puppet 6.4.5-x64-mingw32 → 6.5.0-x64-mingw32

data/lib/puppet/configurer/downloader.rb

@@ -55,8 +55,12 @@ class Puppet::Configurer::Downloader
       :noop => false
     }
     if !Puppet::Util::Platform.windows?
-      defargs[:owner] = Process.uid
-      defargs[:group] = Process.gid
+      defargs.merge!(
+        {
+          :owner => Process.uid,
+          :group => Process.gid
+        }
+      )
     end
     return defargs
   end

data/lib/puppet/defaults.rb

@@ -35,7 +35,7 @@ module Puppet
   def self.default_basemodulepath
     if Puppet::Util::Platform.windows?
       path = ['$codedir/modules']
-      installdir = ENV["FACTER_env_windows_installdir"]
+      installdir = Facter.value(:env_windows_installdir)
       if installdir
         path << "#{installdir}/puppet/modules"
       end
@@ -47,7 +47,7 @@ module Puppet
 
   def self.default_vendormoduledir
     if Puppet::Util::Platform.windows?
-      installdir = ENV["FACTER_env_windows_installdir"]
+      installdir = Facter.value(:env_windows_installdir)
       if installdir
         "#{installdir}\\puppet\\vendor_modules"
       else
@@ -154,19 +154,6 @@ module Puppet
         end
       end
     },
-    :merge_dependency_warnings => {
-      :default => false,
-      :type    => :boolean,
-      :desc    => "Whether to merge class-level dependency failure warnings.
-
-        When a class has a failed dependency, every resource in the class
-        generates a notice level message about the dependency failure,
-        and a warning level message about skipping the resource.
-
-        If true, all messages caused by a class dependency failure are merged
-        into one message associated with the class.
-        ",
-    },
     :strict => {
       :default    => :warning,
       :type       => :symbolic_enum,
@@ -219,19 +206,12 @@ module Puppet
     :trace => {
         :default  => false,
         :type     => :boolean,
-        :desc     => "Whether to print stack traces on some errors. Will print
-          internal Ruby stack trace interleaved with Puppet function frames.",
+        :desc     => "Whether to print stack traces on some errors",
         :hook     => proc do |value|
           # Enable or disable Facter's trace option too
           Facter.trace(value) if Facter.respond_to? :trace
         end
     },
-    :puppet_trace => {
-        :default  => false,
-        :type     => :boolean,
-        :desc     => "Whether to print the Puppet stack trace on some errors.
-          This is a noop if `trace` is also set.",
-    },
     :profile => {
         :default  => false,
         :type     => :boolean,
@@ -566,10 +546,9 @@ module Puppet
     },
     :http_proxy_host => {
       :default    => "none",
-      :desc       => "The HTTP proxy host to use for outgoing connections. The proxy will be bypassed if
-      the server's hostname matches the NO_PROXY environment variable or `no_proxy` setting. Note: You
+      :desc       => "The HTTP proxy host to use for outgoing connections.  Note: You
       may need to use a FQDN for the server hostname when using a proxy. Environment variable
-      http_proxy or HTTP_PROXY will override this value. ",
+      http_proxy or HTTP_PROXY will override this value",
     },
     :http_proxy_port => {
       :default    => 3128,
@@ -593,10 +572,6 @@ module Puppet
         contains any characters with special meanings in URLs (as specified by RFC 3986
         section 2.2), they must be URL-encoded. (For example, `#` would become `%23`.)",
     },
-    :no_proxy => {
-      :default    => "localhost, 127.0.0.1",
-      :desc       => "List of host or domain names that should not go through `http_proxy_host`. Environment variable no_proxy or NO_PROXY will override this value. Names can be specified as an FQDN `host.example.com`, wildcard `*.example.com`, dotted domain `.example.com`, or suffix `example.com`.",
-    },
     :http_keepalive_timeout => {
       :default    => "4s",
       :type       => :duration,
@@ -851,6 +826,11 @@ EOT
       :group => "service",
       :desc => "Where SSL certificates are kept."
     },
+    :ssl_lockfile => {
+      :default => "$ssldir/ssl.lock",
+      :type    => :string,
+      :desc    => "A lock file to indicate that the ssl bootstrap process is currently in progress.",
