puppet 6.21.1-universal-darwin → 6.22.1-universal-darwin

data/man/man8/puppet-epp.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-EPP" "8" "February 2021" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-EPP" "8" "April 2021" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-epp\fR \- Interact directly with the EPP template parser/renderer\.

data/man/man8/puppet-facts.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-FACTS" "8" "February 2021" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-FACTS" "8" "April 2021" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-facts\fR \- Retrieve and store facts\.
@@ -51,7 +51,7 @@ The terminus for an action is often determined by context, but occasionally need
 \fBSYNOPSIS\fR
 .
 .IP
-puppet facts diff [\-\-terminus _TERMINUS] [\-\-extra HASH]
+puppet facts diff [\-\-terminus _TERMINUS] [\-\-extra HASH] [\-\-structured] [\-\-exclude \fIregex\fR]
 .
 .IP
 \fBDESCRIPTION\fR
@@ -60,6 +60,12 @@ puppet facts diff [\-\-terminus _TERMINUS] [\-\-extra HASH]
 Compares output from facter 3 with Facter 4 and prints the differences
 .
 .IP
+\fBOPTIONS\fR \fI\-\-exclude <regex\fR> \- Regex used to exclude specific facts from diff\.
+.
+.IP
+\fI\-\-structured\fR \- Render the different facts as structured\.
+.
+.IP
 \fBRETURNS\fR
 .
 .IP
@@ -123,6 +129,49 @@ puppet facts save [\-\-terminus _TERMINUS] [\-\-extra HASH] \fIkey\fR
 API only: create or overwrite an object\. As the Faces framework does not currently accept data from STDIN, save actions cannot currently be invoked from the command line\.
 .
 .TP
+\fBshow\fR \- Retrieve current node\'s facts\.
+\fBSYNOPSIS\fR
+.
+.IP
+puppet facts show [\-\-terminus _TERMINUS] [\-\-extra HASH] [\-\-config\-file \fIpath\fR] [\-\-custom\-dir \fIpath\fR] [\-\-external\-dir \fIpath\fR] [\-\-no\-block] [\-\-no\-cache] [\-\-show\-legacy] [\-\-value\-only] [\fIfacts\fR]
+.
+.IP
+\fBDESCRIPTION\fR
+.
+.IP
+Reads facts from the local system using \fBfacter\fR terminus\. A query can be provided to retrieve just a specific fact or a set of facts\.
+.
+.IP
+\fBOPTIONS\fR \fI\-\-config\-file <path\fR> \- The location of the config file for Facter\.
+.
+.IP
+\fI\-\-custom\-dir <path\fR> \- The path to a directory that contains custom facts\.
+.
+.IP
+\fI\-\-external\-dir <path\fR> \- The path to a directory that contains external facts\.
+.
+.IP
+\fI\-\-no\-block\fR \- Disable fact blocking mechanism\.
+.
+.IP
+\fI\-\-no\-cache\fR \- Disable fact caching mechanism\.
+.
+.IP
+\fI\-\-show\-legacy\fR \- Show legacy facts when querying all facts\.
+.
+.IP
+\fI\-\-value\-only\fR \- Show only the value when the action is called with a single query
+.
+.IP
+\fBRETURNS\fR
+.
+.IP
+The output of facter with added puppet specific facts\.
+.
+.IP
+\fBNOTES\fR
+.
+.TP
 \fBupload\fR \- Upload local facts to the puppet master\.
 \fBSYNOPSIS\fR
 .
@@ -175,6 +224,15 @@ Get facts from the local system:
 $ puppet facts find
 .
 .P
+\fBshow\fR
+.
+.P
+retrieve facts:
+.
+.P
+$ puppet facts show os
+.
+.P
 \fBupload\fR
 .
 .P

data/man/man8/puppet-filebucket.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-FILEBUCKET" "8" "February 2021" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-FILEBUCKET" "8" "April 2021" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-filebucket\fR \- Store and retrieve files in a filebucket

data/man/man8/puppet-generate.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-GENERATE" "8" "February 2021" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-GENERATE" "8" "April 2021" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-generate\fR \- Generates Puppet code from Ruby definitions\.

data/man/man8/puppet-help.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-HELP" "8" "February 2021" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-HELP" "8" "April 2021" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-help\fR \- Display Puppet help\.

