puppet 6.25.1 → 6.28.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CODEOWNERS +1 -1
- data/Gemfile +2 -2
- data/Gemfile.lock +101 -34
- data/lib/puppet/agent.rb +47 -11
- data/lib/puppet/application/agent.rb +2 -12
- data/lib/puppet/application/lookup.rb +74 -24
- data/lib/puppet/concurrent/thread_local_singleton.rb +5 -3
- data/lib/puppet/configurer.rb +8 -14
- data/lib/puppet/defaults.rb +13 -3
- data/lib/puppet/face/generate.rb +2 -0
- data/lib/puppet/file_serving/metadata.rb +3 -0
- data/lib/puppet/file_system/file_impl.rb +7 -7
- data/lib/puppet/file_system/jruby.rb +1 -1
- data/lib/puppet/file_system/windows.rb +4 -4
- data/lib/puppet/file_system.rb +1 -1
- data/lib/puppet/functions/next.rb +18 -1
- data/lib/puppet/functions/tree_each.rb +0 -1
- data/lib/puppet/functions/versioncmp.rb +6 -2
- data/lib/puppet/generate/type.rb +9 -0
- data/lib/puppet/http/client.rb +22 -2
- data/lib/puppet/node.rb +1 -1
- data/lib/puppet/pops/parser/code_merger.rb +4 -4
- data/lib/puppet/pops/parser/egrammar.ra +2 -0
- data/lib/puppet/pops/parser/eparser.rb +813 -794
- data/lib/puppet/pops/serialization/to_data_converter.rb +6 -18
- data/lib/puppet/provider/package/puppetserver_gem.rb +7 -16
- data/lib/puppet/provider/package/windows/exe_package.rb +30 -1
- data/lib/puppet/provider/package/windows/package.rb +2 -1
- data/lib/puppet/provider/package/windows.rb +14 -1
- data/lib/puppet/provider/service/init.rb +5 -4
- data/lib/puppet/provider/user/directoryservice.rb +5 -0
- data/lib/puppet/ssl/ssl_provider.rb +75 -19
- data/lib/puppet/ssl/state_machine.rb +13 -17
- data/lib/puppet/ssl/verifier.rb +6 -0
- data/lib/puppet/transaction/persistence.rb +22 -12
- data/lib/puppet/type/exec.rb +1 -1
- data/lib/puppet/type/file/data_sync.rb +1 -1
- data/lib/puppet/type/user.rb +43 -38
- data/lib/puppet/util/json.rb +17 -0
- data/lib/puppet/util/log.rb +7 -2
- data/lib/puppet/util/monkey_patches.rb +6 -2
- data/lib/puppet/util/package.rb +25 -16
- data/lib/puppet/util/yaml.rb +21 -2
- data/lib/puppet/util.rb +1 -2
- data/lib/puppet/version.rb +1 -1
- data/lib/puppet.rb +2 -14
- data/locales/puppet.pot +5 -10454
- data/man/man5/puppet.conf.5 +21 -2
- data/man/man8/puppet-agent.8 +1 -1
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +1 -1
- data/man/man8/puppet-filebucket.8 +1 -1
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-key.8 +1 -1
- data/man/man8/puppet-lookup.8 +9 -6
- data/man/man8/puppet-man.8 +1 -1
- data/man/man8/puppet-module.8 +1 -1
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +1 -1
- data/man/man8/puppet-status.8 +1 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/unit/forge/bacula.json +1 -1
- data/spec/integration/application/agent_spec.rb +108 -0
- data/spec/integration/application/lookup_spec.rb +81 -50
- data/spec/integration/application/resource_spec.rb +6 -2
- data/spec/integration/http/client_spec.rb +51 -4
- data/spec/lib/puppet_spec/https.rb +1 -1
- data/spec/lib/puppet_spec/puppetserver.rb +39 -2
- data/spec/shared_contexts/l10n.rb +5 -0
- data/spec/unit/agent_spec.rb +28 -2
- data/spec/unit/application/agent_spec.rb +26 -16
- data/spec/unit/application/lookup_spec.rb +131 -10
- data/spec/unit/concurrent/thread_local_singleton_spec.rb +39 -0
