RubyGems - puppet - Versions diffs - 6.12.0-x64-mingw32 → 6.17.0-x64-mingw32 - Mend

puppet 6.12.0-x64-mingw32 → 6.17.0-x64-mingw32

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of puppet might be problematic. Click here for more details.

Files changed (412) hide show

checksums.yaml +4 -4
data/CODEOWNERS +2 -7
data/CONTRIBUTING.md +7 -13
data/Gemfile +4 -2
data/Gemfile.lock +39 -36
data/README.md +18 -25
data/ext/project_data.yaml +1 -1
data/ext/windows/service/daemon.rb +3 -3
data/lib/puppet.rb +52 -13
data/lib/puppet/agent.rb +20 -14
data/lib/puppet/application/agent.rb +26 -17
data/lib/puppet/application/describe.rb +7 -5
data/lib/puppet/application/device.rb +2 -2
data/lib/puppet/application/filebucket.rb +19 -15
data/lib/puppet/application/plugin.rb +1 -0
data/lib/puppet/application/resource.rb +1 -1
data/lib/puppet/application/ssl.rb +4 -4
data/lib/puppet/configurer.rb +65 -69
data/lib/puppet/configurer/plugin_handler.rb +10 -1
data/lib/puppet/confine.rb +1 -1
data/lib/puppet/context/trusted_information.rb +14 -8
data/lib/puppet/daemon.rb +13 -27
data/lib/puppet/defaults.rb +154 -58
data/lib/puppet/environments.rb +27 -20
data/lib/puppet/face/facts.rb +8 -5
data/lib/puppet/face/help.rb +29 -3
data/lib/puppet/face/module/search.rb +5 -0
data/lib/puppet/face/plugin.rb +2 -2
data/lib/puppet/file_serving/http_metadata.rb +14 -2
data/lib/puppet/file_serving/metadata.rb +4 -1
data/lib/puppet/file_serving/terminus_selector.rb +7 -8
data/lib/puppet/file_system/file_impl.rb +14 -10
data/lib/puppet/file_system/memory_file.rb +6 -0
data/lib/puppet/file_system/memory_impl.rb +13 -0
data/lib/puppet/file_system/uniquefile.rb +12 -16
data/lib/puppet/file_system/windows.rb +7 -10
data/lib/puppet/forge.rb +1 -1
data/lib/puppet/forge/cache.rb +1 -1
data/lib/puppet/forge/repository.rb +4 -7
data/lib/puppet/functions/call.rb +1 -1
data/lib/puppet/functions/eyaml_lookup_key.rb +13 -8
data/lib/puppet/functions/filter.rb +1 -0
data/lib/puppet/functions/reduce.rb +2 -4
data/lib/puppet/http.rb +5 -0
data/lib/puppet/http/client.rb +293 -73
data/lib/puppet/http/errors.rb +2 -0
data/lib/puppet/http/external_client.rb +90 -0
data/lib/puppet/http/redirector.rb +43 -7
data/lib/puppet/http/resolver.rb +46 -3
data/lib/puppet/http/resolver/server_list.rb +76 -16
data/lib/puppet/http/resolver/settings.rb +23 -3
data/lib/puppet/http/resolver/srv.rb +29 -3
data/lib/puppet/http/response.rb +87 -1
data/lib/puppet/http/retry_after_handler.rb +39 -0
data/lib/puppet/http/service.rb +151 -7
data/lib/puppet/http/service/ca.rb +76 -14
data/lib/puppet/http/service/compiler.rb +319 -0
data/lib/puppet/http/service/file_server.rb +206 -0
data/lib/puppet/http/service/report.rb +49 -23
data/lib/puppet/http/session.rb +103 -7
data/lib/puppet/indirector.rb +1 -1
data/lib/puppet/indirector/catalog/compiler.rb +10 -0
data/lib/puppet/indirector/catalog/rest.rb +34 -0
data/lib/puppet/indirector/facts/rest.rb +42 -0
data/lib/puppet/indirector/file_bucket_file/file.rb +1 -1
data/lib/puppet/indirector/file_bucket_file/rest.rb +48 -0
data/lib/puppet/indirector/file_content/http.rb +5 -0
data/lib/puppet/indirector/file_content/rest.rb +30 -0
data/lib/puppet/indirector/file_metadata/http.rb +27 -8
data/lib/puppet/indirector/file_metadata/rest.rb +52 -0
data/lib/puppet/indirector/json.rb +1 -1
data/lib/puppet/indirector/msgpack.rb +1 -1
data/lib/puppet/indirector/node/rest.rb +24 -0
data/lib/puppet/indirector/report/rest.rb +19 -0
data/lib/puppet/indirector/report/yaml.rb +23 -0
data/lib/puppet/indirector/request.rb +1 -1
data/lib/puppet/indirector/rest.rb +12 -0
data/lib/puppet/indirector/status/rest.rb +18 -0
data/lib/puppet/loaders.rb +6 -0
data/lib/puppet/metatype/manager.rb +80 -80
data/lib/puppet/network/http/api/indirected_routes.rb +1 -1
data/lib/puppet/network/http/api/master/v3/environment.rb +3 -0
data/lib/puppet/network/http/base_pool.rb +7 -2
data/lib/puppet/network/http/compression.rb +7 -0
data/lib/puppet/network/http/connection.rb +6 -0
data/lib/puppet/network/http/connection_adapter.rb +184 -0
data/lib/puppet/network/http/nocache_pool.rb +2 -0
data/lib/puppet/network/http/pool.rb +13 -6
data/lib/puppet/network/http_pool.rb +2 -1
data/lib/puppet/node/environment.rb +11 -1
data/lib/puppet/pal/catalog_compiler.rb +5 -0
data/lib/puppet/pal/pal_impl.rb +4 -29
data/lib/puppet/parser/ast/leaf.rb +5 -5
data/lib/puppet/parser/ast/pops_bridge.rb +6 -15
data/lib/puppet/parser/compiler.rb +43 -33
data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +2 -0
data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +2 -0
data/lib/puppet/parser/environment_compiler.rb +4 -1
data/lib/puppet/parser/functions.rb +18 -13
data/lib/puppet/parser/functions/filter.rb +1 -0
data/lib/puppet/parser/resource.rb +3 -2
data/lib/puppet/parser/resource/param.rb +6 -0
data/lib/puppet/pops/evaluator/access_operator.rb +2 -2
data/lib/puppet/pops/evaluator/evaluator_impl.rb +6 -6
data/lib/puppet/pops/issues.rb +5 -0
data/lib/puppet/pops/loader/puppet_plan_instantiator.rb +12 -3
data/lib/puppet/pops/loaders.rb +7 -5
