puppet 7.13.1 → 7.14.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (44) hide show
  1. checksums.yaml +4 -4
  2. data/CODEOWNERS +1 -1
  3. data/Gemfile +1 -1
  4. data/Gemfile.lock +13 -13
  5. data/lib/puppet/application/lookup.rb +22 -16
  6. data/lib/puppet/configurer.rb +2 -12
  7. data/lib/puppet/defaults.rb +11 -0
  8. data/lib/puppet/face/generate.rb +2 -0
  9. data/lib/puppet/generate/type.rb +9 -0
  10. data/lib/puppet/node.rb +1 -1
  11. data/lib/puppet/resource/type_collection.rb +21 -17
  12. data/lib/puppet/type/user.rb +1 -1
  13. data/lib/puppet/util/yaml.rb +5 -1
  14. data/lib/puppet/version.rb +1 -1
  15. data/locales/puppet.pot +5 -9763
  16. data/man/man5/puppet.conf.5 +13 -2
  17. data/man/man8/puppet-agent.8 +1 -1
  18. data/man/man8/puppet-apply.8 +1 -1
  19. data/man/man8/puppet-catalog.8 +1 -1
  20. data/man/man8/puppet-config.8 +1 -1
  21. data/man/man8/puppet-describe.8 +1 -1
  22. data/man/man8/puppet-device.8 +1 -1
  23. data/man/man8/puppet-doc.8 +1 -1
  24. data/man/man8/puppet-epp.8 +1 -1
  25. data/man/man8/puppet-facts.8 +1 -1
  26. data/man/man8/puppet-filebucket.8 +1 -1
  27. data/man/man8/puppet-generate.8 +1 -1
  28. data/man/man8/puppet-help.8 +1 -1
  29. data/man/man8/puppet-lookup.8 +1 -1
  30. data/man/man8/puppet-module.8 +1 -1
  31. data/man/man8/puppet-node.8 +1 -1
  32. data/man/man8/puppet-parser.8 +1 -1
  33. data/man/man8/puppet-plugin.8 +1 -1
  34. data/man/man8/puppet-report.8 +1 -1
  35. data/man/man8/puppet-resource.8 +1 -1
  36. data/man/man8/puppet-script.8 +1 -1
  37. data/man/man8/puppet-ssl.8 +1 -1
  38. data/man/man8/puppet.8 +2 -2
  39. data/spec/integration/application/lookup_spec.rb +4 -1
  40. data/spec/unit/configurer_spec.rb +90 -58
  41. data/spec/unit/face/generate_spec.rb +64 -0
  42. data/spec/unit/node_spec.rb +6 -0
  43. data/spec/unit/type/user_spec.rb +67 -0
  44. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 45045b95a6ecb2a310d7114e78c48e812cbaa18e396eba63a399b3f6221e947e
4
- data.tar.gz: 9196874c694b632b984fd0fc7b2304a2a2b6551328cbb81d62f664c282bd0ba9
3
+ metadata.gz: 0bfe9ca048650907403c807502ce029037bcf50e43509d2da8c4daad6087a143
4
+ data.tar.gz: 402ea46ece628a86c88351d7c93e739456a584bb95a21e2e5a4790616d724ad8
5
5
  SHA512:
6
- metadata.gz: e318a7303b592cb3b2cd0dd26c5e7b8ea57ab410aa79bd77c06acf60509d6f2fb5a55bf4fbea9aeeb8e4f660dd3f3c2c65062b3f0a0a3ba806c713264140b24a
7
- data.tar.gz: e23422e5834aa7eedbc7e25bcaaf04d9ca3a48604c94d2c84085348cc1c41aad33299e0de3a247f9769222ba7d67b55de0deeab96037245b3214ef903d8bbbaa
6
+ metadata.gz: a46e4c6e681a1a23fe68a22e8308d41d9016e658577298d998354c4f8410b79aa1666b39e5244f00e3e8b97baa8c9bfcf0dd15b6a1a19a7c80d71d2cdbb9e609
7
+ data.tar.gz: 06add9d22b8a646a50caf987611b1a4b366477619c2681634cc21a38de36e540d8455993c572fd5f20616771361b7bad0b847bbbcd8cac28bc02a8de916ce81c
data/CODEOWNERS CHANGED
@@ -1,5 +1,5 @@
1
1
  # defaults
2
- * @puppetlabs/platform-core @puppetlabs/puppetserver-maintainers @puppetlabs/night-s-watch
2
+ * @puppetlabs/phoenix @puppetlabs/puppetserver-maintainers @puppetlabs/night-s-watch
3
3
 
