puppet 6.23.0-universal-darwin → 6.26.0-universal-darwin

data/lib/puppet/type/file/data_sync.rb

@@ -79,7 +79,7 @@ module Puppet
       return :absent unless stat
       ftype = stat.ftype
       # Don't even try to manage the content on directories or links
-      return nil if ["directory","link"].include?(ftype)
+      return nil if ['directory', 'link', 'fifo', 'socket'].include?(ftype)
 
       begin
         resource.parameter(:checksum).sum_file(resource[:path])

data/lib/puppet/type/file/mode.rb

@@ -90,9 +90,15 @@ module Puppet
         raise Puppet::Error, "The file mode specification is invalid: #{value.inspect}"
       end
 
+      # normalizes to symbolic form, e.g. u+a, an octal string without leading 0
       normalize_symbolic_mode(value)
     end
 
+    unmunge do |value|
+      # return symbolic form or octal string *with* leading 0's
+      display_mode(value) if value
+    end
+
     def desired_mode_from_current(desired, current)
       current = current.to_i(8) if current.is_a? String
       is_a_directory = @resource.stat && @resource.stat.directory?

data/lib/puppet/type/file.rb

@@ -93,23 +93,23 @@ Puppet::Type.newtype(:file) do
 
       Backing up to a local filebucket isn't particularly useful. If you want
       to make organized use of backups, you will generally want to use the
-      puppet master server's filebucket service. This requires declaring a
+      primary Puppet server's filebucket service. This requires declaring a
       filebucket resource and a resource default for the `backup` attribute
       in site.pp:
 
           # /etc/puppetlabs/puppet/manifests/site.pp
           filebucket { 'main':
             path   => false,                # This is required for remote filebuckets.
-            server => 'puppet.example.com', # Optional; defaults to the configured puppet master.
+            server => 'puppet.example.com', # Optional; defaults to the configured primary Puppet server.
           }
 
           File { backup => main, }
 
-      If you are using multiple puppet master servers, you will want to
+      If you are using multiple primary servers, you will want to
       centralize the contents of the filebucket. Either configure your load
-      balancer to direct all filebucket traffic to a single master, or use
+      balancer to direct all filebucket traffic to a single primary server, or use
       something like an out-of-band rsync task to synchronize the content on all
-      masters.
+      primary servers.
 
       > **Note**: Enabling and using the backup option, and by extension the 
         filebucket resource, requires appropriate planning and management to ensure 
@@ -361,7 +361,7 @@ Puppet::Type.newtype(:file) do
       This command must have a fully qualified path, and should contain a
       percent (`%`) token where it would expect an input file. It must exit `0`
       if the syntax is correct, and non-zero otherwise. The command will be
-      run on the target system while applying the catalog, not on the puppet master.
+      run on the target system while applying the catalog, not on the primary Puppet server.
 
       Example:
 

data/lib/puppet/type/filebucket.rb

@@ -4,8 +4,8 @@ module Puppet
   Type.newtype(:filebucket) do
     @doc = <<-EOT
       A repository for storing and retrieving file content by MD5 checksum. Can
-      be local to each agent node, or centralized on a puppet master server. All
-      puppet masters provide a filebucket service that agent nodes can access
+      be local to each agent node, or centralized on a primary Puppet server. All
+      puppet servers provide a filebucket service that agent nodes can access
       via HTTP, but you must declare a filebucket resource before any agents
       will do so.
 
@@ -25,7 +25,7 @@ module Puppet
           # /etc/puppetlabs/puppet/manifests/site.pp
           filebucket { 'main':
             path   => false,                # This is required for remote filebuckets.
-            server => 'puppet.example.com', # Optional; defaults to the configured puppet master.
+            server => 'puppet.example.com', # Optional; defaults to the configured primary server.
           }
 
