RubyGems - puppet - Versions diffs - 6.6.0 → 6.7.0 - Mend

puppet 6.6.0 → 6.7.0

Potentially problematic release.

This version of puppet might be problematic. Click here for more details.

Files changed (254) hide show

checksums.yaml +4 -4
data/Gemfile.lock +8 -8
data/ext/solaris/smf/puppet.xml +2 -0
data/ext/yaml_nodes.rb +7 -7
data/lib/hiera_puppet.rb +2 -1
data/lib/puppet/application/apply.rb +2 -3
data/lib/puppet/application/doc.rb +2 -1
data/lib/puppet/application/face_base.rb +22 -15
data/lib/puppet/application/script.rb +4 -6
data/lib/puppet/configurer.rb +10 -5
data/lib/puppet/confine_collection.rb +2 -1
data/lib/puppet/daemon.rb +3 -2
data/lib/puppet/defaults.rb +8 -0
data/lib/puppet/environments.rb +9 -7
data/lib/puppet/etc.rb +1 -1
data/lib/puppet/external/pson/pure/parser.rb +2 -1
data/lib/puppet/face/epp.rb +4 -2
data/lib/puppet/face/help.rb +3 -2
data/lib/puppet/face/module/changes.rb +2 -1
data/lib/puppet/file_bucket/dipper.rb +2 -1
data/lib/puppet/file_serving/configuration.rb +2 -1
data/lib/puppet/file_serving/fileset.rb +1 -1
data/lib/puppet/file_serving/http_metadata.rb +4 -2
data/lib/puppet/file_serving/metadata.rb +2 -1
data/lib/puppet/file_serving/mount/file.rb +2 -1
data/lib/puppet/file_serving/mount/locales.rb +2 -1
data/lib/puppet/file_serving/mount/modules.rb +4 -2
data/lib/puppet/file_serving/mount/pluginfacts.rb +2 -1
data/lib/puppet/file_serving/mount/plugins.rb +2 -1
data/lib/puppet/file_serving/mount/tasks.rb +4 -2
data/lib/puppet/file_system/uniquefile.rb +4 -2
data/lib/puppet/functions/match.rb +2 -3
data/lib/puppet/generate/type.rb +2 -1
data/lib/puppet/graph/relationship_graph.rb +2 -1
data/lib/puppet/graph/simple_graph.rb +3 -2
data/lib/puppet/indirector/catalog/compiler.rb +16 -8
data/lib/puppet/indirector/certificate/rest.rb +2 -1
data/lib/puppet/indirector/face.rb +2 -2
data/lib/puppet/indirector/file_server.rb +4 -2
data/lib/puppet/indirector/indirection.rb +12 -6
data/lib/puppet/indirector/node/exec.rb +2 -1
data/lib/puppet/indirector/report/processor.rb +2 -1
data/lib/puppet/indirector/request.rb +9 -5
data/lib/puppet/indirector/ssl_file.rb +10 -8
data/lib/puppet/indirector/terminus.rb +6 -3
data/lib/puppet/info_service.rb +9 -0
data/lib/puppet/info_service/plan_information_service.rb +36 -0
data/lib/puppet/interface.rb +2 -1
data/lib/puppet/interface/action.rb +10 -5
data/lib/puppet/interface/action_manager.rb +2 -1
data/lib/puppet/interface/documentation.rb +10 -7
data/lib/puppet/interface/face_collection.rb +6 -3
data/lib/puppet/interface/option.rb +4 -2
data/lib/puppet/interface/option_manager.rb +4 -2
data/lib/puppet/module.rb +35 -1
data/lib/puppet/module/plan.rb +160 -0
data/lib/puppet/module_tool.rb +2 -1
data/lib/puppet/module_tool/applications/application.rb +2 -1
data/lib/puppet/module_tool/applications/installer.rb +4 -2
data/lib/puppet/module_tool/applications/upgrader.rb +4 -2
data/lib/puppet/module_tool/contents_description.rb +2 -1
data/lib/puppet/module_tool/metadata.rb +2 -3
data/lib/puppet/module_tool/shared_behaviors.rb +2 -1
data/lib/puppet/network/authconfig.rb +4 -2
data/lib/puppet/network/authstore.rb +2 -1
data/lib/puppet/network/formats.rb +2 -1
data/lib/puppet/network/http/api/indirected_routes.rb +6 -4
data/lib/puppet/network/http/handler.rb +2 -1
data/lib/puppet/network/http/request.rb +2 -1
data/lib/puppet/network/http/route.rb +2 -1
data/lib/puppet/network/resolver.rb +3 -2
data/lib/puppet/network/rights.rb +2 -1
data/lib/puppet/node.rb +8 -4
data/lib/puppet/pal/catalog_compiler.rb +8 -1
data/lib/puppet/pal/compiler.rb +2 -1
data/lib/puppet/pal/pal_impl.rb +8 -0
data/lib/puppet/pal/script_compiler.rb +4 -2
data/lib/puppet/parameter.rb +4 -2
data/lib/puppet/parameter/value_collection.rb +8 -8
data/lib/puppet/parser/ast/pops_bridge.rb +2 -1
