puppet 6.18.0 → 6.21.1

data/lib/puppet/face/catalog.rb

@@ -97,7 +97,7 @@ Puppet::Indirector::Face.define(:catalog, '0.0.1') do
       A serialized catalog.
     EOT
     when_invoked do |*args|
-      Puppet.settings.preferred_run_mode = :master
+      Puppet.settings.preferred_run_mode = :server
       Puppet::Face[:catalog, :current].find(*args)
     end
   end

data/lib/puppet/face/config.rb

@@ -20,10 +20,10 @@ Puppet::Face.define(:config, '0.0.1') do
     description <<-EOT
       The section of the puppet.conf configuration file to interact with.
 
-      The three most commonly used sections are 'main', 'master', and 'agent'.
+      The three most commonly used sections are 'main', 'server', and 'agent'.
       'Main' is the default, and is used by all Puppet applications. Other
       sections can override 'main' values for specific applications --- the
-      'master' section affects Puppet Server, and the 'agent'
+      'server' section affects Puppet Server, and the 'agent'
       section affects puppet agent.
 
       Less commonly used is the 'user' section, which affects puppet apply. Any
@@ -52,9 +52,9 @@ Puppet::Face.define(:config, '0.0.1') do
 
       $ puppet config print rundir
 
-      Get a list of important directories from the master's config:
+      Get a list of important directories from the server's config:
 
-      $ puppet config print all --section master | grep -E "(path|dir)"
+      $ puppet config print all --section server | grep -E "(path|dir)"
     EOT
 
     when_invoked do |*args|
@@ -144,7 +144,7 @@ Puppet::Face.define(:config, '0.0.1') do
 
       if name == 'environment' && options[:section] == 'main'
         Puppet.warning _(<<-EOM).chomp
-The environment should be set in either the `[user]`, `[agent]`, or `[master]`
+The environment should be set in either the `[user]`, `[agent]`, or `[server]`
 section. Variables set in the `[agent]` section are used when running
 `puppet agent`. Variables set in the `[user]` section are used when running
 various other puppet subcommands, like `puppet apply` and `puppet module`; these
@@ -159,11 +159,38 @@ https://puppet.com/docs/puppet/latest/configuration.html#environment
         report_section_and_environment(options[:section], Puppet.settings[:environment])
       end
 
+      # only validate settings we recognize
+      setting = Puppet.settings.setting(name.to_sym)
+      if setting
+        # set the value, which will call `on_*_and_write` hooks, if any
+        Puppet.settings[setting.name] = value
+
+        # read the value to trigger interpolation and munge validation logic
+        Puppet.settings[setting.name]
+      end
+
       path = Puppet::FileSystem.pathname(Puppet.settings.which_configuration_file)
       Puppet::FileSystem.touch(path)
       Puppet::FileSystem.open(path, nil, 'r+:UTF-8') do |file|
         Puppet::Settings::IniFile.update(file) do |config|
-          config.set(options[:section], name, value)
+          if options[:section] == "master"
+            # delete requested master section if it exists,
+            # as server section should be used
+            setting_string = config.delete("master", name)
+            if setting_string
+
+              if Puppet::Util::Log.sendlevel?(:info)
+                report_section_and_environment(options[:section], Puppet.settings[:environment])
+              end
+
+              puts(_("Deleted setting from '%{section_name}': '%{setting_string}', and adding it to 'server' section") %
+                       { section_name: options[:section], name: name, setting_string: setting_string.strip })
+            end
+            # add the setting to the to server section instead of master section
+            config.set("server", name, value)
+          else
+            config.set(options[:section], name, value)
+          end
         end
       end
       nil
@@ -185,9 +212,9 @@ https://puppet.com/docs/puppet/latest/configuration.html#environment
 
       $ puppet config delete setting_name
 
-      Delete the setting 'setting_name' from the 'master' configuration domain:
+      Delete the setting 'setting_name' from the 'server' configuration domain:
 
