puppet 6.25.1 → 6.28.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of puppet might be problematic. Click here for more details.

Files changed (112) hide show
  1. checksums.yaml +4 -4
  2. data/CODEOWNERS +1 -1
  3. data/Gemfile +2 -2
  4. data/Gemfile.lock +101 -34
  5. data/lib/puppet/agent.rb +47 -11
  6. data/lib/puppet/application/agent.rb +2 -12
  7. data/lib/puppet/application/lookup.rb +74 -24
  8. data/lib/puppet/concurrent/thread_local_singleton.rb +5 -3
  9. data/lib/puppet/configurer.rb +8 -14
  10. data/lib/puppet/defaults.rb +13 -3
  11. data/lib/puppet/face/generate.rb +2 -0
  12. data/lib/puppet/file_serving/metadata.rb +3 -0
  13. data/lib/puppet/file_system/file_impl.rb +7 -7
  14. data/lib/puppet/file_system/jruby.rb +1 -1
  15. data/lib/puppet/file_system/windows.rb +4 -4
  16. data/lib/puppet/file_system.rb +1 -1
  17. data/lib/puppet/functions/next.rb +18 -1
  18. data/lib/puppet/functions/tree_each.rb +0 -1
  19. data/lib/puppet/functions/versioncmp.rb +6 -2
  20. data/lib/puppet/generate/type.rb +9 -0
  21. data/lib/puppet/http/client.rb +22 -2
  22. data/lib/puppet/node.rb +1 -1
  23. data/lib/puppet/pops/parser/code_merger.rb +4 -4
  24. data/lib/puppet/pops/parser/egrammar.ra +2 -0
  25. data/lib/puppet/pops/parser/eparser.rb +813 -794
  26. data/lib/puppet/pops/serialization/to_data_converter.rb +6 -18
  27. data/lib/puppet/provider/package/puppetserver_gem.rb +7 -16
  28. data/lib/puppet/provider/package/windows/exe_package.rb +30 -1
  29. data/lib/puppet/provider/package/windows/package.rb +2 -1
  30. data/lib/puppet/provider/package/windows.rb +14 -1
  31. data/lib/puppet/provider/service/init.rb +5 -4
  32. data/lib/puppet/provider/user/directoryservice.rb +5 -0
  33. data/lib/puppet/ssl/ssl_provider.rb +75 -19
  34. data/lib/puppet/ssl/state_machine.rb +13 -17
  35. data/lib/puppet/ssl/verifier.rb +6 -0
  36. data/lib/puppet/transaction/persistence.rb +22 -12
  37. data/lib/puppet/type/exec.rb +1 -1
  38. data/lib/puppet/type/file/data_sync.rb +1 -1
  39. data/lib/puppet/type/user.rb +43 -38
  40. data/lib/puppet/util/json.rb +17 -0
  41. data/lib/puppet/util/log.rb +7 -2
  42. data/lib/puppet/util/monkey_patches.rb +6 -2
  43. data/lib/puppet/util/package.rb +25 -16
  44. data/lib/puppet/util/yaml.rb +21 -2
  45. data/lib/puppet/util.rb +1 -2
  46. data/lib/puppet/version.rb +1 -1
  47. data/lib/puppet.rb +2 -14
  48. data/locales/puppet.pot +5 -10454
  49. data/man/man5/puppet.conf.5 +21 -2
  50. data/man/man8/puppet-agent.8 +1 -1
  51. data/man/man8/puppet-apply.8 +1 -1
  52. data/man/man8/puppet-catalog.8 +1 -1
  53. data/man/man8/puppet-config.8 +1 -1
  54. data/man/man8/puppet-describe.8 +1 -1
  55. data/man/man8/puppet-device.8 +1 -1
  56. data/man/man8/puppet-doc.8 +1 -1
  57. data/man/man8/puppet-epp.8 +1 -1
  58. data/man/man8/puppet-facts.8 +1 -1
  59. data/man/man8/puppet-filebucket.8 +1 -1
  60. data/man/man8/puppet-generate.8 +1 -1
  61. data/man/man8/puppet-help.8 +1 -1
  62. data/man/man8/puppet-key.8 +1 -1
  63. data/man/man8/puppet-lookup.8 +9 -6
  64. data/man/man8/puppet-man.8 +1 -1
