puppet 6.22.1 → 6.23.0

data/lib/puppet/functions/partition.rb

@@ -4,19 +4,19 @@
 # the second containing the rest.
 Puppet::Functions.create_function(:partition) do
   # @param collection A collection of things to partition.
-  # @example Partition array of empty strings, results in e.g. [[''], [b, c]]
+  # @example Partition array of empty strings, results in e.g. `[[''], [b, c]]`
   #   ```puppet
   #   ['', b, c].partition |$s| { $s.empty }
   #   ```
-  # @example Partition array of strings using index, results in e.g. [['', 'ab'], ['b']]
+  # @example Partition array of strings using index, results in e.g. `[['', 'ab'], ['b']]`
   #   ```puppet
   #   ['', b, ab].partition |$i, $s| { $i == 2 or $s.empty }
   #   ```
-  # @example Partition hash of strings by key-value pair, results in e.g. [[['b', []]], [['a', [1, 2]]]]
+  # @example Partition hash of strings by key-value pair, results in e.g. `[[['b', []]], [['a', [1, 2]]]]`
   #   ```puppet
   #   { a => [1, 2], b => [] }.partition |$kv| { $kv[1].empty }
   #   ```
-  # @example Partition hash of strings by key and value, results in e.g. [[['b', []]], [['a', [1, 2]]]]
+  # @example Partition hash of strings by key and value, results in e.g. `[[['b', []]], [['a', [1, 2]]]]`
   #   ```puppet
   #   { a => [1, 2], b => [] }.partition |$k, $v| { $v.empty }
   #   ```

data/lib/puppet/functions/require.rb

@@ -4,13 +4,13 @@
 # The relationship metaparameters work well for specifying relationships
 # between individual resources, but they can be clumsy for specifying
 # relationships between classes.  This function is a superset of the
-# 'include' function, adding a class relationship so that the requiring
+# `include` function, adding a class relationship so that the requiring
 # class depends on the required class.
 #
-# Warning: using require in place of include can lead to unwanted dependency cycles.
+# Warning: using `require` in place of `include` can lead to unwanted dependency cycles.
 #
-# For instance the following manifest, with 'require' instead of 'include' would produce a nasty
-# dependence cycle, because notify imposes a before between File[/foo] and Service[foo]:
+# For instance, the following manifest, with `require` instead of `include`, would produce a nasty
+# dependence cycle, because `notify` imposes a `before` between `File[/foo]` and `Service[foo]`:
 #
 # ```puppet
 # class myservice {
@@ -32,7 +32,7 @@
 # resource and relationship expressions.
 #
 # - Since 4.0.0 Class and Resource types, absolute names
-# - Since 4.7.0 Returns an Array[Type[Class]] with references to the required classes
+# - Since 4.7.0 Returns an `Array[Type[Class]]` with references to the required classes
 #
 Puppet::Functions.create_function(:require, Puppet::Functions::InternalFunction) do
   dispatch :require_impl do

data/lib/puppet/functions/sort.rb

@@ -2,9 +2,9 @@
 # Please note: This function is based on Ruby String comparison and as such may not be entirely UTF8 compatible.
 # To ensure compatibility please use this function with Ruby 2.4.0 or greater - https://bugs.ruby-lang.org/issues/10085.
 #
-# This function is compatible with the function sort() in stdlib.
+# This function is compatible with the function `sort()` in `stdlib`.
 # * Comparison of characters in a string always uses a system locale and may not be what is expected for a particular locale
-# * Sorting is based on Ruby's <=> operator unless a lambda is given that performs the comparison.
+# * Sorting is based on Ruby's `<=>` operator unless a lambda is given that performs the comparison.
 #   * comparison of strings is case dependent (use lambda with `compare($a,$b)` to ignore case)
 #   * comparison of mixed data types raises an error (if there is the need to sort mixed data types use a lambda)
 #
@@ -49,7 +49,7 @@
 #   }
 # })
 # ```
-# Would notice [2,3,'a','b']
+# Would notice `[2,3,'a','b']`
 #
 # @since 6.0.0 - supporting a lambda to do compare
 #