data/lib/puppet/parser/compiler.rb +10 -5
data/lib/puppet/parser/files.rb +2 -1
data/lib/puppet/parser/functions.rb +2 -1
data/lib/puppet/parser/relationship.rb +2 -1
data/lib/puppet/parser/resource.rb +6 -3
data/lib/puppet/parser/scope.rb +6 -4
data/lib/puppet/parser/templatewrapper.rb +2 -1
data/lib/puppet/parser/type_loader.rb +2 -1
data/lib/puppet/pops/adaptable.rb +2 -5
data/lib/puppet/pops/evaluator/collectors/exported_collector.rb +2 -1
data/lib/puppet/pops/evaluator/collectors/fixed_set_collector.rb +2 -1
data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +2 -1
data/lib/puppet/pops/evaluator/runtime3_support.rb +8 -4
data/lib/puppet/pops/loader/base_loader.rb +4 -2
data/lib/puppet/pops/loader/dependency_loader.rb +4 -2
data/lib/puppet/pops/loader/gem_support.rb +4 -2
data/lib/puppet/pops/loader/loader.rb +4 -2
data/lib/puppet/pops/loader/loader_paths.rb +2 -1
data/lib/puppet/pops/loader/static_loader.rb +1 -1
data/lib/puppet/pops/lookup/interpolation.rb +2 -1
data/lib/puppet/pops/model/factory.rb +4 -2
data/lib/puppet/pops/parser/epp_support.rb +2 -1
data/lib/puppet/pops/parser/heredoc_support.rb +2 -1
data/lib/puppet/pops/parser/interpolation_support.rb +10 -5
data/lib/puppet/pops/parser/lexer2.rb +6 -3
data/lib/puppet/pops/parser/locator.rb +2 -1
data/lib/puppet/pops/types/type_calculator.rb +1 -1
data/lib/puppet/pops/types/type_parser.rb +4 -2
data/lib/puppet/pops/validation.rb +2 -1
data/lib/puppet/pops/validation/checker4_0.rb +6 -3
data/lib/puppet/pops/visitor.rb +12 -6
data/lib/puppet/property.rb +19 -16
data/lib/puppet/property/ensure.rb +2 -1
data/lib/puppet/property/keyvalue.rb +2 -1
data/lib/puppet/property/list.rb +2 -1
data/lib/puppet/provider.rb +10 -8
data/lib/puppet/provider/exec.rb +7 -4
data/lib/puppet/provider/file/posix.rb +6 -3
data/lib/puppet/provider/group/groupadd.rb +2 -1
data/lib/puppet/provider/group/ldap.rb +7 -4
data/lib/puppet/provider/group/pw.rb +4 -2
data/lib/puppet/provider/ldap.rb +8 -4
data/lib/puppet/provider/nameservice.rb +8 -5
data/lib/puppet/provider/nameservice/directoryservice.rb +8 -4
data/lib/puppet/provider/network_device.rb +4 -2
data/lib/puppet/provider/package.rb +2 -1
data/lib/puppet/provider/package/aix.rb +4 -2
data/lib/puppet/provider/package/appdmg.rb +4 -2
data/lib/puppet/provider/package/apple.rb +2 -1
data/lib/puppet/provider/package/apt.rb +4 -2
data/lib/puppet/provider/package/blastwave.rb +2 -1
data/lib/puppet/provider/package/dpkg.rb +6 -3
data/lib/puppet/provider/package/fink.rb +2 -1
data/lib/puppet/provider/package/gem.rb +4 -2
data/lib/puppet/provider/package/macports.rb +6 -3
data/lib/puppet/provider/package/nim.rb +8 -4
data/lib/puppet/provider/package/openbsd.rb +14 -8
data/lib/puppet/provider/package/opkg.rb +2 -1
data/lib/puppet/provider/package/pacman.rb +2 -1
data/lib/puppet/provider/package/pip.rb +2 -1
data/lib/puppet/provider/package/pkgdmg.rb +4 -2
data/lib/puppet/provider/package/pkgng.rb +4 -2
data/lib/puppet/provider/package/pkgutil.rb +2 -1
data/lib/puppet/provider/package/portupgrade.rb +2 -1
data/lib/puppet/provider/package/rpm.rb +8 -4
data/lib/puppet/provider/package/windows/package.rb +2 -1
data/lib/puppet/provider/parsedfile.rb +14 -7
data/lib/puppet/provider/service/base.rb +7 -4
data/lib/puppet/provider/service/launchd.rb +4 -2
data/lib/puppet/provider/service/service.rb +2 -1
data/lib/puppet/provider/service/upstart.rb +11 -8
data/lib/puppet/provider/user/directoryservice.rb +2 -1
data/lib/puppet/provider/user/hpux.rb +1 -1
data/lib/puppet/provider/user/ldap.rb +8 -4
data/lib/puppet/provider/user/openbsd.rb +2 -1
data/lib/puppet/provider/user/pw.rb +2 -1
data/lib/puppet/provider/user/user_role_add.rb +4 -2
data/lib/puppet/provider/user/useradd.rb +7 -4
