puppet 6.21.0-x64-mingw32 → 6.24.0-x64-mingw32

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a017c128902f9b4d2367c13e1234e9c3ad02e79a786333992210f9bc4a69a47b
-  data.tar.gz: df0b0d8a3ccf1606ebca846a399994018c5734957ae2a889cbffb02fef0afc65
+  metadata.gz: 87b64bfb36433e576bca9d3d6ca4f1e3ca8134e45c73d2384a431a2d4875f525
+  data.tar.gz: 4fd577a3c1b0827bbd6ab32d339677ee6e5e7ef1ad15810c87f09f73c628ebbb
 SHA512:
-  metadata.gz: ca775c4f1ae0d31ef4c06432ef47cee2a733d49101943a859e573ed1050f4a2bedceac47dfb2aa474effb7679af5af86f530a167c332e1a1e2bce77126a9950e
-  data.tar.gz: 49abcfd2f699c06d35df8424919a273fb6a0c95a2e73a2b75a8348e2bee0b6fefc2eeeeeeac5d51a1fe19eab9bca7f72c8c7048251f45fa399bfcf3c3a5e73ce
+  metadata.gz: 889990a066ee1ca4bf5a51097e3140c61171edd9b0a841b15664585db549df120fc2ccfe920371bc4f64ea88d3334fad68f3cd5a4d88dbe1e7b7fe3617379a81
+  data.tar.gz: ca1783d1a2f81c5dca57d7fb7788b8cea037ff6a941e400e6fa288b373efebe0bd5ff17d07820b2c184e404a31b8de5ef7eaf7c316d9331416438951603c9ab9

data/CONTRIBUTING.md

@@ -38,12 +38,12 @@ the [puppet-dev mailing list](https://groups.google.com/forum/#!forum/puppet-dev
 ## Making Changes
 
 * Create a topic branch from where you want to base your work.
-  * This is usually the master branch.
+  * This is usually the main branch.
   * Only target release branches if you are certain your fix must be on that
     branch.
-  * To quickly create a topic branch based on master, run `git checkout -b
-    fix/master/my_contribution master`. Please avoid working directly on the
-    `master` branch.
+  * To quickly create a topic branch based on main, run `git checkout -b
+    fix/main/my_contribution main`. Please avoid working directly on the
+    `main` branch.
 * Make commits of logical and atomic units.
 * Check for unnecessary whitespace with `git diff --check` before committing.
 * Make sure your commit messages are in the proper format. If the commit
@@ -65,7 +65,7 @@ the [puppet-dev mailing list](https://groups.google.com/forum/#!forum/puppet-dev
       why this is a problem, and how the patch fixes the problem when applied.
   ```
 * Make sure you have added the necessary tests for your changes.
-* For details on how to run tests, please see [the quickstart guide](https://github.com/puppetlabs/puppet/blob/master/docs/quickstart.md)
+* For details on how to run tests, please see [the quickstart guide](https://github.com/puppetlabs/puppet/blob/main/docs/quickstart.md)
 
 ## Writing Translatable Code
 

data/Gemfile

@@ -56,7 +56,7 @@ group(:development, optional: true) do
   gem 'memory_profiler', require: false, platforms: [:mri]
   gem 'pry', require: false, platforms: [:ruby]
   gem "racc", "1.4.9", require: false, platforms: [:ruby]
-  if RUBY_PLATFORM != 'java'
+  if RUBY_PLATFORM != 'java' && RUBY_VERSION.to_f >= 2.5
     gem 'ruby-prof', '>= 0.16.0', require: false
   end
 end

data/Gemfile.lock

@@ -1,7 +1,18 @@
+GIT
+  remote: git://github.com/puppetlabs/packaging
+  revision: 4d6d51947f44bfa2fc282658836c15f69672e757
+  branch: 1.0.x
+  specs:
+    packaging (0.99.78.4.g4d6d519)
+      artifactory (~> 2)
+      csv (= 3.1.5)
+      rake (>= 12.3)
+      release-metrics
+
 PATH
   remote: .
