puppet 7.13.1-x64-mingw32 → 7.16.0-x64-mingw32

Sign up to get free protection for your applications and to get access to all the features.
Files changed (55) hide show
  1. checksums.yaml +4 -4
  2. data/CODEOWNERS +1 -1
  3. data/Gemfile +1 -1
  4. data/Gemfile.lock +30 -30
  5. data/lib/puppet/application/lookup.rb +25 -23
  6. data/lib/puppet/configurer.rb +8 -14
  7. data/lib/puppet/defaults.rb +11 -1
  8. data/lib/puppet/face/generate.rb +2 -0
  9. data/lib/puppet/functions/next.rb +18 -1
  10. data/lib/puppet/functions/tree_each.rb +0 -1
  11. data/lib/puppet/generate/type.rb +9 -0
  12. data/lib/puppet/http/client.rb +1 -1
  13. data/lib/puppet/node.rb +1 -1
  14. data/lib/puppet/resource/type_collection.rb +21 -17
  15. data/lib/puppet/ssl/ssl_provider.rb +10 -7
  16. data/lib/puppet/type/exec.rb +1 -1
  17. data/lib/puppet/type/user.rb +1 -1
  18. data/lib/puppet/util/monkey_patches.rb +0 -2
  19. data/lib/puppet/util/yaml.rb +5 -1
  20. data/lib/puppet/util.rb +1 -0
  21. data/lib/puppet/version.rb +1 -1
  22. data/locales/puppet.pot +5 -9763
  23. data/man/man5/puppet.conf.5 +13 -2
  24. data/man/man8/puppet-agent.8 +1 -1
  25. data/man/man8/puppet-apply.8 +1 -1
  26. data/man/man8/puppet-catalog.8 +1 -1
  27. data/man/man8/puppet-config.8 +1 -1
  28. data/man/man8/puppet-describe.8 +1 -1
  29. data/man/man8/puppet-device.8 +1 -1
  30. data/man/man8/puppet-doc.8 +1 -1
  31. data/man/man8/puppet-epp.8 +1 -1
  32. data/man/man8/puppet-facts.8 +1 -1
  33. data/man/man8/puppet-filebucket.8 +1 -1
  34. data/man/man8/puppet-generate.8 +1 -1
  35. data/man/man8/puppet-help.8 +1 -1
  36. data/man/man8/puppet-lookup.8 +1 -1
  37. data/man/man8/puppet-module.8 +1 -1
  38. data/man/man8/puppet-node.8 +1 -1
  39. data/man/man8/puppet-parser.8 +1 -1
  40. data/man/man8/puppet-plugin.8 +1 -1
  41. data/man/man8/puppet-report.8 +1 -1
  42. data/man/man8/puppet-resource.8 +1 -1
  43. data/man/man8/puppet-script.8 +1 -1
  44. data/man/man8/puppet-ssl.8 +1 -1
  45. data/man/man8/puppet.8 +2 -2
  46. data/spec/integration/application/lookup_spec.rb +65 -57
  47. data/spec/integration/application/resource_spec.rb +6 -2
  48. data/spec/integration/http/client_spec.rb +30 -0
  49. data/spec/unit/configurer_spec.rb +124 -61
  50. data/spec/unit/confiner_spec.rb +6 -6
  51. data/spec/unit/face/generate_spec.rb +64 -0
  52. data/spec/unit/node_spec.rb +6 -0
  53. data/spec/unit/type/user_spec.rb +67 -0
  54. data/spec/unit/util/windows_spec.rb +23 -0
  55. metadata +5 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 25259cd4567045cebd4357999ad05061027308464aa48d09b26ded67dda9d67f
4
- data.tar.gz: d42f0f3bbe8c442eb5d82c4327fbd643423198944e5844c6b20c1464887d83e1
3
+ metadata.gz: d970fc3081c1f274db3199e615d213776542d27ce4043a6d155ba28016e8965d
4
+ data.tar.gz: 25dd46d4c27898d532d918d058d744a992959cda11d79ae5a12d902f26c4360f
5
5
  SHA512:
6
- metadata.gz: 65a7d5a72d4e2cf54b8256347b9bc1b8dbef894dcf9cfdff1645aa2aa53d21643a905b6f29364835146c0292fa6cf2d4ec98422491b27a4510bbada347fd3495
7
- data.tar.gz: c49b9358667b61a79d075ac1c5ce527bd1792506f54294a9b65f5457b3e0f14090a9d36f651f71b213c108483a0b35417588c9bd623368dd1628b892169db37b
6
+ metadata.gz: 14f99fbee6289753cdd96876b973627e1f17e7b888dbdd04803671ce192b35e2d44b55850d3bc9ba40d1c61a14874d69e0d45ec926914533dd39217a0f88948d
7
+ data.tar.gz: 0e5329faafcac9f60da50eb37f6a3cf6b3637bb09adb8f48d6a190a20ecec1f3047102dfb780124a27ee1906f5e9ce84c5aa49458109cba017808974b131c5b8
data/CODEOWNERS CHANGED
@@ -1,5 +1,5 @@
1
1
  # defaults
2
- * @puppetlabs/platform-core @puppetlabs/puppetserver-maintainers @puppetlabs/night-s-watch
2
+ * @puppetlabs/phoenix @puppetlabs/puppetserver-maintainers
3
3
 
