puppet 6.12.0 → 6.13.0

data/lib/puppet/environments.rb

@@ -186,6 +186,13 @@ module Puppet::Environments
       end
     end
 
+    def self.real_path(dir)
+      if Puppet::FileSystem.symlink?(dir) && Puppet[:versioned_environment_dirs]
+        dir = Puppet::FileSystem.expand_path(Puppet::FileSystem.readlink(dir))
+      end
+      return dir
+    end
+
     # @!macro loader_search_paths
     def search_paths
       ["file://#{@environment_dir}"]
@@ -193,27 +200,26 @@ module Puppet::Environments
 
     # @!macro loader_list
     def list
-      valid_directories.collect do |envdir|
-        name = Puppet::FileSystem.basename_string(envdir).intern
-
+      valid_environment_names.collect do |name|
         create_environment(name)
       end
     end
 
     # @!macro loader_get
     def get(name)
-      if valid_directory?(File.join(@environment_dir, name.to_s))
+      if validated_directory(File.join(@environment_dir, name.to_s))
         create_environment(name)
       end
     end
 
     # @!macro loader_get_conf
     def get_conf(name)
-      envdir = File.join(@environment_dir, name.to_s)
-      if valid_directory?(envdir)
-        return Puppet::Settings::EnvironmentConf.load_from(envdir, @global_module_path)
+      envdir = validated_directory(File.join(@environment_dir, name.to_s))
+      if envdir
+        Puppet::Settings::EnvironmentConf.load_from(envdir, @global_module_path)
+      else
+        nil
       end
-      nil
     end
 
     private
@@ -230,19 +236,21 @@ module Puppet::Environments
       env
     end
 
-    def valid_directory?(envdir)
-      name = Puppet::FileSystem.basename_string(envdir)
-      Puppet::FileSystem.directory?(envdir) &&
-         Puppet::Node::Environment.valid_name?(name)
+    def validated_directory(envdir)
+      env_name = Puppet::FileSystem.basename_string(envdir)
+      envdir = Puppet::Environments::Directories.real_path(envdir)
+      if Puppet::FileSystem.directory?(envdir) && Puppet::Node::Environment.valid_name?(env_name)
+        envdir
+      else
+        nil
+      end
     end
 
-    def valid_directories
+    def valid_environment_names
       if Puppet::FileSystem.directory?(@environment_dir)
-        Puppet::FileSystem.children(@environment_dir).select do |child|
-          valid_directory?(child)
-        end
-      else
-        []
+        Puppet::FileSystem.children(@environment_dir).map do |child|
+          Puppet::FileSystem.basename_string(child).intern if validated_directory(child)
+        end.compact
       end
     end
   end

data/lib/puppet/face/facts.rb

@@ -75,13 +75,16 @@ Puppet::Indirector::Face.define(:facts, '0.0.1') do
         facts.name = Puppet[:node_name_value]
       end
 
-      Puppet::Node::Facts.indirection.terminus_class = :rest
-      server = Puppet::Node::Facts::Rest.server
-      Puppet.notice(_("Uploading facts for '%{node}' to: '%{server}'") % {
+      client = Puppet.runtime['http']
+      session = client.create_session
+      puppet = session.route_to(:puppet)
+
+      Puppet.notice(_("Uploading facts for '%{node}' to '%{server}'") % {
                     node: Puppet[:node_name_value],
-                    server: server})
+                    server: puppet.url.hostname})
 
-      Puppet::Node::Facts.indirection.save(facts, nil, :environment => Puppet.lookup(:current_environment))
+      puppet.put_facts(Puppet[:node_name_value], facts: facts, environment: Puppet.lookup(:current_environment).name.to_s)
+      nil
     end
   end
 end

data/lib/puppet/file_system/memory_file.rb

@@ -23,6 +23,10 @@ class Puppet::FileSystem::MemoryFile
         :children => children)
   end
 
+  def self.a_symlink(target_path, source_path)
+    new(target_path, :exist? => true, :symlink? => true, :source_path => source_path)
+  end
+
   def initialize(path, properties)
     @path = path
     @properties = properties
@@ -34,6 +38,8 @@ class Puppet::FileSystem::MemoryFile
   def directory?; @properties[:directory?]; end
   def exist?; @properties[:exist?]; end
   def executable?; @properties[:executable?]; end
+  def symlink?; @properties[:symlink?]; end
+  def source_path; @properties[:source_path]; end
 
   def each_line(&block)
     handle.each_line(&block)

data/lib/puppet/file_system/memory_impl.rb

@@ -23,6 +23,19 @@ class Puppet::FileSystem::MemoryImpl
     path.executable?
   end
 