+    },
     :publickeydir => {
       :default => "$ssldir/public_keys",
       :type   => :directory,
@@ -986,6 +966,19 @@ EOT
           certificate revocation checking and does not attempt to download the CRL.
         EOT
     },
+    :key_type => {
+      :default => 'rsa',
+      :type    => :enum,
+      :values  => %w[rsa ec],
+      :desc    => "The type of private key. Valid values are `rsa` and `ec`. Default is `rsa`."
+    },
+    :named_curve => {
+      :default => 'prime256v1',
+      :type    => :string,
+      :desc    => "The short name for the EC curve used to generate the EC private key. Valid
+                   values must be one of the curves in `OpenSSL::PKey::EC.builtin_curves`.
+                   Default is `prime256v1`."
+    },
     :digest_algorithm => {
         :default  => lambda { default_digest_algorithm },
         :type     => :enum,
@@ -1110,6 +1103,23 @@ EOT
       :desc       => "The default TTL for new certificates.
       #{AS_DURATION}",
     },
+    :crl_refresh_interval => {
+      :type       => :duration,
+      :desc       => "How often the Puppet agent refreshes its local CRL. By
+         default the CRL is only downloaded once, and never refreshed. If a
+         duration is specified, then the agent will refresh its CRL whenever it
+         next runs and the elapsed time since the CRL was last refreshed exceeds
+         the duration.
+
+         In general, the duration should be greater than the `runinterval`.
+         Setting it to an equal or lesser value will cause the CRL to be
+         refreshed on every run.
+
+         If the agent downloads a new CRL, the agent will use it for subsequent
+         network requests. If the refresh request fails or if the CRL is
+         unchanged on the server, then the agent run will continue using the
+         local CRL it already has.#{AS_DURATION}",
+    },
     :keylength => {
       :default    => 4096,
       :desc       => "The bit length of keys.",
@@ -1498,14 +1508,6 @@ EOT
         apply. You can see man pages by running `puppet <SUBCOMMAND> --help`,
         or read them online at https://puppet.com/docs/puppet/latest/man/."
     },
-    :deviceconfdir => {
-      :default  => "$confdir/devices",
-      :type     => :directory,
-      :mode     => "0750",
-      :owner    => "service",
-      :group    => "service",
-      :desc     => "The root directory of devices' $confdir.",
-    },
     :server => {
       :default => "puppet",
       :desc => "The puppet master server to which the puppet agent should connect.",
@@ -1681,11 +1683,6 @@ EOT
       :type     => :boolean,
       :desc     => "Whether to send reports after every transaction.",
     },
-    :resubmit_facts => {
-      :default  => false,
-      :type     => :boolean,
-      :desc     => "Whether to send updated facts after every transaction.",
-    },
     :lastrunfile =>  {
       :default  => "$statedir/last_run_summary.yaml",
       :type     => :file,
@@ -1736,9 +1733,18 @@ EOT
       Puppet agent cannot apply configurations until its approved certificate is
       available. Since the certificate may or may not be available immediately,
       puppet agent will repeatedly try to fetch it at this interval. You can
-      turn off waiting for certificates by specifying a time of 0, in which case
+      turn off waiting for certificates by specifying a time of 0, or a maximum
+      amount of time to wait in the `maxwaitforcert` setting, in which case
       puppet agent will exit if it cannot get a cert.
       #{AS_DURATION}",
+    },
+    :maxwaitforcert => {
+      :default  => "unlimited",
+      :type     => :ttl,
+      :desc     => "The maximum amount of time the Puppet agent should wait for its
+      certificate request to be signed. A value of `unlimited` will cause puppet agent
+      to ask for a signed certificate indefinitely.
+      #{AS_DURATION}",
     }
   )
 

data/lib/puppet/error.rb

@@ -12,7 +12,7 @@ module Puppet
     # This module implements logging with a filename and line number. Use this
     # for errors that need to report a location in a non-ruby file that we
     # parse.
-    attr_accessor :line, :file, :pos, :puppetstack
+    attr_accessor :line, :file, :pos
 
