RubyGems - puppet - Versions diffs - 6.16.0 → 7.0.0 - Mend

puppet 6.16.0 → 7.0.0

Potentially problematic release.

This version of puppet might be problematic. Click here for more details.

Files changed (645) hide show

checksums.yaml +4 -4
data/Gemfile +5 -3
data/Gemfile.lock +31 -33
data/README.md +4 -5
data/Rakefile +4 -12
data/conf/fileserver.conf +5 -10
data/ext/build_defaults.yaml +1 -1
data/ext/osx/file_mapping.yaml +0 -5
data/ext/project_data.yaml +1 -14
data/ext/redhat/puppet.spec.erb +0 -1
data/ext/windows/service/daemon.rb +6 -5
data/install.rb +21 -17
data/lib/puppet.rb +11 -20
data/lib/puppet/agent.rb +2 -2
data/lib/puppet/agent/locker.rb +0 -7
data/lib/puppet/application.rb +172 -98
data/lib/puppet/application/agent.rb +22 -6
data/lib/puppet/application/apply.rb +18 -20
data/lib/puppet/application/device.rb +100 -104
data/lib/puppet/application/doc.rb +1 -1
data/lib/puppet/application/filebucket.rb +15 -11
data/lib/puppet/application/lookup.rb +16 -4
data/lib/puppet/application/ssl.rb +1 -1
data/lib/puppet/configurer.rb +66 -31
data/lib/puppet/configurer/downloader.rb +31 -10
data/lib/puppet/configurer/plugin_handler.rb +21 -19
data/lib/puppet/confine.rb +2 -2
data/lib/puppet/confine/any.rb +1 -1
data/lib/puppet/defaults.rb +166 -169
data/lib/puppet/environments.rb +41 -15
data/lib/puppet/face/catalog.rb +1 -1
data/lib/puppet/face/config.rb +56 -16
data/lib/puppet/face/epp.rb +12 -2
data/lib/puppet/face/facts.rb +66 -6
data/lib/puppet/face/help.rb +1 -1
data/lib/puppet/face/node.rb +3 -3
data/lib/puppet/face/node/clean.rb +2 -2
data/lib/puppet/face/plugin.rb +5 -8
data/lib/puppet/feature/base.rb +1 -1
data/lib/puppet/ffi/windows.rb +12 -0
data/lib/puppet/ffi/windows/api_types.rb +311 -0
data/lib/puppet/ffi/windows/constants.rb +404 -0
data/lib/puppet/ffi/windows/functions.rb +628 -0
data/lib/puppet/ffi/windows/structs.rb +338 -0
data/lib/puppet/file_bucket/dipper.rb +1 -1
data/lib/puppet/file_serving/configuration.rb +0 -5
data/lib/puppet/file_serving/configuration/parser.rb +3 -32
data/lib/puppet/file_serving/http_metadata.rb +13 -1
data/lib/puppet/file_serving/metadata.rb +4 -1
data/lib/puppet/file_serving/mount.rb +1 -2
data/lib/puppet/file_serving/mount/locales.rb +1 -2
data/lib/puppet/file_serving/mount/pluginfacts.rb +1 -2
data/lib/puppet/file_serving/mount/plugins.rb +1 -2
data/lib/puppet/file_serving/terminus_selector.rb +7 -8
data/lib/puppet/file_system/file_impl.rb +4 -4
data/lib/puppet/file_system/uniquefile.rb +8 -16
data/lib/puppet/forge.rb +1 -1
data/lib/puppet/forge/cache.rb +1 -1
data/lib/puppet/forge/repository.rb +3 -8
data/lib/puppet/functions/epp.rb +1 -0
data/lib/puppet/functions/inline_epp.rb +1 -0
data/lib/puppet/functions/lstrip.rb +4 -4
data/lib/puppet/functions/new.rb +8 -3
data/lib/puppet/functions/reverse_each.rb +1 -1
data/lib/puppet/functions/rstrip.rb +4 -4
data/lib/puppet/functions/step.rb +1 -1
data/lib/puppet/functions/strip.rb +4 -4
data/lib/puppet/generate/models/type/type.rb +4 -1
data/lib/puppet/gettext/config.rb +5 -5
data/lib/puppet/gettext/module_translations.rb +4 -4
data/lib/puppet/http.rb +23 -13
data/lib/puppet/http/client.rb +170 -115
data/lib/puppet/{network/resolver.rb → http/dns.rb} +2 -2
data/lib/puppet/http/errors.rb +16 -0
data/lib/puppet/http/external_client.rb +5 -7
data/lib/puppet/{network/http → http}/factory.rb +8 -11
data/lib/puppet/{network/http → http}/pool.rb +61 -26
data/lib/puppet/{network/http/session.rb → http/pool_entry.rb} +2 -3
data/lib/puppet/http/proxy.rb +137 -0
data/lib/puppet/http/redirector.rb +13 -19
data/lib/puppet/http/resolver.rb +10 -23
data/lib/puppet/http/resolver/server_list.rb +23 -45
data/lib/puppet/http/resolver/settings.rb +7 -10
data/lib/puppet/http/resolver/srv.rb +11 -15
data/lib/puppet/http/response.rb +49 -48
data/lib/puppet/http/response_converter.rb +24 -0
data/lib/puppet/http/response_net_http.rb +42 -0
data/lib/puppet/http/retry_after_handler.rb +4 -13
data/lib/puppet/http/service.rb +15 -27
data/lib/puppet/http/service/ca.rb +11 -22
data/lib/puppet/http/service/compiler.rb +23 -70
data/lib/puppet/http/service/file_server.rb +19 -28
data/lib/puppet/http/service/puppetserver.rb +53 -0
data/lib/puppet/http/service/report.rb +8 -10
data/lib/puppet/http/session.rb +16 -24
data/lib/puppet/{network/http → http}/site.rb +1 -2
data/lib/puppet/indirector.rb +1 -1
data/lib/puppet/indirector/catalog/compiler.rb +1 -1
data/lib/puppet/indirector/catalog/rest.rb +2 -4
data/lib/puppet/indirector/exec.rb +1 -1
data/lib/puppet/indirector/fact_search.rb +60 -0
data/lib/puppet/indirector/facts/facter.rb +27 -6
data/lib/puppet/indirector/facts/json.rb +27 -0
data/lib/puppet/indirector/facts/rest.rb +3 -22
data/lib/puppet/indirector/facts/yaml.rb +4 -59
data/lib/puppet/indirector/file_bucket_file/rest.rb +3 -9
data/lib/puppet/indirector/file_content/rest.rb +3 -7
data/lib/puppet/indirector/file_metadata/http.rb +25 -5
data/lib/puppet/indirector/file_metadata/rest.rb +5 -11
data/lib/puppet/indirector/file_server.rb +1 -8
data/lib/puppet/indirector/generic_http.rb +0 -11
data/lib/puppet/indirector/hiera.rb +4 -0
data/lib/puppet/indirector/indirection.rb +1 -1
data/lib/puppet/indirector/json.rb +5 -1
data/lib/puppet/indirector/msgpack.rb +1 -1
data/lib/puppet/indirector/node/json.rb +8 -0
data/lib/puppet/indirector/node/rest.rb +2 -4
data/lib/puppet/indirector/report/json.rb +34 -0
data/lib/puppet/indirector/report/processor.rb +2 -2
data/lib/puppet/indirector/report/rest.rb +3 -8
data/lib/puppet/indirector/request.rb +2 -103
data/lib/puppet/indirector/rest.rb +12 -263
data/lib/puppet/indirector/yaml.rb +1 -1
data/lib/puppet/module.rb +1 -2
data/lib/puppet/module_tool/applications.rb +0 -1
data/lib/puppet/network/authconfig.rb +2 -96
data/lib/puppet/network/authorization.rb +13 -35
data/lib/puppet/network/format_support.rb +2 -2
data/lib/puppet/network/formats.rb +2 -1
data/lib/puppet/network/http.rb +3 -3
data/lib/puppet/network/http/api/indirected_routes.rb +3 -21
data/lib/puppet/network/http/api/master/v3.rb +11 -13
data/lib/puppet/network/http/api/master/v3/environments.rb +0 -1
data/lib/puppet/network/http/connection.rb +247 -316
data/lib/puppet/network/http/handler.rb +0 -1
data/lib/puppet/network/http/route.rb +2 -2
data/lib/puppet/network/http_pool.rb +16 -34
data/lib/puppet/node.rb +1 -30
data/lib/puppet/node/environment.rb +12 -5
data/lib/puppet/node/facts.rb +17 -0
data/lib/puppet/pal/json_catalog_encoder.rb +4 -0
data/lib/puppet/pal/pal_impl.rb +93 -14
data/lib/puppet/parameter.rb +1 -1
data/lib/puppet/parser/ast/leaf.rb +5 -5
data/lib/puppet/parser/ast/pops_bridge.rb +0 -42
data/lib/puppet/parser/compiler.rb +1 -199
data/lib/puppet/parser/compiler/catalog_validator/relationship_validator.rb +14 -39
data/lib/puppet/parser/functions.rb +21 -17
data/lib/puppet/parser/functions/create_resources.rb +11 -7
data/lib/puppet/parser/resource.rb +3 -71
data/lib/puppet/parser/resource/param.rb +6 -0
data/lib/puppet/parser/type_loader.rb +2 -2
data/lib/puppet/pops/adaptable.rb +7 -13
data/lib/puppet/pops/adapters.rb +8 -4
data/lib/puppet/pops/evaluator/collectors/abstract_collector.rb +1 -3
data/lib/puppet/pops/evaluator/evaluator_impl.rb +27 -13
data/lib/puppet/pops/evaluator/runtime3_converter.rb +2 -2
data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +3 -3
data/lib/puppet/pops/evaluator/runtime3_support.rb +1 -1
data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +6 -8
data/lib/puppet/pops/loader/runtime3_type_loader.rb +4 -2
data/lib/puppet/pops/loaders.rb +18 -11
data/lib/puppet/pops/lookup/context.rb +1 -1
data/lib/puppet/pops/lookup/hiera_config.rb +14 -1
data/lib/puppet/pops/model/ast.pp +0 -42
data/lib/puppet/pops/model/ast.rb +0 -290
data/lib/puppet/pops/model/factory.rb +0 -45
data/lib/puppet/pops/model/model_label_provider.rb +0 -5
