puppet 6.19.0-x64-mingw32 → 7.3.0-x64-mingw32

data/lib/puppet/runtime.rb

@@ -11,8 +11,7 @@ class Puppet::Runtime
     @runtime_services = {
       http: proc do
         klass = Puppet::Network::HttpPool.http_client_class
-        if klass == Puppet::Network::HTTP::Connection ||
-           klass == Puppet::Network::HTTP::ConnectionAdapter
+        if klass == Puppet::Network::HTTP::Connection
           Puppet::HTTP::Client.new
         else
           Puppet::HTTP::ExternalClient.new(klass)

data/lib/puppet/settings.rb

@@ -21,6 +21,8 @@ class Puppet::Settings
   require 'puppet/settings/file_or_directory_setting'
   require 'puppet/settings/path_setting'
   require 'puppet/settings/boolean_setting'
+  require 'puppet/settings/integer_setting'
+  require 'puppet/settings/port_setting'
   require 'puppet/settings/terminus_setting'
   require 'puppet/settings/duration_setting'
   require 'puppet/settings/ttl_setting'
@@ -32,6 +34,7 @@ class Puppet::Settings
   require 'puppet/settings/server_list_setting'
   require 'puppet/settings/http_extra_headers_setting'
   require 'puppet/settings/certificate_revocation_setting'
+  require 'puppet/settings/alias_setting'
 
   # local reference for convenience
   PuppetOptionParser = Puppet::Util::CommandLine::PuppetOptionParser
@@ -52,13 +55,14 @@ class Puppet::Settings
   # returns reasonable application default settings values for a given run_mode.
   def self.app_defaults_for_run_mode(run_mode)
     {
-        :name     => run_mode.to_s,
-        :run_mode => run_mode.name,
-        :confdir  => run_mode.conf_dir,
-        :codedir  => run_mode.code_dir,
-        :vardir   => run_mode.var_dir,
-        :rundir   => run_mode.run_dir,
-        :logdir   => run_mode.log_dir,
+        :name      => run_mode.to_s,
+        :run_mode  => run_mode.name,
+        :confdir   => run_mode.conf_dir,
+        :codedir   => run_mode.code_dir,
+        :vardir    => run_mode.var_dir,
+        :publicdir => run_mode.public_dir,
+        :rundir    => run_mode.run_dir,
+        :logdir    => run_mode.log_dir,
     }
   end
 
@@ -719,6 +723,8 @@ class Puppet::Settings
       :file_or_directory => FileOrDirectorySetting,
       :path       => PathSetting,
       :boolean    => BooleanSetting,
+      :integer    => IntegerSetting,
+      :port       => PortSetting,
       :terminus   => TerminusSetting,
       :duration   => DurationSetting,
       :ttl        => TTLSetting,
@@ -729,7 +735,8 @@ class Puppet::Settings
       :autosign   => AutosignSetting,
       :server_list => ServerListSetting,
       :http_extra_headers => HttpExtraHeadersSetting,
-      :certificate_revocation => CertificateRevocationSetting
+      :certificate_revocation => CertificateRevocationSetting,
+      :alias => AliasSetting
   }
 
   # Create a new setting.  The value is passed in because it's used to determine
@@ -916,6 +923,16 @@ class Puppet::Settings
     end
   end
 
+  # Allow later inspection to determine if the setting was set by user
+  # config, rather than a default setting.
+  def set_in_section?(param, section)
+    param = param.to_sym
+    vals = searchpath_values(SearchPathElement.new(section, :section))
+    if vals
+      vals.lookup(param)
+    end
+  end
+
   # Patches the value for a param in a section.
   # This method is required to support the use case of unifying --dns-alt-names and
   # --dns_alt_names in the certificate face. Ideally this should be cleaned up.
@@ -1062,41 +1079,48 @@ Generated on #{Time.now}.
   # Create the necessary objects to use a section.  This is idempotent;
   # you can 'use' a section as many times as you want.
   def use(*sections)
-    Puppet.warning(":master section deprecated in favor of :server section") if sections.include?(:master)
+    if Puppet[:settings_catalog]
+      sections = sections.collect { |s| s.to_sym }
+      sections = sections.reject { |s| @used.include?(s) }
 
-    # add :server if sections include :master or :master if sections include :server
-    sections |= [:master, :server] if (sections & [:master, :server]).any?
+      Puppet.warning(":master section deprecated in favor of :server section") if sections.include?(:master)
 
-    sections = sections.collect { |s| s.to_sym }
-    sections = sections.reject { |s| @used.include?(s) }
+      # add :server if sections include :master or :master if sections include :server
+      sections |= [:master, :server] if (sections & [:master, :server]).any?
 
