puppet 6.19.0 → 6.22.1

data/man/man8/puppet-resource.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-RESOURCE" "8" "October 2020" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-RESOURCE" "8" "April 2021" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-resource\fR \- The resource abstraction layer shell

data/man/man8/puppet-script.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-SCRIPT" "8" "October 2020" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-SCRIPT" "8" "April 2021" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-script\fR \- Run a puppet manifests as a script without compiling a catalog
@@ -34,7 +34,7 @@ Print this help message
 .
 .TP
 \-\-logdest
-Where to send log messages\. Choose between \'syslog\' (the POSIX syslog service), \'eventlog\' (the Windows Event Log), \'console\', or the path to a log file\. Defaults to \'console\'\.
+Where to send log messages\. Choose between \'syslog\' (the POSIX syslog service), \'eventlog\' (the Windows Event Log), \'console\', or the path to a log file\. Defaults to \'console\'\. Multiple destinations can be set using a comma separated list (eg: \fB/path/file1,console,/path/file2\fR)"
 .
 .IP
 A path ending with \'\.json\' will receive structured output in JSON format\. The log file will not have an ending \']\' automatically written to it due to the appending nature of logging\. It must be appended manually to make the content valid JSON\.

data/man/man8/puppet-ssl.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-SSL" "8" "October 2020" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-SSL" "8" "April 2021" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-ssl\fR \- Manage SSL keys and certificates for puppet SSL clients
@@ -52,4 +52,8 @@ Verify the private key and certificate are present and match, verify the certifi
 .TP
 clean
 Remove the private key and certificate related files for this host\. If \fB\-\-localca\fR is specified, then also remove this host\'s local copy of the CA certificate(s) and CRL bundle\. if \fB\-\-target CERTNAME\fR is specified, then remove the files for the specified device on this host instead of this host\.
+.
+.TP
+show
+Print the full\-text version of this host\'s certificate\.
 

data/man/man8/puppet-status.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-STATUS" "8" "October 2020" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-STATUS" "8" "April 2021" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-status\fR \- View puppet server status\.

data/man/man8/puppet.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET" "8" "October 2020" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET" "8" "April 2021" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\fR
@@ -25,4 +25,4 @@ Specialized:
 catalog Compile, save, view, and convert catalogs\. describe Display help about resource types device Manage remote network devices doc Generate Puppet references epp Interact directly with the EPP template parser/renderer\. facts Retrieve and store facts\. filebucket Store and retrieve files in a filebucket generate Generates Puppet code from Ruby definitions\. node View and manage node definitions\. parser Interact directly with the parser\. plugin Interact with the Puppet plugin system\. script Run a puppet manifests as a script without compiling a catalog ssl Manage SSL keys and certificates for puppet SSL clients
 .
 .P
-See \'puppet help \fIsubcommand\fR \fIaction\fR\' for help on a specific subcommand action\. See \'puppet help \fIsubcommand\fR\' for help on a specific subcommand\. Puppet v6\.19\.0
+See \'puppet help \fIsubcommand\fR \fIaction\fR\' for help on a specific subcommand action\. See \'puppet help \fIsubcommand\fR\' for help on a specific subcommand\. Puppet v6\.22\.0