data/lib/puppet/pops/model/model_tree_dumper.rb +0 -22
data/lib/puppet/pops/model/pn_transformer.rb +0 -16
data/lib/puppet/pops/parser/egrammar.ra +0 -56
data/lib/puppet/pops/parser/eparser.rb +1520 -1712
data/lib/puppet/pops/parser/lexer2.rb +4 -4
data/lib/puppet/pops/parser/parser_support.rb +0 -5
data/lib/puppet/pops/resource/resource_type_impl.rb +2 -22
data/lib/puppet/pops/types/iterable.rb +34 -8
data/lib/puppet/pops/types/p_meta_type.rb +1 -1
data/lib/puppet/pops/types/p_type_set_type.rb +4 -0
data/lib/puppet/pops/types/type_calculator.rb +0 -7
data/lib/puppet/pops/types/type_parser.rb +0 -4
data/lib/puppet/pops/types/types.rb +0 -1
data/lib/puppet/pops/validation/checker4_0.rb +28 -42
data/lib/puppet/pops/validation/tasks_checker.rb +0 -12
data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -1
data/lib/puppet/provider.rb +0 -13
data/lib/puppet/provider/file/windows.rb +1 -1
data/lib/puppet/provider/nameservice.rb +0 -18
data/lib/puppet/provider/package/apt.rb +34 -0
data/lib/puppet/provider/package/aptitude.rb +1 -1
data/lib/puppet/provider/package/dpkg.rb +1 -11
data/lib/puppet/provider/package/gem.rb +27 -5
data/lib/puppet/provider/package/pip.rb +0 -1
data/lib/puppet/provider/package/pip2.rb +17 -0
data/lib/puppet/provider/package/pkg.rb +0 -4
data/lib/puppet/provider/package/portage.rb +1 -1
data/lib/puppet/provider/package/puppet_gem.rb +6 -4
data/lib/puppet/provider/package/puppetserver_gem.rb +180 -0
data/lib/puppet/provider/package/yum.rb +2 -1
data/lib/puppet/provider/package/zypper.rb +3 -0
data/lib/puppet/provider/service/smf.rb +191 -73
data/lib/puppet/provider/service/windows.rb +23 -7
data/lib/puppet/provider/user/aix.rb +1 -1
data/lib/puppet/provider/user/directoryservice.rb +0 -10
data/lib/puppet/provider/user/user_role_add.rb +1 -1
data/lib/puppet/provider/user/useradd.rb +11 -4
data/lib/puppet/provider/user/windows_adsi.rb +18 -1
data/lib/puppet/reference/configuration.rb +2 -0
data/lib/puppet/reference/indirection.rb +1 -1
data/lib/puppet/reports/http.rb +2 -0
data/lib/puppet/resource.rb +3 -90
data/lib/puppet/resource/catalog.rb +1 -14
data/lib/puppet/resource/type.rb +5 -112
data/lib/puppet/resource/type_collection.rb +3 -48
data/lib/puppet/runtime.rb +1 -2
data/lib/puppet/settings.rb +84 -35
data/lib/puppet/settings/base_setting.rb +26 -2
data/lib/puppet/settings/integer_setting.rb +17 -0
data/lib/puppet/settings/port_setting.rb +15 -0
data/lib/puppet/settings/priority_setting.rb +5 -4
data/lib/puppet/ssl.rb +10 -6
data/lib/puppet/ssl/base.rb +3 -5
data/lib/puppet/ssl/certificate.rb +0 -6
data/lib/puppet/ssl/certificate_request.rb +1 -12
data/lib/puppet/ssl/certificate_signer.rb +6 -0
data/lib/puppet/ssl/oids.rb +3 -1
data/lib/puppet/ssl/ssl_context.rb +2 -2
data/lib/puppet/ssl/ssl_provider.rb +37 -1
data/lib/puppet/ssl/state_machine.rb +3 -1
data/lib/puppet/ssl/verifier.rb +2 -0
data/lib/puppet/test/test_helper.rb +19 -16
data/lib/puppet/transaction.rb +3 -9
data/lib/puppet/transaction/persistence.rb +1 -1
data/lib/puppet/transaction/report.rb +10 -8
data/lib/puppet/trusted_external.rb +29 -1
data/lib/puppet/type.rb +9 -77
data/lib/puppet/type/file.rb +45 -22
data/lib/puppet/type/file/checksum.rb +5 -5
data/lib/puppet/type/file/source.rb +33 -13
data/lib/puppet/type/filebucket.rb +4 -4
data/lib/puppet/type/notify.rb +2 -2
data/lib/puppet/type/package.rb +5 -13
data/lib/puppet/type/service.rb +53 -0
data/lib/puppet/type/user.rb +18 -3
data/lib/puppet/util.rb +41 -3
data/lib/puppet/util/autoload.rb +9 -7
data/lib/puppet/util/character_encoding.rb +9 -5
data/lib/puppet/util/checksums.rb +19 -4
data/lib/puppet/util/execution.rb +2 -13
data/lib/puppet/util/fileparsing.rb +2 -2
data/lib/puppet/util/http_proxy.rb +2 -215
data/lib/puppet/util/monkey_patches.rb +0 -46
data/lib/puppet/util/provider_features.rb +1 -1
data/lib/puppet/util/rdoc.rb +0 -7
data/lib/puppet/util/reference.rb +1 -1
data/lib/puppet/util/retry_action.rb +1 -1
data/lib/puppet/util/rubygems.rb +5 -1
data/lib/puppet/util/run_mode.rb +14 -2
data/lib/puppet/util/windows.rb +3 -7
data/lib/puppet/util/windows/daemon.rb +360 -0
data/lib/puppet/util/windows/error.rb +1 -0
data/lib/puppet/util/windows/eventlog.rb +5 -15
data/lib/puppet/util/windows/file.rb +8 -242
data/lib/puppet/util/windows/monkey_patches/process.rb +414 -0
data/lib/puppet/util/windows/principal.rb +8 -6
data/lib/puppet/util/windows/process.rb +4 -226
data/lib/puppet/util/windows/registry.rb +11 -11
data/lib/puppet/util/windows/security.rb +4 -4
data/lib/puppet/util/windows/service.rb +52 -486
data/lib/puppet/util/windows/string.rb +12 -13
data/lib/puppet/util/windows/user.rb +242 -8
data/lib/puppet/util/yaml.rb +0 -22
data/lib/puppet/vendor/require_vendored.rb +0 -1
data/lib/puppet/version.rb +1 -1
data/lib/puppet/x509.rb +5 -1
data/lib/puppet/x509/cert_provider.rb +29 -1
data/locales/puppet.pot +713 -1380
data/man/man5/puppet.conf.5 +84 -98
data/man/man8/puppet-agent.8 +7 -4
data/man/man8/puppet-apply.8 +1 -1
data/man/man8/puppet-catalog.8 +1 -1
data/man/man8/puppet-config.8 +6 -6
data/man/man8/puppet-describe.8 +1 -1
data/man/man8/puppet-device.8 +1 -1
data/man/man8/puppet-doc.8 +1 -1
data/man/man8/puppet-epp.8 +1 -1
data/man/man8/puppet-facts.8 +55 -9
data/man/man8/puppet-filebucket.8 +6 -6
data/man/man8/puppet-generate.8 +1 -1
data/man/man8/puppet-help.8 +1 -1
data/man/man8/puppet-lookup.8 +2 -2
data/man/man8/puppet-module.8 +1 -58
data/man/man8/puppet-node.8 +7 -4
data/man/man8/puppet-parser.8 +1 -1
data/man/man8/puppet-plugin.8 +1 -1
data/man/man8/puppet-report.8 +4 -1
data/man/man8/puppet-resource.8 +1 -1
data/man/man8/puppet-script.8 +1 -1
data/man/man8/puppet-ssl.8 +1 -1
data/man/man8/puppet.8 +2 -2
data/spec/fixtures/integration/application/apply/environments/spec/modules/amod/lib/puppet/provider/applytest/applytest.rb +2 -0
data/spec/fixtures/integration/application/apply/environments/spec/modules/amod/lib/puppet/type/applytest.rb +25 -0
data/spec/fixtures/unit/forge/bacula-releases.json +128 -0
data/spec/fixtures/unit/forge/bacula.tar.gz +0 -0
data/spec/fixtures/unit/provider/package/puppetserver_gem/gem-list-local-packages +30 -0
data/spec/fixtures/unit/provider/service/smf/{svcs.out → svcs_instances.out} +0 -0
data/spec/integration/application/agent_spec.rb +157 -59
data/spec/integration/application/apply_spec.rb +150 -150
data/spec/integration/application/doc_spec.rb +16 -6
data/spec/integration/application/filebucket_spec.rb +78 -29
data/spec/integration/application/help_spec.rb +44 -0
data/spec/integration/application/lookup_spec.rb +13 -0
data/spec/integration/application/module_spec.rb +68 -0
data/spec/integration/application/plugin_spec.rb +76 -4
data/spec/integration/configurer_spec.rb +14 -0
data/spec/integration/data_binding_spec.rb +82 -0
data/spec/integration/defaults_spec.rb +33 -5
data/spec/integration/directory_environments_spec.rb +17 -17
data/spec/integration/environments/setting_hooks_spec.rb +1 -1
data/spec/integration/indirector/facts/facter_spec.rb +8 -6
data/spec/integration/network/http_pool_spec.rb +29 -30
data/spec/integration/node/environment_spec.rb +1 -1
data/spec/integration/parser/catalog_spec.rb +0 -38
data/spec/integration/parser/compiler_spec.rb +11 -0
data/spec/integration/parser/node_spec.rb +0 -9
data/spec/integration/parser/pcore_resource_spec.rb +0 -37
data/spec/integration/type/file_spec.rb +6 -5
data/spec/integration/util/execution_spec.rb +22 -0
data/spec/integration/util/windows/adsi_spec.rb +2 -2
data/spec/integration/util/windows/monkey_patches/process_spec.rb +231 -0
data/spec/integration/util/windows/process_spec.rb +26 -32
data/spec/integration/util/windows/registry_spec.rb +7 -7
data/spec/integration/util/windows/security_spec.rb +1 -1
data/spec/integration/util/windows/user_spec.rb +47 -5
data/spec/integration/util_spec.rb +7 -33
data/spec/lib/puppet_spec/matchers.rb +0 -80
