RubyGems - puppet - Versions diffs - 6.11.1-x86-mingw32 → 6.16.0-x86-mingw32 - Mend

puppet 6.11.1-x86-mingw32 → 6.16.0-x86-mingw32

Potentially problematic release.

This version of puppet might be problematic. Click here for more details.

Files changed (395) hide show

checksums.yaml +4 -4
data/CODEOWNERS +3 -8
data/CONTRIBUTING.md +7 -13
data/Gemfile +1 -0
data/Gemfile.lock +39 -36
data/README.md +17 -24
data/ext/build_defaults.yaml +1 -0
data/ext/project_data.yaml +1 -1
data/ext/windows/service/daemon.rb +25 -20
data/lib/puppet.rb +52 -13
data/lib/puppet/agent.rb +20 -14
data/lib/puppet/application/agent.rb +12 -14
data/lib/puppet/application/describe.rb +7 -5
data/lib/puppet/application/device.rb +2 -2
data/lib/puppet/application/filebucket.rb +19 -15
data/lib/puppet/application/plugin.rb +1 -0
data/lib/puppet/application/resource.rb +1 -1
data/lib/puppet/application/ssl.rb +4 -4
data/lib/puppet/concurrent.rb +2 -0
data/lib/puppet/concurrent/lock.rb +16 -0
data/lib/puppet/concurrent/synchronized.rb +15 -0
data/lib/puppet/concurrent/thread_local_singleton.rb +14 -0
data/lib/puppet/configurer.rb +85 -83
data/lib/puppet/configurer/plugin_handler.rb +10 -1
data/lib/puppet/context/trusted_information.rb +14 -8
data/lib/puppet/daemon.rb +13 -27
data/lib/puppet/defaults.rb +158 -40
data/lib/puppet/environments.rb +30 -20
data/lib/puppet/error.rb +9 -1
data/lib/puppet/face/facts.rb +8 -5
data/lib/puppet/face/help.rb +29 -3
data/lib/puppet/face/module/search.rb +5 -0
data/lib/puppet/face/plugin.rb +2 -2
data/lib/puppet/file_serving/http_metadata.rb +1 -1
data/lib/puppet/file_system/file_impl.rb +13 -9
data/lib/puppet/file_system/memory_file.rb +6 -0
data/lib/puppet/file_system/memory_impl.rb +13 -0
data/lib/puppet/file_system/uniquefile.rb +4 -0
data/lib/puppet/file_system/windows.rb +7 -10
data/lib/puppet/forge.rb +3 -3
data/lib/puppet/forge/errors.rb +2 -2
data/lib/puppet/forge/repository.rb +31 -86
data/lib/puppet/functions/call.rb +1 -1
data/lib/puppet/functions/camelcase.rb +2 -2
data/lib/puppet/functions/epp.rb +4 -4
data/lib/puppet/functions/eyaml_lookup_key.rb +13 -8
data/lib/puppet/functions/filter.rb +1 -0
data/lib/puppet/functions/find_file.rb +9 -9
data/lib/puppet/functions/find_template.rb +63 -0
data/lib/puppet/functions/inline_epp.rb +5 -5
data/lib/puppet/functions/reduce.rb +2 -4
data/lib/puppet/http.rb +7 -0
data/lib/puppet/http/client.rb +341 -54
data/lib/puppet/http/errors.rb +2 -0
data/lib/puppet/http/external_client.rb +90 -0
data/lib/puppet/http/redirector.rb +34 -0
data/lib/puppet/http/resolver.rb +57 -1
data/lib/puppet/http/resolver/server_list.rb +98 -0
data/lib/puppet/http/resolver/settings.rb +23 -2
data/lib/puppet/http/resolver/srv.rb +36 -4
data/lib/puppet/http/response.rb +68 -1
data/lib/puppet/http/retry_after_handler.rb +39 -0
data/lib/puppet/http/service.rb +179 -3
data/lib/puppet/http/service/ca.rb +84 -21
data/lib/puppet/http/service/compiler.rb +319 -0
data/lib/puppet/http/service/file_server.rb +206 -0
data/lib/puppet/http/service/report.rb +66 -0
data/lib/puppet/http/session.rb +106 -31
data/lib/puppet/indirector/catalog/compiler.rb +10 -0
data/lib/puppet/indirector/catalog/rest.rb +34 -0
data/lib/puppet/indirector/facts/rest.rb +42 -0
data/lib/puppet/indirector/file_bucket_file/file.rb +1 -1
data/lib/puppet/indirector/file_bucket_file/rest.rb +48 -0
data/lib/puppet/indirector/file_content/http.rb +5 -0
data/lib/puppet/indirector/file_content/rest.rb +30 -0
data/lib/puppet/indirector/file_metadata/http.rb +4 -4
data/lib/puppet/indirector/file_metadata/rest.rb +52 -0
data/lib/puppet/indirector/json.rb +1 -1
data/lib/puppet/indirector/msgpack.rb +1 -1
data/lib/puppet/indirector/node/rest.rb +24 -0
data/lib/puppet/indirector/report/rest.rb +19 -0
data/lib/puppet/indirector/report/yaml.rb +23 -0
data/lib/puppet/indirector/rest.rb +12 -0
data/lib/puppet/indirector/status/rest.rb +18 -0
data/lib/puppet/loaders.rb +6 -0
data/lib/puppet/metatype/manager.rb +80 -80
data/lib/puppet/network/http/base_pool.rb +19 -1
data/lib/puppet/network/http/compression.rb +7 -0
data/lib/puppet/network/http/connection.rb +6 -0
data/lib/puppet/network/http/connection_adapter.rb +182 -0
data/lib/puppet/network/http/nocache_pool.rb +2 -0
data/lib/puppet/network/http/pool.rb +13 -6
data/lib/puppet/network/http_pool.rb +2 -1
data/lib/puppet/node/environment.rb +24 -8
data/lib/puppet/pal/catalog_compiler.rb +5 -0
data/lib/puppet/pal/pal_impl.rb +9 -29
data/lib/puppet/parser/ast/pops_bridge.rb +6 -11
data/lib/puppet/parser/compiler.rb +42 -32
data/lib/puppet/parser/functions.rb +18 -13
data/lib/puppet/parser/functions/epp.rb +3 -3
data/lib/puppet/parser/functions/filter.rb +1 -0
data/lib/puppet/parser/functions/inline_epp.rb +5 -5
data/lib/puppet/pops/evaluator/access_operator.rb +2 -2
data/lib/puppet/pops/evaluator/evaluator_impl.rb +1 -1
data/lib/puppet/pops/evaluator/runtime3_support.rb +1 -1
data/lib/puppet/pops/loader/puppet_plan_instantiator.rb +12 -3
data/lib/puppet/pops/loaders.rb +7 -5
data/lib/puppet/pops/lookup/invocation.rb +10 -3
data/lib/puppet/pops/model/pn_transformer.rb +5 -9
data/lib/puppet/pops/parser/evaluating_parser.rb +8 -11
data/lib/puppet/pops/serialization/json_path.rb +3 -3
data/lib/puppet/pops/time/timespan.rb +3 -5
data/lib/puppet/pops/types/p_object_type_extension.rb +10 -0
data/lib/puppet/pops/types/string_converter.rb +6 -9
data/lib/puppet/pops/types/type_calculator.rb +30 -10
data/lib/puppet/pops/types/type_formatter.rb +9 -11
data/lib/puppet/pops/types/type_parser.rb +3 -3
data/lib/puppet/pops/validation/checker4_0.rb +1 -1
data/lib/puppet/pops/validation/tasks_checker.rb +5 -1
data/lib/puppet/provider/aix_object.rb +4 -2
data/lib/puppet/provider/group/aix.rb +1 -0
data/lib/puppet/provider/group/groupadd.rb +57 -24
data/lib/puppet/provider/group/windows_adsi.rb +3 -3
data/lib/puppet/provider/package/aix.rb +17 -2
data/lib/puppet/provider/package/apt.rb +78 -4
data/lib/puppet/provider/package/dnfmodule.rb +69 -15
data/lib/puppet/provider/package/dpkg.rb +14 -7
data/lib/puppet/provider/package/fink.rb +20 -3
data/lib/puppet/provider/package/gem.rb +41 -7
data/lib/puppet/provider/package/openbsd.rb +13 -1
data/lib/puppet/provider/package/pacman.rb +2 -5
data/lib/puppet/provider/package/pip.rb +143 -48
data/lib/puppet/provider/package/pip3.rb +0 -2
data/lib/puppet/provider/package/pkg.rb +18 -5
data/lib/puppet/provider/package/pkgdmg.rb +1 -1