  65. data/man/man8/puppet-module.8 +1 -1
  66. data/man/man8/puppet-node.8 +1 -1
  67. data/man/man8/puppet-parser.8 +1 -1
  68. data/man/man8/puppet-plugin.8 +1 -1
  69. data/man/man8/puppet-report.8 +1 -1
  70. data/man/man8/puppet-resource.8 +1 -1
  71. data/man/man8/puppet-script.8 +1 -1
  72. data/man/man8/puppet-ssl.8 +1 -1
  73. data/man/man8/puppet-status.8 +1 -1
  74. data/man/man8/puppet.8 +2 -2
  75. data/spec/fixtures/unit/forge/bacula.json +1 -1
  76. data/spec/integration/application/agent_spec.rb +108 -0
  77. data/spec/integration/application/lookup_spec.rb +81 -50
  78. data/spec/integration/application/resource_spec.rb +6 -2
  79. data/spec/integration/http/client_spec.rb +51 -4
  80. data/spec/lib/puppet_spec/https.rb +1 -1
  81. data/spec/lib/puppet_spec/puppetserver.rb +39 -2
  82. data/spec/shared_contexts/l10n.rb +5 -0
  83. data/spec/unit/agent_spec.rb +28 -2
  84. data/spec/unit/application/agent_spec.rb +26 -16
  85. data/spec/unit/application/lookup_spec.rb +131 -10
  86. data/spec/unit/concurrent/thread_local_singleton_spec.rb +39 -0
  87. data/spec/unit/configurer_spec.rb +124 -61
  88. data/spec/unit/daemon_spec.rb +2 -11
  89. data/spec/unit/face/generate_spec.rb +64 -0
  90. data/spec/unit/file_system_spec.rb +34 -4
  91. data/spec/unit/forge/module_release_spec.rb +3 -3
  92. data/spec/unit/functions/versioncmp_spec.rb +40 -4
  93. data/spec/unit/http/client_spec.rb +18 -0
  94. data/spec/unit/node_spec.rb +6 -0
  95. data/spec/unit/pops/parser/parse_containers_spec.rb +2 -2
  96. data/spec/unit/pops/serialization/to_from_hr_spec.rb +0 -58
  97. data/spec/unit/pops/validator/validator_spec.rb +5 -0
  98. data/spec/unit/provider/package/puppetserver_gem_spec.rb +2 -2
  99. data/spec/unit/provider/package/windows/exe_package_spec.rb +17 -0
  100. data/spec/unit/provider/service/gentoo_spec.rb +6 -5
  101. data/spec/unit/provider/service/init_spec.rb +15 -9
  102. data/spec/unit/provider/service/openwrt_spec.rb +21 -29
  103. data/spec/unit/provider/service/redhat_spec.rb +3 -2
  104. data/spec/unit/ssl/ssl_provider_spec.rb +75 -1
  105. data/spec/unit/ssl/state_machine_spec.rb +1 -0
  106. data/spec/unit/transaction/persistence_spec.rb +51 -0
  107. data/spec/unit/type/user_spec.rb +0 -45
  108. data/spec/unit/util/json_spec.rb +126 -0
  109. data/spec/unit/util/windows_spec.rb +23 -0
  110. data/spec/unit/util/yaml_spec.rb +54 -29
  111. data/tasks/generate_cert_fixtures.rake +5 -4
  112. metadata +9 -3
@@ -118,6 +118,9 @@ class Puppet::FileServing::Metadata < Puppet::FileServing::Base
118
118
  when "link"
119
119
  @destination = Puppet::FileSystem.readlink(real_path)
120
120
  @checksum = ("{#{@checksum_type}}") + send("#{@checksum_type}_file", real_path).to_s rescue nil
121
+ when "fifo", "socket"
122
+ @checksum_type = "none"
123
+ @checksum = ("{#{@checksum_type}}") + send("#{@checksum_type}_file", real_path).to_s
121
124
  else
122
125
  raise ArgumentError, _("Cannot manage files of type %{file_type}") % { file_type: stat.ftype }
123
126
  end
@@ -130,23 +130,23 @@ class Puppet::FileSystem::FileImpl
130
130
  end
131
131
 