data/lib/puppet/functions/tree_each.rb

@@ -6,13 +6,13 @@
 #
 # 1. An `Array`, `Hash`, `Iterator`, or `Object` that the function will iterate over.
 # 2. An optional hash with the options:
-#    * `include_containers` => `Optional[Boolean]` # default true - if containers should be given to the lambda
-#    * `include_values` => `Optional[Boolean]` # default true - if non containers should be given to the lambda
-#    * `include_root` => `Optional[Boolean]` # default true - if the root container should be given to the lambda
+#    * `include_containers` => `Optional[Boolean]` # default `true` - if containers should be given to the lambda
+#    * `include_values` => `Optional[Boolean]` # default `true` - if non containers should be given to the lambda
+#    * `include_root` => `Optional[Boolean]` # default `true` - if the root container should be given to the lambda
 #    * `container_type` => `Optional[Type[Variant[Array, Hash, Object]]]` # a type that determines what a container is - can only
 #       be set to a type that matches the default `Variant[Array, Hash, Object]`.
 #    * `order` => `Enum[depth_first, breadth_first]` # default ´depth_first`, the order in which elements are visited
-#    * `include_refs` => Optional[Boolean] # default `false`, if attributes in objects marked as bing of `reference` kind
+#    * `include_refs` => `Optional[Boolean]` # default `false`, if attributes in objects marked as bing of `reference` kind
 #       should be included.
 # 3. An optional lambda, which the function calls for each element in the first argument. It must
 #    accept one or two arguments; either `$path`, and `$value`, or just `$value`.
@@ -46,14 +46,12 @@
 # [1, [2, 3], 4]
 # ```
 #
-# Results in:
-#
-# If containers are skipped:
+# If containers are skipped, results in:
 #
 # * `depth_first` order `1`, `2`, `3`, `4`
 # * `breadth_first` order `1`, `4`,`2`, `3`
 #
-# If containers and root, are included:
+# If containers and root are included, results in:
 #
 # * `depth_first` order `[1, [2, 3], 4]`, `1`, `[2, 3]`, `2`, `3`, `4`
 # * `breadth_first` order `[1, [2, 3], 4]`, `1`, `[2, 3]`, `4`, `2`, `3`
@@ -96,7 +94,7 @@
 #
 # Any Puppet Type system data type can be used to filter what is
 # considered to be a container, but it must be a narrower type than one of
-# the default Array, Hash, Object types - for example it is not possible to make a
+# the default `Array`, `Hash`, `Object` types - for example it is not possible to make a
 # `String` be a container type.
 #
 # @example Only `Array` as container type

data/lib/puppet/functions/type.rb

@@ -35,10 +35,10 @@
 #
 # Would notice the four values:
 #
-# 1. 'Array[Numeric]'
-# 2. 'Array[Numeric, 2, 2]'
-# 3. 'Tuple[Float[3.14], Integer[42,42]]]'
-# 4. 'Tuple[Float[3.14], Integer[42,42]]]'
+# 1. `Array[Numeric]`
+# 2. `Array[Numeric, 2, 2]`
+# 3. `Tuple[Float[3.14], Integer[42,42]]]`
+# 4. `Tuple[Float[3.14], Integer[42,42]]]`
 #
 # @since 4.4.0
 #

data/lib/puppet/functions/upcase.rb

@@ -22,14 +22,14 @@
 # 'hello'.upcase()
 # upcase('hello')
 # ```
-# Would both result in "HELLO"
+# Would both result in `"HELLO"`
 #
 # @example Converting an Array to upper case
 # ```puppet
 # ['a', 'b'].upcase()
 # upcase(['a', 'b'])
 # ```
-# Would both result in ['A', 'B']
+# Would both result in `['A', 'B']`
 #
 # @example Converting a Hash to upper case
 # ```puppet

data/lib/puppet/http/resolver/server_list.rb

@@ -54,7 +54,7 @@ class Puppet::HTTP::Resolver::ServerList < Puppet::HTTP::Resolver
     end
 