data/man/man8/puppet-key.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-KEY" "8" "February 2021" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-KEY" "8" "April 2021" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-key\fR \- Create, save, and remove certificate keys\.

data/man/man8/puppet-lookup.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-LOOKUP" "8" "February 2021" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-LOOKUP" "8" "April 2021" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-lookup\fR \- Interactive Hiera lookup

data/man/man8/puppet-man.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-MAN" "8" "February 2021" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-MAN" "8" "April 2021" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-man\fR \- Display Puppet manual pages\.

data/man/man8/puppet-module.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-MODULE" "8" "February 2021" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-MODULE" "8" "April 2021" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-module\fR \- Creates, installs and searches for modules on the Puppet Forge\.

data/man/man8/puppet-node.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-NODE" "8" "February 2021" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-NODE" "8" "April 2021" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-node\fR \- View and manage node definitions\.

data/man/man8/puppet-parser.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-PARSER" "8" "February 2021" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-PARSER" "8" "April 2021" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-parser\fR \- Interact directly with the parser\.

data/man/man8/puppet-plugin.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-PLUGIN" "8" "February 2021" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-PLUGIN" "8" "April 2021" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-plugin\fR \- Interact with the Puppet plugin system\.

data/man/man8/puppet-report.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-REPORT" "8" "February 2021" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-REPORT" "8" "April 2021" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-report\fR \- Create, display, and submit reports\.

data/man/man8/puppet-resource.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-RESOURCE" "8" "February 2021" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-RESOURCE" "8" "April 2021" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-resource\fR \- The resource abstraction layer shell

data/man/man8/puppet-script.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-SCRIPT" "8" "February 2021" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-SCRIPT" "8" "April 2021" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-script\fR \- Run a puppet manifests as a script without compiling a catalog

data/man/man8/puppet-ssl.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-SSL" "8" "February 2021" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-SSL" "8" "April 2021" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-ssl\fR \- Manage SSL keys and certificates for puppet SSL clients
@@ -52,4 +52,8 @@ Verify the private key and certificate are present and match, verify the certifi
 .TP
 clean
 Remove the private key and certificate related files for this host\. If \fB\-\-localca\fR is specified, then also remove this host\'s local copy of the CA certificate(s) and CRL bundle\. if \fB\-\-target CERTNAME\fR is specified, then remove the files for the specified device on this host instead of this host\.
+.
+.TP
+show
+Print the full\-text version of this host\'s certificate\.
 

data/man/man8/puppet-status.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-STATUS" "8" "February 2021" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-STATUS" "8" "April 2021" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-status\fR \- View puppet server status\.

data/man/man8/puppet.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET" "8" "February 2021" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET" "8" "April 2021" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\fR
@@ -25,4 +25,4 @@ Specialized:
 catalog Compile, save, view, and convert catalogs\. describe Display help about resource types device Manage remote network devices doc Generate Puppet references epp Interact directly with the EPP template parser/renderer\. facts Retrieve and store facts\. filebucket Store and retrieve files in a filebucket generate Generates Puppet code from Ruby definitions\. node View and manage node definitions\. parser Interact directly with the parser\. plugin Interact with the Puppet plugin system\. script Run a puppet manifests as a script without compiling a catalog ssl Manage SSL keys and certificates for puppet SSL clients
 .
 .P
-See \'puppet help \fIsubcommand\fR \fIaction\fR\' for help on a specific subcommand action\. See \'puppet help \fIsubcommand\fR\' for help on a specific subcommand\. Puppet v6\.21\.0
+See \'puppet help \fIsubcommand\fR \fIaction\fR\' for help on a specific subcommand action\. See \'puppet help \fIsubcommand\fR\' for help on a specific subcommand\. Puppet v6\.22\.0

data/spec/fixtures/unit/provider/service/systemd/list_unit_files_services_vendor_preset

@@ -0,0 +1,9 @@
+UNIT FILE                                  STATE           VENDOR PRESET
+arp-ethers.service                         disabled        disabled     
+auditd.service                             enabled         enabled      
+dbus.service                               enabled         disabled     
+udev.service                               enabled-runtime disabled
+umountfs.service                           linked-runtime  disabled
+umountnfs.service                          masked          disabled
+umountroot.service                         masked-runtime  disabled
+urandom.service                            indirect        enabled

data/spec/integration/application/plugin_spec.rb

@@ -2,7 +2,7 @@ require 'spec_helper'
 require 'puppet/face'
 require 'puppet_spec/puppetserver'
 