data/lib/puppet/pops/parser/evaluating_parser.rb +5 -7
data/lib/puppet/pops/resource/resource_type_impl.rb +2 -0
data/lib/puppet/pops/types/p_object_type_extension.rb +10 -0
data/lib/puppet/pops/types/type_calculator.rb +24 -0
data/lib/puppet/pops/validation/checker4_0.rb +11 -1
data/lib/puppet/pops/validation/tasks_checker.rb +5 -1
data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -0
data/lib/puppet/provider/aix_object.rb +4 -2
data/lib/puppet/provider/group/aix.rb +1 -0
data/lib/puppet/provider/group/groupadd.rb +57 -24
data/lib/puppet/provider/group/windows_adsi.rb +3 -3
data/lib/puppet/provider/package/aix.rb +17 -2
data/lib/puppet/provider/package/apt.rb +78 -4
data/lib/puppet/provider/package/aptitude.rb +1 -1
data/lib/puppet/provider/package/dnfmodule.rb +69 -15
data/lib/puppet/provider/package/dpkg.rb +14 -7
data/lib/puppet/provider/package/fink.rb +20 -3
data/lib/puppet/provider/package/gem.rb +41 -7
data/lib/puppet/provider/package/openbsd.rb +13 -1
data/lib/puppet/provider/package/pacman.rb +2 -5
data/lib/puppet/provider/package/pip.rb +143 -48
data/lib/puppet/provider/package/pip3.rb +0 -2
data/lib/puppet/provider/package/pkg.rb +18 -5
data/lib/puppet/provider/package/pkgdmg.rb +1 -1
data/lib/puppet/provider/package/pkgng.rb +16 -4
data/lib/puppet/provider/package/portage.rb +2 -2
data/lib/puppet/provider/package/puppet_gem.rb +6 -2
data/lib/puppet/provider/package/rpm.rb +6 -213
data/lib/puppet/provider/package/yum.rb +109 -25
data/lib/puppet/provider/package/zypper.rb +59 -1
data/lib/puppet/provider/service/systemd.rb +22 -4
data/lib/puppet/provider/service/windows.rb +23 -7
data/lib/puppet/provider/user/aix.rb +1 -0
data/lib/puppet/provider/user/directoryservice.rb +30 -5
data/lib/puppet/provider/user/useradd.rb +22 -12
data/lib/puppet/reports/http.rb +15 -9
data/lib/puppet/reports/store.rb +1 -1
data/lib/puppet/resource.rb +2 -1
data/lib/puppet/resource/type.rb +8 -0
data/lib/puppet/resource/type_collection.rb +20 -16
data/lib/puppet/runtime.rb +31 -1
data/lib/puppet/settings.rb +4 -0
data/lib/puppet/settings/http_extra_headers_setting.rb +25 -0
data/lib/puppet/ssl.rb +1 -0
data/lib/puppet/ssl/certificate.rb +2 -1
data/lib/puppet/ssl/host.rb +4 -4
data/lib/puppet/ssl/oids.rb +1 -0
data/lib/puppet/ssl/ssl_context.rb +2 -2
data/lib/puppet/ssl/ssl_provider.rb +20 -1
data/lib/puppet/ssl/state_machine.rb +81 -35
data/lib/puppet/ssl/verifier_adapter.rb +9 -1
data/lib/puppet/test/test_helper.rb +15 -11
data/lib/puppet/transaction/report.rb +2 -2
data/lib/puppet/transaction/resource_harness.rb +1 -1
data/lib/puppet/trusted_external.rb +29 -1
data/lib/puppet/type.rb +18 -6
data/lib/puppet/type/file.rb +51 -13
data/lib/puppet/type/file/checksum.rb +4 -4
data/lib/puppet/type/file/source.rb +51 -60
data/lib/puppet/type/group.rb +2 -2
data/lib/puppet/type/package.rb +102 -10
data/lib/puppet/type/service.rb +55 -8
data/lib/puppet/type/user.rb +3 -28
data/lib/puppet/util.rb +39 -15
data/lib/puppet/util/at_fork.rb +1 -1
data/lib/puppet/util/autoload.rb +4 -18
data/lib/puppet/util/checksums.rb +19 -4
data/lib/puppet/util/fileparsing.rb +2 -2
data/lib/puppet/util/instance_loader.rb +14 -10
data/lib/puppet/util/log/destinations.rb +2 -11
data/lib/puppet/util/package/version/debian.rb +175 -0
data/lib/puppet/util/package/version/gem.rb +15 -0
data/lib/puppet/util/package/version/pip.rb +167 -0
data/lib/puppet/util/package/version/range.rb +53 -0
data/lib/puppet/util/package/version/range/eq.rb +14 -0
data/lib/puppet/util/package/version/range/gt.rb +14 -0
data/lib/puppet/util/package/version/range/gt_eq.rb +14 -0
data/lib/puppet/util/package/version/range/lt.rb +14 -0
data/lib/puppet/util/package/version/range/lt_eq.rb +14 -0
data/lib/puppet/util/package/version/range/min_max.rb +21 -0
data/lib/puppet/util/package/version/range/simple.rb +11 -0
data/lib/puppet/util/package/version/rpm.rb +73 -0
data/lib/puppet/util/pidlock.rb +36 -10
data/lib/puppet/util/platform.rb +5 -0
data/lib/puppet/util/plist.rb +6 -0
data/lib/puppet/util/provider_features.rb +1 -1
data/lib/puppet/util/reference.rb +1 -1
data/lib/puppet/util/rpm_compare.rb +193 -0
data/lib/puppet/util/storage.rb +0 -1
data/lib/puppet/util/windows/adsi.rb +2 -2
data/lib/puppet/util/windows/api_types.rb +45 -32
data/lib/puppet/util/windows/eventlog.rb +1 -6
data/lib/puppet/util/windows/principal.rb +8 -6
data/lib/puppet/util/windows/process.rb +15 -14
data/lib/puppet/util/windows/registry.rb +11 -11
data/lib/puppet/util/windows/security.rb +1 -0
data/lib/puppet/util/windows/service.rb +43 -26
data/lib/puppet/util/windows/sid.rb +3 -3
data/lib/puppet/util/windows/user.rb +23 -8
data/lib/puppet/util/yaml.rb +1 -1
data/lib/puppet/version.rb +1 -1
data/locales/puppet.pot +707 -574
data/man/man5/puppet.conf.5 +74 -14
data/man/man8/puppet-agent.8 +7 -7
data/man/man8/puppet-apply.8 +1 -1
data/man/man8/puppet-catalog.8 +1 -1
data/man/man8/puppet-config.8 +1 -1
data/man/man8/puppet-describe.8 +1 -1
data/man/man8/puppet-device.8 +2 -2
data/man/man8/puppet-doc.8 +1 -1
data/man/man8/puppet-epp.8 +1 -1