     # May be called with 3 arguments for message, file, line, and exception, or
     # 4 args including the position on the line.
@@ -22,18 +22,10 @@ module Puppet
         original = pos
         pos = nil
       end
-
       super(message, original)
-
       @file = file unless (file.is_a?(String) && file.empty?)
       @line = line
       @pos = pos
-
-      if original && original.respond_to?(:puppetstack)
-        @puppetstack = original.puppetstack
-      else
-        @puppetstack = Puppet::Pops::PuppetStack.stacktrace()
-      end
     end
 
     def to_s
@@ -79,6 +71,19 @@ module Puppet
       msg
     end
 
+    def to_h
+      {
+        :issue_code => issue_code,
+        :message => basic_message,
+        :full_message => to_s,
+        :file => file,
+        :line => line,
+        :pos => pos,
+        :environment => environment.to_s,
+        :node => node.to_s,
+      }
+    end
+
     def self.from_issue_and_stack(issue, args = {})
       filename, line = Puppet::Pops::PuppetStack.top_of_stack
 

data/lib/puppet/face/catalog.rb

@@ -24,7 +24,7 @@ Puppet::Indirector::Face.define(:catalog, '0.0.1') do
   deactivate_action(:destroy)
   deactivate_action(:search)
   find = get_action(:find)
-  find.summary "Retrieve the catalog for a node."
+  find.summary "Retrieve the catalog for the node from which the command is run."
   find.arguments "<certname>"
   find.returns <<-'EOT'
     A serialized catalog. When used from the Ruby API, returns a
@@ -83,6 +83,25 @@ Puppet::Indirector::Face.define(:catalog, '0.0.1') do
     end
   end
 
+  action(:compile) do
+    summary _("Compile a catalog.")
+    description <<-'EOT'
+      Compiles a catalog locally for a node, requiring access to modules, node classifier, etc.
+    EOT
+    examples <<-'EOT'
+      Compile catalog for node 'mynode':
+
+      $ puppet catalog compile mynode --codedir ...
+    EOT
+    returns <<-'EOT'
+      A serialized catalog.
+    EOT
+    when_invoked do |*args|
+      Puppet.settings.preferred_run_mode = :master
+      Puppet::Face[:catalog, :current].find(*args)
+    end
+  end
+
   action(:download) do
     summary "Download this node's catalog from the puppet master server."
     description <<-'EOT'

data/lib/puppet/face/config.rb

@@ -66,18 +66,41 @@ Puppet::Face.define(:config, '0.0.1') do
         @default_section = true
       end
 
-      if Puppet::Util::Log.sendlevel?(:info)
-        warn_default_section(options[:section]) if @default_section
-        report_section_and_environment(options[:section], Puppet.settings[:environment])
-      end
+      render_all_settings = args.empty? || args == ['all']
 
-      names = if args.empty? || args == ['all']
-                :all
-              else
-                args
-              end
+      args = Puppet.settings.to_a.collect(&:first) if render_all_settings
+
+      values_from_the_selected_section =
+        Puppet.settings.values(nil, options[:section].to_sym)
+
+      loader_settings = {
+        :environmentpath => values_from_the_selected_section.interpolate(:environmentpath),
+        :basemodulepath => values_from_the_selected_section.interpolate(:basemodulepath),
+      }
+
+      to_be_rendered = nil
+      Puppet.override(Puppet.base_context(loader_settings),
+                     _("New environment loaders generated from the requested section.")) do
+        # And now we can lookup values that include those from environments configured from
+        # the requested section
+        values = Puppet.settings.values(Puppet[:environment].to_sym, options[:section].to_sym)
+
+        if Puppet::Util::Log.sendlevel?(:info)
+          warn_default_section(options[:section]) if @default_section
+          report_section_and_environment(options[:section], Puppet.settings[:environment])
+        end
 
-      Puppet.settings.stringify_settings(options[:section], names)
+        to_be_rendered = {}
+        args.sort.each do |setting_name|
+          to_be_rendered[setting_name] = values.print(setting_name.to_sym)
+        end
+      end
+
+      # convert symbols to strings before formatting output
+      if render_all_settings
+        to_be_rendered = stringifyhash(to_be_rendered)
+      end
+      to_be_rendered
     end
 
     when_rendering :console do |to_be_rendered|
@@ -94,6 +117,21 @@ Puppet::Face.define(:config, '0.0.1') do
     end
   end
 
+  def stringifyhash(hash)
+    newhash = {}
+    hash.each do |key, val|
+      key = key.to_s
+      if val.is_a? Hash
+        newhash[key] = stringifyhash(val)
+      elsif val.is_a? Symbol
+        newhash[key] = val.to_s
+      else
+        newhash[key] = val
+      end
+    end
+    newhash
+  end
+
   def warn_default_section(section_name)
     messages = []
     messages << _("No section specified; defaulting to '%{section_name}'.") %

data/lib/puppet/face/facts.rb

@@ -81,7 +81,7 @@ Puppet::Indirector::Face.define(:facts, '0.0.1') do
                     node: Puppet[:node_name_value],
                     server: server})
 