data/lib/puppet/reference/providers.rb +2 -3
data/lib/puppet/reference/type.rb +4 -2
data/lib/puppet/relationship.rb +4 -9
data/lib/puppet/resource.rb +16 -9
data/lib/puppet/resource/capability_finder.rb +12 -8
data/lib/puppet/resource/catalog.rb +36 -40
data/lib/puppet/resource/type.rb +7 -3
data/lib/puppet/resource/type_collection.rb +4 -2
data/lib/puppet/settings.rb +36 -19
data/lib/puppet/settings/base_setting.rb +2 -1
data/lib/puppet/settings/config_file.rb +2 -1
data/lib/puppet/settings/file_setting.rb +2 -1
data/lib/puppet/settings/ini_file.rb +2 -1
data/lib/puppet/ssl/base.rb +2 -1
data/lib/puppet/ssl/host.rb +16 -8
data/lib/puppet/ssl/key.rb +2 -2
data/lib/puppet/ssl/state_machine.rb +22 -3
data/lib/puppet/transaction/event.rb +2 -1
data/lib/puppet/transaction/event_manager.rb +4 -2
data/lib/puppet/transaction/report.rb +10 -10
data/lib/puppet/transaction/resource_harness.rb +4 -2
data/lib/puppet/type.rb +84 -48
data/lib/puppet/type/component.rb +2 -1
data/lib/puppet/type/exec.rb +11 -7
data/lib/puppet/type/file.rb +15 -9
data/lib/puppet/type/file/content.rb +7 -3
data/lib/puppet/type/file/ctime.rb +2 -1
data/lib/puppet/type/file/data_sync.rb +2 -1
data/lib/puppet/type/file/ensure.rb +10 -7
data/lib/puppet/type/file/mode.rb +2 -1
data/lib/puppet/type/file/mtime.rb +2 -1
data/lib/puppet/type/file/selcontext.rb +2 -1
data/lib/puppet/type/file/source.rb +6 -7
data/lib/puppet/type/file/target.rb +2 -1
data/lib/puppet/type/file/type.rb +2 -1
data/lib/puppet/type/package.rb +6 -3
data/lib/puppet/type/resources.rb +2 -1
data/lib/puppet/type/service.rb +2 -1
data/lib/puppet/type/tidy.rb +14 -7
data/lib/puppet/type/user.rb +19 -7
data/lib/puppet/util.rb +6 -3
data/lib/puppet/util/checksums.rb +1 -1
data/lib/puppet/util/classgen.rb +12 -6
data/lib/puppet/util/command_line.rb +8 -4
data/lib/puppet/util/connection.rb +4 -2
data/lib/puppet/util/diff.rb +4 -2
data/lib/puppet/util/execution.rb +4 -2
data/lib/puppet/util/feature.rb +7 -4
data/lib/puppet/util/fileparsing.rb +57 -46
data/lib/puppet/util/filetype.rb +2 -1
data/lib/puppet/util/http_proxy.rb +2 -1
data/lib/puppet/util/instance_loader.rb +2 -1
data/lib/puppet/util/ldap/connection.rb +4 -2
data/lib/puppet/util/ldap/manager.rb +6 -3
data/lib/puppet/util/log.rb +6 -3
data/lib/puppet/util/metric.rb +2 -1
data/lib/puppet/util/posix.rb +4 -2
data/lib/puppet/util/rdoc/code_objects.rb +2 -1
data/lib/puppet/util/rdoc/generators/puppet_generator.rb +4 -2
data/lib/puppet/util/selinux.rb +2 -1
data/lib/puppet/version.rb +2 -5
data/locales/puppet.pot +713 -685
data/man/man5/puppet.conf.5 +9 -2
data/man/man8/puppet-agent.8 +1 -1
data/man/man8/puppet-apply.8 +1 -1
data/man/man8/puppet-catalog.8 +1 -1
data/man/man8/puppet-config.8 +1 -1
data/man/man8/puppet-describe.8 +1 -1
data/man/man8/puppet-device.8 +1 -1
data/man/man8/puppet-doc.8 +1 -1
data/man/man8/puppet-epp.8 +1 -1
data/man/man8/puppet-facts.8 +1 -1
data/man/man8/puppet-filebucket.8 +1 -1
data/man/man8/puppet-generate.8 +1 -1
data/man/man8/puppet-help.8 +1 -1
data/man/man8/puppet-key.8 +1 -1
data/man/man8/puppet-lookup.8 +1 -1
data/man/man8/puppet-man.8 +1 -1
data/man/man8/puppet-module.8 +1 -1
data/man/man8/puppet-node.8 +1 -1
data/man/man8/puppet-parser.8 +1 -1
data/man/man8/puppet-plugin.8 +1 -1
data/man/man8/puppet-report.8 +1 -1
data/man/man8/puppet-resource.8 +1 -1
data/man/man8/puppet-script.8 +1 -1
data/man/man8/puppet-ssl.8 +1 -1
data/man/man8/puppet-status.8 +1 -1
data/man/man8/puppet.8 +2 -2
data/spec/lib/puppet_spec/modules.rb +16 -2
data/spec/unit/indirector/request_spec.rb +5 -6
data/spec/unit/info_service_spec.rb +48 -0
data/spec/unit/module_spec.rb +73 -0
data/spec/unit/plan_spec.rb +65 -0
data/spec/unit/puppet_pal_catalog_spec.rb +12 -0
data/spec/unit/ssl/state_machine_spec.rb +68 -5
metadata +6 -2

