puppet 6.19.0 → 6.22.1

data/lib/puppet/module_tool/errors/shared.rb

@@ -7,6 +7,7 @@ module Puppet::ModuleTool::Errors
       @installed_version = options[:installed_version]
       @conditions        = options[:conditions]
       @action            = options[:action]
+      @unsatisfied       = options[:unsatisfied]
 
       super _("Could not %{action} '%{module_name}' (%{version}); no version satisfies all dependencies") % { action: @action, module_name: @requested_name, version: vstring }
     end
@@ -14,9 +15,23 @@ module Puppet::ModuleTool::Errors
     def multiline
       message = []
       message << _("Could not %{action} module '%{module_name}' (%{version})") % { action: @action, module_name: @requested_name, version: vstring }
-      message << _("  No version of '%{module_name}' can satisfy all dependencies") % { module_name: @requested_name }
+
+      if @unsatisfied
+        message << _("  The requested version cannot satisfy one or more of the following installed modules:")
+        if @unsatisfied[:current_version]
+          message << _("    %{name}, installed: %{current_version}, expected: %{constraints}") % { name: @unsatisfied[:name], current_version: @unsatisfied[:current_version], constraints: @unsatisfied[:constraints][@unsatisfied[:name]] }
+        else
+          @unsatisfied[:constraints].each do |mod, range|
+            message << _("    %{mod}, expects '%{name}': %{range}") % { mod: mod, name: @requested_name, range: range }
+          end
+        end
+        message << _("")
+      else
+        message << _("  The requested version cannot satisfy all dependencies")
+      end
+
       #TRANSLATORS `puppet module %{action} --ignore-dependencies` is a command line and should not be translated
-      message << _("    Use `puppet module %{action} --ignore-dependencies` to %{action} only this module") % { action: @action }
+      message << _("  Use `puppet module %{action} '%{module_name}' --ignore-dependencies` to %{action} only this module") % { action: @action, module_name: @requested_name }
       message.join("\n")
     end
   end

data/lib/puppet/network/formats.rb

@@ -183,6 +183,73 @@ Puppet::Network::FormatHandler.create(:console,
   end
 end
 
+Puppet::Network::FormatHandler.create(:flat,
+                                      :mime   => 'text/x-flat-text',
+                                      :weight => 0) do
+
+  def flatten_hash(hash)
+    hash.each_with_object({}) do |(k, v), h|
+      if v.is_a? Hash
+        flatten_hash(v).map do |h_k, h_v|
+          h["#{k}.#{h_k}"] = h_v
+        end
+      elsif v.is_a? Array
+        v.each_with_index do |el, i|
+          if el.is_a? Hash
+            flatten_hash(el).map do |el_k, el_v|
+              h["#{k}.#{i}.#{el_k}"] = el_v
+            end
+          else
+            h["#{k}.#{i}"] = el
+          end
+        end
+      else
+        h[k] = v
+      end
+    end
+  end
+
+  def flatten_array(array)
+    a={}
+    array.each_with_index do |el, i|
+      if el.is_a? Hash
+        flatten_hash(el).map do |el_k, el_v|
+          a["#{i}.#{el_k}"] = el_v
+        end
+      else
+        a["#{i}"] = el
+      end
+    end
+    a
+  end
+
+  def construct_output(data)
+    output = ''
+    data.each do |key, value|
+      output << "#{key}=#{value}"
+      output << "\n"
+    end
+    output
+  end
+
+  def render(datum)
+    return datum if datum.is_a?(String) || datum.is_a?(Numeric)
+    # Simple hash
+    if datum.is_a?(Hash)
+      data = flatten_hash(datum)
+      return construct_output(data)
+    elsif datum.is_a?(Array)
+      data = flatten_array(datum)
+      return construct_output(data)
+    end
+    Puppet::Util::Json.dump(datum, :pretty => true, :quirks_mode => true)
+  end
+  def render_multiple(data)
+    data.collect(&:render).join("\n")
+  end
+end
+
+
 Puppet::Network::FormatHandler.create(:rich_data_json, mime: 'application/vnd.puppet.rich+json', charset: Encoding::UTF_8, weight: 30) do
   def intern(klass, text)
     Puppet.override({:rich_data => true}) do
@@ -255,7 +322,8 @@ Puppet::Network::FormatHandler.create_serialized_formats(:rich_data_msgpack, mim
   end
 
   def supported?(klass)
-    klass == Puppet::Resource::Catalog &&
+    suitable? &&
+      klass == Puppet::Resource::Catalog &&
       Puppet.lookup(:current_environment).rich_data?
   end
 end