-      Puppet::Node::Facts.indirection.save(facts, nil, :environment => Puppet.lookup(:current_environment))
+      Puppet::Node::Facts.indirection.save(facts)
     end
   end
 end

data/lib/puppet/face/help.rb

@@ -195,7 +195,7 @@ Puppet::Face.define(:help, '0.0.1') do
   #private :horribly_extract_summary_from
 
   def exclude_from_docs?(appname)
-    %w{face_base indirection_base cert key man report status}.include? appname
+    %w{face_base indirection_base cert key man plugin report status}.include? appname
   end
   # This should absolutely be a private method, but for some reason it appears
   #  that you can't use the 'private' keyword inside of a Face definition.

data/lib/puppet/face/module/list.rb

@@ -123,10 +123,10 @@ Puppet::Face.define(:module, '1.0.0') do
       unmet_grouped.each do |type, deps|
         unless deps.empty?
           unmet_grouped[type].sort_by { |dep| dep[:name] }.each do |dep|
-            dep_name           = dep[:name].tr('/', '-')
+            dep_name           = dep[:name].gsub('/', '-')
             installed_version  = dep[:mod_details][:installed_version]
             version_constraint = dep[:version_constraint]
-            parent_name        = dep[:parent][:name].tr('/', '-')
+            parent_name        = dep[:parent][:name].gsub('/', '-')
             parent_version     = dep[:parent][:version]
 
             msg = _("'%{parent_name}' (%{parent_version}) requires '%{dependency_name}' (%{dependency_version})") % { parent_name: parent_name, parent_version: parent_version, dependency_name: dep_name, dependency_version: version_constraint }
@@ -146,7 +146,7 @@ Puppet::Face.define(:module, '1.0.0') do
     error_display_order.each do |type|
       unless @unmet_deps[type].empty?
         @unmet_deps[type].keys.sort.each do |dep|
-          name    = dep.tr('/', '-')
+          name    = dep.gsub('/', '-')
           errors  = @unmet_deps[type][dep][:errors]
           version = @unmet_deps[type][dep][:version]
 
@@ -214,7 +214,7 @@ Puppet::Face.define(:module, '1.0.0') do
           dep[:reason] == :missing
         end
         missing_deps.map do |mis_mod|
-          str = "#{colorize(:bg_red, _('UNMET DEPENDENCY'))} #{mis_mod[:name].tr('/', '-')} "
+          str = "#{colorize(:bg_red, _('UNMET DEPENDENCY'))} #{mis_mod[:name].gsub('/', '-')} "
           str << "(#{colorize(:cyan, mis_mod[:version_constraint])})"
           node[:dependencies] << { :text => str }
         end
@@ -239,7 +239,7 @@ Puppet::Face.define(:module, '1.0.0') do
   #
   def list_build_node(mod, parent, params)
     str = ''
-    str << (mod.forge_name ? mod.forge_name.tr('/', '-') : mod.name)
+    str << (mod.forge_name ? mod.forge_name.gsub('/', '-') : mod.name)
     str << ' (' + colorize(:cyan, mod.version ? "v#{mod.version}" : '???') + ')'
 
     unless File.dirname(mod.path) == params[:path]

data/lib/puppet/face/module/search.rb

@@ -81,7 +81,7 @@ Puppet::Face.define(:module, '1.0.0') do
 
       highlight = proc do |s|
         s = s.gsub(term, colorize(:green, term))
-        s = s.gsub(term.tr('/', '-'), colorize(:green, term.tr('/', '-'))) if term =~ /\//
+        s = s.gsub(term.gsub('/', '-'), colorize(:green, term.gsub('/', '-'))) if term =~ /\//
         s = s.gsub(' DEPRECATED', colorize(:red, ' DEPRECATED'))
         s
       end

data/lib/puppet/face/module/uninstall.rb

@@ -57,7 +57,7 @@ Puppet::Face.define(:module, '1.0.0') do
     end
 
     when_invoked do |name, options|
-      name = name.tr('/', '-')
+      name = name.gsub('/', '-')
 
