puppet 7.11.0-universal-darwin → 7.14.0-universal-darwin

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d9793d493f2252b7b3a101e247cad3de60750964d30ef71b7700e238c6042d2c
-  data.tar.gz: 3bd5ae0c361450f655511306ab6ef3a57ea5ca13325954fa3f75b504e386db4d
+  metadata.gz: 392ba2ec9564298ed85bb838513e1c77c658b4d7eec230cd9187779d4bf1463e
+  data.tar.gz: 402ea46ece628a86c88351d7c93e739456a584bb95a21e2e5a4790616d724ad8
 SHA512:
-  metadata.gz: aa041c1c1e2888208c99870e0927f45fe6c6f9599ac8701ea09f9bfde1e7be88fd64961704a5e5c73ad63844c355c755c31252597cff948f7d41147ca99ec2cb
-  data.tar.gz: 54bf0703f36b3c7a2a42a4f1b7124c3c8374e01d196b29628da54cfa03f236f88705daf0c0be1737d69de78103fc6d389cdab8c3f25c992d88a428edc9518e40
+  metadata.gz: e699edeb228d551ae1e3804620e3913cf192c4d5381dda61dfbb479d4b655275d6bf4d0a2a7e74a7bc5569bc74d14db222a69e4a62f931583b7d52fd1bb64eee
+  data.tar.gz: 06add9d22b8a646a50caf987611b1a4b366477619c2681634cc21a38de36e540d8455993c572fd5f20616771361b7bad0b847bbbcd8cac28bc02a8de916ce81c

data/CODEOWNERS

@@ -1,5 +1,5 @@
 # defaults
-* @puppetlabs/platform-core @puppetlabs/puppetserver-maintainers @puppetlabs/night-s-watch
+* @puppetlabs/phoenix @puppetlabs/puppetserver-maintainers @puppetlabs/night-s-watch
 
 # PAL
 /lib/puppet/pal @puppetlabs/bolt

data/Gemfile

@@ -3,7 +3,7 @@ source ENV['GEM_SOURCE'] || "https://rubygems.org"
 gemspec
 
 def location_for(place, fake_version = nil)
-  if place.is_a?(String) && place =~ /^(git[:@][^#]*)#(.*)/
+  if place.is_a?(String) && place =~ /^((?:git[:@]|https:)[^#]*)#(.*)/
     [fake_version, { git: $1, branch: $2, require: false }].compact
   elsif place.is_a?(String) && place =~ /^file:\/\/(.*)/
     ['>= 0', { path: File.expand_path($1), require: false }]
@@ -26,7 +26,7 @@ group(:features) do
   #gem 'ruby-shadow', '~> 2.5', require: false, platforms: [:ruby]
   gem 'minitar', '~> 0.9', require: false
   gem 'msgpack', '~> 1.2', require: false
-  gem 'rdoc', '~> 6.0', require: false, platforms: [:ruby]
+  gem 'rdoc', ['~> 6.0', '< 6.4.0'], require: false, platforms: [:ruby]
   # requires native augeas headers/libs
   # gem 'ruby-augeas', require: false, platforms: [:ruby]
   # requires native ldap headers/libs