data/lib/puppet/provider/package/pkgng.rb +16 -4
data/lib/puppet/provider/package/portage.rb +5 -5
data/lib/puppet/provider/package/puppet_gem.rb +6 -2
data/lib/puppet/provider/package/rpm.rb +6 -213
data/lib/puppet/provider/package/yum.rb +108 -24
data/lib/puppet/provider/package/zypper.rb +59 -1
data/lib/puppet/provider/package_targetable.rb +5 -4
data/lib/puppet/provider/service/systemd.rb +23 -5
data/lib/puppet/provider/user/aix.rb +1 -0
data/lib/puppet/provider/user/directoryservice.rb +30 -5
data/lib/puppet/provider/user/hpux.rb +1 -1
data/lib/puppet/provider/user/useradd.rb +11 -8
data/lib/puppet/reports/http.rb +13 -9
data/lib/puppet/reports/store.rb +1 -1
data/lib/puppet/resource/type_collection.rb +20 -16
data/lib/puppet/runtime.rb +32 -1
data/lib/puppet/settings.rb +4 -0
data/lib/puppet/settings/http_extra_headers_setting.rb +25 -0
data/lib/puppet/ssl.rb +1 -0
data/lib/puppet/ssl/certificate.rb +2 -1
data/lib/puppet/ssl/host.rb +4 -4
data/lib/puppet/ssl/oids.rb +1 -0
data/lib/puppet/ssl/ssl_provider.rb +20 -0
data/lib/puppet/ssl/state_machine.rb +81 -35
data/lib/puppet/ssl/verifier_adapter.rb +9 -1
data/lib/puppet/test/test_helper.rb +7 -1
data/lib/puppet/transaction.rb +33 -11
data/lib/puppet/transaction/report.rb +2 -2
data/lib/puppet/transaction/resource_harness.rb +1 -1
data/lib/puppet/type.rb +7 -2
data/lib/puppet/type/file.rb +13 -0
data/lib/puppet/type/file/data_sync.rb +5 -1
data/lib/puppet/type/file/source.rb +49 -58
data/lib/puppet/type/group.rb +5 -4
data/lib/puppet/type/package.rb +102 -10
data/lib/puppet/type/service.rb +6 -8
data/lib/puppet/type/user.rb +6 -30
data/lib/puppet/util.rb +34 -11
data/lib/puppet/util/at_fork.rb +1 -1
data/lib/puppet/util/autoload.rb +4 -18
data/lib/puppet/util/instance_loader.rb +14 -10
data/lib/puppet/util/log/destinations.rb +2 -11
data/lib/puppet/util/logging.rb +30 -18
data/lib/puppet/util/package/version/debian.rb +175 -0
data/lib/puppet/util/package/version/gem.rb +15 -0
data/lib/puppet/util/package/version/pip.rb +167 -0
data/lib/puppet/util/package/version/range.rb +53 -0
data/lib/puppet/util/package/version/range/eq.rb +14 -0
data/lib/puppet/util/package/version/range/gt.rb +14 -0
data/lib/puppet/util/package/version/range/gt_eq.rb +14 -0
data/lib/puppet/util/package/version/range/lt.rb +14 -0
data/lib/puppet/util/package/version/range/lt_eq.rb +14 -0
data/lib/puppet/util/package/version/range/min_max.rb +21 -0
data/lib/puppet/util/package/version/range/simple.rb +11 -0
data/lib/puppet/util/package/version/rpm.rb +73 -0
data/lib/puppet/util/pidlock.rb +36 -10
data/lib/puppet/util/platform.rb +5 -0
data/lib/puppet/util/plist.rb +6 -0
data/lib/puppet/util/rpm_compare.rb +193 -0
data/lib/puppet/util/storage.rb +0 -1
data/lib/puppet/util/windows/adsi.rb +50 -20
data/lib/puppet/util/windows/process.rb +15 -14
data/lib/puppet/util/windows/security.rb +1 -0
data/lib/puppet/util/windows/sid.rb +3 -3
data/lib/puppet/util/yaml.rb +1 -1
data/lib/puppet/version.rb +1 -1
data/lib/puppet/x509/cert_provider.rb +9 -5
data/locales/puppet.pot +640 -521
data/man/man5/puppet.conf.5 +88 -9
data/man/man8/puppet-agent.8 +6 -6
data/man/man8/puppet-apply.8 +1 -1
data/man/man8/puppet-catalog.8 +1 -1
data/man/man8/puppet-config.8 +1 -1
data/man/man8/puppet-describe.8 +1 -1
data/man/man8/puppet-device.8 +2 -2
data/man/man8/puppet-doc.8 +1 -1
data/man/man8/puppet-epp.8 +1 -1
data/man/man8/puppet-facts.8 +1 -1
data/man/man8/puppet-filebucket.8 +17 -2
data/man/man8/puppet-generate.8 +1 -1
data/man/man8/puppet-help.8 +6 -3
data/man/man8/puppet-key.8 +1 -1
data/man/man8/puppet-lookup.8 +1 -1
data/man/man8/puppet-man.8 +1 -1
data/man/man8/puppet-module.8 +4 -1
data/man/man8/puppet-node.8 +1 -1
data/man/man8/puppet-parser.8 +1 -1
data/man/man8/puppet-plugin.8 +1 -1
data/man/man8/puppet-report.8 +1 -1
data/man/man8/puppet-resource.8 +1 -1
data/man/man8/puppet-script.8 +1 -1
data/man/man8/puppet-ssl.8 +2 -2
data/man/man8/puppet-status.8 +1 -1
data/man/man8/puppet.8 +2 -2
data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +67 -0
data/spec/fixtures/ssl/unknown-127.0.0.1.pem +48 -0
data/spec/fixtures/ssl/unknown-ca-key.pem +67 -0
data/spec/fixtures/ssl/unknown-ca.pem +59 -0
data/spec/fixtures/unit/forge/bacula.json +76 -0
data/spec/fixtures/unit/provider/package/dnfmodule/{dnf-module-list-installed.txt → dnf-module-list.txt} +8 -0
data/spec/fixtures/unit/provider/package/pkgng/pkg.version +2 -0
data/spec/fixtures/unit/provider/package/yum/yum-check-update-subscription-manager.txt +9 -0
data/spec/fixtures/unit/provider/package/zypper/zypper-search-uninstalled.out +13 -0
data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services +9 -0
data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_md5/should_fetch_if_not_on_the_local_disk.yml +1 -102
data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_md5/should_not_update_if_content_on_disk_is_up-to-date.yml +1 -106
data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_md5/should_update_if_content_differs_on_disk.yml +1 -106
data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_mtime/should_fetch_if_mtime_is_older_on_disk.yml +1 -102
data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_mtime/should_fetch_if_no_header_specified.yml +1 -98
data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_mtime/should_fetch_if_not_on_the_local_disk.yml +1 -102
data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_mtime/should_not_update_if_mtime_is_newer_on_disk.yml +1 -102
data/spec/integration/application/agent_spec.rb +394 -0
data/spec/integration/application/apply_spec.rb +132 -3
data/spec/integration/application/filebucket_spec.rb +190 -0
data/spec/integration/application/plugin_spec.rb +73 -0
data/spec/integration/configurer_spec.rb +26 -7
data/spec/integration/http/client_spec.rb +154 -0
data/spec/integration/indirector/facts/facter_spec.rb +4 -0
data/spec/integration/indirector/report/yaml.rb +83 -0
data/spec/integration/module_tool/forge_spec.rb +51 -0
data/spec/integration/network/http_pool_spec.rb +76 -20
data/spec/integration/node/environment_spec.rb +15 -0
data/spec/integration/util/windows/adsi_spec.rb +6 -1
data/spec/lib/puppet/test_ca.rb +2 -2
data/spec/lib/puppet_spec/https.rb +20 -9
data/spec/lib/puppet_spec/puppetserver.rb +119 -0
data/spec/shared_contexts/https.rb +29 -0
data/spec/spec_helper.rb +6 -2
data/spec/unit/agent_spec.rb +80 -26
data/spec/unit/application/agent_spec.rb +9 -5
