puppet 6.16.0-x64-mingw32 → 6.17.0-x64-mingw32
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Gemfile +4 -2
- data/Gemfile.lock +10 -10
- data/README.md +2 -2
- data/lib/puppet/agent.rb +2 -2
- data/lib/puppet/application/agent.rb +14 -3
- data/lib/puppet/configurer.rb +20 -12
- data/lib/puppet/confine.rb +1 -1
- data/lib/puppet/defaults.rb +25 -8
- data/lib/puppet/file_serving/http_metadata.rb +13 -1
- data/lib/puppet/file_serving/metadata.rb +4 -1
- data/lib/puppet/file_serving/terminus_selector.rb +7 -8
- data/lib/puppet/file_system/file_impl.rb +1 -1
- data/lib/puppet/file_system/uniquefile.rb +8 -16
- data/lib/puppet/forge.rb +1 -1
- data/lib/puppet/forge/cache.rb +1 -1
- data/lib/puppet/forge/repository.rb +3 -7
- data/lib/puppet/http/client.rb +5 -0
- data/lib/puppet/http/redirector.rb +9 -7
- data/lib/puppet/http/response.rb +19 -0
- data/lib/puppet/indirector.rb +1 -1
- data/lib/puppet/indirector/file_content/rest.rb +1 -1
- data/lib/puppet/indirector/file_metadata/http.rb +24 -5
- data/lib/puppet/indirector/file_metadata/rest.rb +2 -2
- data/lib/puppet/indirector/request.rb +1 -1
- data/lib/puppet/network/http/api/indirected_routes.rb +1 -1
- data/lib/puppet/network/http/api/master/v3/environment.rb +3 -0
- data/lib/puppet/network/http/connection_adapter.rb +6 -4
- data/lib/puppet/parser/ast/leaf.rb +5 -5
- data/lib/puppet/parser/ast/pops_bridge.rb +0 -4
- data/lib/puppet/parser/compiler.rb +1 -1
- data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +2 -0
- data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +2 -0
- data/lib/puppet/parser/environment_compiler.rb +4 -1
- data/lib/puppet/parser/resource.rb +3 -2
- data/lib/puppet/parser/resource/param.rb +6 -0
- data/lib/puppet/pops/evaluator/evaluator_impl.rb +5 -5
- data/lib/puppet/pops/issues.rb +5 -0
- data/lib/puppet/pops/resource/resource_type_impl.rb +2 -0
- data/lib/puppet/pops/validation/checker4_0.rb +10 -0
- data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -0
- data/lib/puppet/provider/package/aptitude.rb +1 -1
- data/lib/puppet/provider/package/yum.rb +1 -1
- data/lib/puppet/provider/service/windows.rb +23 -7
- data/lib/puppet/provider/user/useradd.rb +11 -4
- data/lib/puppet/reports/http.rb +2 -0
- data/lib/puppet/resource.rb +2 -1
- data/lib/puppet/resource/type.rb +8 -0
- data/lib/puppet/ssl/ssl_context.rb +2 -2
- data/lib/puppet/ssl/ssl_provider.rb +20 -1
- data/lib/puppet/test/test_helper.rb +8 -10
- data/lib/puppet/trusted_external.rb +29 -1
- data/lib/puppet/type.rb +12 -5
- data/lib/puppet/type/file.rb +38 -13
- data/lib/puppet/type/file/checksum.rb +4 -4
- data/lib/puppet/type/file/source.rb +4 -4
- data/lib/puppet/type/service.rb +49 -0
- data/lib/puppet/util.rb +39 -15
- data/lib/puppet/util/checksums.rb +19 -4
- data/lib/puppet/util/fileparsing.rb +2 -2
- data/lib/puppet/util/provider_features.rb +1 -1
- data/lib/puppet/util/reference.rb +1 -1
- data/lib/puppet/util/windows/api_types.rb +45 -32
- data/lib/puppet/util/windows/eventlog.rb +1 -6
- data/lib/puppet/util/windows/principal.rb +8 -6
- data/lib/puppet/util/windows/registry.rb +11 -11
- data/lib/puppet/util/windows/service.rb +43 -26
- data/lib/puppet/util/windows/user.rb +23 -8
- data/lib/puppet/version.rb +1 -1
- data/locales/puppet.pot +249 -221
- data/man/man5/puppet.conf.5 +19 -8
- data/man/man8/puppet-agent.8 +2 -2
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +1 -1
- data/man/man8/puppet-filebucket.8 +1 -1
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-key.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-man.8 +1 -1
- data/man/man8/puppet-module.8 +1 -1
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +1 -1
- data/man/man8/puppet-status.8 +1 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/integration/application/agent_spec.rb +89 -0
- data/spec/integration/defaults_spec.rb +1 -2
- data/spec/integration/network/http_pool_spec.rb +26 -9
- data/spec/integration/parser/compiler_spec.rb +11 -0
- data/spec/integration/type/file_spec.rb +1 -1
- data/spec/integration/util/windows/registry_spec.rb +7 -7
- data/spec/integration/util/windows/user_spec.rb +40 -5
- data/spec/unit/configurer/fact_handler_spec.rb +4 -4
- data/spec/unit/context/trusted_information_spec.rb +10 -4
- data/spec/unit/file_serving/http_metadata_spec.rb +37 -14
- data/spec/unit/file_serving/terminus_selector_spec.rb +45 -26
- data/spec/unit/http/client_spec.rb +64 -8
- data/spec/unit/http/response_spec.rb +6 -0
- data/spec/unit/indirector/file_metadata/http_spec.rb +27 -0
- data/spec/unit/indirector/request_spec.rb +1 -1
- data/spec/unit/interface_spec.rb +3 -3
- data/spec/unit/network/http/api/indirected_routes_spec.rb +2 -1
- data/spec/unit/network/http/connection_spec.rb +42 -32
- data/spec/unit/parser/ast/block_expression_spec.rb +1 -1
- data/spec/unit/parser/environment_compiler_spec.rb +7 -0
- data/spec/unit/parser/scope_spec.rb +1 -1
- data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +15 -1
- data/spec/unit/pops/loaders/loaders_spec.rb +1 -1
- data/spec/unit/pops/types/type_calculator_spec.rb +1 -11
- data/spec/unit/provider/service/windows_spec.rb +22 -14
- data/spec/unit/provider/user/openbsd_spec.rb +1 -0
- data/spec/unit/provider/user/useradd_spec.rb +22 -16
- data/spec/unit/resource_spec.rb +3 -3
- data/spec/unit/ssl/ssl_provider_spec.rb +69 -43
- data/spec/unit/test/test_helper_spec.rb +17 -0
- data/spec/unit/transaction/report_spec.rb +1 -1
- data/spec/unit/type/file/source_spec.rb +3 -3
- data/spec/unit/type/file_spec.rb +122 -96
- data/spec/unit/type/service_spec.rb +176 -0
- data/spec/unit/type_spec.rb +50 -0
- data/spec/unit/util/checksums_spec.rb +16 -0
- data/spec/unit/util/windows/api_types_spec.rb +104 -40
- data/spec/unit/util/windows/service_spec.rb +4 -4
- data/spec/unit/util_spec.rb +3 -3
- data/spec/unit/x509/cert_provider_spec.rb +1 -1
- metadata +5 -5
- data/spec/integration/test/test_helper_spec.rb +0 -31
    
