puppet 7.1.0-x64-mingw32 → 7.6.1-x64-mingw32

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 79b1004e426f1652649bae160800b6adee3809874c4f07084af9418925fd8cea
-  data.tar.gz: 38c8c304b9cee90ce0e92410a836481584ac7a6bbdba079467eee531b902171a
+  metadata.gz: 27f2954aa379b3e453c1723542dc4c1a8c0011ad232ebd04f25b8fbc606a419e
+  data.tar.gz: 78c759dd573067fce0844b2b6e06903fa54204bf4991efb03558f6b59494f1b7
 SHA512:
-  metadata.gz: 29ec6fdcfb2580d2fb3be25e3320115d206597c15b10742c9cedd97e5becc26c6a2b2f755cc197de04b0d556d128f270349f02d05af8703b2835d34cab3e16dd
-  data.tar.gz: b952269b4c64e6dbc51a724be68aabd3fd55689fcad060df737223a89bc2643d3700dfcaef27b2a23a32bf486832a1f0ebcc95dc405d7f40f3fe19a8eed78444
+  metadata.gz: dfc73e4b6defebad35bfc3b42dd96d139cb594d952844210e6e5996cd9118238e56e582a7ef1a13a2bdc38e3748c206d70e8c8b419f749e2a08a11d6940898ee
+  data.tar.gz: 595529dac84e5f408133b4ef2c45e0d2728aa20ee2a912da1c8d3a0205ad32c10f6ebbd57d3d2fc4898401915b7f99bec63a82772dba2fff6648d5d7c12447de