-    return if sections.empty?
+      sections = sections.collect { |s| s.to_sym }
+      sections = sections.reject { |s| @used.include?(s) }
 
-    Puppet.debug { "Applying settings catalog for sections #{sections.join(', ')}" }
+      return if sections.empty?
 
-    begin
-      catalog = to_catalog(*sections).to_ral
-    rescue => detail
-      Puppet.log_and_raise(detail, "Could not create resources for managing Puppet's files and directories in sections #{sections.inspect}: #{detail}")
-    end
+      Puppet.debug { "Applying settings catalog for sections #{sections.join(', ')}" }
 
-    catalog.host_config = false
-    catalog.apply do |transaction|
-      if transaction.any_failed?
-        report = transaction.report
-        status_failures = report.resource_statuses.values.select { |r| r.failed? }
-        status_fail_msg = status_failures.
-          collect(&:events).
-          flatten.
-          select { |event| event.status == 'failure' }.
-          collect { |event| "#{event.resource}: #{event.message}" }.join("; ")
+      begin
+        catalog = to_catalog(*sections).to_ral
+      rescue => detail
+        Puppet.log_and_raise(detail, "Could not create resources for managing Puppet's files and directories in sections #{sections.inspect}: #{detail}")
+      end
 
-        raise "Got #{status_failures.length} failure(s) while initializing: #{status_fail_msg}"
+      catalog.host_config = false
+      catalog.apply do |transaction|
+        if transaction.any_failed?
+          report = transaction.report
+          status_failures = report.resource_statuses.values.select { |r| r.failed? }
+          status_fail_msg = status_failures.
+            collect(&:events).
+            flatten.
+            select { |event| event.status == 'failure' }.
+            collect { |event| "#{event.resource}: #{event.message}" }.join("; ")
+
+          raise "Got #{status_failures.length} failure(s) while initializing: #{status_fail_msg}"
+        end
       end
-    end
 
-    sections.each { |s| @used << s }
-    @used.uniq!
+      sections.each { |s| @used << s }
+      @used.uniq!
+    else
+      Puppet.debug("Skipping settings catalog for sections #{sections.join(', ')}")
+    end
   end
 
   def valid?(param)
@@ -1250,27 +1274,37 @@ Generated on #{Time.now}.
   end
 
   def add_environment_resources(catalog, sections)
-    path = self[:environmentpath]
-    envdir = path.split(File::PATH_SEPARATOR).first if path
     configured_environment = self[:environment]
-    if configured_environment == "production" && envdir && Puppet::FileSystem.exist?(envdir)
-      configured_environment_path = File.join(envdir, configured_environment)
-      # If configured_environment_path is a symlink, assume the source path is being managed
-      # elsewhere, so don't do any of this configuration
-      if !Puppet::FileSystem.symlink?(configured_environment_path)
+
+    if configured_environment == "production" && !production_environment_exists?
+      environment_path = self[:environmentpath]
+      first_environment_path = environment_path.split(File::PATH_SEPARATOR).first
+
+      if Puppet::FileSystem.exist?(first_environment_path)
+        production_environment_path = File.join(first_environment_path, configured_environment)
         parameters = { :ensure => 'directory' }
-        unless Puppet::FileSystem.exist?(configured_environment_path)
-          parameters[:mode] = '0750'
-          if Puppet.features.root?
-            parameters[:owner] = Puppet[:user] if service_user_available?
-            parameters[:group] = Puppet[:group] if service_group_available?
-          end
+        parameters[:mode] = '0750'
+        if Puppet.features.root?
+          parameters[:owner] = Puppet[:user] if service_user_available?
+          parameters[:group] = Puppet[:group] if service_group_available?
         end
-        catalog.add_resource(Puppet::Resource.new(:file, configured_environment_path, :parameters => parameters))
+        catalog.add_resource(Puppet::Resource.new(:file, production_environment_path, :parameters => parameters))
       end
     end
   end
 
+  def production_environment_exists?
+    environment_path = self[:environmentpath]
+    paths = environment_path.split(File::PATH_SEPARATOR)
+
+    paths.any? do |path|
+      # If expected_path is a symlink, assume the source path is being managed
+      # elsewhere, so accept it also as a valid production environment path
+      expected_path = File.join(path, 'production')
+      Puppet::FileSystem.directory?(expected_path) || Puppet::FileSystem.symlink?(expected_path)
+    end
+  end
+
   def add_user_resources(catalog, sections)
     return unless Puppet.features.root?
     return if Puppet::Util::Platform.windows?
@@ -1371,6 +1405,12 @@ Generated on #{Time.now}.
         end
       end
 
