puppet 6.19.0-x86-mingw32 → 7.3.0-x86-mingw32

data/lib/puppet/module_tool/applications.rb

@@ -5,7 +5,6 @@ module Puppet::ModuleTool
     require 'puppet/module_tool/applications/application'
     require 'puppet/module_tool/applications/checksummer'
     require 'puppet/module_tool/applications/installer'
-    require 'puppet/module_tool/applications/searcher'
     require 'puppet/module_tool/applications/unpacker'
     require 'puppet/module_tool/applications/uninstaller'
     require 'puppet/module_tool/applications/upgrader'

data/lib/puppet/module_tool/applications/installer.rb

@@ -131,8 +131,54 @@ module Puppet::ModuleTool
           begin
             Puppet.info _("Resolving dependencies ...")
             releases = SemanticPuppet::Dependency.resolve(graph)
-          rescue SemanticPuppet::Dependency::UnsatisfiableGraph
-            raise NoVersionsSatisfyError, results.merge(:requested_name => name)
+          rescue SemanticPuppet::Dependency::UnsatisfiableGraph => e
+            unsatisfied = nil
+
+            if e.respond_to?(:unsatisfied)
+              constraints = {}
+              # If the module we're installing satisfies all its
+              # dependencies, but would break an already installed
+              # module that depends on it, show what would break.
+              if name == e.unsatisfied
+                graph.constraints[name].each do |mod, range, _|
+                  next unless mod.split.include?('constraint')
+
+                  # If the user requested a specific version or range,
+                  # only show the modules with non-intersecting ranges
+                  if options[:version]
+                    requested_range = SemanticPuppet::VersionRange.parse(options[:version])
+                    constraint_range = SemanticPuppet::VersionRange.parse(range)
+
+                    if requested_range.intersection(constraint_range) == SemanticPuppet::VersionRange::EMPTY_RANGE
+                      constraints[mod.split.first] = range
+                    end
+                  else
+                    constraints[mod.split.first] = range
+                  end
+                end
+
+              # If the module fails to satisfy one of its
+              # dependencies, show the unsatisfiable module
+              else
+                unsatisfied_range = graph.dependencies[name].max.constraints[e.unsatisfied].first[1]
+                constraints[e.unsatisfied] = unsatisfied_range
+              end
+
+              installed_module = @environment.module_by_forge_name(e.unsatisfied.tr('-', '/'))
+              current_version = installed_module.version if installed_module
+
+              unsatisfied = {
+                :name => e.unsatisfied,
+                :constraints => constraints,
+                :current_version => current_version
+              }
+            end
+
+            raise NoVersionsSatisfyError, results.merge(
+                    :requested_name => name,
+                    :requested_version => options[:version] || graph.dependencies[name].max.version.to_s,
+                    :unsatisfied => unsatisfied
+            )
           end
 
           unless forced?

data/lib/puppet/module_tool/errors/shared.rb

@@ -7,6 +7,7 @@ module Puppet::ModuleTool::Errors
       @installed_version = options[:installed_version]
       @conditions        = options[:conditions]
       @action            = options[:action]
+      @unsatisfied       = options[:unsatisfied]
 
       super _("Could not %{action} '%{module_name}' (%{version}); no version satisfies all dependencies") % { action: @action, module_name: @requested_name, version: vstring }
     end
@@ -14,9 +15,23 @@ module Puppet::ModuleTool::Errors
     def multiline
       message = []
       message << _("Could not %{action} module '%{module_name}' (%{version})") % { action: @action, module_name: @requested_name, version: vstring }
-      message << _("  No version of '%{module_name}' can satisfy all dependencies") % { module_name: @requested_name }
+
+      if @unsatisfied
+        message << _("  The requested version cannot satisfy one or more of the following installed modules:")
+        if @unsatisfied[:current_version]
+          message << _("    %{name}, installed: %{current_version}, expected: %{constraints}") % { name: @unsatisfied[:name], current_version: @unsatisfied[:current_version], constraints: @unsatisfied[:constraints][@unsatisfied[:name]] }
+        else
+          @unsatisfied[:constraints].each do |mod, range|
+            message << _("    %{mod}, expects '%{name}': %{range}") % { mod: mod, name: @requested_name, range: range }
+          end
+        end
+        message << _("")
+      else
+        message << _("  The requested version cannot satisfy all dependencies")
+      end
+
       #TRANSLATORS `puppet module %{action} --ignore-dependencies` is a command line and should not be translated
-      message << _("    Use `puppet module %{action} --ignore-dependencies` to %{action} only this module") % { action: @action }
+      message << _("  Use `puppet module %{action} '%{module_name}' --ignore-dependencies` to %{action} only this module") % { action: @action, module_name: @requested_name }
       message.join("\n")
     end
   end