-      $ puppet config delete setting_name --section master
+      $ puppet config delete setting_name --section server
     EOT
 
     when_invoked do |name, options|
@@ -202,18 +229,31 @@ https://puppet.com/docs/puppet/latest/configuration.html#environment
       if Puppet::FileSystem.exist?(path)
         Puppet::FileSystem.open(path, nil, 'r+:UTF-8') do |file|
           Puppet::Settings::IniFile.update(file) do |config|
-            setting_string = config.delete(options[:section], name)
-            if setting_string
 
-              if Puppet::Util::Log.sendlevel?(:info)
-                report_section_and_environment(options[:section], Puppet.settings[:environment])
-              end
+            # delete from both master section and server section
+            if options[:section] == "master" || options[:section] == "server"
+              master_setting_string = config.delete("master", name)
+              puts(_("Deleted setting from '%{section_name}': '%{setting_string}'") %
+              { section_name: 'master', name: name, setting_string: master_setting_string.strip[/[^=]+/] }) if master_setting_string
 
+              server_setting_string = config.delete("server", name)
               puts(_("Deleted setting from '%{section_name}': '%{setting_string}'") %
-                       { section_name: options[:section], name: name, setting_string: setting_string.strip })
+              { section_name: 'server', name: name, setting_string: server_setting_string.strip[/[^=]+/] }) if server_setting_string
+
             else
-              Puppet.warning(_("No setting found in configuration file for section '%{section_name}' setting name '%{name}'") %
-                                 { section_name: options[:section], name: name })
+              setting_string = config.delete(options[:section], name)
+              if setting_string
+
+                if Puppet::Util::Log.sendlevel?(:info)
+                  report_section_and_environment(options[:section], Puppet.settings[:environment])
+                end
+
+                puts(_("Deleted setting from '%{section_name}': '%{setting_string}'") %
+                         { section_name: options[:section], name: name, setting_string: setting_string.strip })
+              else
+                Puppet.warning(_("No setting found in configuration file for section '%{section_name}' setting name '%{name}'") %
+                                   { section_name: options[:section], name: name })
+              end
             end
           end
         end

data/lib/puppet/face/epp.rb

@@ -440,7 +440,12 @@ Puppet::Face.define(:epp, '0.0.1') do
 
   def render_inline(epp_source, compiler, options)
     template_args = get_values(compiler, options)
-    Puppet::Pops::Evaluator::EppEvaluator.inline_epp(compiler.topscope, epp_source, template_args)
+    result = Puppet::Pops::Evaluator::EppEvaluator.inline_epp(compiler.topscope, epp_source, template_args)
+    if result.instance_of?(Puppet::Pops::Types::PSensitiveType::Sensitive)
+      result.unwrap
+    else
+      result
+    end
   end
 
   def render_file(epp_template_name, compiler, options, show_filename, file_nbr)
@@ -457,7 +462,12 @@ Puppet::Face.define(:epp, '0.0.1') do
       if template_file.nil? && Puppet::FileSystem.exist?(epp_template_name)
         epp_template_name = File.expand_path(epp_template_name)
       end
-      output << Puppet::Pops::Evaluator::EppEvaluator.epp(compiler.topscope, epp_template_name, compiler.environment, template_args)
+      result = Puppet::Pops::Evaluator::EppEvaluator.epp(compiler.topscope, epp_template_name, compiler.environment, template_args)
+      if result.instance_of?(Puppet::Pops::Types::PSensitiveType::Sensitive)
+        output << result.unwrap
+      else
+        output << result
+      end
     rescue Puppet::ParseError => detail
       Puppet.err("--- #{epp_template_name}") if show_filename
       raise detail