data/man/man8/puppet-facts.8 +1 -1
data/man/man8/puppet-filebucket.8 +17 -2
data/man/man8/puppet-generate.8 +1 -1
data/man/man8/puppet-help.8 +6 -3
data/man/man8/puppet-key.8 +1 -1
data/man/man8/puppet-lookup.8 +1 -1
data/man/man8/puppet-man.8 +1 -1
data/man/man8/puppet-module.8 +4 -1
data/man/man8/puppet-node.8 +1 -1
data/man/man8/puppet-parser.8 +1 -1
data/man/man8/puppet-plugin.8 +1 -1
data/man/man8/puppet-report.8 +1 -1
data/man/man8/puppet-resource.8 +1 -1
data/man/man8/puppet-script.8 +1 -1
data/man/man8/puppet-ssl.8 +2 -2
data/man/man8/puppet-status.8 +1 -1
data/man/man8/puppet.8 +2 -2
data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +67 -0
data/spec/fixtures/ssl/unknown-127.0.0.1.pem +48 -0
data/spec/fixtures/ssl/unknown-ca-key.pem +67 -0
data/spec/fixtures/ssl/unknown-ca.pem +59 -0
data/spec/fixtures/unit/provider/package/dnfmodule/{dnf-module-list-installed.txt → dnf-module-list.txt} +8 -0
data/spec/fixtures/unit/provider/package/pkgng/pkg.version +2 -0
data/spec/fixtures/unit/provider/package/yum/yum-check-update-subscription-manager.txt +9 -0
data/spec/fixtures/unit/provider/package/zypper/zypper-search-uninstalled.out +13 -0
data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services +9 -0
data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_md5/should_fetch_if_not_on_the_local_disk.yml +1 -102
data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_md5/should_not_update_if_content_on_disk_is_up-to-date.yml +1 -106
data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_md5/should_update_if_content_differs_on_disk.yml +1 -106
data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_mtime/should_fetch_if_mtime_is_older_on_disk.yml +1 -102
data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_mtime/should_fetch_if_no_header_specified.yml +1 -98
data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_mtime/should_fetch_if_not_on_the_local_disk.yml +1 -102
data/spec/fixtures/vcr/cassettes/Puppet_Type_File/when_sourcing/from_http/using_mtime/should_not_update_if_mtime_is_newer_on_disk.yml +1 -102
data/spec/integration/application/agent_spec.rb +483 -0
data/spec/integration/application/apply_spec.rb +132 -3
data/spec/integration/application/filebucket_spec.rb +190 -0
data/spec/integration/application/plugin_spec.rb +73 -0
data/spec/integration/configurer_spec.rb +26 -7
data/spec/integration/defaults_spec.rb +1 -2
data/spec/integration/http/client_spec.rb +47 -37
data/spec/integration/indirector/facts/facter_spec.rb +4 -0
data/spec/integration/indirector/report/yaml.rb +83 -0
data/spec/integration/module_tool/forge_spec.rb +2 -15
data/spec/integration/network/http_pool_spec.rb +93 -20
data/spec/integration/node/environment_spec.rb +15 -0
data/spec/integration/parser/compiler_spec.rb +11 -0
data/spec/integration/type/file_spec.rb +1 -1
data/spec/integration/util/windows/adsi_spec.rb +6 -1
data/spec/integration/util/windows/registry_spec.rb +7 -7
data/spec/integration/util/windows/user_spec.rb +40 -5
data/spec/lib/puppet/test_ca.rb +2 -2
data/spec/lib/puppet_spec/https.rb +16 -7
data/spec/lib/puppet_spec/puppetserver.rb +119 -0
data/spec/shared_contexts/https.rb +29 -0
data/spec/unit/agent_spec.rb +80 -26
data/spec/unit/application/agent_spec.rb +9 -5
data/spec/unit/application/apply_spec.rb +2 -12
data/spec/unit/application/describe_spec.rb +88 -50
data/spec/unit/application/device_spec.rb +2 -2
data/spec/unit/application/filebucket_spec.rb +22 -2
data/spec/unit/application/resource_spec.rb +2 -2
data/spec/unit/configurer/fact_handler_spec.rb +4 -8
data/spec/unit/configurer/plugin_handler_spec.rb +36 -19
data/spec/unit/configurer_spec.rb +17 -18
data/spec/unit/context/trusted_information_spec.rb +25 -2
data/spec/unit/daemon_spec.rb +5 -64
data/spec/unit/defaults_spec.rb +25 -2
data/spec/unit/environments_spec.rb +65 -28
data/spec/unit/face/facts_spec.rb +24 -20
data/spec/unit/face/module/search_spec.rb +17 -0
data/spec/unit/face/plugin_spec.rb +12 -10
data/spec/unit/file_serving/http_metadata_spec.rb +37 -14
data/spec/unit/file_serving/terminus_selector_spec.rb +45 -26
data/spec/unit/file_system/uniquefile_spec.rb +11 -0
data/spec/unit/file_system_spec.rb +26 -2
data/spec/unit/functions/lookup_spec.rb +13 -0
data/spec/unit/http/client_spec.rb +327 -35
data/spec/unit/http/external_client_spec.rb +201 -0
data/spec/unit/http/resolver_spec.rb +34 -2
data/spec/unit/http/response_spec.rb +75 -0
data/spec/unit/http/service/ca_spec.rb +53 -11
data/spec/unit/http/service/compiler_spec.rb +627 -0
data/spec/unit/http/service/file_server_spec.rb +308 -0
data/spec/unit/http/service/report_spec.rb +27 -9
data/spec/unit/http/service_spec.rb +98 -5
data/spec/unit/http/session_spec.rb +190 -7
data/spec/unit/indirector/catalog/compiler_spec.rb +47 -29
data/spec/unit/indirector/catalog/rest_spec.rb +59 -2
data/spec/unit/indirector/facts/rest_spec.rb +79 -24
data/spec/unit/indirector/file_bucket_file/rest_spec.rb +82 -2
data/spec/unit/indirector/file_content/rest_spec.rb +53 -2
data/spec/unit/indirector/file_metadata/http_spec.rb +194 -0