data/lib/puppet/network/authconfig.rb

@@ -1,101 +1,7 @@
-require 'puppet/network/rights'
-require 'puppet/network/http'
-
 module Puppet
-  class ConfigurationError < Puppet::Error; end
-  class Network::DefaultAuthProvider
-    attr_accessor :rights
-
-    def self.master_url_prefix
-      Puppet::Network::HTTP::MASTER_URL_PREFIX
-    end
-
-    def self.default_acl
-      [
-      # Master API V3
-      { :acl => "#{master_url_prefix}/v3/environments", :method => :find, :allow => '*', :authenticated => true },
-
-      { :acl => "~ ^#{master_url_prefix}\/v3\/catalog\/([^\/]+)$", :method => :find, :allow => '$1', :authenticated => true },
-      { :acl => "~ ^#{master_url_prefix}\/v3\/node\/([^\/]+)$", :method => :find, :allow => '$1', :authenticated => true },
-      { :acl => "~ ^#{master_url_prefix}\/v3\/report\/([^\/]+)$", :method => :save, :allow => '$1', :authenticated => true },
-
-      # this one will allow all file access, and thus delegate
-      # to fileserver.conf
-      { :acl => "#{master_url_prefix}/v3/file" },
-
-      { :acl => "#{master_url_prefix}/v3/status", :method => [:find], :authenticated => true },
-      ]
-    end
-
-    # Just proxy the setting methods to our rights stuff
-    [:allow, :deny].each do |method|
-      define_method(method) do |*args|
-        @rights.send(method, *args)
-      end
-    end
-
-    # force regular ACLs to be present
-    def insert_default_acl
-      self.class.default_acl.each do |acl|
-        unless rights[acl[:acl]]
-          Puppet.info _("Inserting default '%{acl}' (auth %{auth}) ACL") % { acl: acl[:acl], auth: acl[:authenticated] }
-          mk_acl(acl)
-        end
-      end
-      # queue an empty (ie deny all) right for every other path
-      # actually this is not strictly necessary as the rights system
-      # denies not explicitly allowed paths
-      unless rights["/"]
-        rights.newright("/").restrict_authenticated(:any)
-      end
-    end
-
-    def mk_acl(acl)
-      right = @rights.newright(acl[:acl])
-      right.allow(acl[:allow] || "*")
-
-      method = acl[:method]
-      if method
-        method = [method] unless method.is_a?(Array)
-        method.each { |m| right.restrict_method(m) }
-      end
-      right.restrict_authenticated(acl[:authenticated]) unless acl[:authenticated].nil?
-    end
-
-    # check whether this request is allowed in our ACL
-    # raise an Puppet::Network::AuthorizedError if the request
-    # is denied.
-    def check_authorization(method, path, params)
-      authorization_failure_exception = @rights.is_request_forbidden_and_why?(method, path, params)
-      if authorization_failure_exception
-        Puppet.warning(_("Denying access: %{authorization_failure_exception}") % { authorization_failure_exception: authorization_failure_exception })
-        raise authorization_failure_exception
-      end
-    end
-
-    def initialize(rights=nil)
-      @rights = rights || Puppet::Network::Rights.new
-      insert_default_acl
-    end
-  end
-
   class Network::AuthConfig
-    @@authprovider_class = nil
-
-    def self.authprovider_class=(klass)
-      @@authprovider_class = klass
-    end
-
-    def self.authprovider_class
-      @@authprovider_class || Puppet::Network::DefaultAuthProvider
-    end
-
-    def initialize(rights=nil)
-      @authprovider = self.class.authprovider_class.new(rights)
-    end
-
-    def check_authorization(method, path, params)
-      @authprovider.check_authorization(method, path, params)
+    def self.authprovider_class=(_)
+      # legacy auth is not supported, ignore
     end
   end
 end