data/lib/puppet/resource/type.rb CHANGED

@@ -89,7 +89,8 @@ class Puppet::Resource::Type
       produced_resource.resource_type.parameters.each do |name|
         next if name == :name
-        if expr = blueprint[:mappings][name.to_s]
+        expr = blueprint[:mappings][name.to_s]
+        if expr
           produced_resource[name] = expr.safeevaluate(scope)
         else
           produced_resource[name] = scope[name.to_s]
@@ -147,7 +148,8 @@ class Puppet::Resource::Type
     set_name_and_namespace(name)
     [:code, :doc, :line, :file, :parent].each do |param|
-      next unless value = options[param]
+      value = options[param]
+      next unless value
       send(param.to_s + '=', value)
     end
@@ -453,7 +455,9 @@ class Puppet::Resource::Type
   end
   def evaluate_parent_type(resource)
-    return unless klass = parent_type(resource.scope) and parent_resource = resource.scope.compiler.catalog.resource(:class, klass.name) || resource.scope.compiler.catalog.resource(:node, klass.name)
+    klass = parent_type(resource.scope)
+    parent_resource = resource.scope.compiler.catalog.resource(:class, klass.name) || resource.scope.compiler.catalog.resource(:node, klass.name) if klass
+    return unless klass && parent_resource
     parent_resource.evaluate unless parent_resource.evaluated?
     parent_scope(resource.scope, klass)
   end

