puppet 6.19.0 → 6.22.1

data/lib/puppet/provider/package/aptitude.rb

@@ -26,4 +26,10 @@ Puppet::Type.type(:package).provide :aptitude, :parent => :apt, :source => :dpkg
   def purge
     aptitude '-y', 'purge', @resource[:name]
   end
+
+  private
+
+  def source
+    nil
+  end
 end

data/lib/puppet/provider/package/dnfmodule.rb

@@ -93,7 +93,7 @@ Puppet::Type.type(:package).provide :dnfmodule, :parent => :dnf do
         # module has no default profile and no profile was requested, so just enable the stream
         # DNF versions prior to 4.2.8 do not need this workaround
         # see https://bugzilla.redhat.com/show_bug.cgi?id=1669527
-        if @resource[:flavor] == nil && e.message =~ /^missing groups or modules: #{Regexp.quote(@resource[:name])}$/
+        if @resource[:flavor] == nil && e.message =~ /^(?:missing|broken) groups or modules: #{Regexp.quote(@resource[:name])}$/
           enable(args)
         else
           raise

data/lib/puppet/provider/service/debian.rb

@@ -17,6 +17,8 @@ Puppet::Type.type(:service).provide :debian, :parent => :init do
   commands :invoke_rc => "/usr/sbin/invoke-rc.d"
   commands :service => "/usr/sbin/service"
 
+  confine :false => Puppet::FileSystem.exist?('/proc/1/comm') && Puppet::FileSystem.read('/proc/1/comm').include?('systemd')
+
   defaultfor :operatingsystem => :cumuluslinux, :operatingsystemmajrelease => ['1','2']
   defaultfor :operatingsystem => :debian, :operatingsystemmajrelease => ['5','6','7']
   defaultfor :operatingsystem => :devuan

data/lib/puppet/provider/service/systemd.rb

@@ -30,7 +30,7 @@ Puppet::Type.type(:service).provide :systemd, :parent => :base do
   def self.instances
     i = []
     output = systemctl('list-unit-files', '--type', 'service', '--full', '--all',  '--no-pager')
-    output.scan(/^(\S+)\s+(disabled|enabled|masked|indirect|bad|static)\s*$/i).each do |m|
+    output.scan(/^(\S+)\s+(disabled|enabled|masked|indirect|bad|static)\s*([^-]\S+)?\s*$/i).each do |m|
       Puppet.debug("#{m[0]} marked as bad by `systemctl`. It is recommended to be further checked.") if m[1] == "bad"
       i << new(:name => m[0])
     end

data/lib/puppet/provider/user/aix.rb

@@ -178,7 +178,7 @@ Puppet::Type.type(:user).provide :aix, :parent => Puppet::Provider::AixObject do
       # does not have a password.
       break if line =~ /^\S+:$/
 
-      match_obj = /password = (\S+)/.match(line)
+      match_obj = /password\s+=\s+(\S+)/.match(line)
     end
     return :absent unless match_obj
 
@@ -211,7 +211,7 @@ Puppet::Type.type(:user).provide :aix, :parent => Puppet::Provider::AixObject do
       tempfile = Tempfile.new("puppet_#{user}_pw", :encoding => Encoding::ASCII)
       tempfile << "#{user}:#{value}\n"
       tempfile.close()
-  
+
       # Options '-e', '-c', use encrypted password and clear flags
       # Must receive "user:enc_password" as input
       # command, arguments = {:failonfail => true, :combine => true}

data/lib/puppet/provider/user/useradd.rb

@@ -59,23 +59,37 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
      get(:uid)
   end
 
+  def gid
+     return localgid if @resource.forcelocal?
+     get(:gid)
+  end
+
   def comment
      return localcomment if @resource.forcelocal?
      get(:comment)
   end
 
+  def groups
+     return localgroups if @resource.forcelocal?
+     super
+  end
+
   def finduser(key, value)
-    passwd_file = "/etc/passwd"
+    passwd_file = '/etc/passwd'
     passwd_keys = [:account, :password, :uid, :gid, :gecos, :directory, :shell]
-    index = passwd_keys.index(key)
-    @passwd_content ||= File.read(passwd_file)
-    @passwd_content.each_line do |line|
-      user = line.split(":")
-      if user[index] == value
-        return Hash[passwd_keys.zip(user)]
+
+    unless @users
+      unless Puppet::FileSystem.exist?(passwd_file)
+        raise Puppet::Error.new("Forcelocal set for user resource '#{resource[:name]}', but #{passwd_file} does not exist")
+      end
+
+      @users = []
+      Puppet::FileSystem.each_line(passwd_file) do |line|
+        user = line.chomp.split(':')
+        @users << Hash[passwd_keys.zip(user)]
       end
     end
-    false
+    @users.find { |param| param[key] == value } || false
   end
 
   def local_username
@@ -88,16 +102,56 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ
     false
   end
 