   specs:
-    puppet (6.21.0)
+    puppet (6.24.0)
       CFPropertyList (~> 2.2)
       concurrent-ruby (~> 1.0)
       deep_merge (~> 1.0)
@@ -17,23 +28,23 @@ GEM
   remote: https://artifactory.delivery.puppetlabs.net/artifactory/api/gems/rubygems/
   specs:
     CFPropertyList (2.3.6)
-    addressable (2.7.0)
+    addressable (2.8.0)
       public_suffix (>= 2.0.2, < 5.0)
     artifactory (2.8.2)
     ast (2.4.2)
     coderay (1.1.3)
-    concurrent-ruby (1.1.8)
+    concurrent-ruby (1.1.9)
     crack (0.4.5)
       rexml
     csv (3.1.5)
     deep_merge (1.2.1)
     diff-lcs (1.4.4)
     docopt (0.6.1)
-    facter (4.0.50)
+    facter (4.2.2)
       hocon (~> 1.3)
       thor (>= 1.0.1, < 2.0)
     fast_gettext (1.1.2)
-    ffi (1.14.2)
+    ffi (1.15.3)
     gettext (3.2.9)
       locale (>= 2.0.5)
       text (>= 1.3.0)
@@ -42,11 +53,11 @@ GEM
       gettext (>= 3.0.2, < 3.3.0)
       locale
     hashdiff (1.0.1)
-    hiera (3.6.0)
-    hiera-eyaml (3.2.0)
-      highline (~> 1.6.19)
+    hiera (3.7.0)
+    hiera-eyaml (3.2.2)
+      highline
       optimist
-    highline (1.6.21)
+    highline (2.0.3)
     hocon (1.3.1)
     hpricot (0.8.6)
     httpclient (2.8.3)
@@ -60,33 +71,28 @@ GEM
     multi_json (1.15.0)
     mustache (1.1.1)
     optimist (3.0.1)
-    packaging (0.99.75)
-      artifactory (~> 2)
-      csv (= 3.1.5)
-      rake (>= 12.3)
-      release-metrics
     parallel (1.20.1)
     parser (2.7.2.0)
       ast (~> 2.4.1)
     powerpack (0.1.3)
-    pry (0.13.1)
+    pry (0.14.1)
       coderay (~> 1.1)
       method_source (~> 1.0)
     public_suffix (4.0.6)
-    puppet-resource_api (1.8.13)
+    puppet-resource_api (1.8.14)
       hocon (>= 1.0)
-    puppetserver-ca (1.9.1)
+    puppetserver-ca (1.10.0)
       facter (>= 2.0.1, < 5)
     racc (1.4.9)
     rainbow (2.2.2)
       rake
     rake (12.3.3)
     rdiscount (2.2.0.2)
-    rdoc (6.3.0)
+    rdoc (6.3.2)
     release-metrics (1.1.0)
       csv
       docopt
-    rexml (3.2.4)
+    rexml (3.2.5)
     ronn (0.7.3)
       hpricot (>= 0.8.2)
       mustache (>= 0.7.0)
@@ -116,14 +122,14 @@ GEM
       unicode-display_width (~> 1.0, >= 1.0.1)
     rubocop-i18n (1.2.0)
       rubocop (~> 0.49.0)
-    ruby-prof (1.4.2)
+    ruby-prof (1.4.3)
     ruby-progressbar (1.11.0)
-    semantic_puppet (1.0.3)
+    semantic_puppet (1.0.4)
     text (1.3.1)
     thor (1.1.0)
     unicode-display_width (1.7.0)
     vcr (5.1.0)
-    webmock (3.11.2)
+    webmock (3.13.0)
       addressable (>= 2.3.6)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
@@ -142,7 +148,7 @@ DEPENDENCIES
   memory_profiler
   minitar (~> 0.9)
   msgpack (~> 1.2)
-  packaging (~> 0.99)
+  packaging!
   pry
   puppet!
   puppet-resource_api (~> 1.5)

data/README.md

@@ -33,16 +33,16 @@ see the [Quick Start to Developing on Puppet](docs/quickstart.md) guide.