data/spec/unit/application/apply_spec.rb +2 -12
data/spec/unit/application/describe_spec.rb +88 -50
data/spec/unit/application/device_spec.rb +2 -2
data/spec/unit/application/filebucket_spec.rb +22 -2
data/spec/unit/application/resource_spec.rb +2 -2
data/spec/unit/concurrent/lock_spec.rb +29 -0
data/spec/unit/configurer/fact_handler_spec.rb +0 -4
data/spec/unit/configurer/plugin_handler_spec.rb +36 -19
data/spec/unit/configurer_spec.rb +400 -406
data/spec/unit/context/trusted_information_spec.rb +17 -0
data/spec/unit/daemon_spec.rb +5 -64
data/spec/unit/defaults_spec.rb +38 -4
data/spec/unit/environments_spec.rb +65 -28
data/spec/unit/face/facts_spec.rb +24 -20
data/spec/unit/face/module/search_spec.rb +17 -0
data/spec/unit/face/plugin_spec.rb +12 -10
data/spec/unit/file_system/uniquefile_spec.rb +11 -0
data/spec/unit/file_system_spec.rb +26 -2
data/spec/unit/forge/errors_spec.rb +1 -1
data/spec/unit/forge/forge_spec.rb +12 -54
data/spec/unit/forge/module_release_spec.rb +19 -6
data/spec/unit/forge/repository_spec.rb +63 -157
data/spec/unit/forge_spec.rb +46 -116
data/spec/unit/functions/find_template_spec.rb +69 -0
data/spec/unit/functions/lookup_spec.rb +13 -0
data/spec/unit/http/client_spec.rb +395 -27
data/spec/unit/http/external_client_spec.rb +201 -0
data/spec/unit/http/resolver_spec.rb +81 -12
data/spec/unit/http/response_spec.rb +69 -0
data/spec/unit/http/service/ca_spec.rb +100 -7
data/spec/unit/http/service/compiler_spec.rb +627 -0
data/spec/unit/http/service/file_server_spec.rb +308 -0
data/spec/unit/http/service/report_spec.rb +118 -0
data/spec/unit/http/service_spec.rb +117 -4
data/spec/unit/http/session_spec.rb +237 -19
data/spec/unit/indirector/catalog/compiler_spec.rb +47 -29
data/spec/unit/indirector/catalog/rest_spec.rb +59 -2
data/spec/unit/indirector/facts/rest_spec.rb +79 -24
data/spec/unit/indirector/file_bucket_file/rest_spec.rb +82 -2
data/spec/unit/indirector/file_content/rest_spec.rb +53 -2
data/spec/unit/indirector/file_metadata/http_spec.rb +167 -0
data/spec/unit/indirector/file_metadata/rest_spec.rb +110 -2
data/spec/unit/indirector/node/rest_spec.rb +57 -2
data/spec/unit/indirector/report/rest_spec.rb +58 -51
data/spec/unit/indirector/resource/ral_spec.rb +7 -8
data/spec/unit/indirector/rest_spec.rb +13 -0
data/spec/unit/indirector/status/rest_spec.rb +43 -2
data/spec/unit/network/http/connection_spec.rb +549 -176
data/spec/unit/network/http/nocache_pool_spec.rb +25 -3
data/spec/unit/network/http/pool_spec.rb +89 -11
data/spec/unit/network/http_pool_spec.rb +63 -57
data/spec/unit/network/http_spec.rb +1 -1
data/spec/unit/node/environment_spec.rb +16 -0
data/spec/unit/node/facts_spec.rb +2 -1
data/spec/unit/node_spec.rb +7 -4
data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +8 -3
data/spec/unit/pops/serialization/to_from_hr_spec.rb +6 -1
data/spec/unit/pops/validator/validator_spec.rb +7 -2
data/spec/unit/provider/aix_object_spec.rb +16 -2
data/spec/unit/provider/group/groupadd_spec.rb +181 -56
data/spec/unit/provider/group/windows_adsi_spec.rb +43 -10
data/spec/unit/provider/package/aix_spec.rb +29 -0
data/spec/unit/provider/package/apt_spec.rb +43 -2
data/spec/unit/provider/package/aptitude_spec.rb +1 -0
data/spec/unit/provider/package/dnfmodule_spec.rb +76 -15
data/spec/unit/provider/package/dpkg_spec.rb +28 -6
data/spec/unit/provider/package/gem_spec.rb +40 -0
data/spec/unit/provider/package/openbsd_spec.rb +17 -0
data/spec/unit/provider/package/pacman_spec.rb +6 -21
data/spec/unit/provider/package/pip_spec.rb +68 -19
data/spec/unit/provider/package/pkg_spec.rb +15 -1
data/spec/unit/provider/package/pkgdmg_spec.rb +1 -1
data/spec/unit/provider/package/pkgng_spec.rb +38 -0
data/spec/unit/provider/package/portage_spec.rb +9 -4
data/spec/unit/provider/package/puppet_gem_spec.rb +8 -0
data/spec/unit/provider/package/rpm_spec.rb +0 -212
data/spec/unit/provider/package/yum_spec.rb +292 -0
data/spec/unit/provider/package/zypper_spec.rb +84 -0
data/spec/unit/provider/package_targetable_spec.rb +60 -0
data/spec/unit/provider/service/init_spec.rb +1 -0
data/spec/unit/provider/service/openbsd_spec.rb +9 -0
data/spec/unit/provider/service/openwrt_spec.rb +1 -0
data/spec/unit/provider/service/redhat_spec.rb +9 -0
data/spec/unit/provider/service/systemd_spec.rb +92 -12
data/spec/unit/provider/user/directoryservice_spec.rb +41 -0
data/spec/unit/provider/user/hpux_spec.rb +2 -2
data/spec/unit/provider/user/useradd_spec.rb +21 -8
data/spec/unit/provider/user/windows_adsi_spec.rb +3 -3
data/spec/unit/puppet_pal_2pec.rb +0 -26
data/spec/unit/puppet_pal_catalog_spec.rb +46 -0
data/spec/unit/puppet_spec.rb +47 -0
data/spec/unit/reports/http_spec.rb +70 -52
data/spec/unit/settings/autosign_setting_spec.rb +1 -1
data/spec/unit/settings/http_extra_headers_spec.rb +64 -0
data/spec/unit/ssl/certificate_spec.rb +7 -0
data/spec/unit/ssl/host_spec.rb +4 -2
data/spec/unit/ssl/oids_spec.rb +1 -0
data/spec/unit/ssl/ssl_provider_spec.rb +71 -0
data/spec/unit/ssl/state_machine_spec.rb +99 -13
data/spec/unit/transaction/persistence_spec.rb +1 -10
data/spec/unit/transaction/report_spec.rb +4 -0
data/spec/unit/transaction_spec.rb +45 -1
data/spec/unit/type/file/content_spec.rb +9 -3
data/spec/unit/type/file/ensure_spec.rb +1 -2
data/spec/unit/type/file/source_spec.rb +86 -35
data/spec/unit/type/package_spec.rb +8 -0
data/spec/unit/type/service_spec.rb +9 -8
data/spec/unit/type/user_spec.rb +1 -2
data/spec/unit/util/at_fork_spec.rb +3 -2
data/spec/unit/util/autoload_spec.rb +2 -1
data/spec/unit/util/log/destinations_spec.rb +1 -29
data/spec/unit/util/log_spec.rb +0 -138
data/spec/unit/util/logging_spec.rb +200 -0
data/spec/unit/util/package/version/debian_spec.rb +83 -0
data/spec/unit/util/package/version/pip_spec.rb +464 -0
data/spec/unit/util/package/version/range_spec.rb +175 -0
data/spec/unit/util/package/version/rpm_spec.rb +121 -0
data/spec/unit/util/pidlock_spec.rb +112 -42
data/spec/unit/util/plist_spec.rb +20 -0
data/spec/unit/util/rpm_compare_spec.rb +196 -0
data/spec/unit/util/storage_spec.rb +1 -8
data/spec/unit/util/windows/adsi_spec.rb +55 -4
data/spec/unit/util/windows/sid_spec.rb +2 -2
data/spec/unit/x509/cert_provider_spec.rb +24 -4
data/tasks/generate_cert_fixtures.rake +15 -1
data/tasks/manpages.rake +6 -35
metadata +92 -12
data/COMMITTERS.md +0 -244
data/spec/integration/faces/plugin_spec.rb +0 -61
data/spec/lib/puppet_spec/validators.rb +0 -37