+  def localgid
+    user = finduser(:account, resource[:name])
+    if user
+      begin
+        return Integer(user[:gid])
+      rescue ArgumentError
+        Puppet.debug("Non-numeric GID found in /etc/passwd for user #{resource[:name]}")
+        return user[:gid]
+      end
+    end
+    false
+  end
+
   def localcomment
     user = finduser(:account, resource[:name])
     user[:gecos]
   end
 
+  def localgroups
+    @groups_of ||= {}
+    group_file = '/etc/group'
+    user = resource[:name]
+
+    return @groups_of[user] if @groups_of[user]
+
+    @groups_of[user] = []
+
+    unless Puppet::FileSystem.exist?(group_file)
+      raise Puppet::Error.new("Forcelocal set for user resource '#{user}', but #{group_file} does not exist")
+    end
+
+    Puppet::FileSystem.each_line(group_file) do |line|
+      data = line.chomp.split(':')
+      if !data.empty? && data.last.split(',').include?(user)
+        @groups_of[user] << data.first
+      end
+    end
+
+    @groups_of[user]
+  end
+
   def shell=(value)
     check_valid_shell
     set(:shell, value)
   end
 
+  def groups=(value)
+    set(:groups, value)
+  end
+
   verify :gid, "GID must be an integer" do |value|
     value.is_a? Integer
   end

data/lib/puppet/reference/configuration.rb

@@ -55,11 +55,12 @@ config.header = <<EOT
 * Each of these settings can be specified in `puppet.conf` or on the
   command line.
 * Puppet Enterprise (PE) and open source Puppet share the configuration settings
-  that are documented here. However, PE defaults for some settings differ from
-  the open source Puppet defaults. Some examples of settings that have different
-  PE defaults include `disable18n`, `environment_timeout`, `always_retry_plugins`,
-  and the Puppet Server JRuby `max-active-instances` setting. To verify PE
-  configuration defaults, check the `puppet.conf` file after installation.
+  documented here. However, PE defaults differ from open source defaults for some 
+  settings, such as `node_terminus`, `storeconfigs`, `always_retry_plugins`, 
+  `disable18n`, `environment_timeout` (when Code Manager is enabled), and the 
+  Puppet Server JRuby `max-active-instances` setting. To verify PE configuration 
+  defaults, check the `puppet.conf` or `pe-puppet-server.conf` file after 
+  installation.
 * When using boolean settings on the command line, use `--setting` and
   `--no-setting` instead of `--setting (true|false)`. (Using `--setting false`
   results in "Error: Could not parse application options: needless argument".)

data/lib/puppet/settings.rb

@@ -32,6 +32,7 @@ class Puppet::Settings
   require 'puppet/settings/server_list_setting'
   require 'puppet/settings/http_extra_headers_setting'
   require 'puppet/settings/certificate_revocation_setting'
+  require 'puppet/settings/alias_setting'
 
   # local reference for convenience
   PuppetOptionParser = Puppet::Util::CommandLine::PuppetOptionParser
@@ -729,7 +730,8 @@ class Puppet::Settings
       :autosign   => AutosignSetting,
       :server_list => ServerListSetting,
       :http_extra_headers => HttpExtraHeadersSetting,
-      :certificate_revocation => CertificateRevocationSetting
+      :certificate_revocation => CertificateRevocationSetting,
+      :alias => AliasSetting
   }
 
   # Create a new setting.  The value is passed in because it's used to determine
@@ -916,6 +918,16 @@ class Puppet::Settings
     end
   end
 
+  # Allow later inspection to determine if the setting was set by user
+  # config, rather than a default setting.
+  def set_in_section?(param, section)
+    param = param.to_sym
+    vals = searchpath_values(SearchPathElement.new(section, :section))
+    if vals
+      vals.lookup(param)
+    end
+  end
+
   # Patches the value for a param in a section.
   # This method is required to support the use case of unifying --dns-alt-names and
   # --dns_alt_names in the certificate face. Ideally this should be cleaned up.
@@ -1250,27 +1262,37 @@ Generated on #{Time.now}.
   end
 