data/spec/fixtures/integration/application/agent/cached_deferred_catalog.json

@@ -0,0 +1,91 @@
+{
+  "tags": [
+    "settings"
+  ],
+  "name": "127.0.0.1",
+  "version": 1607629733,
+  "code_id": null,
+  "catalog_uuid": "afc8472a-306b-4b24-b060-e956dffb79b8",
+  "catalog_format": 1,
+  "environment": "production",
+  "resources": [
+    {
+      "type": "Stage",
+      "title": "main",
+      "tags": [
+        "stage"
+      ],
+      "exported": false,
+      "parameters": {
+        "name": "main"
+      }
+    },
+    {
+      "type": "Class",
+      "title": "Settings",
+      "tags": [
+        "class",
+        "settings"
+      ],
+      "exported": false
+    },
+    {
+      "type": "Class",
+      "title": "main",
+      "tags": [
+        "class"
+      ],
+      "exported": false,
+      "parameters": {
+        "name": "main"
+      }
+    },
+    {
+      "type": "Notify",
+      "title": "deferred",
+      "tags": [
+        "notify",
+        "deferred",
+        "class"
+      ],
+      "file": "",
+      "line": 1,
+      "exported": false,
+      "parameters": {
+        "message": {
+          "__ptype": "Deferred",
+          "name": "new",
+          "arguments": [
+            {
+              "__ptype": "Pcore::StringType"
+            },
+            {
+              "__ptype": "Deferred",
+              "name": "binary_file",
+              "arguments": [
+                "__SOURCE_PATH__"
+              ]
+            }
+          ]
+        }
+      }
+    }
+  ],
+  "edges": [
+    {
+      "source": "Stage[main]",
+      "target": "Class[Settings]"
+    },
+    {
+      "source": "Stage[main]",
+      "target": "Class[main]"
+    },
+    {
+      "source": "Class[main]",
+      "target": "Notify[deferred]"
+    }
+  ],
+  "classes": [
+    "settings"
+  ]
+}

data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services_vendor_preset

@@ -0,0 +1,9 @@
+UNIT FILE                                  STATE           VENDOR PRESET
+arp-ethers.service                         disabled        disabled     
+auditd.service                             enabled         enabled      
+dbus.service                               enabled         disabled     
+udev.service                               enabled-runtime disabled
+umountfs.service                           linked-runtime  disabled
+umountnfs.service                          masked          disabled
+umountroot.service                         masked-runtime  disabled
+urandom.service                            indirect        enabled

data/spec/fixtures/unit/provider/user/aix/aix_passwd_file.out

@@ -6,6 +6,10 @@ test_aix_user:
 no_password_user:
         lastupdate = another_last_update
 
+tab_password_user:
+        password  =  some_password
+        lastupdate = another_last_update
+
 daemon:
         password = *
 

data/spec/integration/application/agent_spec.rb

@@ -100,10 +100,10 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
   end
 
   context 'rich data' do
-    it "applies deferred values" do
+    it "calls a deferred 4x function" do
       catalog_handler = -> (req, res) {
         catalog = compile_to_catalog(<<-MANIFEST, node)
-          notify { 'deferred':
+          notify { 'deferred4x':
             message => Deferred('join', [[1,2,3], ':'])
           }
         MANIFEST
@@ -118,7 +118,66 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
           agent.command_line.args << '--test'
           agent.run
         }.to exit_with(2)
-         .and output(%r{Notice: /Stage\[main\]/Main/Notify\[deferred\]/message: defined 'message' as '1:2:3'}).to_stdout
+         .and output(%r{Notice: /Stage\[main\]/Main/Notify\[deferred4x\]/message: defined 'message' as '1:2:3'}).to_stdout
+      end
+    end
+
+    it "calls a deferred 3x function" do
+      catalog_handler = -> (req, res) {
+        catalog = compile_to_catalog(<<-MANIFEST, node)
+          notify { 'deferred3x':
+            message => Deferred('sprintf', ['%s', 'I am deferred'])
+          }
+        MANIFEST
+
+        res.body = formatter.render(catalog)
+        res['Content-Type'] = formatter.mime
+      }
+
+      server.start_server(mounts: {catalog: catalog_handler}) do |port|
+        Puppet[:serverport] = port
+        expect {
+          agent.command_line.args << '--test'
+          agent.run
+        }.to exit_with(2)
+         .and output(%r{Notice: /Stage\[main\]/Main/Notify\[deferred3x\]/message: defined 'message' as 'I am deferred'}).to_stdout
+      end
+    end
+
+    it "re-evaluates a deferred function in a cached catalog" do
+      Puppet[:report] = false
+      Puppet[:use_cached_catalog] = true
+      Puppet[:usecacheonfailure] = false
+
+      catalog_dir = File.join(Puppet[:client_datadir], 'catalog')
+      Puppet::FileSystem.mkpath(catalog_dir)
+      cached_catalog_path = "#{File.join(catalog_dir, Puppet[:certname])}.json"
+
+      # our catalog contains a deferred function that calls `binary_file`
+      # to read `source`. The function returns a Binary object, whose
+      # base64 value is printed to stdout
+      source = tmpfile('deferred_source')
+      catalog = File.read(my_fixture('cached_deferred_catalog.json'))
+      catalog.gsub!('__SOURCE_PATH__', source)
+      File.write(cached_catalog_path, catalog)
+
+      # verify we get a different result each time the deferred function
+      # is evaluated, and reads `source`.
+      {
+        '1234' => 'MTIzNA==',
+        '5678' => 'NTY3OA=='
+      }.each_pair do |content, base64|
+        File.write(source, content)
+
+        expect {
+          agent.command_line.args << '-t'
+          agent.run
+
+        }.to exit_with(2)
+         .and output(/Notice: #{base64}/).to_stdout
+
+        # reset state so we can run again
+        Puppet::Application.clear!
       end
     end
 
