puppet 7.0.0-universal-darwin → 7.5.0-universal-darwin

data/lib/puppet/environments.rb

@@ -225,6 +225,9 @@ module Puppet::Environments
     private
 
     def create_environment(name)
+      # interpolated modulepaths may be cached from prior environment instances
+      Puppet.settings.clear_environment_settings(name)
+
       env_symbol = name.intern
       setting_values = Puppet.settings.values(env_symbol, Puppet.settings.preferred_run_mode)
       env = Puppet::Node::Environment.create(
@@ -346,17 +349,23 @@ module Puppet::Environments
       @loader = loader
       @cache_expiration_service = Puppet::Environments::Cached.cache_expiration_service
       @cache = {}
-
-      # Holds expiration times in sorted order - next to expire is first
-      @expirations = SortedSet.new
-
-      # Infinity since it there are no entries, this is a cache of the first to expire time
-      @next_expiration = END_OF_TIME
     end
 
     # @!macro loader_list
     def list
-      @loader.list
+      # Evict all that have expired, in the same way as `get`
+      clear_all_expired
+
+      @loader.list.map do |env|
+        name = env.name
+        old_entry = @cache[name]
+        if old_entry
+          old_entry.value
+        else
+          add_entry(name, entry(env))
+          env
+        end
+      end
     end
 
     # @!macro loader_search_paths
@@ -379,7 +388,6 @@ module Puppet::Environments
       elsif (result = @loader.get(name))
         # environment loaded, cache it
         cache_entry = entry(result)
-        @cache_expiration_service.created(result)
         add_entry(name, cache_entry)
         result
       end
@@ -389,28 +397,36 @@ module Puppet::Environments
     def add_entry(name, cache_entry)
       Puppet.debug {"Caching environment '#{name}' #{cache_entry.label}"}
       @cache[name] = cache_entry
-      expires = cache_entry.expires
-      @expirations.add(expires)
-      if @next_expiration > expires
-        @next_expiration = expires
-      end
+      @cache_expiration_service.created(cache_entry.value)
     end
     private :add_entry
 
+    def clear_entry(name, entry)
+      @cache.delete(name)
+      Puppet.debug {"Evicting cache entry for environment '#{name}'"}
+      @cache_expiration_service.evicted(name.to_sym)
+      Puppet::GettextConfig.delete_text_domain(name)
+      Puppet.settings.clear_environment_settings(name)
+    end
+    private :clear_entry
+
     # Clears the cache of the environment with the given name.
     # (The intention is that this could be used from a MANUAL cache eviction command (TBD)
     def clear(name)
-      @cache.delete(name)
-      Puppet::GettextConfig.delete_text_domain(name)
+      entry = @cache[name]
+      clear_entry(name, entry) if entry
     end
 
     # Clears all cached environments.
     # (The intention is that this could be used from a MANUAL cache eviction command (TBD)
-    def clear_all()
+    def clear_all
       super
+
+      @cache.each_pair do |name, entry|
+        clear_entry(name, entry)
+      end
+
       @cache = {}
-      @expirations.clear
-      @next_expiration = END_OF_TIME
       Puppet::GettextConfig.delete_environment_text_domains
     end
 
@@ -419,18 +435,24 @@ module Puppet::Environments
     #
     def clear_all_expired()
       t = Time.now
-      return if t < @next_expiration && ! @cache.any? {|name, _| @cache_expiration_service.expired?(name.to_sym) }
-      to_expire = @cache.select { |name, entry| entry.expires < t || @cache_expiration_service.expired?(name.to_sym) }
-      to_expire.each do |name, entry|
-        Puppet.debug {"Evicting cache entry for environment '#{name}'"}
-        @cache_expiration_service.evicted(name.to_sym)
-        clear(name)
-        @expirations.delete(entry.expires)
-        Puppet.settings.clear_environment_settings(name)
+
+      @cache.each_pair do |name, entry|
+        clear_if_expired(name, entry, t)
       end
-      @next_expiration = @expirations.first || END_OF_TIME
     end
 