data/lib/puppet/functions/call.rb CHANGED

@@ -51,7 +51,7 @@
 #
 # Would notice the value of `$facts['processors']['count']` at the time when the `call` is made.
 #
-# * Deferred values supported since Puppet 5.6.0
+# * Deferred values supported since Puppet 6.0
 #
 # @since 5.0.0
 #

data/lib/puppet/functions/camelcase.rb CHANGED

@@ -23,8 +23,8 @@
 #
 # @example Camelcase of strings in an Array
 # ```puppet
-# ['abc_def', 'bcd_xyz'].capitalize()
-# capitalize(['abc_def', 'bcd_xyz'])
+# ['abc_def', 'bcd_xyz'].camelcase()
+# camelcase(['abc_def', 'bcd_xyz'])
 # ```
 # Would both result in `['AbcDef', 'BcdXyz']`
 #

data/lib/puppet/functions/epp.rb CHANGED

@@ -6,12 +6,12 @@
 # The first argument to this function should be a `<MODULE NAME>/<TEMPLATE FILE>`
 # reference, which loads `<TEMPLATE FILE>` from `<MODULE NAME>`'s `templates`
 # directory. In most cases, the last argument is optional; if used, it should be a
-# [hash](/puppet/latest/reference/lang_data_hash.html) that contains parameters to
+# [hash](https://puppet.com/docs/puppet/latest/lang_data_hash.html) that contains parameters to
 # pass to the template.
 #
-# - See the [template](/puppet/latest/reference/lang_template.html) documentation
-# for general template usage information.
-# - See the [EPP syntax](/puppet/latest/reference/lang_template_epp.html)
+# - See the [template](https://puppet.com/docs/puppet/latest/lang_template.html)
+# documentation for general template usage information.
+# - See the [EPP syntax](https://puppet.com/docs/puppet/latest/lang_template_epp.html)
 # documentation for examples of EPP.
 #
 # For example, to call the apache module's `templates/vhost/_docroot.epp`