+  def symlink?(path)
+    path.symlink?
+  end
+
+  def readlink(path)
+    path = path.path
+    link = find(path)
+    return Puppet::FileSystem::MemoryFile.a_missing_file(path) unless link
+    source = link.source_path
+    return Puppet::FileSystem::MemoryFile.a_missing_file(link) unless source
+    find(source) || Puppet::FileSystem::MemoryFile.a_missing_file(source)
+  end
+
   def children(path)
     path.children
   end

data/lib/puppet/file_system/windows.rb

@@ -117,6 +117,7 @@ class Puppet::FileSystem::Windows < Puppet::FileSystem::Posix
   end
 
   # https://docs.microsoft.com/en-us/windows/desktop/debug/system-error-codes--0-499-
+  FILE_NOT_FOUND = 2
   ACCESS_DENIED = 5
   SHARING_VIOLATION = 32
   LOCK_VIOLATION = 33
@@ -132,12 +133,12 @@ class Puppet::FileSystem::Windows < Puppet::FileSystem::Posix
              dacl = secure_dacl(current_sid)
              dacl.allow(Puppet::Util::Windows::SID::BuiltinUsers, FILE_READ)
              dacl
-           when 0640, 0600
+           when 0660, 0640, 0600, 0440
              secure_dacl(current_sid)
            when nil
              get_dacl_from_file(path) || secure_dacl(current_sid)
            else
-             raise ArgumentError, "Only modes 0644, 0640 and 0600 are allowed"
+             raise ArgumentError, "#{mode} is invalid: Only modes 0644, 0640, 0660, and 0440 are allowed"
            end
 
 
@@ -180,9 +181,9 @@ class Puppet::FileSystem::Windows < Puppet::FileSystem::Posix
   def secure_dacl(current_sid)
     dacl = Puppet::Util::Windows::AccessControlList.new
     [
-     Puppet::Util::Windows::SID::LocalSystem,
-     Puppet::Util::Windows::SID::BuiltinAdministrators,
-     current_sid
+      Puppet::Util::Windows::SID::LocalSystem,
+      Puppet::Util::Windows::SID::BuiltinAdministrators,
+      current_sid
     ].uniq.map do |sid|
       dacl.allow(sid, FULL_CONTROL)
     end
@@ -193,11 +194,7 @@ class Puppet::FileSystem::Windows < Puppet::FileSystem::Posix
     sd = Puppet::Util::Windows::Security.get_security_descriptor(Puppet::FileSystem.path_string(path))
     sd.dacl
   rescue Puppet::Util::Windows::Error => e
-    if e.code == 2 # ERROR_FILE_NOT_FOUND
-      nil
-    else
-      raise e
-    end
+    raise e unless e.code == FILE_NOT_FOUND
   end
 
   def raise_if_symlinks_unsupported

data/lib/puppet/http.rb

@@ -18,6 +18,8 @@ module Puppet
     require 'puppet/http/response'
     require 'puppet/http/service'
     require 'puppet/http/service/ca'
+    require 'puppet/http/service/compiler'
+    require 'puppet/http/service/file_server'
     require 'puppet/http/service/report'
     require 'puppet/http/session'
     require 'puppet/http/resolver'

data/lib/puppet/http/client.rb

@@ -171,7 +171,37 @@ class Puppet::HTTP::Client
     end
   end
 
+  def expand_into_parameters(data)
+    data.inject([]) do |params, key_value|
+      key, value = key_value
+
+      expanded_value = case value
+                       when Array
+                         value.collect { |val| [key, val] }
+                       else
+                         [key_value]
+                       end
+
+      params.concat(expand_primitive_types_into_parameters(expanded_value))
+    end
+  end
+
+  def expand_primitive_types_into_parameters(data)
+    data.inject([]) do |params, key_value|
+      key, value = key_value
+      case value
+      when nil
+        params
+      when true, false, String, Symbol, Integer, Float
+        params << [key, value]
+      else
+        raise Puppet::HTTP::SerializationError, _("HTTP REST queries cannot handle values of type '%{klass}'") % { klass: value.class }
+      end
+    end
+  end
+
   def encode_params(params)
+    params = expand_into_parameters(params)
     params.map do |key, value|
       "#{key}=#{Puppet::Util.uri_query_encode(value.to_s)}"
     end.join('&')

data/lib/puppet/http/errors.rb

@@ -7,6 +7,8 @@ module Puppet::HTTP
 
   class ProtocolError < HTTPError; end
 
+  class SerializationError < HTTPError; end
+
   class ResponseError < HTTPError
     attr_reader :response
 