     # Return the first simple service status endpoint we can connect to
-    @server_list_setting.value.each do |server|
+    @server_list_setting.value.each_with_index do |server, index|
       host = server[0]
       port = server[1] || @default_port
 
@@ -64,10 +64,21 @@ class Puppet::HTTP::Resolver::ServerList < Puppet::HTTP::Resolver
         @resolved_url = service.url
         return Puppet::HTTP::Service.create_service(@client, session, name, @resolved_url.host, @resolved_url.port)
       rescue Puppet::HTTP::ResponseError => detail
-        Puppet.log_exception(detail, _("Puppet server %{host}:%{port} is unavailable: %{code} %{reason}") %
-                             { host: service.url.host, port: service.url.port, code: detail.response.code, reason: detail.response.reason })
+        if index < @server_list_setting.value.length - 1
+          Puppet.warning(_("Puppet server %{host}:%{port} is unavailable: %{code} %{reason}") %
+                              { host: service.url.host, port: service.url.port, code: detail.response.code, reason: detail.response.reason } +
+                              ' ' + _("Trying with next server from server_list."))
+        else
+          Puppet.log_exception(detail, _("Puppet server %{host}:%{port} is unavailable: %{code} %{reason}") %
+                               { host: service.url.host, port: service.url.port, code: detail.response.code, reason: detail.response.reason })
+        end
       rescue Puppet::HTTP::HTTPError => detail
-        Puppet.log_exception(detail, _("Unable to connect to server from server_list setting: %{detail}") % {detail: detail})
+        if index < @server_list_setting.value.length - 1
+          Puppet.warning(_("Unable to connect to server from server_list setting: %{detail}") % {detail: detail} +
+                             ' ' + _("Trying with next server from server_list."))
+        else
+          Puppet.log_exception(detail, _("Unable to connect to server from server_list setting: %{detail}") % {detail: detail})
+        end
       end
     end
 

data/lib/puppet/http/service/compiler.rb

@@ -129,6 +129,75 @@ class Puppet::HTTP::Service::Compiler < Puppet::HTTP::Service
     [response, deserialize(response, Puppet::Resource::Catalog)]
   end
 