data/lib/puppet/resource/type_collection.rb CHANGED

@@ -124,7 +124,8 @@ class Puppet::Resource::TypeCollection
   def node(name)
     name = munge_name(name)
-    if node = @nodes[name]
+    node = @nodes[name]
+    if node
       return node
     end
@@ -250,7 +251,8 @@ class Puppet::Resource::TypeCollection
   end
   def dupe_check(instance, hash)
-    return unless dupe = hash[instance.name]
+    dupe = hash[instance.name]
+    return unless dupe
     message = yield dupe
     instance.fail Puppet::ParseError, message
   end

data/lib/puppet/settings.rb CHANGED

@@ -298,7 +298,7 @@ class Puppet::Settings
     # remove run_mode options from the arguments so that later parses don't think
     # it is an unknown option.
-    while option_index = args.index('--run_mode') do
+    while option_index = args.index('--run_mode') do #rubocop:disable Lint/AssignmentInCondition
       args.delete_at option_index
       args.delete_at option_index
     end
@@ -380,7 +380,8 @@ class Puppet::Settings
   # Return a value's description.
   def description(name)
-    if obj = @config[name.to_sym]
+    obj = @config[name.to_sym]
+    if obj
       obj.desc
     else
       nil
@@ -436,7 +437,8 @@ class Puppet::Settings
       end
     end
-    if s = @config[str]
+    s = @config[str]
+    if s
       @deprecated_settings_that_have_been_configured << s if s.completely_deprecated?
     end
@@ -651,7 +653,8 @@ class Puppet::Settings
     # and I'm too lazy to only set the metadata once.
     if @configuration_file
       searchpath(nil, preferred_run_mode).reverse_each do |source|
-        if source.type == :section && section = @configuration_file.sections[source.name]
+        section = @configuration_file.sections[source.name] if source.type == :section
+        if section
           apply_metadata_from_section(section)
         end
       end
@@ -661,7 +664,8 @@ class Puppet::Settings
   def apply_metadata_from_section(section)
     section.settings.each do |setting|
-      if setting.has_metadata? && type = @config[setting.name]
+      type = @config[setting.name] if setting.has_metadata?
+      if type
         type.set_meta(setting.meta)
       end
     end
@@ -695,8 +699,10 @@ class Puppet::Settings
     klass = nil
     hash[:section] = hash[:section].to_sym if hash[:section]
-    if type = hash[:type]
-      unless klass = SETTING_TYPES[type]
+    type = hash[:type]
+    if type
+      klass = SETTING_TYPES[type]
+      unless klass
         raise ArgumentError, _("Invalid setting type '%{type}'") % { type: type }
       end
       hash.delete(:type)
@@ -728,7 +734,8 @@ class Puppet::Settings
   # Reparse our config file, if necessary.
   def reparse_config_files
     if files
-      if filename = any_files_changed?
+      filename = any_files_changed?
+      if filename
         Puppet.notice "Config file #{filename} changed; triggering re-parse of all config files."
         parse_config_files
         reuse
@@ -835,7 +842,8 @@ class Puppet::Settings
     when :values
       @value_sets[source.name]
     when :section
-      if @configuration_file && section = @configuration_file.sections[source.name]
+      section = @configuration_file.sections[source.name] if @configuration_file
+      if section
         ValuesFromSection.new(source.name, section)
       end
     when :environment
@@ -850,7 +858,8 @@ class Puppet::Settings
   def set_by_config?(param, environment = nil, run_mode = preferred_run_mode)
     param = param.to_sym
     configsearchpath(environment, run_mode).any? do |source|
-      if vals = searchpath_values(source)
+      vals = searchpath_values(source)
+      if vals
         vals.lookup(param)
       end
     end
@@ -910,8 +919,10 @@ class Puppet::Settings
       hash[:section] = section
       raise ArgumentError, _("Setting %{name} is already defined") % { name: name } if @config.include?(name)
       tryconfig = newsetting(hash)
-      if short = tryconfig.short
-        if other = @shortnames[short]
+      short = tryconfig.short
+      if short
+        other = @shortnames[short]
+        if other
           raise ArgumentError, _("Setting %{name} is already using short name '%{short}'") % { name: other.name, short: short }
         end
         @shortnames[short] = tryconfig
@@ -946,7 +957,8 @@ class Puppet::Settings
       file = @config[key]
       next if file.value.nil?
       next unless (sections.nil? or sections.include?(file.section))
-      next unless resource = file.to_resource
+      resource = file.to_resource
+      next unless resource
       next if catalog.resource(resource.ref)
       Puppet.debug {"Using settings: adding file resource '#{key}': '#{resource.inspect}'"}
@@ -1147,7 +1159,8 @@ Generated on #{Time.now}.
   def record_deprecations_from_puppet_conf(puppet_conf)
     puppet_conf.sections.values.each do |section|
       section.settings.each do |conf_setting|
-        if setting = self.setting(conf_setting.name)
+        setting = self.setting(conf_setting.name)
+        if setting
           @deprecated_settings_that_have_been_configured << setting if setting.deprecated?
         end
       end
@@ -1209,12 +1222,14 @@ Generated on #{Time.now}.
       next unless setting.respond_to?(:owner)
       next unless sections.nil? or sections.include?(setting.section)
-      if user = setting.owner and user != "root" and catalog.resource(:user, user).nil?
+      user = setting.owner
+      if user && user != "root" && catalog.resource(:user, user).nil?
         resource = Puppet::Resource.new(:user, user, :parameters => {:ensure => :present})
         resource[:gid] = self[:group] if self[:group]
         catalog.add_resource resource
       end
-      if group = setting.group and ! %w{root wheel}.include?(group) and catalog.resource(:group, group).nil?
+      group = setting.group
+      if group && ! %w{root wheel}.include?(group) && catalog.resource(:group, group).nil?
         catalog.add_resource Puppet::Resource.new(:group, group, :parameters => {:ensure => :present})
       end
     end
@@ -1478,9 +1493,11 @@ Generated on #{Time.now}.
     end
     def conf
-      @conf ||= if environments = Puppet.lookup(:environments) { nil }
-                  environments.get_conf(@environment_name)
-                end
+      unless @conf
+        environments = Puppet.lookup(:environments) { nil }
+        @conf = environments.get_conf(@environment_name) if environments
+      end
+      @conf
     end
     def inspect