data/lib/puppet/http/service.rb

@@ -1,12 +1,17 @@
 class Puppet::HTTP::Service
   attr_reader :url
 
-  SERVICE_NAMES = [:ca, :report].freeze
+  SERVICE_NAMES = [:ca, :fileserver, :puppet, :report].freeze
+  EXCLUDED_FORMATS = [:yaml, :b64_zlib_yaml, :dot].freeze
 
   def self.create_service(client, name, server = nil, port = nil)
     case name
     when :ca
       Puppet::HTTP::Service::Ca.new(client, server, port)
+    when :fileserver
+      Puppet::HTTP::Service::FileServer.new(client, server, port)
+    when :puppet
+      ::Puppet::HTTP::Service::Compiler.new(client, server, port)
     when :report
       Puppet::HTTP::Service::Report.new(client, server, port)
     else
@@ -25,7 +30,7 @@ class Puppet::HTTP::Service
 
   def with_base_url(path)
     u = @url.dup
-    u.path += path
+    u.path += Puppet::Util.uri_encode(path)
     u
   end
 
@@ -47,4 +52,58 @@ class Puppet::HTTP::Service
                      path: api
                     ).freeze
   end
+
+  def get_mime_types(model)
+    unless @mime_types
+      network_formats = model.supported_formats - EXCLUDED_FORMATS
+      @mime_types = network_formats.map { |f| model.get_format(f).mime }
+    end
+    @mime_types
+  end
+
+  def formatter_for_response(response)
+    header = response['Content-Type']
+    raise Puppet::HTTP::ProtocolError.new(_("No content type in http response; cannot parse")) unless header
+
+    header.gsub!(/\s*;.*$/,'') # strip any charset
+
+    formatter = Puppet::Network::FormatHandler.mime(header)
+    raise Puppet::HTTP::ProtocolError.new("Content-Type is unsupported") if EXCLUDED_FORMATS.include?(formatter.name)
+
+    formatter
+  end
+
+  def serialize(formatter, object)
+    begin
+      formatter.render(object)
+    rescue => err
+      raise Puppet::HTTP::SerializationError.new("Failed to serialize #{object.class} to #{formatter.name}: #{err.message}", err)
+    end
+  end
+
+  def serialize_multiple(formatter, object)
+    begin
+      formatter.render_multiple(object)
+    rescue => err
+      raise Puppet::HTTP::SerializationError.new("Failed to serialize multiple #{object.class} to #{formatter.name}: #{err.message}", err)
+    end
+  end
+
+  def deserialize(response, model)
+    formatter = formatter_for_response(response)
+    begin
+      formatter.intern(model, response.body.to_s)
+    rescue => err
+      raise Puppet::HTTP::SerializationError.new("Failed to deserialize #{model} from #{formatter.name}: #{err.message}", err)
+    end
+  end
+
+  def deserialize_multiple(response, model)
+    formatter = formatter_for_response(response)
+    begin
+      formatter.intern_multiple(model, response.body.to_s)
+    rescue => err
+      raise Puppet::HTTP::SerializationError.new("Failed to deserialize multiple #{model} from #{formatter.name}: #{err.message}", err)
+    end
+  end
 end

