puppet 7.13.1-universal-darwin → 7.14.0-universal-darwin

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2149450aedba929b6f443c4323daa7c5180e32fc14cc2aa1dd9c4e14b4c50f24
-  data.tar.gz: 545ff196db83ca640f2bf817cd64c080122ec6f115fc5d0440aa1453f05bedae
+  metadata.gz: 392ba2ec9564298ed85bb838513e1c77c658b4d7eec230cd9187779d4bf1463e
+  data.tar.gz: 402ea46ece628a86c88351d7c93e739456a584bb95a21e2e5a4790616d724ad8
 SHA512:
-  metadata.gz: ff9d9e25af587f56d4b1b9ed744aed25e194331ae691e53d8756d2209ae9307e611d4444bb9b7f089f6cb58ce53ce5038941b126a76f657482153dc2a18d5d8a
-  data.tar.gz: 38de3b54f3b1c6d533dde1e5e0bc68e91bdfdfdd7d70aad97b571a153889e68c78951a81a230929e85969463c8c282cffc663476c36f83f090c6b42d9da0e7f5
+  metadata.gz: e699edeb228d551ae1e3804620e3913cf192c4d5381dda61dfbb479d4b655275d6bf4d0a2a7e74a7bc5569bc74d14db222a69e4a62f931583b7d52fd1bb64eee
+  data.tar.gz: 06add9d22b8a646a50caf987611b1a4b366477619c2681634cc21a38de36e540d8455993c572fd5f20616771361b7bad0b847bbbcd8cac28bc02a8de916ce81c

data/CODEOWNERS

@@ -1,5 +1,5 @@
 # defaults
-* @puppetlabs/platform-core @puppetlabs/puppetserver-maintainers @puppetlabs/night-s-watch
+* @puppetlabs/phoenix @puppetlabs/puppetserver-maintainers @puppetlabs/night-s-watch
 
 # PAL
 /lib/puppet/pal @puppetlabs/bolt

data/Gemfile

@@ -26,7 +26,7 @@ group(:features) do
   #gem 'ruby-shadow', '~> 2.5', require: false, platforms: [:ruby]
   gem 'minitar', '~> 0.9', require: false
   gem 'msgpack', '~> 1.2', require: false
-  gem 'rdoc', '~> 6.0', require: false, platforms: [:ruby]
+  gem 'rdoc', ['~> 6.0', '< 6.4.0'], require: false, platforms: [:ruby]
   # requires native augeas headers/libs
   # gem 'ruby-augeas', require: false, platforms: [:ruby]
   # requires native ldap headers/libs

data/Gemfile.lock

@@ -1,9 +1,9 @@
 GIT
   remote: https://github.com/puppetlabs/packaging
-  revision: 98613aaebad419700b4c37163fe3bbc612f2239d
+  revision: 9d36e41d10ce14c66d9c3c35157788e63c1afef8
   branch: 1.0.x
   specs:
-    packaging (0.104.0.4.g98613aa)
+    packaging (0.105.0)
       apt_stage_artifacts
       artifactory (~> 2)
       csv (= 3.1.5)
@@ -13,7 +13,7 @@ GIT
 PATH
   remote: .
   specs:
-    puppet (7.13.1)
+    puppet (7.14.0)
       CFPropertyList (~> 2.2)
       concurrent-ruby (~> 1.0)
       deep_merge (~> 1.0)
@@ -40,14 +40,14 @@ GEM
     crack (0.4.5)
       rexml
     csv (3.1.5)
-    deep_merge (1.2.1)
-    diff-lcs (1.4.4)
+    deep_merge (1.2.2)
+    diff-lcs (1.5.0)
     docopt (0.6.1)
-    facter (4.2.5)
+    facter (4.2.7)
       hocon (~> 1.3)
       thor (>= 1.0.1, < 2.0)
     fast_gettext (1.1.2)
-    ffi (1.15.4)
+    ffi (1.15.5)
     gettext (3.2.9)
       locale (>= 2.0.5)
       text (>= 1.3.0)
@@ -56,7 +56,7 @@ GEM
       gettext (>= 3.0.2, < 3.3.0)
       locale
     hashdiff (1.0.1)
-    hiera (3.7.0)
+    hiera (3.8.0)
     hiera-eyaml (3.2.2)
       highline
       optimist
@@ -105,7 +105,7 @@ GEM
       rspec-mocks (~> 3.10.0)
     rspec-core (3.10.1)
       rspec-support (~> 3.10.0)
-    rspec-expectations (3.10.1)
+    rspec-expectations (3.10.2)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.10.0)
     rspec-its (1.3.0)
@@ -129,7 +129,7 @@ GEM
     scanf (1.0.0)
     semantic_puppet (1.0.4)
     text (1.3.1)
-    thor (1.1.0)
+    thor (1.2.1)
     unicode-display_width (1.8.0)
     vcr (5.1.0)
     webmock (3.14.0)
@@ -141,7 +141,7 @@ GEM
       webrick (~> 1.7.0)
 