data/lib/puppet/network/authorization.rb

@@ -1,41 +1,19 @@
-require 'puppet/network/client_request'
-require 'puppet/network/authconfig'
-require 'puppet/network/auth_config_parser'
-
 module Puppet::Network
-  class AuthConfigLoader
-    # Create our config object if necessary. If there's no configuration file
-    # we install our defaults
-    def self.authconfig
-      @auth_config_file ||= Puppet::Util::WatchedFile.new(Puppet[:rest_authconfig])
-      if (not @auth_config) or @auth_config_file.changed?
-        begin
-          @auth_config = Puppet::Network::AuthConfigParser.new_from_file(Puppet[:rest_authconfig]).parse
-        rescue Errno::ENOENT, Errno::ENOTDIR
-          @auth_config = Puppet::Network::AuthConfig.new
-        end
-      end
-
-      @auth_config
-    end
-  end
-
   module Authorization
-    @@authconfigloader_class = nil
-
-    def self.authconfigloader_class=(klass)
-      @@authconfigloader_class = klass
-    end
-
-    def authconfig
-      authconfigloader = @@authconfigloader_class || AuthConfigLoader
-      authconfigloader.authconfig
-    end
+    class << self
+      # This method is deprecated and will be removed in a future release.
+      def authconfigloader_class=(klass)
+        @authconfigloader_class = klass
+      end
 
-    # Verify that our client has access.
-    def check_authorization(method, path, params)
-      authconfig.check_authorization(method, path, params)
+      # Verify something external to puppet is authorizing REST requests, so
+      # we don't fail insecurely due to misconfiguration.
+      def check_external_authorization(method, path)
+        if @authconfigloader_class.nil?
+          message = "Forbidden request: #{path} (method #{method})"
+          raise Puppet::Network::HTTP::Error::HTTPNotAuthorizedError.new(message, Puppet::Network::HTTP::Issues::FAILED_AUTHORIZATION)
+        end
+      end
     end
   end
 end
-

data/lib/puppet/network/formats.rb

@@ -183,6 +183,73 @@ Puppet::Network::FormatHandler.create(:console,
   end
 end
 
+Puppet::Network::FormatHandler.create(:flat,
+                                      :mime   => 'text/x-flat-text',
+                                      :weight => 0) do
+
+  def flatten_hash(hash)
+    hash.each_with_object({}) do |(k, v), h|
+      if v.is_a? Hash
+        flatten_hash(v).map do |h_k, h_v|
+          h["#{k}.#{h_k}"] = h_v
+        end
+      elsif v.is_a? Array
+        v.each_with_index do |el, i|
+          if el.is_a? Hash
+            flatten_hash(el).map do |el_k, el_v|
+              h["#{k}.#{i}.#{el_k}"] = el_v
+            end
+          else
+            h["#{k}.#{i}"] = el
+          end
+        end
+      else
+        h[k] = v
+      end
+    end
+  end
+
+  def flatten_array(array)
+    a={}
+    array.each_with_index do |el, i|
+      if el.is_a? Hash
+        flatten_hash(el).map do |el_k, el_v|
+          a["#{i}.#{el_k}"] = el_v
+        end
+      else
+        a["#{i}"] = el
+      end
+    end
+    a
+  end
+
+  def construct_output(data)
+    output = ''
+    data.each do |key, value|
+      output << "#{key}=#{value}"
+      output << "\n"
+    end
+    output
+  end
+
+  def render(datum)
+    return datum if datum.is_a?(String) || datum.is_a?(Numeric)
+    # Simple hash
+    if datum.is_a?(Hash)
+      data = flatten_hash(datum)
+      return construct_output(data)
+    elsif datum.is_a?(Array)
+      data = flatten_array(datum)
+      return construct_output(data)
+    end
+    Puppet::Util::Json.dump(datum, :pretty => true, :quirks_mode => true)
+  end
+  def render_multiple(data)
+    data.collect(&:render).join("\n")
+  end
+end
+
+
 Puppet::Network::FormatHandler.create(:rich_data_json, mime: 'application/vnd.puppet.rich+json', charset: Encoding::UTF_8, weight: 30) do
   def intern(klass, text)
     Puppet.override({:rich_data => true}) do
@@ -255,7 +322,8 @@ Puppet::Network::FormatHandler.create_serialized_formats(:rich_data_msgpack, mim
   end
 
   def supported?(klass)
-    klass == Puppet::Resource::Catalog &&
+    suitable? &&
+      klass == Puppet::Resource::Catalog &&
       Puppet.lookup(:current_environment).rich_data?
   end
 end

data/lib/puppet/network/http.rb

@@ -1,3 +1,4 @@
+# This module is used to handle puppet REST requests in puppetserver.
 module Puppet::Network::HTTP
   HEADER_ENABLE_PROFILING = "X-Puppet-Profiling"
   HEADER_PUPPET_VERSION = "X-Puppet-Version"
@@ -8,7 +9,9 @@ module Puppet::Network::HTTP
   CA_URL_PREFIX = "/puppet-ca"
   CA_URL_VERSIONS = "v1"
 