132
132
  def symlink?(path)
133
- File.symlink?(path)
133
+ ::File.symlink?(path)
134
134
  end
135
135
 
136
136
  def readlink(path)
137
- File.readlink(path)
137
+ ::File.readlink(path)
138
138
  end
139
139
 
140
140
  def unlink(*paths)
141
- File.unlink(*paths)
141
+ ::File.unlink(*paths)
142
142
  end
143
143
 
144
144
  def stat(path)
145
- File.stat(path)
145
+ ::File.stat(path)
146
146
  end
147
147
 
148
148
  def lstat(path)
149
- File.lstat(path)
149
+ ::File.lstat(path)
150
150
  end
151
151
 
152
152
  def compare_stream(path, stream)
@@ -159,7 +159,7 @@ class Puppet::FileSystem::FileImpl
159
159
 
160
160
  def replace_file(path, mode = nil)
161
161
  begin
162
- stat = Puppet::FileSystem.lstat(path)
162
+ stat = lstat(path)
163
163
  gid = stat.gid
164
164
  uid = stat.uid
165
165
  mode ||= stat.mode & 07777
@@ -180,7 +180,7 @@ class Puppet::FileSystem::FileImpl
180
180
  tempfile_path = tempfile.path
181
181
  FileUtils.chown(uid, gid, tempfile_path) if uid && gid
182
182
  chmod(mode, tempfile_path)
183
- File.rename(tempfile_path, Puppet::FileSystem.path_string(path))
183
+ ::File.rename(tempfile_path, path_string(path))
184
184
  ensure
185
185
  tempfile.close!
186
186
  end
@@ -14,7 +14,7 @@ class Puppet::FileSystem::JRuby < Puppet::FileSystem::Posix
14
14
  def replace_file(path, mode = nil, &block)
15
15
  # MRI Ruby rename checks if destination is a directory and raises, while
16
16
  # JRuby removes the directory and replaces the file.
17
- if Puppet::FileSystem.directory?(path)
17
+ if directory?(path)
18
18
  raise Errno::EISDIR, _("Is a directory: %{directory}") % { directory: path }
19
19
  end
20
20
 
@@ -123,7 +123,7 @@ class Puppet::FileSystem::Windows < Puppet::FileSystem::Posix
123
123
  LOCK_VIOLATION = 33
124
124
 
125
125
  def replace_file(path, mode = nil)
126
- if Puppet::FileSystem.directory?(path)
126
+ if directory?(path)
127
127
  raise Errno::EISDIR, _("Is a directory: %{directory}") % { directory: path }
128
128
  end
129
129
 
@@ -159,14 +159,14 @@ class Puppet::FileSystem::Windows < Puppet::FileSystem::Posix
159
159
  end
160
160
 
161
161
  set_dacl(tempfile.path, dacl) if dacl
162
- File.rename(tempfile.path, Puppet::FileSystem.path_string(path))
162
+ ::File.rename(tempfile.path, path_string(path))
163
163
  ensure
164
164
  tempfile.close!
165
165
  end
166
166
  rescue Puppet::Util::Windows::Error => e
167
167
  case e.code
168
168
  when ACCESS_DENIED, SHARING_VIOLATION, LOCK_VIOLATION
169
- raise Errno::EACCES.new(Puppet::FileSystem.path_string(path), e)
169
+ raise Errno::EACCES.new(path_string(path), e)
170
170
  else
171
171
  raise SystemCallError.new(e.message)
172
172
  end
@@ -193,7 +193,7 @@ class Puppet::FileSystem::Windows < Puppet::FileSystem::Posix
193
193
  end
194
194
 
195
195
  def get_dacl_from_file(path)
196
- sd = Puppet::Util::Windows::Security.get_security_descriptor(Puppet::FileSystem.path_string(path))
196
+ sd = Puppet::Util::Windows::Security.get_security_descriptor(path_string(path))
197
197
  sd.dacl
198
198
  rescue Puppet::Util::Windows::Error => e
199
199
  raise e unless e.code == FILE_NOT_FOUND
@@ -396,7 +396,7 @@ module Puppet::FileSystem
396
396
  # @api public
397
397
  #
398
398
  def self.chmod(mode, path)
399
- @impl.chmod(mode, path)
399
+ @impl.chmod(mode, assert_path(path))
400
400
  end
401
401
 