data/spec/unit/indirector/file_metadata/rest_spec.rb +110 -2
data/spec/unit/indirector/node/rest_spec.rb +57 -2
data/spec/unit/indirector/report/rest_spec.rb +58 -51
data/spec/unit/indirector/request_spec.rb +1 -1
data/spec/unit/indirector/resource/ral_spec.rb +7 -8
data/spec/unit/indirector/rest_spec.rb +13 -0
data/spec/unit/indirector/status/rest_spec.rb +43 -2
data/spec/unit/interface_spec.rb +3 -3
data/spec/unit/network/http/api/indirected_routes_spec.rb +2 -1
data/spec/unit/network/http/connection_spec.rb +559 -175
data/spec/unit/network/http/nocache_pool_spec.rb +25 -3
data/spec/unit/network/http/pool_spec.rb +89 -11
data/spec/unit/network/http_pool_spec.rb +63 -57
data/spec/unit/network/http_spec.rb +1 -1
data/spec/unit/node/environment_spec.rb +16 -0
data/spec/unit/node/facts_spec.rb +2 -1
data/spec/unit/node_spec.rb +7 -4
data/spec/unit/parser/ast/block_expression_spec.rb +1 -1
data/spec/unit/parser/environment_compiler_spec.rb +7 -0
data/spec/unit/parser/scope_spec.rb +1 -1
data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +15 -1
data/spec/unit/pops/loaders/loaders_spec.rb +1 -1
data/spec/unit/pops/serialization/to_from_hr_spec.rb +6 -1
data/spec/unit/pops/types/type_calculator_spec.rb +1 -11
data/spec/unit/pops/validator/validator_spec.rb +7 -2
data/spec/unit/provider/aix_object_spec.rb +16 -2
data/spec/unit/provider/group/groupadd_spec.rb +181 -56
data/spec/unit/provider/group/windows_adsi_spec.rb +43 -10
data/spec/unit/provider/package/aix_spec.rb +29 -0
data/spec/unit/provider/package/apt_spec.rb +43 -2
data/spec/unit/provider/package/aptitude_spec.rb +1 -0
data/spec/unit/provider/package/dnfmodule_spec.rb +76 -15
data/spec/unit/provider/package/dpkg_spec.rb +28 -6
data/spec/unit/provider/package/gem_spec.rb +40 -0
data/spec/unit/provider/package/openbsd_spec.rb +17 -0
data/spec/unit/provider/package/pacman_spec.rb +6 -21
data/spec/unit/provider/package/pip_spec.rb +68 -19
data/spec/unit/provider/package/pkg_spec.rb +15 -1
data/spec/unit/provider/package/pkgdmg_spec.rb +1 -1
data/spec/unit/provider/package/pkgng_spec.rb +38 -0
data/spec/unit/provider/package/portage_spec.rb +5 -0
data/spec/unit/provider/package/puppet_gem_spec.rb +8 -0
data/spec/unit/provider/package/rpm_spec.rb +0 -212
data/spec/unit/provider/package/yum_spec.rb +292 -0
data/spec/unit/provider/package/zypper_spec.rb +84 -0
data/spec/unit/provider/service/init_spec.rb +1 -0
data/spec/unit/provider/service/openbsd_spec.rb +9 -0
data/spec/unit/provider/service/openwrt_spec.rb +1 -0
data/spec/unit/provider/service/redhat_spec.rb +9 -0
data/spec/unit/provider/service/systemd_spec.rb +92 -12
data/spec/unit/provider/service/windows_spec.rb +22 -14
data/spec/unit/provider/user/directoryservice_spec.rb +41 -0
data/spec/unit/provider/user/openbsd_spec.rb +1 -0
data/spec/unit/provider/user/useradd_spec.rb +43 -24
data/spec/unit/provider/user/windows_adsi_spec.rb +3 -3
data/spec/unit/puppet_pal_2pec.rb +0 -26
data/spec/unit/puppet_pal_catalog_spec.rb +46 -0
data/spec/unit/puppet_spec.rb +47 -0
data/spec/unit/reports/http_spec.rb +70 -52
data/spec/unit/resource_spec.rb +3 -3
data/spec/unit/settings/autosign_setting_spec.rb +1 -1
data/spec/unit/settings/http_extra_headers_spec.rb +64 -0
data/spec/unit/ssl/certificate_spec.rb +7 -0
data/spec/unit/ssl/host_spec.rb +4 -2
data/spec/unit/ssl/oids_spec.rb +1 -0
data/spec/unit/ssl/ssl_provider_spec.rb +69 -43
data/spec/unit/ssl/state_machine_spec.rb +99 -13
data/spec/unit/test/test_helper_spec.rb +17 -0
data/spec/unit/transaction/persistence_spec.rb +1 -10
data/spec/unit/transaction/report_spec.rb +5 -1
data/spec/unit/transaction_spec.rb +0 -2
data/spec/unit/type/file/ensure_spec.rb +1 -2
data/spec/unit/type/file/source_spec.rb +89 -38
data/spec/unit/type/file_spec.rb +122 -96
data/spec/unit/type/package_spec.rb +8 -0
data/spec/unit/type/service_spec.rb +185 -8
data/spec/unit/type/user_spec.rb +1 -2
data/spec/unit/type_spec.rb +50 -0
data/spec/unit/util/at_fork_spec.rb +3 -2
data/spec/unit/util/autoload_spec.rb +2 -1
data/spec/unit/util/checksums_spec.rb +16 -0
data/spec/unit/util/log/destinations_spec.rb +1 -29
data/spec/unit/util/package/version/debian_spec.rb +83 -0
data/spec/unit/util/package/version/pip_spec.rb +464 -0
data/spec/unit/util/package/version/range_spec.rb +175 -0
data/spec/unit/util/package/version/rpm_spec.rb +121 -0
data/spec/unit/util/pidlock_spec.rb +112 -42
data/spec/unit/util/plist_spec.rb +20 -0
data/spec/unit/util/rpm_compare_spec.rb +196 -0
data/spec/unit/util/storage_spec.rb +1 -8
data/spec/unit/util/windows/adsi_spec.rb +4 -4
data/spec/unit/util/windows/api_types_spec.rb +104 -40
data/spec/unit/util/windows/service_spec.rb +4 -4
data/spec/unit/util/windows/sid_spec.rb +2 -2
data/spec/unit/util_spec.rb +3 -3
data/spec/unit/x509/cert_provider_spec.rb +1 -1
data/tasks/generate_cert_fixtures.rake +15 -1
data/tasks/manpages.rake +5 -35
metadata +73 -12
data/COMMITTERS.md +0 -244
data/spec/integration/faces/plugin_spec.rb +0 -61
data/spec/integration/test/test_helper_spec.rb +0 -31