data/Gemfile.lock

@@ -1,9 +1,10 @@
 GIT
-  remote: git://github.com/puppetlabs/packaging
-  revision: 734cbd7a585d76fb359222d4d5ee6bf239956432
+  remote: https://github.com/puppetlabs/packaging
+  revision: 9d36e41d10ce14c66d9c3c35157788e63c1afef8
   branch: 1.0.x
   specs:
-    packaging (0.99.80.6.g734cbd7)
+    packaging (0.105.0)
+      apt_stage_artifacts
       artifactory (~> 2)
       csv (= 3.1.5)
       rake (>= 12.3)
@@ -12,12 +13,12 @@ GIT
 PATH
   remote: .
   specs:
-    puppet (7.11.0)
+    puppet (7.14.0)
       CFPropertyList (~> 2.2)
       concurrent-ruby (~> 1.0)
       deep_merge (~> 1.0)
       facter (>= 2.4.0, < 5)
-      fast_gettext (~> 1.1)
+      fast_gettext (>= 1.1, < 3)
       hiera (>= 3.2.1, < 4)
       locale (~> 2.1)
       multi_json (~> 1.13)
@@ -30,6 +31,8 @@ GEM
     CFPropertyList (2.3.6)
     addressable (2.8.0)
       public_suffix (>= 2.0.2, < 5.0)
+    apt_stage_artifacts (0.10.1)
+      docopt
     artifactory (2.8.2)
     ast (2.4.2)
     coderay (1.1.3)
@@ -37,14 +40,14 @@ GEM
     crack (0.4.5)
       rexml
     csv (3.1.5)
-    deep_merge (1.2.1)
-    diff-lcs (1.4.4)
+    deep_merge (1.2.2)
+    diff-lcs (1.5.0)
     docopt (0.6.1)
-    facter (4.2.3)
+    facter (4.2.7)
       hocon (~> 1.3)
       thor (>= 1.0.1, < 2.0)
     fast_gettext (1.1.2)
-    ffi (1.15.4)
+    ffi (1.15.5)
     gettext (3.2.9)
       locale (>= 2.0.5)
       text (>= 1.3.0)
@@ -53,7 +56,7 @@ GEM
       gettext (>= 3.0.2, < 3.3.0)
       locale
     hashdiff (1.0.1)
-    hiera (3.7.0)
+    hiera (3.8.0)
     hiera-eyaml (3.2.2)
       highline
       optimist
@@ -87,7 +90,7 @@ GEM
       rake
     rake (13.0.6)
     rdiscount (2.2.0.2)
-    rdoc (6.3.2)
+    rdoc (6.3.3)
     release-metrics (1.1.0)
       csv
       docopt
@@ -102,7 +105,7 @@ GEM
       rspec-mocks (~> 3.10.0)
     rspec-core (3.10.1)
       rspec-support (~> 3.10.0)
-    rspec-expectations (3.10.1)
+    rspec-expectations (3.10.2)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.10.0)
     rspec-its (1.3.0)
@@ -111,7 +114,7 @@ GEM
     rspec-mocks (3.10.2)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.10.0)
-    rspec-support (3.10.2)
+    rspec-support (3.10.3)
     rubocop (0.49.1)
       parallel (~> 1.10)
       parser (>= 2.3.3.1, < 3.0)
@@ -126,17 +129,19 @@ GEM
     scanf (1.0.0)
     semantic_puppet (1.0.4)
     text (1.3.1)
-    thor (1.1.0)
-    unicode-display_width (1.7.0)
+    thor (1.2.1)
+    unicode-display_width (1.8.0)
     vcr (5.1.0)
     webmock (3.14.0)
       addressable (>= 2.8.0)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
-    yard (0.9.26)
+    webrick (1.7.0)
+    yard (0.9.27)
+      webrick (~> 1.7.0)
 
 PLATFORMS
-  ruby
+  x86_64-linux
 
 DEPENDENCIES
   diff-lcs (~> 1.3)
@@ -155,7 +160,7 @@ DEPENDENCIES
   puppetserver-ca (~> 2.0)
   racc (= 1.5.2)
   rake (~> 13.0)
-  rdoc (~> 6.0)
+  rdoc (~> 6.0, < 6.4.0)
   ronn (~> 0.7.3)
   rspec (~> 3.1)
   rspec-expectations (~> 3.9, != 3.9.3)
@@ -169,4 +174,4 @@ DEPENDENCIES
   yard
 
 BUNDLED WITH
-   1.17.3
+   2.2.6

data/ext/project_data.yaml

@@ -21,7 +21,7 @@ gem_runtime_dependencies:
   facter: ['> 2.0.1', '< 5']
   hiera: ['>= 3.2.1', '< 4']
   semantic_puppet: '~> 1.0'
-  fast_gettext: '~> 1.1'
+  fast_gettext: ['>= 1.1', '< 3']
   locale: '~> 2.1'
   multi_json: '~> 1.10'
   puppet-resource_api: '~>1.5'

data/lib/puppet/application/lookup.rb

@@ -7,6 +7,7 @@ class Puppet::Application::Lookup < Puppet::Application
 
   RUN_HELP = _("Run 'puppet lookup --help' for more details").freeze
   DEEP_MERGE_OPTIONS = '--knock-out-prefix, --sort-merged-arrays, and --merge-hash-arrays'.freeze
+  TRUSTED_INFORMATION_FACTS = ["hostname", "domain", "fqdn", "clientcert"].freeze
 
   run_mode :server
 
@@ -54,11 +55,7 @@ class Puppet::Application::Lookup < Puppet::Application
   end
 