 PLATFORMS
-  ruby
+  x86_64-linux
 
 DEPENDENCIES
   diff-lcs (~> 1.3)
@@ -160,7 +160,7 @@ DEPENDENCIES
   puppetserver-ca (~> 2.0)
   racc (= 1.5.2)
   rake (~> 13.0)
-  rdoc (~> 6.0)
+  rdoc (~> 6.0, < 6.4.0)
   ronn (~> 0.7.3)
   rspec (~> 3.1)
   rspec-expectations (~> 3.9, != 3.9.3)
@@ -174,4 +174,4 @@ DEPENDENCIES
   yard
 
 BUNDLED WITH
-   1.17.3
+   2.2.6

data/lib/puppet/application/lookup.rb

@@ -379,25 +379,31 @@ Copyright (c) 2015 Puppet Inc., LLC Licensed under the Apache 2.0 License
       else
         ni = Puppet::Node.indirection
         tc = ni.terminus_class
-
-        service = Puppet.runtime[:http]
-        session = service.create_session
-        cert = session.route_to(:ca)
-
-        _, x509 = cert.get_certificate(node)
-        cert = OpenSSL::X509::Certificate.new(x509)
-
-        Puppet::SSL::Oids.register_puppet_oids
-        trusted = Puppet::Context::TrustedInformation.remote(true, facts.values['certname'] || node, Puppet::SSL::Certificate.from_instance(cert))
-
-        Puppet.override(trusted_information: trusted) do
-          if tc == :plain || options[:compile]
+        if options[:compile]
+          if tc == :plain
             node = ni.find(node, facts: facts)
           else
-            ni.terminus_class = :plain
-            node = ni.find(node, facts: facts)
-            ni.terminus_class = tc
+            begin
+              service = Puppet.runtime[:http]
+              session = service.create_session
+              cert = session.route_to(:ca)
+
+              _, x509 = cert.get_certificate(node)
+              cert = OpenSSL::X509::Certificate.new(x509)
+              Puppet::SSL::Oids.register_puppet_oids
+              trusted = Puppet::Context::TrustedInformation.remote(true, facts.values['certname'] || node, Puppet::SSL::Certificate.from_instance(cert))
+              Puppet.override(trusted_information: trusted) do
+                node = ni.find(node, facts: facts)
+              end
+            rescue
+              Puppet.warning _("CA is not available, the operation will continue without using trusted facts.")
+              node = ni.find(node, facts: facts)
+            end
           end
+        else
+          ni.terminus_class = :plain
+          node = ni.find(node, facts: facts)
+          ni.terminus_class = tc
         end
       end
     else

data/lib/puppet/configurer.rb

@@ -392,7 +392,7 @@ class Puppet::Configurer
         Puppet.debug(_("Environment not passed via CLI and no catalog was given, attempting to find out the last server-specified environment"))
         initial_environment, loaded_last_environment = last_server_specified_environment
 