data/lib/puppet/functions/eyaml_lookup_key.rb CHANGED

@@ -39,7 +39,7 @@ Puppet::Functions.create_function(:eyaml_lookup_key) do
       context.cache(nil, raw_data)
     end
     context.not_found unless raw_data.include?(key)
-    context.cache(key, decrypt_value(raw_data[key], context, options))
+    context.cache(key, decrypt_value(raw_data[key], context, options, key))
   end
   def load_data_hash(options, context)
@@ -62,22 +62,22 @@ Puppet::Functions.create_function(:eyaml_lookup_key) do
     end
   end
-  def decrypt_value(value, context, options)
+  def decrypt_value(value, context, options, key)
     case value
     when String
-      decrypt(value, context, options)
+      decrypt(value, context, options, key)
     when Hash
       result = {}
-      value.each_pair { |k, v| result[context.interpolate(k)] = decrypt_value(v, context, options) }
+      value.each_pair { |k, v| result[context.interpolate(k)] = decrypt_value(v, context, options, key) }
       result
     when Array
-      value.map { |v| decrypt_value(v, context, options) }
+      value.map { |v| decrypt_value(v, context, options, key) }
     else
       value
     end
   end
-  def decrypt(data, context, options)
+  def decrypt(data, context, options, key)
     if encrypted?(data)
       # Options must be set prior to each call to #parse since they end up as static variables in
       # the Options class. They cannot be set once before #decrypt_value is called, since each #decrypt
@@ -85,8 +85,13 @@ Puppet::Functions.create_function(:eyaml_lookup_key) do
       # config.
       #
       Hiera::Backend::Eyaml::Options.set(options)
-      tokens = Hiera::Backend::Eyaml::Parser::ParserFactory.hiera_backend_parser.parse(data)
-      data = tokens.map(&:to_plain_text).join.chomp
+      begin
+        tokens = Hiera::Backend::Eyaml::Parser::ParserFactory.hiera_backend_parser.parse(data)
+        data = tokens.map(&:to_plain_text).join.chomp
+      rescue StandardError => ex
+        raise Puppet::DataBinding::LookupError,
+          _("hiera-eyaml backend error decrypting %{data} when looking up %{key} in %{path}. Error was %{message}") % { data: data, key: key, path: options['path'], message: ex.message }
+      end
     end
     context.interpolate(data)
   end

data/lib/puppet/functions/filter.rb CHANGED

@@ -38,6 +38,7 @@
 # $data = { "orange" => 0, "blueberry" => 1, "raspberry" => 2 }
 # $filtered_data = $data.filter |$items| { $items[0] =~ /berry$/ }
 # # $filtered_data = {blueberry => 1, raspberry => 2}
+# ```
 #
 # When the first argument is an array and the lambda has two parameters, Puppet passes the
 # array's indexes (enumerated from 0) in the first parameter and its values in the second

data/lib/puppet/functions/find_file.rb CHANGED

@@ -1,19 +1,19 @@
 # Finds an existing file from a module and returns its path.
 #
-# The argument to this function should be a String as a `<MODULE NAME>/<FILE>`
-# reference, which will search for `<FILE>` relative to a module's `files`
+# This function accepts an argument that is a String as a `<MODULE NAME>/<FILE>`
+# reference, which searches for `<FILE>` relative to a module's `files`
 # directory. (For example, the reference `mysql/mysqltuner.pl` will search for the
 # file `<MODULES DIRECTORY>/mysql/files/mysqltuner.pl`.)
 #
 # This function can also accept:
-#
-# * An absolute String path, which will check for the existence of a file from anywhere on disk.
-# * Multiple String arguments, which will return the path of the **first** file
-#   found, skipping non existing files.
-# * An array of string paths, which will return the path of the **first** file
-#   found from the given paths in the array, skipping non existing files.
 #
-# The function returns `undef` if none of the given paths were found
+# * An absolute String path, which checks for the existence of a file from anywhere on disk.
+# * Multiple String arguments, which returns the path of the **first** file
+#   found, skipping nonexistent files.
+# * An array of string paths, which returns the path of the **first** file
+#   found from the given paths in the array, skipping nonexistent files.
+#
+# The function returns `undef` if none of the given paths were found.
 #
 # @since 4.8.0
 #

data/lib/puppet/functions/find_template.rb ADDED

@@ -0,0 +1,63 @@
+# Finds an existing template from a module and returns its path.
+#
+# This function accepts an argument that is a String as a `<MODULE NAME>/<TEMPLATE>`
+# reference, which searches for `<TEMPLATE>` relative to a module's `templates`
+# directory on the master. (For example, the reference `mymod/secret.conf.epp`
+# will search for the file `<MODULES DIRECTORY>/mymod/templates/secret.conf.epp`.)
+#
+# The primary use case is for agent-side template rendering with late-bound variables
+# resolved, such as from secret stores inaccessible to the master, such as
+#
+# ```
+# $variables = {
+#   'password' => Deferred('vault_lookup::lookup',
+#                   ['secret/mymod', 'https://vault.example.com:8200']),
+# }
+#
+# # compile the template source into the catalog
+# file { '/etc/secrets.conf':
+#   ensure  => file,
+#   content => Deferred('inline_epp',
+#                [find_template('mymod/secret.conf.epp').file, $variables]),
+# }
+# ```
+#
+#
+#
+# This function can also accept:
+#
+# * An absolute String path, which checks for the existence of a template from anywhere on disk.
+# * Multiple String arguments, which returns the path of the **first** template
+#   found, skipping nonexistent files.
+# * An array of string paths, which returns the path of the **first** template
+#   found from the given paths in the array, skipping nonexistent files.
+#
+# The function returns `undef` if none of the given paths were found.
+#
+# @since 6.x
+#
+Puppet::Functions.create_function(:find_template, Puppet::Functions::InternalFunction) do
+  dispatch :find_template do
+    scope_param
+    repeated_param 'String', :paths
+  end
+  dispatch :find_template_array do
+    scope_param
+    repeated_param 'Array[String]', :paths_array
+  end
+  def find_template_array(scope, array)
+    find_template(scope, *array)
+  end
+  def find_template(scope, *args)
+    args.each do |file|
+      found = Puppet::Parser::Files.find_template(file, scope.compiler.environment)
+      if found && Puppet::FileSystem.exist?(found)
+        return found
+      end
+    end
+    nil
+  end
+end