 
 We'd love to get contributions from you! For a quick guide to getting your
 system setup for developing, take a look at our [Quickstart
-Guide](https://github.com/puppetlabs/puppet/blob/master/docs/quickstart.md). Once you are up and running, take a look at the
-[Contribution Documents](https://github.com/puppetlabs/puppet/blob/master/CONTRIBUTING.md) to see how to get your changes merged
+Guide](https://github.com/puppetlabs/puppet/blob/main/docs/quickstart.md). Once you are up and running, take a look at the
+[Contribution Documents](https://github.com/puppetlabs/puppet/blob/main/CONTRIBUTING.md) to see how to get your changes merged
 in.
 
 For more complete docs on developing with Puppet, take a look at the
-rest of the [developer documents](https://github.com/puppetlabs/puppet/blob/master/docs/index.md).
+rest of the [developer documents](https://github.com/puppetlabs/puppet/blob/main/docs/index.md).
 
 ## Licensing
 
-See [LICENSE](https://github.com/puppetlabs/puppet/blob/master/LICENSE) file. Puppet is licensed by Puppet, Inc. under the Apache license. Puppet, Inc. can be contacted at: info@puppet.com
+See [LICENSE](https://github.com/puppetlabs/puppet/blob/main/LICENSE) file. Puppet is licensed by Puppet, Inc. under the Apache license. Puppet, Inc. can be contacted at: info@puppet.com
 
 ## Support
 

data/ext/osx/puppet.plist

@@ -26,5 +26,7 @@
         <string>/var/log/puppetlabs/puppet/puppet.log</string>
         <key>StandardOutPath</key>
         <string>/var/log/puppetlabs/puppet/puppet.log</string>
+        <key>SessionCreate</key>
+        <true />
 </dict>
 </plist>

data/ext/project_data.yaml

@@ -13,6 +13,7 @@ gem_files: '[A-Z]* install.rb bin lib conf man examples ext tasks spec locales'
 gem_test_files: 'spec/**/*'
 gem_executables: 'puppet'
 gem_default_executables: 'puppet'
+gem_license: 'Apache-2.0'
 gem_forge_project: 'puppet'
 gem_required_ruby_version: '>= 2.3.0'
 gem_required_rubygems_version: '> 1.3.1'
@@ -41,7 +42,7 @@ gem_platform_dependencies:
     gem_runtime_dependencies:
       ffi: ['> 1.9.24', '< 2']
       # win32-xxxx gems are pinned due to PUP-6445
-      win32-dir: '= 0.4.9'
+      win32-dir: ['>= 0.4.9', '<= 0.7.2']
       win32-process: '= 0.7.5'
       # Use of win32-security is deprecated
       win32-security: '= 0.2.5'
@@ -51,7 +52,7 @@ gem_platform_dependencies:
     gem_runtime_dependencies:
       ffi: ['> 1.9.24', '< 2']
       # win32-xxxx gems are pinned due to PUP-6445
-      win32-dir: '= 0.4.9'
+      win32-dir: ['>= 0.4.9', '<= 0.7.2']
       win32-process: '= 0.7.5'
       # Use of win32-security is deprecated
       win32-security: '= 0.2.5'

data/lib/puppet.rb

@@ -205,9 +205,9 @@ module Puppet
 
     Facter.add(:agent_specified_environment) do
       setcode do
-        if Puppet.settings.set_by_config?(:environment)
-          Puppet[:environment]
-        end
+        Puppet.settings.set_by_cli(:environment) ||
+          Puppet.settings.set_in_section(:environment, :agent) ||
+          Puppet.settings.set_in_section(:environment, :main)
       end
     end
   end

data/lib/puppet/application/agent.rb

@@ -133,9 +133,12 @@ Some flags are meant specifically for interactive use --- in particular,
 'test', 'tags' and 'fingerprint' are useful.