4
4
  # PAL
5
5
  /lib/puppet/pal @puppetlabs/bolt
data/Gemfile CHANGED
@@ -26,7 +26,7 @@ group(:features) do
26
26
  #gem 'ruby-shadow', '~> 2.5', require: false, platforms: [:ruby]
27
27
  gem 'minitar', '~> 0.9', require: false
28
28
  gem 'msgpack', '~> 1.2', require: false
29
- gem 'rdoc', '~> 6.0', require: false, platforms: [:ruby]
29
+ gem 'rdoc', ['~> 6.0', '< 6.4.0'], require: false, platforms: [:ruby]
30
30
  # requires native augeas headers/libs
31
31
  # gem 'ruby-augeas', require: false, platforms: [:ruby]
32
32
  # requires native ldap headers/libs
data/Gemfile.lock CHANGED
@@ -1,9 +1,9 @@
1
1
  GIT
2
2
  remote: https://github.com/puppetlabs/packaging
3
- revision: 98613aaebad419700b4c37163fe3bbc612f2239d
3
+ revision: 9d36e41d10ce14c66d9c3c35157788e63c1afef8
4
4
  branch: 1.0.x
5
5
  specs:
6
- packaging (0.104.0.4.g98613aa)
6
+ packaging (0.105.0)
7
7
  apt_stage_artifacts
8
8
  artifactory (~> 2)
9
9
  csv (= 3.1.5)
@@ -13,7 +13,7 @@ GIT
13
13
  PATH
14
14
  remote: .
15
15
  specs:
16
- puppet (7.13.1)
16
+ puppet (7.14.0)
17
17
  CFPropertyList (~> 2.2)
18
18
  concurrent-ruby (~> 1.0)
19
19
  deep_merge (~> 1.0)
@@ -40,14 +40,14 @@ GEM
40
40
  crack (0.4.5)
41
41
  rexml
42
42
  csv (3.1.5)
43
- deep_merge (1.2.1)
44
- diff-lcs (1.4.4)
43
+ deep_merge (1.2.2)
44
+ diff-lcs (1.5.0)
45
45
  docopt (0.6.1)
46
- facter (4.2.5)
46
+ facter (4.2.7)
47
47
  hocon (~> 1.3)
48
48
  thor (>= 1.0.1, < 2.0)
49
49
  fast_gettext (1.1.2)
50
- ffi (1.15.4)
50
+ ffi (1.15.5)
51
51
  gettext (3.2.9)
52
52
  locale (>= 2.0.5)
53
53
  text (>= 1.3.0)
@@ -56,7 +56,7 @@ GEM
56
56
  gettext (>= 3.0.2, < 3.3.0)
57
57
  locale
58
58
  hashdiff (1.0.1)
59
- hiera (3.7.0)
59
+ hiera (3.8.0)
60
60
  hiera-eyaml (3.2.2)
61
61
  highline
62
62
  optimist
@@ -105,7 +105,7 @@ GEM
105
105
  rspec-mocks (~> 3.10.0)
106
106
  rspec-core (3.10.1)
107
107
  rspec-support (~> 3.10.0)
108
- rspec-expectations (3.10.1)
108
+ rspec-expectations (3.10.2)
109
109
  diff-lcs (>= 1.2.0, < 2.0)
110
110
  rspec-support (~> 3.10.0)
111
111
  rspec-its (1.3.0)
@@ -129,7 +129,7 @@ GEM
129
129
  scanf (1.0.0)
130
130
  semantic_puppet (1.0.4)
131
131
  text (1.3.1)
132
- thor (1.1.0)
132
+ thor (1.2.1)
133
133
  unicode-display_width (1.8.0)
134
134
  vcr (5.1.0)
135
135
  webmock (3.14.0)
@@ -141,7 +141,7 @@ GEM
141
141
  webrick (~> 1.7.0)
142
142
 