data/lib/puppet/functions/inline_epp.rb CHANGED

@@ -5,12 +5,12 @@
 #
 # The first argument to this function should be a string containing an EPP
 # template. In most cases, the last argument is optional; if used, it should be a
-# [hash](/puppet/latest/reference/lang_data_hash.html) that contains parameters to
+# [hash](https://puppet.com/docs/puppet/latest/lang_data_hash.html) that contains parameters to
 # pass to the template.
 #
-# - See the [template](/puppet/latest/reference/lang_template.html) documentation
-# for general template usage information.
-# - See the [EPP syntax](/puppet/latest/reference/lang_template_epp.html)
+# - See the [template](https://puppet.com/docs/puppet/latest/lang_template.html)
+# documentation for general template usage information.
+# - See the [EPP syntax](https://puppet.com/docs/puppet/latest/lang_template_epp.html)
 # documentation for examples of EPP.
 #
 # For example, to evaluate an inline EPP template and pass it the `docroot` and
@@ -28,7 +28,7 @@
 # `inline_epp` function fails to pass any required parameter.
 #
 # An inline EPP template should be written as a single-quoted string or
-# [heredoc](/puppet/latest/reference/lang_data_string.html#heredocs).
+# [heredoc](https://puppet.com/docs/puppet/latest/lang_data_string.html#heredocs).
 # A double-quoted string is subject to expression interpolation before the string
 # is parsed as an EPP template.
 #

data/lib/puppet/functions/reduce.rb CHANGED

@@ -39,11 +39,9 @@
 # values to the lambda.
 #
 # Puppet calls the lambda for each of the data structure's remaining values. For each
-# call, it passes the result of the previous call as the first parameter ($memo in the
+# call, it passes the result of the previous call as the first parameter (`$memo` in the
 # above examples) and the next value from the data structure as the second parameter
-# ($value).
-#
-# If the structure has one value, Puppet returns the value and does not call the lambda.
+# (`$value`).
 #
 # @example Using the `reduce` function
 #

data/lib/puppet/http.rb CHANGED

@@ -11,19 +11,26 @@ module Puppet
     end
   end
+  # @api private
   module HTTP
     ACCEPT_ENCODING = "gzip;q=1.0,deflate;q=0.6,identity;q=0.3".freeze
+    HEADER_PUPPET_VERSION = "X-Puppet-Version".freeze
     require 'puppet/http/errors'
     require 'puppet/http/response'
     require 'puppet/http/service'
     require 'puppet/http/service/ca'
+    require 'puppet/http/service/compiler'
+    require 'puppet/http/service/file_server'
+    require 'puppet/http/service/report'
     require 'puppet/http/session'
     require 'puppet/http/resolver'
+    require 'puppet/http/resolver/server_list'
     require 'puppet/http/resolver/settings'
     require 'puppet/http/resolver/srv'
     require 'puppet/http/client'
     require 'puppet/http/redirector'
     require 'puppet/http/retry_after_handler'
+    require 'puppet/http/external_client'
   end
 end