@@ -476,4 +535,102 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
       th.kill # kill thread so we don't wait too much
     end
   end
+
+  context 'cached catalogs' do
+    it 'falls back to a cached catalog' do
+      catalog_handler = -> (req, res) {
+        catalog = compile_to_catalog(<<-MANIFEST, node)
+          notify { 'a message': }
+        MANIFEST
+
+        res.body = formatter.render(catalog)
+        res['Content-Type'] = formatter.mime
+      }
+
+      server.start_server(mounts: {catalog: catalog_handler}) do |port|
+        Puppet[:serverport] = port
+        expect {
+          agent.command_line.args << '--test'
+          agent.run
+        }.to exit_with(2)
+         .and output(%r{Caching catalog for #{Puppet[:certname]}}).to_stdout
+      end
+
+      # reset state so we can run again
+      Puppet::Application.clear!
+
+      # --test above turns off `usecacheonfailure` so re-enable here
+      Puppet[:usecacheonfailure] = true
+
+      # run agent without server
+      expect {
+        agent.command_line.args << '--no-daemonize' << '--onetime' << '--server' << '127.0.0.1'
+        agent.run
+      }.to exit_with(2)
+       .and output(a_string_matching(
+         /Using cached catalog from environment 'production'/
+       ).and matching(
+         /Notify\[a message\]\/message:/
+       )).to_stdout
+       .and output(/the agent run will continue/).to_stderr
+    end
+
+    it 'preserves the old cached catalog if validation fails with the old one' do
+      catalog_handler = -> (req, res) {
+        catalog = compile_to_catalog(<<-MANIFEST, node)
+          exec { 'unqualified_command': }
+        MANIFEST
+
+        res.body = formatter.render(catalog)
+        res['Content-Type'] = formatter.mime
+      }
+
+      server.start_server(mounts: {catalog: catalog_handler}) do |port|
+        Puppet[:serverport] = port
+        expect {
+          agent.command_line.args << '--test'
+          agent.run
+        }.to exit_with(1)
+         .and output(/Using configured environment/).to_stdout
+         .and output(%r{Validation of Exec\[unqualified_command\] failed: 'unqualified_command' is not qualified and no path was specified}).to_stderr
+      end
+
+      # cached catalog should not be updated
+      cached_catalog = "#{File.join(Puppet[:client_datadir], 'catalog', Puppet[:certname])}.json"
+      expect(File).to_not be_exist(cached_catalog)
+    end
+  end
+
+  context "reporting" do
+    it "stores a finalized report" do
+      catalog_handler = -> (req, res) {
+        catalog = compile_to_catalog(<<-MANIFEST, node)
+        notify { 'foo':
+          require => Notify['bar']
+        }
+
+        notify { 'bar':
+          require => Notify['foo']
+        }
+        MANIFEST
+
+        res.body = formatter.render(catalog)
+        res['Content-Type'] = formatter.mime
+      }
+
+      server.start_server(mounts: {catalog: catalog_handler}) do |port|
+        Puppet[:serverport] = port
+        expect {
+          agent.command_line.args << '--test'
+          agent.run
+        }.to exit_with(1)
+         .and output(%r{Applying configuration}).to_stdout
+         .and output(%r{Found 1 dependency cycle}).to_stderr
+
+        report = Puppet::Transaction::Report.convert_from(:yaml, File.read(Puppet[:lastrunreport]))
+        expect(report.status).to eq("failed")
+        expect(report.metrics).to_not be_empty
+      end
+    end
+  end
 end

