
   class Done < SSLState; end
-  attr_reader :waitforcert, :wait_deadline, :cert_provider, :ssl_provider, :ca_fingerprint, :digest
+  attr_reader :waitforcert, :wait_deadline, :waitforlock, :waitlock_deadline, :cert_provider, :ssl_provider, :ca_fingerprint, :digest
   attr_accessor :session
   # Construct a state machine to manage the SSL initialization process. By
@@ -323,7 +362,12 @@ class Puppet::SSL::StateMachine
   # then then state machine will exit instead of wait.
   #
   # @param waitforcert [Integer] how many seconds to wait between attempts
-  # @param maxwiatforcert [Integer] maximum amount of second
+  # @param maxwaitforcert [Integer] maximum amount of seconds to wait for the
+  #   server to sign the certificate request
+  # @param waitforlock [Integer] how many seconds to wait between attempts for
+  #   acquiring the ssl lock
+  # @param maxwaitforlock [Integer] maximum amount of seconds to wait for an
+  #   already running process to release the ssl lock
   # @param onetime [Boolean] whether to run onetime
   # @param lockfile [Puppet::Util::Pidlock] lockfile to protect against
   #   concurrent modification by multiple processes
@@ -336,6 +380,8 @@ class Puppet::SSL::StateMachine
   #   downloaded CA bundle
   def initialize(waitforcert: Puppet[:waitforcert],
                  maxwaitforcert: Puppet[:maxwaitforcert],
+                 waitforlock: Puppet[:waitforlock],
+                 maxwaitforlock: Puppet[:maxwaitforlock],
                  onetime: Puppet[:onetime],
                  cert_provider: Puppet::X509::CertProvider.new,
                  ssl_provider: Puppet::SSL::SSLProvider.new,
@@ -344,13 +390,15 @@ class Puppet::SSL::StateMachine
                  ca_fingerprint: Puppet[:ca_fingerprint])
     @waitforcert = waitforcert
     @wait_deadline = Time.now.to_i + maxwaitforcert
+    @waitforlock = waitforlock
+    @waitlock_deadline = Time.now.to_i + maxwaitforlock
     @onetime = onetime
     @cert_provider = cert_provider
     @ssl_provider = ssl_provider
     @lockfile = lockfile
     @digest = digest
     @ca_fingerprint = ca_fingerprint
-    @session = Puppet.runtime['http'].create_session
+    @session = Puppet.runtime[:http].create_session
   end
   # Run the state machine for CA certs and CRLs.
@@ -358,7 +406,7 @@ class Puppet::SSL::StateMachine
   # @return [Puppet::SSL::SSLContext] initialized SSLContext
   # @raise [Puppet::Error] If we fail to generate an SSLContext
   def ensure_ca_certificates
-    final_state = run_machine(NeedCACerts.new(self), NeedKey)
+    final_state = run_machine(NeedLock.new(self), NeedKey)
     final_state.ssl_context
   end
@@ -367,7 +415,7 @@ class Puppet::SSL::StateMachine
   # @return [Puppet::SSL::SSLContext] initialized SSLContext
   # @raise [Puppet::Error] If we fail to generate an SSLContext
   def ensure_client_certificate
-    final_state = run_machine(NeedCACerts.new(self), Done)
+    final_state = run_machine(NeedLock.new(self), Done)
     ssl_context = final_state.ssl_context
     if Puppet::Util::Log.sendlevel?(:debug)
@@ -386,40 +434,38 @@ class Puppet::SSL::StateMachine
     ssl_context
   end
+  def lock
+    @lockfile.lock
+  end
+  def unlock
+    @lockfile.unlock
+  end
   private
   def run_machine(state, stop)
-    with_lock do
-      loop do
-        state = run_step(state)
-        case state
-        when stop
-          break
-        when Error
-          if @onetime
-            Puppet.log_exception(state.error)
-            raise state.error
-          end
-        else
-          # fall through
+    loop do
+      state = run_step(state)
+      case state
+      when stop
+        break
+      when LockFailure
+        raise Puppet::Error, state.message
+      when Error
+        if @onetime
+          Puppet.log_exception(state.error)
+          raise state.error
         end
+      else
+        # fall through
       end
     end
     state
-  end
-  def with_lock
-    if @lockfile.lock
-      begin
-        yield
-      ensure
-        @lockfile.unlock
-      end
-    else
-      raise Puppet::Error, _('Another puppet instance is already running; exiting')
-    end
+  ensure
+    @lockfile.unlock if @lockfile.locked?
   end
   def run_step(state)

data/lib/puppet/ssl/verifier_adapter.rb CHANGED

@@ -6,10 +6,18 @@
 #   loaded above.
 #
 class Puppet::SSL::VerifierAdapter
-  attr_reader :validator
+  attr_reader :validator, :ssl_context
   def initialize(validator)
     @validator = validator
+    if validator.is_a?(Puppet::SSL::Validator::NoValidator)
+      ssl = Puppet::SSL::SSLProvider.new
+      @ssl_context = ssl.create_insecure_context
+    else
+      # nil means use the default SSLContext
+      @ssl_context = nil
+    end
   end
   # Return true if `self` is reusable with `verifier` meaning they