+      setting  = @defaults[name]
+      if setting.respond_to?(:alias_name)
+        val  = lookup(setting.alias_name)
+        return val if val
+      end
+
       @defaults[name].default
     end
 

data/lib/puppet/settings/alias_setting.rb

@@ -0,0 +1,37 @@
+class Puppet::Settings::AliasSetting
+  attr_reader :name, :alias_name
+
+  def initialize(args = {})
+    @name = args[:name]
+    @alias_name = args[:alias_for]
+    @alias_for = Puppet.settings.setting(alias_name)
+  end
+
+  def optparse_args
+    args = @alias_for.optparse_args
+    args[0].gsub!(alias_name.to_s, name.to_s)
+    args
+  end
+
+  def getopt_args
+    args = @alias_for.getopt_args
+    args[0].gsub!(alias_name.to_s, name.to_s)
+    args
+  end
+
+  def type
+    :alias
+  end
+
+  def method_missing(method, *args)
+    begin
+      alias_for.send(method, *args)
+    rescue => e
+      Puppet.log_exception(self.class, e.message)
+    end
+  end
+
+  private
+
+  attr_reader :alias_for
+end

data/lib/puppet/settings/base_setting.rb

@@ -1,3 +1,4 @@
+require 'set'
 require 'puppet/settings/errors'
 
 # The base setting type
@@ -5,27 +6,50 @@ class Puppet::Settings::BaseSetting
   attr_accessor :name, :desc, :section, :default, :call_hook
   attr_reader :short, :deprecated
 
+  # Hooks are called during different parts of the settings lifecycle:
+  #
+  # * :on_write_only - This is the default hook type. The hook will be called
+  #   if its value is set in `main` or programmatically. If its value is set in
+  #   a section that doesn't match the application's run mode, it will be
+  #   ignored entirely. If the section does match the run mode, the value will
+  #   be used, but the hook will not be called!
+  #
+  # * :on_define_and_write - The hook behaves the same as above, except it is
+  #   also called immediately when the setting is defined in
+  #   {Puppet::Settings.define_settings}. In that case, the hook receives the
+  #   default value as specified.
+  #
+  # * :on_initialize_and_write - The hook will be called if the value is set in
+  #   `main`, the section that matches the run mode, or programmatically.
+  #
+  HOOK_TYPES = Set.new([:on_define_and_write, :on_initialize_and_write, :on_write_only]).freeze
+
   def self.available_call_hook_values
-    [:on_define_and_write, :on_initialize_and_write, :on_write_only]
+    HOOK_TYPES.to_a
   end
 
+  # Registers a hook to be called later based on the type of hook specified in `value`.
+  #
+  # @param value [Symbol] One of {HOOK_TYPES}
   def call_hook=(value)
     if value.nil?
       #TRANSLATORS ':%{name}', ':call_hook', and ':on_write_only' should not be translated
       Puppet.warning _("Setting :%{name} :call_hook is nil, defaulting to :on_write_only") % { name: name }
       value = :on_write_only
     end
-    unless self.class.available_call_hook_values.include?(value)
+    unless HOOK_TYPES.include?(value)
       #TRANSLATORS 'call_hook' is a Puppet option name and should not be translated
       raise ArgumentError, _("Invalid option %{value} for call_hook") % { value: value }
     end
     @call_hook = value
   end
 
+  # @see {HOOK_TYPES}
   def call_hook_on_define?
     call_hook == :on_define_and_write
   end
 
+  # @see {HOOK_TYPES}
   def call_hook_on_initialize?
     call_hook == :on_initialize_and_write
   end

data/lib/puppet/settings/integer_setting.rb

@@ -0,0 +1,17 @@
+class Puppet::Settings::IntegerSetting < Puppet::Settings::BaseSetting
+  def munge(value)
+    return value if Integer === value
+
+    begin
+      value = Integer(value)
+    rescue ArgumentError, TypeError
+      raise Puppet::Settings::ValidationError, _("Cannot convert '%{value}' to an integer for parameter: %{name}") % { value: value.inspect, name: @name }
+    end
+
+    value
+  end
+
+  def type
+    :integer
+  end
+end

data/lib/puppet/settings/port_setting.rb

@@ -0,0 +1,15 @@
+class Puppet::Settings::PortSetting < Puppet::Settings::IntegerSetting
+  def munge(value)
+    value = super
+
+    if value < 0 || value > 65535
+      raise Puppet::Settings::ValidationError, _("Value '%{value}' is not a valid port number for parameter: %{name}") % { value: value.inspect, name: @name }
+    end
+
+    value
+  end
+
+  def type
+    :port
+  end
+end