data/Gemfile.lock

@@ -1,7 +1,18 @@
+GIT
+  remote: git://github.com/ciprianbadescu/packaging
+  revision: 5f8d2bda941abfeeb8fb1731c9b1dd4d108f5d33
+  branch: maint/windows-signing
+  specs:
+    packaging (0.99.49.171.g5f8d2bd)
+      artifactory (~> 2)
+      csv (= 3.1.5)
+      rake (>= 12.3)
+      release-metrics
+
 PATH
   remote: .
   specs:
-    puppet (7.1.0)
+    puppet (7.6.1)
       CFPropertyList (~> 2.2)
       concurrent-ruby (~> 1.0)
       deep_merge (~> 1.0)
@@ -20,19 +31,20 @@ GEM
     addressable (2.7.0)
       public_suffix (>= 2.0.2, < 5.0)
     artifactory (2.8.2)
-    ast (2.4.1)
+    ast (2.4.2)
     coderay (1.1.3)
-    concurrent-ruby (1.1.7)
-    crack (0.4.4)
+    concurrent-ruby (1.1.8)
+    crack (0.4.5)
+      rexml
     csv (3.1.5)
     deep_merge (1.2.1)
     diff-lcs (1.4.4)
     docopt (0.6.1)
-    facter (4.0.46)
+    facter (4.1.1)
       hocon (~> 1.3)
       thor (>= 1.0.1, < 2.0)
     fast_gettext (1.1.2)
-    ffi (1.13.1)
+    ffi (1.15.0)
     gettext (3.2.9)
       locale (>= 2.0.5)
       text (>= 1.3.0)
@@ -41,11 +53,11 @@ GEM
       gettext (>= 3.0.2, < 3.3.0)
       locale
     hashdiff (1.0.1)
-    hiera (3.6.0)
-    hiera-eyaml (3.2.0)
-      highline (~> 1.6.19)
+    hiera (3.7.0)
+    hiera-eyaml (3.2.1)
+      highline
       optimist
-    highline (1.6.21)
+    highline (2.0.3)
     hocon (1.3.1)
     hpricot (0.8.6)
     json-schema (2.8.1)
@@ -54,36 +66,32 @@ GEM
     memory_profiler (1.0.0)
     method_source (1.0.0)
     minitar (0.9)
-    msgpack (1.3.3)
+    msgpack (1.4.2)
     multi_json (1.15.0)
     mustache (1.1.1)
     optimist (3.0.1)
-    packaging (0.99.75)
-      artifactory (~> 2)
-      csv (= 3.1.5)
-      rake (>= 12.3)
-      release-metrics
     parallel (1.20.1)
     parser (2.7.2.0)
       ast (~> 2.4.1)
     powerpack (0.1.3)
-    pry (0.13.1)
+    pry (0.14.1)
       coderay (~> 1.1)
       method_source (~> 1.0)
     public_suffix (4.0.6)
     puppet-resource_api (1.8.13)
       hocon (>= 1.0)
-    puppetserver-ca (2.0.1)
+    puppetserver-ca (2.1.0)
       facter (>= 2.0.1, < 5)
     racc (1.4.9)
     rainbow (2.2.2)
       rake
     rake (12.3.3)
     rdiscount (2.2.0.2)
-    rdoc (6.2.1)
+    rdoc (6.3.0)
     release-metrics (1.1.0)
       csv
       docopt
+    rexml (3.2.5)
     ronn (0.7.3)
       hpricot (>= 0.8.2)
       mustache (>= 0.7.0)
@@ -92,18 +100,18 @@ GEM
       rspec-core (~> 3.10.0)
       rspec-expectations (~> 3.10.0)
       rspec-mocks (~> 3.10.0)
-    rspec-core (3.10.0)
+    rspec-core (3.10.1)
       rspec-support (~> 3.10.0)
-    rspec-expectations (3.10.0)
+    rspec-expectations (3.10.1)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.10.0)
     rspec-its (1.3.0)
       rspec-core (>= 3.0.0)
       rspec-expectations (>= 3.0.0)
-    rspec-mocks (3.10.0)
+    rspec-mocks (3.10.2)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.10.0)
-    rspec-support (3.10.0)
+    rspec-support (3.10.2)
     rubocop (0.49.1)
       parallel (~> 1.10)
       parser (>= 2.3.3.1, < 3.0)
@@ -113,19 +121,19 @@ GEM
       unicode-display_width (~> 1.0, >= 1.0.1)
     rubocop-i18n (1.2.0)
       rubocop (~> 0.49.0)
-    ruby-prof (1.4.2)
-    ruby-progressbar (1.10.1)
+    ruby-prof (1.4.3)
+    ruby-progressbar (1.11.0)
     scanf (1.0.0)
-    semantic_puppet (1.0.2)
+    semantic_puppet (1.0.3)
     text (1.3.1)
-    thor (1.0.1)
+    thor (1.1.0)
     unicode-display_width (1.7.0)
     vcr (5.1.0)
-    webmock (3.10.0)
+    webmock (3.12.2)
       addressable (>= 2.3.6)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
-    yard (0.9.25)
+    yard (0.9.26)
 
 PLATFORMS
   ruby
@@ -140,7 +148,7 @@ DEPENDENCIES
   memory_profiler
   minitar (~> 0.9)
   msgpack (~> 1.2)
-  packaging (~> 0.99)
+  packaging!
   pry
   puppet!
   puppet-resource_api (~> 1.5)

data/ext/build_defaults.yaml

@@ -1,6 +1,5 @@
 ---
 packager: 'puppetlabs'
-gpg_key: '7F438280EF8D349F'
 
 # These are the build targets used by the packaging repo. Uncomment to allow use.
 #final_mocks: 'pl-el-5-i386 pl-el-6-i386 pl-el-7-x86_64'

data/lib/puppet/application.rb

@@ -475,12 +475,16 @@ class Application
   def handle_logdest_arg(arg)
     return if arg.nil?
 
-    begin
-      Puppet[:logdest] = arg
-      Puppet::Util::Log.newdestination(arg)
-      options[:setdest] = true
-    rescue => detail
-      Puppet.log_and_raise(detail, _("Could not set logdest to %{dest}.") % { dest: arg })
+    logdest = arg.split(',').map!(&:strip)
+    Puppet[:logdest] = arg
+
+    logdest.each do |dest|
+      begin
+        Puppet::Util::Log.newdestination(dest)
+        options[:setdest] = true
+      rescue => detail
+        Puppet.log_and_raise(detail, _("Could not set logdest to %{dest}.") % { dest: arg })
+      end
     end
   end
 

data/lib/puppet/application/agent.rb

@@ -267,6 +267,7 @@ generated by running puppet agent with '--genconfig'.
   service), 'eventlog' (the Windows Event Log), 'console', or the path to a log
   file. If debugging or verbosity is enabled, this defaults to 'console'.
   Otherwise, it defaults to 'syslog' on POSIX systems and 'eventlog' on Windows.
+  Multiple destinations can be set using a comma separated list (eg: `/path/file1,console,/path/file2`)"
 