- data/spec/unit/configurer_spec.rb +124 -61
- data/spec/unit/daemon_spec.rb +2 -11
- data/spec/unit/face/generate_spec.rb +64 -0
- data/spec/unit/file_system_spec.rb +34 -4
- data/spec/unit/forge/module_release_spec.rb +3 -3
- data/spec/unit/functions/versioncmp_spec.rb +40 -4
- data/spec/unit/http/client_spec.rb +18 -0
- data/spec/unit/node_spec.rb +6 -0
- data/spec/unit/pops/parser/parse_containers_spec.rb +2 -2
- data/spec/unit/pops/serialization/to_from_hr_spec.rb +0 -58
- data/spec/unit/pops/validator/validator_spec.rb +5 -0
- data/spec/unit/provider/package/puppetserver_gem_spec.rb +2 -2
- data/spec/unit/provider/package/windows/exe_package_spec.rb +17 -0
- data/spec/unit/provider/service/gentoo_spec.rb +6 -5
- data/spec/unit/provider/service/init_spec.rb +15 -9
- data/spec/unit/provider/service/openwrt_spec.rb +21 -29
- data/spec/unit/provider/service/redhat_spec.rb +3 -2
- data/spec/unit/ssl/ssl_provider_spec.rb +75 -1
- data/spec/unit/ssl/state_machine_spec.rb +1 -0
- data/spec/unit/transaction/persistence_spec.rb +51 -0
- data/spec/unit/type/user_spec.rb +0 -45
- data/spec/unit/util/json_spec.rb +126 -0
- data/spec/unit/util/windows_spec.rb +23 -0
- data/spec/unit/util/yaml_spec.rb +54 -29
- data/tasks/generate_cert_fixtures.rake +5 -4
- metadata +9 -3
@@ -118,6 +118,9 @@ class Puppet::FileServing::Metadata < Puppet::FileServing::Base
|
|
118
118
|
when "link"
|
119
119
|
@destination = Puppet::FileSystem.readlink(real_path)
|
120
120
|
@checksum = ("{#{@checksum_type}}") + send("#{@checksum_type}_file", real_path).to_s rescue nil
|
121
|
+
when "fifo", "socket"
|
122
|
+
@checksum_type = "none"
|
123
|
+
@checksum = ("{#{@checksum_type}}") + send("#{@checksum_type}_file", real_path).to_s
|
121
124
|
else
|
122
125
|
raise ArgumentError, _("Cannot manage files of type %{file_type}") % { file_type: stat.ftype }
|
123
126
|
end
|
@@ -130,23 +130,23 @@ class Puppet::FileSystem::FileImpl
|
|
130
130
|
end
|
131
131
|
|
132
132
|
def symlink?(path)
|
133
|
-
File.symlink?(path)
|
133
|
+
::File.symlink?(path)
|
134
134
|
end
|
135
135
|
|
136
136
|
def readlink(path)
|
137
|
-
File.readlink(path)
|
137
|
+
::File.readlink(path)
|
138
138
|
end
|
139
139
|
|
140
140
|
def unlink(*paths)
|
141
|
-
File.unlink(*paths)
|
141
|
+
::File.unlink(*paths)
|
142
142
|
end
|
143
143
|
|
144
144
|
def stat(path)
|
145
|
-
File.stat(path)
|
145
|
+
::File.stat(path)
|
146
146
|
end
|
147
147
|
|
148
148
|
def lstat(path)
|
149
|
-
File.lstat(path)
|
149
|
+
::File.lstat(path)
|
150
150
|
end
|
151
151
|
|
152
152
|
def compare_stream(path, stream)
|
@@ -159,7 +159,7 @@ class Puppet::FileSystem::FileImpl
|
|
159
159
|
|
160
160
|
def replace_file(path, mode = nil)
|
161
161
|
begin
|
162
|
-
stat =
|
162
|
+
stat = lstat(path)
|
163
163
|
gid = stat.gid
|
164
164
|
uid = stat.uid
|
165
165
|
mode ||= stat.mode & 07777
|
@@ -180,7 +180,7 @@ class Puppet::FileSystem::FileImpl
|
|
180
180
|
tempfile_path = tempfile.path
|
181
181
|
FileUtils.chown(uid, gid, tempfile_path) if uid && gid
|
182
182
|
chmod(mode, tempfile_path)
|
183
|
-
File.rename(tempfile_path,
|
183
|
+
::File.rename(tempfile_path, path_string(path))
|
184
184
|
ensure
|
185
185
|
tempfile.close!