   option('--facts FACT_FILE') do |arg|
-    if %w{.yaml .yml .json}.include?(arg.match(/\.[^.]*$/)[0])
-      options[:fact_file] = arg
-    else
-      raise _("The --fact file only accepts yaml and json files.\n%{run_help}") % { run_help: RUN_HELP }
-    end
+    options[:fact_file] = arg
   end
 
   def app_defaults
@@ -137,7 +134,9 @@ DESCRIPTION
 The lookup command is a CLI for Puppet's 'lookup()' function. It searches your
 Hiera data and returns a value for the requested lookup key, so you can test and
 explore your data. It is a modern replacement for the 'hiera' command.
-
+Lookup uses the setting for global hiera.yaml from puppet's config,
+and the environment to find the environment level hiera.yaml as well as the
+resulting modulepath for the environment (for hiera.yaml files in modules).
 Hiera usually relies on a node's facts to locate the relevant data sources. By
 default, 'puppet lookup' uses facts from the node you run the command on, but
 you can get data for any other node with the '--node <NAME>' option. If
@@ -186,7 +185,8 @@ OPTIONS
 * --environment <ENV>
   Like with most Puppet commands, you can specify an environment on the command
   line. This is important for lookup because different environments can have
-  different Hiera data.
+  different Hiera data. This environment will be always be the one used regardless
+  of any other factors.
 
 * --merge first|unique|hash|deep:
   Specify the merge behavior, overriding any merge behavior from the data's
@@ -237,6 +237,13 @@ EXAMPLE
   To look up 'key_name' using the Puppet Server node's facts:
   $ puppet lookup key_name
 
+  To look up 'key_name' using the Puppet Server node's arbitrary variables from a manifest, and 
+  classify the node if applicable:
+  $ puppet lookup key_name --compile
+
+  To look up 'key_name' using the Puppet Server node's facts, overridden by facts given in a file:
+  $ puppet lookup key_name --facts fact_file.yaml
+
   To look up 'key_name' with agent.local's facts:
   $ puppet lookup --node agent.local key_name
 
@@ -341,31 +348,66 @@ Copyright (c) 2015 Puppet Inc., LLC Licensed under the Apache 2.0 License
       Puppet.settings[:facts_terminus] = 'facter'
     end
 
-    unless node.is_a?(Puppet::Node) # to allow unit tests to pass a node instance
-      ni = Puppet::Node.indirection
-      tc = ni.terminus_class
-      if tc == :plain || options[:compile]
-        node = ni.find(node)
-      else
-        ni.terminus_class = :plain
-        node = ni.find(node)
-        ni.terminus_class = tc
-      end
-    end
-
     fact_file = options[:fact_file]
 
     if fact_file
-      if fact_file.end_with?("json")
-        given_facts = Puppet::Util::Json.load(Puppet::FileSystem.read(fact_file, :encoding => 'utf-8'))
-      else
+      if fact_file.end_with?('.json')
+        given_facts = Puppet::Util::Json.load_file(fact_file)
+      elsif fact_file.end_with?('.yml', '.yaml')
         given_facts = Puppet::Util::Yaml.safe_load_file(fact_file)
+      else
+        given_facts = Puppet::Util::Json.load_file_if_valid(fact_file)
+        given_facts = Puppet::Util::Yaml.safe_load_file_if_valid(fact_file) unless given_facts
       end
 