143
143
  PLATFORMS
144
- ruby
144
+ x86_64-linux
145
145
 
146
146
  DEPENDENCIES
147
147
  diff-lcs (~> 1.3)
@@ -160,7 +160,7 @@ DEPENDENCIES
160
160
  puppetserver-ca (~> 2.0)
161
161
  racc (= 1.5.2)
162
162
  rake (~> 13.0)
163
- rdoc (~> 6.0)
163
+ rdoc (~> 6.0, < 6.4.0)
164
164
  ronn (~> 0.7.3)
165
165
  rspec (~> 3.1)
166
166
  rspec-expectations (~> 3.9, != 3.9.3)
@@ -174,4 +174,4 @@ DEPENDENCIES
174
174
  yard
175
175
 
176
176
  BUNDLED WITH
177
- 1.17.3
177
+ 2.2.6
@@ -379,25 +379,31 @@ Copyright (c) 2015 Puppet Inc., LLC Licensed under the Apache 2.0 License
379
379
  else
380
380
  ni = Puppet::Node.indirection
381
381
  tc = ni.terminus_class
382
-
383
- service = Puppet.runtime[:http]
384
- session = service.create_session
385
- cert = session.route_to(:ca)
386
-
387
- _, x509 = cert.get_certificate(node)
388
- cert = OpenSSL::X509::Certificate.new(x509)
389
-
390
- Puppet::SSL::Oids.register_puppet_oids
391
- trusted = Puppet::Context::TrustedInformation.remote(true, facts.values['certname'] || node, Puppet::SSL::Certificate.from_instance(cert))
392
-
393
- Puppet.override(trusted_information: trusted) do
394
- if tc == :plain || options[:compile]
382
+ if options[:compile]
383
+ if tc == :plain
395
384
  node = ni.find(node, facts: facts)
396
385
  else
397
- ni.terminus_class = :plain
398
- node = ni.find(node, facts: facts)
399
- ni.terminus_class = tc
386
+ begin
387
+ service = Puppet.runtime[:http]
388
+ session = service.create_session
389
+ cert = session.route_to(:ca)
390
+
391
+ _, x509 = cert.get_certificate(node)
392
+ cert = OpenSSL::X509::Certificate.new(x509)
393
+ Puppet::SSL::Oids.register_puppet_oids
394
+ trusted = Puppet::Context::TrustedInformation.remote(true, facts.values['certname'] || node, Puppet::SSL::Certificate.from_instance(cert))
395
+ Puppet.override(trusted_information: trusted) do
396
+ node = ni.find(node, facts: facts)
397
+ end
398
+ rescue
399
+ Puppet.warning _("CA is not available, the operation will continue without using trusted facts.")
400
+ node = ni.find(node, facts: facts)
401
+ end
400
402
  end
403
+ else
404
+ ni.terminus_class = :plain
405
+ node = ni.find(node, facts: facts)
406
+ ni.terminus_class = tc
401
407
  end
402
408
  end
403
409
  else
@@ -392,7 +392,7 @@ class Puppet::Configurer
392
392
  Puppet.debug(_("Environment not passed via CLI and no catalog was given, attempting to find out the last server-specified environment"))
393
393
  initial_environment, loaded_last_environment = last_server_specified_environment
394
394
 
395
- unless loaded_last_environment
395
+ unless Puppet[:use_last_environment] && loaded_last_environment
396
396
  Puppet.debug(_("Requesting environment from the server"))
397
397
  initial_environment = current_server_specified_environment(@environment, configured_environment, options)
398
398
  end
@@ -601,17 +601,7 @@ class Puppet::Configurer
601
601
  :transaction_uuid => @transaction_uuid,
602
602
  :fail_on_404 => true)
603
603
 
604
- # The :rest node terminus returns a node with an environment_name, but not an
605
- # environment instance. Attempting to get the environment instance will load
606
- # it from disk, which will likely fail. So create a remote environment.
607
- #
608
- # The :plain node terminus returns a node with an environment, but not an
609
- # environment_name.
610
- if !node.has_environment_instance? && node.environment_name
611
- node.environment = Puppet::Node::Environment.remote(node.environment_name)
612
- end
613
-
614
- @server_specified_environment = node.environment.to_s
604
+ @server_specified_environment = node.environment_name.to_s
615
605
 