|
186
186
|
end
|
@@ -14,7 +14,7 @@ class Puppet::FileSystem::JRuby < Puppet::FileSystem::Posix
|
|
14
14
|
def replace_file(path, mode = nil, &block)
|
15
15
|
# MRI Ruby rename checks if destination is a directory and raises, while
|
16
16
|
# JRuby removes the directory and replaces the file.
|
17
|
-
if
|
17
|
+
if directory?(path)
|
18
18
|
raise Errno::EISDIR, _("Is a directory: %{directory}") % { directory: path }
|
19
19
|
end
|
20
20
|
|
@@ -123,7 +123,7 @@ class Puppet::FileSystem::Windows < Puppet::FileSystem::Posix
|
|
123
123
|
LOCK_VIOLATION = 33
|
124
124
|
|
125
125
|
def replace_file(path, mode = nil)
|
126
|
-
if
|
126
|
+
if directory?(path)
|
127
127
|
raise Errno::EISDIR, _("Is a directory: %{directory}") % { directory: path }
|
128
128
|
end
|
129
129
|
|
@@ -159,14 +159,14 @@ class Puppet::FileSystem::Windows < Puppet::FileSystem::Posix
|
|
159
159
|
end
|
160
160
|
|
161
161
|
set_dacl(tempfile.path, dacl) if dacl
|
162
|
-
File.rename(tempfile.path,
|
162
|
+
::File.rename(tempfile.path, path_string(path))
|
163
163
|
ensure
|
164
164
|
tempfile.close!
|
165
165
|
end
|
166
166
|
rescue Puppet::Util::Windows::Error => e
|
167
167
|
case e.code
|
168
168
|
when ACCESS_DENIED, SHARING_VIOLATION, LOCK_VIOLATION
|
169
|
-
raise Errno::EACCES.new(
|
169
|
+
raise Errno::EACCES.new(path_string(path), e)
|
170
170
|
else
|
171
171
|
raise SystemCallError.new(e.message)
|
172
172
|
end
|
@@ -193,7 +193,7 @@ class Puppet::FileSystem::Windows < Puppet::FileSystem::Posix
|
|
193
193
|
end
|
194
194
|
|
195
195
|
def get_dacl_from_file(path)
|
196
|
-
sd = Puppet::Util::Windows::Security.get_security_descriptor(
|
196
|
+
sd = Puppet::Util::Windows::Security.get_security_descriptor(path_string(path))
