puppet 6.19.1 → 6.20.0

data/lib/puppet/environments.rb

@@ -346,12 +346,6 @@ module Puppet::Environments
       @loader = loader
       @cache_expiration_service = Puppet::Environments::Cached.cache_expiration_service
       @cache = {}
-
-      # Holds expiration times in sorted order - next to expire is first
-      @expirations = SortedSet.new
-
-      # Infinity since it there are no entries, this is a cache of the first to expire time
-      @next_expiration = END_OF_TIME
     end
 
     # @!macro loader_list
@@ -379,7 +373,6 @@ module Puppet::Environments
       elsif (result = @loader.get(name))
         # environment loaded, cache it
         cache_entry = entry(result)
-        @cache_expiration_service.created(result)
         add_entry(name, cache_entry)
         result
       end
@@ -389,28 +382,36 @@ module Puppet::Environments
     def add_entry(name, cache_entry)
       Puppet.debug {"Caching environment '#{name}' #{cache_entry.label}"}
       @cache[name] = cache_entry
-      expires = cache_entry.expires
-      @expirations.add(expires)
-      if @next_expiration > expires
-        @next_expiration = expires
-      end
+      @cache_expiration_service.created(cache_entry.value)
     end
     private :add_entry
 
+    def clear_entry(name, entry)
+      @cache.delete(name)
+      Puppet.debug {"Evicting cache entry for environment '#{name}'"}
+      @cache_expiration_service.evicted(name.to_sym)
+      Puppet::GettextConfig.delete_text_domain(name)
+      Puppet.settings.clear_environment_settings(name)
+    end
+    private :clear_entry
+
     # Clears the cache of the environment with the given name.
     # (The intention is that this could be used from a MANUAL cache eviction command (TBD)
     def clear(name)
-      @cache.delete(name)
-      Puppet::GettextConfig.delete_text_domain(name)
+      entry = @cache[name]
+      clear_entry(name, entry) if entry
     end
 
     # Clears all cached environments.
     # (The intention is that this could be used from a MANUAL cache eviction command (TBD)
-    def clear_all()
+    def clear_all
       super
+
+      @cache.each_pair do |name, entry|
+        clear_entry(name, entry)
+      end
+
       @cache = {}
-      @expirations.clear
-      @next_expiration = END_OF_TIME
       Puppet::GettextConfig.delete_environment_text_domains
     end
 
@@ -419,18 +420,24 @@ module Puppet::Environments
     #
     def clear_all_expired()
       t = Time.now
-      return if t < @next_expiration && ! @cache.any? {|name, _| @cache_expiration_service.expired?(name.to_sym) }
-      to_expire = @cache.select { |name, entry| entry.expires < t || @cache_expiration_service.expired?(name.to_sym) }
-      to_expire.each do |name, entry|
-        Puppet.debug {"Evicting cache entry for environment '#{name}'"}
-        @cache_expiration_service.evicted(name.to_sym)
-        clear(name)
-        @expirations.delete(entry.expires)
-        Puppet.settings.clear_environment_settings(name)
+
+      @cache.each_pair do |name, entry|
+        clear_if_expired(name, entry, t)
       end
-      @next_expiration = @expirations.first || END_OF_TIME
     end
 
+    # Clear an environment if it is expired, either by exceeding its time to live, or
+    # through an explicit eviction determined by the cache expiration service.
+    #
+    def clear_if_expired(name, entry, t = Time.now)
+      return unless entry
+
+      if entry.expired?(t) || @cache_expiration_service.expired?(name.to_sym)
+        clear_entry(name, entry)
+      end
+    end
+    private :clear_if_expired
+
     # This implementation evicts the cache, and always gets the current
     # configuration of the environment
     #
@@ -440,7 +447,7 @@ module Puppet::Environments
     #
     # @!macro loader_get_conf
     def get_conf(name)
-      evict_if_expired(name)
+      clear_if_expired(name, @cache[name])
       @loader.get_conf(name)
     end
 