data/lib/puppet/network/http/factory.rb

@@ -27,6 +27,10 @@ class Puppet::Network::HTTP::Factory
 
     http = Puppet::Util::HttpProxy.proxy(URI(site.addr))
     http.use_ssl = site.use_ssl?
+    if site.use_ssl?
+      http.min_version = OpenSSL::SSL::TLS1_VERSION if http.respond_to?(:min_version)
+      http.ciphers = Puppet[:ciphers]
+    end
     http.read_timeout = Puppet[:http_read_timeout]
     http.open_timeout = Puppet[:http_connect_timeout]
     http.keep_alive_timeout = KEEP_ALIVE_TIMEOUT if http.respond_to?(:keep_alive_timeout=)

data/lib/puppet/pal/pal_impl.rb

@@ -58,8 +58,8 @@ module Pal
       configured_by_env: false,
       manifest_file:     nil,
       code_string:       nil,
-      facts:             nil,
-      variables:         nil,
+      facts:             {},
+      variables:         {},
       set_local_facts:   true,
       &block
     )
@@ -93,7 +93,14 @@ module Pal
 
     # If manifest_file is nil, the #main method will use the env configured manifest
     # to do things in the block while a Script Compiler is in effect
-    main(manifest_file, facts, variables, :script, set_local_facts, &block)
+    main(
+      manifest:                manifest_file,
+      facts:                   facts,
+      variables:               variables,
+      internal_compiler_class: :script,
+      set_local_facts:         set_local_facts,
+      &block
+    )
   ensure
     Puppet[:tasks] = previous_tasks_value
     Puppet[:code] = previous_code_value
@@ -157,8 +164,9 @@ module Pal
     configured_by_env: false,
       manifest_file:     nil,
       code_string:       nil,
-      facts:             nil,
-      variables:         nil,
+      facts:             {},
+      variables:         {},
+      target_variables:  {},
       &block
   )
     # TRANSLATORS: do not translate variable name strings in these assertions
@@ -193,7 +201,15 @@ module Pal
 
     # If manifest_file is nil, the #main method will use the env configured manifest
     # to do things in the block while a Script Compiler is in effect
-    main(manifest_file, facts, variables, :catalog, false, &block)
+    main(
+      manifest:                manifest_file,
+      facts:                   facts,
+      variables:               variables,
+      target_variables:        target_variables,
+      internal_compiler_class: :catalog,
+      set_local_facts:         false,
+      &block
+    )
   ensure
     # Clean up after ourselves
     Puppet[:tasks] = previous_tasks_value
@@ -382,11 +398,12 @@ module Pal
   # the provided block
   #
   def self.main(
-    manifest,
-    facts,
-    variables,
-    internal_compiler_class,
-    set_local_facts
+    manifest:                nil,
+    facts:                   {},
+    variables:               {},
+    target_variables:        {},
+    internal_compiler_class: nil,
+    set_local_facts:         true
   )
     # Configure the load path
     env = Puppet.lookup(:pal_env)
@@ -403,14 +420,11 @@ module Pal
     pal_variables = Puppet.lookup(:pal_variables)
 
     overrides = {}
+
     unless facts.nil? || facts.empty?
       pal_facts = pal_facts.merge(facts)
       overrides[:pal_facts] = pal_facts
     end
-    unless variables.nil? || variables.empty?
-      pal_variables = pal_variables.merge(variables)
-      overrides[:pal_variables] = pal_variables
-    end
 
     prepare_node_facts(node, pal_facts)
 
@@ -463,10 +477,17 @@ module Pal
         # TRANSLATORS: Do not translate, symbolic name
         Puppet.override(overrides, "PAL::with_#{internal_compiler_class}_compiler") do
           compiler.compile do | compiler_yield |
-            # In case the varaibles passed to the compiler are PCore types defined in modules, they
+            # In case the variables passed to the compiler are PCore types defined in modules, they
             # need to be deserialized and added from within the this scope, so that loaders are
             # available during deserizlization.
-            add_variables(compiler.topscope, Puppet::Pops::Serialization::FromDataConverter.convert(pal_variables))
+            pal_variables = Puppet::Pops::Serialization::FromDataConverter.convert(pal_variables)
+            variables     = Puppet::Pops::Serialization::FromDataConverter.convert(variables)
+
+            # Merge together target variables and plan variables. This will also shadow any
+            # collisions with facts and emit a warning.
+            topscope_vars = pal_variables.merge(merge_vars(target_variables, variables, node.facts.values))
+
+            add_variables(compiler.topscope, topscope_vars)
             # wrap the internal compiler to prevent it from leaking in the PAL API
             if block_given?
               yield(pal_compiler)
@@ -486,6 +507,38 @@ module Pal
   end
   private_class_method :main
 