4
4
  # PAL
5
5
  /lib/puppet/pal @puppetlabs/bolt
data/Gemfile CHANGED
@@ -26,7 +26,7 @@ group(:features) do
26
26
  #gem 'ruby-shadow', '~> 2.5', require: false, platforms: [:ruby]
27
27
  gem 'minitar', '~> 0.9', require: false
28
28
  gem 'msgpack', '~> 1.2', require: false
29
- gem 'rdoc', '~> 6.0', require: false, platforms: [:ruby]
29
+ gem 'rdoc', ['~> 6.0', '< 6.4.0'], require: false, platforms: [:ruby]
30
30
  # requires native augeas headers/libs
31
31
  # gem 'ruby-augeas', require: false, platforms: [:ruby]
32
32
  # requires native ldap headers/libs
data/Gemfile.lock CHANGED
@@ -1,11 +1,11 @@
1
1
  GIT
2
2
  remote: https://github.com/puppetlabs/packaging
3
- revision: 98613aaebad419700b4c37163fe3bbc612f2239d
3
+ revision: 0b07772b72c5e4076e145bab3d56d42331ec342b
4
4
  branch: 1.0.x
5
5
  specs:
6
- packaging (0.104.0.4.g98613aa)
6
+ packaging (0.106.1)
7
7
  apt_stage_artifacts
8
- artifactory (~> 2)
8
+ artifactory (~> 3)
9
9
  csv (= 3.1.5)
10
10
  rake (>= 12.3)
11
11
  release-metrics
@@ -13,7 +13,7 @@ GIT
13
13
  PATH
14
14
  remote: .
15
15
  specs:
16
- puppet (7.13.1)
16
+ puppet (7.16.0)
17
17
  CFPropertyList (~> 2.2)
18
18
  concurrent-ruby (~> 1.0)
19
19
  deep_merge (~> 1.0)
@@ -33,21 +33,21 @@ GEM
33
33
  public_suffix (>= 2.0.2, < 5.0)
34
34
  apt_stage_artifacts (0.10.1)
35
35
  docopt
36
- artifactory (2.8.2)
36
+ artifactory (3.0.15)
37
37
  ast (2.4.2)
38
38
  coderay (1.1.3)
39
- concurrent-ruby (1.1.9)
39
+ concurrent-ruby (1.1.10)
40
40
  crack (0.4.5)
41
41
  rexml
42
42
  csv (3.1.5)
43
- deep_merge (1.2.1)
44
- diff-lcs (1.4.4)
43
+ deep_merge (1.2.2)
44
+ diff-lcs (1.5.0)
45
45
  docopt (0.6.1)
46
- facter (4.2.5)
46
+ facter (4.2.9)
47
47
  hocon (~> 1.3)
48
48
  thor (>= 1.0.1, < 2.0)
49
49
  fast_gettext (1.1.2)
50
- ffi (1.15.4)
50
+ ffi (1.15.5)
51
51
  gettext (3.2.9)
52
52
  locale (>= 2.0.5)
53
53
  text (>= 1.3.0)
@@ -56,7 +56,7 @@ GEM
56
56
  gettext (>= 3.0.2, < 3.3.0)
57
57
  locale
58
58
  hashdiff (1.0.1)
59
- hiera (3.7.0)
59
+ hiera (3.8.0)
60
60
  hiera-eyaml (3.2.2)