       Puppet::ModuleTool.set_option_defaults options
       message = if options[:version]

data/lib/puppet/face/module/upgrade.rb

@@ -63,7 +63,7 @@ Puppet::Face.define(:module, '1.0.0') do
     end
 
     when_invoked do |name, options|
-      name = name.tr('/', '-')
+      name = name.gsub('/', '-')
       Puppet.notice _("Preparing to upgrade '%{name}' ...") % { name: name }
       Puppet::ModuleTool.set_option_defaults options
       Puppet::ModuleTool::Applications::Upgrader.new(name, options).run

data/lib/puppet/face/parser.rb

@@ -11,6 +11,7 @@ Puppet::Face.define(:parser, '0.0.1') do
     summary _("Validate the syntax of one or more Puppet manifests.")
     arguments _("[<manifest>] [<manifest> ...]")
     returns _("Nothing, or the first syntax error encountered.")
+
     description <<-'EOT'
       This action validates Puppet DSL syntax without compiling a catalog or
       syncing any resources. If no manifest files are provided, it will
@@ -34,30 +35,66 @@ Puppet::Face.define(:parser, '0.0.1') do
       $ cat init.pp | puppet parser validate
     EOT
     when_invoked do |*args|
-      args.pop
-      files = args
+      files = args.slice(0..-2)
+
+      parse_errors = {}
+
       if files.empty?
         if not STDIN.tty?
           Puppet[:code] = STDIN.read
-          validate_manifest
+          parse_errors['STDIN'] = validate_manifest(nil)
         else
           manifest = Puppet.lookup(:current_environment).manifest
           files << manifest
           Puppet.notice _("No manifest specified. Validating the default manifest %{manifest}") % { manifest: manifest }
         end
       end
+
       missing_files = []
+
       files.each do |file|
         if Puppet::FileSystem.exist?(file)
-          validate_manifest(file)
+          error = validate_manifest(file)
+          parse_errors[file] = error if error
         else
           missing_files << file
         end
       end
+
       unless missing_files.empty?
         raise Puppet::Error, _("One or more file(s) specified did not exist:\n%{files}") % { files: missing_files.collect {|f| " " * 3 + f + "\n"} }
       end
-      nil
+
+      parse_errors
+    end
+
+    when_rendering :console do |errors|
+      unless errors.empty?
+        errors.each { |_, error| Puppet.log_exception(error) }
+
+        exit(1)
+      end
+
+      # Prevent face_base renderer from outputting "null"
+      exit(0)
+    end
+
+    when_rendering :json do |errors|
+      unless errors.empty?
+        ignore_error_keys = [ :arguments, :environment, :node ]
+
+        data = errors.map do |file, error|
+          file_errors = error.to_h.reject { |k, _| ignore_error_keys.include?(k) }
+          [file, file_errors]
+        end.to_h
+
+        puts Puppet::Util::Json.dump(Puppet::Pops::Serialization::ToDataConverter.convert(data, rich_data: false), :pretty => true)
+
+        exit(1)
+      end
+
+      # Prevent face_base renderer from outputting "null"
+      exit(0)
     end
   end
 
@@ -75,7 +112,7 @@ Puppet::Face.define(:parser, '0.0.1') do
       * 'pn' is the Puppet Extended S-Expression Notation.
       * 'json' outputs the same graph as 'pn' but with JSON syntax.
 
-      The output will be "pretty printed" when the option --pretty is given together with --format 'pn' or 'json'. 
+      The output will be "pretty printed" when the option --pretty is given together with --format 'pn' or 'json'.
       This option has no effect on the 'old' format.
 
       The command accepts one or more manifests (.pp) files, or an -e followed by the puppet
@@ -173,15 +210,17 @@ Puppet::Face.define(:parser, '0.0.1') do
   def validate_manifest(manifest = nil)
     env = Puppet.lookup(:current_environment)
     loaders = Puppet::Pops::Loaders.new(env)
+
     Puppet.override( {:loaders => loaders } , _('For puppet parser validate')) do
       begin
         validation_environment = manifest ? env.override_with(:manifest => manifest) : env
         validation_environment.check_for_reparse
         validation_environment.known_resource_types.clear
-      rescue => detail
-        Puppet.log_exception(detail)
-        exit(1)
+      rescue Puppet::ParseError => parse_error
+        return parse_error
       end
     end
+
+    nil
   end
 end