data/spec/integration/application/apply_spec.rb

@@ -663,4 +663,23 @@ class amod::bad_type {
       end
     end
   end
+
+  context 'rich data' do
+    it "calls a deferred 4x function" do
+      apply.command_line.args = ['-e', 'notify { "deferred3x": message => Deferred("join", [[1,2,3], ":"]) }']
+
+      expect {
+        apply.run
+      }.to exit_with(0) # for some reason apply returns 0 instead of 2
+       .and output(%r{Notice: /Stage\[main\]/Main/Notify\[deferred3x\]/message: defined 'message' as '1:2:3'}).to_stdout
+    end
+
+    it "calls a deferred 3x function" do
+      apply.command_line.args = ['-e', 'notify { "deferred4x": message => Deferred("sprintf", ["%s", "I am deferred"]) }']
+      expect {
+        apply.run
+      }.to exit_with(0) # for some reason apply returns 0 instead of 2
+       .and output(%r{Notice: /Stage\[main\]/Main/Notify\[deferred4x\]/message: defined 'message' as 'I am deferred'}).to_stdout
+    end
+  end
 end

data/spec/integration/application/plugin_spec.rb

@@ -2,7 +2,7 @@ require 'spec_helper'
 require 'puppet/face'
 require 'puppet_spec/puppetserver'
 
-describe "puppet plugin" do
+describe "puppet plugin", unless: Puppet::Util::Platform.jruby? do
   include_context "https client"
 
   let(:server) { PuppetSpec::Puppetserver.new }

data/spec/integration/defaults_spec.rb

@@ -36,13 +36,6 @@ describe "Puppet defaults" do
     end
   end
 
-  describe "when setting the :serverport" do
-    it "should also set the :masterport to the same value" do
-      Puppet.settings[:serverport] = 9000
-      expect(Puppet.settings[:masterport]).to eq(9000)
-    end
-  end
-
   describe "when setting the :factpath" do
     it "should add the :factpath to Facter's search paths" do
       expect(Facter).to receive(:search).with("/my/fact/path")

data/spec/integration/environments/setting_hooks_spec.rb

@@ -12,7 +12,7 @@ describe "setting hooks" do
     end
 
     it "accesses correct directory environment settings after initializing a setting with an on_write hook" do
-      expect(Puppet.settings.setting(:certname).call_hook).to eq(:on_write_only) 
+      expect(Puppet.settings.setting(:strict).call_hook).to eq(:on_write_only)
 
       File.open(File.join(confdir, "puppet.conf"), "w:UTF-8") do |f|
         f.puts("environmentpath=#{environmentpath}")

data/spec/integration/http/client_spec.rb

@@ -151,4 +151,16 @@ describe Puppet::HTTP::Client, unless: Puppet::Util::Platform.jruby? do
       end
     end
   end
+
+  context 'ciphersuites' do
+    it "does not connect when using an SSLv3 ciphersuite", :if => Puppet::Util::Package.versioncmp(OpenSSL::OPENSSL_LIBRARY_VERSION.split[1], '1.1.1e') > 0 do
+      Puppet[:ciphers] = "DES-CBC3-SHA"
+
+      https_server.start_server do |port|
+        expect {
+          client.get(URI("https://127.0.0.1:#{port}"), options: {ssl_context: root_context})
+        }.to raise_error(Puppet::HTTP::ConnectionError, /no cipher match|sslv3 alert handshake failure/)
+      end
+    end
+  end
 end