data/spec/lib/puppet_spec/puppetserver.rb +9 -1
data/spec/lib/puppet_spec/settings.rb +7 -1
data/spec/shared_contexts/types_setup.rb +2 -0
data/spec/spec_helper.rb +2 -0
data/spec/unit/agent_spec.rb +0 -2
data/spec/unit/application/agent_spec.rb +3 -4
data/spec/unit/application/config_spec.rb +224 -4
data/spec/unit/application/doc_spec.rb +2 -2
data/spec/unit/application/face_base_spec.rb +6 -4
data/spec/unit/application/facts_spec.rb +74 -8
data/spec/unit/application/filebucket_spec.rb +41 -39
data/spec/unit/application/resource_spec.rb +3 -1
data/spec/unit/application/ssl_spec.rb +17 -4
data/spec/unit/application_spec.rb +9 -4
data/spec/unit/certificate_factory_spec.rb +1 -1
data/spec/unit/configurer/downloader_spec.rb +14 -0
data/spec/unit/configurer/fact_handler_spec.rb +4 -4
data/spec/unit/configurer/plugin_handler_spec.rb +56 -18
data/spec/unit/configurer_spec.rb +96 -44
data/spec/unit/confine_spec.rb +2 -1
data/spec/unit/context/trusted_information_spec.rb +12 -10
data/spec/unit/defaults_spec.rb +77 -28
data/spec/unit/environments_spec.rb +96 -32
data/spec/unit/face/config_spec.rb +65 -12
data/spec/unit/face/facts_spec.rb +4 -0
data/spec/unit/face/node_spec.rb +2 -2
data/spec/unit/face/plugin_spec.rb +73 -33
data/spec/unit/file_bucket/file_spec.rb +1 -1
data/spec/unit/file_serving/configuration/parser_spec.rb +14 -18
data/spec/unit/file_serving/configuration_spec.rb +6 -12
data/spec/unit/file_serving/http_metadata_spec.rb +37 -14
data/spec/unit/file_serving/mount/locales_spec.rb +2 -2
data/spec/unit/file_serving/mount/pluginfacts_spec.rb +2 -2
data/spec/unit/file_serving/mount/plugins_spec.rb +2 -2
data/spec/unit/file_serving/terminus_selector_spec.rb +45 -26
data/spec/unit/file_system/uniquefile_spec.rb +18 -0
data/spec/unit/file_system_spec.rb +1 -2
data/spec/unit/functions/camelcase_spec.rb +1 -1
data/spec/unit/functions/capitalize_spec.rb +1 -1
data/spec/unit/functions/downcase_spec.rb +1 -1
data/spec/unit/functions/inline_epp_spec.rb +26 -1
data/spec/unit/functions/upcase_spec.rb +1 -1
data/spec/unit/http/client_spec.rb +71 -17
data/spec/unit/{network/resolver_spec.rb → http/dns_spec.rb} +3 -3
data/spec/unit/http/external_client_spec.rb +4 -4
data/spec/unit/{network/http → http}/factory_spec.rb +5 -11
data/spec/unit/{network/http/session_spec.rb → http/pool_entry_spec.rb} +3 -3
data/spec/unit/{network/http → http}/pool_spec.rb +12 -17
data/spec/unit/{util/http_proxy_spec.rb → http/proxy_spec.rb} +2 -69
data/spec/unit/http/resolver_spec.rb +34 -15
data/spec/unit/http/response_spec.rb +6 -0
data/spec/unit/http/service/ca_spec.rb +2 -3
data/spec/unit/http/service/compiler_spec.rb +51 -65
data/spec/unit/http/service/file_server_spec.rb +5 -6
data/spec/unit/http/service/puppetserver_spec.rb +112 -0
data/spec/unit/http/service/report_spec.rb +2 -3
data/spec/unit/http/service_spec.rb +1 -3
data/spec/unit/http/session_spec.rb +24 -35
data/spec/unit/{network/http → http}/site_spec.rb +3 -3
data/spec/unit/indirector/catalog/json_spec.rb +1 -1
data/spec/unit/indirector/catalog/rest_spec.rb +1 -1
data/spec/unit/indirector/facts/facter_spec.rb +97 -0
data/spec/unit/indirector/facts/json_spec.rb +255 -0
data/spec/unit/indirector/facts/rest_spec.rb +1 -1
data/spec/unit/indirector/file_bucket_file/file_spec.rb +5 -3
data/spec/unit/indirector/file_content/rest_spec.rb +0 -4
data/spec/unit/indirector/file_metadata/http_spec.rb +27 -0
data/spec/unit/indirector/file_metadata/rest_spec.rb +0 -4
data/spec/unit/indirector/file_server_spec.rb +1 -15
data/spec/unit/indirector/json_spec.rb +8 -8
data/spec/unit/indirector/msgpack_spec.rb +8 -8
data/spec/unit/indirector/node/json_spec.rb +33 -0
data/spec/unit/indirector/node/rest_spec.rb +1 -1
data/spec/{integration/indirector/report/yaml.rb → unit/indirector/report/json_spec.rb} +13 -24
data/spec/unit/indirector/report/rest_spec.rb +2 -17
data/spec/unit/indirector/report/yaml_spec.rb +72 -8
data/spec/unit/indirector/request_spec.rb +3 -267
data/spec/unit/indirector/rest_spec.rb +98 -752
data/spec/unit/indirector/yaml_spec.rb +7 -7
data/spec/unit/interface_spec.rb +3 -3
data/spec/unit/module_tool/tar/mini_spec.rb +20 -0
data/spec/unit/network/authconfig_spec.rb +2 -132
data/spec/unit/network/authorization_spec.rb +2 -55
data/spec/unit/network/format_support_spec.rb +3 -2
data/spec/unit/network/formats_spec.rb +4 -4
data/spec/unit/network/http/api/indirected_routes_spec.rb +3 -98
data/spec/unit/network/http/api/master/v3/environments_spec.rb +12 -23
data/spec/unit/network/http/api/master/v3_spec.rb +28 -7
data/spec/unit/network/http/api_spec.rb +10 -0
data/spec/unit/network/http/connection_spec.rb +61 -73
data/spec/unit/network/http/handler_spec.rb +0 -6
data/spec/unit/network/http_pool_spec.rb +0 -4
data/spec/unit/node/environment_spec.rb +51 -22
data/spec/unit/node_spec.rb +2 -54
data/spec/unit/parser/ast/block_expression_spec.rb +1 -1
data/spec/unit/parser/functions/create_resources_spec.rb +2 -20
data/spec/unit/parser/scope_spec.rb +1 -1
data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +19 -8
data/spec/unit/pops/loaders/loaders_spec.rb +77 -22
data/spec/unit/pops/lookup/lookup_spec.rb +25 -0
data/spec/unit/pops/parser/parse_application_spec.rb +4 -22
data/spec/unit/pops/parser/parse_basic_expressions_spec.rb +0 -1
data/spec/unit/pops/parser/parse_capabilities_spec.rb +8 -21
data/spec/unit/pops/parser/parse_site_spec.rb +20 -24
data/spec/unit/pops/resource/resource_type_impl_spec.rb +0 -71
data/spec/unit/pops/serialization/to_from_hr_spec.rb +1 -1
data/spec/unit/pops/types/type_calculator_spec.rb +7 -17
data/spec/unit/pops/types/type_factory_spec.rb +1 -1
data/spec/unit/pops/validator/validator_spec.rb +61 -46
data/spec/unit/pops/visitor_spec.rb +1 -1
data/spec/unit/provider/exec_spec.rb +4 -3
data/spec/unit/provider/nameservice_spec.rb +0 -57
data/spec/unit/provider/package/apt_spec.rb +77 -0
data/spec/unit/provider/package/aptitude_spec.rb +1 -0
data/spec/unit/provider/package/dpkg_spec.rb +22 -55
data/spec/unit/provider/package/gem_spec.rb +32 -0
data/spec/unit/provider/package/openbsd_spec.rb +2 -0
data/spec/unit/provider/package/pip2_spec.rb +36 -0
data/spec/unit/provider/package/puppet_gem_spec.rb +6 -2
data/spec/unit/provider/package/puppetserver_gem_spec.rb +137 -0
data/spec/unit/provider/package/yum_spec.rb +31 -0
data/spec/unit/provider/package/zypper_spec.rb +14 -0
data/spec/unit/provider/service/base_spec.rb +2 -4
data/spec/unit/provider/service/bsd_spec.rb +5 -1
data/spec/unit/provider/service/daemontools_spec.rb +1 -1
data/spec/unit/provider/service/debian_spec.rb +3 -5
data/spec/unit/provider/service/freebsd_spec.rb +1 -1
data/spec/unit/provider/service/gentoo_spec.rb +4 -5
data/spec/unit/provider/service/init_spec.rb +45 -5
data/spec/unit/provider/service/launchd_spec.rb +5 -6
data/spec/unit/provider/service/openrc_spec.rb +4 -5
data/spec/unit/provider/service/openwrt_spec.rb +1 -1
data/spec/unit/provider/service/redhat_spec.rb +1 -1
data/spec/unit/provider/service/runit_spec.rb +2 -1
data/spec/unit/provider/service/smf_spec.rb +402 -166
data/spec/unit/provider/service/src_spec.rb +3 -5
data/spec/unit/provider/service/systemd_spec.rb +3 -6
data/spec/unit/provider/service/upstart_spec.rb +4 -5
data/spec/unit/provider/service/windows_spec.rb +50 -15
data/spec/unit/provider/user/openbsd_spec.rb +1 -0
data/spec/unit/provider/user/useradd_spec.rb +22 -16
data/spec/unit/provider/user/windows_adsi_spec.rb +82 -0
data/spec/unit/provider_spec.rb +0 -12
data/spec/unit/puppet_pal_2pec.rb +40 -0
data/spec/unit/puppet_pal_catalog_spec.rb +45 -0
data/spec/unit/reports/store_spec.rb +17 -13
data/spec/unit/resource/type_collection_spec.rb +2 -22
data/spec/unit/resource_spec.rb +3 -59
data/spec/unit/settings/http_extra_headers_spec.rb +2 -4
data/spec/unit/settings/integer_setting_spec.rb +42 -0
data/spec/unit/settings/port_setting_spec.rb +31 -0