        checksums.yaml
    CHANGED
    
    | @@ -1,7 +1,7 @@ | |
| 1 1 | 
             
            ---
         | 
| 2 2 | 
             
            SHA256:
         | 
| 3 | 
            -
              metadata.gz:  | 
| 4 | 
            -
              data.tar.gz:  | 
| 3 | 
            +
              metadata.gz: f540948451f9c01527535a189dd3bda0b4cecf3d8ea98a936a83d12e3269e969
         | 
| 4 | 
            +
              data.tar.gz: 20fbc8c65dae7ac04669f3af185c6ab2442b847354558b8628594afb371d0694
         | 
| 5 5 | 
             
            SHA512:
         | 
| 6 | 
            -
              metadata.gz:  | 
| 7 | 
            -
              data.tar.gz:  | 
| 6 | 
            +
              metadata.gz: a76e1ceb31ce5060b4a455758e6c54175e6150bb2a2a1d4b925b6bf89dcdcc5c854393009f77ccbffc3693ccadf51cc18e782df6ea19953ab54d1c71f37f9311
         | 
| 7 | 
            +
              data.tar.gz: ba6046be091326587070697f1f80d89cee09d1da1cc1e277487a9c8372a6f47e01d83a41c02f70645e5affc452003b621bd20460c96d7c741454b440ba3b0c9e
         | 
    
        data/Gemfile
    CHANGED
    
    | @@ -3,9 +3,9 @@ source ENV['GEM_SOURCE'] || "https://rubygems.org" | |
| 3 3 | 
             
            gemspec
         | 
| 4 4 |  | 
| 5 5 | 
             
            def location_for(place, fake_version = nil)
         | 
| 6 | 
            -
              if place =~ /^(git[:@][^#]*)#(.*)/
         | 
| 6 | 
            +
              if place.is_a?(String) && place =~ /^(git[:@][^#]*)#(.*)/
         | 
| 7 7 | 
             
                [fake_version, { git: $1, branch: $2, require: false }].compact
         | 
| 8 | 
            -
              elsif place =~ /^file:\/\/(.*)/
         | 
| 8 | 
            +
              elsif place.is_a?(String) && place =~ /^file:\/\/(.*)/
         | 
| 9 9 | 
             