           File { backup => main, }

data/lib/puppet/type/group.rb

@@ -1,5 +1,4 @@
 require 'etc'
-require 'facter'
 require 'puppet/property/keyvalue'
 require 'puppet/parameter/boolean'
 

data/lib/puppet/type/resources.rb

@@ -175,7 +175,7 @@ Puppet::Type.newtype(:resources) do
     end
 
     # Otherwise, use a sensible default based on the OS family
-    @system_users_max_uid ||= case Facter.value(:osfamily)
+    @system_users_max_uid ||= case Puppet.runtime[:facter].value(:osfamily)
       when 'OpenBSD', 'FreeBSD'
         999
       else

data/lib/puppet/type/service.rb

@@ -272,9 +272,14 @@ module Puppet
 
     newparam(:timeout, :required_features => :configurable_timeout) do
       desc "Specify an optional minimum timeout (in seconds) for puppet to wait when syncing service properties"
-      defaultto { provider.class.respond_to?(:default_timeout) ? provider.default_timeout : 10 }
-      validate do |value|
-        if (not value.is_a? Integer) || value < 1
+      defaultto { provider.respond_to?(:default_timeout) ? provider.default_timeout : 10 }
+
+      munge do |value|
+        begin
+          value = value.to_i
+          raise if value < 1
+          value
+        rescue
           raise Puppet::Error.new(_("\"%{value}\" is not a positive integer: the timeout parameter must be specified as a positive integer") % { value: value })
         end
       end

data/lib/puppet/type/tidy.rb

@@ -144,7 +144,7 @@ Puppet::Type.newtype(:tidy) do
 
     def tidy?(path, stat)
       # If the file's older than we allow, we should get rid of it.
-      (Time.now.to_i - stat.send(resource[:type]).to_i) > value
+      (Time.now.to_i - stat.send(resource[:type]).to_i) >= value
     end
 
     munge do |age|

data/lib/puppet/type/user.rb

@@ -1,5 +1,4 @@
 require 'etc'
-require 'facter'
 require 'puppet/parameter/boolean'
 require 'puppet/property/list'
 require 'puppet/property/ordered_list'
@@ -67,7 +66,6 @@ module Puppet
     newproperty(:ensure, :parent => Puppet::Property::Ensure) do
       newvalue(:present, :event => :user_created) do
         provider.create
-        @resource.generate
       end
 
       newvalue(:absent, :event => :user_removed) do
@@ -696,7 +694,6 @@ module Puppet
 
     def generate
       if !self[:purge_ssh_keys].empty?
-        return [] if self[:ensure] == :present && !provider.exists? 
         if Puppet::Type.type(:ssh_authorized_key).nil?
           warning _("Ssh_authorized_key type is not available. Cannot purge SSH keys.")
         else
@@ -745,6 +742,45 @@ module Puppet
         end
         raise ArgumentError, _("purge_ssh_keys must be true, false, or an array of file names, not %{value}") % { value: value.inspect }
       end
+
+      munge do |value|
+        # Resolve string, boolean and symbol forms of true and false to a
+        # single representation.
+        case value
+        when :false, false, "false"
+          []
+        when :true, true, "true"
+          home = homedir
+          home ? [ "#{home}/.ssh/authorized_keys" ] : []
+        else
+          # value can be a string or array - munge each value
+          [ value ].flatten.map do |entry|
+            authorized_keys_path(entry)
+          end.compact
+        end
+      end
+
+      private
+
+      def homedir
+        resource[:home] || Dir.home(resource[:name])
+      rescue ArgumentError
+        Puppet.debug("User '#{resource[:name]}' does not exist")
+        nil
+      end
+
+      def authorized_keys_path(entry)
+        return entry unless entry.match?(%r{^(?:~|%h)/})
+
+        # if user doesn't exist (yet), ignore nonexistent homedir
+        home = homedir
+        return nil unless home
+
+        # compiler freezes "value" so duplicate using a gsub, second mutating gsub! is then ok
+        entry = entry.gsub(%r{^~/}, "#{home}/")
+        entry.gsub!(%r{^%h/}, "#{home}/")
+        entry
+      end
     end
 
     newproperty(:loginclass, :required_features => :manages_loginclass) do
@@ -766,7 +802,7 @@ module Puppet
     # @see generate
     # @api private
     def find_unmanaged_keys
-      munged_unmanaged_keys.
+      self[:purge_ssh_keys].
         select { |f| File.readable?(f) }.
         map { |f| unknown_keys_in_file(f) }.
         flatten.each do |res|
@@ -778,41 +814,6 @@ module Puppet
         end
     end
 