data/lib/puppet/http/client.rb CHANGED

@@ -1,98 +1,323 @@
+#
+# @api private
+#
+# The client contains a pool of persistent HTTP connections and creates HTTP
+# sessions.
+#
 class Puppet::HTTP::Client
-  def initialize(pool: Puppet::Network::HTTP::Pool.new, ssl_context: nil, redirect_limit: 10, retry_limit: 100)
+  # @api private
+  # @return [Puppet::Network::HTTP::Pool] the pool instance associated with
+  #   this client
+  attr_reader :pool
+  #
+  # @api private
+  #
+  # Create a new http client instance. The client contains a pool of persistent
+  # HTTP connections and creates HTTP sessions.
+  #
+  # @param [Puppet::Network::HTTP::Pool] pool pool of persistent Net::HTTP
+  #   connections
+  # @param [Puppet::SSL::SSLContext] ssl_context ssl context to be used for
+  #   connections
+  # @param [Puppet::SSL::SSLContext] system_ssl_context the system ssl context
+  #   used if :include_system_store is set to true
+  # @param [Integer] redirect_limit default number of HTTP redirections to allow
+  #   in a given request. Can also be specified per-request.
+  # @param [Integer] retry_limit number of HTTP reties allowed in a given
+  #   request
+  #
+  def initialize(pool: Puppet::Network::HTTP::Pool.new(Puppet[:http_keepalive_timeout]), ssl_context: nil, system_ssl_context: nil, redirect_limit: 10, retry_limit: 100)
     @pool = pool
     @default_headers = {
       'X-Puppet-Version' => Puppet.version,
       'User-Agent' => Puppet[:http_user_agent],
     }.freeze
     @default_ssl_context = ssl_context
-    @redirector = Puppet::HTTP::Redirector.new(redirect_limit)
+    @default_system_ssl_context = system_ssl_context
+    @default_redirect_limit = redirect_limit
     @retry_after_handler = Puppet::HTTP::RetryAfterHandler.new(retry_limit, Puppet[:runinterval])
-    @resolvers = build_resolvers
   end
+  #
+  # @api private
+  #
+  # Create a new HTTP session. A session is the object through which services
+  # may be connected to and accessed.
+  #
+  # @return [Puppet::HTTP::Session] the newly created HTTP session
+  #
   def create_session
-    Puppet::HTTP::Session.new(self, @resolvers)
+    Puppet::HTTP::Session.new(self, build_resolvers)
   end
-  def connect(uri, ssl_context: nil, &block)
-    ctx = ssl_context ? ssl_context : default_ssl_context
+  #
+  # @api private
+  #
+  # Open a connection to the given URI
+  #
+  # @param [URI] uri the connection destination
+  # @param [Hash] options
+  # @option options [Puppet::SSL::SSLContext] :ssl_context (nil) ssl context to
+  #   be used for connections
+  # @option options [Boolean] :include_system_store (false) if we should include
+  #   the system store for connection
+  #
+  # @yield [Net::HTTP] If a block is given, yields an active http connection
+  #   from the pool
+  #
+  def connect(uri, options: {}, &block)
+    start = Time.now
+    verifier = nil
+    connected = false
     site = Puppet::Network::HTTP::Site.from_uri(uri)
-    verifier = Puppet::SSL::Verifier.new(site.host, ctx)
+    if site.use_ssl?
+      ssl_context = options.fetch(:ssl_context, nil)
+      include_system_store = options.fetch(:include_system_store, false)
+      ctx = resolve_ssl_context(ssl_context, include_system_store)
+      verifier = Puppet::SSL::Verifier.new(site.host, ctx)
+    end
     @pool.with_connection(site, verifier) do |http|
+      connected = true
       if block_given?
-        handle_post_connect(uri, http, &block)
+        yield http
       end
     end
+  rescue Net::OpenTimeout => e
+    raise_error(_("Request to %{uri} timed out connect operation after %{elapsed} seconds") % {uri: uri, elapsed: elapsed(start)}, e, connected)
+  rescue Net::ReadTimeout => e
+    raise_error(_("Request to %{uri} timed out read operation after %{elapsed} seconds") % {uri: uri, elapsed: elapsed(start)}, e, connected)
+  rescue EOFError => e
+    raise_error(_("Request to %{uri} interrupted after %{elapsed} seconds") % {uri: uri, elapsed: elapsed(start)}, e, connected)
+  rescue Puppet::SSL::SSLError
+    raise
   rescue Puppet::HTTP::HTTPError
     raise
   rescue => e
-    raise Puppet::HTTP::ConnectionError.new(_("Failed to connect to %{uri}: %{message}") % {uri: uri, message: e.message}, e)
+    raise_error(_("Request to %{uri} failed after %{elapsed} seconds: %{message}") %
+                {uri: uri, elapsed: elapsed(start), message: e.message}, e, connected)
   end
-  def get(url, headers: {}, params: {}, ssl_context: nil, user: nil, password: nil, &block)
-    query = encode_params(params)
-    unless query.empty?
-      url = url.dup
-      url.query = query
-    end
+  #
+  # @api private
+  #
+  # Submits a GET HTTP request to the given url
+  #
+  # @param [URI] url the location to submit the http request
+  # @param [Hash] headers merged with the default headers defined by the client
+  # @param [Hash] params encoded and set as the url query
+  # @param [Hash] options passed through to the request execution
+  # @option options [Puppet::SSL::SSLContext] :ssl_context (nil) ssl context to
+  #   be used for connections
+  # @option options [Boolean] :include_system_store (false) if we should include
+  #   the system store for connection
+  # @param options [Integer] :redirect_limit number of HTTP redirections to allow
+  #   for this request.
+  #
+  # @yield [Puppet::HTTP::Response] if a block is given yields the response
+  #
+  # @return [String] if a block is not given, returns the response body
+  #
+  def get(url, headers: {}, params: {}, options: {}, &block)
+    url = encode_query(url, params)
     request = Net::HTTP::Get.new(url, @default_headers.merge(headers))
-    execute_streaming(request, ssl_context: ssl_context, user: user, password: password) do |response|
+    execute_streaming(request, options: options) do |response|
       if block_given?
         yield response
       else
-        response.read_body
+        response.body
       end
     end
   end
-  def put(url, headers: {}, params: {}, content_type:, body:, ssl_context: nil, user: nil, password: nil)
-    query = encode_params(params)
-    unless query.empty?
-      url = url.dup
-      url.query = query
+  #
+  # @api private
+  #
+  # Submits a HEAD HTTP request to the given url
+  #
+  # @param [URI] url the location to submit the http request
+  # @param [Hash] headers merged with the default headers defined by the client
+  # @param [Hash] params encoded and set as the url query
+  # @param [Hash] options passed through to the request execution
+  # @option options [Puppet::SSL::SSLContext] :ssl_context (nil) ssl context to
+  #   be used for connections
+  # @option options [Boolean] :include_system_store (false) if we should include
+  #   the system store for connection
+  # @param options [Integer] :redirect_limit number of HTTP redirections to allow
+  #   for this request.
+  #
+  # @return [String] the body of the request response
+  #
+  def head(url, headers: {}, params: {}, options: {})
+    url = encode_query(url, params)
+    request = Net::HTTP::Head.new(url, @default_headers.merge(headers))
+    execute_streaming(request, options: options) do |response|
+      response.body
     end
+  end
+  #
+  # @api private
+  #
+  # Submits a PUT HTTP request to the given url
+  #
+  # @param [URI] url the location to submit the http request
+  # @param [String] body the body of the PUT request
+  # @param [Hash] headers merged with the default headers defined by the client
+  # @param [Hash] params encoded and set as the url query
+  # @param [Hash] options passed through to the request execution
+  # @option options [String] :content_type the type of the body content
+  # @option options [Puppet::SSL::SSLContext] :ssl_context (nil) ssl context to
+  #   be used for connections
+  # @option options [Boolean] :include_system_store (false) if we should include
+  #   the system store for connection
+  # @param options [Integer] :redirect_limit number of HTTP redirections to allow
+  #   for this request.
+  #
+  # @return [String] the body of the request response
+  #
+  def put(url, body, headers: {}, params: {}, options: {})
+    raise ArgumentError, "'put' requires a string 'body' argument" unless body.is_a?(String)
+    url = encode_query(url, params)
     request = Net::HTTP::Put.new(url, @default_headers.merge(headers))
     request.body = body
-    request['Content-Length'] = body.bytesize
-    request['Content-Type'] = content_type
+    request.content_length = body.bytesize
-    execute_streaming(request, ssl_context: ssl_context, user: user, password: password) do |response|
-      response.read_body
+    raise ArgumentError, "'put' requires a 'content-type' header" unless request['Content-Type']
+    execute_streaming(request, options: options) do |response|
+      response.body
     end
   end
+  #
+  # @api private
+  #
+  # Submits a POST HTTP request to the given url
+  #