data/lib/puppet/face/facts.rb

@@ -1,5 +1,29 @@
 require 'puppet/indirector/face'
 require 'puppet/node/facts'
+require 'puppet/util/fact_dif'
+
+EXCLUDE_LIST = %w[facterversion
+  swapfree_mb swapsize_mb
+  load_averages\.*
+  memory\.swap\.available_bytes memory\.swap\.capacity memory\.swap\.total_bytes
+  memory\.swap\.used_bytes memory\.swap\.available
+  memory\.system\.available memory\.system\.available_bytes memory\.system\.capacity memory\.swap\.used
+  memory\.system\.total_bytes memory\.system\.used memory\.system\.used_bytes
+  memoryfree memoryfree_mb memorysize_mb
+  mountpoints\..* mtu_.* mountpoints\..*\.capacity
+  networking\.interfaces\..*\.mtu networking\.mtu partitions\..*\.filesystem
+  partitions\..*\.size_bytes partitions\..*\.mount partitions\..*\.uuid
+  disks\..*\.size_bytes
+  hypervisors\.lpar\.partition_number hypervisors\.xen\.privileged hypervisors\.zone\..* hypervisors\.ldom\..*
+  processors\.speed
+  ldom_.*
+  boardassettag dmi\.board\.asset_tag
+  blockdevice_.*_vendor blockdevice_.*_size
+  system_uptime\.days system_uptime\.hours system_uptime\.seconds system_uptime\.uptime
+  uptime_days uptime_hours uptime_seconds
+  system_profiler\.uptime
+  sp_uptime
+  uptime]
 
 Puppet::Indirector::Face.define(:facts, '0.0.1') do
   copyright "Puppet Inc.", 2011
@@ -87,4 +111,40 @@ Puppet::Indirector::Face.define(:facts, '0.0.1') do
       nil
     end
   end
+
+  action(:diff) do
+    summary _("Compare Facter 3 output with Facter 4 output")
+    description <<-'EOT'
+    Compares output from facter 3 with Facter 4 and prints the differences
+    EOT
+    returns "Differences between Facter 3 and Facter 4 output as an array."
+    notes <<-'EOT'
+    EOT
+    examples <<-'EOT'
+    get differences between facter versions:
+    $ puppet facts diff
+    EOT
+
+    render_as :json
+
+    when_invoked do |*args|
+      Puppet.settings.preferred_run_mode = :agent
+      Puppet::Node::Facts.indirection.terminus_class = :facter
+
+      if Puppet::Util::Package.versioncmp(Facter.value('facterversion'), '4.0.0') < 0
+        facter3_result = Puppet::Node::Facts.indirection.find(Puppet.settings[:certname])
+        begin
+          require 'facter-ng'
+          facter4_result = Puppet::Node::Facts.indirection.find(Puppet.settings[:certname])
+        rescue LoadError
+          raise ArgumentError, 'facter-ng could not be loaded'
+        end
+        fact_diff = FactDif.new(facter3_result.to_json, facter4_result.to_json, EXCLUDE_LIST)
+        fact_diff.difs
+      else
+        Puppet.warning _("Already using Facter 4. To use `puppet facts diff` remove facterng from the .conf file or run `puppet config set facterng false`.")
+        exit 0
+      end
+    end
+  end
 end

data/lib/puppet/face/node.rb

@@ -32,11 +32,11 @@ Puppet::Indirector::Face.define(:node, '0.0.1') do
 
     $ puppet node find somenode.puppetlabs.lan --terminus plain --render-as yaml
 
-    Retrieve a node using the puppet master's configured ENC:
+    Retrieve a node using the Puppet Server's configured ENC:
 
-    $ puppet node find somenode.puppetlabs.lan --terminus exec --run_mode master --render-as yaml
+    $ puppet node find somenode.puppetlabs.lan --terminus exec --run_mode server --render-as yaml
 
-    Retrieve the same node from the puppet master:
+    Retrieve the same node from the Puppet Server:
 