       unless given_facts.instance_of?(Hash)
-        raise _("Incorrect formatted data in %{fact_file} given via the --facts flag") % { fact_file: fact_file }
+        raise _("Incorrectly formatted data in %{fact_file} given via the --facts flag (only accepts yaml and json files)") % { fact_file: fact_file }
+      end
+
+      if TRUSTED_INFORMATION_FACTS.any? { |key| given_facts.key? key }
+        unless TRUSTED_INFORMATION_FACTS.all? { |key| given_facts.key? key }
+          raise _("When overriding any of the %{trusted_facts_list} facts with %{fact_file} "\
+            "given via the --facts flag, they must all be overridden.") % { fact_file: fact_file ,trusted_facts_list: TRUSTED_INFORMATION_FACTS.join(',')}
+        end
       end
-      node.add_extra_facts(given_facts)
+    end
+
+    unless node.is_a?(Puppet::Node) # to allow unit tests to pass a node instance
+      facts = retrieve_node_facts(node, given_facts) 
+      if Puppet.settings.set_by_cli?('environment')
+        node = Puppet::Node.new(node, :classes => nil, :parameters => nil, :facts => facts, :environment => Puppet.settings.value('environment'))
+      else
+        ni = Puppet::Node.indirection
+        tc = ni.terminus_class
+        if options[:compile]
+          if tc == :plain
+            node = ni.find(node, facts: facts)
+          else
+            begin
+              service = Puppet.runtime[:http]
+              session = service.create_session
+              cert = session.route_to(:ca)
+
+              _, x509 = cert.get_certificate(node)
+              cert = OpenSSL::X509::Certificate.new(x509)
+              Puppet::SSL::Oids.register_puppet_oids
+              trusted = Puppet::Context::TrustedInformation.remote(true, facts.values['certname'] || node, Puppet::SSL::Certificate.from_instance(cert))
+              Puppet.override(trusted_information: trusted) do
+                node = ni.find(node, facts: facts)
+              end
+            rescue
+              Puppet.warning _("CA is not available, the operation will continue without using trusted facts.")
+              node = ni.find(node, facts: facts)
+            end
+          end
+        else
+          ni.terminus_class = :plain
+          node = ni.find(node, facts: facts)
+          ni.terminus_class = tc
+        end
+      end
+    else
+      node.add_extra_facts(given_facts) if given_facts
     end
 
     Puppet[:code] = 'undef' unless options[:compile]
@@ -378,4 +420,16 @@ Copyright (c) 2015 Puppet Inc., LLC Licensed under the Apache 2.0 License
       compiler.compile { |catalog| yield(compiler.topscope); catalog }
     end
   end
+
+  def retrieve_node_facts(node, given_facts)
+    facts = Puppet::Node::Facts.indirection.find(node, :environment => Puppet.lookup(:current_environment))
+
+    facts = Puppet::Node::Facts.new(node, {}) if facts.nil?
+    facts.add_extra_values(given_facts) if given_facts
+
+    if facts.values.empty?
+      raise _("No facts available for target node: %{node}") % { node: node}
+    end
+    facts
+  end
 end

data/lib/puppet/concurrent/thread_local_singleton.rb

@@ -5,10 +5,12 @@ module Puppet
       def singleton
         key = (name + ".singleton").intern
         thread = Thread.current
-        unless thread.thread_variable?(key)
-          thread.thread_variable_set(key, new)
+        value = thread.thread_variable_get(key)
+        if value.nil?
+          value = new
+          thread.thread_variable_set(key, value)
         end
-        thread.thread_variable_get(key)
+        value
       end
     end
   end

data/lib/puppet/configurer.rb

@@ -390,9 +390,18 @@ class Puppet::Configurer
       # We only need to find out the environment to run in if we don't already have a catalog
       unless (cached_catalog || options[:catalog] || Puppet.settings.set_by_cli?(:environment) || Puppet[:strict_environment_mode])
         Puppet.debug(_("Environment not passed via CLI and no catalog was given, attempting to find out the last server-specified environment"))
-        if last_server_specified_environment
-          @environment = last_server_specified_environment
-          report.environment = last_server_specified_environment
+        initial_environment, loaded_last_environment = last_server_specified_environment
+
+        unless Puppet[:use_last_environment] && loaded_last_environment
+          Puppet.debug(_("Requesting environment from the server"))
+          initial_environment = current_server_specified_environment(@environment, configured_environment, options)
+        end
+
+        if initial_environment
+          @environment = initial_environment
+          report.environment = initial_environment
+
+          push_current_environment_and_loaders
         else
           Puppet.debug(_("Could not find a usable environment in the lastrunfile. Either the file does not exist, does not have the required keys, or the values of 'initial_environment' and 'converged_environment' are identical."))
         end
@@ -403,14 +412,7 @@ class Puppet::Configurer
       # This is to maintain compatibility with anyone using this class
       # aside from agent, apply, device.
       unless Puppet.lookup(:loaders) { nil }
-        new_env = Puppet::Node::Environment.remote(@environment)
-        Puppet.push_context(
-          {
-            current_environment: new_env,
-            loaders: Puppet::Pops::Loaders.new(new_env, true)
-          },
-          "Local node environment #{@environment} for configurer transaction"
-        )
+        push_current_environment_and_loaders
       end
 
       temp_value = options[:pluginsync]
@@ -446,14 +448,7 @@ class Puppet::Configurer
         @environment = catalog.environment
         report.environment = @environment
 
