RubyGems - puppet - Versions diffs - 6.19.0 → 7.3.0 - Mend

puppet 6.19.0 → 7.3.0

Potentially problematic release.

This version of puppet might be problematic. Click here for more details.

Files changed (513) hide show

checksums.yaml +4 -4
data/CODEOWNERS +2 -16
data/Gemfile +3 -4
data/Gemfile.lock +33 -28
data/README.md +1 -1
data/conf/fileserver.conf +5 -10
data/ext/build_defaults.yaml +1 -1
data/ext/osx/file_mapping.yaml +0 -5
data/ext/project_data.yaml +2 -14
data/ext/redhat/puppet.spec.erb +0 -1
data/ext/windows/service/daemon.rb +6 -5
data/install.rb +21 -17
data/lib/puppet.rb +11 -20
data/lib/puppet/application.rb +182 -104
data/lib/puppet/application/agent.rb +1 -0
data/lib/puppet/application/apply.rb +3 -2
data/lib/puppet/application/device.rb +101 -104
data/lib/puppet/application/filebucket.rb +15 -11
data/lib/puppet/application/script.rb +1 -0
data/lib/puppet/application/ssl.rb +1 -1
data/lib/puppet/application_support.rb +7 -0
data/lib/puppet/configurer.rb +44 -36
data/lib/puppet/configurer/plugin_handler.rb +21 -19
data/lib/puppet/defaults.rb +71 -170
data/lib/puppet/environments.rb +44 -75
data/lib/puppet/face/config.rb +10 -0
data/lib/puppet/face/epp.rb +12 -2
data/lib/puppet/face/facts.rb +80 -6
data/lib/puppet/face/help.rb +1 -1
data/lib/puppet/face/node/clean.rb +8 -0
data/lib/puppet/face/plugin.rb +5 -8
data/lib/puppet/ffi/posix.rb +10 -0
data/lib/puppet/ffi/posix/constants.rb +14 -0
data/lib/puppet/ffi/posix/functions.rb +24 -0
data/lib/puppet/ffi/windows.rb +12 -0
data/lib/puppet/ffi/windows/api_types.rb +311 -0
data/lib/puppet/ffi/windows/constants.rb +404 -0
data/lib/puppet/ffi/windows/functions.rb +628 -0
data/lib/puppet/ffi/windows/structs.rb +338 -0
data/lib/puppet/file_serving/configuration.rb +0 -5
data/lib/puppet/file_serving/configuration/parser.rb +6 -32
data/lib/puppet/file_serving/http_metadata.rb +1 -1
data/lib/puppet/file_serving/mount.rb +1 -2
data/lib/puppet/forge/repository.rb +0 -1
data/lib/puppet/functions/epp.rb +1 -0
data/lib/puppet/functions/inline_epp.rb +1 -0
data/lib/puppet/generate/models/type/type.rb +4 -1
data/lib/puppet/http.rb +22 -13
data/lib/puppet/http/client.rb +164 -114
data/lib/puppet/{network/resolver.rb → http/dns.rb} +2 -2
data/lib/puppet/http/errors.rb +16 -0
data/lib/puppet/http/external_client.rb +5 -7
data/lib/puppet/{network/http → http}/factory.rb +8 -11
data/lib/puppet/{network/http → http}/pool.rb +61 -26
data/lib/puppet/{network/http/session.rb → http/pool_entry.rb} +2 -3
data/lib/puppet/http/proxy.rb +137 -0
data/lib/puppet/http/redirector.rb +4 -12
data/lib/puppet/http/resolver.rb +5 -15
data/lib/puppet/http/resolver/server_list.rb +6 -10
data/lib/puppet/http/resolver/settings.rb +4 -7
data/lib/puppet/http/resolver/srv.rb +7 -11
data/lib/puppet/http/response.rb +36 -54
data/lib/puppet/http/response_converter.rb +24 -0
data/lib/puppet/http/response_net_http.rb +42 -0
data/lib/puppet/http/retry_after_handler.rb +4 -13
data/lib/puppet/http/service.rb +12 -26
data/lib/puppet/http/service/ca.rb +11 -22
data/lib/puppet/http/service/compiler.rb +22 -69
data/lib/puppet/http/service/file_server.rb +18 -27
data/lib/puppet/http/service/puppetserver.rb +26 -12
data/lib/puppet/http/service/report.rb +8 -10
data/lib/puppet/http/session.rb +11 -20
data/lib/puppet/{network/http → http}/site.rb +1 -2
data/lib/puppet/indirector/catalog/rest.rb +2 -4
data/lib/puppet/indirector/fact_search.rb +60 -0
data/lib/puppet/indirector/facts/facter.rb +24 -3
data/lib/puppet/indirector/facts/json.rb +27 -0
data/lib/puppet/indirector/facts/rest.rb +3 -22
data/lib/puppet/indirector/facts/yaml.rb +3 -58
data/lib/puppet/indirector/file_bucket_file/rest.rb +3 -9
data/lib/puppet/indirector/file_content/rest.rb +2 -6
data/lib/puppet/indirector/file_metadata/rest.rb +3 -9
data/lib/puppet/indirector/file_server.rb +1 -8
data/lib/puppet/indirector/generic_http.rb +0 -11
data/lib/puppet/indirector/json.rb +5 -1
data/lib/puppet/indirector/node/json.rb +8 -0
data/lib/puppet/indirector/node/rest.rb +2 -4
data/lib/puppet/indirector/report/json.rb +34 -0
data/lib/puppet/indirector/report/rest.rb +3 -8
data/lib/puppet/indirector/request.rb +0 -101
data/lib/puppet/indirector/rest.rb +12 -263
data/lib/puppet/module_tool/applications.rb +0 -1
data/lib/puppet/module_tool/applications/installer.rb +48 -2
data/lib/puppet/module_tool/errors/shared.rb +17 -2
data/lib/puppet/network/authconfig.rb +2 -96
data/lib/puppet/network/authorization.rb +13 -35
data/lib/puppet/network/formats.rb +69 -1
data/lib/puppet/network/http.rb +3 -3
data/lib/puppet/network/http/api/indirected_routes.rb +2 -20
data/lib/puppet/network/http/api/master/v3.rb +11 -13
data/lib/puppet/network/http/connection.rb +247 -316
data/lib/puppet/network/http/handler.rb +0 -1
data/lib/puppet/network/http_pool.rb +16 -34
data/lib/puppet/node.rb +1 -30
data/lib/puppet/pal/json_catalog_encoder.rb +4 -0
data/lib/puppet/pal/pal_impl.rb +73 -18
data/lib/puppet/parser/ast/leaf.rb +3 -2
data/lib/puppet/parser/ast/pops_bridge.rb +0 -38
data/lib/puppet/parser/compiler.rb +0 -198
data/lib/puppet/parser/compiler/catalog_validator/relationship_validator.rb +14 -39
data/lib/puppet/parser/resource.rb +0 -69
data/lib/puppet/parser/templatewrapper.rb +1 -1
data/lib/puppet/pops/evaluator/deferred_resolver.rb +5 -3
data/lib/puppet/pops/evaluator/evaluator_impl.rb +22 -8
data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +3 -3