-    def munged_unmanaged_keys
-      value = self[:purge_ssh_keys]
-
-      # Resolve string, boolean and symbol forms of true and false to a
-      # single representation.
-      test_sym = value.to_s.intern
-      value = test_sym if [:true, :false].include? test_sym
-
-      return [] if value == :false
-
-      home = self[:home]
-      begin
-        home ||= provider.home
-      rescue
-        Puppet.debug("User '#{self[:name]}' does not exist")
-      end
-
-      if home.to_s.empty? || !Dir.exist?(home.to_s)
-        if value == :true || [ value ].flatten.any? { |v| v.start_with?('~/', '%h/') }
-          Puppet.debug("User '#{self[:name]}' has no home directory set to purge ssh keys from.")
-          return []
-        end
-      end
-
-      return [ "#{home}/.ssh/authorized_keys" ] if value == :true
-
-      # value is an array - munge each value
-      [ value ].flatten.map do |entry|
-        # make sure frozen value is duplicated by using a gsub, second mutating gsub! is then ok
-        entry = entry.gsub(/^~\//, "#{home}/")
-        entry.gsub!(/^%h\//, "#{home}/")
-        entry
-      end
-    end
-
     # Parse an ssh authorized keys file superficially, extract the comments
     # on the keys. These are considered names of possible ssh_authorized_keys
     # resources. Keys that are managed by the present catalog are ignored.

data/lib/puppet/type.rb

@@ -1295,7 +1295,7 @@ class Type
       like it does when running normally. However, if a resource attribute is not in
       the desired state (as declared in the catalog), Puppet will take no
       action, and will instead report the changes it _would_ have made. These
-      simulated changes will appear in the report sent to the puppet master, or
+      simulated changes will appear in the report sent to the primary Puppet server, or
       be shown on the console if running puppet agent or puppet apply in the
       foreground. The simulated changes will not send refresh events to any
       subscribing or notified resources, although Puppet will log that a refresh

data/lib/puppet/util/command_line.rb

@@ -135,7 +135,7 @@ module Puppet
 
               # Puppet requires Facter, which initializes its lookup paths. Reset Facter to
               # pickup the new $LOAD_PATH.
-              Facter.reset
+              Puppet.runtime[:facter].reset
             end
           end
 

data/lib/puppet/util/filetype.rb

@@ -215,7 +215,7 @@ class Puppet::Util::FileType
     # Remove a specific @path's cron tab.
     def remove
       cmd = "#{cmdbase} -r"
-      if %w{Darwin FreeBSD DragonFly}.include?(Facter.value("operatingsystem"))
+      if %w{Darwin FreeBSD DragonFly}.include?(Puppet.runtime[:facter].value("operatingsystem"))
         cmd = "/bin/echo yes | #{cmd}"
       end
 
@@ -244,7 +244,7 @@ class Puppet::Util::FileType
     # Only add the -u flag when the @path is different.  Fedora apparently
     # does not think I should be allowed to set the @path to my own user name
     def cmdbase
-      if @uid == Puppet::Util::SUIDManager.uid || Facter.value(:operatingsystem) == "HP-UX"
+      if @uid == Puppet::Util::SUIDManager.uid || Puppet.runtime[:facter].value(:operatingsystem) == "HP-UX"
         return "crontab"
       else
         return "crontab -u #{@path}"