402
402
  # Replace the contents of a file atomically, creating the file if necessary.
@@ -1,8 +1,25 @@
1
1
  # Makes iteration continue with the next value, optionally with a given value for this iteration.
2
2
  # If a value is not given it defaults to `undef`
3
+ #
4
+ # @example Using the `next()` function
3
5
  #
4
- # @since 4.7.0
6
+ # ```puppet
7
+ # $data = ['a','b','c']
8
+ # $data.each |Integer $index, String $value| {
9
+ # if $index == 1 {
10
+ # next()
11
+ # }
12
+ # notice ("${index} = ${value}")
13
+ # }
14
+ # ```
15
+ #
16
+ # Would notice:
17
+ # ```
18
+ # Notice: Scope(Class[main]): 0 = a
19
+ # Notice: Scope(Class[main]): 2 = c
20
+ # ```
5
21
  #
22
+ # @since 4.7.0
6
23
  Puppet::Functions.create_function(:next) do
7
24
  dispatch :next_impl do
8
25
  optional_param 'Any', :value
@@ -112,7 +112,6 @@
112
112
  # * `reverse_each` - get "leaves before root"
113
113
  # * `filter` - prune the tree
114
114
  # * `map` - transform each element
115
- # * `reduce` - produce something else
116
115
  #
117
116
  # Note than when chaining, the value passed on is a `Tuple` with `[path, value]`.
118
117
  #
@@ -8,6 +8,9 @@ require 'puppet/util/package'
8
8
  #
9
9
  # Where a and b are arbitrary version strings.
10
10
  #
11
+ # Optional parameter ignore_trailing_zeroes is used to ignore unnecessary
12
+ # trailing version numbers like .0 or .0.00
13
+ #
11
14
  # This function returns:
12
15
  #
13
16
  # * `1` if version a is greater than version b
@@ -28,9 +31,10 @@ Puppet::Functions.create_function(:versioncmp) do
28
31
  dispatch :versioncmp do
29
32
  param 'String', :a
30
33
  param 'String', :b
34
+ optional_param 'Boolean', :ignore_trailing_zeroes
31
35
  end
32
36
 
33
- def versioncmp(a, b)
34
- Puppet::Util::Package.versioncmp(a, b)
37
+ def versioncmp(a, b, ignore_trailing_zeroes = false)
38
+ Puppet::Util::Package.versioncmp(a, b, ignore_trailing_zeroes)
35
39
  end
36
40
  end
@@ -134,6 +134,9 @@ module Puppet
134
134
  inputs.sort_by! { |input| input.path }
135
135
  end
136
136
 
137
+ def self.bad_input?
138
+ @bad_input
139
+ end
137
140
  # Generates files for the given inputs.
138
141
  # If a file is up to date (newer than input) it is kept.
139
142
  # If a file is out of date it is regenerated.
@@ -170,6 +173,8 @@ module Puppet
170
173
  }
171
174
 
172
175
  up_to_date = true
176
+ @bad_input = false
177
+
173
178
  Puppet.notice _('Generating Puppet resource types.')
174
179
  inputs.each do |input|
175
180
  if !force && input.up_to_date?(outputdir)
@@ -187,6 +192,7 @@ module Puppet
187
192
  raise
188
193
  rescue Exception => e
189
194
  # Log the exception and move on to the next input
195
+ @bad_input = true
190
196
  Puppet.log_exception(e, _("Failed to load custom type '%{type_name}' from '%{input}': %{message}") % { type_name: type_name, input: input, message: e.message })
191
197
  next
192
198
  end
@@ -205,6 +211,7 @@ module Puppet
205
211
  begin
206
212
  model = Models::Type::Type.new(type)
207
213
  rescue Exception => e
214
+ @bad_input = true
208
215
  # Move on to the next input
209
216
  Puppet.log_exception(e, "#{input}: #{e.message}")
210
217
  next
@@ -214,6 +221,7 @@ module Puppet
214
221
  begin
215
222
  result = model.render(templates[input.template_path])
216
223
  rescue Exception => e
224
+ @bad_input = true
217
225
  Puppet.log_exception(e)
218
226
  raise
219
227
  end
@@ -227,6 +235,7 @@ module Puppet
227
235
  file.write(result)
228
236
  end
229
237
  rescue Exception => e
238
+ @bad_input = true
230
239
  Puppet.log_exception(e, _("Failed to generate '%{effective_output_path}': %{message}") % { effective_output_path: effective_output_path, message: e.message })
231
240
  # Move on to the next input
232
241
  next
@@ -25,7 +25,7 @@ class Puppet::HTTP::Client
25
25
  # used if :include_system_store is set to true
26
26
  # @param [Integer] redirect_limit default number of HTTP redirections to allow
27
27
  # in a given request. Can also be specified per-request.
28
- # @param [Integer] retry_limit number of HTTP reties allowed in a given
28
+ # @param [Integer] retry_limit number of HTTP retries allowed in a given
29
29
  # request
30
30
  #
31
31
  def initialize(pool: Puppet::Network::HTTP::Pool.new(Puppet[:http_keepalive_timeout]), ssl_context: nil, system_ssl_context: nil, redirect_limit: 10, retry_limit: 100)
@@ -272,6 +272,24 @@ class Puppet::HTTP::Client
272
272
  #
273
273
  def close
274
274
  @pool.close
275
+ @default_ssl_context = nil
276
+ @default_system_ssl_context = nil
277
+ end
278
+
279
+ def default_ssl_context
280
+ cert = Puppet::X509::CertProvider.new
281
+ password = cert.load_private_key_password
282
+
283
+ ssl = Puppet::SSL::SSLProvider.new
284
+ ctx = ssl.load_context(certname: Puppet[:certname], password: password)
285
+ ssl.print(ctx)
286
+ ctx
287
+ rescue => e
288
+ # TRANSLATORS: `message` is an already translated string of why SSL failed to initialize
289
+ Puppet.log_exception(e, _("Failed to initialize SSL: %{message}") % { message: e.message })
290
+ # TRANSLATORS: `puppet agent -t` is a command and should not be translated
291
+ Puppet.err(_("Run `puppet agent -t`"))
292
+ raise e
275
293
  end
276
294
 