+  #
+  # @api private
+  #
+  # Submit a POST request to request a catalog to the server using v4 endpoint
+  #
+  # @param [String] certname The name of the node for which to compile the catalog.
+  # @param [Hash] persistent A hash containing two required keys, facts and catalog,
+  #   which when set to true will cause the facts and reports to be stored in
+  #   PuppetDB, or discarded if set to false.
+  # @param [String] environment The name of the environment for which to compile the catalog.
+  # @param [Hash] facts A hash with a required values key, containing a hash of all the
+  #    facts for the node. If not provided, Puppet will attempt to fetch facts for the node
+  #    from PuppetDB.
+  # @param [Hash] trusted_facts A hash with a required values key containing a hash of
+  #    the trusted facts for a node
+  # @param [String] transaction_uuid The id for tracking the catalog compilation and
+  #    report submission.
+  # @param [String] job_id The id of the orchestrator job that triggered this run.
+  # @param [Hash] options A hash of options beyond direct input to catalogs. Options:
+  #    - prefer_requested_environment Whether to always override a node's classified 
+  #      environment with the one supplied in the request. If this is true and no environment
+  #      is supplied, fall back to the classified environment, or finally, 'production'.
+  #    - capture_logs Whether to return the errors and warnings that occurred during
+  #      compilation alongside the catalog in the response body.
+  #    - log_level The logging level to use during the compile when capture_logs is true.
+  #      Options are 'err', 'warning', 'info', and 'debug'.
+  #
+  # @return [Array<Puppet::HTTP::Response, Puppet::Resource::Catalog, Array<String>>] An array
+  #   containing the request response, the deserialized catalog returned by
+  #   the server and array containing logs (log array will be empty if capture_logs is false)
+  #
+  def post_catalog4(certname, persistence:, environment:, facts: nil, trusted_facts: nil, transaction_uuid: nil, job_id: nil, options: nil)
+    unless persistence.is_a?(Hash) && (missing = [:facts, :catalog] - persistence.keys.map(&:to_sym)).empty?
+      raise ArgumentError.new("The 'persistence' hash is missing the keys: #{missing.join(', ')}")
+    end
+    raise ArgumentError.new("Facts must be a Hash not a #{facts.class}") unless facts.nil? || facts.is_a?(Hash)
+    body = {
+      certname: certname,
+      persistence: persistence,
+      environment: environment,
+      transaction_uuid: transaction_uuid,
+      job_id: job_id,
+      options: options
+    }
+    body[:facts] = { values: facts } unless facts.nil?
+    body[:trusted_facts] = { values: trusted_facts } unless trusted_facts.nil?
+    headers = add_puppet_headers(
+      'Accept' => get_mime_types(Puppet::Resource::Catalog).join(', '),
+      'Content-Type' => 'application/json'
+    )
+
+    url = URI::HTTPS.build(host: @url.host, port: @url.port, path: Puppet::Util.uri_encode("/puppet/v4/catalog"))
+    response = @client.post(
+      url,
+      body.to_json,
+      headers: headers
+    )
+    process_response(response)
+    begin
+      response_body = JSON.parse(response.body)
+      catalog = Puppet::Resource::Catalog.from_data_hash(response_body['catalog'])
+    rescue => err
+      raise Puppet::HTTP::SerializationError.new("Failed to deserialize catalog from puppetserver response: #{err.message}", err)
+    end
+    
+    logs = response_body['logs'] || []
+    [response, catalog, logs]
+  end
+
   #
   # @api private
   #

data/lib/puppet/http/service/file_server.rb

@@ -106,7 +106,7 @@ class Puppet::HTTP::Service::FileServer < Puppet::HTTP::Service
   #   An array with the request response and an array of the deserialized
   #   metadata for each file returned from the server
   #
-  def get_file_metadatas(path: nil, environment:, recurse: :false, recurselimit: nil, ignore: nil, links: :manage, checksum_type: Puppet[:digest_algorithm], source_permissions: :ignore)
+  def get_file_metadatas(path: nil, environment:, recurse: :false, recurselimit: nil, max_files: nil, ignore: nil, links: :manage, checksum_type: Puppet[:digest_algorithm], source_permissions: :ignore)
     validate_path(path)
 
     headers = add_puppet_headers('Accept' => get_mime_types(Puppet::FileServing::Metadata).join(', '))
@@ -117,6 +117,7 @@ class Puppet::HTTP::Service::FileServer < Puppet::HTTP::Service
       params: {
         recurse: recurse,
         recurselimit: recurselimit,
+        max_files: max_files,
         ignore: ignore,
         links: links,
         checksum_type: checksum_type,

data/lib/puppet/indirector/catalog/compiler.rb

@@ -194,6 +194,7 @@ class Puppet::Resource::Catalog::Compiler < Puppet::Indirector::Code
           :source_permissions => resource[:source_permissions] ? resource[:source_permissions].to_sym : :ignore,
           :recurse            => true,
           :recurselimit       => resource[:recurselimit],
+          :max_files          => resource[:max_files],
           :ignore             => resource[:ignore],
         }
 

data/lib/puppet/indirector/file_metadata/rest.rb

@@ -46,6 +46,7 @@ class Puppet::Indirector::FileMetadata::Rest < Puppet::Indirector::REST
       environment: request.environment.to_s,
       recurse: request.options[:recurse],
       recurselimit: request.options[:recurselimit],
+      max_files: request.options[:max_files],
       ignore: request.options[:ignore],
       links: request.options[:links],
       checksum_type: request.options[:checksum_type],

data/lib/puppet/parser/functions/fqdn_rand.rb

@@ -2,13 +2,16 @@ require 'digest/md5'
 require 'digest/sha2'
 
 Puppet::Parser::Functions::newfunction(:fqdn_rand, :arity => -2, :type => :rvalue, :doc =>
-  "Usage: `fqdn_rand(MAX, [SEED])`. MAX is required and must be a positive
-  integer; SEED is optional and may be any number or string.
+  "Usage: `fqdn_rand(MAX, [SEED], [DOWNCASE])`. MAX is required and must be a positive
+  integer; SEED is optional and may be any number or string; DOWNCASE is optional
+  and should be a boolean true or false.
 