+    # Clear an environment if it is expired, either by exceeding its time to live, or
+    # through an explicit eviction determined by the cache expiration service.
+    #
+    def clear_if_expired(name, entry, t = Time.now)
+      return unless entry
+
+      if entry.expired?(t) || @cache_expiration_service.expired?(name.to_sym)
+        clear_entry(name, entry)
+      end
+    end
+    private :clear_if_expired
+
     # This implementation evicts the cache, and always gets the current
     # configuration of the environment
     #
@@ -440,7 +462,7 @@ module Puppet::Environments
     #
     # @!macro loader_get_conf
     def get_conf(name)
-      evict_if_expired(name)
+      clear_if_expired(name, @cache[name])
       @loader.get_conf(name)
     end
 
@@ -463,17 +485,6 @@ module Puppet::Environments
       end
     end
 
-    # Evicts the entry if it has expired
-    # Also clears caches in Settings that may prevent the entry from being updated
-    def evict_if_expired(name)
-      if (result = @cache[name]) && (result.expired? || @cache_expiration_service.expired?(name.to_sym))
-        Puppet.debug {"Evicting cache entry for environment '#{name}'"}
-        @cache_expiration_service.evicted(name.to_sym)
-        clear(name)
-        Puppet.settings.clear_environment_settings(name)
-      end
-    end
-
     # Never evicting entry
     class Entry
       attr_reader :value
@@ -485,32 +496,24 @@ module Puppet::Environments
       def touch
       end
 
-      def expired?
+      def expired?(now)
         false
       end
 
       def label
         ""
       end
-
-      def expires
-        END_OF_TIME
-      end
     end
 
     # Always evicting entry
     class NotCachedEntry < Entry
-      def expired?
+      def expired?(now)
         true
       end
 
       def label
         "(ttl = 0 sec)"
       end
-
-      def expires
-        START_OF_TIME
-      end
     end
 
     # Policy that expires if it hasn't been touched within ttl_seconds
@@ -527,12 +530,8 @@ module Puppet::Environments
         @ttl = Time.now + @ttl_seconds
       end
 
-      def expired?
-        Time.now > @ttl
-      end
-
-      def expires
-        @ttl
+      def expired?(now)
+        now > @ttl
       end
 
       def label

data/lib/puppet/face/facts.rb

@@ -128,22 +128,46 @@ Puppet::Indirector::Face.define(:facts, '0.0.1') do
       summary _("Show legacy facts when querying all facts.")
     end
 
+    option("--value-only") do
+      summary _("Show only the value when the action is called with a single query")
+    end
+
+    option("--timing") do
+      summary _("Show how much time it took to resolve each fact.")
+    end
+
     when_invoked do |*args|
       options = args.pop
 
       Puppet.settings.preferred_run_mode = :agent
       Puppet::Node::Facts.indirection.terminus_class = :facter
 
+      if options[:value_only] && !args.count.eql?(1)
+        options[:value_only] = nil
+        Puppet.warning("Incorrect use of --value-only argument; it can only be used when querying for a single fact!")
+      end
 
       options[:user_query] = args
       options[:resolve_options] = true
       result = Puppet::Node::Facts.indirection.find(Puppet.settings[:certname], options)
 
-      result.values
+      if options[:value_only]
+        result.values.values.first
+      else
+        result.values
+      end
     end
 
     when_rendering :console do |result|
-      Puppet::Util::Json.dump(result, :pretty => true)
+      # VALID_TYPES = [Integer, Float, TrueClass, FalseClass, NilClass, Symbol, String, Array, Hash].freeze
+      # from https://github.com/puppetlabs/facter/blob/4.0.49/lib/facter/custom_facts/util/normalization.rb#L8
+
+      case result
+      when Array, Hash
+        Puppet::Util::Json.dump(result, :pretty => true)
+      else # one of VALID_TYPES above
+        result
+      end
     end
   end
 end

data/lib/puppet/face/node/clean.rb

@@ -47,6 +47,14 @@ Puppet::Face.define(:node, '0.0.1') do
   end
 
   class LoggerIO
+    def debug(message)
+      Puppet.debug(message)
+    end
+
+    def warn(message)
+      Puppet.warning(message)
+    end
+
     def err(message)
       Puppet.err(message) unless message =~ /^\s*Error:\s*/
     end