+  # @param [URI] url the location to submit the http request
+  # @param [String] body the body of the POST request
+  # @param [Hash] headers merged with the default headers defined by the client
+  # @param [Hash] params encoded and set as the url query
+  # @param [Hash] options passed through to the request execution
+  # @option options [String] :content_type the type of the body content
+  # @option options [Puppet::SSL::SSLContext] :ssl_context (nil) ssl context to
+  #   be used for connections
+  # @option options [Boolean] :include_system_store (false) if we should include
+  #   the system store for connection
+  # @param options [Integer] :redirect_limit number of HTTP redirections to allow
+  #   for this request.
+  #
+  # @return [String] the body of the request response
+  #
+  def post(url, body, headers: {}, params: {}, options: {}, &block)
+    raise ArgumentError, "'post' requires a string 'body' argument" unless body.is_a?(String)
+    url = encode_query(url, params)
+    request = Net::HTTP::Post.new(url, @default_headers.merge(headers))
+    request.body = body
+    request.content_length = body.bytesize
+    raise ArgumentError, "'post' requires a 'content-type' header" unless request['Content-Type']
+    execute_streaming(request, options: options) do |response|
+      if block_given?
+        yield response
+      else
+        response.body
+      end
+    end
+  end
+  #
+  # @api private
+  #
+  # Submits a DELETE HTTP request to the given url
+  #
+  # @param [URI] url the location to submit the http request
+  # @param [Hash] headers merged with the default headers defined by the client
+  # @param [Hash] params encoded and set as the url query
+  # @param [Hash] options options hash passed through to the request execution
+  # @option options [Puppet::SSL::SSLContext] :ssl_context (nil) ssl context to
+  #   be used for connections
+  # @option options [Boolean] :include_system_store (false) if we should include
+  #   the system store for connection
+  # @param options [Integer] :redirect_limit number of HTTP redirections to allow
+  #   for this request.
+  #
+  # @return [String] the body of the request response
+  #
+  def delete(url, headers: {}, params: {}, options: {})
+    url = encode_query(url, params)
+    request = Net::HTTP::Delete.new(url, @default_headers.merge(headers))
+    execute_streaming(request, options: options) do |response|
+      response.body
+    end
+  end
+  #
+  # @api private
+  #
+  # Close persistent connections in the pool
+  #
   def close
     @pool.close
   end
+  protected
+  def encode_query(url, params)
+    return url if params.empty?
+    url = url.dup
+    url.query = encode_params(params)
+    url
+  end
   private
-  def execute_streaming(request, ssl_context:, user: nil, password: nil, &block)
+  def execute_streaming(request, options: {}, &block)
+    redirector = Puppet::HTTP::Redirector.new(options.fetch(:redirect_limit, @default_redirect_limit))
+    basic_auth = options.fetch(:basic_auth, nil)
     redirects = 0
     retries = 0
+    response = nil
+    done = false
-    loop do
-      connect(request.uri, ssl_context: ssl_context) do |http|
-        apply_auth(request, user, password)
+    while !done do
+      connect(request.uri, options: options) do |http|
+        apply_auth(request, basic_auth)
+        # don't call return within the `request` block
         http.request(request) do |nethttp|
-          response = Puppet::HTTP::Response.new(nethttp)
+          response = Puppet::HTTP::Response.new(nethttp, request.uri)
           begin
             Puppet.debug("HTTP #{request.method.upcase} #{request.uri} returned #{response.code} #{response.reason}")
-            if @redirector.redirect?(request, response)
-              request = @redirector.redirect_to(request, response, redirects)
+            if redirector.redirect?(request, response)
+              request = redirector.redirect_to(request, response, redirects)
               redirects += 1
               next
             elsif @retry_after_handler.retry_after?(request, response)
               interval = @retry_after_handler.retry_after_interval(request, response, retries)
               retries += 1
               if interval
+                if http.started?
+                  Puppet.debug("Closing connection for #{Puppet::Network::HTTP::Site.from_uri(request.uri)}")
+                  http.finish
+                end
                 Puppet.warning(_("Sleeping for %{interval} seconds before retrying the request") % { interval: interval })
                 ::Kernel.sleep(interval)
                 next
@@ -104,42 +329,86 @@ class Puppet::HTTP::Client
             response.drain
           end
-          return response
+          done = true
         end
       end
     end
+    response
+  end
+  def expand_into_parameters(data)
+    data.inject([]) do |params, key_value|
+      key, value = key_value
+      expanded_value = case value
+                       when Array
+                         value.collect { |val| [key, val] }
+                       else
+                         [key_value]
+                       end
+      params.concat(expand_primitive_types_into_parameters(expanded_value))
+    end
+  end
+  def expand_primitive_types_into_parameters(data)
+    data.inject([]) do |params, key_value|
+      key, value = key_value
+      case value
+      when nil
+        params
+      when true, false, String, Symbol, Integer, Float
+        params << [key, value]
+      else
+        raise Puppet::HTTP::SerializationError, _("HTTP REST queries cannot handle values of type '%{klass}'") % { klass: value.class }
+      end
+    end
   end
   def encode_params(params)
+    params = expand_into_parameters(params)
     params.map do |key, value|
       "#{key}=#{Puppet::Util.uri_query_encode(value.to_s)}"
     end.join('&')
   end
-  def handle_post_connect(uri, http, &block)
-    start = Time.now
-    yield http
-  rescue Puppet::HTTP::HTTPError
-    raise
-  rescue EOFError => e
-    raise Puppet::HTTP::HTTPError.new(_("Request to %{uri} interrupted after %{elapsed} seconds") % {uri: uri, elapsed: elapsed(start)}, e)
-  rescue Timeout::Error => e
-    raise Puppet::HTTP::HTTPError.new(_("Request to %{uri} timed out after %{elapsed} seconds") % {uri: uri, elapsed: elapsed(start)}, e)
-  rescue => e
-    raise Puppet::HTTP::HTTPError.new(_("Request to %{uri} failed after %{elapsed} seconds: %{message}") % {uri: uri, elapsed: elapsed(start), message: e.message}, e)
-  end
   def elapsed(start)
     (Time.now - start).to_f.round(3)
   end
-  def default_ssl_context
-    @default_ssl_context || Puppet.lookup(:ssl_context)
+  def raise_error(message, cause, connected)
+    if connected
+      raise Puppet::HTTP::HTTPError.new(message, cause)
+    else
+      raise Puppet::HTTP::ConnectionError.new(message, cause)
+    end
+  end
+  def resolve_ssl_context(ssl_context, include_system_store)
+    if ssl_context
+      raise Puppet::HTTP::HTTPError, "The ssl_context and include_system_store parameters are mutually exclusive" if include_system_store
+      ssl_context
+    elsif include_system_store
+      system_ssl_context
+    else
+      @default_ssl_context || Puppet.lookup(:ssl_context)
+    end
+  end
+  def system_ssl_context
+    return @default_system_ssl_context if @default_system_ssl_context
+    cert_provider = Puppet::X509::CertProvider.new
+    cacerts = cert_provider.load_cacerts || []
+    ssl = Puppet::SSL::SSLProvider.new
+    @default_system_ssl_context = ssl.create_system_context(cacerts: cacerts)
   end
-  def apply_auth(request, user, password)
-    if user && password
-      request.basic_auth(user, password)
+  def apply_auth(request, basic_auth)
+    if basic_auth
+      request.basic_auth(basic_auth[:user], basic_auth[:password])
     end
   end
@@ -147,10 +416,28 @@ class Puppet::HTTP::Client
     resolvers = []
     if Puppet[:use_srv_records]
-      resolvers << Puppet::HTTP::Resolver::SRV.new(domain: Puppet[:srv_domain])
+      resolvers << Puppet::HTTP::Resolver::SRV.new(self, domain: Puppet[:srv_domain])
     end
-    resolvers << Puppet::HTTP::Resolver::Settings.new
+    server_list_setting = Puppet.settings.setting(:server_list)
+    if server_list_setting.value && !server_list_setting.value.empty?
+      # use server list to resolve all services
+      services = Puppet::HTTP::Service::SERVICE_NAMES.dup
+      # except if it's been explicitly set
+      if Puppet.settings.set_by_config?(:ca_server)
+        services.delete(:ca)
+      end
+      if Puppet.settings.set_by_config?(:report_server)
+        services.delete(:report)
+      end
+      resolvers << Puppet::HTTP::Resolver::ServerList.new(self, server_list_setting: server_list_setting, default_port: Puppet[:masterport], services: services)
+    end
+    resolvers << Puppet::HTTP::Resolver::Settings.new(self)
     resolvers.freeze
   end
 end