data/lib/puppet/pops/evaluator/runtime3_support.rb +1 -1
data/lib/puppet/pops/issues.rb +0 -5
data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +6 -8
data/lib/puppet/pops/model/ast.pp +0 -42
data/lib/puppet/pops/model/ast.rb +0 -290
data/lib/puppet/pops/model/ast_transformer.rb +1 -1
data/lib/puppet/pops/model/factory.rb +0 -45
data/lib/puppet/pops/model/model_label_provider.rb +0 -5
data/lib/puppet/pops/model/model_tree_dumper.rb +0 -22
data/lib/puppet/pops/model/pn_transformer.rb +0 -16
data/lib/puppet/pops/parser/egrammar.ra +0 -56
data/lib/puppet/pops/parser/eparser.rb +1520 -1712
data/lib/puppet/pops/parser/lexer2.rb +4 -4
data/lib/puppet/pops/parser/parser_support.rb +0 -5
data/lib/puppet/pops/resource/resource_type_impl.rb +2 -24
data/lib/puppet/pops/types/type_calculator.rb +0 -7
data/lib/puppet/pops/types/type_parser.rb +0 -4
data/lib/puppet/pops/types/types.rb +0 -1
data/lib/puppet/pops/validation/checker4_0.rb +9 -37
data/lib/puppet/pops/validation/tasks_checker.rb +0 -12
data/lib/puppet/pops/validation/validator_factory_4_0.rb +1 -2
data/lib/puppet/provider.rb +0 -13
data/lib/puppet/provider/nameservice.rb +0 -18
data/lib/puppet/provider/package/apt.rb +4 -0
data/lib/puppet/provider/package/dpkg.rb +0 -10
data/lib/puppet/provider/package/gem.rb +23 -3
data/lib/puppet/provider/package/pip.rb +0 -1
data/lib/puppet/provider/package/pkg.rb +0 -4
data/lib/puppet/provider/package/portage.rb +1 -1
data/lib/puppet/provider/package/puppet_gem.rb +1 -4
data/lib/puppet/provider/service/smf.rb +191 -73
data/lib/puppet/provider/user/aix.rb +2 -2
data/lib/puppet/provider/user/directoryservice.rb +0 -10
data/lib/puppet/reference/configuration.rb +8 -5
data/lib/puppet/reference/indirection.rb +1 -1
data/lib/puppet/resource.rb +1 -89
data/lib/puppet/resource/catalog.rb +1 -14
data/lib/puppet/resource/type.rb +3 -119
data/lib/puppet/resource/type_collection.rb +3 -48
data/lib/puppet/runtime.rb +1 -2
data/lib/puppet/settings.rb +88 -48
data/lib/puppet/settings/alias_setting.rb +37 -0
data/lib/puppet/settings/base_setting.rb +26 -2
data/lib/puppet/settings/integer_setting.rb +17 -0
data/lib/puppet/settings/port_setting.rb +15 -0
data/lib/puppet/settings/priority_setting.rb +5 -4
data/lib/puppet/ssl.rb +10 -6
data/lib/puppet/ssl/base.rb +3 -5
data/lib/puppet/ssl/certificate.rb +0 -6
data/lib/puppet/ssl/certificate_request.rb +1 -12
data/lib/puppet/ssl/certificate_signer.rb +6 -0
data/lib/puppet/ssl/oids.rb +3 -1
data/lib/puppet/ssl/ssl_provider.rb +17 -0
data/lib/puppet/ssl/state_machine.rb +3 -1
data/lib/puppet/ssl/verifier.rb +2 -0
data/lib/puppet/test/test_helper.rb +1 -3
data/lib/puppet/transaction.rb +1 -7
data/lib/puppet/transaction/report.rb +2 -4
data/lib/puppet/type.rb +0 -76
data/lib/puppet/type/file.rb +5 -7
data/lib/puppet/type/file/checksum.rb +1 -1
data/lib/puppet/type/file/source.rb +1 -1
data/lib/puppet/type/filebucket.rb +3 -3
data/lib/puppet/type/package.rb +5 -13
data/lib/puppet/type/user.rb +1 -1
data/lib/puppet/util/autoload.rb +1 -8
data/lib/puppet/util/execution.rb +0 -11
data/lib/puppet/util/http_proxy.rb +2 -215
data/lib/puppet/util/monkey_patches.rb +0 -46
data/lib/puppet/util/posix.rb +54 -5
data/lib/puppet/util/rdoc.rb +0 -7
data/lib/puppet/util/retry_action.rb +1 -1
data/lib/puppet/util/rubygems.rb +5 -1
data/lib/puppet/util/run_mode.rb +9 -1
data/lib/puppet/util/windows.rb +3 -8
data/lib/puppet/util/windows/daemon.rb +360 -0
data/lib/puppet/util/windows/error.rb +1 -0
data/lib/puppet/util/windows/eventlog.rb +4 -9
data/lib/puppet/util/windows/file.rb +8 -242
data/lib/puppet/util/windows/monkey_patches/process.rb +414 -0
data/lib/puppet/util/windows/process.rb +4 -226
data/lib/puppet/util/windows/service.rb +9 -460
data/lib/puppet/util/windows/string.rb +12 -13
data/lib/puppet/util/yaml.rb +0 -22
data/lib/puppet/vendor/require_vendored.rb +0 -1
data/lib/puppet/version.rb +1 -1
data/lib/puppet/x509.rb +5 -1
data/lib/puppet/x509/cert_provider.rb +29 -1
data/locales/puppet.pot +629 -1314
data/man/man5/puppet.conf.5 +39 -99
data/man/man8/puppet-agent.8 +2 -2
data/man/man8/puppet-apply.8 +2 -2
data/man/man8/puppet-catalog.8 +1 -1
data/man/man8/puppet-config.8 +1 -1
data/man/man8/puppet-describe.8 +1 -1
data/man/man8/puppet-device.8 +2 -2
data/man/man8/puppet-doc.8 +1 -1
data/man/man8/puppet-epp.8 +1 -1
data/man/man8/puppet-facts.8 +58 -9
data/man/man8/puppet-filebucket.8 +6 -6
data/man/man8/puppet-generate.8 +1 -1
data/man/man8/puppet-help.8 +1 -1
data/man/man8/puppet-lookup.8 +1 -1
data/man/man8/puppet-module.8 +1 -58
data/man/man8/puppet-node.8 +4 -1
data/man/man8/puppet-parser.8 +1 -1
data/man/man8/puppet-plugin.8 +1 -1
data/man/man8/puppet-report.8 +4 -1
data/man/man8/puppet-resource.8 +1 -1
data/man/man8/puppet-script.8 +2 -2
data/man/man8/puppet-ssl.8 +1 -1
data/man/man8/puppet.8 +2 -2
data/spec/fixtures/integration/application/agent/cached_deferred_catalog.json +91 -0
data/spec/fixtures/unit/provider/service/smf/{svcs.out → svcs_instances.out} +0 -0
data/spec/fixtures/unit/provider/user/aix/aix_passwd_file.out +4 -0
data/spec/integration/application/agent_spec.rb +151 -14
data/spec/integration/application/apply_spec.rb +20 -1
data/spec/integration/application/filebucket_spec.rb +16 -16
data/spec/integration/application/help_spec.rb +2 -0
data/spec/integration/application/plugin_spec.rb +23 -1
data/spec/integration/defaults_spec.rb +7 -10
data/spec/integration/environments/setting_hooks_spec.rb +1 -1