                ['>= 0', { path: File.expand_path($1), require: false }]
         | 
| 10 10 | 
             
              else
         | 
| 11 11 | 
             
                [place, { require: false }]
         | 
| @@ -19,6 +19,8 @@ gem "hiera", *location_for(ENV['HIERA_LOCATION']) if ENV.has_key?('HIERA_LOCATIO | |
| 19 19 | 
             
            gem "semantic_puppet", *location_for(ENV['SEMANTIC_PUPPET_LOCATION'] || ["~> 1.0"])
         | 
| 20 20 | 
             
            gem "puppet-resource_api", *location_for(ENV['RESOURCE_API_LOCATION'] || ["~> 1.5"])
         | 
| 21 21 |  | 
| 22 | 
            +
            gem "scanf" if RUBY_VERSION.to_f >= 2.7
         | 
| 23 | 
            +
             | 
| 22 24 | 
             
            group(:features) do
         | 
| 23 25 | 
             
              gem 'diff-lcs', '~> 1.3', require: false
         | 
| 24 26 | 
             
              gem 'hiera-eyaml', *location_for(ENV['HIERA_EYAML_LOCATION'])
         | 
    
        data/Gemfile.lock
    CHANGED
    
    | @@ -1,7 +1,7 @@ | |
| 1 1 | 
             
            PATH
         | 
| 2 2 | 
             
              remote: .
         | 
| 3 3 | 
             
              specs:
         | 
| 4 | 
            -
                puppet (6. | 
| 4 | 
            +
                puppet (6.17.0)
         | 
| 5 5 | 
             
                  CFPropertyList (~> 2.2)
         | 
| 6 6 | 
             
                  concurrent-ruby (~> 1.0)
         | 
| 7 7 | 
             
                  deep_merge (~> 1.0)
         | 
| @@ -20,16 +20,16 @@ GEM | |
| 20 20 | 
             
                addressable (2.7.0)
         | 
| 21 21 | 
             
                  public_suffix (>= 2.0.2, < 5.0)
         | 
| 22 22 | 
             
                artifactory (2.8.2)
         | 
| 23 | 
            -
                ast (2.4. | 
| 24 | 
            -
                coderay (1.1. | 
| 23 | 
            +
                ast (2.4.1)
         | 
| 24 | 
            +
                coderay (1.1.3)
         | 
| 25 25 | 
             
                concurrent-ruby (1.1.6)
         | 
| 26 26 | 
             
                crack (0.4.3)
         | 
| 27 27 | 
             
                  safe_yaml (~> 1.0.0)
         | 
| 28 28 | 
             
                csv (3.1.5)
         | 
| 29 29 | 
             
                deep_merge (1.2.1)
         | 
| 30 | 
            -
                diff-lcs (1. | 
| 30 | 
            +
                diff-lcs (1.4.4)
         | 
| 31 31 | 
             
                docopt (0.6.1)
         | 
| 32 | 
            -
                facter (4.0. | 
| 32 | 
            +
                facter (4.0.29)
         | 
| 33 33 | 
             
                  hocon (~> 1.3)
         | 
| 34 34 | 
             
                  thor (>= 1.0.1, < 2.0)
         | 
| 35 35 | 
             
                fast_gettext (1.1.2)
         | 
| @@ -56,16 +56,16 @@ GEM | |
| 56 56 | 
             
                method_source (1.0.0)
         | 
| 57 57 | 
             
                minitar (0.9)
         | 
| 58 58 | 
             
                msgpack (1.3.3)
         | 
| 59 | 
            -
                multi_json (1. | 
| 59 | 
            +
                multi_json (1.15.0)
         | 
| 60 60 | 
             
                mustache (1.1.1)
         | 
| 61 61 | 
             
                optimist (3.0.1)
         | 
| 62 | 
            -
                packaging (0.99. | 
| 62 | 
            +
                packaging (0.99.66)
         | 
| 63 63 | 
             
                  artifactory (~> 2)
         | 
| 64 64 | 
             
                  rake (>= 12.3)
         | 
| 65 65 | 
             
                  release-metrics
         | 
| 66 | 
            -
                parallel (1.19. | 
| 67 | 
            -
                parser (2.7.1. | 
| 68 | 
            -
                  ast (~> 2.4. | 
| 66 | 
            +
                parallel (1.19.2)
         | 
| 67 | 
            +
                parser (2.7.1.4)
         | 
| 68 | 
            +
                  ast (~> 2.4.1)
         | 
| 69 69 | 
             
                powerpack (0.1.2)
         | 
| 70 70 | 
             
                pry (0.13.1)
         | 
| 71 71 | 
             
                  coderay (~> 1.1)
         | 
    
        data/README.md
    CHANGED
    
    | @@ -25,10 +25,10 @@ which also includes orchestration features, a web console, and professional supp | |
| 25 25 | 
             
            The PE documentation is [available here.](https://puppet.com/docs/pe/latest)
         | 
| 26 26 |  | 
| 27 27 | 
             
            To install an open source release of Puppet,
         | 
| 28 | 
            -
            [see the installation guide on the docs site.](https://puppet.com/docs/puppet/ | 
| 28 | 
            +
            [see the installation guide on the docs site.](https://puppet.com/docs/puppet/latest/installing_and_upgrading.html)
         | 
| 29 29 |  | 
| 30 30 | 
             