   A path ending with '.json' will receive structured output in JSON format. The
   log file will not have an ending ']' automatically written to it due to the

data/lib/puppet/application/apply.rb

@@ -113,6 +113,7 @@ configuration options by running puppet with
   Where to send log messages. Choose between 'syslog' (the POSIX syslog
   service), 'eventlog' (the Windows Event Log), 'console', or the path to a log
   file. Defaults to 'console'.
+  Multiple destinations can be set using a comma separated list (eg: `/path/file1,console,/path/file2`)"
 
   A path ending with '.json' will receive structured output in JSON format. The
   log file will not have an ending ']' automatically written to it due to the
@@ -236,7 +237,7 @@ Copyright (c) 2011 Puppet Inc., LLC Licensed under the Apache 2.0 License
         end
 
         # Resolve all deferred values and replace them / mutate the catalog
-        Puppet::Pops::Evaluator::DeferredResolver.resolve_and_replace(node.facts, catalog)
+        Puppet::Pops::Evaluator::DeferredResolver.resolve_and_replace(node.facts, catalog, apply_environment)
 
         # Translate it to a RAL catalog
         catalog = catalog.to_ral
@@ -330,7 +331,7 @@ Copyright (c) 2011 Puppet Inc., LLC Licensed under the Apache 2.0 License
         raise Puppet::Error, _("Could not deserialize catalog from %{format}: %{detail}") % { format: format, detail: detail }, detail.backtrace
       end
       # Resolve all deferred values and replace them / mutate the catalog
-      Puppet::Pops::Evaluator::DeferredResolver.resolve_and_replace(node.facts, catalog)
+      Puppet::Pops::Evaluator::DeferredResolver.resolve_and_replace(node.facts, catalog, configured_environment)
 
       catalog.to_ral
     end

data/lib/puppet/application/device.rb

@@ -155,6 +155,7 @@ you can specify '--server <servername>' as an argument.
   Where to send log messages. Choose between 'syslog' (the POSIX syslog
   service), 'console', or the path to a log file. If debugging or verbosity is
   enabled, this defaults to 'console'. Otherwise, it defaults to 'syslog'.
+  Multiple destinations can be set using a comma separated list (eg: `/path/file1,console,/path/file2`)"
 
   A path ending with '.json' will receive structured output in JSON format. The
   log file will not have an ending ']' automatically written to it due to the

data/lib/puppet/application/script.rb

@@ -71,6 +71,7 @@ configuration options can also be generated by running puppet with
   Where to send log messages. Choose between 'syslog' (the POSIX syslog
   service), 'eventlog' (the Windows Event Log), 'console', or the path to a log
   file. Defaults to 'console'.
+  Multiple destinations can be set using a comma separated list (eg: `/path/file1,console,/path/file2`)"
 
   A path ending with '.json' will receive structured output in JSON format. The
   log file will not have an ending ']' automatically written to it due to the

data/lib/puppet/application/ssl.rb

@@ -74,6 +74,9 @@ ACTIONS
   `--localca` is specified, then also remove this host's local copy of the
   CA certificate(s) and CRL bundle. if `--target CERTNAME` is specified, then
   remove the files for the specified device on this host instead of this host.
+
+ * show:
+  Print the full-text version of this host's certificate.
 HELP
   end
 
@@ -142,11 +145,19 @@ HELP
       end
       @machine.ensure_client_certificate
       Puppet.notice(_("Completed SSL initialization"))
+    when 'show'
+      show(certname)
     else
       raise Puppet::Error, _("Unknown action '%{action}'") % { action: action }
     end
   end
 