data/spec/integration/indirector/file_content/file_server_spec.rb +0 -2
data/spec/integration/indirector/file_metadata/file_server_spec.rb +0 -2
data/spec/integration/network/http_pool_spec.rb +3 -21
data/spec/integration/parser/catalog_spec.rb +0 -38
data/spec/integration/parser/node_spec.rb +0 -9
data/spec/integration/parser/pcore_resource_spec.rb +0 -37
data/spec/integration/resource/type_collection_spec.rb +2 -6
data/spec/integration/transaction_spec.rb +4 -9
data/spec/integration/type/file_spec.rb +5 -4
data/spec/integration/util/windows/adsi_spec.rb +3 -1
data/spec/integration/util/windows/monkey_patches/process_spec.rb +231 -0
data/spec/integration/util/windows/registry_spec.rb +0 -10
data/spec/integration/util/windows/security_spec.rb +1 -1
data/spec/lib/puppet_spec/puppetserver.rb +1 -1
data/spec/lib/puppet_spec/settings.rb +7 -1
data/spec/spec_helper.rb +3 -4
data/spec/unit/agent_spec.rb +8 -8
data/spec/unit/application/agent_spec.rb +0 -1
data/spec/unit/application/config_spec.rb +224 -4
data/spec/unit/application/facts_spec.rb +35 -0
data/spec/unit/application/filebucket_spec.rb +41 -41
data/spec/unit/application/ssl_spec.rb +2 -2
data/spec/unit/application_spec.rb +51 -9
data/spec/unit/certificate_factory_spec.rb +1 -1
data/spec/unit/configurer/downloader_spec.rb +6 -2
data/spec/unit/configurer/plugin_handler_spec.rb +56 -18
data/spec/unit/configurer_spec.rb +12 -9
data/spec/unit/confine/feature_spec.rb +1 -1
data/spec/unit/confine_spec.rb +8 -2
data/spec/unit/context/trusted_information_spec.rb +2 -6
data/spec/unit/defaults_spec.rb +26 -32
data/spec/unit/environments_spec.rb +96 -22
data/spec/unit/face/config_spec.rb +27 -32
data/spec/unit/face/facts_spec.rb +4 -0
data/spec/unit/face/node_spec.rb +14 -13
data/spec/unit/face/plugin_spec.rb +73 -33
data/spec/unit/file_bucket/file_spec.rb +1 -1
data/spec/unit/file_serving/configuration/parser_spec.rb +22 -19
data/spec/unit/file_serving/configuration_spec.rb +6 -12
data/spec/unit/file_serving/metadata_spec.rb +3 -3
data/spec/unit/file_serving/terminus_helper_spec.rb +11 -4
data/spec/unit/forge/module_release_spec.rb +2 -7
data/spec/unit/functions/camelcase_spec.rb +1 -1
data/spec/unit/functions/capitalize_spec.rb +1 -1
data/spec/unit/functions/downcase_spec.rb +1 -1
data/spec/unit/functions/inline_epp_spec.rb +26 -1
data/spec/unit/functions/upcase_spec.rb +1 -1
data/spec/unit/http/client_spec.rb +7 -8
data/spec/unit/{network/resolver_spec.rb → http/dns_spec.rb} +3 -3
data/spec/unit/http/external_client_spec.rb +4 -4
data/spec/unit/{network/http → http}/factory_spec.rb +5 -11
data/spec/unit/{network/http/session_spec.rb → http/pool_entry_spec.rb} +3 -3
data/spec/unit/{network/http → http}/pool_spec.rb +12 -17
data/spec/unit/{util/http_proxy_spec.rb → http/proxy_spec.rb} +2 -69
data/spec/unit/http/resolver_spec.rb +13 -13
data/spec/unit/http/service/compiler_spec.rb +49 -62
data/spec/unit/http/service/file_server_spec.rb +3 -3
data/spec/unit/http/service/puppetserver_spec.rb +34 -4
data/spec/unit/http/service_spec.rb +1 -2
data/spec/unit/http/session_spec.rb +16 -14
data/spec/unit/{network/http → http}/site_spec.rb +3 -3
data/spec/unit/indirector/face_spec.rb +0 -1
data/spec/unit/indirector/facts/facter_spec.rb +104 -1
data/spec/unit/indirector/facts/json_spec.rb +255 -0
data/spec/unit/indirector/file_bucket_file/file_spec.rb +5 -3
data/spec/unit/indirector/file_bucket_file/selector_spec.rb +26 -8
data/spec/unit/indirector/file_content/rest_spec.rb +0 -4
data/spec/unit/indirector/file_metadata/rest_spec.rb +0 -4
data/spec/unit/indirector/file_server_spec.rb +1 -15
data/spec/unit/indirector/indirection_spec.rb +8 -12
data/spec/unit/indirector/node/json_spec.rb +33 -0
data/spec/{integration/indirector/report/yaml.rb → unit/indirector/report/json_spec.rb} +13 -24
data/spec/unit/indirector/report/rest_spec.rb +2 -17
data/spec/unit/indirector/report/yaml_spec.rb +72 -8
data/spec/unit/indirector/request_spec.rb +0 -264
data/spec/unit/indirector/rest_spec.rb +98 -752
data/spec/unit/indirector_spec.rb +2 -2
data/spec/unit/module_tool/applications/installer_spec.rb +66 -0
data/spec/unit/network/authconfig_spec.rb +2 -132
data/spec/unit/network/authorization_spec.rb +2 -55
data/spec/unit/network/formats_spec.rb +45 -4
data/spec/unit/network/http/api/indirected_routes_spec.rb +1 -101
data/spec/unit/network/http/api/master/v3_spec.rb +28 -7
data/spec/unit/network/http/api_spec.rb +10 -0
data/spec/unit/network/http/connection_spec.rb +19 -41
data/spec/unit/network/http/handler_spec.rb +0 -6
data/spec/unit/network/http_pool_spec.rb +0 -4
data/spec/unit/node/environment_spec.rb +33 -21
data/spec/unit/node_spec.rb +2 -54
data/spec/unit/parser/compiler_spec.rb +3 -19
data/spec/unit/parser/functions/create_resources_spec.rb +2 -20
data/spec/unit/parser/resource_spec.rb +14 -8
data/spec/unit/parser/templatewrapper_spec.rb +4 -3
data/spec/unit/pops/evaluator/deferred_resolver_spec.rb +20 -0
data/spec/unit/pops/evaluator/evaluating_parser_spec.rb +4 -7
data/spec/unit/pops/loaders/loaders_spec.rb +6 -21
data/spec/unit/pops/parser/parse_application_spec.rb +4 -22
data/spec/unit/pops/parser/parse_basic_expressions_spec.rb +0 -1
data/spec/unit/pops/parser/parse_capabilities_spec.rb +8 -21
data/spec/unit/pops/parser/parse_site_spec.rb +20 -24
data/spec/unit/pops/resource/resource_type_impl_spec.rb +0 -71
data/spec/unit/pops/serialization/to_from_hr_spec.rb +1 -1