data/spec/unit/settings/priority_setting_spec.rb +4 -4
data/spec/unit/settings_spec.rb +586 -239
data/spec/unit/ssl/base_spec.rb +36 -3
data/spec/unit/ssl/certificate_request_spec.rb +15 -45
data/spec/unit/ssl/certificate_spec.rb +2 -11
data/spec/unit/ssl/ssl_provider_spec.rb +78 -49
data/spec/unit/ssl/state_machine_spec.rb +0 -1
data/spec/unit/ssl/verifier_spec.rb +0 -21
data/spec/unit/test/test_helper_spec.rb +17 -0
data/spec/unit/transaction/persistence_spec.rb +15 -0
data/spec/unit/transaction/report_spec.rb +3 -3
data/spec/unit/transaction/resource_harness_spec.rb +2 -2
data/spec/unit/transaction_spec.rb +45 -79
data/spec/unit/type/file/checksum_spec.rb +6 -6
data/spec/unit/type/file/content_spec.rb +1 -1
data/spec/unit/type/file/ensure_spec.rb +1 -1
data/spec/unit/type/file/mode_spec.rb +1 -1
data/spec/unit/type/file/source_spec.rb +4 -5
data/spec/unit/type/file_spec.rb +134 -102
data/spec/unit/type/filebucket_spec.rb +1 -1
data/spec/unit/type/package_spec.rb +1 -1
data/spec/unit/type/service_spec.rb +209 -0
data/spec/unit/type/user_spec.rb +31 -2
data/spec/unit/type_spec.rb +70 -0
data/spec/unit/util/backups_spec.rb +0 -2
data/spec/unit/util/character_encoding_spec.rb +4 -4
data/spec/unit/util/checksums_spec.rb +16 -0
data/spec/unit/util/command_line_spec.rb +11 -6
data/spec/unit/util/execution_spec.rb +0 -29
data/spec/unit/util/monkey_patches_spec.rb +0 -6
data/spec/unit/util/rubygems_spec.rb +2 -2
data/spec/unit/util/run_mode_spec.rb +27 -127
data/spec/unit/util/windows/api_types_spec.rb +104 -40
data/spec/unit/util/windows/service_spec.rb +4 -4
data/spec/unit/util/windows/string_spec.rb +1 -3
data/spec/unit/util/yaml_spec.rb +0 -54
data/spec/unit/util_spec.rb +3 -21
data/spec/unit/x509/cert_provider_spec.rb +1 -1
metadata +76 -214
data/conf/auth.conf +0 -150
data/lib/puppet/application/cert.rb +0 -76
data/lib/puppet/application/key.rb +0 -4
data/lib/puppet/application/man.rb +0 -4
data/lib/puppet/application/status.rb +0 -4
data/lib/puppet/face/key.rb +0 -16
data/lib/puppet/face/man.rb +0 -145
data/lib/puppet/face/module/build.rb +0 -14
data/lib/puppet/face/module/generate.rb +0 -14
data/lib/puppet/face/module/search.rb +0 -103
data/lib/puppet/face/status.rb +0 -51
data/lib/puppet/indirector/certificate/file.rb +0 -9
data/lib/puppet/indirector/certificate/rest.rb +0 -18
data/lib/puppet/indirector/certificate_request/file.rb +0 -9
data/lib/puppet/indirector/certificate_request/memory.rb +0 -7
data/lib/puppet/indirector/certificate_request/rest.rb +0 -11
data/lib/puppet/indirector/file_content/http.rb +0 -22
data/lib/puppet/indirector/key/file.rb +0 -46
data/lib/puppet/indirector/key/memory.rb +0 -7
data/lib/puppet/indirector/ssl_file.rb +0 -162
data/lib/puppet/indirector/status.rb +0 -3
data/lib/puppet/indirector/status/local.rb +0 -12
data/lib/puppet/indirector/status/rest.rb +0 -27
data/lib/puppet/module_tool/applications/searcher.rb +0 -29
data/lib/puppet/network/auth_config_parser.rb +0 -90
data/lib/puppet/network/authstore.rb +0 -283
data/lib/puppet/network/http/api/master/v3/authorization.rb +0 -18
data/lib/puppet/network/http/api/master/v3/environment.rb +0 -85
data/lib/puppet/network/http/base_pool.rb +0 -36
data/lib/puppet/network/http/compression.rb +0 -127
data/lib/puppet/network/http/connection_adapter.rb +0 -182
data/lib/puppet/network/http/nocache_pool.rb +0 -28
data/lib/puppet/network/rest_controller.rb +0 -2
data/lib/puppet/network/rights.rb +0 -210
data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +0 -64
data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +0 -20
data/lib/puppet/parser/environment_compiler.rb +0 -199
data/lib/puppet/pops/types/enumeration.rb +0 -16
data/lib/puppet/resource/capability_finder.rb +0 -154
data/lib/puppet/rest/errors.rb +0 -15
data/lib/puppet/rest/response.rb +0 -35
data/lib/puppet/rest/route.rb +0 -85
data/lib/puppet/rest/routes.rb +0 -135
data/lib/puppet/ssl/host.rb +0 -505
data/lib/puppet/ssl/key.rb +0 -61
data/lib/puppet/ssl/validator.rb +0 -61
data/lib/puppet/ssl/validator/default_validator.rb +0 -209
data/lib/puppet/ssl/validator/no_validator.rb +0 -22
data/lib/puppet/ssl/verifier_adapter.rb +0 -58
data/lib/puppet/status.rb +0 -40
data/lib/puppet/util/connection.rb +0 -88
data/lib/puppet/util/ssl.rb +0 -83
data/lib/puppet/util/windows/api_types.rb +0 -282
data/lib/puppet/vendor/load_pathspec.rb +0 -1
data/lib/puppet/vendor/pathspec/CHANGELOG.md +0 -2
data/lib/puppet/vendor/pathspec/LICENSE +0 -201
data/lib/puppet/vendor/pathspec/PUPPET_README.md +0 -6
data/lib/puppet/vendor/pathspec/README.md +0 -53
data/lib/puppet/vendor/pathspec/lib/pathspec.rb +0 -122
data/lib/puppet/vendor/pathspec/lib/pathspec/gitignorespec.rb +0 -275
data/lib/puppet/vendor/pathspec/lib/pathspec/regexspec.rb +0 -17
data/lib/puppet/vendor/pathspec/lib/pathspec/spec.rb +0 -14
data/man/man8/puppet-key.8 +0 -126
data/man/man8/puppet-man.8 +0 -76
data/man/man8/puppet-status.8 +0 -108
data/spec/integration/faces/config_spec.rb +0 -91
data/spec/integration/faces/documentation_spec.rb +0 -57
data/spec/integration/file_bucket/file_spec.rb +0 -50
data/spec/integration/file_serving/content_spec.rb +0 -7
data/spec/integration/file_serving/fileset_spec.rb +0 -12
data/spec/integration/file_serving/metadata_spec.rb +0 -8
data/spec/integration/file_serving/terminus_helper_spec.rb +0 -20
data/spec/integration/file_system/uniquefile_spec.rb +0 -26
data/spec/integration/module_tool/forge_spec.rb +0 -51
data/spec/integration/module_tool/tar/mini_spec.rb +0 -28
data/spec/integration/network/authconfig_spec.rb +0 -256
data/spec/integration/provider/service/init_spec.rb +0 -48
data/spec/integration/provider/service/systemd_spec.rb +0 -25
data/spec/integration/provider/service/windows_spec.rb +0 -50
data/spec/integration/reference/providers_spec.rb +0 -21
data/spec/integration/reports_spec.rb +0 -13
data/spec/integration/ssl/certificate_request_spec.rb +0 -44
data/spec/integration/ssl/host_spec.rb +0 -72
data/spec/integration/ssl/key_spec.rb +0 -99
data/spec/integration/test/test_helper_spec.rb +0 -31
data/spec/shared_behaviours/file_serving_model.rb +0 -51
data/spec/unit/capability_spec.rb +0 -414
data/spec/unit/face/catalog_spec.rb +0 -6
data/spec/unit/face/key_spec.rb +0 -9
data/spec/unit/face/man_spec.rb +0 -25
data/spec/unit/face/module/search_spec.rb +0 -231
data/spec/unit/face/module_spec.rb +0 -3
data/spec/unit/face/status_spec.rb +0 -9
data/spec/unit/indirector/certificate/file_spec.rb +0 -14
data/spec/unit/indirector/certificate/rest_spec.rb +0 -61
data/spec/unit/indirector/certificate_request/file_spec.rb +0 -14
data/spec/unit/indirector/certificate_request/rest_spec.rb +0 -25
data/spec/unit/indirector/key/file_spec.rb +0 -79
data/spec/unit/indirector/ssl_file_spec.rb +0 -305
data/spec/unit/indirector/status/local_spec.rb +0 -10
data/spec/unit/indirector/status/rest_spec.rb +0 -50
data/spec/unit/man_spec.rb +0 -31
data/spec/unit/module_tool/applications/searcher_spec.rb +0 -38
data/spec/unit/network/auth_config_parser_spec.rb +0 -115
data/spec/unit/network/authstore_spec.rb +0 -422
data/spec/unit/network/http/api/master/v3/authorization_spec.rb +0 -57
data/spec/unit/network/http/api/master/v3/environment_spec.rb +0 -185
data/spec/unit/network/http/compression_spec.rb +0 -240
data/spec/unit/network/http/nocache_pool_spec.rb +0 -64
data/spec/unit/network/http_spec.rb +0 -9
data/spec/unit/network/rights_spec.rb +0 -439
data/spec/unit/parser/environment_compiler_spec.rb +0 -723
data/spec/unit/pops/types/enumeration_spec.rb +0 -51
data/spec/unit/resource/capability_finder_spec.rb +0 -143
data/spec/unit/rest/route_spec.rb +0 -132
data/spec/unit/ssl/host_spec.rb +0 -650
data/spec/unit/ssl/key_spec.rb +0 -173
data/spec/unit/ssl/validator_spec.rb +0 -278
data/spec/unit/status_spec.rb +0 -45
data/spec/unit/util/ssl_spec.rb +0 -91