data/lib/puppet/util/json.rb

@@ -26,6 +26,23 @@ module Puppet::Util
       require 'json'
     end
 
+    # Load the content from a file as JSON if
+    # contents are in valid format. This method does not
+    # raise error but returns `nil` when invalid file is
+    # given.
+    def self.load_file_if_valid(filename, options = {})
+      load_file(filename, options)
+    rescue Puppet::Util::Json::ParseError, ArgumentError, Errno::ENOENT => detail
+      Puppet.debug("Could not retrieve JSON content from '#{filename}': #{detail.message}")
+      nil
+    end
+
+    # Load the content from a file as JSON.
+    def self.load_file(filename, options = {})
+      json = Puppet::FileSystem.read(filename, :encoding => 'utf-8')
+      load(json, options)
+    end
+
     # These methods do similar processing to the fallback implemented by MultiJson
     # when using the built-in JSON backend, to ensure consistent behavior
     # whether or not MultiJson can be loaded.
@@ -60,6 +77,9 @@ module Puppet::Util
     def self.dump(object, options = {})
       if defined? MultiJson
         MultiJson.dump(object, options)
+      elsif options.is_a?(JSON::State)
+        # we're being called recursively
+        object.to_json(options)
       else
         options.merge!(::JSON::PRETTY_STATE_PROTOTYPE.to_h) if options.delete(:pretty)
         object.to_json(options)

data/lib/puppet/util/log.rb

@@ -2,7 +2,6 @@ require 'puppet/util/tagging'
 require 'puppet/util/classgen'
 require 'puppet/util/psych_support'
 require 'puppet/network/format_support'
-require 'facter'
 
 # Pass feedback to the user.  Log levels are modeled after syslog's, and it is
 # expected that that will be the most common log destination.  Supports
@@ -106,12 +105,17 @@ class Puppet::Util::Log
   def Log.level=(level)
     level = level.intern unless level.is_a?(Symbol)
 
-    raise Puppet::DevError, _("Invalid loglevel %{level}") % { level: level } unless @levels.include?(level)
+    # loglevel is a 0-based index
+    loglevel = @levels.index(level)
+    raise Puppet::DevError, _("Invalid loglevel %{level}") % { level: level } unless loglevel
 
-    @loglevel = @levels.index(level)
+    return if @loglevel == loglevel
+
+    # loglevel changed
+    @loglevel = loglevel
 
     # Enable or disable Facter debugging
-    Facter.debugging(level == :debug) if Facter.respond_to? :debugging
+    Puppet.runtime[:facter].debugging(level == :debug)
   end
 
   def Log.levels

data/lib/puppet/util/logging.rb

@@ -2,8 +2,6 @@
 require 'puppet/util/log'
 require 'puppet/error'
 
-require 'facter'
-
 module Puppet::Util
 module Logging
 
@@ -254,29 +252,7 @@ module Logging
   # Sets up Facter logging.
   # This method causes Facter output to be forwarded to Puppet.
   def self.setup_facter_logging!
-    # Only recent versions of Facter support this feature
-    return false unless Facter.respond_to? :on_message
-
-    # The current Facter log levels are: :trace, :debug, :info, :warn, :error, and :fatal.
-    # Convert to the corresponding levels in Puppet
-    Facter.on_message do |level, message|
-      case level
-      when :trace, :debug
-        level = :debug
-      when :info
-        # Same as Puppet
-      when :warn
-        level = :warning
-      when :error
-        level = :err
-      when :fatal
-        level = :crit
-      else
-        next
-      end
-      Puppet::Util::Log.create({:level => level, :source => 'Facter', :message => message})
-      nil
-    end
+    Puppet.runtime[:facter]
     true
   end
 

data/lib/puppet/util/monkey_patches.rb

@@ -39,6 +39,12 @@ unless Puppet::Util::Platform.jruby_fips?
     end
   end
 
+  unless defined?(OpenSSL::X509::V_ERR_HOSTNAME_MISMATCH)
+    module OpenSSL::X509
+      OpenSSL::X509::V_ERR_HOSTNAME_MISMATCH = 0x3E
+    end
+  end
+
   class OpenSSL::SSL::SSLContext
     if DEFAULT_PARAMS[:options]
       DEFAULT_PARAMS[:options] |= OpenSSL::SSL::OP_NO_SSLv2 | OpenSSL::SSL::OP_NO_SSLv3

data/lib/puppet/util/package.rb

@@ -1,6 +1,13 @@
+# frozen_string_literal: true
 module Puppet::Util::Package
-  def versioncmp(version_a, version_b)
+  def versioncmp(version_a, version_b, ignore_trailing_zeroes = false)
     vre = /[-.]|\d+|[^-.\d]+/
+
+    if ignore_trailing_zeroes
+      version_a = normalize(version_a)
+      version_b = normalize(version_b)
+    end
+
     ax = version_a.scan(vre)
     bx = version_b.scan(vre)
 