data/spec/unit/pops/types/type_calculator_spec.rb +6 -6
data/spec/unit/pops/types/type_factory_spec.rb +1 -1
data/spec/unit/pops/validator/validator_spec.rb +61 -46
data/spec/unit/pops/visitor_spec.rb +1 -1
data/spec/unit/property_spec.rb +1 -0
data/spec/unit/provider/nameservice_spec.rb +66 -122
data/spec/unit/provider/package/apt_spec.rb +4 -8
data/spec/unit/provider/package/base_spec.rb +6 -5
data/spec/unit/provider/package/dpkg_spec.rb +0 -48
data/spec/unit/provider/package/gem_spec.rb +32 -0
data/spec/unit/provider/package/pacman_spec.rb +18 -12
data/spec/unit/provider/package/pip_spec.rb +6 -11
data/spec/unit/provider/package/pkgdmg_spec.rb +0 -4
data/spec/unit/provider/package/puppet_gem_spec.rb +3 -2
data/spec/unit/provider/service/smf_spec.rb +401 -165
data/spec/unit/provider/service/windows_spec.rb +0 -1
data/spec/unit/provider/user/aix_spec.rb +5 -0
data/spec/unit/provider/user/hpux_spec.rb +1 -1
data/spec/unit/provider/user/pw_spec.rb +2 -0
data/spec/unit/provider/user/useradd_spec.rb +1 -0
data/spec/unit/provider_spec.rb +6 -20
data/spec/unit/puppet_pal_catalog_spec.rb +45 -0
data/spec/unit/resource/type_collection_spec.rb +2 -22
data/spec/unit/resource/type_spec.rb +1 -1
data/spec/unit/resource_spec.rb +11 -66
data/spec/unit/settings/http_extra_headers_spec.rb +2 -4
data/spec/unit/settings/integer_setting_spec.rb +42 -0
data/spec/unit/settings/port_setting_spec.rb +31 -0
data/spec/unit/settings/priority_setting_spec.rb +4 -4
data/spec/unit/settings_spec.rb +560 -228
data/spec/unit/ssl/base_spec.rb +36 -4
data/spec/unit/ssl/certificate_request_spec.rb +15 -45
data/spec/unit/ssl/certificate_spec.rb +2 -11
data/spec/unit/ssl/ssl_provider_spec.rb +14 -8
data/spec/unit/ssl/state_machine_spec.rb +0 -1
data/spec/unit/ssl/verifier_spec.rb +0 -21
data/spec/unit/transaction/additional_resource_generator_spec.rb +3 -7
data/spec/unit/transaction/event_manager_spec.rb +14 -11
data/spec/unit/transaction/report_spec.rb +0 -2
data/spec/unit/transaction/resource_harness_spec.rb +2 -2
data/spec/unit/transaction_spec.rb +57 -82
data/spec/unit/type/file/checksum_spec.rb +6 -6
data/spec/unit/type/file/content_spec.rb +1 -2
data/spec/unit/type/file/ensure_spec.rb +1 -1
data/spec/unit/type/file/mode_spec.rb +1 -1
data/spec/unit/type/file/selinux_spec.rb +0 -2
data/spec/unit/type/file/source_spec.rb +0 -1
data/spec/unit/type/file_spec.rb +12 -12
data/spec/unit/type/group_spec.rb +13 -6
data/spec/unit/type/package_spec.rb +1 -1
data/spec/unit/type/resources_spec.rb +7 -7
data/spec/unit/type/service_spec.rb +1 -1
data/spec/unit/type/tidy_spec.rb +0 -1
data/spec/unit/type_spec.rb +22 -2
data/spec/unit/util/at_fork_spec.rb +2 -2
data/spec/unit/util/autoload_spec.rb +5 -1
data/spec/unit/util/backups_spec.rb +1 -4
data/spec/unit/util/execution_spec.rb +15 -40
data/spec/unit/util/inifile_spec.rb +6 -14
data/spec/unit/util/log_spec.rb +8 -7
data/spec/unit/util/logging_spec.rb +3 -3
data/spec/unit/util/monkey_patches_spec.rb +0 -6
data/spec/unit/util/posix_spec.rb +363 -15
data/spec/unit/util/rubygems_spec.rb +2 -2
data/spec/unit/util/run_mode_spec.rb +21 -121
data/spec/unit/util/selinux_spec.rb +76 -52
data/spec/unit/util/storage_spec.rb +3 -1
data/spec/unit/util/suidmanager_spec.rb +44 -41
data/spec/unit/util/windows/string_spec.rb +1 -3
data/spec/unit/util/yaml_spec.rb +0 -54
data/spec/unit/util_spec.rb +13 -24
metadata +66 -170
data/conf/auth.conf +0 -150
data/lib/puppet/application/cert.rb +0 -76
data/lib/puppet/application/key.rb +0 -4
data/lib/puppet/application/man.rb +0 -4
data/lib/puppet/application/status.rb +0 -4
data/lib/puppet/face/key.rb +0 -16
data/lib/puppet/face/man.rb +0 -145
data/lib/puppet/face/module/build.rb +0 -14
data/lib/puppet/face/module/generate.rb +0 -14
data/lib/puppet/face/module/search.rb +0 -103
data/lib/puppet/face/status.rb +0 -51
data/lib/puppet/indirector/certificate/file.rb +0 -9
data/lib/puppet/indirector/certificate/rest.rb +0 -18
data/lib/puppet/indirector/certificate_request/file.rb +0 -9
data/lib/puppet/indirector/certificate_request/memory.rb +0 -7
data/lib/puppet/indirector/certificate_request/rest.rb +0 -11
data/lib/puppet/indirector/file_content/http.rb +0 -22
data/lib/puppet/indirector/key/file.rb +0 -46
data/lib/puppet/indirector/key/memory.rb +0 -7
data/lib/puppet/indirector/ssl_file.rb +0 -162
data/lib/puppet/indirector/status.rb +0 -3
data/lib/puppet/indirector/status/local.rb +0 -12
data/lib/puppet/indirector/status/rest.rb +0 -27
data/lib/puppet/module_tool/applications/searcher.rb +0 -29
data/lib/puppet/network/auth_config_parser.rb +0 -90
data/lib/puppet/network/authstore.rb +0 -283
data/lib/puppet/network/http/api/master/v3/authorization.rb +0 -18
data/lib/puppet/network/http/api/master/v3/environment.rb +0 -88
data/lib/puppet/network/http/base_pool.rb +0 -36
data/lib/puppet/network/http/compression.rb +0 -127
data/lib/puppet/network/http/connection_adapter.rb +0 -184
data/lib/puppet/network/http/nocache_pool.rb +0 -28
data/lib/puppet/network/rest_controller.rb +0 -2
data/lib/puppet/network/rights.rb +0 -210
data/lib/puppet/parser/compiler/catalog_validator/env_relationship_validator.rb +0 -66
data/lib/puppet/parser/compiler/catalog_validator/site_validator.rb +0 -22
data/lib/puppet/parser/environment_compiler.rb +0 -202
data/lib/puppet/pops/types/enumeration.rb +0 -16
data/lib/puppet/resource/capability_finder.rb +0 -154