data/lib/puppet/util/windows/string.rb CHANGED

@@ -1,16 +1,15 @@
-require 'puppet/util/windows'
+module Puppet
+  module Util
+    module Windows
+      module String
+        def wide_string(str)
+          # if given a nil string, assume caller wants to pass a nil pointer to win32
+          return nil if str.nil?
-module Puppet::Util::Windows::String
-  def wide_string(str)
-    # if given a nil string, assume caller wants to pass a nil pointer to win32
-    return nil if str.nil?
-    # ruby (< 2.1) does not respect multibyte terminators, so it is possible
-    # for a string to contain a single trailing null byte, followed by garbage
-    # causing buffer overruns.
-    #
-    # See http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?revision=41920&view=revision
-    newstr = str + "\0".encode(str.encoding)
-    newstr.encode!('UTF-16LE')
+          str.encode('UTF-16LE')
+        end
+        module_function :wide_string
+      end
+    end
   end
-  module_function :wide_string
 end

data/lib/puppet/util/windows/user.rb CHANGED

@@ -16,6 +16,22 @@ module Puppet::Util::Windows::User
   end
   module_function :admin?
+  # The name of the account in all locales is `LocalSystem`. `.\LocalSystem` or `ComputerName\LocalSystem' can also be used.
+  # This account is not recognized by the security subsystem, so you cannot specify its name in a call to the `LookupAccountName` function.
+  # https://docs.microsoft.com/en-us/windows/win32/services/localsystem-account
+  def localsystem?(name)
+    ["LocalSystem", ".\\LocalSystem", "#{Puppet::Util::Windows::ADSI.computer_name}\\LocalSystem"].any?{ |s| s.casecmp(name) == 0 }
+  end
+  module_function :localsystem?
+  # Check if a given user is one of the default system accounts
+  # These accounts do not have a password and all checks done through logon attempt will fail
+  # https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/local-accounts#default-local-system-accounts
+  def default_system_account?(name)
+    user_sid = Puppet::Util::Windows::SID.name_to_sid(name)
+    [Puppet::Util::Windows::SID::LocalSystem, Puppet::Util::Windows::SID::NtLocal, Puppet::Util::Windows::SID::NtNetwork].include?(user_sid)
+  end
+  module_function :default_system_account?
   # https://msdn.microsoft.com/en-us/library/windows/desktop/ee207397(v=vs.85).aspx
   SECURITY_MAX_SID_SIZE = 68
@@ -57,9 +73,9 @@ module Puppet::Util::Windows::User
   end
   module_function :check_token_membership
-  def password_is?(name, password)
+  def password_is?(name, password, domain = '.')
     begin
-      logon_user(name, password) { |token| }
+      logon_user(name, password, domain) { |token| }
     rescue Puppet::Util::Windows::Error => detail
       authenticated_error_codes = Set[
@@ -74,7 +90,7 @@ module Puppet::Util::Windows::User
   end
   module_function :password_is?
-  def logon_user(name, password, &block)
+  def logon_user(name, password, domain = '.', &block)
     fLOGON32_PROVIDER_DEFAULT = 0
     fLOGON32_LOGON_INTERACTIVE = 2
     fLOGON32_LOGON_NETWORK = 3
@@ -83,8 +99,8 @@ module Puppet::Util::Windows::User
     begin
       FFI::MemoryPointer.new(:handle, 1) do |token_pointer|
         #try logon using network else try logon using interactive mode
-        if logon_user_by_logon_type(name, password, fLOGON32_LOGON_NETWORK, fLOGON32_PROVIDER_DEFAULT, token_pointer) == FFI::WIN32_FALSE
-          if logon_user_by_logon_type(name, password, fLOGON32_LOGON_INTERACTIVE, fLOGON32_PROVIDER_DEFAULT, token_pointer) == FFI::WIN32_FALSE
+        if logon_user_by_logon_type(name, domain, password, fLOGON32_LOGON_NETWORK, fLOGON32_PROVIDER_DEFAULT, token_pointer) == FFI::WIN32_FALSE
+          if logon_user_by_logon_type(name, domain, password, fLOGON32_LOGON_INTERACTIVE, fLOGON32_PROVIDER_DEFAULT, token_pointer) == FFI::WIN32_FALSE
             raise Puppet::Util::Windows::Error.new(_("Failed to logon user %{name}") % {name: name.inspect})
           end
         end
@@ -98,11 +114,10 @@ module Puppet::Util::Windows::User
     # token has been closed by this point
     true
   end
   module_function :logon_user
-  def self.logon_user_by_logon_type(name, password, logon_type, logon_provider, token)
-    LogonUserW(wide_string(name), wide_string('.'), password.nil? ? FFI::Pointer::NULL : wide_string(password), logon_type, logon_provider, token)
+  def self.logon_user_by_logon_type(name, domain, password, logon_type, logon_provider, token)
+    LogonUserW(wide_string(name), wide_string(domain), password.nil? ? FFI::Pointer::NULL : wide_string(password), logon_type, logon_provider, token)
   end
   private_class_method :logon_user_by_logon_type
@@ -130,6 +145,125 @@ module Puppet::Util::Windows::User
   end
   module_function :load_profile
+  def get_rights(name)
+    user_info = Puppet::Util::Windows::SID.name_to_principal(name.sub(/^\.\\/, "#{Puppet::Util::Windows::ADSI.computer_name}\\"))
+    return "" unless user_info
+    rights = []
+    rights_pointer = FFI::MemoryPointer.new(:pointer)
+    number_of_rights = FFI::MemoryPointer.new(:ulong)
+    sid_pointer = FFI::MemoryPointer.new(:byte, user_info.sid_bytes.length).write_array_of_uchar(user_info.sid_bytes)
+    new_lsa_policy_handle do |policy_handle|
+      result = LsaEnumerateAccountRights(policy_handle.read_pointer, sid_pointer, rights_pointer, number_of_rights)
+      check_lsa_nt_status_and_raise_failures(result, "LsaEnumerateAccountRights")
+    end
+    number_of_rights.read_ulong.times do |index|
+      right = LSA_UNICODE_STRING.new(rights_pointer.read_pointer + index * LSA_UNICODE_STRING.size)
+      rights << right[:Buffer].read_arbitrary_wide_string_up_to
+    end
+    result = LsaFreeMemory(rights_pointer.read_pointer)
+    check_lsa_nt_status_and_raise_failures(result, "LsaFreeMemory")
+    rights.join(",")
+  end
+  module_function :get_rights
+  def set_rights(name, rights)
+    rights_pointer = new_lsa_unicode_strings_pointer(rights)
+    user_info = Puppet::Util::Windows::SID.name_to_principal(name.sub(/^\.\\/, "#{Puppet::Util::Windows::ADSI.computer_name}\\"))
+    sid_pointer = FFI::MemoryPointer.new(:byte, user_info.sid_bytes.length).write_array_of_uchar(user_info.sid_bytes)
+    new_lsa_policy_handle do |policy_handle|
+      result = LsaAddAccountRights(policy_handle.read_pointer, sid_pointer, rights_pointer, rights.size)
+      check_lsa_nt_status_and_raise_failures(result, "LsaAddAccountRights")
+    end
+  end
+  module_function :set_rights
+  def remove_rights(name, rights)
+    rights_pointer = new_lsa_unicode_strings_pointer(rights)
+    user_info = Puppet::Util::Windows::SID.name_to_principal(name.sub(/^\.\\/, "#{Puppet::Util::Windows::ADSI.computer_name}\\"))
+    sid_pointer = FFI::MemoryPointer.new(:byte, user_info.sid_bytes.length).write_array_of_uchar(user_info.sid_bytes)
+    new_lsa_policy_handle do |policy_handle|
+      result = LsaRemoveAccountRights(policy_handle.read_pointer, sid_pointer, false, rights_pointer, rights.size)
+      check_lsa_nt_status_and_raise_failures(result, "LsaRemoveAccountRights")