-        unless loaded_last_environment
+        unless Puppet[:use_last_environment] && loaded_last_environment
           Puppet.debug(_("Requesting environment from the server"))
           initial_environment = current_server_specified_environment(@environment, configured_environment, options)
         end
@@ -601,17 +601,7 @@ class Puppet::Configurer
                                              :transaction_uuid => @transaction_uuid,
                                              :fail_on_404 => true)
 
-        # The :rest node terminus returns a node with an environment_name, but not an
-        # environment instance. Attempting to get the environment instance will load
-        # it from disk, which will likely fail. So create a remote environment.
-        #
-        # The :plain node terminus returns a node with an environment, but not an
-        # environment_name.
-        if !node.has_environment_instance? && node.environment_name
-          node.environment = Puppet::Node::Environment.remote(node.environment_name)
-        end
-
-        @server_specified_environment = node.environment.to_s
+        @server_specified_environment = node.environment_name.to_s
 
         if @server_specified_environment != @environment
           Puppet.notice _("Local environment: '%{local_env}' doesn't match server specified node environment '%{node_env}', switching agent to '%{node_env}'.") % { local_env: @environment, node_env: @server_specified_environment }

data/lib/puppet/defaults.rb

@@ -421,6 +421,17 @@ module Puppet
         <https://puppet.com/docs/puppet/latest/environments_about.html>",
       :type    => :path,
     },
+    :use_last_environment => {
+      :type     => :boolean,
+      :default  => true,
+      :desc     => <<-'EOT'
+      Puppet saves both the initial and converged environment in the last_run_summary file.
+      If they differ, and this setting is set to true, we will use the last converged
+      environment and skip the node request.
+
+      When set to false, we will do the node request and ignore the environment data from the last_run_summary file.
+    EOT
+    },
     :always_retry_plugins => {
         :type     => :boolean,
         :default  => true,

data/lib/puppet/face/generate.rb

@@ -58,6 +58,8 @@ Puppet::Face.define(:generate, '0.1.0') do
       Puppet::FileSystem::mkpath(outputdir)
 
       generator.generate(inputs, outputdir, options[:force])
+
+      exit(1) if generator.bad_input?
       nil
     end
   end

data/lib/puppet/generate/type.rb

@@ -134,6 +134,9 @@ module Puppet
         inputs.sort_by! { |input| input.path }
       end
 
+      def self.bad_input?
+        @bad_input
+      end
       # Generates files for the given inputs.
       # If a file is up to date (newer than input) it is kept.
       # If a file is out of date it is regenerated.
@@ -170,6 +173,8 @@ module Puppet
         }
 
         up_to_date = true
+        @bad_input = false
+
         Puppet.notice _('Generating Puppet resource types.')
         inputs.each do |input|
           if !force && input.up_to_date?(outputdir)
@@ -187,6 +192,7 @@ module Puppet
             raise
           rescue Exception => e
             # Log the exception and move on to the next input
+            @bad_input = true
             Puppet.log_exception(e, _("Failed to load custom type '%{type_name}' from '%{input}': %{message}") % { type_name: type_name, input: input, message: e.message })
             next
           end
@@ -205,6 +211,7 @@ module Puppet
           begin
             model = Models::Type::Type.new(type)
           rescue Exception => e
+            @bad_input = true
             # Move on to the next input
             Puppet.log_exception(e, "#{input}: #{e.message}")
             next
@@ -214,6 +221,7 @@ module Puppet
           begin
             result = model.render(templates[input.template_path])
           rescue Exception => e
+            @bad_input = true
             Puppet.log_exception(e)
             raise
           end
@@ -227,6 +235,7 @@ module Puppet
               file.write(result)
             end
           rescue Exception => e
+            @bad_input = true
             Puppet.log_exception(e, _("Failed to generate '%{effective_output_path}': %{message}") % { effective_output_path: effective_output_path, message: e.message })
             # Move on to the next input
             next

data/lib/puppet/node.rb

@@ -89,7 +89,7 @@ class Puppet::Node
     unless @environment.nil?
       # always set the environment parameter. It becomes top scope $environment for a manifest during catalog compilation.
       @parameters[ENVIRONMENT] = @environment.name.to_s
-      self.environment_name = @environment.name if instance_variable_defined?(:@environment_name)
+      self.environment_name = @environment.name
     end
     @environment
   end

data/lib/puppet/resource/type_collection.rb

@@ -24,6 +24,7 @@ class Puppet::Resource::TypeCollection
     @definitions = {}
     @nodes = {}
     @notfound = {}
+    # always lock the environment before acquiring this lock
     @lock = Puppet::Concurrent::Lock.new
 