@@ -467,17 +474,6 @@ module Puppet::Environments
       end
     end
 
-    # Evicts the entry if it has expired
-    # Also clears caches in Settings that may prevent the entry from being updated
-    def evict_if_expired(name)
-      if (result = @cache[name]) && (result.expired? || @cache_expiration_service.expired?(name.to_sym))
-        Puppet.debug {"Evicting cache entry for environment '#{name}'"}
-        @cache_expiration_service.evicted(name.to_sym)
-        clear(name)
-        Puppet.settings.clear_environment_settings(name)
-      end
-    end
-
     # Never evicting entry
     class Entry
       attr_reader :value
@@ -489,32 +485,24 @@ module Puppet::Environments
       def touch
       end
 
-      def expired?
+      def expired?(now)
         false
       end
 
       def label
         ""
       end
-
-      def expires
-        END_OF_TIME
-      end
     end
 
     # Always evicting entry
     class NotCachedEntry < Entry
-      def expired?
+      def expired?(now)
         true
       end
 
       def label
         "(ttl = 0 sec)"
       end
-
-      def expires
-        START_OF_TIME
-      end
     end
 
     # Policy that expires in ttl_seconds from when it was created
@@ -525,17 +513,13 @@ module Puppet::Environments
         @ttl_seconds = ttl_seconds
       end
 
-      def expired?
-        Time.now > @ttl
+      def expired?(now)
+        now > @ttl
       end
 
       def label
         "(ttl = #{@ttl_seconds} sec)"
       end
-
-      def expires
-        @ttl
-      end
     end
 
     # Policy that expires if it hasn't been touched within ttl_seconds

data/lib/puppet/face/config.rb

@@ -159,6 +159,16 @@ https://puppet.com/docs/puppet/latest/configuration.html#environment
         report_section_and_environment(options[:section], Puppet.settings[:environment])
       end
 
+      # only validate settings we recognize
+      setting = Puppet.settings.setting(name.to_sym)
+      if setting
+        # set the value, which will call `on_*_and_write` hooks, if any
+        Puppet.settings[setting.name] = value
+
+        # read the value to trigger interpolation and munge validation logic
+        Puppet.settings[setting.name]
+      end
+
       path = Puppet::FileSystem.pathname(Puppet.settings.which_configuration_file)
       Puppet::FileSystem.touch(path)
       Puppet::FileSystem.open(path, nil, 'r+:UTF-8') do |file|

data/lib/puppet/face/epp.rb

@@ -440,7 +440,12 @@ Puppet::Face.define(:epp, '0.0.1') do
 
   def render_inline(epp_source, compiler, options)
     template_args = get_values(compiler, options)
-    Puppet::Pops::Evaluator::EppEvaluator.inline_epp(compiler.topscope, epp_source, template_args)
+    result = Puppet::Pops::Evaluator::EppEvaluator.inline_epp(compiler.topscope, epp_source, template_args)
+    if result.instance_of?(Puppet::Pops::Types::PSensitiveType::Sensitive)
+      result.unwrap
+    else
+      result
+    end
   end
 
   def render_file(epp_template_name, compiler, options, show_filename, file_nbr)
@@ -457,7 +462,12 @@ Puppet::Face.define(:epp, '0.0.1') do
       if template_file.nil? && Puppet::FileSystem.exist?(epp_template_name)
         epp_template_name = File.expand_path(epp_template_name)
       end
-      output << Puppet::Pops::Evaluator::EppEvaluator.epp(compiler.topscope, epp_template_name, compiler.environment, template_args)
+      result = Puppet::Pops::Evaluator::EppEvaluator.epp(compiler.topscope, epp_template_name, compiler.environment, template_args)
+      if result.instance_of?(Puppet::Pops::Types::PSensitiveType::Sensitive)
+        output << result.unwrap
+      else
+        output << result
+      end
     rescue Puppet::ParseError => detail
       Puppet.err("--- #{epp_template_name}") if show_filename
       raise detail