     $ puppet node find somenode.puppetlabs.lan --terminus rest --render-as yaml
   EOT

data/lib/puppet/face/node/clean.rb

@@ -26,9 +26,9 @@ Puppet::Face.define(:node, '0.0.1') do
       # definition, and should not be modifiable beyond that.  This is one of
       # the only places left in the code that tries to manipulate it. Other
       # parts of code that handle certificates behave differently if the
-      # run_mode is master. Those other behaviors are needed for cleaning the
+      # run_mode is server. Those other behaviors are needed for cleaning the
       # certificates correctly.
-      Puppet.settings.preferred_run_mode = "master"
+      Puppet.settings.preferred_run_mode = "server"
 
       Puppet::Node::Facts.indirection.terminus_class = :yaml
       Puppet::Node::Facts.indirection.cache_class = :yaml

data/lib/puppet/face/status.rb

@@ -26,7 +26,7 @@ Puppet::Indirector::Face.define(:status, '0.0.1') do
 
     Over REST, this action will query the configured puppet master by default.
     To query other servers, including puppet agent nodes started with the
-    <--listen> option, you can set the global <--server> and <--masterport>
+    <--listen> option, you can set the global <--server> and <--serverport>
     options on the command line; note that agent nodes listen on port 8139.
   EOT
   find.short_description <<-EOT

data/lib/puppet/ffi/posix.rb

@@ -0,0 +1,10 @@
+require 'ffi'
+
+module Puppet
+  module FFI
+    module POSIX
+      require 'puppet/ffi/posix/functions'
+      require 'puppet/ffi/posix/constants'
+    end
+  end
+end

data/lib/puppet/ffi/posix/constants.rb

@@ -0,0 +1,14 @@
+require 'puppet/ffi/posix'
+
+module Puppet::FFI::POSIX
+  module Constants
+    extend FFI::Library
+  
+    # Maximum number of supplementary groups (groups
+    # that a user can be in plus its primary group)
+    # (64 + 1 primary group)
+    # Chosen a reasonable middle number from the list
+    # https://www.j3e.de/ngroups.html
+    MAXIMUM_NUMBER_OF_GROUPS = 65
+  end
+end

data/lib/puppet/ffi/posix/functions.rb

@@ -0,0 +1,24 @@
+require 'puppet/ffi/posix'
+
+module Puppet::FFI::POSIX
+  module Functions
+
+    extend FFI::Library
+
+    ffi_convention :stdcall
+
+    # https://man7.org/linux/man-pages/man3/getgrouplist.3.html
+    # int getgrouplist (
+    #   const char *user,
+    #   gid_t group,
+    #   gid_t *groups,
+    #   int *ngroups
+    # );
+    begin
+      ffi_lib FFI::Library::LIBC
+      attach_function :getgrouplist, [:string, :uint, :pointer, :pointer], :int
+    rescue FFI::NotFoundError
+      # Do nothing
+    end
+  end
+end

data/lib/puppet/file_bucket/dipper.rb

@@ -16,7 +16,7 @@ class Puppet::FileBucket::Dipper
   def initialize(hash = {})
     # Emulate the XMLRPC client
     server      = hash[:Server]
-    port        = hash[:Port] || Puppet[:masterport]
+    port        = hash[:Port] || Puppet[:serverport]
 
     if hash.include?(:Path)
       @local_path = hash[:Path]

data/lib/puppet/functions/epp.rb

@@ -40,6 +40,7 @@ Puppet::Functions.create_function(:epp, Puppet::Functions::InternalFunction) do
     scope_param
     param 'String', :path
     optional_param 'Hash[Pattern[/^\w+$/], Any]', :parameters
+    return_type 'Variant[String, Sensitive[String]]'
   end
 
   def epp(scope, path, parameters = nil)

data/lib/puppet/functions/inline_epp.rb

@@ -51,6 +51,7 @@ Puppet::Functions.create_function(:inline_epp, Puppet::Functions::InternalFuncti
     scope_param()
     param 'String', :template
     optional_param 'Hash[Pattern[/^\w+$/], Any]', :parameters
+    return_type 'Variant[String, Sensitive[String]]'
   end
 
   def inline_epp(scope, template, parameters = nil)

data/lib/puppet/functions/new.rb

@@ -991,12 +991,17 @@ Puppet::Functions.create_function(:new, Puppet::Functions::InternalFunction) do
 
   def new_instance(scope, t, *args)
     return args[0] if args.size == 1 && !t.is_a?(Puppet::Pops::Types::PInitType) && t.instance?(args[0])
-    result = assert_type(t, new_function_for_type(t, scope).call(scope, *args))
+    result = assert_type(t, new_function_for_type(t).call(scope, *args))
     return block_given? ? yield(result) : result
   end
 