+  def show(certname)
+    password = @cert_provider.load_private_key_password
+    ssl_context = @ssl_provider.load_context(certname: certname, password: password)
+    puts ssl_context.client_cert.to_text
+  end
+
   def submit_request(ssl_context)
     key = @cert_provider.load_private_key(Puppet[:certname])
     unless key

data/lib/puppet/configurer.rb

@@ -112,7 +112,7 @@ class Puppet::Configurer
     catalog_conversion_time = thinmark do
       # Will mutate the result and replace all Deferred values with resolved values
       if facts
-        Puppet::Pops::Evaluator::DeferredResolver.resolve_and_replace(facts, result)
+        Puppet::Pops::Evaluator::DeferredResolver.resolve_and_replace(facts, result, Puppet.lookup(:current_environment))
       end
 
       catalog = result.to_ral
@@ -395,16 +395,29 @@ class Puppet::Configurer
       if !cached_catalog && options[:catalog]
         ral_catalog = options[:catalog]
       else
+        # Ordering here matters. We have to resolve deferred resources in the
+        # resource catalog, convert the resource catalog to a RAL catalog (which
+        # triggers type/provider validation), and only if that is successful,
+        # should we cache the *original* resource catalog. However, deferred
+        # evaluation mutates the resource catalog, so we need to make a copy of
+        # it here. If PUP-9323 is ever implemented so that we resolve deferred
+        # resources in the RAL catalog as they are needed, then we could eliminate
+        # this step.
+        catalog_to_cache = Puppet.override(:rich_data => Puppet[:rich_data]) do
+          Puppet::Resource::Catalog.from_data_hash(catalog.to_data_hash)
+        end
+
         # REMIND @duration is the time spent loading the last catalog, and doesn't
         # account for things like we failed to download and fell back to the cache
         ral_catalog = convert_catalog(catalog, @duration, facts, options)
 
-        # If not noop, commit the cached resource catalog (not ral catalog). Ideally
+        # Validation succeeded, so commit the `catalog_to_cache` for non-noop runs. Don't
+        # commit `catalog` since it contains the result of deferred evaluation. Ideally
         # we'd just copy the downloaded response body, instead of serializing the
         # in-memory catalog, but that's hard due to the indirector.
         indirection = Puppet::Resource::Catalog.indirection
         if !Puppet[:noop] && indirection.cache?
-          request = indirection.request(:save, nil, catalog, environment: Puppet::Node::Environment.remote(catalog.environment))
+          request = indirection.request(:save, nil, catalog_to_cache, environment: Puppet::Node::Environment.remote(catalog_to_cache.environment))
           Puppet.info("Caching catalog for #{request.key}")
           indirection.cache.save(request)
         end