data/lib/puppet/face/facts.rb

@@ -1,5 +1,29 @@
 require 'puppet/indirector/face'
 require 'puppet/node/facts'
+require 'puppet/util/fact_dif'
+
+EXCLUDE_LIST = %w[facterversion
+  swapfree_mb swapsize_mb
+  load_averages\.*
+  memory\.swap\.available_bytes memory\.swap\.capacity memory\.swap\.total_bytes
+  memory\.swap\.used_bytes memory\.swap\.available
+  memory\.system\.available memory\.system\.available_bytes memory\.system\.capacity memory\.swap\.used
+  memory\.system\.total_bytes memory\.system\.used memory\.system\.used_bytes
+  memoryfree memoryfree_mb memorysize_mb
+  mountpoints\..* mtu_.* mountpoints\..*\.capacity
+  networking\.interfaces\..*\.mtu networking\.mtu partitions\..*\.filesystem
+  partitions\..*\.size_bytes partitions\..*\.mount partitions\..*\.uuid
+  disks\..*\.size_bytes
+  hypervisors\.lpar\.partition_number hypervisors\.xen\.privileged hypervisors\.zone\..* hypervisors\.ldom\..*
+  processors\.speed
+  ldom_.*
+  boardassettag dmi\.board\.asset_tag
+  blockdevice_.*_vendor blockdevice_.*_size
+  system_uptime\.days system_uptime\.hours system_uptime\.seconds system_uptime\.uptime
+  uptime_days uptime_hours uptime_seconds
+  system_profiler\.uptime
+  sp_uptime
+  uptime]
 
 Puppet::Indirector::Face.define(:facts, '0.0.1') do
   copyright "Puppet Inc.", 2011
@@ -87,4 +111,40 @@ Puppet::Indirector::Face.define(:facts, '0.0.1') do
       nil
     end
   end
+
+  action(:diff) do
+    summary _("Compare Facter 3 output with Facter 4 output")
+    description <<-'EOT'
+    Compares output from facter 3 with Facter 4 and prints the differences
+    EOT
+    returns "Differences between Facter 3 and Facter 4 output as an array."
+    notes <<-'EOT'
+    EOT
+    examples <<-'EOT'
+    get differences between facter versions:
+    $ puppet facts diff
+    EOT
+
+    render_as :json
+
+    when_invoked do |*args|
+      Puppet.settings.preferred_run_mode = :agent
+      Puppet::Node::Facts.indirection.terminus_class = :facter
+
+      if Puppet::Util::Package.versioncmp(Facter.value('facterversion'), '4.0.0') < 0
+        facter3_result = Puppet::Node::Facts.indirection.find(Puppet.settings[:certname])
+        begin
+          require 'facter-ng'
+          facter4_result = Puppet::Node::Facts.indirection.find(Puppet.settings[:certname])
+        rescue LoadError
+          raise ArgumentError, 'facter-ng could not be loaded'
+        end
+        fact_diff = FactDif.new(facter3_result.to_json, facter4_result.to_json, EXCLUDE_LIST)
+        fact_diff.difs
+      else
+        Puppet.warning _("Already using Facter 4. To use `puppet facts diff` remove facterng from the .conf file or run `puppet config set facterng false`.")
+        exit 0
+      end
+    end
+  end
 end

data/lib/puppet/ffi/posix.rb

@@ -0,0 +1,10 @@
+require 'ffi'
+
+module Puppet
+  module FFI
+    module POSIX
+      require 'puppet/ffi/posix/functions'
+      require 'puppet/ffi/posix/constants'
+    end
+  end
+end

data/lib/puppet/ffi/posix/constants.rb

@@ -0,0 +1,14 @@
+require 'puppet/ffi/posix'
+
+module Puppet::FFI::POSIX
+  module Constants
+    extend FFI::Library
+  
+    # Maximum number of supplementary groups (groups
+    # that a user can be in plus its primary group)
+    # (64 + 1 primary group)
+    # Chosen a reasonable middle number from the list
+    # https://www.j3e.de/ngroups.html
+    MAXIMUM_NUMBER_OF_GROUPS = 65
+  end
+end