-  def new_function_for_type(t, scope)
-    @new_function_cache ||= Hash.new() {|hsh, key| hsh[key] = key.new_function.new(scope, loader) }
+  def new_function_for_type(t)
+    @new_function_cache ||= {}
+
+    unless @new_function_cache.key?(t)
+      @new_function_cache[t] = t.new_function.new(nil, loader)
+    end
+
     @new_function_cache[t]
   end
 

data/lib/puppet/http.rb

@@ -22,6 +22,7 @@ module Puppet
     require 'puppet/http/service/ca'
     require 'puppet/http/service/compiler'
     require 'puppet/http/service/file_server'
+    require 'puppet/http/service/puppetserver'
     require 'puppet/http/service/report'
     require 'puppet/http/session'
     require 'puppet/http/resolver'

data/lib/puppet/http/client.rb

@@ -438,7 +438,7 @@ class Puppet::HTTP::Client
         services.delete(:report)
       end
 
-      resolvers << Puppet::HTTP::Resolver::ServerList.new(self, server_list_setting: server_list_setting, default_port: Puppet[:masterport], services: services)
+      resolvers << Puppet::HTTP::Resolver::ServerList.new(self, server_list_setting: server_list_setting, default_port: Puppet[:serverport], services: services)
     end
 
     resolvers << Puppet::HTTP::Resolver::Settings.new(self)

data/lib/puppet/http/resolver.rb

@@ -28,12 +28,12 @@ class Puppet::HTTP::Resolver
   # @param [Symbol] name the service to resolve
   # @param [Puppet::SSL::SSLContext] ssl_context (nil) optional ssl context to
   #   use when creating a connection
-  # @param [Proc] error_handler (nil) optional callback for each error
-  #   encountered while resolving a route.
+  # @param [Proc] canceled_handler (nil) optional callback allowing a resolver
+  #   to cancel resolution.
   #
   # @raise [NotImplementedError] this base class is not implemented
   #
-  def resolve(session, name, ssl_context: nil, error_handler: nil)
+  def resolve(session, name, ssl_context: nil, canceled_handler: nil)
     raise NotImplementedError
   end
 
@@ -45,17 +45,14 @@ class Puppet::HTTP::Resolver
   # @param [Puppet::HTTP::Session] session
   # @param [Puppet::HTTP::Service] service
   # @param [Puppet::SSL::SSLContext] ssl_context
-  # @param [Proc] error_handler (nil) optional callback for each error
-  #   encountered while resolving a route.
   #
   # @return [Boolean] Returns true if a connection is successful, false otherwise
   #
-  def check_connection?(session, service, ssl_context: nil, error_handler: nil)
+  def check_connection?(session, service, ssl_context: nil)
     service.connect(ssl_context: ssl_context)
     return true
   rescue Puppet::HTTP::ConnectionError => e
-    error_handler.call(e) if error_handler
-    Puppet.debug("Connection to #{service.url} failed, trying next route: #{e.message}")
+    Puppet.log_exception(e, "Connection to #{service.url} failed, trying next route: #{e.message}")
     return false
   end
 end

data/lib/puppet/http/resolver/server_list.rb

@@ -22,7 +22,6 @@ class Puppet::HTTP::Resolver::ServerList < Puppet::HTTP::Resolver
     @server_list_setting = server_list_setting
     @default_port = default_port
     @services = services
-    @resolved_url = nil
   end
 