61
61
  highline
62
62
  optimist
@@ -69,21 +69,21 @@ GEM
69
69
  memory_profiler (1.0.0)
70
70
  method_source (1.0.0)
71
71
  minitar (0.9)
72
- msgpack (1.4.2)
72
+ msgpack (1.5.1)
73
73
  multi_json (1.15.0)
74
74
  mustache (1.1.1)
75
75
  optimist (3.0.1)
76
- parallel (1.21.0)
76
+ parallel (1.22.1)
77
77
  parser (2.7.2.0)
78
78
  ast (~> 2.4.1)
79
79
  powerpack (0.1.3)
80
80
  pry (0.14.1)
81
81
  coderay (~> 1.1)
82
82
  method_source (~> 1.0)
83
- public_suffix (4.0.6)
83
+ public_suffix (4.0.7)
84
84
  puppet-resource_api (1.8.14)
85
85
  hocon (>= 1.0)
86
- puppetserver-ca (2.3.5)
86
+ puppetserver-ca (2.3.6)
87
87
  facter (>= 2.0.1, < 5)
88
88
  racc (1.5.2)
89
89
  rainbow (2.2.2)
@@ -99,22 +99,22 @@ GEM
99
99
  hpricot (>= 0.8.2)
100
100
  mustache (>= 0.7.0)
101
101
  rdiscount (>= 1.5.8)
102
- rspec (3.10.0)
103
- rspec-core (~> 3.10.0)
104
- rspec-expectations (~> 3.10.0)
105
- rspec-mocks (~> 3.10.0)
106
- rspec-core (3.10.1)
107
- rspec-support (~> 3.10.0)
108
- rspec-expectations (3.10.1)
102
+ rspec (3.11.0)
103
+ rspec-core (~> 3.11.0)
104
+ rspec-expectations (~> 3.11.0)
105
+ rspec-mocks (~> 3.11.0)
106
+ rspec-core (3.11.0)
107
+ rspec-support (~> 3.11.0)
108
+ rspec-expectations (3.11.0)
109
109
  diff-lcs (>= 1.2.0, < 2.0)
110
- rspec-support (~> 3.10.0)
110
+ rspec-support (~> 3.11.0)
111
111
  rspec-its (1.3.0)
112
112
  rspec-core (>= 3.0.0)
113
113
  rspec-expectations (>= 3.0.0)
114
- rspec-mocks (3.10.2)
114
+ rspec-mocks (3.11.1)
115
115
  diff-lcs (>= 1.2.0, < 2.0)
116
- rspec-support (~> 3.10.0)
117
- rspec-support (3.10.3)
116
+ rspec-support (~> 3.11.0)
117
+ rspec-support (3.11.0)
118
118
  rubocop (0.49.1)
119
119
  parallel (~> 1.10)
120
120
  parser (>= 2.3.3.1, < 3.0)
@@ -129,7 +129,7 @@ GEM
129
129
  scanf (1.0.0)
130
130
  semantic_puppet (1.0.4)
131
131
  text (1.3.1)
132
- thor (1.1.0)
132
+ thor (1.2.1)
133
133
  unicode-display_width (1.8.0)
134
134
  vcr (5.1.0)
135
135
  webmock (3.14.0)
@@ -141,7 +141,7 @@ GEM
141
141
  webrick (~> 1.7.0)
142
142
 