+  # Warn and remove variables that will be shadowed by facts of the same
+  # name, which are set in scope earlier.
+  def self.merge_vars(target_vars, vars, facts)
+    # First, shadow plan and target variables by facts of the same name
+    vars        = shadow_vars(facts || {}, vars, 'fact', 'plan variable')
+    target_vars = shadow_vars(facts || {}, target_vars, 'fact', 'target variable')
+    # Then, shadow target variables by plan variables of the same name
+    target_vars = shadow_vars(vars, target_vars, 'plan variable', 'target variable')
+
+    target_vars.merge(vars)
+  end
+  private_class_method :merge_vars
+
+  def self.shadow_vars(vars, other_vars, vars_type, other_vars_type)
+    collisions, valid = other_vars.partition do |k, _|
+      vars.include?(k)
+    end
+
+    if collisions.any?
+      names = collisions.map { |k, _| "$#{k}" }.join(', ')
+      plural = collisions.length == 1 ? '' : 's'
+
+      Puppet.warning(
+        "#{other_vars_type.capitalize}#{plural} #{names} will be overridden by "\
+        "#{vars_type}#{plural} of the same name in the apply block"
+      )
+    end
+
+    valid.to_h
+  end
+  private_class_method :shadow_vars
+
   def self.create_internal_compiler(compiler_class_reference, node)
     case compiler_class_reference
     when :script

data/lib/puppet/parser/ast/leaf.rb

@@ -50,8 +50,9 @@ class Puppet::Parser::AST::HostName < Puppet::Parser::AST::Leaf
 end
 
 class Puppet::Parser::AST::Regex < Puppet::Parser::AST::Leaf
-  def initialize(hash)
-    super(**hash)
+  def initialize(value: nil, file: nil, line: nil, pos: nil)
+    super(value: value, file: file, line: line, pos: pos)
+
     # transform value from hash options unless it is already a regular expression
     @value = Regexp.new(@value) unless @value.is_a?(Regexp)
   end

data/lib/puppet/parser/templatewrapper.rb

@@ -50,7 +50,7 @@ class Puppet::Parser::TemplateWrapper
   # @return [Array<String>] The tags defined in the current scope
   # @api public
   def tags
-    scope.tags
+    raise NotImplementedError, "Call 'all_tags' instead."
   end
 
   # @return [Array<String>] All the defined tags

data/lib/puppet/pops/evaluator/deferred_resolver.rb

@@ -16,10 +16,12 @@ class DeferredResolver
   #
   # @param facts [Puppet::Node::Facts] the facts object for the node
   # @param catalog [Puppet::Resource::Catalog] the catalog where all deferred values should be replaced
+  # @param environment [Puppet::Node::Environment] the environment whose anonymous module methods
+  #  are to be mixed into the scope
   # @return [nil] does not return anything - the catalog is modified as a side effect
   #
-  def self.resolve_and_replace(facts, catalog)
-    compiler = Puppet::Parser::ScriptCompiler.new(catalog.environment_instance, catalog.name, true)
+  def self.resolve_and_replace(facts, catalog, environment = catalog.environment_instance)
+    compiler = Puppet::Parser::ScriptCompiler.new(environment, catalog.name, true)
     resolver = new(compiler)
     resolver.set_facts_variable(facts)
     # TODO:
@@ -108,7 +110,7 @@ class DeferredResolver
     # If any of the arguments to a future is a future it needs to be resolved first
     func_name = f.name
     mapped_arguments = map_arguments(f.arguments)
-    # if name starts with $ then this is a call to dig 
+    # if name starts with $ then this is a call to dig
     if func_name[0] == DOLLAR
       var_name = func_name[1..-1]
       func_name = DIG

data/lib/puppet/pops/evaluator/evaluator_impl.rb

@@ -462,10 +462,24 @@ class EvaluatorImpl
   end
 
   def eval_EppExpression(o, scope)
+    contains_sensitive = false
+
     scope["@epp"] = []
     evaluate(o.body, scope)
-    result = scope["@epp"].join
-    result
+    result = scope["@epp"].map do |r|
+      if r.instance_of?(Puppet::Pops::Types::PSensitiveType::Sensitive)
+        contains_sensitive = true
+        string(r.unwrap, scope)
+      else
+        r
+      end
+    end.join
+
+    if contains_sensitive
+      Puppet::Pops::Types::PSensitiveType::Sensitive.new(result)
+    else
+      result
+    end
   end
 