            If you need to run Puppet from source as a tester or developer,
         | 
| 31 | 
            -
            see the [ | 
| 31 | 
            +
            see the [Quick Start to Developing on Puppet](docs/quickstart.md) guide.
         | 
| 32 32 |  | 
| 33 33 | 
             
            ## Developing and Contributing
         | 
| 34 34 |  | 
    
        data/lib/puppet/agent.rb
    CHANGED
    
    | @@ -64,10 +64,10 @@ class Puppet::Agent | |
| 64 64 | 
             
                        now = Time.now.to_i
         | 
| 65 65 | 
             
                        wait_for_lock_deadline ||= now + Puppet[:maxwaitforlock]
         | 
| 66 66 |  | 
| 67 | 
            -
                        if Puppet[:waitforlock] | 
| 67 | 
            +
                        if Puppet[:waitforlock] < 1
         | 
| 68 68 | 
             
                          Puppet.notice _("Run of %{client_class} already in progress; skipping  (%{lockfile_path} exists)") % { client_class: client_class, lockfile_path: lockfile_path }
         | 
| 69 69 | 
             
                          nil
         | 
| 70 | 
            -
                        elsif now  | 
| 70 | 
            +
                        elsif now >= wait_for_lock_deadline
         | 
| 71 71 | 
             
                          Puppet.notice _("Exiting now because the maxwaitforlock timeout has been exceeded.")
         | 
| 72 72 | 
             
                          nil
         | 
| 73 73 | 
             
                        else
         | 
| @@ -258,7 +258,9 @@ generated by running puppet agent with '--genconfig'. | |
| 258 258 |  | 
| 259 259 | 
             
            * --job-id:
         | 
| 260 260 | 
             
              Attach the specified job id to the catalog request and the report used for
         | 
| 261 | 
            -
              this agent run. This option only works when '--onetime' is used.
         | 
| 261 | 
            +
              this agent run. This option only works when '--onetime' is used.  When using
         | 
| 262 | 
            +
              Puppet Enterprise this flag should not be used as the orchestrator sets the
         | 
| 263 | 
            +
              job-id for you and it must be unique.
         | 
| 262 264 |  | 
| 263 265 | 
             
            * --logdest:
         | 
| 264 266 | 
             
              Where to send log messages. Choose between 'syslog' (the POSIX syslog
         | 
| @@ -363,8 +365,17 @@ Copyright (c) 2011 Puppet Inc., LLC Licensed under the Apache 2.0 License | |
| 363 365 | 
             
                  daemon.set_signal_traps
         | 
| 364 366 |  | 
| 365 367 | 
             
                  log_config if Puppet[:daemonize]
         | 
| 366 | 
            -
             | 
| 367 | 
            -
                   | 
| 368 | 
            +
             | 
| 369 | 
            +
                  # run ssl state machine, waiting if needed
         | 
| 370 | 
            +
                  ssl_context = wait_for_certificates
         | 
| 371 | 
            +
             | 
| 372 | 
            +
                  # Each application is responsible for pushing loaders onto the context.
         | 
| 373 | 
            +
                  # Use the current environment that has already been established, though
         | 
| 374 | 
            +
                  # it may change later during the configurer run.
         | 
| 375 | 
            +
                  env = Puppet.lookup(:current_environment)
         | 
| 376 | 
            +
                  Puppet.override(ssl_context: ssl_context,
         | 
| 377 | 
            +
                                  current_environment: env,
         | 
| 378 | 
            +
                                  loaders: Puppet::Pops::Loaders.new(env, true)) do
         | 
| 368 379 | 
             
                    if Puppet[:onetime]
         | 
| 369 380 | 
             
                      onetime(daemon)
         | 
| 370 381 | 
             
                    else
         | 
    
        data/lib/puppet/configurer.rb
    CHANGED
    
    | @@ -303,6 +303,15 @@ class Puppet::Configurer | |
| 303 303 | 
             
                          report.environment = @environment
         | 
| 304 304 | 
             
                          query_options = nil
         | 
| 305 305 | 
             
                          facts = nil
         | 
| 306 | 
            +
             | 
| 307 | 
            +
                          new_env = Puppet::Node::Environment.remote(@environment)
         | 
| 308 | 
            +
                          Puppet.push_context(
         | 
| 309 | 
            +
                            {
         | 
| 310 | 
            +
                              current_environment: new_env,
         | 
| 311 | 
            +
                              loaders: Puppet::Pops::Loaders.new(new_env, true)
         | 
| 312 | 
            +
                            },
         | 
| 313 | 
            +
                            "Local node environment #{@environment} for configurer transaction"
         | 
| 314 | 
            +
                          )
         | 
| 306 315 | 
             
                        else
         | 
| 307 316 | 
             
                          Puppet.info _("Using configured environment '%{env}'") % { env: @environment }
         | 
| 308 317 | 
             