 
 '--test' runs once in the foreground with verbose logging, then exits.
-It also exits if it can't get a valid catalog. `--test` includes the '--detailed-exitcodes' option by default and exits with one of the following exit codes:
+It also exits if it can't get a valid catalog. `--test` includes the 
+'--detailed-exitcodes' option by default and exits with one of the following 
+exit codes:
 
-* 0: The run succeeded with no changes or failures; the system was already in the desired state.
+* 0: The run succeeded with no changes or failures; the system was already in 
+     the desired state.
 * 1: The run failed, or wasn't attempted due to another run already in progress.
 * 2: The run succeeded, and some resources were changed.
 * 4: The run succeeded, and some resources failed.
@@ -246,7 +249,9 @@ generated by running puppet agent with '--genconfig'.
   'puppet agent' exits after executing this.
   
 *  --evaltrace:
-  Logs each resource as it is being evaluated. This allows you to interactively see exactly what is being done. (This is a Puppet setting, and can go in puppet.conf. Note the special 'no-' prefix for boolean settings on the command line.)
+  Logs each resource as it is being evaluated. This allows you to interactively
+  see exactly what is being done. (This is a Puppet setting, and can go in
+  puppet.conf. Note the special 'no-' prefix for boolean settings on the command line.)
 
 * --fingerprint:
   Display the current certificate or certificate signing request
@@ -267,7 +272,8 @@ generated by running puppet agent with '--genconfig'.
   service), 'eventlog' (the Windows Event Log), 'console', or the path to a log
   file. If debugging or verbosity is enabled, this defaults to 'console'.
   Otherwise, it defaults to 'syslog' on POSIX systems and 'eventlog' on Windows.
-  Multiple destinations can be set using a comma separated list (eg: `/path/file1,console,/path/file2`)"
+  Multiple destinations can be set using a comma separated list 
+  (eg: `/path/file1,console,/path/file2`)"
 
   A path ending with '.json' will receive structured output in JSON format. The
   log file will not have an ending ']' automatically written to it due to the
@@ -310,7 +316,8 @@ generated by running puppet agent with '--genconfig'.
   'no-splay', and 'show_diff'.
   
 * --trace
-  Prints stack traces on some errors. (This is a Puppet setting, and can go in puppet.conf. Note the special 'no-' prefix for boolean settings on the command line.)
+  Prints stack traces on some errors. (This is a Puppet setting, and can go in
+  puppet.conf. Note the special 'no-' prefix for boolean settings on the command line.)
 
 * --verbose:
   Turn on verbose reporting.

data/lib/puppet/application/apply.rb

@@ -113,7 +113,8 @@ configuration options by running puppet with
   Where to send log messages. Choose between 'syslog' (the POSIX syslog
   service), 'eventlog' (the Windows Event Log), 'console', or the path to a log
   file. Defaults to 'console'.
-  Multiple destinations can be set using a comma separated list (eg: `/path/file1,console,/path/file2`)"
+  Multiple destinations can be set using a comma separated list
+  (eg: `/path/file1,console,/path/file2`)"
 
   A path ending with '.json' will receive structured output in JSON format. The
   log file will not have an ending ']' automatically written to it due to the

data/lib/puppet/application/device.rb

@@ -155,7 +155,8 @@ you can specify '--server <servername>' as an argument.
   Where to send log messages. Choose between 'syslog' (the POSIX syslog
   service), 'console', or the path to a log file. If debugging or verbosity is
   enabled, this defaults to 'console'. Otherwise, it defaults to 'syslog'.