data/lib/puppet/defaults.rb

@@ -1033,6 +1033,14 @@ EOT
           certificate revocation checking and does not attempt to download the CRL.
         EOT
     },
+    :ciphers => {
+      :default => 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256',
+      :type => :string,
+      :desc => "The list of ciphersuites for TLS connections initiated by puppet. The
+                default value is chosen to support TLS 1.0 and up, but can be made
+                more restrictive if needed. The ciphersuites must be specified in OpenSSL
+                format, not IANA."
+    },
     :key_type => {
       :default => 'rsa',
       :type    => :enum,
@@ -1076,7 +1084,7 @@ EOT
       :type      => :string,
       :desc      => "Where to send log messages. Choose between 'syslog' (the POSIX syslog
       service), 'eventlog' (the Windows Event Log), 'console', or the path to a log
-      file."
+      file. Multiple destinations can be set using a comma separated list (eg: `/path/file1,console,/path/file2`)"
       # Sure would be nice to set the Puppet::Util::Log destination here in an :on_initialize_and_write hook,
       # unfortunately we have a large number of tests that rely on the logging not resetting itself when the
       # settings are initialized as they test what gets logged during settings initialization.
@@ -1319,25 +1327,16 @@ EOT
       by `puppet`, and should only be set if you're writing your own Puppet
       executable.",
     },
-    :serverport => {
+    :masterport => {
       :default    => 8140,
       :type       => :port,
       :desc       => "The default port puppet subcommands use to communicate
       with Puppet Server. (eg `puppet facts upload`, `puppet agent`). May be
       overridden by more specific settings (see `ca_port`, `report_port`).",
-      :hook       => proc do |value|
-        Puppet[:masterport] = value unless Puppet.settings.set_by_config?(:masterport)
-      end
     },
-    :masterport => {
-      :default    => "$serverport",
-      :type       => :port,
-      :desc       => "The default port puppet subcommands use to communicate
-      with Puppet Server. (eg `puppet facts upload`, `puppet agent`). May be
-      overridden by more specific settings (see `ca_port`, `report_port`).",
-      :hook => proc do |value|
-        Puppet[:serverport] = value unless Puppet.settings.set_by_config?(:serverport)
-      end
+    :serverport => {
+      :type => :alias,
+      :alias_for => :masterport
     },
     :bucketdir => {
       :default => "$vardir/bucket",
@@ -1673,7 +1672,7 @@ EOT
     },
     :agent_disabled_lockfile => {
         :default    => "$statedir/agent_disabled.lock",
-        :type       => :file,
+        :type       => :string,
         :desc       => "A lock file to indicate that puppet agent runs have been administratively
           disabled.  File contains a JSON object with state information.",
     },
@@ -2158,10 +2157,6 @@ EOT
     :rich_data => {
       :default  => true,
       :type     => :boolean,
-      :hook    => proc do |value|
-        envs = Puppet.lookup(:environments) { nil }
-        envs.clear_all unless envs.nil?
-      end,
       :desc     => <<-'EOT'
         Enables having extended data in the catalog by storing them as a hash with the special key
         `__ptype`. When enabled, resource containing values of the data types `Binary`, `Regexp`,

data/lib/puppet/environments.rb

@@ -225,6 +225,9 @@ module Puppet::Environments
     private
 
     def create_environment(name)
+      # interpolated modulepaths may be cached from prior environment instances
+      Puppet.settings.clear_environment_settings(name)
+
       env_symbol = name.intern
       setting_values = Puppet.settings.values(env_symbol, Puppet.settings.preferred_run_mode)
       env = Puppet::Node::Environment.create(
@@ -350,7 +353,19 @@ module Puppet::Environments
 
     # @!macro loader_list
     def list
-      @loader.list
+      # Evict all that have expired, in the same way as `get`
+      clear_all_expired
+
+      @loader.list.map do |env|
+        name = env.name
+        old_entry = @cache[name]
+        if old_entry
+          old_entry.value
+        else
+          add_entry(name, entry(env))
+          env
+        end
+      end
     end
 
     # @!macro loader_search_paths

data/lib/puppet/face/facts.rb

@@ -128,22 +128,46 @@ Puppet::Indirector::Face.define(:facts, '0.0.1') do
       summary _("Show legacy facts when querying all facts.")
     end
 
+    option("--value-only") do
+      summary _("Show only the value when the action is called with a single query")
+    end
+
+    option("--timing") do
+      summary _("Show how much time it took to resolve each fact.")
+    end
+
     when_invoked do |*args|
       options = args.pop
 
       Puppet.settings.preferred_run_mode = :agent
       Puppet::Node::Facts.indirection.terminus_class = :facter
 
+      if options[:value_only] && !args.count.eql?(1)
+        options[:value_only] = nil
+        Puppet.warning("Incorrect use of --value-only argument; it can only be used when querying for a single fact!")
+      end
 
       options[:user_query] = args
       options[:resolve_options] = true
       result = Puppet::Node::Facts.indirection.find(Puppet.settings[:certname], options)
 
-      result.values
+      if options[:value_only]
+        result.values.values.first
+      else
+        result.values
+      end
     end
 
     when_rendering :console do |result|
-      Puppet::Util::Json.dump(result, :pretty => true)
+      # VALID_TYPES = [Integer, Float, TrueClass, FalseClass, NilClass, Symbol, String, Array, Hash].freeze
+      # from https://github.com/puppetlabs/facter/blob/4.0.49/lib/facter/custom_facts/util/normalization.rb#L8
+
+      case result
+      when Array, Hash
+        Puppet::Util::Json.dump(result, :pretty => true)
+      else # one of VALID_TYPES above
+        result
+      end
     end
   end
 end