                        end
         | 
| @@ -313,19 +322,18 @@ class Puppet::Configurer | |
| 313 322 | 
             
                    end
         | 
| 314 323 | 
             
                  end
         | 
| 315 324 |  | 
| 316 | 
            -
                   | 
| 317 | 
            -
                   | 
| 318 | 
            -
             | 
| 319 | 
            -
             | 
| 320 | 
            -
                     | 
| 321 | 
            -
             | 
| 322 | 
            -
             | 
| 323 | 
            -
             | 
| 325 | 
            +
                  # This is to maintain compatibility with anyone using this class
         | 
| 326 | 
            +
                  # aside from agent, apply, device.
         | 
| 327 | 
            +
                  unless Puppet.lookup(:loaders) { nil }
         | 
| 328 | 
            +
                    new_env = Puppet::Node::Environment.remote(@environment)
         | 
| 329 | 
            +
                    Puppet.push_context(
         | 
| 330 | 
            +
                      {
         | 
| 331 | 
            +
                        current_environment: new_env,
         | 
| 332 | 
            +
                        loaders: Puppet::Pops::Loaders.new(new_env, true)
         | 
| 333 | 
            +
                      },
         | 
| 334 | 
            +
                      "Local node environment #{@environment} for configurer transaction"
         | 
| 335 | 
            +
                    )
         | 
| 324 336 | 
             
                  end
         | 
| 325 | 
            -
                  Puppet.push_context({
         | 
| 326 | 
            -
                    :current_environment => local_node_environment, 
         | 
| 327 | 
            -
                    :loaders => Puppet::Pops::Loaders.new(local_node_environment, true)
         | 
| 328 | 
            -
                  }, "Local node environment for configurer transaction")
         | 
| 329 337 |  | 
| 330 338 | 
             
                  query_options, facts = get_facts(options) unless query_options
         | 
| 331 339 | 
             
                  query_options[:configured_environment] = configured_environment
         | 
    
        data/lib/puppet/confine.rb
    CHANGED
    
    | @@ -26,7 +26,7 @@ class Puppet::Confine | |
| 26 26 | 
             
                    require "puppet/confine/#{name}"
         | 
| 27 27 | 
             
                  rescue LoadError => detail
         | 
| 28 28 | 
             
                    unless detail.to_s =~ /No such file|cannot load such file/i
         | 
| 29 | 
            -
                       | 
| 29 | 
            +
                      Puppet.warning("Could not load confine test '#{name}': #{detail}")
         | 
| 30 30 | 
             
                    end
         | 
| 31 31 | 
             
                    # Could not find file
         | 
| 32 32 | 
             
                    if !Puppet[:always_retry_plugins]
         | 
    
        data/lib/puppet/defaults.rb
    CHANGED
    
    | @@ -347,8 +347,7 @@ module Puppet | |
| 347 347 | 
             
                  :default => "ansi",
         | 
| 348 348 | 
             
                  :type    => :string,
         | 
| 349 349 | 
             
                  :desc    => "Whether to use colors when logging to the console.  Valid values are
         | 
| 350 | 
            -
                    `ansi` (equivalent to `true`), `html`, and `false`, which produces no color.
         | 
| 351 | 
            -
                    Defaults to false on Windows, as its console does not support ansi colors.",
         | 
| 350 | 
            +
                    `ansi` (equivalent to `true`), `html`, and `false`, which produces no color."
         | 
| 352 351 | 
             
                },
         | 
| 353 352 | 
             
                :mkusers => {
         | 
| 354 353 | 
             
                    :default  => false,
         | 
| @@ -590,13 +589,22 @@ module Puppet | |
| 590 589 | 
             
                },
         | 
| 591 590 | 
             
                :trusted_external_command => {
         | 
| 592 591 | 
             
                  :default  => nil,
         | 
| 593 | 
            -
                  : | 
| 592 | 
            +
                  :type     => :file_or_directory,
         | 
| 593 | 
            +
                  :desc     => "The external trusted facts script or directory to use.
         | 
| 594 594 | 
             
                    This setting's value can be set to the path to an executable command that
         | 
| 595 | 
            -
                    can produce external trusted facts | 
| 595 | 
            +
                    can produce external trusted facts or to a directory containing those
         | 
| 596 | 
            +
                    executable commands. The command(s) must:
         | 
| 596 597 |  | 
| 597 598 | 
             
                    * Take the name of a node as a command-line argument.
         | 
| 598 599 | 
             
                    * Return a JSON hash with the external trusted facts for this node.
         | 
| 599 | 
            -
                    * For unknown or invalid nodes, exit with a non-zero exit code. | 
| 600 | 
            +
                    * For unknown or invalid nodes, exit with a non-zero exit code.
         | 
| 601 | 
            +
             | 
| 602 | 
            +
                    If the setting points to an executable command, then the external trusted
         | 
| 603 | 
            +
                    facts will be stored in the 'external' key of the trusted facts hash. Otherwise
         | 
| 604 | 
            +
                    for each executable file in the directory, the external trusted facts will be
         | 
| 605 | 
            +
                    stored in the `<basename>` key of the `trusted['external']` hash. For example,
         | 
| 606 | 
            +
                    if the files foo.rb and bar.sh are in the directory, then `trusted['external']`
         | 
| 607 | 
            +
                    will be the hash `{ 'foo' => <foo.rb output>, 'bar' => <bar.sh output> }`.",
         | 
| 600 608 | 
             