   Generates a random Integer number greater than or equal to 0 and less than MAX,
   combining the `$fqdn` fact and the value of SEED for repeatable randomness.
   (That is, each node will get a different random number from this function, but
-  a given node's result will be the same every time unless its hostname changes.)
+  a given node's result will be the same every time unless its hostname changes.) If
+  DOWNCASE is true, then the `fqdn` fact will be downcased when computing the value
+  so that the result is not sensitive to the case of the `fqdn` fact.
 
   This function is usually used for spacing out runs of resource-intensive cron
   tasks that run on many nodes, which could cause a thundering herd or degrade
@@ -17,7 +20,12 @@ Puppet::Parser::Functions::newfunction(:fqdn_rand, :arity => -2, :type => :rvalu
   node. (For example, `fqdn_rand(30)`, `fqdn_rand(30, 'expensive job 1')`, and
   `fqdn_rand(30, 'expensive job 2')` will produce totally different numbers.)") do |args|
     max = args.shift.to_i
- 
+    initial_seed = args.shift
+    downcase = !!args.shift
+
+    fqdn = self['::fqdn']
+    fqdn = fqdn.downcase if downcase
+
     # Puppet 5.4's fqdn_rand function produces a different value than earlier versions
     # for the same set of inputs.
     # This causes problems because the values are often written into service configuration files.
@@ -27,9 +35,9 @@ Puppet::Parser::Functions::newfunction(:fqdn_rand, :arity => -2, :type => :rvalu
     # when running on a non-FIPS enabled platform and only using SHA256 on FIPS enabled
     # platforms.
     if Puppet::Util::Platform.fips_enabled?
-      seed = Digest::SHA256.hexdigest([self['::fqdn'],max,args].join(':')).hex
+      seed = Digest::SHA256.hexdigest([fqdn,max,initial_seed].join(':')).hex
     else
-      seed = Digest::MD5.hexdigest([self['::fqdn'],max,args].join(':')).hex
+      seed = Digest::MD5.hexdigest([fqdn,max,initial_seed].join(':')).hex
     end
 
     Puppet::Util.deterministic_rand_int(seed,max)

data/lib/puppet/pops/types/p_sem_ver_type.rb

@@ -95,16 +95,22 @@ class PSemVerType < PScalarType
       end
 
       def from_args(major, minor, patch, prerelease = nil, build = nil)
-        SemanticPuppet::Version.new(major, minor, patch, prerelease, build)
+        SemanticPuppet::Version.new(major, minor, patch, to_array(prerelease), to_array(build))
       end
 
       def from_hash(hash)
-        SemanticPuppet::Version.new(hash['major'], hash['minor'], hash['patch'], hash['prerelease'], hash['build'])
+        SemanticPuppet::Version.new(hash['major'], hash['minor'], hash['patch'], to_array(hash['prerelease']), to_array(hash['build']))
       end
 
       def on_error(str)
         _("The string '%{str}' cannot be converted to a SemVer") % { str: str }
       end
+
+      private
+
+      def to_array(component)
+        component ? [component] : nil
+      end
     end
   end
 

data/lib/puppet/pops/types/p_sensitive_type.rb

@@ -24,6 +24,16 @@ class PSensitiveType < PTypeWithContainedType
     def inspect
       "#<#{self}>"
     end
+
+    def hash
+      @value.hash
+    end
+
+    def ==(other)
+      other.is_a?(Sensitive) &&
+        other.hash == hash
+    end
+    alias eql? ==
   end
 