data/lib/puppet/ffi/posix.rb

@@ -0,0 +1,10 @@
+require 'ffi'
+
+module Puppet
+  module FFI
+    module POSIX
+      require 'puppet/ffi/posix/functions'
+      require 'puppet/ffi/posix/constants'
+    end
+  end
+end

data/lib/puppet/ffi/posix/constants.rb

@@ -0,0 +1,14 @@
+require 'puppet/ffi/posix'
+
+module Puppet::FFI::POSIX
+  module Constants
+    extend FFI::Library
+  
+    # Maximum number of supplementary groups (groups
+    # that a user can be in plus its primary group)
+    # (64 + 1 primary group)
+    # Chosen a reasonable middle number from the list
+    # https://www.j3e.de/ngroups.html
+    MAXIMUM_NUMBER_OF_GROUPS = 65
+  end
+end

data/lib/puppet/ffi/posix/functions.rb

@@ -0,0 +1,24 @@
+require 'puppet/ffi/posix'
+
+module Puppet::FFI::POSIX
+  module Functions
+
+    extend FFI::Library
+
+    ffi_convention :stdcall
+
+    # https://man7.org/linux/man-pages/man3/getgrouplist.3.html
+    # int getgrouplist (
+    #   const char *user,
+    #   gid_t group,
+    #   gid_t *groups,
+    #   int *ngroups
+    # );
+    begin
+      ffi_lib FFI::Library::LIBC
+      attach_function :getgrouplist, [:string, :uint, :pointer, :pointer], :int
+    rescue FFI::NotFoundError
+      # Do nothing
+    end
+  end
+end

data/lib/puppet/ffi/windows/api_types.rb

@@ -20,7 +20,7 @@ module Puppet::FFI::Windows
 
     class ::FFI::Pointer
       NULL_HANDLE = 0
-      WCHAR_NULL = "\0\0".encode('UTF-16LE').freeze
+      WCHAR_NULL = "\0\0".force_encoding('UTF-16LE').freeze
 
       def self.from_string_to_wide_string(str, &block)
         str = Puppet::Util::Windows::String.wide_string(str)

data/lib/puppet/ffi/windows/constants.rb

@@ -375,7 +375,7 @@ module Puppet::FFI::Windows
     SERVICE_CONFIG_PRESHUTDOWN_INFO         = 0x00000007
     SERVICE_CONFIG_TRIGGER_INFO             = 0x00000008
     SERVICE_CONFIG_PREFERRED_NODE           = 0x00000009
-    SERVICE_CONFIG_LAUNCH_PROTECTED         = 0x00000012
+    SERVICE_CONFIG_LAUNCH_PROTECTED         = 0x0000000C
     SERVICE_NO_CHANGE                       = 0xffffffff
     SERVICE_CONFIG_TYPES = {
       SERVICE_CONFIG_DESCRIPTION => :SERVICE_CONFIG_DESCRIPTION,

data/lib/puppet/file_serving/configuration/parser.rb

@@ -33,8 +33,11 @@ class Puppet::FileServing::Configuration::Parser
           when "path"
             path(mount, value)
           when "allow", "deny"
-            error_location_str = Puppet::Util::Errors.error_location(@file.filename, @count)
-            Puppet.err("Entry '#{line.chomp}' is unsupported and will be ignored at #{error_location_str}")
+            # ignore `allow *`, otherwise report error
+            if var != 'allow' || value != '*'
+              error_location_str = Puppet::Util::Errors.error_location(@file.filename, @count)
+              Puppet.err("Entry '#{line.chomp}' is unsupported and will be ignored at #{error_location_str}")
+            end
           else
             error_location_str = Puppet::Util::Errors.error_location(@file.filename, @count)
             raise ArgumentError.new(_("Invalid argument '%{var}' at %{error_location}") %

data/lib/puppet/file_system/memory_file.rb

@@ -7,6 +7,13 @@ class Puppet::FileSystem::MemoryFile
     new(path, :exist? => false, :executable? => false)
   end
 