143
143
  PLATFORMS
144
- ruby
144
+ x86_64-linux
145
145
 
146
146
  DEPENDENCIES
147
147
  diff-lcs (~> 1.3)
@@ -160,7 +160,7 @@ DEPENDENCIES
160
160
  puppetserver-ca (~> 2.0)
161
161
  racc (= 1.5.2)
162
162
  rake (~> 13.0)
163
- rdoc (~> 6.0)
163
+ rdoc (~> 6.0, < 6.4.0)
164
164
  ronn (~> 0.7.3)
165
165
  rspec (~> 3.1)
166
166
  rspec-expectations (~> 3.9, != 3.9.3)
@@ -174,4 +174,4 @@ DEPENDENCIES
174
174
  yard
175
175
 
176
176
  BUNDLED WITH
177
- 1.17.3
177
+ 2.3.10
@@ -373,32 +373,34 @@ Copyright (c) 2015 Puppet Inc., LLC Licensed under the Apache 2.0 License
373
373
  end
374
374
 
375
375
  unless node.is_a?(Puppet::Node) # to allow unit tests to pass a node instance
376
- facts = retrieve_node_facts(node, given_facts)
377
- if Puppet.settings.set_by_cli?('environment')
378
- node = Puppet::Node.new(node, :classes => nil, :parameters => nil, :facts => facts, :environment => Puppet.settings.value('environment'))
379
- else
380
- ni = Puppet::Node.indirection
381
- tc = ni.terminus_class
382
-
383
- service = Puppet.runtime[:http]
384
- session = service.create_session
385
- cert = session.route_to(:ca)
386
-
387
- _, x509 = cert.get_certificate(node)
388
- cert = OpenSSL::X509::Certificate.new(x509)
389
-
390
- Puppet::SSL::Oids.register_puppet_oids
391
- trusted = Puppet::Context::TrustedInformation.remote(true, facts.values['certname'] || node, Puppet::SSL::Certificate.from_instance(cert))
392
-
393
- Puppet.override(trusted_information: trusted) do
394
- if tc == :plain || options[:compile]
395
- node = ni.find(node, facts: facts)
396
- else
397
- ni.terminus_class = :plain
376
+ facts = retrieve_node_facts(node, given_facts)
377
+ ni = Puppet::Node.indirection
378
+ tc = ni.terminus_class
379
+ if options[:compile] && !Puppet.settings.set_by_cli?('environment')
380
+ if tc == :plain
381
+ node = ni.find(node, facts: facts)
382
+ else
383
+ begin
384
+ service = Puppet.runtime[:http]
385
+ session = service.create_session
386
+ cert = session.route_to(:ca)
387
+
388
+ _, x509 = cert.get_certificate(node)
389
+ cert = OpenSSL::X509::Certificate.new(x509)
390
+ Puppet::SSL::Oids.register_puppet_oids
391
+ trusted = Puppet::Context::TrustedInformation.remote(true, facts.values['certname'] || node, Puppet::SSL::Certificate.from_instance(cert))
392
+ Puppet.override(trusted_information: trusted) do
393
+ node = ni.find(node, facts: facts)
394
+ end
395
+ rescue
396
+ Puppet.warning _("CA is not available, the operation will continue without using trusted facts.")
398
397
  node = ni.find(node, facts: facts)
399
- ni.terminus_class = tc
400
398
  end
401
399
  end
400
+ else
401
+ ni.terminus_class = :plain
402
+ node = ni.find(node, facts: facts, environment: Puppet[:environment])
403
+ ni.terminus_class = tc
402
404
  end
403
405
  else
404
406
  node.add_extra_facts(given_facts) if given_facts
@@ -392,7 +392,7 @@ class Puppet::Configurer
392
392
  Puppet.debug(_("Environment not passed via CLI and no catalog was given, attempting to find out the last server-specified environment"))
393
393
  initial_environment, loaded_last_environment = last_server_specified_environment
394
394
 
395
- unless loaded_last_environment
395
+ unless Puppet[:use_last_environment] && loaded_last_environment
396
396
  Puppet.debug(_("Requesting environment from the server"))
397
397
  initial_environment = current_server_specified_environment(@environment, configured_environment, options)
398
398
  end
@@ -418,7 +418,7 @@ class Puppet::Configurer
418
418
  temp_value = options[:pluginsync]
419
419
 
420
420
  # only validate server environment if pluginsync is requested
421
- options[:pluginsync] = valid_server_environment? if options[:pluginsync] == true
421
+ options[:pluginsync] = valid_server_environment? if options[:pluginsync]
422
422
 
423
423
  query_options, facts = get_facts(options) unless query_options
424
424
  options[:pluginsync] = temp_value
@@ -531,7 +531,11 @@ class Puppet::Configurer
531
531
  true
532
532
  rescue Puppet::HTTP::ResponseError => detail
533
533
  if detail.response.code == 404
534
- Puppet.notice(_("Environment '%{environment}' not found on server, skipping initial pluginsync.") % { environment: @environment })
534
+ if Puppet[:strict_environment_mode]
535
+ raise Puppet::Error.new(_("Environment '%{environment}' not found on server, aborting run.") % { environment: @environment })
536
+ else
537
+ Puppet.notice(_("Environment '%{environment}' not found on server, skipping initial pluginsync.") % { environment: @environment })
538
+ end
535
539
  else
536
540
  Puppet.log_exception(detail, detail.message)
537
541
  end
@@ -601,17 +605,7 @@ class Puppet::Configurer
601
605
  :transaction_uuid => @transaction_uuid,
602
606
  :fail_on_404 => true)
603
607
 