-  Multiple destinations can be set using a comma separated list (eg: `/path/file1,console,/path/file2`)"
+  Multiple destinations can be set using a comma separated list
+  (eg: `/path/file1,console,/path/file2`)"
 
   A path ending with '.json' will receive structured output in JSON format. The
   log file will not have an ending ']' automatically written to it due to the

data/lib/puppet/application/filebucket.rb

@@ -1,6 +1,7 @@
 require 'puppet/application'
 
 class Puppet::Application::Filebucket < Puppet::Application
+  environment_mode :not_required
 
   option("--bucket BUCKET","-b")
   option("--debug","-d")

data/lib/puppet/application/resource.rb

@@ -1,6 +1,7 @@
 require 'puppet/application'
 
 class Puppet::Application::Resource < Puppet::Application
+  environment_mode :not_required
 
   attr_accessor :host, :extra_params
 
@@ -14,8 +15,9 @@ class Puppet::Application::Resource < Puppet::Application
   option("--to_yaml","-y")
 
   option("--types", "-t") do |arg|
+    env = Puppet.lookup(:environments).get(Puppet[:environment]) || create_default_environment
     types = []
-    Puppet::Type.loadall
+    Puppet::Type.typeloader.loadall(env)
     Puppet::Type.eachtype do |t|
       next if t.name == :component
       types << t.name.to_s
@@ -101,7 +103,8 @@ configuration options can also be generated by running puppet with
   Print extra information.
 
 * --to_yaml:
-  Output found resources in yaml format, suitable to use with Hiera and create_resources.
+  Output found resources in yaml format, suitable to use with Hiera and
+  create_resources.
 
 EXAMPLE
 -------
@@ -133,7 +136,9 @@ Copyright (c) 2011 Puppet Inc., LLC Licensed under the Apache 2.0 License
   end
 
   def main
-    env = Puppet.lookup(:environments).get(Puppet[:environment])
+    # If the specified environment does not exist locally, fall back to the default (production) environment
+    env = Puppet.lookup(:environments).get(Puppet[:environment]) || create_default_environment
+
     Puppet.override(:current_environment => env, :loaders => Puppet::Pops::Loaders.new(env)) do
       type, name, params = parse_args(command_line.args)
 
@@ -208,6 +213,15 @@ Copyright (c) 2011 Puppet Inc., LLC Licensed under the Apache 2.0 License
     [type, name, params]
   end
 
+  def create_default_environment
+    Puppet.debug("Specified environment '#{Puppet[:environment]}' does not exist on the filesystem, defaulting to 'production'")
+    Puppet[:environment] = :production
+    basemodulepath = Puppet::Node::Environment.split_path(Puppet[:basemodulepath])
+    modulepath = Puppet[:modulepath]
+    modulepath = (modulepath.nil? || modulepath.empty?) ? basemodulepath : Puppet::Node::Environment.split_path(modulepath)
+    Puppet::Node::Environment.create(Puppet[:environment], modulepath, Puppet::Node::Environment::NO_MANIFEST)
+  end
+
   def find_or_save_resources(type, name, params)
     key = local_key(type, name)
 

data/lib/puppet/application/script.rb

@@ -71,7 +71,8 @@ configuration options can also be generated by running puppet with
   Where to send log messages. Choose between 'syslog' (the POSIX syslog
   service), 'eventlog' (the Windows Event Log), 'console', or the path to a log
   file. Defaults to 'console'.
-  Multiple destinations can be set using a comma separated list (eg: `/path/file1,console,/path/file2`)"
+  Multiple destinations can be set using a comma separated list
+  (eg: `/path/file1,console,/path/file2`)"
 
   A path ending with '.json' will receive structured output in JSON format. The
   log file will not have an ending ']' automatically written to it due to the

data/lib/puppet/application/ssl.rb

@@ -74,6 +74,9 @@ ACTIONS
   `--localca` is specified, then also remove this host's local copy of the
   CA certificate(s) and CRL bundle. if `--target CERTNAME` is specified, then
   remove the files for the specified device on this host instead of this host.
+
+ * show:
+  Print the full-text version of this host's certificate.