data/lib/puppet/rest/errors.rb +0 -15
data/lib/puppet/rest/response.rb +0 -35
data/lib/puppet/rest/route.rb +0 -85
data/lib/puppet/rest/routes.rb +0 -135
data/lib/puppet/ssl/host.rb +0 -505
data/lib/puppet/ssl/key.rb +0 -61
data/lib/puppet/ssl/validator.rb +0 -61
data/lib/puppet/ssl/validator/default_validator.rb +0 -209
data/lib/puppet/ssl/validator/no_validator.rb +0 -22
data/lib/puppet/ssl/verifier_adapter.rb +0 -58
data/lib/puppet/status.rb +0 -40
data/lib/puppet/util/connection.rb +0 -88
data/lib/puppet/util/ssl.rb +0 -83
data/lib/puppet/util/windows/api_types.rb +0 -309
data/lib/puppet/util/windows/monkey_patches/dir.rb +0 -40
data/lib/puppet/vendor/load_pathspec.rb +0 -1
data/lib/puppet/vendor/pathspec/CHANGELOG.md +0 -2
data/lib/puppet/vendor/pathspec/LICENSE +0 -201
data/lib/puppet/vendor/pathspec/PUPPET_README.md +0 -6
data/lib/puppet/vendor/pathspec/README.md +0 -53
data/lib/puppet/vendor/pathspec/lib/pathspec.rb +0 -122
data/lib/puppet/vendor/pathspec/lib/pathspec/gitignorespec.rb +0 -275
data/lib/puppet/vendor/pathspec/lib/pathspec/regexspec.rb +0 -17
data/lib/puppet/vendor/pathspec/lib/pathspec/spec.rb +0 -14
data/man/man8/puppet-key.8 +0 -126
data/man/man8/puppet-man.8 +0 -76
data/man/man8/puppet-status.8 +0 -108
data/spec/integration/application/config_spec.rb +0 -74
data/spec/integration/network/authconfig_spec.rb +0 -256
data/spec/integration/util/windows/monkey_patches/dir_spec.rb +0 -11
data/spec/unit/application/man_spec.rb +0 -52
data/spec/unit/capability_spec.rb +0 -414
data/spec/unit/face/catalog_spec.rb +0 -6
data/spec/unit/face/key_spec.rb +0 -9
data/spec/unit/face/module/search_spec.rb +0 -231
data/spec/unit/face/module_spec.rb +0 -3
data/spec/unit/face/status_spec.rb +0 -9
data/spec/unit/indirector/certificate/file_spec.rb +0 -14
data/spec/unit/indirector/certificate/rest_spec.rb +0 -61
data/spec/unit/indirector/certificate_request/file_spec.rb +0 -14
data/spec/unit/indirector/certificate_request/rest_spec.rb +0 -25
data/spec/unit/indirector/key/file_spec.rb +0 -79
data/spec/unit/indirector/ssl_file_spec.rb +0 -305
data/spec/unit/indirector/status/local_spec.rb +0 -10
data/spec/unit/indirector/status/rest_spec.rb +0 -50
data/spec/unit/module_tool/applications/searcher_spec.rb +0 -38
data/spec/unit/network/auth_config_parser_spec.rb +0 -115
data/spec/unit/network/authstore_spec.rb +0 -422
data/spec/unit/network/http/api/master/v3/authorization_spec.rb +0 -57
data/spec/unit/network/http/api/master/v3/environment_spec.rb +0 -185
data/spec/unit/network/http/compression_spec.rb +0 -240
data/spec/unit/network/http/nocache_pool_spec.rb +0 -64
data/spec/unit/network/http_spec.rb +0 -9
data/spec/unit/network/rights_spec.rb +0 -439
data/spec/unit/parser/environment_compiler_spec.rb +0 -730
data/spec/unit/pops/types/enumeration_spec.rb +0 -51
data/spec/unit/resource/capability_finder_spec.rb +0 -143
data/spec/unit/rest/route_spec.rb +0 -132
data/spec/unit/ssl/host_spec.rb +0 -650
data/spec/unit/ssl/key_spec.rb +0 -173
data/spec/unit/ssl/validator_spec.rb +0 -278
data/spec/unit/status_spec.rb +0 -45
data/spec/unit/util/ssl_spec.rb +0 -91

data/lib/puppet/configurer/plugin_handler.rb CHANGED

@@ -29,25 +29,27 @@ class Puppet::Configurer::PluginHandler
     result += plugin_fact_downloader.evaluate
     result += plugin_downloader.evaluate
-    # until file metadata/content are using the rest client, we need to check
-    # both :server_agent_version and the session to see if the server supports
-    # the "locales" mount
-    server_agent_version = Puppet.lookup(:server_agent_version) { "0.0" }
-    locales = Gem::Version.new(server_agent_version) >= SUPPORTED_LOCALES_MOUNT_AGENT_VERSION
-    unless locales
-      session = Puppet.lookup(:http_session)
-      locales = session.supports?(:fileserver, 'locales') || session.supports?(:puppet, 'locales')
-    end
-    if locales
-      locales_downloader = Puppet::Configurer::Downloader.new(
-        "locales",
-        Puppet[:localedest],
-        Puppet[:localesource],
-        Puppet[:pluginsignore] + " *.pot config.yaml",
-        environment
-      )
-      result += locales_downloader.evaluate
+    unless Puppet[:disable_i18n]
+      # until file metadata/content are using the rest client, we need to check
+      # both :server_agent_version and the session to see if the server supports
+      # the "locales" mount
+      server_agent_version = Puppet.lookup(:server_agent_version) { "0.0" }
+      locales = Gem::Version.new(server_agent_version) >= SUPPORTED_LOCALES_MOUNT_AGENT_VERSION
+      unless locales
+        session = Puppet.lookup(:http_session)
+        locales = session.supports?(:fileserver, 'locales') || session.supports?(:puppet, 'locales')
+      end
+      if locales
+        locales_downloader = Puppet::Configurer::Downloader.new(
+          "locales",
+          Puppet[:localedest],
+          Puppet[:localesource],
+          Puppet[:pluginsignore] + " *.pot config.yaml",
+          environment
+        )
+        result += locales_downloader.evaluate
+      end
     end
     Puppet::Util::Autoload.reload_changed(Puppet.lookup(:current_environment))

data/lib/puppet/defaults.rb CHANGED

@@ -11,25 +11,41 @@ module Puppet
   end
   def self.default_digest_algorithm
-    Puppet::Util::Platform.fips_enabled? ? 'sha256' : 'md5'
+    'sha256'
   end
   def self.valid_digest_algorithms
     Puppet::Util::Platform.fips_enabled? ?