data/lib/puppet/ffi/posix/functions.rb

@@ -0,0 +1,24 @@
+require 'puppet/ffi/posix'
+
+module Puppet::FFI::POSIX
+  module Functions
+
+    extend FFI::Library
+
+    ffi_convention :stdcall
+
+    # https://man7.org/linux/man-pages/man3/getgrouplist.3.html
+    # int getgrouplist (
+    #   const char *user,
+    #   gid_t group,
+    #   gid_t *groups,
+    #   int *ngroups
+    # );
+    begin
+      ffi_lib FFI::Library::LIBC
+      attach_function :getgrouplist, [:string, :uint, :pointer, :pointer], :int
+    rescue FFI::NotFoundError
+      # Do nothing
+    end
+  end
+end

data/lib/puppet/functions/epp.rb

@@ -40,6 +40,7 @@ Puppet::Functions.create_function(:epp, Puppet::Functions::InternalFunction) do
     scope_param
     param 'String', :path
     optional_param 'Hash[Pattern[/^\w+$/], Any]', :parameters
+    return_type 'Variant[String, Sensitive[String]]'
   end
 
   def epp(scope, path, parameters = nil)

data/lib/puppet/functions/inline_epp.rb

@@ -51,6 +51,7 @@ Puppet::Functions.create_function(:inline_epp, Puppet::Functions::InternalFuncti
     scope_param()
     param 'String', :template
     optional_param 'Hash[Pattern[/^\w+$/], Any]', :parameters
+    return_type 'Variant[String, Sensitive[String]]'
   end
 
   def inline_epp(scope, template, parameters = nil)

data/lib/puppet/indirector/fact_search.rb

@@ -0,0 +1,60 @@
+# module containing common methods used by json and yaml facts indirection terminus
+module Puppet::Indirector::FactSearch
+  def node_matches?(facts, options)
+    options.each do |key, value|
+      type, name, operator = key.to_s.split(".")
+      operator ||= 'eq'
+
+      return false unless node_matches_option?(type, name, operator, value, facts)
+    end
+    return true
+  end
+
+  def node_matches_option?(type, name, operator, value, facts)
+    case type
+    when "meta"
+      case name
+      when "timestamp"
+        compare_timestamp(operator, facts.timestamp, Time.parse(value))
+      end
+    when "facts"
+      compare_facts(operator, facts.values[name], value)
+    end
+  end
+
+  def compare_facts(operator, value1, value2)
+    return false unless value1
+
+    case operator
+    when "eq"
+      value1.to_s == value2.to_s
+    when "le"
+      value1.to_f <= value2.to_f
+    when "ge"
+      value1.to_f >= value2.to_f
+    when "lt"
+      value1.to_f < value2.to_f
+    when "gt"
+      value1.to_f > value2.to_f
+    when "ne"
+      value1.to_s != value2.to_s
+    end
+  end
+
+  def compare_timestamp(operator, value1, value2)
+    case operator
+    when "eq"
+      value1 == value2
+    when "le"
+      value1 <= value2
+    when "ge"
+      value1 >= value2
+    when "lt"
+      value1 < value2
+    when "gt"
+      value1 > value2
+    when "ne"
+      value1 != value2
+    end
+  end
+end

data/lib/puppet/indirector/facts/json.rb

@@ -0,0 +1,27 @@
+require 'puppet/node/facts'
+require 'puppet/indirector/json'
+require 'puppet/indirector/fact_search'
+
+class Puppet::Node::Facts::Json < Puppet::Indirector::JSON
+  desc "Store client facts as flat files, serialized using JSON, or
+    return deserialized facts from disk."
+
+  include Puppet::Indirector::FactSearch
+  
+  def search(request)
+    node_names = []
+    Dir.glob(json_dir_path).each do |file|
+      facts = load_json_from_file(file, '')
+      if facts && node_matches?(facts, request.options)
+        node_names << facts.name
+      end
+    end
+    node_names
+  end
+
+  private
+
+  def json_dir_path
+    self.path("*")
+  end
+end