-        new_env = Puppet::Node::Environment.remote(@environment)
-        Puppet.push_context(
-          {
-            :current_environment => new_env,
-            :loaders => Puppet::Pops::Loaders.new(new_env, true)
-          },
-          "Local node environment #{@environment} for configurer transaction"
-        )
+        push_current_environment_and_loaders
 
         query_options, facts = get_facts(options)
         query_options[:configured_environment] = configured_environment
@@ -563,24 +558,67 @@ class Puppet::Configurer
   end
   private :find_functional_server
 
+  #
+  # @api private
+  #
+  # Read the last server-specified environment from the lastrunfile. The
+  # environment is considered to be server-specified if the values of
+  # `initial_environment` and `converged_environment` are different.
+  #
+  # @return [String, Boolean] An array containing a string with the environment
+  #   read from the lastrunfile in case the server is authoritative, and a
+  #   boolean marking whether the last environment was correctly loaded.
   def last_server_specified_environment
-    return @last_server_specified_environment if @last_server_specified_environment
+    return @last_server_specified_environment, @loaded_last_environment if @last_server_specified_environment
+
     if Puppet::FileSystem.exist?(Puppet[:lastrunfile])
       summary = Puppet::Util::Yaml.safe_load_file(Puppet[:lastrunfile])
-      return unless summary.dig('application', 'run_mode') == 'agent'
-      initial_environment = summary.dig('application', 'initial_environment')
-      converged_environment = summary.dig('application', 'converged_environment')
+      return [nil, nil] unless summary['application']['run_mode'] == 'agent'
+      initial_environment = summary['application']['initial_environment']
+      converged_environment = summary['application']['converged_environment']
       @last_server_specified_environment = converged_environment if initial_environment != converged_environment
+      Puppet.debug(_("Successfully loaded last environment from the lastrunfile"))
+      @loaded_last_environment = true
     end
 
     Puppet.debug(_("Found last server-specified environment: %{environment}") % { environment: @last_server_specified_environment }) if @last_server_specified_environment
-    @last_server_specified_environment
+    [@last_server_specified_environment, @loaded_last_environment]
   rescue => detail
     Puppet.debug(_("Could not find last server-specified environment: %{detail}") % { detail: detail })
-    nil
+    [nil, nil]
   end
   private :last_server_specified_environment
 
+  def current_server_specified_environment(current_environment, configured_environment, options)
+    return @server_specified_environment if @server_specified_environment
+
+    begin
+      node_retr_time = thinmark do
+        node = Puppet::Node.indirection.find(Puppet[:node_name_value],
+                                             :environment => Puppet::Node::Environment.remote(current_environment),
+                                             :configured_environment => configured_environment,
+                                             :ignore_cache => true,
+                                             :transaction_uuid => @transaction_uuid,
+                                             :fail_on_404 => true)
+
+        @server_specified_environment = node.environment_name.to_s
+
+        if @server_specified_environment != @environment
+          Puppet.notice _("Local environment: '%{local_env}' doesn't match server specified node environment '%{node_env}', switching agent to '%{node_env}'.") % { local_env: @environment, node_env: @server_specified_environment }
+        end
+      end
+
+      options[:report].add_times(:node_retrieval, node_retr_time)
+
+      @server_specified_environment
+    rescue => detail
+      Puppet.warning(_("Unable to fetch my node definition, but the agent run will continue:"))
+      Puppet.warning(detail)
+      nil
+    end
+  end
+  private :current_server_specified_environment
+
   def send_report(report)
     puts report.summary if Puppet[:summarize]
     save_last_run_summary(report)
@@ -649,6 +687,17 @@ class Puppet::Configurer
     end
   end
 