       %w[sha256 sha384 sha512 sha224] :
-      %w[md5 sha256 sha384 sha512 sha224]
+      %w[sha256 sha384 sha512 sha224 md5]
   end
   def self.default_file_checksum_types
     Puppet::Util::Platform.fips_enabled? ?
       %w[sha256 sha384 sha512 sha224] :
-      %w[md5 sha256 sha384 sha512 sha224]
+      %w[sha256 sha384 sha512 sha224 md5]
   end
   def self.valid_file_checksum_types
     Puppet::Util::Platform.fips_enabled? ?
       %w[sha256 sha256lite sha384 sha512 sha224 sha1 sha1lite mtime ctime] :
-      %w[md5 md5lite sha256 sha256lite sha384 sha512 sha224 sha1 sha1lite mtime ctime]
+      %w[sha256 sha256lite sha384 sha512 sha224 sha1 sha1lite md5 md5lite mtime ctime]
+  end
+  def self.default_cadir
+    return "" if Puppet::Util::Platform.windows?
+    old_ca_dir = "#{Puppet[:ssldir]}/ca"
+    new_ca_dir = "/etc/puppetlabs/puppetserver/ca"
+    if File.exist?(old_ca_dir)
+      if File.symlink?(old_ca_dir)
+        File.readlink(old_ca_dir)
+      else
+        old_ca_dir
+      end
+    else
+      new_ca_dir
+    end
   end
   def self.default_basemodulepath
@@ -70,28 +86,6 @@ module Puppet
   # @return void
   def self.initialize_default_settings!(settings)
     settings.define_settings(:main,
-      :facterng => {
-        :default => false,
-        :type    => :boolean,
-        :desc    => 'Whether to enable a pre-Facter 4.0 release of Facter (distributed as
-          the "facter-ng" gem). This is not necessary if Facter 3.x or later is installed.
-          This setting is still experimental.',
-        :hook    => proc do |value|
-          if value
-            begin
-              original_facter = Object.const_get(:Facter)
-              Object.send(:remove_const, :Facter)
-              require 'facter-ng'
-              # It is required to re-setup logger for facter-ng
-              Puppet::Util::Logging.setup_facter_logging!
-            rescue LoadError
-              Object.const_set(:Facter, original_facter)
-              raise ArgumentError, 'facter-ng could not be loaded'
-            end
-          end
-        end
-    },
     :confdir  => {
         :default  => nil,
         :type     => :directory,
@@ -218,7 +212,7 @@ module Puppet
       end
     },
     :disable_i18n => {
-      :default => false,
+      :default => true,
       :type    => :boolean,
       :desc    => "If true, turns off all translations of Puppet and module
         log messages, which affects error, warning, and info log messages,
@@ -263,13 +257,6 @@ module Puppet
         :type     => :boolean,
         :desc     => "Whether to enable experimental performance profiling",
     },
-    :future_features => {
-      :default => false,
-      :type => :boolean,
-      :desc => "Whether or not to enable all features currently being developed for future
-        major releases of Puppet. Should be used with caution, as in development
-        features are experimental and can have unexpected effects."
-    },
     :versioned_environment_dirs => {
       :default => false,
       :type => :boolean,
@@ -284,6 +271,11 @@ module Puppet
         which occurs only on a Puppet Server master when the `code-id-command` and
         `code-content-command` settings are configured in its `puppetserver.conf` file.",
     },
+    :settings_catalog => {
+      :default    => true,
+      :type       => :boolean,
+      :desc       => "Whether to compile and apply the settings catalog",
+    },
     :strict_environment_mode => {
       :default    => false,
       :type       => :boolean,
@@ -632,7 +624,7 @@ module Puppet
     :http_proxy_password =>{
       :default    => "none",
       :hook       => proc do |value|
-        if settings[:http_proxy_password] =~ /[@!# \/]/
+        if value =~ /[@!# \/]/
           raise "Passwords set in the http_proxy_password setting must be valid as part of a URL, and any reserved characters must be URL-encoded. We received: #{value}"
         end
       end,
@@ -706,9 +698,8 @@ Valid values are 0 (never cache) and 15 (15 second minimum wait time).
       A value of `0` will disable caching. This setting can also be set to
       `unlimited`, which will cache environments until the server is restarted
       or told to refresh the cache. All other values will result in Puppet
-      server evicting expired environments. The expiration time is computed
-      based on either when the environment was created or last accessed, see
-      `environment_timeout_mode`.
+      server evicting environments that haven't been used within the last
+      `environment_timeout` seconds.
       You should change this setting once your Puppet deployment is doing
       non-trivial work. We chose the default value of `0` because it lets new
@@ -721,32 +712,13 @@ Valid values are 0 (never cache) and 15 (15 second minimum wait time).
       * Setting this to a number that will keep your most actively used
         environments cached, but allow testing environments to fall out of the
         cache and reduce memory usage. A value of 3 minutes (3m) is a reasonable
-        value. This option requires setting `environment_timeout_mode` to
-        `from_last_used`.
+        value.
       Once you set `environment_timeout` to a non-zero value, you need to tell
       Puppet server to read new code from disk using the `environment-cache` API
       endpoint after you deploy new code. See the docs for the Puppet Server
       [administrative API](https://puppet.com/docs/puppetserver/latest/admin-api/v1/environment-cache.html).