+    end
+  end
+  module_function :remove_rights
+  # ACCESS_MASK flags for Policy Objects
+  # https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/b61b7268-987a-420b-84f9-6c75f8dc8558
+  POLICY_VIEW_LOCAL_INFORMATION   = 0x00000001
+  POLICY_VIEW_AUDIT_INFORMATION   = 0x00000002
+  POLICY_GET_PRIVATE_INFORMATION  = 0x00000004
+  POLICY_TRUST_ADMIN              = 0x00000008
+  POLICY_CREATE_ACCOUNT           = 0x00000010
+  POLICY_CREATE_SECRET            = 0x00000020
+  POLICY_CREATE_PRIVILEGE         = 0x00000040
+  POLICY_SET_DEFAULT_QUOTA_LIMITS = 0x00000080
+  POLICY_SET_AUDIT_REQUIREMENTS   = 0x00000100
+  POLICY_AUDIT_LOG_ADMIN          = 0x00000200
+  POLICY_SERVER_ADMIN             = 0x00000400
+  POLICY_LOOKUP_NAMES             = 0x00000800
+  POLICY_NOTIFICATION             = 0x00001000
+  def self.new_lsa_policy_handle
+    access = 0
+    access |= POLICY_LOOKUP_NAMES
+    access |= POLICY_CREATE_ACCOUNT
+    policy_handle = FFI::MemoryPointer.new(:pointer)
+    result = LsaOpenPolicy(nil, LSA_OBJECT_ATTRIBUTES.new, access, policy_handle)
+    check_lsa_nt_status_and_raise_failures(result, "LsaOpenPolicy")
+    begin
+      yield policy_handle
+    ensure
+      result = LsaClose(policy_handle.read_pointer)
+      check_lsa_nt_status_and_raise_failures(result, "LsaClose")
+    end
+  end
+  private_class_method :new_lsa_policy_handle
+  def self.new_lsa_unicode_strings_pointer(strings)
+    lsa_unicode_strings_pointer = FFI::MemoryPointer.new(LSA_UNICODE_STRING, strings.size)
+    strings.each_with_index do |string, index|
+      lsa_string = LSA_UNICODE_STRING.new(lsa_unicode_strings_pointer + index * LSA_UNICODE_STRING.size)
+      lsa_string[:Buffer] = FFI::MemoryPointer.from_string(wide_string(string))
+      lsa_string[:Length] = string.length * 2
+      lsa_string[:MaximumLength] = lsa_string[:Length] + 2
+    end
+    lsa_unicode_strings_pointer
+  end
+  private_class_method :new_lsa_unicode_strings_pointer
+  # https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-erref/18d8fbe8-a967-4f1c-ae50-99ca8e491d2d
+  def self.check_lsa_nt_status_and_raise_failures(status, method_name)
+    error_code = LsaNtStatusToWinError(status)
+    error_reason = case error_code.to_s(16)
+    when '0' # ERROR_SUCCESS
+      return # Method call succeded
+    when '2' # ERROR_FILE_NOT_FOUND
+      return # No rights/privilleges assigned to given user
+    when '5' # ERROR_ACCESS_DENIED
+      "Access is denied. Please make sure that puppet is running as administrator."
+    when '521' # ERROR_NO_SUCH_PRIVILEGE
+      "One or more of the given rights/privilleges are incorrect."
+    when '6ba' # RPC_S_SERVER_UNAVAILABLE
+      "The RPC server is unavailable or given domain name is invalid."
+    end
+    raise Puppet::Error.new("Calling `#{method_name}` returned 'Win32 Error Code 0x%08X'. #{error_reason}" % error_code)
+  end
+  private_class_method :check_lsa_nt_status_and_raise_failures
   ffi_convention :stdcall
   # https://msdn.microsoft.com/en-us/library/windows/desktop/aa378184(v=vs.85).aspx
@@ -314,4 +448,104 @@ module Puppet::Util::Windows::User
   ffi_lib :advapi32
   attach_function_private :IsValidSid,
     [:pointer], :win32_bool
+  # https://docs.microsoft.com/en-us/windows/win32/api/lsalookup/ns-lsalookup-lsa_object_attributes
+  # typedef struct _LSA_OBJECT_ATTRIBUTES {
+  #   ULONG               Length;
+  #   HANDLE              RootDirectory;
+  #   PLSA_UNICODE_STRING ObjectName;
+  #   ULONG               Attributes;
+  #   PVOID               SecurityDescriptor;
+  #   PVOID               SecurityQualityOfService;
+  # } LSA_OBJECT_ATTRIBUTES, *PLSA_OBJECT_ATTRIBUTES;
+  class LSA_OBJECT_ATTRIBUTES < FFI::Struct
+    layout :Length, :ulong,
+      :RootDirectory, :handle,
+      :ObjectName, :plsa_unicode_string,
+      :Attributes, :ulong,
+      :SecurityDescriptor, :pvoid,
+      :SecurityQualityOfService, :pvoid
+  end
+  # https://docs.microsoft.com/en-us/windows/win32/api/lsalookup/ns-lsalookup-lsa_unicode_string
+  # typedef struct _LSA_UNICODE_STRING {
+  #   USHORT Length;
+  #   USHORT MaximumLength;
+  #   PWSTR  Buffer;
+  # } LSA_UNICODE_STRING, *PLSA_UNICODE_STRING;
+  class LSA_UNICODE_STRING < FFI::Struct
+    layout :Length, :ushort,
+      :MaximumLength, :ushort,
+      :Buffer, :pwstr
+  end
+  # https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/nf-ntsecapi-lsaenumerateaccountrights
+  # https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/user-rights-assignment
+  # NTSTATUS LsaEnumerateAccountRights(
+  #   LSA_HANDLE          PolicyHandle,
+  #   PSID                AccountSid,
+  #   PLSA_UNICODE_STRING *UserRights,
+  #   PULONG              CountOfRights
+  # );
+  ffi_lib :advapi32
+  attach_function_private :LsaEnumerateAccountRights,
+    [:lsa_handle, :psid, :plsa_unicode_string, :pulong], :ntstatus
+  # https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/nf-ntsecapi-lsaaddaccountrights
+  # NTSTATUS LsaAddAccountRights(
+  #   LSA_HANDLE          PolicyHandle,
+  #   PSID                AccountSid,
+  #   PLSA_UNICODE_STRING UserRights,
+  #   ULONG               CountOfRights
+  # );
+  ffi_lib :advapi32
+  attach_function_private :LsaAddAccountRights,
+    [:lsa_handle, :psid, :plsa_unicode_string, :ulong], :ntstatus
+  # https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/nf-ntsecapi-lsaremoveaccountrights
+  # NTSTATUS LsaRemoveAccountRights(
+  #   LSA_HANDLE          PolicyHandle,
+  #   PSID                AccountSid,
+  #   BOOLEAN             AllRights,
+  #   PLSA_UNICODE_STRING UserRights,
+  #   ULONG               CountOfRights
+  # );
+  ffi_lib :advapi32
+  attach_function_private :LsaRemoveAccountRights,
+    [:lsa_handle, :psid, :bool, :plsa_unicode_string, :ulong], :ntstatus
+  # https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/nf-ntsecapi-lsaopenpolicy
+  # NTSTATUS LsaOpenPolicy(
+  #   PLSA_UNICODE_STRING    SystemName,
+  #   PLSA_OBJECT_ATTRIBUTES ObjectAttributes,
+  #   ACCESS_MASK            DesiredAccess,
+  #   PLSA_HANDLE            PolicyHandle
+  # );
+  ffi_lib :advapi32
+  attach_function_private :LsaOpenPolicy,
+    [:plsa_unicode_string, :plsa_object_attributes, :access_mask, :plsa_handle], :ntstatus
+  # https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/nf-ntsecapi-lsaclose
+  # NTSTATUS LsaClose(
+  #   LSA_HANDLE ObjectHandle
+  # );
+  ffi_lib :advapi32
+  attach_function_private :LsaClose,
+    [:lsa_handle], :ntstatus
+  # https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/nf-ntsecapi-lsafreememory
+  # NTSTATUS LsaFreeMemory(
+  #   PVOID Buffer
+  # );
+  ffi_lib :advapi32
+  attach_function_private :LsaFreeMemory,
+    [:pvoid], :ntstatus
+  # https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/nf-ntsecapi-lsantstatustowinerror
+  # ULONG LsaNtStatusToWinError(
+  #   NTSTATUS Status
+  # );
+  ffi_lib :advapi32
+  attach_function_private :LsaNtStatusToWinError,
+    [:ntstatus], :ulong
 end