                },
         | 
| 601 609 | 
             
                :default_file_terminus => {
         | 
| 602 610 | 
             
                  :type       => :terminus,
         | 
| @@ -992,6 +1000,15 @@ EOT | |
| 992 1000 | 
             
                    and reject the CA certificate if the values do not match. This only applies
         | 
| 993 1001 | 
             
                    during the first download of the CA certificate."
         | 
| 994 1002 | 
             
                },
         | 
| 1003 | 
            +
                :ssl_trust_store => {
         | 
| 1004 | 
            +
                  :default => nil,
         | 
| 1005 | 
            +
                  :type => :file,
         | 
| 1006 | 
            +
                  :desc => "A file containing CA certificates in PEM format that puppet should trust
         | 
| 1007 | 
            +
                    when making HTTPS requests. This **only** applies to https requests to non-puppet
         | 
| 1008 | 
            +
                    infrastructure, such as retrieving file metadata and content from https file sources,
         | 
| 1009 | 
            +
                    puppet module tool and the 'http' report processor. This setting is ignored when
         | 
| 1010 | 
            +
                    making requests to puppet:// URLs such as catalog and report requests.",
         | 
| 1011 | 
            +
                },
         | 
| 995 1012 | 
             
                :ssl_client_ca_auth => {
         | 
| 996 1013 | 
             
                  :type  => :file,
         | 
| 997 1014 | 
             
                  :mode  => "0644",
         | 
| @@ -1536,7 +1553,7 @@ EOT | |
| 1536 1553 | 
             
                :statefile => {
         | 
| 1537 1554 | 
             
                  :default => "$statedir/state.yaml",
         | 
| 1538 1555 | 
             
                  :type => :file,
         | 
| 1539 | 
            -
                  :mode => " | 
| 1556 | 
            +
                  :mode => "0640",
         | 
| 1540 1557 | 
             
                  :desc => "Where puppet agent and puppet master store state associated
         | 
| 1541 1558 | 
             
                    with the running configuration.  In the case of puppet master,
         | 
| 1542 1559 | 
             
                    this file reflects the state discovered through interacting
         | 
| @@ -1558,7 +1575,7 @@ EOT | |
| 1558 1575 | 
             
                :transactionstorefile => {
         | 
| 1559 1576 | 
             
                  :default => "$statedir/transactionstore.yaml",
         | 
| 1560 1577 | 
             
                  :type => :file,
         | 
| 1561 | 
            -
                  :mode => " | 
| 1578 | 
            +
                  :mode => "0640",
         | 
| 1562 1579 | 
             
                  :desc => "Transactional storage file for persisting data between
         | 
| 1563 1580 | 
             
                    transactions for the purposes of infering information (such as
         | 
| 1564 1581 | 
             
                    corrective_change) on new data received."
         | 
| @@ -1890,7 +1907,7 @@ EOT | |
| 1890 1907 | 
             
                  already ongoing puppet agent instance.
         | 
| 1891 1908 |  | 
| 1892 1909 | 
             
                  This argument is by default disabled (value set to 0). In this case puppet agent will
         | 
| 1893 | 
            -
                   | 
| 1910 | 
            +
                  immediately exit if it cannot run at that moment. When a value other than 0 is set, this
         | 
| 1894 1911 | 
             
                  can also be used in combination with the `maxwaitforlock` argument.
         | 
| 1895 1912 | 
             
                  #{AS_DURATION}",
         | 
| 1896 1913 | 
             
                },
         | 
| @@ -15,6 +15,7 @@ class Puppet::FileServing::HttpMetadata < Puppet::FileServing::Metadata | |
| 15 15 | 
             
                # use a default mtime in case there is no usable HTTP header
         | 
| 16 16 | 
             
                @checksums[:mtime] = "{mtime}#{Time.now}"
         | 
| 17 17 |  | 
| 18 | 
            +
                # RFC-1864, deprecated in HTTP/1.1 due to partial responses
         | 
| 18 19 | 
             
                checksum = http_response['content-md5']
         | 
| 19 20 | 
             
                if checksum
         | 
| 20 21 | 
             
                  # convert base64 digest to hex
         | 
| @@ -22,6 +23,17 @@ class Puppet::FileServing::HttpMetadata < Puppet::FileServing::Metadata | |
| 22 23 | 
             