data/lib/puppet/settings/priority_setting.rb

@@ -6,11 +6,12 @@ class Puppet::Settings::PrioritySetting < Puppet::Settings::BaseSetting
   PRIORITY_MAP =
     if Puppet::Util::Platform.windows?
       require 'puppet/util/windows/process'
+      require 'puppet/ffi/windows/constants'
       {
-        :high    => Puppet::Util::Windows::Process::HIGH_PRIORITY_CLASS,
-        :normal  => Puppet::Util::Windows::Process::NORMAL_PRIORITY_CLASS,
-        :low     => Puppet::Util::Windows::Process::BELOW_NORMAL_PRIORITY_CLASS,
-        :idle    => Puppet::Util::Windows::Process::IDLE_PRIORITY_CLASS
+        :high    => Puppet::FFI::Windows::Constants::HIGH_PRIORITY_CLASS,
+        :normal  => Puppet::FFI::Windows::Constants::NORMAL_PRIORITY_CLASS,
+        :low     => Puppet::FFI::Windows::Constants::BELOW_NORMAL_PRIORITY_CLASS,
+        :idle    => Puppet::FFI::Windows::Constants::IDLE_PRIORITY_CLASS
       }
     else
       {

data/lib/puppet/ssl.rb

@@ -2,18 +2,22 @@
 require 'puppet'
 require 'puppet/ssl/openssl_loader'
 
+# Responsible for bootstrapping an agent's certificate and private key, generating
+# SSLContexts for use in making HTTPS connections, and handling CSR attributes and
+# certificate extensions.
+#
+# @see Puppet::SSL::SSLProvider
 # @api private
-module Puppet::SSL # :nodoc:
+module Puppet::SSL
   CA_NAME = "ca".freeze
-  require 'puppet/ssl/host'
+
   require 'puppet/ssl/oids'
-  require 'puppet/ssl/validator'
-  require 'puppet/ssl/validator/no_validator'
-  require 'puppet/ssl/validator/default_validator'
   require 'puppet/ssl/error'
   require 'puppet/ssl/ssl_context'
   require 'puppet/ssl/verifier'
-  require 'puppet/ssl/verifier_adapter'
   require 'puppet/ssl/ssl_provider'
   require 'puppet/ssl/state_machine'
+  require 'puppet/ssl/certificate'
+  require 'puppet/ssl/certificate_request'
+  require 'puppet/ssl/certificate_request_attributes'
 end

data/lib/puppet/ssl/base.rb

@@ -1,7 +1,6 @@
 require 'puppet/ssl/openssl_loader'
 require 'puppet/ssl'
 require 'puppet/ssl/digest'
-require 'puppet/util/ssl'
 
 # The base class for wrapping SSL instances.
 class Puppet::SSL::Base
@@ -54,7 +53,9 @@ class Puppet::SSL::Base
   #
   # @return [String] the name (CN) extracted from the subject.
   def self.name_from_subject(subject)
-    Puppet::Util::SSL.cn_from_subject(subject)
+    if subject.respond_to? :to_a
+      (subject.to_a.assoc('CN') || [])[1]
+    end
   end
 
   # Create an instance of our Puppet::SSL::* class using a given instance of the wrapped class
@@ -82,15 +83,12 @@ class Puppet::SSL::Base
   # Read content from disk appropriately.
   def read(path)
     # applies to Puppet::SSL::Certificate, Puppet::SSL::CertificateRequest
-    # Puppet::SSL::Key uses this, but also provides its own override
     # nothing derives from Puppet::SSL::Certificate, but it is called by a number of other SSL Indirectors:
     # Puppet::Indirector::CertificateStatus::File (.indirection.find)
     # Puppet::Network::HTTP::WEBrick (.indirection.find)
     # Puppet::Network::HTTP::RackREST (.from_instance)
     # Puppet::Network::HTTP::WEBrickREST (.from_instance)
-    # Puppet::SSL::Host (.indirection.find)
     # Puppet::SSL::Inventory (.indirection.search, implements its own add / rebuild / serials with encoding UTF8)
-    # Puppet::SSL::Validator::DefaultValidator (.from_instance) / Puppet::SSL::Validator::NoValidator does nothing
     @content = wrapped_class.new(Puppet::FileSystem.read(path, :encoding => Encoding::ASCII))
   end
 

data/lib/puppet/ssl/certificate.rb

@@ -11,12 +11,6 @@ class Puppet::SSL::Certificate < Puppet::SSL::Base
   # This is defined from the base class
   wraps OpenSSL::X509::Certificate
 
-  extend Puppet::Indirector
-  indirects :certificate, :terminus_class => :file, :doc => <<DOC
-    This indirection wraps an `OpenSSL::X509::Certificate` object, representing a certificate (signed public key).
-    The indirection key is the certificate CN (generally a hostname).
-DOC
-
   # Because of how the format handler class is included, this
   # can't be in the base class.
   def self.supported_formats