+  def push_current_environment_and_loaders
+    new_env = Puppet::Node::Environment.remote(@environment)
+    Puppet.push_context(
+      {
+        :current_environment => new_env,
+        :loaders => Puppet::Pops::Loaders.new(new_env, true)
+      },
+      "Local node environment #{@environment} for configurer transaction"
+    )
+  end
+
   def retrieve_catalog_from_cache(query_options)
     result = nil
     @duration = thinmark do

data/lib/puppet/defaults.rb

@@ -421,6 +421,17 @@ module Puppet
         <https://puppet.com/docs/puppet/latest/environments_about.html>",
       :type    => :path,
     },
+    :use_last_environment => {
+      :type     => :boolean,
+      :default  => true,
+      :desc     => <<-'EOT'
+      Puppet saves both the initial and converged environment in the last_run_summary file.
+      If they differ, and this setting is set to true, we will use the last converged
+      environment and skip the node request.
+
+      When set to false, we will do the node request and ignore the environment data from the last_run_summary file.
+    EOT
+    },
     :always_retry_plugins => {
         :type     => :boolean,
         :default  => true,
@@ -761,6 +772,12 @@ Valid values are 0 (never cache) and 15 (15 second minimum wait time).
       :owner    => "service",
       :group    => "service",
       :desc    => "The directory where catalog previews per node are generated."
+    },
+    :location_trusted => {
+      :default => false,
+      :type     => :boolean,
+      :desc    => "This will allow sending the name + password and the cookie header to all hosts that puppet may redirect to.
+        This may or may not introduce a security breach if puppet redirects you to a site to which you'll send your authentication info and cookies."
     }
   )
 
@@ -1977,7 +1994,9 @@ EOT
       :call_hook => :on_initialize_and_write, # Call our hook with the default value, so we always get the value added to facter.
       :hook => proc do |value|
         paths = value.split(File::PATH_SEPARATOR)
-        Puppet.runtime[:facter].search(*paths)
+        facter = Puppet.runtime[:facter]
+        facter.reset
+        facter.search(*paths)
       end
     }
   )

data/lib/puppet/face/generate.rb

@@ -58,6 +58,8 @@ Puppet::Face.define(:generate, '0.1.0') do
       Puppet::FileSystem::mkpath(outputdir)
 
       generator.generate(inputs, outputdir, options[:force])
+
+      exit(1) if generator.bad_input?
       nil
     end
   end

data/lib/puppet/file_serving/metadata.rb

@@ -118,6 +118,9 @@ class Puppet::FileServing::Metadata < Puppet::FileServing::Base
     when "link"
       @destination = Puppet::FileSystem.readlink(real_path)
       @checksum = ("{#{@checksum_type}}") + send("#{@checksum_type}_file", real_path).to_s rescue nil
+    when "fifo", "socket"
+      @checksum_type = "none"
+      @checksum = ("{#{@checksum_type}}") + send("#{@checksum_type}_file", real_path).to_s
     else
       raise ArgumentError, _("Cannot manage files of type %{file_type}") % { file_type: stat.ftype }
     end

data/lib/puppet/file_system/file_impl.rb

@@ -130,23 +130,23 @@ class Puppet::FileSystem::FileImpl
   end
 
   def symlink?(path)
-    File.symlink?(path)
+    ::File.symlink?(path)
   end
 
   def readlink(path)
-    File.readlink(path)
+    ::File.readlink(path)
   end
 
   def unlink(*paths)
-    File.unlink(*paths)
+    ::File.unlink(*paths)
   end
 
   def stat(path)
-    File.stat(path)
+    ::File.stat(path)
   end
 
   def lstat(path)
-    File.lstat(path)
+    ::File.lstat(path)
   end
 
   def compare_stream(path, stream)
@@ -159,7 +159,7 @@ class Puppet::FileSystem::FileImpl
 
   def replace_file(path, mode = nil)
     begin
-      stat = Puppet::FileSystem.lstat(path)
+      stat = lstat(path)
       gid = stat.gid
       uid = stat.uid
       mode ||= stat.mode & 07777
@@ -180,7 +180,7 @@ class Puppet::FileSystem::FileImpl
       tempfile_path = tempfile.path
       FileUtils.chown(uid, gid, tempfile_path) if uid && gid
       chmod(mode, tempfile_path)
-      File.rename(tempfile_path, Puppet::FileSystem.path_string(path))
+      ::File.rename(tempfile_path, path_string(path))
     ensure
       tempfile.close!
     end

data/lib/puppet/file_system/jruby.rb

@@ -14,7 +14,7 @@ class Puppet::FileSystem::JRuby < Puppet::FileSystem::Posix
   def replace_file(path, mode = nil, &block)
     # MRI Ruby rename checks if destination is a directory and raises, while
     # JRuby removes the directory and replaces the file.
-    if Puppet::FileSystem.directory?(path)
+    if directory?(path)
       raise Errno::EISDIR, _("Is a directory: %{directory}") % { directory: path }
     end