data/lib/puppet/runtime.rb CHANGED

@@ -1,14 +1,32 @@
 require 'puppet/http'
 require 'singleton'
+# Provides access to runtime implementations.
+#
+# @api private
 class Puppet::Runtime
   include Singleton
   def initialize
-    @runtime_services = {}
+    @runtime_services = {
+      http: proc do
+        klass = Puppet::Network::HttpPool.http_client_class
+        if klass == Puppet::Network::HTTP::Connection ||
+           klass == Puppet::Network::HTTP::ConnectionAdapter
+          Puppet::HTTP::Client.new
+        else
+          Puppet::HTTP::ExternalClient.new(klass)
+        end
+      end
+    }
   end
   private :initialize
+  # Get a runtime implementation.
+  #
+  # @param name [Symbol] the name of the implementation
+  # @return [Object] the runtime implementation
+  # @api private
   def [](name)
     service = @runtime_services[name]
     raise ArgumentError, "Unknown service #{name}" unless service
@@ -20,7 +38,19 @@ class Puppet::Runtime
     end
   end
+  # Register a runtime implementation.
+  #
+  # @param name [Symbol] the name of the implementation
+  # @param impl [Object] the runtime implementation
+  # @api private
   def []=(name, impl)
     @runtime_services[name] = impl
   end
+  # Clears all implementations. This is used for testing.
+  #
+  # @api private
+  def clear
+    initialize
+  end
 end

data/lib/puppet/settings.rb CHANGED

@@ -30,6 +30,7 @@ class Puppet::Settings
   require 'puppet/settings/value_translator'
   require 'puppet/settings/environment_conf'
   require 'puppet/settings/server_list_setting'
+  require 'puppet/settings/http_extra_headers_setting'
   require 'puppet/settings/certificate_revocation_setting'
   # local reference for convenience
@@ -727,6 +728,7 @@ class Puppet::Settings
       :priority   => PrioritySetting,
       :autosign   => AutosignSetting,
       :server_list => ServerListSetting,
+      :http_extra_headers => HttpExtraHeadersSetting,
       :certificate_revocation => CertificateRevocationSetting
   }
@@ -1239,6 +1241,8 @@ Generated on #{Time.now}.
     configured_environment = self[:environment]
     if configured_environment == "production" && envdir && Puppet::FileSystem.exist?(envdir)
       configured_environment_path = File.join(envdir, configured_environment)
+      # If configured_environment_path is a symlink, assume the source path is being managed
+      # elsewhere, so don't do any of this configuration
       if !Puppet::FileSystem.symlink?(configured_environment_path)
         parameters = { :ensure => 'directory' }
         unless Puppet::FileSystem.exist?(configured_environment_path)