data/lib/puppet/test/test_helper.rb CHANGED

@@ -136,10 +136,12 @@ module Puppet::Test
         {
           trusted_information:
             Puppet::Context::TrustedInformation.new('local', 'testing', {}, { "trusted_testhelper" => true }),
-          ssl_context: Puppet::SSL::SSLContext.new(cacerts: []).freeze
+          ssl_context: Puppet::SSL::SSLContext.new(cacerts: []).freeze,
+          http_session: proc { Puppet.runtime[:http].create_session }
         },
         "Context for specs")
+      Puppet.runtime.clear
       Puppet::Parser::Functions.reset
       Puppet::Application.clear!
       Puppet::Util::Profiler.clear
@@ -147,6 +149,10 @@ module Puppet::Test
       Puppet::SSL::Host.reset
       Puppet::Rest::Routes.clear
+      Puppet::Node::Facts.indirection.terminus_class = :memory
+      facts = Puppet::Node::Facts.new(Puppet[:node_name_value])
+      Puppet::Node::Facts.indirection.save(facts)
       Puppet.clear_deprecation_warnings
     end

data/lib/puppet/transaction.rb CHANGED

@@ -57,7 +57,11 @@ class Puppet::Transaction
     @prefetch_failed_providers = Hash.new { |h,k| h[k] = {} }
+    # With merge_dependency_warnings, notify and warn about class dependency failures ... just once per class. TJK 2019-09-09
+    @merge_dependency_warnings = Puppet[:merge_dependency_warnings]
     @failed_dependencies_already_notified = Set.new()
+    @failed_class_dependencies_already_notified = Set.new()
+    @failed_class_dependencies_already_warned = Set.new()
   end
   # Invoke the pre_run_check hook in every resource in the catalog.
@@ -291,15 +295,25 @@ class Puppet::Transaction
     # explosion of edges, we also ended up reporting failures for containers
     # like class and stage.  This is undesirable; while just skipping the
     # output isn't perfect, it is RC-safe. --daniel 2011-06-07
-    suppress_report = (resource.class == Puppet::Type.type(:whit))
+    is_puppet_class = resource.class == Puppet::Type.type(:whit)
+    # With merge_dependency_warnings, notify about class dependency failures ... just once per class. TJK 2019-09-09
     s = resource_status(resource)
     if s && s.dependency_failed?
-      # See above. --daniel 2011-06-06
-      unless suppress_report then
-        s.failed_dependencies.find_all { |d| !(@failed_dependencies_already_notified.include?(d.ref)) }.each do |dep|
-          resource.notice _("Dependency %{dep} has failures: %{status}") % { dep: dep, status: resource_status(dep).failed }
-          @failed_dependencies_already_notified.add(dep.ref)
+      if @merge_dependency_warnings && is_puppet_class
+       	# Notes: Puppet::Resource::Status.failed_dependencies() is an Array of Puppet::Resource(s) and
+        #        Puppet::Resource.ref() calls Puppet::Resource.to_s() which is: "#{type}[#{title}]" and
+       	#        Puppet::Resource.resource_status(resource) calls Puppet::Resource.to_s()
+        class_dependencies_to_be_notified = (s.failed_dependencies.map(&:ref) - @failed_class_dependencies_already_notified.to_a)
+        class_dependencies_to_be_notified.each do |dep_ref|
+          resource.notice _("Class dependency %{dep} has failures: %{status}") % { dep: dep_ref, status: resource_status(dep_ref).failed }
+        end
+        @failed_class_dependencies_already_notified.merge(class_dependencies_to_be_notified)
+      else
+        unless @merge_dependency_warnings || is_puppet_class
+          s.failed_dependencies.find_all { |d| !(@failed_dependencies_already_notified.include?(d.ref)) }.each do |dep|
+            resource.notice _("Dependency %{dep} has failures: %{status}") % { dep: dep, status: resource_status(dep).failed }
+            @failed_dependencies_already_notified.add(dep.ref)
+          end
         end
       end
     end
@@ -399,11 +413,19 @@ class Puppet::Transaction
       # explosion of edges, we also ended up reporting failures for containers
       # like class and stage.  This is undesirable; while just skipping the
       # output isn't perfect, it is RC-safe. --daniel 2011-06-07
-      unless resource.class == Puppet::Type.type(:whit) then
-        resource.warning _("Skipping because of failed dependencies")
+      # With merge_dependency_warnings, warn about class dependency failures ... just once per class. TJK 2019-09-09
+      unless resource.class == Puppet::Type.type(:whit)
+        if @merge_dependency_warnings && resource.parent && failed_dependencies?(resource.parent)
+          ps = resource_status(resource.parent)
+          ps.failed_dependencies.find_all { |d| !(@failed_class_dependencies_already_warned.include?(d.ref)) }.each do |dep|
+            resource.parent.warning _("Skipping resources in class because of failed class dependencies")
+            @failed_class_dependencies_already_warned.add(dep.ref)
+          end
+        else
+          resource.warning _("Skipping because of failed dependencies")
+        end
       end
-    elsif resource_status(resource).failed? &&
-        @prefetch_failed_providers[resource.type][resource.provider.class.name]
+    elsif resource_status(resource).failed? && @prefetch_failed_providers[resource.type][resource.provider.class.name]
       #Do not try to evaluate a resource with a known failed provider
       resource.warning _("Skipping because provider prefetch failed")
     elsif resource.virtual?