604
- # The :rest node terminus returns a node with an environment_name, but not an
605
- # environment instance. Attempting to get the environment instance will load
606
- # it from disk, which will likely fail. So create a remote environment.
607
- #
608
- # The :plain node terminus returns a node with an environment, but not an
609
- # environment_name.
610
- if !node.has_environment_instance? && node.environment_name
611
- node.environment = Puppet::Node::Environment.remote(node.environment_name)
612
- end
613
-
614
- @server_specified_environment = node.environment.to_s
608
+ @server_specified_environment = node.environment_name.to_s
615
609
 
616
610
  if @server_specified_environment != @environment
617
611
  Puppet.notice _("Local environment: '%{local_env}' doesn't match server specified node environment '%{node_env}', switching agent to '%{node_env}'.") % { local_env: @environment, node_env: @server_specified_environment }
@@ -421,6 +421,17 @@ module Puppet
421
421
  <https://puppet.com/docs/puppet/latest/environments_about.html>",
422
422
  :type => :path,
423
423
  },
424
+ :use_last_environment => {
425
+ :type => :boolean,
426
+ :default => true,
427
+ :desc => <<-'EOT'
428
+ Puppet saves both the initial and converged environment in the last_run_summary file.
429
+ If they differ, and this setting is set to true, we will use the last converged
430
+ environment and skip the node request.
431
+
432
+ When set to false, we will do the node request and ignore the environment data from the last_run_summary file.
433
+ EOT
434
+ },
424
435
  :always_retry_plugins => {
425
436
  :type => :boolean,
426
437
  :default => true,
@@ -1984,7 +1995,6 @@ EOT
1984
1995
  :hook => proc do |value|
1985
1996
  paths = value.split(File::PATH_SEPARATOR)
1986
1997
  facter = Puppet.runtime[:facter]
1987
- facter.reset
1988
1998
  facter.search(*paths)
1989
1999
  end
1990
2000
  }
@@ -58,6 +58,8 @@ Puppet::Face.define(:generate, '0.1.0') do
58
58
  Puppet::FileSystem::mkpath(outputdir)
59
59
 
60
60
  generator.generate(inputs, outputdir, options[:force])
61
+
62
+ exit(1) if generator.bad_input?
61
63
  nil
62
64
  end
63
65
  end
@@ -1,8 +1,25 @@
1
1
  # Makes iteration continue with the next value, optionally with a given value for this iteration.
2
2
  # If a value is not given it defaults to `undef`
3
+ #
4
+ # @example Using the `next()` function
3
5
  #
4
- # @since 4.7.0
6
+ # ```puppet
7
+ # $data = ['a','b','c']
8
+ # $data.each |Integer $index, String $value| {
9
+ # if $index == 1 {
10
+ # next()
11
+ # }
12
+ # notice ("${index} = ${value}")
13
+ # }
14
+ # ```
15
+ #
16
+ # Would notice:
17
+ # ```
18
+ # Notice: Scope(Class[main]): 0 = a
19
+ # Notice: Scope(Class[main]): 2 = c
20
+ # ```
5
21
  #
22
+ # @since 4.7.0
6
23
  Puppet::Functions.create_function(:next) do
7
24
  dispatch :next_impl do
8
25
  optional_param 'Any', :value
@@ -112,7 +112,6 @@
112
112
  # * `reverse_each` - get "leaves before root"
113
113
  # * `filter` - prune the tree
114
114
  # * `map` - transform each element
115
- # * `reduce` - produce something else
116
115
  #
117
116
  # Note than when chaining, the value passed on is a `Tuple` with `[path, value]`.
118
117
  #
@@ -134,6 +134,9 @@ module Puppet
134
134
  inputs.sort_by! { |input| input.path }
135
135
  end
136
136
 
137
+ def self.bad_input?
138
+ @bad_input
139
+ end
137
140
  # Generates files for the given inputs.
138
141
  # If a file is up to date (newer than input) it is kept.
139
142
  # If a file is out of date it is regenerated.
@@ -170,6 +173,8 @@ module Puppet
170
173
  }
171
174
 