data/lib/puppet/settings/http_extra_headers_setting.rb ADDED

@@ -0,0 +1,25 @@
+class Puppet::Settings::HttpExtraHeadersSetting < Puppet::Settings::BaseSetting
+  def type
+    :http_extra_headers
+  end
+  def munge(headers)
+    return headers if headers.is_a?(Hash)
+    headers = headers.split(/\s*,\s*/) if headers.is_a?(String)
+    raise ArgumentError, _("Expected an Array, String, or Hash, got a %{klass}") % { klass: headers.class } unless headers.is_a?(Array)
+    headers.map! { |header|
+      case header
+      when String
+        header.split(':')
+      when Array
+        header
+      else
+        raise ArgumentError, _("Expected an Array or String, got a %{klass}") % { klass: header.class }
+      end
+    }
+  end
+end

data/lib/puppet/ssl.rb CHANGED

@@ -2,6 +2,7 @@
 require 'puppet'
 require 'puppet/ssl/openssl_loader'
+# @api private
 module Puppet::SSL # :nodoc:
   CA_NAME = "ca".freeze
   require 'puppet/ssl/host'

data/lib/puppet/ssl/certificate.rb CHANGED

@@ -56,7 +56,8 @@ DOC
   def custom_extensions
     custom_exts = content.extensions.select do |ext|
       Puppet::SSL::Oids.subtree_of?('ppRegCertExt', ext.oid) or
-        Puppet::SSL::Oids.subtree_of?('ppPrivCertExt', ext.oid)
+        Puppet::SSL::Oids.subtree_of?('ppPrivCertExt', ext.oid) or
+        Puppet::SSL::Oids.subtree_of?('ppAuthCertExt', ext.oid)
     end
     custom_exts.map do |ext|

data/lib/puppet/ssl/host.rb CHANGED

@@ -22,9 +22,9 @@ class Puppet::SSL::Host
   attr_writer :key, :certificate, :certificate_request, :crl_usage
-  def self.localhost
+  def self.localhost(suppress_warning = false)
     return @localhost if @localhost
-    @localhost = new
+    @localhost = new(nil, false, suppress_warning)
     @localhost.generate unless @localhost.certificate
     @localhost.key
     @localhost
@@ -225,14 +225,14 @@ ERROR_STRING
   end
   private :validate_csr_with_key
-  def initialize(name = nil, device = false)
+  def initialize(name = nil, device = false, suppress_warning = false)
     @name = (name || Puppet[:certname]).downcase
     @device = device
     Puppet::SSL::Base.validate_certname(@name)
     @key = @certificate = @certificate_request = nil
     @crl_usage = Puppet.settings[:certificate_revocation]
     @crl_path = Puppet.settings[:hostcrl]
-    Puppet.deprecation_warning(_("Puppet::SSL::Host is deprecated and will be removed in a future release of Puppet."));
+    Puppet.deprecation_warning(_("Puppet::SSL::Host is deprecated and will be removed in a future release of Puppet.")) unless suppress_warning
   end
   # Extract the public key from the private key.

data/lib/puppet/ssl/oids.rb CHANGED

@@ -61,6 +61,7 @@ module Puppet::SSL::Oids
     ["1.3.6.1.4.1.34380.1.1.23", 'pp_cloudplatform', 'Puppet Node Cloud Platform Name'],
     ["1.3.6.1.4.1.34380.1.1.24", 'pp_apptier', 'Puppet Node Application Tier'],
     ["1.3.6.1.4.1.34380.1.1.25", 'pp_hostname', 'Puppet Node Hostname'],
+    ["1.3.6.1.4.1.34380.1.1.26", 'pp_owner', 'Puppet Node Owner'],
     ["1.3.6.1.4.1.34380.1.2", 'ppPrivCertExt', 'Puppet Private Certificate Extension'],

data/lib/puppet/ssl/ssl_context.rb CHANGED

@@ -22,9 +22,9 @@ module Puppet::SSL
     # This is an idiom to initialize a Struct from keyword
     # arguments. Ruby 2.5 introduced `keyword_init: true` for
     # that purpose, but we need to support older versions.
-    def initialize(**kwargs)
+    def initialize(kwargs = {})
       super({})
-      DEFAULTS.merge(kwargs).each { |k,v| self[k] = v }
+      DEFAULTS.merge(**kwargs).each { |k,v| self[k] = v }
     end
   end
 end

data/lib/puppet/ssl/ssl_provider.rb CHANGED

@@ -46,13 +46,32 @@ class Puppet::SSL::SSLProvider
   # perform revocation checking.
   #
   # @param cacerts [Array<OpenSSL::X509::Certificate>] Array of trusted CA certs
+  # @param path [String, nil] A file containing additional trusted CA certs.
   # @return [Puppet::SSL::SSLContext] A context to use to create connections
   # @raise (see #create_context)
   # @api private
-  def create_system_context(cacerts:)
+  def create_system_context(cacerts:, path: Puppet[:ssl_trust_store])
     store = create_x509_store(cacerts, [], false)
     store.set_default_paths
+    if path
+      stat = Puppet::FileSystem.stat(path)
+      if stat
+        if stat.ftype == 'file'
+          # don't add empty files as ruby/openssl will raise
+          if stat.size > 0
+            begin
+              store.add_file(path)
+            rescue => e
+              Puppet.err(_("Failed to add '%{path}' as a trusted CA file: %{detail}" % { path: path, detail: e.message }, e))
+            end
+          end
+        else
+          Puppet.warning(_("The 'ssl_trust_store' setting does not refer to a file and will be ignored: '%{path}'" % { path: path }))
+        end
+      end
+    end
     Puppet::SSL::SSLContext.new(store: store, cacerts: cacerts, crls: [], revocation: false).freeze
   end