@@ -8,24 +15,26 @@ module Puppet::Util::Package
       a = ax.shift
       b = bx.shift
 
-      if( a == b )                 then next
-      elsif (a == '-' && b == '-') then next
-      elsif (a == '-')             then return -1
-      elsif (b == '-')             then return 1
-      elsif (a == '.' && b == '.') then next
-      elsif (a == '.' )            then return -1
-      elsif (b == '.' )            then return 1
-      elsif (a =~ /^\d+$/ && b =~ /^\d+$/) then
-        if( a =~ /^0/ or b =~ /^0/ ) then
-          return a.to_s.upcase <=> b.to_s.upcase
-        end
+      next      if a == b
+      return -1 if a == '-'
+      return 1  if b == '-'
+      return -1 if a == '.'
+      return 1  if b == '.'
+      if a =~ /^\d+$/ && b =~ /^\d+$/
+        return a.to_s.upcase <=> b.to_s.upcase if a =~ /^0/ || b =~ /^0/
         return a.to_i <=> b.to_i
-      else
-        return a.upcase <=> b.upcase
       end
+      return a.upcase <=> b.upcase
     end
-    version_a <=> version_b;
+    version_a <=> version_b
   end
-
   module_function :versioncmp
+
+  def self.normalize(version)
+    version = version.split('-')
+    version.first.sub!(/([\.0]+)$/, '')
+
+    version.join('-')
+  end
+  private_class_method :normalize
 end

data/lib/puppet/util/pidlock.rb

@@ -46,7 +46,7 @@ class Puppet::Util::Pidlock
   private
 
   def ps_argument_for_current_kernel
-    case Facter.value(:kernel)
+    case Puppet.runtime[:facter].value(:kernel)
       when "Linux"
         "-eq"
       when "AIX"

data/lib/puppet/util/rdoc/parser/puppet_parser_core.rb

@@ -154,7 +154,7 @@ module RDoc::PuppetParserCore
         # fetch comments
         if line =~ /^[ \t]*# ?(.*)$/
           comments += $1 + "\n"
-        elsif line =~ /^[ \t]*Facter.add\(['"](.*?)['"]\)/
+        elsif line =~ /^[ \t]*(Facter.add|Puppet\.runtime\[:facter\].add)\(['"](.*?)['"]\)/
           current_fact = RDoc::Fact.new($1,{})
           look_for_directives_in(container, comments) unless comments.empty?
           current_fact.comment = comments

data/lib/puppet/util/suidmanager.rb

@@ -1,4 +1,3 @@
-require 'facter'
 require 'puppet/util/warnings'
 require 'forwardable'
 require 'etc'
@@ -18,7 +17,7 @@ module Puppet::Util::SUIDManager
 
   def osx_maj_ver
     return @osx_maj_ver unless @osx_maj_ver.nil?
-    @osx_maj_ver = Facter.value('macosx_productversion_major') || false
+    @osx_maj_ver = Puppet.runtime[:facter].value('macosx_productversion_major') || false
   end
   module_function :osx_maj_ver
 

data/lib/puppet/util/symbolic_file_mode.rb

@@ -19,25 +19,37 @@ module SymbolicFileMode
     return false
   end
 
+  def display_mode(value)
+    if value =~ /^0?[0-7]{1,4}$/
+      value.rjust(4, "0")
+    else
+      value
+    end
+  end
+
   def normalize_symbolic_mode(value)
     return nil if value.nil?
 
     # We need to treat integers as octal numbers.
-    if value.is_a? Numeric then
-      return value.to_s(8)
-    elsif value =~ /^0?[0-7]{1,4}$/ then
-      return value.to_i(8).to_s(8)
+    #
+    # "A numeric mode is from one to four octal digits (0-7), derived by adding
+    # up the bits with values 4, 2, and 1. Omitted digits are assumed to be
+    # leading zeros."
+    if value.is_a? Numeric
+      value.to_s(8)
+    elsif value =~ /^0?[0-7]{1,4}$/
+      value.to_i(8).to_s(8) # strip leading 0's
     else
-      return value
+      value
     end
   end
 
   def symbolic_mode_to_int(modification, to_mode = 0, is_a_directory = false)
-    if modification.nil? or modification == '' then
+    if modification.nil? or modification == ''
       raise Puppet::Error, _("An empty mode string is illegal")
-    end
-    if modification =~ /^[0-7]+$/ then return modification.to_i(8) end
-    if modification =~ /^\d+$/ then
+    elsif modification =~ /^[0-7]+$/
+      return modification.to_i(8)
+    elsif modification =~ /^\d+$/
       raise Puppet::Error, _("Numeric modes must be in octal, not decimal!")
     end
 