   def add_environment_resources(catalog, sections)
-    path = self[:environmentpath]
-    envdir = path.split(File::PATH_SEPARATOR).first if path
     configured_environment = self[:environment]
-    if configured_environment == "production" && envdir && Puppet::FileSystem.exist?(envdir)
-      configured_environment_path = File.join(envdir, configured_environment)
-      # If configured_environment_path is a symlink, assume the source path is being managed
-      # elsewhere, so don't do any of this configuration
-      if !Puppet::FileSystem.symlink?(configured_environment_path)
+
+    if configured_environment == "production" && !production_environment_exists?
+      environment_path = self[:environmentpath]
+      first_environment_path = environment_path.split(File::PATH_SEPARATOR).first
+
+      if Puppet::FileSystem.exist?(first_environment_path)
+        production_environment_path = File.join(first_environment_path, configured_environment)
         parameters = { :ensure => 'directory' }
-        unless Puppet::FileSystem.exist?(configured_environment_path)
-          parameters[:mode] = '0750'
-          if Puppet.features.root?
-            parameters[:owner] = Puppet[:user] if service_user_available?
-            parameters[:group] = Puppet[:group] if service_group_available?
-          end
+        parameters[:mode] = '0750'
+        if Puppet.features.root?
+          parameters[:owner] = Puppet[:user] if service_user_available?
+          parameters[:group] = Puppet[:group] if service_group_available?
         end
-        catalog.add_resource(Puppet::Resource.new(:file, configured_environment_path, :parameters => parameters))
+        catalog.add_resource(Puppet::Resource.new(:file, production_environment_path, :parameters => parameters))
       end
     end
   end
 
+  def production_environment_exists?
+    environment_path = self[:environmentpath]
+    paths = environment_path.split(File::PATH_SEPARATOR)
+
+    paths.any? do |path|
+      # If expected_path is a symlink, assume the source path is being managed
+      # elsewhere, so accept it also as a valid production environment path
+      expected_path = File.join(path, 'production')
+      Puppet::FileSystem.directory?(expected_path) || Puppet::FileSystem.symlink?(expected_path)
+    end
+  end
+
   def add_user_resources(catalog, sections)
     return unless Puppet.features.root?
     return if Puppet::Util::Platform.windows?
@@ -1371,6 +1393,12 @@ Generated on #{Time.now}.
         end
       end
 
+      setting  = @defaults[name]
+      if setting.respond_to?(:alias_name)
+        val  = lookup(setting.alias_name)
+        return val if val
+      end
+
       @defaults[name].default
     end
 

data/lib/puppet/settings/alias_setting.rb

@@ -0,0 +1,37 @@
+class Puppet::Settings::AliasSetting
+  attr_reader :name, :alias_name
+
+  def initialize(args = {})
+    @name = args[:name]
+    @alias_name = args[:alias_for]
+    @alias_for = Puppet.settings.setting(alias_name)
+  end
+
+  def optparse_args
+    args = @alias_for.optparse_args
+    args[0].gsub!(alias_name.to_s, name.to_s)
+    args
+  end
+
+  def getopt_args
+    args = @alias_for.getopt_args
+    args[0].gsub!(alias_name.to_s, name.to_s)
+    args
+  end
+
+  def type
+    :alias
+  end
+
+  def method_missing(method, *args)
+    begin
+      alias_for.send(method, *args)
+    rescue => e
+      Puppet.log_exception(self.class, e.message)
+    end
+  end
+
+  private
+
+  attr_reader :alias_for
+end

data/lib/puppet/settings/base_setting.rb

@@ -1,3 +1,4 @@
+require 'set'
 require 'puppet/settings/errors'
 
 # The base setting type
@@ -5,27 +6,50 @@ class Puppet::Settings::BaseSetting
   attr_accessor :name, :desc, :section, :default, :call_hook
   attr_reader :short, :deprecated
 
+  # Hooks are called during different parts of the settings lifecycle:
+  #
+  # * :on_write_only - This is the default hook type. The hook will be called
+  #   if its value is set in `main` or programmatically. If its value is set in
+  #   a section that doesn't match the application's run mode, it will be
+  #   ignored entirely. If the section does match the run mode, the value will
+  #   be used, but the hook will not be called!
+  #
+  # * :on_define_and_write - The hook behaves the same as above, except it is
+  #   also called immediately when the setting is defined in
+  #   {Puppet::Settings.define_settings}. In that case, the hook receives the
+  #   default value as specified.
+  #
+  # * :on_initialize_and_write - The hook will be called if the value is set in
+  #   `main`, the section that matches the run mode, or programmatically.
+  #
+  HOOK_TYPES = Set.new([:on_define_and_write, :on_initialize_and_write, :on_write_only]).freeze
+
   def self.available_call_hook_values
-    [:on_define_and_write, :on_initialize_and_write, :on_write_only]
+    HOOK_TYPES.to_a
   end
 
+  # Registers a hook to be called later based on the type of hook specified in `value`.
+  #
+  # @param value [Symbol] One of {HOOK_TYPES}
   def call_hook=(value)
     if value.nil?
       #TRANSLATORS ':%{name}', ':call_hook', and ':on_write_only' should not be translated
       Puppet.warning _("Setting :%{name} :call_hook is nil, defaulting to :on_write_only") % { name: name }
       value = :on_write_only
     end
-    unless self.class.available_call_hook_values.include?(value)
+    unless HOOK_TYPES.include?(value)
       #TRANSLATORS 'call_hook' is a Puppet option name and should not be translated
       raise ArgumentError, _("Invalid option %{value} for call_hook") % { value: value }
     end
     @call_hook = value
   end
 