                  @checksums[:md5] = "{md5}#{checksum}"
         | 
| 23 24 | 
             
                end
         | 
| 24 25 |  | 
| 26 | 
            +
                {
         | 
| 27 | 
            +
                  md5: 'X-Checksum-Md5',
         | 
| 28 | 
            +
                  sha1: 'X-Checksum-Sha1',
         | 
| 29 | 
            +
                  sha256: 'X-Checksum-Sha256'
         | 
| 30 | 
            +
                }.each_pair do |checksum_type, header|
         | 
| 31 | 
            +
                  checksum = http_response[header]
         | 
| 32 | 
            +
                  if checksum
         | 
| 33 | 
            +
                    @checksums[checksum_type] = "{#{checksum_type}}#{checksum}"
         | 
| 34 | 
            +
                  end
         | 
| 35 | 
            +
                end
         | 
| 36 | 
            +
             | 
| 25 37 | 
             
                last_modified = http_response['last-modified']
         | 
| 26 38 | 
             
                if last_modified
         | 
| 27 39 | 
             
                  mtime = DateTime.httpdate(last_modified).to_time
         | 
| @@ -39,7 +51,7 @@ class Puppet::FileServing::HttpMetadata < Puppet::FileServing::Metadata | |
| 39 51 | 
             
              def collect
         | 
| 40 52 | 
             
                # Prefer the checksum_type from the indirector request options
         | 
| 41 53 | 
             
                # but fall back to the alternative otherwise
         | 
| 42 | 
            -
                [ @checksum_type, :md5, :sha256, : | 
| 54 | 
            +
                [ @checksum_type, :md5, :sha256, :sha1, :mtime ].each do |type|
         | 
| 43 55 | 
             
                  @checksum_type = type
         | 
| 44 56 | 
             
                  @checksum = @checksums[type]
         | 
| 45 57 | 
             
                  break if @checksum
         | 
| @@ -138,7 +138,10 @@ class Puppet::FileServing::Metadata < Puppet::FileServing::Base | |
| 138 138 | 
             
                @source      = data.delete('source')
         | 
| 139 139 | 
             
                @content_uri = data.delete('content_uri')
         | 
| 140 140 |  | 
| 141 | 
            -
                 | 
| 141 | 
            +
                links = data.fetch('links', nil) || data.fetch(:links, nil)
         | 
| 142 | 
            +
                relative_path = data.fetch('relative_path', nil) || data.fetch(:relative_path, nil)
         | 
| 143 | 
            +
                source = @source || data.fetch(:source, nil)
         | 
| 144 | 
            +
                super(path, links: links, relative_path: relative_path, source: source)
         | 
| 142 145 | 
             
              end
         | 
| 143 146 |  | 
| 144 147 | 
             
              def to_data_hash
         | 
| @@ -7,11 +7,6 @@ module Puppet::FileServing::TerminusSelector | |
| 7 7 | 
             
              def select(request)
         | 
| 8 8 | 
             
                # We rely on the request's parsing of the URI.
         | 
| 9 9 |  | 
| 10 | 
            -
                # Short-circuit to :file if it's a fully-qualified path or specifies a 'file' protocol.
         | 
| 11 | 
            -
                if Puppet::Util.absolute_path?(request.key)
         | 
| 12 | 
            -
                  return :file
         | 
| 13 | 
            -
                end
         | 
| 14 | 
            -
             | 
| 15 10 | 
             
                case request.protocol
         | 
| 16 11 | 
             
                when "file"
         | 
| 17 12 | 
             
                  :file
         | 
| @@ -21,10 +16,14 @@ module Puppet::FileServing::TerminusSelector | |
| 21 16 | 
             
                  else
         | 
| 22 17 | 
             
                    Puppet[:default_file_terminus]
         | 
| 23 18 | 
             
                  end
         | 
| 24 | 
            -
             | 
| 25 | 
            -
             | 
| 19 | 
            +
                when "http","https"
         | 
| 20 | 
            +
                  :http
         | 
| 26 21 | 
             
                when nil
         | 
| 27 | 
            -
                   | 
| 22 | 
            +
                  if Puppet::Util.absolute_path?(request.key)
         | 
| 23 | 
            +
                    :file
         | 
| 24 | 
            +
                  else
         | 
| 25 | 
            +
                    :file_server
         | 
| 26 | 
            +
                  end
         | 
| 28 27 | 
             
                else
         | 
| 29 28 | 
             
                  raise ArgumentError, _("URI protocol '%{protocol}' is not currently supported for file serving") % { protocol: request.protocol }
         | 
| 30 29 | 
             
                end
         | 
| @@ -124,11 +124,7 @@ class Puppet::FileSystem::Uniquefile < DelegateClass(File) | |
| 124 124 | 
             
                  opts = []
         | 
| 125 125 | 
             
                end
         | 
| 126 126 | 
             
                tmpdir, = *rest
         | 
| 127 | 
            -
                 | 
| 128 | 
            -
                  tmpdir = '/tmp'
         | 
| 129 | 
            -
                else
         | 
| 130 | 
            -
                  tmpdir ||= tmpdir()
         | 
| 131 | 
            -
                end
         | 
| 127 | 
            +
                tmpdir ||= tmpdir()
         | 
| 132 128 | 
             