   #
@@ -33,8 +32,8 @@ class Puppet::HTTP::Resolver::ServerList < Puppet::HTTP::Resolver
   # @param [Puppet::HTTP::Session] session <description>
   # @param [Symbol] name the name of the service being resolved
   # @param [Puppet::SSL::SSLContext] ssl_context
-  # @param [Proc] error_handler (nil) optional callback for each error
-  #   encountered while resolving a route.
+  # @param [Proc] canceled_handler (nil) optional callback allowing a resolver
+  #   to cancel resolution.
   #
   # @return [nil] return nil if the service to be resolved does not support
   #   server_list
@@ -44,7 +43,7 @@ class Puppet::HTTP::Resolver::ServerList < Puppet::HTTP::Resolver
   # @raise [Puppet::Error] raise if none of the servers defined in server_list
   #   are available
   #
-  def resolve(session, name, ssl_context: nil, error_handler: nil)
+  def resolve(session, name, ssl_context: nil, canceled_handler: nil)
     # If we're configured to use an explicit service host, e.g. report_server
     # then don't use server_list to resolve the `:report` service.
     return nil unless @services.include?(name)
@@ -58,41 +57,24 @@ class Puppet::HTTP::Resolver::ServerList < Puppet::HTTP::Resolver
     @server_list_setting.value.each do |server|
       host = server[0]
       port = server[1] || @default_port
-      uri = URI("https://#{host}:#{port}/status/v1/simple/master")
-      if get_success?(uri, session, ssl_context: ssl_context, error_handler: error_handler)
-        @resolved_url = uri
-        return Puppet::HTTP::Service.create_service(@client, session, name, host, port)
+
+      service = Puppet::HTTP::Service.create_service(@client, session, :puppetserver, host, port)
+      begin
+        service.get_simple_status(ssl_context: ssl_context)
+        @resolved_url = service.url
+        return Puppet::HTTP::Service.create_service(@client, session, name, @resolved_url.host, @resolved_url.port)
+      rescue Puppet::HTTP::ResponseError => detail
+        Puppet.log_exception(detail, _("Puppet server %{host}:%{port} is unavailable: %{code} %{reason}") %
+                             { host: service.url.host, port: service.url.port, code: detail.response.code, reason: detail.response.reason })
+      rescue Puppet::HTTP::HTTPError => detail
+        Puppet.log_exception(detail, _("Unable to connect to server from server_list setting: %{detail}") % {detail: detail})
       end
     end
 
-    raise Puppet::Error, _("Could not select a functional puppet master from server_list: '%{server_list}'") % { server_list: @server_list_setting.print(@server_list_setting.value) }
-  end
-
-  #
-  # @api private
-  #
-  # Check if a server and port is available
-  #
-  # @param [URI] uri A URI created from the server and port to test
-  # @param [Puppet::HTTP::Session] session
-  # @param [Puppet::SSL::SSLContext] ssl_context
-  # @param [Proc] error_handler (nil) optional callback for each error
-  #   encountered while resolving a route.
-  #
-  # @return [Boolean] true if a successful response is returned by the server,
-  #   false otherwise
-  #
-  def get_success?(uri, session, ssl_context: nil, error_handler: nil)
-    response = @client.get(uri, options: {ssl_context: ssl_context})
-    return true if response.success?
+    # don't fallback to other resolvers
+    canceled_handler.call(true) if canceled_handler
 
-    Puppet.debug(_("Puppet server %{host}:%{port} is unavailable: %{code} %{reason}") %
-                 { host: uri.host, port: uri.port, code: response.code, reason: response.reason })
-    return false
-  rescue => detail
-    error_handler.call(detail) if error_handler
-    #TRANSLATORS 'server_list' is the name of a setting and should not be translated
-    Puppet.debug _("Unable to connect to server from server_list setting: %{detail}") % {detail: detail}
-    return false
+    # not found
+    nil
   end
 end