+  require 'puppet/network/authconfig'
   require 'puppet/network/authorization'
+
   require 'puppet/network/http/issues'
   require 'puppet/network/http/error'
   require 'puppet/network/http/route'
@@ -19,7 +22,4 @@ module Puppet::Network::HTTP
   require 'puppet/network/http/response'
   require 'puppet/network/http/request'
   require 'puppet/network/http/memory_response'
-  require 'puppet/network/http/compression'
-
-  require 'puppet/http'
 end

data/lib/puppet/network/http/api/indirected_routes.rb

@@ -1,8 +1,6 @@
-require 'puppet/network/authorization'
 require 'puppet/network/http/api/indirection_type'
 
 class Puppet::Network::HTTP::API::IndirectedRoutes
-  include Puppet::Network::Authorization
 
   # How we map http methods and the indirection name in the URI
   # to an indirection method.
@@ -31,7 +29,8 @@ class Puppet::Network::HTTP::API::IndirectedRoutes
     Puppet::Network::HTTP::Route.path(/.*/).any(new)
   end
 
-  # handle an HTTP request
+  # Handle an HTTP request. The request has already been authenticated prior
+  # to calling this method.
   def call(request, response)
     indirection, method, key, params = uri2indirection(request.method, request.path, request.params)
     certificate = request.client_cert
@@ -99,12 +98,6 @@ class Puppet::Network::HTTP::API::IndirectedRoutes
       params[:environment] = configured_environment
     end
 
-    begin
-      check_authorization(method, "#{url_prefix}/#{indirection_name}/#{key}", params)
-    rescue Puppet::Network::AuthorizationError => e
-      raise Puppet::Network::HTTP::Error::HTTPNotAuthorizedError.new(e.message)
-    end
-
     if configured_environment.nil?
       raise Puppet::Network::HTTP::Error::HTTPNotFoundError.new(
         _("Could not find environment '%{environment}'") % { environment: environment })
@@ -120,17 +113,6 @@ class Puppet::Network::HTTP::API::IndirectedRoutes
     [indirection, method, key, params]
   end
 
-  def self.request_to_uri(request)
-    uri, body = request_to_uri_and_body(request)
-    "#{uri}?#{body}"
-  end
-
-  def self.request_to_uri_and_body(request)
-    url_prefix = IndirectionType.url_prefix_for(request.indirection_name.to_s)
-    indirection = request.method == :search ? pluralize(request.indirection_name.to_s) : request.indirection_name.to_s
-    ["#{url_prefix}/#{indirection}/#{Puppet::Util.uri_encode(request.key)}", "environment=#{request.environment.name}&#{request.query_string}"]
-  end
-
   private
 
   # Execute our find.

data/lib/puppet/network/http/api/master/v3.rb

@@ -1,28 +1,26 @@
 class Puppet::Network::HTTP::API::Master::V3
-  require 'puppet/network/http/api/master/v3/authorization'
   require 'puppet/network/http/api/master/v3/environments'
-  require 'puppet/network/http/api/master/v3/environment'
   require 'puppet/network/http/api/indirected_routes'
 
-  AUTHZ = Authorization.new
+  def self.wrap(&block)
+    lambda do |request, response|
+      Puppet::Network::Authorization.check_external_authorization(request.method, request.path)
+
+      block.call.call(request, response)
+    end
+  end
 
   INDIRECTED = Puppet::Network::HTTP::Route.
       path(/.*/).
-      any(Puppet::Network::HTTP::API::IndirectedRoutes.new)
+      any(wrap { Puppet::Network::HTTP::API::IndirectedRoutes.new } )
 
   ENVIRONMENTS = Puppet::Network::HTTP::Route.
-      path(%r{^/environments$}).get(AUTHZ.wrap do
-    Environments.new(Puppet.lookup(:environments))
-  end)
-
-  ENVIRONMENT = Puppet::Network::HTTP::Route.
-      path(%r{^/environment/[^/]+$}).get(AUTHZ.wrap do
-    Environment.new
-  end)
+      path(%r{^/environments$}).
+      get(wrap { Environments.new(Puppet.lookup(:environments)) } )
 
   def self.routes
     Puppet::Network::HTTP::Route.path(%r{v3}).
         any.
-        chain(ENVIRONMENTS, ENVIRONMENT, INDIRECTED)
+        chain(ENVIRONMENTS, INDIRECTED)
   end
 end