|
197
197
|
sd.dacl
|
198
198
|
rescue Puppet::Util::Windows::Error => e
|
199
199
|
raise e unless e.code == FILE_NOT_FOUND
|
data/lib/puppet/file_system.rb
CHANGED
@@ -1,8 +1,25 @@
|
|
1
1
|
# Makes iteration continue with the next value, optionally with a given value for this iteration.
|
2
2
|
# If a value is not given it defaults to `undef`
|
3
|
+
#
|
4
|
+
# @example Using the `next()` function
|
3
5
|
#
|
4
|
-
#
|
6
|
+
# ```puppet
|
7
|
+
# $data = ['a','b','c']
|
8
|
+
# $data.each |Integer $index, String $value| {
|
9
|
+
# if $index == 1 {
|
10
|
+
# next()
|
11
|
+
# }
|
12
|
+
# notice ("${index} = ${value}")
|
13
|
+
# }
|
14
|
+
# ```
|
15
|
+
#
|
16
|
+
# Would notice:
|
17
|
+
# ```
|
18
|
+
# Notice: Scope(Class[main]): 0 = a
|
19
|
+
# Notice: Scope(Class[main]): 2 = c
|
20
|
+
# ```
|
5
21
|
#
|
22
|
+
# @since 4.7.0
|
6
23
|
Puppet::Functions.create_function(:next) do
|
7
24
|
dispatch :next_impl do
|
8
25
|
optional_param 'Any', :value
|
@@ -112,7 +112,6 @@
|
|
112
112
|
# * `reverse_each` - get "leaves before root"
|
113
113
|
# * `filter` - prune the tree
|
114
114
|
# * `map` - transform each element
|
115
|
-
# * `reduce` - produce something else
|
116
115
|
#
|
117
116
|
# Note than when chaining, the value passed on is a `Tuple` with `[path, value]`.
|
118
117
|
#
|
@@ -8,6 +8,9 @@ require 'puppet/util/package'
|
|
8
8
|
#
|
9
9
|
# Where a and b are arbitrary version strings.
|
10
10
|
#
|
11
|
+
# Optional parameter ignore_trailing_zeroes is used to ignore unnecessary
|
12
|
+
# trailing version numbers like .0 or .0.00
|
13
|
+
#
|
11
14
|
# This function returns:
|
12
15
|
#
|
13
16
|
# * `1` if version a is greater than version b
|
@@ -28,9 +31,10 @@ Puppet::Functions.create_function(:versioncmp) do
|
|
28
31
|
dispatch :versioncmp do
|
29
32
|
param 'String', :a
|
30
33
|
param 'String', :b
|
34
|
+
optional_param 'Boolean', :ignore_trailing_zeroes
|
31
35
|
end
|
32
36
|
|
33
|
-
def versioncmp(a, b)
|
34
|
-
Puppet::Util::Package.versioncmp(a, b)
|
37
|
+
def versioncmp(a, b, ignore_trailing_zeroes = false)
|
38
|
+
Puppet::Util::Package.versioncmp(a, b, ignore_trailing_zeroes)
|
35
39
|
end
|
36
40
|
end
|
data/lib/puppet/generate/type.rb
CHANGED
@@ -134,6 +134,9 @@ module Puppet
|
|
134
134
|
inputs.sort_by! { |input| input.path }
|
135
135
|
end
|
136
136
|
|
137
|
+
def self.bad_input?
|
138
|
+
@bad_input
|
139
|
+
end
|
137
140
|
# Generates files for the given inputs.
|
138
141
|
# If a file is up to date (newer than input) it is kept.
|
139
142
|
# If a file is out of date it is regenerated.
|
@@ -170,6 +173,8 @@ module Puppet
|
|
170
173
|
}
|
171
174
|
|
172
175
|
up_to_date = true
|
176
|
+
@bad_input = false
|
177
|
+
|
173
178
|
Puppet.notice _('Generating Puppet resource types.')
|
174
179
|
inputs.each do |input|
|
175
180
|
if !force && input.up_to_date?(outputdir)
|
@@ -187,6 +192,7 @@ module Puppet
|
|
187
192
|
raise
|
188
193
|
rescue Exception => e
|
189
194
|
# Log the exception and move on to the next input
|
195
|
+
@bad_input = true
|
190
196
|
Puppet.log_exception(e, _("Failed to load custom type '%{type_name}' from '%{input}': %{message}") % { type_name: type_name, input: input, message: e.message })
|
191
197
|
next
|
192
198
|
end
|
@@ -205,6 +211,7 @@ module Puppet
|
|
205
211
|
begin
|
206
212
|
model = Models::Type::Type.new(type)
|
207
213
|
rescue Exception => e
|
214
|
+
@bad_input = true
|
208
215
|
# Move on to the next input
|
209
216
|
Puppet.log_exception(e, "#{input}: #{e.message}")
|
210
217
|
next
|
@@ -214,6 +221,7 @@ module Puppet
|
|
214
221
|
begin
|
215
222
|
result = model.render(templates[input.template_path])
|
216
223
|
rescue Exception => e
|
224
|
+
@bad_input = true
|
217
225
|
Puppet.log_exception(e)
|
218
226
|
raise
|
219
227
|
end
|
@@ -227,6 +235,7 @@ module Puppet
|
|
227
235
|
file.write(result)
|
228
236
|
end
|
229
237
|
rescue Exception => e
|
238
|
+
@bad_input = true
|
230
239
|
Puppet.log_exception(e, _("Failed to generate '%{effective_output_path}': %{message}") % { effective_output_path: effective_output_path, message: e.message })