-      ",
-      :hook => proc do |val|
-        if Puppet[:environment_timeout_mode] == :from_created
-          unless [0, 'unlimited', Float::INFINITY].include?(val)
-            Puppet.deprecation_warning("Evicting environments based on their creation time is deprecated, please set `environment_timeout_mode` to `from_last_used` instead.")
-          end
-        end
-      end
-    },
-    :environment_timeout_mode => {
-      :default => :from_created,
-      :type    => :symbolic_enum,
-      :values  => [:from_created, :from_last_used],
-      :desc => "How Puppet interprets the `environment_timeout` setting when
-      `environment_timeout` is neither `0` nor `unlimited`. If set to
-      `from_created`, then the environment will be evicted `environment_timeout`
-      seconds from when it was created. If set to `from_last_used` then the
-      environment will be evicted `environment_timeout` seconds from when it
-      was last used."
+      "
     },
     :environment_data_provider => {
       :desc       => "The name of a registered environment data provider used when obtaining environment
@@ -821,7 +793,7 @@ Valid values are 0 (never cache) and 15 (15 second minimum wait time).
         `certname` setting as its requested Subject CN.
         This is the name used when managing a node's permissions in
-        [auth.conf](https://puppet.com/docs/puppet/latest/config_file_auth.html).
+        Puppet Server's [auth.conf](https://puppet.com/docs/puppetserver/latest/config_file_auth.html).
         In most cases, it is also used as the node's name when matching
         [node definitions](https://puppet.com/docs/puppet/latest/lang_node_definitions.html)
         and requesting data from an ENC. (This can be changed with the `node_name_value`
@@ -836,12 +808,15 @@ Valid values are 0 (never cache) and 15 (15 second minimum wait time).
           only use lowercase letters, numbers, periods, underscores, and dashes. (That is,
           it should match `/\A[a-z0-9._-]+\Z/`.)
         * The special value `ca` is reserved, and can't be used as the certname
-          for a normal node.
+          for a normal node.
-          **Note:** You must set the certname in the main section of the puppet.conf file. Setting it in a different section causes errors.
+          **Note:** You must set the certname in the main section of the puppet.conf file. Setting it in a different section causes errors.
         Defaults to the node's fully qualified domain name.",
-      :hook => proc { |value| raise(ArgumentError, _("Certificate names must be lower case")) unless value == value.downcase }},
+      :call_hook => :on_initialize_and_write,
+      :hook => proc { |value|
+        raise(ArgumentError, _("Certificate names must be lower case")) unless value == value.downcase
+      }},
     :dns_alt_names => {
       :default => '',
       :desc    => <<EOT,
@@ -968,13 +943,13 @@ EOT
         Generally unused."
     },
     :hostcsr => {
-      :default => "$ssldir/csr_$certname.pem",
+      :default => "$requestdir/$certname.pem",
       :type   => :file,
       :mode => "0644",
       :owner => "service",
       :group => "service",
-      :deprecated  => :completely,
-      :desc => "This setting is deprecated."
+      :desc => "Where individual hosts store their certificate request (CSR)
+         while waiting for the CA to issue their certificate."
     },
     :hostcert => {
       :default => "$certdir/$certname.pem",
@@ -1025,29 +1000,6 @@ EOT
         puppet module tool and the 'http' report processor. This setting is ignored when
         making requests to puppet:// URLs such as catalog and report requests.",
     },
-    :ssl_client_ca_auth => {
-      :type  => :file,
-      :mode  => "0644",
-      :owner => "service",
-      :group => "service",
-      :desc  => "Certificate authorities who issue server certificates.  SSL servers will not be
-        considered authentic unless they possess a certificate issued by an authority
-        listed in this file.  If this setting has no value then the Puppet master's CA
-        certificate (localcacert) will be used.",
-      :hook => proc do |val|
-        Puppet.deprecation_warning(_("Setting 'ssl_client_ca_auth' is deprecated."))
-      end
-    },
-    :ssl_server_ca_auth => {
-      :type  => :file,
-      :mode  => "0644",
-      :owner => "service",
-      :group => "service",
-      :deprecated  => :completely,
-      :desc => "The setting is deprecated and has no effect. Ensure all root and
-        intermediate certificate authorities used to issue client certificates are
-        contained in the server's `cacert` file on the server."
-    },
     :hostcrl => {
       :default => "$ssldir/crl.pem",
       :type   => :file,
@@ -1124,7 +1076,7 @@ EOT
       :type      => :string,
       :desc      => "Where to send log messages. Choose between 'syslog' (the POSIX syslog
       service), 'eventlog' (the Windows Event Log), 'console', or the path to a log
-      file."
+      file. Multiple destinations can be set using a comma separated list (eg: `/path/file1,console,/path/file2`)"
       # Sure would be nice to set the Puppet::Util::Log destination here in an :on_initialize_and_write hook,
       # unfortunately we have a large number of tests that rely on the logging not resetting itself when the
       # settings are initialized as they test what gets logged during settings initialization.
@@ -1138,7 +1090,7 @@ EOT
       :desc    => "The name to use the Certificate Authority certificate.",
     },
     :cadir => {
-      :default => "$ssldir/ca",
+      :default => lambda { default_cadir },
       :type => :directory,
       :desc => "The root directory for the certificate authority.",
     },
@@ -1367,42 +1319,16 @@ EOT
       by `puppet`, and should only be set if you're writing your own Puppet
       executable.",
     },
-    :serverport => {
-      :default    => 8140,
-      :desc       => "The default port puppet subcommands use to communicate
-      with Puppet Server. (eg `puppet facts upload`, `puppet agent`). May be
-      overridden by more specific settings (see `ca_port`, `report_port`).",
-      :hook       => proc do |value|
-        Puppet[:masterport] = value unless Puppet.settings.set_by_config?(:masterport)
-      end
-    },
     :masterport => {
       :default    => 8140,
+      :type       => :port,
       :desc       => "The default port puppet subcommands use to communicate
       with Puppet Server. (eg `puppet facts upload`, `puppet agent`). May be
       overridden by more specific settings (see `ca_port`, `report_port`).",
-      :hook => proc do |value|
-        Puppet[:serverport] = value unless Puppet.settings.set_by_config?(:serverport)
-      end
     },
-    :node_name => {
-      :default    => 'cert',
-      :type       => :enum,
-      :values     => ['cert', 'facter'],
-      :deprecated => :completely,
-      :hook       => proc { |val|
-        if val != 'cert'
-          Puppet.deprecation_warning("The node_name setting is deprecated and will be removed in a future release.")
-        end
-      },
-      :desc       => "How the puppet master determines the client's identity
-      and sets the 'hostname', 'fqdn' and 'domain' facts for use in the manifest,
-      in particular for determining which 'node' statement applies to the client.
-      Possible values are 'cert' (use the subject's CN in the client's
-      certificate) and 'facter' (use the hostname that the client
-      reported in its facts).