     # So we can keep a list and match the first-defined regex
@@ -185,26 +186,29 @@ class Puppet::Resource::TypeCollection
   # Resolve namespaces and find the given object.  Autoload it if
   # necessary.
   def find_or_load(name, type)
-    @lock.synchronize do
-      # Name is always absolute, but may start with :: which must be removed
-      fqname = (name[0,2] == COLON_COLON ? name[2..-1] : name)
-
-      result = send(type, fqname)
-      unless result
-        if @notfound[ fqname ] && Puppet[ :ignoremissingtypes ]
-          # do not try to autoload if we already tried and it wasn't conclusive
-          # as this is a time consuming operation. Warn the user.
-          # Check first if debugging is on since the call to debug_once is expensive
-          if Puppet[:debug]
-            debug_once _("Not attempting to load %{type} %{fqname} as this object was missing during a prior compilation") % { type: type, fqname: fqname }
+    # always lock the environment before locking the type collection
+    @environment.lock.synchronize do
+      @lock.synchronize do
+        # Name is always absolute, but may start with :: which must be removed
+        fqname = (name[0,2] == COLON_COLON ? name[2..-1] : name)
+
+        result = send(type, fqname)
+        unless result
+          if @notfound[ fqname ] && Puppet[ :ignoremissingtypes ]
+            # do not try to autoload if we already tried and it wasn't conclusive
+            # as this is a time consuming operation. Warn the user.
+            # Check first if debugging is on since the call to debug_once is expensive
+            if Puppet[:debug]
+              debug_once _("Not attempting to load %{type} %{fqname} as this object was missing during a prior compilation") % { type: type, fqname: fqname }
+            end
+          else
+            fqname = munge_name(fqname)
+            result = loader.try_load_fqname(type, fqname)
+            @notfound[ fqname ] = result.nil?
           end
-        else
-          fqname = munge_name(fqname)
-          result = loader.try_load_fqname(type, fqname)
-          @notfound[ fqname ] = result.nil?
         end
+        result
       end
-      result
     end
   end
 

data/lib/puppet/type/user.rb

@@ -693,7 +693,7 @@ module Puppet
     end
 
     def generate
-      if !self[:purge_ssh_keys].empty? && self[:purge_ssh_keys] != :false
+      if !self[:purge_ssh_keys].empty?
         if Puppet::Type.type(:ssh_authorized_key).nil?
           warning _("Ssh_authorized_key type is not available. Cannot purge SSH keys.")
         else

data/lib/puppet/util/yaml.rb

@@ -24,7 +24,11 @@ module Puppet::Util::Yaml
   # @raise [YamlLoadException] If deserialization fails.
   # @return The parsed YAML, which can be Hash, Array or scalar types.
   def self.safe_load(yaml, allowed_classes = [], filename = nil)
-    data = YAML.safe_load(yaml, allowed_classes, [], true, filename)
+    if Gem::Version.new(Psych::VERSION) >= Gem::Version.new('3.1.0')
+      data = YAML.safe_load(yaml, permitted_classes: allowed_classes, aliases: true, filename: filename)
+    else
+      data = YAML.safe_load(yaml, allowed_classes, [], true, filename)
+    end
     data = false if data.nil?
     data
   rescue ::Psych::DisallowedClass => detail

data/lib/puppet/version.rb

@@ -6,7 +6,7 @@
 # Raketasks and such to set the version based on the output of `git describe`
 
 module Puppet
-  PUPPETVERSION = '7.13.1'
+  PUPPETVERSION = '7.14.0'
 
   ##
   # version is a public API method intended to always provide a fast and