data/lib/puppet/settings/base_setting.rb CHANGED

@@ -59,7 +59,8 @@ class Puppet::Settings::BaseSetting
   # Create the new element.  Pretty much just sets the name.
   def initialize(args = {})
-    unless @settings = args.delete(:settings)
+    @settings = args.delete(:settings)
+    unless @settings
       raise ArgumentError.new("You must refer to a settings object")
     end

data/lib/puppet/settings/config_file.rb CHANGED

@@ -109,7 +109,8 @@ private
     # Check to see if this is a file argument and it has extra options
     begin
-      if value.is_a?(String) and options = extract_fileinfo(value)
+      options = extract_fileinfo(value) if value.is_a?(String)
+      if options
         section.with_setting(var, options[:value], Meta.new(options[:owner],
                                                             options[:group],
                                                             options[:mode]))

data/lib/puppet/settings/file_setting.rb CHANGED

@@ -125,7 +125,8 @@ class Puppet::Settings::FileSetting < Puppet::Settings::StringSetting
   # Turn our setting thing into a Puppet::Resource instance.
   def to_resource
-    return nil unless type = self.type
+    type = self.type
+    return nil unless type
     path = self.value

data/lib/puppet/settings/ini_file.rb CHANGED

@@ -96,7 +96,8 @@ class Puppet::Settings::IniFile
   end
   def set_default_section_write_sectionline(value)
-    if index = @lines.find_index { |line| line.is_a?(DefaultSection) }
+    index = @lines.find_index { |line| line.is_a?(DefaultSection) }
+    if index
       @lines[index].write_sectionline = true
     end
   end

data/lib/puppet/ssl/base.rb CHANGED

@@ -135,7 +135,8 @@ class Puppet::SSL::Base
       /sha\d*/i
     )
     ln = content.signature_algorithm
-    if match = digest_re.match(ln)
+    match = digest_re.match(ln)
+    if match
       match[0].downcase
     else
       raise Puppet::Error, _("Unknown signature algorithm '%{ln}'") % { ln: ln }