data/lib/puppet/util/yaml.rb CHANGED

@@ -42,28 +42,6 @@ module Puppet::Util::Yaml
     safe_load(yaml, allowed_classes, filename)
   end
-  # @deprecated Use {#safe_load_file} instead.
-  def self.load_file(filename, default_value = false, strip_classes = false)
-    Puppet.deprecation_warning(_("Puppet::Util::Yaml.load_file is deprecated. Use safe_load_file instead."))
-    if(strip_classes) then
-      data = YAML::parse_file(filename)
-      data.root.each do |o|
-        if o.respond_to?(:tag=) and
-           o.tag != nil and
-           o.tag.start_with?("!ruby")
-          o.tag = nil
-        end
-      end
-      data.to_ruby || default_value
-    else
-      yaml = YAML.load_file(filename)
-      yaml || default_value
-    end
-  rescue *YamlLoadExceptions => detail
-    raise YamlLoadError.new(detail.message, detail)
-  end
   def self.dump(structure, filename)
     Puppet::FileSystem.replace_file(filename, 0660) do |fh|
       YAML.dump(structure, fh)

data/lib/puppet/vendor/require_vendored.rb CHANGED

@@ -2,4 +2,3 @@
 # Add one requirement per vendored package (or a comment if it is loaded on demand).
 # The vendored library 'rgen' is loaded on demand.
-# The vendored library 'pathspec' is loaded on demand.