+  def self.a_missing_directory(path)
+    new(path,
+        :exist? => false,
+        :executable? => false,
+        :directory? => true)
+  end
+
   def self.a_regular_file_containing(path, content)
     new(path, :exist? => true, :executable? => false, :content => content)
   end
@@ -18,7 +25,7 @@ class Puppet::FileSystem::MemoryFile
   def self.a_directory(path, children = [])
     new(path,
         :exist? => true,
-        :excutable? => true,
+        :executable? => true,
         :directory? => true,
         :children => children)
   end

data/lib/puppet/file_system/windows.rb

@@ -128,6 +128,8 @@ class Puppet::FileSystem::Windows < Puppet::FileSystem::Posix
     end
 
     current_sid = Puppet::Util::Windows::SID.name_to_sid(Puppet::Util::Windows::ADSI::User.current_user_name)
+    current_sid = Puppet::Util::Windows::SID.name_to_sid(Puppet::Util::Windows::ADSI::User.current_sam_compatible_user_name) unless current_sid
+
     dacl = case mode
            when 0644
              dacl = secure_dacl(current_sid)

data/lib/puppet/http/factory.rb

@@ -26,6 +26,10 @@ class Puppet::HTTP::Factory
 
     http = Puppet::HTTP::Proxy.proxy(URI(site.addr))
     http.use_ssl = site.use_ssl?
+    if site.use_ssl?
+      http.min_version = OpenSSL::SSL::TLS1_VERSION if http.respond_to?(:min_version)
+      http.ciphers = Puppet[:ciphers]
+    end
     http.read_timeout = Puppet[:http_read_timeout]
     http.open_timeout = Puppet[:http_connect_timeout]
     http.keep_alive_timeout = KEEP_ALIVE_TIMEOUT if http.respond_to?(:keep_alive_timeout=)

data/lib/puppet/indirector/facts/facter.rb

@@ -103,6 +103,7 @@ class Puppet::Node::Facts::Facter < Puppet::Indirector::Code
     options_for_facter += " --show-legacy" if options[:show_legacy]
     options_for_facter += " --no-block" if options[:no_block] == false
     options_for_facter += " --no-cache" if options[:no_cache] == false
+    options_for_facter += " --timing" if options[:timing]
 
     Puppet::Node::Facts.new(request.key, Facter.resolve(options_for_facter))
   end

data/lib/puppet/module_tool/applications/installer.rb

@@ -131,8 +131,54 @@ module Puppet::ModuleTool
           begin
             Puppet.info _("Resolving dependencies ...")
             releases = SemanticPuppet::Dependency.resolve(graph)
-          rescue SemanticPuppet::Dependency::UnsatisfiableGraph
-            raise NoVersionsSatisfyError, results.merge(:requested_name => name)
+          rescue SemanticPuppet::Dependency::UnsatisfiableGraph => e
+            unsatisfied = nil
+
+            if e.respond_to?(:unsatisfied)
+              constraints = {}
+              # If the module we're installing satisfies all its
+              # dependencies, but would break an already installed
+              # module that depends on it, show what would break.
+              if name == e.unsatisfied
+                graph.constraints[name].each do |mod, range, _|
+                  next unless mod.split.include?('constraint')
+
+                  # If the user requested a specific version or range,
+                  # only show the modules with non-intersecting ranges
+                  if options[:version]
+                    requested_range = SemanticPuppet::VersionRange.parse(options[:version])
+                    constraint_range = SemanticPuppet::VersionRange.parse(range)
+
+                    if requested_range.intersection(constraint_range) == SemanticPuppet::VersionRange::EMPTY_RANGE
+                      constraints[mod.split.first] = range
+                    end
+                  else
+                    constraints[mod.split.first] = range
+                  end
+                end
+
+              # If the module fails to satisfy one of its
+              # dependencies, show the unsatisfiable module
+              else
+                unsatisfied_range = graph.dependencies[name].max.constraints[e.unsatisfied].first[1]
+                constraints[e.unsatisfied] = unsatisfied_range
+              end
+
+              installed_module = @environment.module_by_forge_name(e.unsatisfied.tr('-', '/'))
+              current_version = installed_module.version if installed_module
+
+              unsatisfied = {
+                :name => e.unsatisfied,
+                :constraints => constraints,
+                :current_version => current_version
+              }
+            end
+
+            raise NoVersionsSatisfyError, results.merge(
+                    :requested_name => name,
+                    :requested_version => options[:version] || graph.dependencies[name].max.version.to_s,
+                    :unsatisfied => unsatisfied
+            )
           end
 
           unless forced?