data/lib/puppet/ssl/host.rb CHANGED

@@ -179,10 +179,14 @@ ERROR_STRING
   # @return [Puppet::SSL::CertificateRequest, nil]
   def certificate_request
     unless @certificate_request
-      if csr = load_certificate_request_from_file
-        @certificate_request = csr
-      elsif csr = download_csr_from_ca
+      csr = load_certificate_request_from_file
+      if csr
         @certificate_request = csr
+      else
+        csr = download_csr_from_ca
+        if csr
+          @certificate_request = csr
+        end
       end
     end
     @certificate_request
@@ -389,13 +393,17 @@ ERROR_STRING
   # no certificate could be found.
   # @return [Puppet::SSL::Certificate, nil]
   def get_host_certificate
-    if cert = check_for_certificate_on_disk(name)
-      return cert
-    elsif cert = download_certificate_from_ca(name)
-      save_host_certificate(cert)
+    cert = check_for_certificate_on_disk(name)
+    if cert
       return cert
     else
-      return nil
+      cert = download_certificate_from_ca(name)
+      if cert
+        save_host_certificate(cert)
+        return cert
+      else
+        return nil
+      end
     end
   end

data/lib/puppet/ssl/key.rb CHANGED

@@ -50,8 +50,8 @@ DOC
   end
   def to_s
-    if pass = password
-      @content.export(OpenSSL::Cipher::DES.new(:EDE3, :CBC), pass)
+    if password
+      @content.export(OpenSSL::Cipher::DES.new(:EDE3, :CBC), password)
     else
       return super
     end

data/lib/puppet/ssl/state_machine.rb CHANGED

@@ -45,6 +45,18 @@ class Puppet::SSL::StateMachine
         next_ctx = @ssl_provider.create_root_context(cacerts: cacerts, revocation: false)
       else
         pem = Puppet::Rest::Routes.get_certificate(Puppet::SSL::CA_NAME, @ssl_context)
+        if @machine.ca_fingerprint
+          actual_digest = Puppet::SSL::Digest.new(@machine.digest, pem).to_hex
+          expected_digest = @machine.ca_fingerprint.scan(/../).join(':').upcase
+          if actual_digest == expected_digest
+            Puppet.info(_("Verified CA bundle with digest (%{digest_type}) %{actual_digest}") %
+                        { digest_type: @machine.digest, actual_digest: actual_digest })
+          else
+            e = Puppet::Error.new(_("CA bundle with digest (%{digest_type}) %{actual_digest} did not match expected digest %{expected_digest}") % { digest_type: @machine.digest, actual_digest: actual_digest, expected_digest: expected_digest })
+            return Error.new(@machine, e.message, e)
+          end
+        end
         cacerts = @cert_provider.load_cacerts_from_pem(pem)
         # verify cacerts before saving
         next_ctx = @ssl_provider.create_root_context(cacerts: cacerts, revocation: false)
@@ -292,7 +304,7 @@ class Puppet::SSL::StateMachine
   #
   class Done < SSLState; end
-  attr_reader :waitforcert, :wait_deadline, :cert_provider, :ssl_provider
+  attr_reader :waitforcert, :wait_deadline, :cert_provider, :ssl_provider, :ca_fingerprint, :digest
   # Construct a state machine to manage the SSL initialization process. By
   # default, if the state machine encounters an exception, it will log the
@@ -312,18 +324,25 @@ class Puppet::SSL::StateMachine
   #   to load and save X509 objects.
   # @param ssl_provider [Puppet::SSL::SSLProvider] ssl provider to use
   #   to construct ssl contexts.
+  # @param digest [String] digest algorithm to use for certificate fingerprinting
+  # @param ca_fingerprint [String] optional fingerprint to verify the
+  #   downloaded CA bundle
   def initialize(waitforcert: Puppet[:waitforcert],
                  maxwaitforcert: Puppet[:maxwaitforcert],
                  onetime: Puppet[:onetime],
                  cert_provider: Puppet::X509::CertProvider.new,
                  ssl_provider: Puppet::SSL::SSLProvider.new,
-                 lockfile: Puppet::Util::Pidlock.new(Puppet[:ssl_lockfile]))
+                 lockfile: Puppet::Util::Pidlock.new(Puppet[:ssl_lockfile]),
+                 digest: 'SHA256',
+                 ca_fingerprint: Puppet[:ca_fingerprint])
     @waitforcert = waitforcert
     @wait_deadline = Time.now.to_i + maxwaitforcert
     @onetime = onetime
     @cert_provider = cert_provider
     @ssl_provider = ssl_provider
     @lockfile = lockfile
+    @digest = digest
+    @ca_fingerprint = ca_fingerprint
   end
   # Run the state machine for CA certs and CRLs.
@@ -347,7 +366,7 @@ class Puppet::SSL::StateMachine
       chain = ssl_context.client_chain
       # print from root to client
       chain.reverse.each_with_index do |cert, i|
-        digest = Puppet::SSL::Digest.new('SHA256', cert.to_der)
+        digest = Puppet::SSL::Digest.new(@digest, cert.to_der)
         if i == chain.length - 1
           Puppet.debug(_("Verified client certificate '%{subject}' fingerprint %{digest}") % {subject: cert.subject.to_utf8, digest: digest})
         else