                n = nil
         | 
| 133 129 | 
             
                begin
         | 
| 134 130 | 
             
                  path = File.expand_path(make_tmpname(basename, n), tmpdir)
         | 
| @@ -154,18 +150,14 @@ class Puppet::FileSystem::Uniquefile < DelegateClass(File) | |
| 154 150 |  | 
| 155 151 | 
             
              def tmpdir
         | 
| 156 152 | 
             
                tmp = '.'
         | 
| 157 | 
            -
                 | 
| 158 | 
            -
                   | 
| 159 | 
            -
             | 
| 160 | 
            -
             | 
| 161 | 
            -
                     | 
| 162 | 
            -
             | 
| 163 | 
            -
                      tmp = dir
         | 
| 164 | 
            -
                      break
         | 
| 165 | 
            -
                    end rescue nil
         | 
| 166 | 
            -
                  end
         | 
| 167 | 
            -
                  File.expand_path(tmp)
         | 
| 153 | 
            +
                for dir in [ Puppet::Util.get_env('TMPDIR'), Puppet::Util.get_env('TMP'), Puppet::Util.get_env('TEMP'), @@systmpdir, '/tmp']
         | 
| 154 | 
            +
                  stat = File.stat(dir) if dir
         | 
| 155 | 
            +
                  if stat && stat.directory? && stat.writable?
         | 
| 156 | 
            +
                    tmp = dir
         | 
| 157 | 
            +
                    break
         | 
| 158 | 
            +
                  end rescue nil
         | 
| 168 159 | 
             
                end
         | 
| 160 | 
            +
                File.expand_path(tmp)
         | 
| 169 161 | 
             
              end
         | 
| 170 162 |  | 
| 171 163 |  | 
    
        data/lib/puppet/forge.rb
    CHANGED
    
    
    
        data/lib/puppet/forge/cache.rb
    CHANGED
    
    | @@ -25,7 +25,7 @@ class Puppet::Forge | |
| 25 25 | 
             
                    unless cached_file.file?
         | 
| 26 26 | 
             
                      if uri.scheme == 'file'
         | 
| 27 27 | 
             
                        # CGI.unescape butchers Uris that are escaped properly
         | 
| 28 | 
            -
                        FileUtils.cp( | 
| 28 | 
            +
                        FileUtils.cp(Puppet::Util.uri_unescape(uri.path), cached_file)
         | 
| 29 29 | 
             
                      else
         | 
| 30 30 | 
             
                        # TODO: Handle HTTPS; probably should use repository.contact
         | 
| 31 31 | 
             
                        data = read_retrieve(uri)
         | 
| @@ -37,19 +37,15 @@ class Puppet::Forge | |
| 37 37 | 
             
                    uri = URI(str)
         | 
| 38 38 |  | 
| 39 39 | 
             
                    headers = { "User-Agent" => user_agent }
         | 
| 40 | 
            -
                    basic_auth = nil
         | 
| 41 40 |  | 
| 42 41 | 
             
                    if forge_authorization
         | 
| 42 | 
            +
                      uri.user = nil
         | 
| 43 | 
            +
                      uri.password = nil
         | 
| 43 44 | 
             
                      headers["Authorization"] = forge_authorization
         | 
| 44 | 
            -
                    elsif @uri.user && @uri.password
         | 
| 45 | 
            -
                      basic_auth = {
         | 
| 46 | 
            -
                        user: @uri.user,
         | 
| 47 | 
            -
                        password: @uri.password
         | 
| 48 | 
            -
                      }
         | 
| 49 45 | 
             
                    end
         | 
| 50 46 |  | 
| 51 47 | 
             
                    http = Puppet.runtime[:http]
         | 
| 52 | 
            -
                    response = http.get(uri, headers: headers, options: { | 
| 48 | 
            +
                    response = http.get(uri, headers: headers, options: {ssl_context: @ssl_context})
         | 
| 53 49 | 
             
                    io.write(response.body) if io.respond_to?(:write)
         | 
| 54 50 | 
             
                    response
         | 
| 55 51 | 
             
                  rescue Puppet::SSL::CertVerifyError => e
         | 
    
        data/lib/puppet/http/client.rb
    CHANGED
    
    | @@ -290,6 +290,11 @@ class Puppet::HTTP::Client | |
| 290 290 | 
             
                redirector = Puppet::HTTP::Redirector.new(options.fetch(:redirect_limit, @default_redirect_limit))
         | 
| 291 291 |  | 
| 292 292 | 
             
                basic_auth = options.fetch(:basic_auth, nil)
         | 
| 293 | 
            +
                unless basic_auth
         | 
| 294 | 
            +
                  if request.uri.user && request.uri.password
         | 
| 295 | 
            +
                    basic_auth = { user: request.uri.user, password: request.uri.password }
         | 
| 296 | 
            +
                  end
         | 
| 297 | 
            +
                end
         | 
| 293 298 |  | 
| 294 299 | 
             
                redirects = 0
         | 
| 295 300 | 
             
                retries = 0
         |