|
231
240
|
# Move on to the next input
|
232
241
|
next
|
data/lib/puppet/http/client.rb
CHANGED
@@ -25,7 +25,7 @@ class Puppet::HTTP::Client
|
|
25
25
|
# used if :include_system_store is set to true
|
26
26
|
# @param [Integer] redirect_limit default number of HTTP redirections to allow
|
27
27
|
# in a given request. Can also be specified per-request.
|
28
|
-
# @param [Integer] retry_limit number of HTTP
|
28
|
+
# @param [Integer] retry_limit number of HTTP retries allowed in a given
|
29
29
|
# request
|
30
30
|
#
|
31
31
|
def initialize(pool: Puppet::Network::HTTP::Pool.new(Puppet[:http_keepalive_timeout]), ssl_context: nil, system_ssl_context: nil, redirect_limit: 10, retry_limit: 100)
|
@@ -272,6 +272,24 @@ class Puppet::HTTP::Client
|
|
272
272
|
#
|
273
273
|
def close
|
274
274
|
@pool.close
|
275
|
+
@default_ssl_context = nil
|
276
|
+
@default_system_ssl_context = nil
|
277
|
+
end
|
278
|
+
|
279
|
+
def default_ssl_context
|
280
|
+
cert = Puppet::X509::CertProvider.new
|
281
|
+
password = cert.load_private_key_password
|
282
|
+
|
283
|
+
ssl = Puppet::SSL::SSLProvider.new
|
284
|
+
ctx = ssl.load_context(certname: Puppet[:certname], password: password)
|
285
|
+
ssl.print(ctx)
|
286
|
+
ctx
|
287
|
+
rescue => e
|
288
|
+
# TRANSLATORS: `message` is an already translated string of why SSL failed to initialize
|
289
|
+
Puppet.log_exception(e, _("Failed to initialize SSL: %{message}") % { message: e.message })
|
290
|
+
# TRANSLATORS: `puppet agent -t` is a command and should not be translated
|
291
|
+
Puppet.err(_("Run `puppet agent -t`"))
|
292
|
+
raise e
|
275
293
|
end
|
276
294
|
|
277
295
|
protected
|
@@ -408,7 +426,9 @@ class Puppet::HTTP::Client
|
|
408
426
|
cacerts = cert_provider.load_cacerts || []
|
409
427
|
|
410
428
|
ssl = Puppet::SSL::SSLProvider.new
|
411
|
-
@default_system_ssl_context = ssl.create_system_context(cacerts: cacerts)
|
429
|
+
@default_system_ssl_context = ssl.create_system_context(cacerts: cacerts, include_client_cert: true)
|
430
|
+
ssl.print(@default_system_ssl_context)
|
431
|
+
@default_system_ssl_context
|
412
432
|
end
|
413
433
|
|
414
434
|
def apply_auth(request, basic_auth)
|
data/lib/puppet/node.rb
CHANGED
@@ -89,7 +89,7 @@ class Puppet::Node
|
|
89
89
|
unless @environment.nil?
|
90
90
|
# always set the environment parameter. It becomes top scope $environment for a manifest during catalog compilation.
|
91
91
|
@parameters[ENVIRONMENT] = @environment.name.to_s
|
92
|
-
self.environment_name = @environment.name
|
92
|
+
self.environment_name = @environment.name
|
93
93
|
end
|
94
94
|
@environment
|
95
95
|
end
|
@@ -11,17 +11,17 @@ class Puppet::Pops::Parser::CodeMerger
|
|
11
11
|
# PUP-5299, some sites have thousands of entries, and run out of stack when evaluating - the logic
|
12
12
|
# below maps the logic as flatly as possible.
|
13
13
|
#
|
14
|
-
children = parse_results.select {|x| !x.nil? && x.code}.
|
14
|
+
children = parse_results.select {|x| !x.nil? && x.code}.flat_map do |parsed_class|
|
15
15
|
case parsed_class.code
|
16
16
|
when Puppet::Parser::AST::BlockExpression
|
17
17
|
# the BlockExpression wraps a single 4x instruction that is most likely wrapped in a Factory
|
18
|
-
|
18
|
+
parsed_class.code.children.map {|c| c.is_a?(Puppet::Pops::Model::Factory) ? c.model : c }
|
19
19
|
when Puppet::Pops::Model::Factory
|
20
20
|
# If it is a 4x instruction wrapped in a Factory
|
21
|
-
|
21
|
+
parsed_class.code.model
|
22
22
|
else
|
23
23
|
# It is the instruction directly
|
24
|
-
|
24
|
+
parsed_class.code
|
25
25
|
end
|
26
26
|
end
|
27
27
|
Puppet::Parser::AST::BlockExpression.new(:children => children)
|