data/lib/puppet/transaction/event.rb CHANGED

@@ -109,7 +109,8 @@ class Puppet::Transaction::Event
   end
   def resource=(res)
-    if res.respond_to?(:[]) and level = res[:loglevel]
+    level = res[:loglevel] if res.respond_to?(:[])
+    if level
       @default_log_level = level
     end
     @resource = res.to_s

data/lib/puppet/transaction/event_manager.rb CHANGED

@@ -68,7 +68,8 @@ class Puppet::Transaction::EventManager
       received = (event.name != :restarted)
       relationship_graph.matching_edges(event, resource).each do |edge|
         received ||= true unless edge.target.is_a?(Puppet::Type.type(:whit))
-        next unless method = edge.callback
+        method = edge.callback
+        next unless method
         next unless edge.target.respond_to?(method)
         queue_events_for_resource(resource, edge.target, method, list)
@@ -114,7 +115,8 @@ class Puppet::Transaction::EventManager
   end
   def queued_events(resource)
-    return unless callbacks = @event_queues[resource]
+    callbacks = @event_queues[resource]
+    return unless callbacks
     callbacks.each do |callback, events|
       yield callback, events unless events.empty?
     end

data/lib/puppet/transaction/report.rb CHANGED

@@ -256,24 +256,24 @@ class Puppet::Transaction::Report
     @time = data['time']
     @corrective_change = data['corrective_change']
-    if master_used = data['master_used']
-      @master_used = master_used
+    if data['master_used']
+      @master_used = data['master_used']
     end
-    if catalog_uuid = data['catalog_uuid']
-      @catalog_uuid = catalog_uuid
+    if data['catalog_uuid']
+      @catalog_uuid = data['catalog_uuid']
     end
-    if job_id = data['job_id']
-      @job_id = job_id
+    if data['job_id']
+      @job_id = data['job_id']
     end
-    if code_id = data['code_id']
-      @code_id = code_id
+    if data['code_id']
+      @code_id = data['code_id']
     end
-    if cached_catalog_status = data['cached_catalog_status']
-      @cached_catalog_status = cached_catalog_status
+    if data['cached_catalog_status']
+      @cached_catalog_status = data['cached_catalog_status']
     end
     if @time.is_a? String

data/lib/puppet/transaction/resource_harness.rb CHANGED

@@ -35,7 +35,8 @@ class Puppet::Transaction::ResourceHarness
   def scheduled?(resource)
     return true if Puppet[:ignoreschedules]
-    return true unless schedule = schedule(resource)
+    schedule = schedule(resource)
+    return true unless schedule
     # We use 'checked' here instead of 'synced' because otherwise we'll
     # end up checking most resources most times, because they will generally
@@ -51,7 +52,8 @@ class Puppet::Transaction::ResourceHarness
       return nil
     end
-    return nil unless name = resource[:schedule]
+    name = resource[:schedule]
+    return nil unless name
     resource.catalog.resource(:schedule, name) || resource.fail(_("Could not find schedule %{name}") % { name: name })
   end