172
175
  up_to_date = true
176
+ @bad_input = false
177
+
173
178
  Puppet.notice _('Generating Puppet resource types.')
174
179
  inputs.each do |input|
175
180
  if !force && input.up_to_date?(outputdir)
@@ -187,6 +192,7 @@ module Puppet
187
192
  raise
188
193
  rescue Exception => e
189
194
  # Log the exception and move on to the next input
195
+ @bad_input = true
190
196
  Puppet.log_exception(e, _("Failed to load custom type '%{type_name}' from '%{input}': %{message}") % { type_name: type_name, input: input, message: e.message })
191
197
  next
192
198
  end
@@ -205,6 +211,7 @@ module Puppet
205
211
  begin
206
212
  model = Models::Type::Type.new(type)
207
213
  rescue Exception => e
214
+ @bad_input = true
208
215
  # Move on to the next input
209
216
  Puppet.log_exception(e, "#{input}: #{e.message}")
210
217
  next
@@ -214,6 +221,7 @@ module Puppet
214
221
  begin
215
222
  result = model.render(templates[input.template_path])
216
223
  rescue Exception => e
224
+ @bad_input = true
217
225
  Puppet.log_exception(e)
218
226
  raise
219
227
  end
@@ -227,6 +235,7 @@ module Puppet
227
235
  file.write(result)
228
236
  end
229
237
  rescue Exception => e
238
+ @bad_input = true
230
239
  Puppet.log_exception(e, _("Failed to generate '%{effective_output_path}': %{message}") % { effective_output_path: effective_output_path, message: e.message })
231
240
  # Move on to the next input
232
241
  next
@@ -19,7 +19,7 @@
19
19
  # response = client.get(URI("http://www.example.com"))
20
20
  #
21
21
  # @example To make an HTTPS GET request, trusting the puppet CA and certs in Puppet's CA bundle:
22
- # response = client.get(URI("https://www.example.com"), include_system_store: true)
22
+ # response = client.get(URI("https://www.example.com"), options: { include_system_store: true })
23
23
  #
24
24
  # @example To use a URL containing special characters, such as spaces:
25
25
  # response = client.get(URI(Puppet::Util.uri_encode("https://www.example.com/path to file")))
data/lib/puppet/node.rb CHANGED
@@ -89,7 +89,7 @@ class Puppet::Node
89
89
  unless @environment.nil?
90
90
  # always set the environment parameter. It becomes top scope $environment for a manifest during catalog compilation.
91
91
  @parameters[ENVIRONMENT] = @environment.name.to_s
92
- self.environment_name = @environment.name if instance_variable_defined?(:@environment_name)
92
+ self.environment_name = @environment.name
93
93
  end
94
94
  @environment
95
95
  end
@@ -24,6 +24,7 @@ class Puppet::Resource::TypeCollection
24
24
  @definitions = {}
25
25
  @nodes = {}
26
26
  @notfound = {}
27
+ # always lock the environment before acquiring this lock
27
28
  @lock = Puppet::Concurrent::Lock.new
28
29
 
29
30
  # So we can keep a list and match the first-defined regex
@@ -185,26 +186,29 @@ class Puppet::Resource::TypeCollection
185
186
  # Resolve namespaces and find the given object. Autoload it if
186
187
  # necessary.
187
188
  def find_or_load(name, type)
188
- @lock.synchronize do
189
- # Name is always absolute, but may start with :: which must be removed
190
- fqname = (name[0,2] == COLON_COLON ? name[2..-1] : name)
191
-
192
- result = send(type, fqname)
193
- unless result
194
- if @notfound[ fqname ] && Puppet[ :ignoremissingtypes ]
195
- # do not try to autoload if we already tried and it wasn't conclusive
196
- # as this is a time consuming operation. Warn the user.
197
- # Check first if debugging is on since the call to debug_once is expensive
198
- if Puppet[:debug]
199
- debug_once _("Not attempting to load %{type} %{fqname} as this object was missing during a prior compilation") % { type: type, fqname: fqname }
189
+ # always lock the environment before locking the type collection
190
+ @environment.lock.synchronize do
191
+ @lock.synchronize do
192
+ # Name is always absolute, but may start with :: which must be removed
193
+ fqname = (name[0,2] == COLON_COLON ? name[2..-1] : name)
194
+
195
+ result = send(type, fqname)
196
+ unless result
197
+ if @notfound[ fqname ] && Puppet[ :ignoremissingtypes ]
198
+ # do not try to autoload if we already tried and it wasn't conclusive
199
+ # as this is a time consuming operation. Warn the user.
200
+ # Check first if debugging is on since the call to debug_once is expensive
201
+ if Puppet[:debug]
202
+ debug_once _("Not attempting to load %{type} %{fqname} as this object was missing during a prior compilation") % { type: type, fqname: fqname }
203
+ end
204
+ else
205
+ fqname = munge_name(fqname)
206
+ result = loader.try_load_fqname(type, fqname)
207
+ @notfound[ fqname ] = result.nil?
200
208
  end
201
- else
202
- fqname = munge_name(fqname)
203
- result = loader.try_load_fqname(type, fqname)
204
- @notfound[ fqname ] = result.nil?
205
209
  end
210
+ result
206
211
  end
207
- result
208
212
  end
209
213
  end
210
214
 