 HELP
   end
 
@@ -114,6 +117,7 @@ HELP
     end
 
     Puppet::SSL::Oids.register_puppet_oids
+    Puppet::SSL::Oids.load_custom_oid_file(Puppet[:trusted_oid_mapping_file])
 
     certname = Puppet[:certname]
     action = command_line.args.first
@@ -142,11 +146,19 @@ HELP
       end
       @machine.ensure_client_certificate
       Puppet.notice(_("Completed SSL initialization"))
+    when 'show'
+      show(certname)
     else
       raise Puppet::Error, _("Unknown action '%{action}'") % { action: action }
     end
   end
 
+  def show(certname)
+    password = @cert_provider.load_private_key_password
+    ssl_context = @ssl_provider.load_context(certname: certname, password: password)
+    puts ssl_context.client_cert.to_text
+  end
+
   def submit_request(ssl_context)
     key = @cert_provider.load_private_key(Puppet[:certname])
     unless key

data/lib/puppet/configurer/downloader.rb

@@ -73,7 +73,8 @@ class Puppet::Configurer::Downloader
       :purge => true,
       :force => true,
       :backup => false,
-      :noop => false
+      :noop => false,
+      :max_files => -1
     }
     if !Puppet::Util::Platform.windows?
       defargs[:owner] = Process.uid

data/lib/puppet/defaults.rb

@@ -58,6 +58,18 @@ module Puppet
     end
   end
 
+  def self.default_cadir
+    return "" if Puppet::Util::Platform.windows?
+    old_ca_dir = "#{Puppet[:ssldir]}/ca"
+    new_ca_dir = '/etc/puppetlabs/puppetserver/ca'
+
+    if File.exist?("#{new_ca_dir}/ca_crt.pem")
+      new_ca_dir
+    else
+      old_ca_dir
+    end
+  end
+
   ############################################################################################
   # NOTE: For information about the available values for the ":type" property of settings,
   #   see the docs for Settings.define_settings
@@ -866,8 +878,8 @@ names.
 **Note:** The list of alternate names is locked in when the server's
 certificate is signed. If you need to change the list later, you can't just
 change this setting; you also need to regenerate the certificate. For more
-information on that process, see the [cert regen docs]
-(https://puppet.com/docs/puppet/latest/ssl_regenerate_certificates.html).
+information on that process, see the 
+[cert regen docs](https://puppet.com/docs/puppet/latest/ssl_regenerate_certificates.html).
 
 To see all the alternate names your servers are using, log into your CA server
 and run `puppetserver ca list --all`, then check the output for `(alt names: ...)`.
@@ -1085,6 +1097,14 @@ EOT
           certificate revocation checking and does not attempt to download the CRL.
         EOT
     },
+    :ciphers => {
+      :default => 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256',
+      :type => :string,
+      :desc => "The list of ciphersuites for TLS connections initiated by puppet. The
+                default value is chosen to support TLS 1.0 and up, but can be made
+                more restrictive if needed. The ciphersuites must be specified in OpenSSL
+                format, not IANA."
+    },
     :key_type => {
       :default => 'rsa',
       :type    => :enum,
@@ -1142,7 +1162,7 @@ EOT
       :desc    => "The name to use the Certificate Authority certificate.",
     },
     :cadir => {
-      :default => "$ssldir/ca",
+      :default => lambda { default_cadir },
       :type => :directory,
       :desc => "The root directory for the certificate authority.",
     },
@@ -1497,7 +1517,9 @@ EOT
         See the report reference for information on the built-in report
         handlers; custom report handlers can also be loaded from modules.
         (Report handlers are loaded from the lib directory, at
-        `puppet/reports/NAME.rb`.)",
+        `puppet/reports/NAME.rb`.)
+
+        To turn off reports entirely, set this to `none`",
     },
     :reportdir => {
       :default => "$vardir/reports",
@@ -1760,7 +1782,7 @@ EOT
     },
     :agent_disabled_lockfile => {
         :default    => "$statedir/agent_disabled.lock",
-        :type       => :file,
+        :type       => :string,
         :desc       => "A lock file to indicate that puppet agent runs have been administratively
           disabled.  File contains a JSON object with state information.",
     },