data/lib/puppet/version.rb CHANGED

@@ -6,7 +6,7 @@
 # Raketasks and such to set the version based on the output of `git describe`
 module Puppet
-  PUPPETVERSION = '6.16.0'
+  PUPPETVERSION = '7.0.0'
   ##
   # version is a public API method intended to always provide a fast and

data/lib/puppet/x509.rb CHANGED

@@ -1,7 +1,11 @@
 require 'puppet'
 require 'puppet/ssl/openssl_loader'
-module Puppet::X509 # :nodoc:
+# Responsible for loading and saving certificates and private keys.
+#
+# @see Puppet::X509::CertProvider
+# @api private
+module Puppet::X509
   require 'puppet/x509/pem_store'
   require 'puppet/x509/cert_provider'
 end

data/lib/puppet/x509/cert_provider.rb CHANGED

@@ -1,6 +1,11 @@
 require 'puppet/x509'
-# Class for loading and saving cert related objects.
+# Class for loading and saving cert related objects. By default the provider
+# loads and saves based on puppet's default settings, such as `Puppet[:localcacert]`.
+# The providers sets the permissions on files it saves, such as the private key.
+# All of the `load_*` methods take an optional `required` parameter. If an object
+# doesn't exist, then by default the provider returns `nil`. However, if the
+# `required` parameter is true, then an exception will be raised instead.
 #
 # @api private
 class Puppet::X509::CertProvider
@@ -32,6 +37,7 @@ class Puppet::X509::CertProvider
   #
   # @param certs [Array<OpenSSL::X509::Certificate>] Array of CA certs to save
   # @raise [Puppet::Error] if the certs cannot be saved
+  #
   # @api private
   def save_cacerts(certs)
     save_pem(certs.map(&:to_pem).join, @capath, **permissions_for_setting(:localcacert))
@@ -45,6 +51,7 @@ class Puppet::X509::CertProvider
   # @return (see #load_cacerts_from_pem)
   # @raise (see #load_cacerts_from_pem)
   # @raise [Puppet::Error] if the certs cannot be loaded
+  #
   # @api private
   def load_cacerts(required: false)
     pem = load_pem(@capath)
@@ -61,6 +68,7 @@ class Puppet::X509::CertProvider
   # @param pem [String] PEM encoded certificate(s)
   # @return [Array<OpenSSL::X509::Certificate>] Array of CA certs
   # @raise [OpenSSL::X509::CertificateError] The `pem` text does not contain a valid cert
+  #
   # @api private
   def load_cacerts_from_pem(pem)
     # TRANSLATORS 'PEM' is an acronym and shouldn't be translated
@@ -75,6 +83,7 @@ class Puppet::X509::CertProvider
   #
   # @param crls [Array<OpenSSL::X509::CRL>] Array of CRLs to save
   # @raise [Puppet::Error] if the CRLs cannot be saved
+  #
   # @api private
   def save_crls(crls)
     save_pem(crls.map(&:to_pem).join, @crlpath, **permissions_for_setting(:hostcrl))
@@ -88,6 +97,7 @@ class Puppet::X509::CertProvider
   # @return (see #load_crls_from_pem)
   # @raise (see #load_crls_from_pem)
   # @raise [Puppet::Error] if the CRLs cannot be loaded
+  #
   # @api private
   def load_crls(required: false)
     pem = load_pem(@crlpath)
@@ -104,6 +114,7 @@ class Puppet::X509::CertProvider
   # @param pem [String] PEM encoded CRL(s)
   # @return [Array<OpenSSL::X509::CRL>] Array of CRLs
   # @raise [OpenSSL::X509::CRLError] The `pem` text does not contain a valid CRL
+  #
   # @api private
   def load_crls_from_pem(pem)
     # TRANSLATORS 'PEM' is an acronym and shouldn't be translated
@@ -118,6 +129,8 @@ class Puppet::X509::CertProvider
   #
   # @return [Time, nil] Time when the CRL was last updated, or nil if we don't
   #   have a CRL
+  #
+  # @api private
   def crl_last_update
     stat = Puppet::FileSystem.stat(@crlpath)
     Time.at(stat.mtime)
@@ -129,6 +142,7 @@ class Puppet::X509::CertProvider
   #
   # @param time [Time] The last updated time
   #
+  # @api private
   def crl_last_update=(time)
     Puppet::FileSystem.touch(@crlpath, mtime: time)
   end
@@ -142,6 +156,7 @@ class Puppet::X509::CertProvider
   #   from the password, and use that to encrypt the private key. If nil,
   #   save the private key unencrypted.
   # @raise [Puppet::Error] if the private key cannot be saved
+  #
   # @api private
   def save_private_key(name, key, password: nil)
     pem = if password
@@ -167,6 +182,7 @@ class Puppet::X509::CertProvider
   # @return (see #load_private_key_from_pem)
   # @raise (see #load_private_key_from_pem)
   # @raise [Puppet::Error] if the private key cannot be loaded
+  #
   # @api private
   def load_private_key(name, required: false, password: nil)
     path = @hostprivkey || to_path(@privatekeydir, name)
@@ -187,6 +203,7 @@ class Puppet::X509::CertProvider
   #   not specified, then the key cannot be loaded.
   # @return [OpenSSL::PKey::RSA, OpenSSL::PKey::EC] The private key
   # @raise [OpenSSL::PKey::PKeyError] The `pem` text does not contain a valid key
+  #
   # @api private
   def load_private_key_from_pem(pem, password: nil)
     # set a non-nil password to ensure openssl doesn't prompt
@@ -216,6 +233,8 @@ class Puppet::X509::CertProvider
   #
   # @return [String, nil] The private key password as a binary string or nil
   #   if there is none.
+  #
+  # @api private
   def load_private_key_password
     Puppet::FileSystem.read(Puppet[:passfile], :encoding => Encoding::BINARY)
   rescue Errno::ENOENT
@@ -227,6 +246,7 @@ class Puppet::X509::CertProvider
   # @param name [String] The client cert identity
   # @param cert [OpenSSL::X509::Certificate] The cert to save
   # @raise [Puppet::Error] if the client cert cannot be saved
+  #
   # @api private
   def save_client_cert(name, cert)
     path = @hostcert || to_path(@certdir, name)
@@ -242,6 +262,7 @@ class Puppet::X509::CertProvider
   # @return (see #load_request_from_pem)
   # @raise (see #load_client_cert_from_pem)
   # @raise [Puppet::Error] if the client cert cannot be loaded
+  #
   # @api private
   def load_client_cert(name, required: false)
     path = @hostcert || to_path(@certdir, name)
@@ -259,6 +280,7 @@ class Puppet::X509::CertProvider
   # @param pem [String] PEM encoded cert
   # @return [OpenSSL::X509::Certificate] the certificate
   # @raise [OpenSSL::X509::CertificateError] The `pem` text does not contain a valid cert
+  #
   # @api private
   def load_client_cert_from_pem(pem)
     OpenSSL::X509::Certificate.new(pem)
@@ -270,6 +292,7 @@ class Puppet::X509::CertProvider
   # @param private_key [OpenSSL::PKey::RSA] private key
   # @return [Puppet::X509::Request] The request
   #
+  # @api private
   def create_request(name, private_key)
     options = {}
@@ -292,6 +315,7 @@ class Puppet::X509::CertProvider
   # @param name [String] the request identity
   # @param csr [OpenSSL::X509::Request] the request
   # @raise [Puppet::Error] if the cert request cannot be saved
+  #
   # @api private
   def save_request(name, csr)
     path = to_path(@requestdir, name)
@@ -306,6 +330,7 @@ class Puppet::X509::CertProvider
   # @return (see #load_request_from_pem)
   # @raise (see #load_request_from_pem)
   # @raise [Puppet::Error] if the cert request cannot be saved
+  #
   # @api private
   def load_request(name)
     path = to_path(@requestdir, name)
@@ -319,6 +344,8 @@ class Puppet::X509::CertProvider
   #
   # @param name [String] The request identity
   # @return [Boolean] true if the CSR was deleted
+  #
+  # @api private
   def delete_request(name)
     path = to_path(@requestdir, name)
     delete_pem(path)
@@ -331,6 +358,7 @@ class Puppet::X509::CertProvider
   # @param pem [String] PEM encoded request
   # @return [OpenSSL::X509::Request] the request
   # @raise [OpenSSL::X509::RequestError] The `pem` text does not contain a valid request
+  #
   # @api private
   def load_request_from_pem(pem)
     OpenSSL::X509::Request.new(pem)