data/lib/puppet/http/service/compiler.rb

@@ -0,0 +1,86 @@
+class Puppet::HTTP::Service::Compiler < Puppet::HTTP::Service
+  API = '/puppet/v3'.freeze
+
+  def initialize(client, server, port)
+    url = build_url(API, server || Puppet[:server], port || Puppet[:masterport])
+    super(client, url)
+  end
+
+  def get_node(name, environment:, configured_environment: nil, transaction_uuid: nil)
+    headers = add_puppet_headers('Accept' => get_mime_types(Puppet::Node).join(', '))
+
+    response = @client.get(
+      with_base_url("/node/#{name}"),
+      headers: headers,
+      params: {
+        environment: environment,
+        configured_environment: configured_environment || environment,
+        transaction_uuid: transaction_uuid,
+      },
+    )
+
+    return deserialize(response, Puppet::Node) if response.success?
+
+    raise Puppet::HTTP::ResponseError.new(response)
+  end
+
+  def get_catalog(name, facts:, environment:, configured_environment: nil, transaction_uuid: nil, job_uuid: nil, static_catalog: true, checksum_type: Puppet[:supported_checksum_types])
+    if Puppet[:preferred_serialization_format] == "pson"
+      formatter = Puppet::Network::FormatHandler.format_for(:pson)
+      # must use 'pson' instead of 'text/pson'
+      facts_format = 'pson'
+    else
+      formatter = Puppet::Network::FormatHandler.format_for(:json)
+      facts_format = formatter.mime
+    end
+
+    facts_as_string = serialize(formatter, facts)
+
+    # query parameters are sent in the POST request body
+    body = {
+      facts_format: facts_format,
+      facts: Puppet::Util.uri_query_encode(facts_as_string),
+      environment: environment,
+      configured_environment: configured_environment || environment,
+      transaction_uuid: transaction_uuid,
+      job_uuid: job_uuid,
+      static_catalog: static_catalog,
+      checksum_type: checksum_type.join('.')
+    }.map do |key, value|
+      "#{key}=#{Puppet::Util.uri_query_encode(value.to_s)}"
+    end.join("&")
+
+    headers = add_puppet_headers('Accept' => get_mime_types(Puppet::Resource::Catalog).join(', '))
+
+    response = @client.post(
+      with_base_url("/catalog/#{name}"),
+      headers: headers,
+      # for legacy reasons we always send environment as a query parameter too
+      params: { environment: environment },
+      content_type: 'application/x-www-form-urlencoded',
+      body: body,
+    )
+
+    return deserialize(response, Puppet::Resource::Catalog) if response.success?
+
+    raise Puppet::HTTP::ResponseError.new(response)
+  end
+
+  def put_facts(name, environment:, facts:)
+    formatter = Puppet::Network::FormatHandler.format_for(Puppet[:preferred_serialization_format])
+
+    headers = add_puppet_headers('Accept' => get_mime_types(Puppet::Node::Facts).join(', '))
+
+    response = @client.put(
+      with_base_url("/facts/#{name}"),
+      headers: headers,
+      params: { environment: environment },
+      content_type: formatter.mime,
+      body: serialize(formatter, facts),
+    )
+
+    return true if response.success?
+
+    raise Puppet::HTTP::ResponseError.new(response)
+  end
+end

data/lib/puppet/http/service/file_server.rb

@@ -0,0 +1,85 @@
+require 'puppet/file_serving/metadata'
+
+class Puppet::HTTP::Service::FileServer < Puppet::HTTP::Service
+  API = '/puppet/v3'.freeze
+  PATH_REGEX = /^\//
+
+  def initialize(client, server, port)
+    url = build_url(API, server || Puppet[:server], port || Puppet[:masterport])
+    super(client, url)
+  end
+
+  def get_file_metadata(path:, environment:, links: :manage, checksum_type: Puppet[:digest_algorithm], source_permissions: :ignore, ssl_context: nil)
+    validate_path(path)
+
+    headers = add_puppet_headers({ 'Accept' => get_mime_types(Puppet::FileServing::Metadata).join(', ') })
+
+    response = @client.get(
+      with_base_url("/file_metadata#{path}"),
+      headers: headers,
+      params: {
+        links: links,
+        checksum_type: checksum_type,
+        source_permissions: source_permissions,
+        environment: environment
+      },
+      ssl_context: ssl_context
+    )
+
+    return deserialize(response, Puppet::FileServing::Metadata) if response.success?
+
+    raise Puppet::HTTP::ResponseError.new(response)
+  end
+
+  def get_file_metadatas(path: nil, environment:, recurse: :false, recurselimit: nil, ignore: nil, links: :manage, checksum_type: Puppet[:digest_algorithm], source_permissions: :ignore, ssl_context: nil)
+    validate_path(path)
+
+    headers = add_puppet_headers({ 'Accept' => get_mime_types(Puppet::FileServing::Metadata).join(', ') })
+
+    response = @client.get(
+      with_base_url("/file_metadatas#{path}"),
+      headers: headers,
+      params: {
+        recurse: recurse,
+        recurselimit: recurselimit,
+        ignore: ignore,
+        links: links,
+        checksum_type: checksum_type,
+        source_permissions: source_permissions,
+        environment: environment,
+      },
+      ssl_context: ssl_context
+    )
+
+    return deserialize_multiple(response, Puppet::FileServing::Metadata) if response.success?
+
+    raise Puppet::HTTP::ResponseError.new(response)
+  end
+
+  def get_file_content(path:, environment:, ssl_context: nil, &block)
+    validate_path(path)
+
+    headers = add_puppet_headers({'Accept' => 'application/octet-stream' })
+    response = @client.get(
+      with_base_url("/file_content#{path}"),
+      headers: headers,
+      params: {
+        environment: environment
+      },
+      ssl_context: ssl_context
+    ) do |res|
+      if res.success?
+        res.read_body(&block)
+      end
+    end
+
+    return nil if response.success?
+
+    raise Puppet::HTTP::ResponseError.new(response)
+  end
+  private
+
+  def validate_path(path)
+    raise ArgumentError, "Path must start with a slash" unless path =~ PATH_REGEX
+  end
+end