   def eval_RenderStringExpression(o, scope)
@@ -474,7 +488,12 @@ class EvaluatorImpl
   end
 
   def eval_RenderExpression(o, scope)
-    scope["@epp"] << string(evaluate(o.expr, scope), scope)
+    result = evaluate(o.expr, scope)
+    if result.instance_of?(Puppet::Pops::Types::PSensitiveType::Sensitive)
+      scope["@epp"] << result
+    else
+      scope["@epp"] << string(result, scope)
+    end
     nil
   end
 

data/lib/puppet/pops/model/ast_transformer.rb

@@ -31,7 +31,7 @@ class Puppet::Pops::Model::AstTransformer
   def ast(o, klass, hash={})
     # create and pass hash with file and line information
     # PUP-3274 - still needed since hostname transformation requires AST::HostName, and AST::Regexp
-    klass.new(merge_location(hash, o))
+    klass.new(**merge_location(hash, o))
   end
 
   # THIS IS AN EXPENSIVE OPERATION

data/lib/puppet/property/list.rb

@@ -47,7 +47,7 @@ module Puppet
         #ok, some 'convention' if the list property is named groups, provider should implement a groups method
         tmp = provider.send(name) if provider
         if tmp && tmp != :absent
-          return tmp.split(delimiter)
+          return tmp.instance_of?(Array) ? tmp : tmp.split(delimiter)
         else
           return :absent
         end

data/lib/puppet/provider/group/groupadd.rb

@@ -130,16 +130,21 @@ Puppet::Type.type(:group).provide :groupadd, :parent => Puppet::Provider::NameSe
   private
 
   def findgroup(key, value)
-    group_file = "/etc/group"
+    group_file = '/etc/group'
     group_keys = [:group_name, :password, :gid, :user_list]
-    index = group_keys.index(key)
-    @group_content ||= File.read(group_file)
-    @group_content.each_line do |line|
-      group = line.split(":")
-      if group[index] == value
-        return Hash[group_keys.zip(group)]
+
+    unless @groups
+      unless Puppet::FileSystem.exist?(group_file)
+        raise Puppet::Error.new("Forcelocal set for group resource '#{resource[:name]}', but #{group_file} does not exist")
+      end
+
+      @groups = []
+      Puppet::FileSystem.each_line(group_file) do |line|
+        group = line.chomp.split(':')
+        @groups << Hash[group_keys.zip(group)]
       end
     end
-    false
+
+    @groups.find { |param| param[key] == value } || false
   end
 end

data/lib/puppet/provider/package/apt.rb

@@ -42,7 +42,11 @@ Puppet::Type.type(:package).provide :apt, :parent => :dpkg, :source => :dpkg do
 
   def query
     hash = super
-    hash[:mark] = :manual if aptmark('showmanual').split("\n").include?(@resource[:name])
+
+    if !%i(absent purged).include?(hash[:ensure]) && aptmark('showmanual', @resource[:name]).strip == @resource[:name]
+      hash[:mark] = :manual
+    end
+
     hash
   end
 
@@ -51,6 +55,10 @@ Puppet::Type.type(:package).provide :apt, :parent => :dpkg, :source => :dpkg do
     @property_flush = {}
   end
 
+  def mark
+    @property_flush[:mark]
+  end
+
   def mark=(value)
     @property_flush[:mark] = value
   end
@@ -143,7 +151,13 @@ Puppet::Type.type(:package).provide :apt, :parent => :dpkg, :source => :dpkg do
     end
 
     cmd += install_options if @resource[:install_options]
-    cmd << :install << str
+    cmd << :install
+
+    if source
+      cmd << source
+    else
+      cmd << str
+    end
 
     self.unhold if self.properties[:mark] == :hold
     begin
@@ -151,6 +165,18 @@ Puppet::Type.type(:package).provide :apt, :parent => :dpkg, :source => :dpkg do
     ensure
       self.hold if @resource[:mark] == :hold
     end
+
+    # If a source file was specified, we must make sure the expected version was installed from specified file
+    if source && !%i(present installed).include?(should)
+      is = self.query
+      raise Puppet::Error, _("Could not find package %{name}") % { name: self.name } unless is
+
+      version = is[:ensure]
+
+      raise Puppet::Error, _("Failed to update to version %{should}, got version %{version} instead") % { should: should, version: version } unless
+        insync?(version)
+    end
+
   end
 
   # What's the latest package version available?
@@ -227,4 +253,10 @@ Puppet::Type.type(:package).provide :apt, :parent => :dpkg, :source => :dpkg do
     end
     should_range.include?(is_version)
   end
+
+  private
+
+  def source
+    @source ||= @resource[:source]
+  end
 end