@@ -68,8 +68,7 @@ class Puppet::SSL::SSLProvider
68
68
  # @raise (see #create_context)
69
69
  # @api private
70
70
  def create_system_context(cacerts:, path: Puppet[:ssl_trust_store])
71
- store = create_x509_store(cacerts, [], false)
72
- store.set_default_paths
71
+ store = create_x509_store(cacerts, [], false, include_system_store: true)
73
72
 
74
73
  if path
75
74
  stat = Puppet::FileSystem.stat(path)
@@ -111,19 +110,20 @@ class Puppet::SSL::SSLProvider
111
110
  # @param client_cert [OpenSSL::X509::Certificate] client's cert whose public
112
111
  # key matches the `private_key`
113
112
  # @param revocation [:chain, :leaf, false] revocation mode
113
+ # @param include_system_store [true, false] Also trust system CA
114
114
  # @return [Puppet::SSL::SSLContext] A context to use to create connections
115
115
  # @raise [Puppet::SSL::CertVerifyError] There was an issue with
116
116
  # one of the certs or CRLs.
117
117
  # @raise [Puppet::SSL::SSLError] There was an issue with the
118
118
  # `private_key`.
119
119
  # @api private
120
- def create_context(cacerts:, crls:, private_key:, client_cert:, revocation: Puppet[:certificate_revocation])
120
+ def create_context(cacerts:, crls:, private_key:, client_cert:, revocation: Puppet[:certificate_revocation], include_system_store: false)
121
121
  raise ArgumentError, _("CA certs are missing") unless cacerts
122
122
  raise ArgumentError, _("CRLs are missing") unless crls
123
123
  raise ArgumentError, _("Private key is missing") unless private_key
124
124
  raise ArgumentError, _("Client cert is missing") unless client_cert
125
125
 
126
- store = create_x509_store(cacerts, crls, revocation)
126
+ store = create_x509_store(cacerts, crls, revocation, include_system_store: include_system_store)
127
127
  client_chain = verify_cert_with_store(store, client_cert)
128
128
 
129
129
  if !private_key.is_a?(OpenSSL::PKey::RSA) && !private_key.is_a?(OpenSSL::PKey::EC)
@@ -151,12 +151,13 @@ class Puppet::SSL::SSLProvider
151
151
  # @param password [String, nil] If the private key is encrypted, decrypt
152
152
  # it using the password. If the key is encrypted, but a password is
153
153
  # not specified, then the key cannot be loaded.
154
+ # @param include_system_store [true, false] Also trust system CA
154
155
  # @return [Puppet::SSL::SSLContext] A context to use to create connections
155
156
  # @raise [Puppet::SSL::CertVerifyError] There was an issue with
156
157
  # one of the certs or CRLs.
157
158
  # @raise [Puppet::Error] There was an issue with one of the required components.
158
159
  # @api private
159
- def load_context(certname: Puppet[:certname], revocation: Puppet[:certificate_revocation], password: nil)
160
+ def load_context(certname: Puppet[:certname], revocation: Puppet[:certificate_revocation], password: nil, include_system_store: false)
160
161
  cert = Puppet::X509::CertProvider.new
161
162
  cacerts = cert.load_cacerts(required: true)
162
163
  crls = case revocation
@@ -168,7 +169,7 @@ class Puppet::SSL::SSLProvider
168
169
  private_key = cert.load_private_key(certname, required: true, password: password)
169
170
  client_cert = cert.load_client_cert(certname, required: true)
170
171
 