@@ -84,31 +96,31 @@ module SymbolicFileMode
 
           dsl.split('').each do |op|
             case op
-            when /[-+=]/ then
+            when /[-+=]/
               action = op
               # Clear all bits, if this is assignment
               value  = 0 if op == '='
 
-            when /[ugo]/ then
+            when /[ugo]/
               value = actions[action].call(value, snapshot_mode[op])
 
-            when /[rwx]/ then
+            when /[rwx]/
               value = actions[action].call(value, SymbolicMode[op])
 
-            when 'X' then
+            when 'X'
               # Only meaningful in combination with "set" actions.
-              if action != '+' then
+              if action != '+'
                 raise Puppet::Error, _("X only works with the '+' operator")
               end
 
               # As per the BSD manual page, set if this is a directory, or if
               # any execute bit is set on the original (unmodified) mode.
               # Ignored otherwise; it is "add if", not "add or clear".
-              if is_a_directory or original_mode['any x?'] then
+              if is_a_directory or original_mode['any x?']
                 value = actions[action].call(value, ExecBit)
               end
 
-            when /[st]/ then
+            when /[st]/
               bit = SymbolicSpecialToBit[op][who] or fail _("internal error")
               final_mode['s'] = actions[action].call(final_mode['s'], bit)
 
@@ -122,7 +134,7 @@ module SymbolicFileMode
         end
 
       rescue Puppet::Error => e
-        if part.inspect != modification.inspect then
+        if part.inspect != modification.inspect
           rest = " at #{part.inspect}"
         else
           rest = ''

data/lib/puppet/util/tagging.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'puppet/util/tag_set'
 
 module Puppet::Util::Tagging

data/lib/puppet/util/windows/service.rb

@@ -13,11 +13,6 @@ module Puppet::Util::Windows
 
     FILE = Puppet::Util::Windows::File
 
-    # integer value of the floor for timeouts when waiting for service pending states.
-    # puppet will wait the length of dwWaitHint if it is longer than this value, but
-    # no shorter
-    DEFAULT_TIMEOUT = 30
-
     # Service error codes
     # https://docs.microsoft.com/en-us/windows/desktop/debug/system-error-codes--1000-1299-
     ERROR_SERVICE_DOES_NOT_EXIST = 0x00000424

data/lib/puppet/util/windows/sid.rb

@@ -75,7 +75,9 @@ module Puppet::Util::Windows
           raw_sid_bytes = sid_ptr.read_array_of_uchar(get_length_sid(sid_ptr))
         end
       rescue => e
-        Puppet.debug("Could not retrieve raw SID bytes from '#{name}': #{e.message}")
+        # Avoid debug logs pollution with valid account names
+        # https://docs.microsoft.com/en-us/windows/win32/api/sddl/nf-sddl-convertstringsidtosidw#return-value
+        Puppet.debug("Could not retrieve raw SID bytes from '#{name}': #{e.message}") unless e.code == ERROR_INVALID_SID_STRUCTURE
       end
 
       raw_sid_bytes ? Principal.lookup_account_sid(raw_sid_bytes) : Principal.lookup_account_name(name)

data/lib/puppet/util/windows/user.rb

@@ -1,6 +1,4 @@
 require 'puppet/util/windows'
-
-require 'facter'
 require 'ffi'
 
 module Puppet::Util::Windows::User

data/lib/puppet/util/windows.rb

@@ -9,6 +9,9 @@ module Puppet::Util::Windows
   module File; end
   module Registry
   end
+  module Service
+    DEFAULT_TIMEOUT = 30
+  end
   module SID
     class Principal; end
   end