-      This setting is deprecated, please use explicit fact matching for classification.",
+    :serverport => {
+      :type => :alias,
+      :alias_for => :masterport
     },
     :bucketdir => {
       :default => "$vardir/bucket",
@@ -1412,15 +1338,6 @@ EOT
       :group => "service",
       :desc => "Where FileBucket files are stored."
     },
-    :rest_authconfig => {
-      :default    => "$confdir/auth.conf",
-      :type       => :file,
-      :deprecated  => :completely,
-      :desc       => "The configuration file that defines the rights to the different
-      rest indirections.  This can be used as a fine-grained authorization system for
-      `puppet master`.  The `puppet master` command is deprecated and Puppet Server
-      uses its own auth.conf that must be placed within its configuration directory.",
-    },
     :trusted_oid_mapping_file => {
       :default    => "$confdir/custom_trusted_oid_mapping.yaml",
       :type       => :file,
@@ -1523,23 +1440,7 @@ EOT
       :default    => "$confdir/fileserver.conf",
       :type       => :file,
       :desc       => "Where the fileserver configuration is stored.",
-    },
-    :strict_hostname_checking => {
-      :default    => true,
-      :type       => :boolean,
-      :desc       => "Whether to only search for the complete
-        hostname as it is in the certificate when searching for node information
-        in the catalogs or to match dot delimited segments of the cert's certname
-        and the hostname, fqdn, and/or domain facts.
-        This setting is deprecated and will be removed in a future release.",
-      :hook => proc { |val|
-        if val != true
-          Puppet.deprecation_warning("Setting strict_hostname_checking to false is deprecated and will be removed in a future release. Please use regular expressions in your node declarations or explicit fact matching for classification (though be warned that fact based classification may be considered insecure).")
-        end
-      }
-    }
-  )
+    })
   settings.define_settings(:device,
     :devicedir =>  {
@@ -1561,17 +1462,15 @@ EOT
       :default => "$certname",
       :desc => "The explicit value used for the node name for all requests the agent
         makes to the master. WARNING: This setting is mutually exclusive with
-        node_name_fact.  Changing this setting also requires changes to the default
-        auth.conf configuration on the Puppet Master.  Please see
-        http://links.puppet.com/node_name_value for more information."
+        node_name_fact.  Changing this setting also requires changes to
+        Puppet Server's default [auth.conf](https://puppet.com/docs/puppetserver/latest/config_file_auth.html)."
     },
     :node_name_fact => {
       :default => "",
       :desc => "The fact name used to determine the node name used for all requests the agent
         makes to the master. WARNING: This setting is mutually exclusive with
-        node_name_value.  Changing this setting also requires changes to the default
-        auth.conf configuration on the Puppet Master.  Please see
-        http://links.puppet.com/node_name_fact for more information.",
+        node_name_value.  Changing this setting also requires changes to
+        Puppet Server's default [auth.conf](https://puppet.com/docs/puppetserver/latest/config_file_auth.html).",
       :hook => proc do |value|
         if !value.empty? and Puppet[:node_name_value] != Puppet[:certname]
           raise "Cannot specify both the node_name_value and node_name_fact settings"
@@ -1669,8 +1568,8 @@ EOT
     :server_list => {
       :default => [],
       :type => :server_list,
-      :desc => "The list of puppet master servers to which the puppet agent should connect,
-        in the order that they will be tried.",
+      :desc => "The list of Puppet master servers to which the Puppet agent should connect,
+        in the order that they will be tried. Each value should be a fully qualified domain name, followed by an optional ':' and port number. If a port is omitted, Puppet uses masterport for that host.",
     },
     :use_srv_records => {
       :default    => false,
@@ -1746,6 +1645,7 @@ EOT
     },
     :ca_port => {
       :default    => "$serverport",
+      :type       => :port,
       :desc       => "The port to use for the certificate authority.",
     },
     :preferred_serialization_format => {
@@ -1835,6 +1735,7 @@ EOT
     },
     :report_port => {
       :default  => "$serverport",
+      :type     => :port,
       :desc     => "The port to communicate with the report_server.",
     },
     :report => {
@@ -1864,17 +1765,27 @@ EOT
         for the node stored in puppetdb are current. However, this will double the fact
         submission load on puppetdb, so it is disabled by default.",
     },
+    :publicdir => {
+      :default  => nil,
+      :type     => :directory,
+      :mode     => "0755",
+      :desc     => "Where Puppet stores public files."
+    },
     :lastrunfile =>  {
-      :default  => "$statedir/last_run_summary.yaml",
+      :default  => "$publicdir/last_run_summary.yaml",
       :type     => :file,
-      :mode     => "0644",
+      :mode     => "0640",
       :desc     => "Where puppet agent stores the last run report summary in yaml format."
     },
     :lastrunreport =>  {
       :default  => "$statedir/last_run_report.yaml",
       :type     => :file,
       :mode     => "0640",
-      :desc     => "Where puppet agent stores the last run report in yaml format."
+      :desc     => "Where Puppet Agent stores the last run report, by default, in yaml format.
+        The format of the report can be changed by setting the `cache` key of the `report` terminus
+        in the [routes.yaml](https://puppet.com/docs/puppet/latest/config_file_routes.html) file.
+        To avoid mismatches between content and file extension, this setting needs to be
+        manually updated to reflect the terminus changes."
     },
     :graph => {
       :default  => false,
@@ -1943,7 +1854,7 @@ EOT
       :type     => :ttl,
       :desc     => "The maximum amount of time the puppet agent should wait for an
       already running puppet agent to finish before starting a new one. This is set by default to 1 minute.
-      A value of `unlimited` will cause puppet agent to wait indefinitely.
+      A value of `unlimited` will cause puppet agent to wait indefinitely.
       #{AS_DURATION}",
     }
   )
@@ -2000,7 +1911,7 @@ EOT
         :desc     => "What files to ignore when pulling down plugins.",
     },
     :ignore_plugin_errors => {
-      :default    => true,
+      :default    => false,
       :type       => :boolean,
       :desc       => "Whether the puppet run should ignore errors during pluginsync. If the setting
         is false and there are errors during pluginsync, then the agent will abort the run and
@@ -2215,16 +2126,6 @@ EOT
       referencing variables that are explicitly set to undef).
     EOT
     },
-   :func3x_check => {
-     :default => true,
-     :type => :boolean,
-     :desc => <<-'EOT'
-       Causes validation of loaded legacy Ruby functions (3x API) to raise errors about illegal constructs that
-       could cause harm or that simply does not work. This flag is on by default. This flag is made available
-       so that the validation can be turned off in case the method of validation is faulty - if encountered, please
-       file a bug report.
-     EOT
-     },
   :tasks => {
     :default => false,
     :type => :boolean,