171
- create_context(cacerts: cacerts, crls: crls, private_key: private_key, client_cert: client_cert, revocation: revocation)
172
+ create_context(cacerts: cacerts, crls: crls, private_key: private_key, client_cert: client_cert, revocation: revocation, include_system_store: include_system_store)
172
173
  rescue OpenSSL::PKey::PKeyError => e
173
174
  raise Puppet::SSL::SSLError.new(_("Failed to load private key for host '%{name}': %{message}") % { name: certname, message: e.message }, e)
174
175
  end
@@ -203,7 +204,7 @@ class Puppet::SSL::SSLProvider
203
204
  end
204
205
  end
205
206
 
206
- def create_x509_store(roots, crls, revocation)
207
+ def create_x509_store(roots, crls, revocation, include_system_store: false)
207
208
  store = OpenSSL::X509::Store.new
208
209
  store.purpose = OpenSSL::X509::PURPOSE_ANY
209
210
  store.flags = default_flags | revocation_mode(revocation)
@@ -211,6 +212,8 @@ class Puppet::SSL::SSLProvider
211
212
  roots.each { |cert| store.add_cert(cert) }
212
213
  crls.each { |crl| store.add_crl(crl) }
213
214
 
215
+ store.set_default_paths if include_system_store
216
+
214
217
  store
215
218
  end
216
219
 
@@ -457,7 +457,7 @@ module Puppet
457
457
 
458
458
  exec { '/bin/echo root >> /usr/lib/cron/cron.allow':
459
459
  path => '/usr/bin:/usr/sbin:/bin',
460
- unless => 'grep root /usr/lib/cron/cron.allow 2>/dev/null',
460
+ unless => 'grep ^root$ /usr/lib/cron/cron.allow 2>/dev/null',
461
461
  }
462
462
 
463
463
  This would add `root` to the cron.allow file (on Solaris) unless
@@ -693,7 +693,7 @@ module Puppet
693
693
  end
694
694
 
695
695
  def generate
696
- if !self[:purge_ssh_keys].empty? && self[:purge_ssh_keys] != :false
696
+ if !self[:purge_ssh_keys].empty?
697
697
  if Puppet::Type.type(:ssh_authorized_key).nil?
698
698
  warning _("Ssh_authorized_key type is not available. Cannot purge SSH keys.")
699
699
  else
@@ -79,8 +79,6 @@ unless Puppet::Util::Platform.jruby_fips?
79
79
  end
80
80
 
81
81
  if Puppet::Util::Platform.windows?
82
- require_relative '../../puppet/util/windows'
83
-
84
82
  class OpenSSL::X509::Store
85
83
  @puppet_certs_loaded = false
86
84
  alias __original_set_default_paths set_default_paths
@@ -24,7 +24,11 @@ module Puppet::Util::Yaml
24
24
  # @raise [YamlLoadException] If deserialization fails.
25
25
  # @return The parsed YAML, which can be Hash, Array or scalar types.
26
26
  def self.safe_load(yaml, allowed_classes = [], filename = nil)
27
- data = YAML.safe_load(yaml, allowed_classes, [], true, filename)
27
+ if Gem::Version.new(Psych::VERSION) >= Gem::Version.new('3.1.0')
28
+ data = YAML.safe_load(yaml, permitted_classes: allowed_classes, aliases: true, filename: filename)
29
+ else
30
+ data = YAML.safe_load(yaml, allowed_classes, [], true, filename)
31
+ end
28
32
  data = false if data.nil?
29
33
  data
30
34
  rescue ::Psych::DisallowedClass => detail
data/lib/puppet/util.rb CHANGED
@@ -7,6 +7,7 @@ require 'uri'
7
7
  require 'pathname'
8
8
  require 'ostruct'
9
9
  require_relative 'util/platform'
10
+ require_relative 'util/windows'
10
11
  require_relative 'util/symbolic_file_mode'
11
12
  require_relative '../puppet/file_system/uniquefile'
12
13
  require 'securerandom'
@@ -6,7 +6,7 @@
6
6
  # Raketasks and such to set the version based on the output of `git describe`
7
7
 
8
8
  module Puppet
9
- PUPPETVERSION = '7.13.1'
9
+ PUPPETVERSION = '7.16.0'
10
10
 
11
11
  ##
12
12
  # version is a public API method intended to always provide a fast and