data/lib/puppet/ssl/state_machine.rb CHANGED

@@ -45,7 +45,7 @@ class Puppet::SSL::StateMachine
         next_ctx = @ssl_provider.create_root_context(cacerts: cacerts, revocation: false)
       else
         route = @machine.session.route_to(:ca, ssl_context: @ssl_context)
-        pem = route.get_certificate(Puppet::SSL::CA_NAME, ssl_context: @ssl_context)
+        _, pem = route.get_certificate(Puppet::SSL::CA_NAME, ssl_context: @ssl_context)
         if @machine.ca_fingerprint
           actual_digest = Puppet::SSL::Digest.new(@machine.digest, pem).to_hex
           expected_digest = @machine.ca_fingerprint.scan(/../).join(':').upcase
@@ -146,7 +146,7 @@ class Puppet::SSL::StateMachine
     def download_crl(ssl_ctx, last_update)
       route = @machine.session.route_to(:ca, ssl_context: ssl_ctx)
-      pem = route.get_certificate_revocation_list(if_modified_since: last_update, ssl_context: ssl_ctx)
+      _, pem = route.get_certificate_revocation_list(if_modified_since: last_update, ssl_context: ssl_ctx)
       crls = @cert_provider.load_crls_from_pem(pem)
       # verify crls before saving
       next_ctx = @ssl_provider.create_root_context(cacerts: ssl_ctx[:cacerts], crls: crls)
@@ -234,7 +234,7 @@ class Puppet::SSL::StateMachine
       route = @machine.session.route_to(:ca, ssl_context: @ssl_context)
       cert = OpenSSL::X509::Certificate.new(
-        route.get_certificate(Puppet[:certname], ssl_context: @ssl_context)
+        route.get_certificate(Puppet[:certname], ssl_context: @ssl_context)[1]
       )
       Puppet.info _("Downloaded certificate for %{name} from %{url}") % { name: Puppet[:certname], url: route.url }
       # verify client cert before saving
@@ -278,16 +278,55 @@ class Puppet::SSL::StateMachine
       else
         Puppet.info(_("Will try again in %{time} seconds.") % {time: time})
+        # close persistent connections and session state before sleeping
+        Puppet.runtime[:http].close
+        @machine.session = Puppet.runtime[:http].create_session
+        @machine.unlock
         Kernel.sleep(time)
+        NeedLock.new(@machine)
+      end
+    end
+  end
+  # Acquire the ssl lock or return LockFailure causing us to exit.
+  #
+  class NeedLock < SSLState
+    def initialize(machine)
+      super(machine, nil)
+    end
+    def next_state
+      if @machine.lock
         # our ssl directory may have been cleaned while we were
         # sleeping, start over from the top
-        @machine.session = Puppet.runtime['http'].create_session
         NeedCACerts.new(@machine)
+      elsif @machine.waitforlock < 1
+        LockFailure.new(@machine, _("Another puppet instance is already running and the waitforlock setting is set to 0; exiting"))
+      elsif Time.now.to_i >= @machine.waitlock_deadline
+        LockFailure.new(@machine, _("Another puppet instance is already running and the maxwaitforlock timeout has been exceeded; exiting"))
+      else
+        Puppet.info _("Another puppet instance is already running; waiting for it to finish")
+        Puppet.info _("Will try again in %{time} seconds.") % {time: @machine.waitforlock}
+        Kernel.sleep @machine.waitforlock
+        # try again
+        self
       end
     end
   end
+  # We failed to acquire the lock, so exit
+  #
+  class LockFailure < SSLState
+    attr_reader :message
+    def initialize(machine, message)
+      super(machine, nil)
+      @message = message
+    end
+  end
   # We cannot make progress due to an error.
   #
   class Error < SSLState
@@ -310,7 +349,7 @@ class Puppet::SSL::StateMachine
   #
   class Done < SSLState; end
-  attr_reader :waitforcert, :wait_deadline, :cert_provider, :ssl_provider, :ca_fingerprint, :digest
+  attr_reader :waitforcert, :wait_deadline, :waitforlock, :waitlock_deadline, :cert_provider, :ssl_provider, :ca_fingerprint, :digest
   attr_accessor :session
   # Construct a state machine to manage the SSL initialization process. By
@@ -323,7 +362,12 @@ class Puppet::SSL::StateMachine
   # then then state machine will exit instead of wait.
   #
   # @param waitforcert [Integer] how many seconds to wait between attempts
-  # @param maxwiatforcert [Integer] maximum amount of second
+  # @param maxwaitforcert [Integer] maximum amount of seconds to wait for the
+  #   server to sign the certificate request
+  # @param waitforlock [Integer] how many seconds to wait between attempts for
+  #   acquiring the ssl lock
+  # @param maxwaitforlock [Integer] maximum amount of seconds to wait for an
+  #   already running process to release the ssl lock
   # @param onetime [Boolean] whether to run onetime
   # @param lockfile [Puppet::Util::Pidlock] lockfile to protect against
   #   concurrent modification by multiple processes
@@ -336,6 +380,8 @@ class Puppet::SSL::StateMachine
   #   downloaded CA bundle
   def initialize(waitforcert: Puppet[:waitforcert],
                  maxwaitforcert: Puppet[:maxwaitforcert],
+                 waitforlock: Puppet[:waitforlock],
+                 maxwaitforlock: Puppet[:maxwaitforlock],
                  onetime: Puppet[:onetime],
                  cert_provider: Puppet::X509::CertProvider.new,
                  ssl_provider: Puppet::SSL::SSLProvider.new,
@@ -344,13 +390,15 @@ class Puppet::SSL::StateMachine
                  ca_fingerprint: Puppet[:ca_fingerprint])
     @waitforcert = waitforcert
     @wait_deadline = Time.now.to_i + maxwaitforcert
+    @waitforlock = waitforlock
+    @waitlock_deadline = Time.now.to_i + maxwaitforlock
     @onetime = onetime
     @cert_provider = cert_provider
     @ssl_provider = ssl_provider
     @lockfile = lockfile
     @digest = digest
     @ca_fingerprint = ca_fingerprint
-    @session = Puppet.runtime['http'].create_session
+    @session = Puppet.runtime[:http].create_session
   end
   # Run the state machine for CA certs and CRLs.
@@ -358,7 +406,7 @@ class Puppet::SSL::StateMachine
   # @return [Puppet::SSL::SSLContext] initialized SSLContext
   # @raise [Puppet::Error] If we fail to generate an SSLContext
   def ensure_ca_certificates
-    final_state = run_machine(NeedCACerts.new(self), NeedKey)
+    final_state = run_machine(NeedLock.new(self), NeedKey)
     final_state.ssl_context
   end
@@ -367,7 +415,7 @@ class Puppet::SSL::StateMachine
   # @return [Puppet::SSL::SSLContext] initialized SSLContext
   # @raise [Puppet::Error] If we fail to generate an SSLContext
   def ensure_client_certificate
-    final_state = run_machine(NeedCACerts.new(self), Done)
+    final_state = run_machine(NeedLock.new(self), Done)
     ssl_context = final_state.ssl_context
     if Puppet::Util::Log.sendlevel?(:debug)
@@ -386,40 +434,38 @@ class Puppet::SSL::StateMachine
     ssl_context
   end
+  def lock
+    @lockfile.lock
+  end
+  def unlock
+    @lockfile.unlock
+  end
   private
   def run_machine(state, stop)
-    with_lock do
-      loop do
-        state = run_step(state)
-        case state
-        when stop
-          break
-        when Error
-          if @onetime
-            Puppet.log_exception(state.error)
-            raise state.error
-          end
-        else
-          # fall through
+    loop do
+      state = run_step(state)
+      case state
+      when stop
+        break
+      when LockFailure
+        raise Puppet::Error, state.message
+      when Error
+        if @onetime
+          Puppet.log_exception(state.error)
+          raise state.error
         end
+      else
+        # fall through
       end
     end
     state
-  end
-  def with_lock
-    if @lockfile.lock
-      begin
-        yield
-      ensure
-        @lockfile.unlock
-      end
-    else
-      raise Puppet::Error, _('Another puppet instance is already running; exiting')
-    end
+  ensure
+    @lockfile.unlock if @lockfile.locked?
   end
   def run_step(state)