+  # @see {HOOK_TYPES}
   def call_hook_on_define?
     call_hook == :on_define_and_write
   end
 
+  # @see {HOOK_TYPES}
   def call_hook_on_initialize?
     call_hook == :on_initialize_and_write
   end

data/lib/puppet/settings/environment_conf.rb

@@ -29,6 +29,7 @@ class Puppet::Settings::EnvironmentConf
       section = config.sections[:main]
     rescue Errno::ENOENT
       # environment.conf is an optional file
+      Puppet.debug { "Path to #{path_to_env} does not exist, using default environment.conf" }
     end
 
     new(path_to_env, section, global_module_path)

data/lib/puppet/type/package.rb

@@ -426,10 +426,10 @@ module Puppet
     end
 
     newparam(:source) do
-      desc "Where to find the package file. This is only used by providers that don't
+      desc "Where to find the package file. This is mostly used by providers that don't
         automatically download packages from a central repository. (For example:
-        the `yum` and `apt` providers ignore this attribute, but the `rpm` and
-        `dpkg` providers require it.)
+        the `yum` provider ignores this attribute, `apt` provider uses it if present
+        and the `rpm` and `dpkg` providers require it.)
 
         Different providers accept different values for `source`. Most providers
         accept paths to local files stored on the target system. Some providers

data/lib/puppet/util/autoload.rb

@@ -166,14 +166,7 @@ class Puppet::Util::Autoload
     # Normalize a path. This converts ALT_SEPARATOR to SEPARATOR on Windows
     # and eliminates unnecessary parts of a path.
     def cleanpath(path)
-      # There are two cases here because cleanpath does not handle absolute
-      # paths correctly on windows (c:\ and c:/ are treated as distinct) but
-      # we don't want to convert relative paths to absolute
-      if Puppet::Util.absolute_path?(path)
-        File.expand_path(path)
-      else
-        Pathname.new(path).cleanpath.to_s
-      end
+      Pathname.new(path).cleanpath.to_s
     end
   end
 

data/lib/puppet/util/fact_dif.rb

@@ -0,0 +1,81 @@
+require 'json'
+
+class FactDif
+  def initialize(old_output, new_output, exclude_list, save_structured)
+    @c_facter = JSON.parse(old_output)
+    @next_facter = JSON.parse(new_output)
+    @exclude_list = exclude_list
+    @save_structured = save_structured
+    @flat_diff = []
+    @diff = {}
+  end
+
+  def difs
+    search_hash(((@c_facter.to_a - @next_facter.to_a) | (@next_facter.to_a - @c_facter.to_a)).to_h)
+
+    @flat_diff.sort_by { |a| a[0] }.each do |pair|
+      fact_path = pair[0]
+      value = pair[1]
+      compare(fact_path, value, @c_facter)
+      compare(fact_path, value, @next_facter)
+    end
+
+    @diff
+  end
+
+  private
+
+  def search_hash(sh, path = [])
+    if sh.is_a?(Hash)
+      sh.each do |k, v|
+        search_hash(v, path.push(k))
+        path.pop
+      end
+    elsif sh.is_a?(Array)
+      sh.each_with_index do |v, index|
+        search_hash(v, path.push(index))
+        path.pop
+      end
+    else
+      @flat_diff.push([path.dup, sh])
+    end
+  end
+
+  def compare(fact_path, given_value, compared_hash)
+    compared_value = compared_hash.dig(*fact_path)
+    if different?(compared_value, given_value) && !excluded?(fact_path.join('.'))
+      fact_path = fact_path.map{|f| f.to_s.include?('.') ? "\"#{f}\"" : f}.join('.') unless @save_structured
+      if compared_hash == @c_facter
+        bury(*fact_path, { :new_value => given_value, :old_value => compared_value }, @diff)
+      else
+        bury(*fact_path, { :new_value => compared_value, :old_value => given_value }, @diff)
+      end
+    end
+  end
+
+  def bury(*paths, value, hash)
+    if paths.count > 1
+      path = paths.shift
+      hash[path] = Hash.new unless hash.key?(path)
+      bury(*paths, value, hash[path])
+    else
+      hash[*paths] = value
+    end
+  end
+
+  def different?(new, old)
+    if old.is_a?(String) && new.is_a?(String) && (old.include?(',') || new.include?(','))
+      old_values = old.split(',')
+      new_values = new.split(',')
+
+      diff = (old_values - new_values) | (new_values - old_values)
+      return diff.size.positive?
+    end
+
+    old != new
+  end
+
+  def excluded?(fact_name)
+    @exclude_list.any? {|excluded_fact| fact_name =~ /#{excluded_fact}/}
+  end
+end