   def self.register_ptype(loader, ir)

data/lib/puppet/provider/package/nim.rb

@@ -154,20 +154,25 @@ Puppet::Type.type(:package).provide :nim, :parent => :aix, :source => :aix do
   # I spent a lot of time trying to figure out a solution that didn't
   # require parsing the `nimclient -o showres` output and was unable to
   # do so.
-  self::HEADER_LINE_REGEX      = /^([^\s]+)\s+[^@]+@@(I|R):(\1)\s+[^\s]+$/
-  self::PACKAGE_LINE_REGEX     = /^.*@@(I|R):(.*)$/
-  self::RPM_PACKAGE_REGEX      = /^(.*)-(.*-\d+) \2$/
+  self::HEADER_LINE_REGEX      = /^([^\s]+)\s+[^@]+@@(I|R|S):(\1)\s+[^\s]+$/
+  self::PACKAGE_LINE_REGEX     = /^.*@@(I|R|S):(.*)$/
+  self::RPM_PACKAGE_REGEX      = /^(.*)-(.*-\d+\w*) \2$/
   self::INSTALLP_PACKAGE_REGEX = /^(.*) (.*)$/
 
   # Here is some sample output that shows what the above regexes will be up
   # against:
-  # FOR AN INSTALLP PACKAGE:
+  # FOR AN INSTALLP(bff) PACKAGE:
   #
   #    mypackage.foo                                                           ALL  @@I:mypackage.foo _all_filesets
-  #    @ 1.2.3.1  MyPackage Runtime Environment                       @@I:mypackage.foo 1.2.3.1
   #    + 1.2.3.4  MyPackage Runtime Environment                       @@I:mypackage.foo 1.2.3.4
   #    + 1.2.3.8  MyPackage Runtime Environment                       @@I:mypackage.foo 1.2.3.8
   #
+  # FOR AN INSTALLP(bff) PACKAGE with security update:
+  #
+  #    bos.net                                                                 ALL  @@S:bos.net _all_filesets
+  #    + 7.2.0.1  TCP/IP ntp Applications                             @@S:bos.net.tcp.ntp 7.2.0.1
+  #    + 7.2.0.2  TCP/IP ntp Applications                             @@S:bos.net.tcp.ntp 7.2.0.2
+  #
   # FOR AN RPM PACKAGE:
   #
   # mypackage.foo                                                                ALL  @@R:mypackage.foo _all_filesets
@@ -243,7 +248,7 @@ Puppet::Type.type(:package).provide :nim, :parent => :aix, :source => :aix do
     package_string = match.captures[1]
 
     case package_type_flag
-      when "I"
+      when "I","S"
         parse_installp_package_string(package_string)
       when "R"
         parse_rpm_package_string(package_string)

data/lib/puppet/provider/service/systemd.rb

@@ -45,8 +45,13 @@ Puppet::Type.type(:service).provide :systemd, :parent => :base do
   def enabled_insync?(current)
     case cached_enabled?[:output]
     when 'static'
-      Puppet.debug("Unable to enable or disable static service #{@resource[:name]}")
-      return true
+      # masking static services is OK, but enabling/disabling them is not
+      if @resource[:enable] == :mask
+        current == @resource[:enable]
+      else
+        Puppet.debug("Unable to enable or disable static service #{@resource[:name]}")
+        return true
+      end
     when 'indirect'
       Puppet.debug("Service #{@resource[:name]} is in 'indirect' state and cannot be enabled/disabled")
       return true
@@ -159,10 +164,15 @@ Puppet::Type.type(:service).provide :systemd, :parent => :base do
   end
 
   def mask
-    self.disable
+    disable if exist?
     systemctl_change_enable(:mask)
   end
 
+  def exist?
+    result = execute([command(:systemctl), 'cat', '--', @resource[:name]], :failonfail => false)
+    result.exitstatus == 0
+  end
+
   def unmask
     systemctl_change_enable(:unmask)
   end