277
295
  protected
@@ -408,7 +426,9 @@ class Puppet::HTTP::Client
408
426
  cacerts = cert_provider.load_cacerts || []
409
427
 
410
428
  ssl = Puppet::SSL::SSLProvider.new
411
- @default_system_ssl_context = ssl.create_system_context(cacerts: cacerts)
429
+ @default_system_ssl_context = ssl.create_system_context(cacerts: cacerts, include_client_cert: true)
430
+ ssl.print(@default_system_ssl_context)
431
+ @default_system_ssl_context
412
432
  end
413
433
 
414
434
  def apply_auth(request, basic_auth)
data/lib/puppet/node.rb CHANGED
@@ -89,7 +89,7 @@ class Puppet::Node
89
89
  unless @environment.nil?
90
90
  # always set the environment parameter. It becomes top scope $environment for a manifest during catalog compilation.
91
91
  @parameters[ENVIRONMENT] = @environment.name.to_s
92
- self.environment_name = @environment.name if instance_variable_defined?(:@environment_name)
92
+ self.environment_name = @environment.name
93
93
  end
94
94
  @environment
95
95
  end
@@ -11,17 +11,17 @@ class Puppet::Pops::Parser::CodeMerger
11
11
  # PUP-5299, some sites have thousands of entries, and run out of stack when evaluating - the logic
12
12
  # below maps the logic as flatly as possible.
13
13
  #
14
- children = parse_results.select {|x| !x.nil? && x.code}.reduce([]) do |memo, parsed_class|
14
+ children = parse_results.select {|x| !x.nil? && x.code}.flat_map do |parsed_class|
15
15
  case parsed_class.code
16
16
  when Puppet::Parser::AST::BlockExpression
17
17
  # the BlockExpression wraps a single 4x instruction that is most likely wrapped in a Factory
18
- memo + parsed_class.code.children.map {|c| c.is_a?(Puppet::Pops::Model::Factory) ? c.model : c }
18
+ parsed_class.code.children.map {|c| c.is_a?(Puppet::Pops::Model::Factory) ? c.model : c }
19
19
  when Puppet::Pops::Model::Factory
20
20
  # If it is a 4x instruction wrapped in a Factory
21
- memo + parsed_class.code.model
21
+ parsed_class.code.model
22
22
  else
23
23
  # It is the instruction directly
24
- memo << parsed_class.code
24
+ parsed_class.code
25
25
  end
26
26
  end
27
27
  Puppet::Parser::AST::BlockExpression.new(:children => children)
@@ -919,6 +919,8 @@ keyword
919
919
  | CONSUMES
920
920
  | PRODUCES
921
921
  | SITE
922
+ | PLAN
923
+ | APPLY
922
924
 
923
925
  nil
924
926
  : { result = nil}