-describe "puppet plugin" do
+describe "puppet plugin", unless: Puppet::Util::Platform.jruby? do
   include_context "https client"
 
   let(:server) { PuppetSpec::Puppetserver.new }

data/spec/integration/http/client_spec.rb

@@ -151,4 +151,16 @@ describe Puppet::HTTP::Client, unless: Puppet::Util::Platform.jruby? do
       end
     end
   end
+
+  context 'ciphersuites' do
+    it "does not connect when using an SSLv3 ciphersuite", :if => Puppet::Util::Package.versioncmp(OpenSSL::OPENSSL_LIBRARY_VERSION.split[1], '1.1.1e') > 0 do
+      Puppet[:ciphers] = "DES-CBC3-SHA"
+
+      https_server.start_server do |port|
+        expect {
+          client.get(URI("https://127.0.0.1:#{port}"), options: {ssl_context: root_context})
+        }.to raise_error(Puppet::HTTP::ConnectionError, /no cipher match|sslv3 alert handshake failure/)
+      end
+    end
+  end
 end

data/spec/integration/indirector/direct_file_server_spec.rb

@@ -1,5 +1,4 @@
 require 'spec_helper'
-require 'matchers/include'
 
 require 'puppet/indirector/file_content/file'
 require 'puppet/indirector/file_metadata/file'
@@ -30,7 +29,6 @@ end
 
 describe Puppet::Indirector::DirectFileServer, " when interacting with FileServing::Fileset and the model" do
   include PuppetSpec::Files
-  include Matchers::Include
 
   matcher :file_with_content do |name, content|
     match do |actual|
@@ -52,7 +50,7 @@ describe Puppet::Indirector::DirectFileServer, " when interacting with FileServi
     terminus = Puppet::Indirector::FileContent::File.new
     request = terminus.indirection.request(:search, Puppet::Util.path_to_uri(path).to_s, nil, :recurse => true)
 
-    expect(terminus.search(request)).to include_in_any_order(
+    expect(terminus.search(request)).to contain_exactly(
       file_with_content(File.join(path, "one"), "one content"),
       file_with_content(File.join(path, "two"), "two content"),
       directory_named(path))

data/spec/integration/util/windows/adsi_spec.rb

@@ -55,6 +55,24 @@ describe Puppet::Util::Windows::ADSI::User,
       end
     end
   end
+
+  describe '.current_user_name_with_format' do
+    context 'when desired format is NameSamCompatible' do
+      it 'should get the same user name as the current_user_name method but fully qualified' do
+        user_name = Puppet::Util::Windows::ADSI::User.current_user_name
+        fully_qualified_user_name = Puppet::Util::Windows::ADSI::User.current_sam_compatible_user_name
+
+        expect(fully_qualified_user_name).to match(/^.+\\#{user_name}$/)
+      end
+
+      it 'should have the same SID as with the current_user_name method' do
+        user_name = Puppet::Util::Windows::ADSI::User.current_user_name
+        fully_qualified_user_name = Puppet::Util::Windows::ADSI::User.current_sam_compatible_user_name
+
+        expect(Puppet::Util::Windows::SID.name_to_sid(user_name)).to eq(Puppet::Util::Windows::SID.name_to_sid(fully_qualified_user_name))
+      end
+    end
+  end
 end
 
 describe Puppet::Util::Windows::ADSI::Group,

data/spec/integration/util/windows/principal_spec.rb

@@ -7,6 +7,7 @@ describe Puppet::Util::Windows::SID::Principal, :if => Puppet::Util::Platform.wi
   let (:system_bytes) { [1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0] }
   let (:null_sid_bytes) { [1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0] }
   let (:administrator_bytes) { [1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0] }
+  let (:all_application_packages_bytes) { [1, 2, 0, 0, 0, 0, 0, 15, 2, 0, 0, 0, 1, 0, 0, 0] }
   let (:computer_sid) { Puppet::Util::Windows::SID.name_to_principal(Puppet::Util::Windows::ADSI.computer_name) }
   # BUILTIN is localized on German Windows, but not French
   # looking this up like this dilutes the values of the tests as we're comparing two mechanisms
@@ -121,6 +122,26 @@ describe Puppet::Util::Windows::SID::Principal, :if => Puppet::Util::Platform.wi
       expect(principal.to_s).to eq(builtin_localized)
     end
 