data/lib/puppet/ssl/verifier_adapter.rb CHANGED

@@ -6,10 +6,18 @@
 #   loaded above.
 #
 class Puppet::SSL::VerifierAdapter
-  attr_reader :validator
+  attr_reader :validator, :ssl_context
   def initialize(validator)
     @validator = validator
+    if validator.is_a?(Puppet::SSL::Validator::NoValidator)
+      ssl = Puppet::SSL::SSLProvider.new
+      @ssl_context = ssl.create_insecure_context
+    else
+      # nil means use the default SSLContext
+      @ssl_context = nil
+    end
   end
   # Return true if `self` is reusable with `verifier` meaning they

data/lib/puppet/test/test_helper.rb CHANGED

@@ -68,7 +68,14 @@ module Puppet::Test
     #  any individual tests.
     # @return nil
     def self.before_all_tests()
-      # Make sure that all of the setup is also done for any before(:all) blocks
+      # The process environment is a shared, persistent resource.
+      # Can't use Puppet.features.microsoft_windows? as it may be mocked out in a test.  This can cause test recurring test failures
+      if (!!File::ALT_SEPARATOR)
+        mode = :windows
+      else
+        mode = :posix
+      end
+      $old_env = Puppet::Util.get_environment(mode)
     end
     # Call this method once, at the end of a test run, when no more tests
@@ -118,15 +125,6 @@ module Puppet::Test
         }
       end
-      # The process environment is a shared, persistent resource.
-      # Can't use Puppet.features.microsoft_windows? as it may be mocked out in a test.  This can cause test recurring test failures
-      if (!!File::ALT_SEPARATOR)
-        mode = :windows
-      else
-        mode = :posix
-      end
-      $old_env = Puppet::Util.get_environment(mode)
       # So is the load_path
       $old_load_path = $LOAD_PATH.dup
@@ -136,10 +134,12 @@ module Puppet::Test
         {
           trusted_information:
             Puppet::Context::TrustedInformation.new('local', 'testing', {}, { "trusted_testhelper" => true }),
-          ssl_context: Puppet::SSL::SSLContext.new(cacerts: []).freeze
+          ssl_context: Puppet::SSL::SSLContext.new(cacerts: []).freeze,
+          http_session: proc { Puppet.runtime[:http].create_session }
         },
         "Context for specs")
+      Puppet.runtime.clear
       Puppet::Parser::Functions.reset
       Puppet::Application.clear!
       Puppet::Util::Profiler.clear
@@ -147,6 +147,10 @@ module Puppet::Test
       Puppet::SSL::Host.reset
       Puppet::Rest::Routes.clear
+      Puppet::Node::Facts.indirection.terminus_class = :memory
+      facts = Puppet::Node::Facts.new(Puppet[:node_name_value])
+      Puppet::Node::Facts.indirection.save(facts)
       Puppet.clear_deprecation_warnings
     end