+    it "should always sanitize the account name first" do
+      expect(Puppet::Util::Windows::SID::Principal).to receive(:sanitize_account_name).with('NT AUTHORITY\\SYSTEM').and_call_original
+      Puppet::Util::Windows::SID::Principal.lookup_account_name('NT AUTHORITY\\SYSTEM')
+    end
+
+    it "should be able to create an instance from an account name prefixed by APPLICATION PACKAGE AUTHORITY" do
+      principal = Puppet::Util::Windows::SID::Principal.lookup_account_name('APPLICATION PACKAGE AUTHORITY\\ALL APPLICATION PACKAGES')
+      expect(principal.account).to eq('ALL APPLICATION PACKAGES')
+      expect(principal.sid_bytes).to eq(all_application_packages_bytes)
+      expect(principal.sid).to eq('S-1-15-2-1')
+      expect(principal.domain).to eq('APPLICATION PACKAGE AUTHORITY')
+      expect(principal.domain_account).to eq('APPLICATION PACKAGE AUTHORITY\\ALL APPLICATION PACKAGES')
+      expect(principal.account_type).to eq(:SidTypeWellKnownGroup)
+      expect(principal.to_s).to eq('APPLICATION PACKAGE AUTHORITY\\ALL APPLICATION PACKAGES')
+    end
+
+    it "should fail without proper account name sanitization when it is prefixed by APPLICATION PACKAGE AUTHORITY" do
+      given_account_name = 'APPLICATION PACKAGE AUTHORITY\\ALL APPLICATION PACKAGES'
+      expect { Puppet::Util::Windows::SID::Principal.lookup_account_name(nil, false, given_account_name) }.to raise_error(Puppet::Util::Windows::Error, /No mapping between account names and security IDs was done./)
+    end
   end
 
   describe ".lookup_account_sid" do

data/spec/integration/util/windows/registry_spec.rb

@@ -263,6 +263,12 @@ describe Puppet::Util::Windows::Registry do
           type: Win32::Registry::REG_EXPAND_SZ,
           value: "\0\0\0reg expand string",
           expected_value: ""
+        },
+        {
+          name: 'REG_EXPAND_SZ_2',
+          type: Win32::Registry::REG_EXPAND_SZ,
+          value: "1\x002\x003\x004\x00\x00\x00\x90\xD8UoY".force_encoding("UTF-16LE"),
+          expected_value: "1234"
         }
       ].each do |pair|
         it 'reads up to the first wide null' do

data/spec/spec_helper.rb

@@ -160,10 +160,20 @@ RSpec.configure do |config|
   PUPPET_FACTER_2_GCE_URL = %r{^http://metadata/computeMetadata/v1(beta1)?}.freeze
   PUPPET_FACTER_3_GCE_URL = "http://metadata.google.internal/computeMetadata/v1/?recursive=true&alt=json".freeze
 
+  # Facter azure metadata endpoint
+  PUPPET_FACTER_AZ_URL = "http://169.254.169.254/metadata/instance?api-version=2020-09-01"
+
+  # Facter EC2 endpoint
+  PUPPET_FACTER_EC2_METADATA_URL = 'http://169.254.169.254/latest/meta-data/'
+  PUPPET_FACTER_EC2_USERDATA_URL = 'http://169.254.169.254/latest/user-data/'
+
   config.around :each do |example|
-    # Ignore requests from Facter GCE fact in Travis
+    # Ignore requests from Facter to external services
     stub_request(:get, PUPPET_FACTER_2_GCE_URL)
     stub_request(:get, PUPPET_FACTER_3_GCE_URL)
+    stub_request(:get, PUPPET_FACTER_AZ_URL)
+    stub_request(:get, PUPPET_FACTER_EC2_METADATA_URL)
+    stub_request(:get, PUPPET_FACTER_EC2_USERDATA_URL)
 
     # Enable VCR if the example is tagged with `:vcr` metadata.
     if example.metadata[:vcr]