616
606
  if @server_specified_environment != @environment
617
607
  Puppet.notice _("Local environment: '%{local_env}' doesn't match server specified node environment '%{node_env}', switching agent to '%{node_env}'.") % { local_env: @environment, node_env: @server_specified_environment }
@@ -421,6 +421,17 @@ module Puppet
421
421
  <https://puppet.com/docs/puppet/latest/environments_about.html>",
422
422
  :type => :path,
423
423
  },
424
+ :use_last_environment => {
425
+ :type => :boolean,
426
+ :default => true,
427
+ :desc => <<-'EOT'
428
+ Puppet saves both the initial and converged environment in the last_run_summary file.
429
+ If they differ, and this setting is set to true, we will use the last converged
430
+ environment and skip the node request.
431
+
432
+ When set to false, we will do the node request and ignore the environment data from the last_run_summary file.
433
+ EOT
434
+ },
424
435
  :always_retry_plugins => {
425
436
  :type => :boolean,
426
437
  :default => true,
@@ -58,6 +58,8 @@ Puppet::Face.define(:generate, '0.1.0') do
58
58
  Puppet::FileSystem::mkpath(outputdir)
59
59
 
60
60
  generator.generate(inputs, outputdir, options[:force])
61
+
62
+ exit(1) if generator.bad_input?
61
63
  nil
62
64
  end
63
65
  end
@@ -134,6 +134,9 @@ module Puppet
134
134
  inputs.sort_by! { |input| input.path }
135
135
  end
136
136
 
137
+ def self.bad_input?
138
+ @bad_input
139
+ end
137
140
  # Generates files for the given inputs.
138
141
  # If a file is up to date (newer than input) it is kept.
139
142
  # If a file is out of date it is regenerated.
@@ -170,6 +173,8 @@ module Puppet
170
173
  }
171
174
 
172
175
  up_to_date = true
176
+ @bad_input = false
177
+
173
178
  Puppet.notice _('Generating Puppet resource types.')
174
179
  inputs.each do |input|
175
180
  if !force && input.up_to_date?(outputdir)
@@ -187,6 +192,7 @@ module Puppet
187
192
  raise
188
193
  rescue Exception => e
189
194
  # Log the exception and move on to the next input
195
+ @bad_input = true
190
196
  Puppet.log_exception(e, _("Failed to load custom type '%{type_name}' from '%{input}': %{message}") % { type_name: type_name, input: input, message: e.message })
191
197
  next
192
198
  end
@@ -205,6 +211,7 @@ module Puppet
205
211
  begin
206
212
  model = Models::Type::Type.new(type)
207
213
  rescue Exception => e
214
+ @bad_input = true
208
215
  # Move on to the next input
209
216
  Puppet.log_exception(e, "#{input}: #{e.message}")
210
217
  next
@@ -214,6 +221,7 @@ module Puppet
214
221
  begin
215
222
  result = model.render(templates[input.template_path])
216
223
  rescue Exception => e
224
+ @bad_input = true
217
225
  Puppet.log_exception(e)
218
226
  raise
219
227
  end
@@ -227,6 +235,7 @@ module Puppet
227
235
  file.write(result)
228
236
  end
229
237
  rescue Exception => e
238
+ @bad_input = true
230
239
  Puppet.log_exception(e, _("Failed to generate '%{effective_output_path}': %{message}") % { effective_output_path: effective_output_path, message: e.message })
231
240
  # Move on to the next input
232
241
  next
data/lib/puppet/node.rb CHANGED
@@ -89,7 +89,7 @@ class Puppet::Node
89
89
  unless @environment.nil?
90
90
  # always set the environment parameter. It becomes top scope $environment for a manifest during catalog compilation.
91
91
  @parameters[ENVIRONMENT] = @environment.name.to_s
92
- self.environment_name = @environment.name if instance_variable_defined?(:@environment_name)
92
+ self.environment_name = @environment.name
93
93
  end
94
94
  @environment
95
95
  end
@@ -24,6 +24,7 @@ class Puppet::Resource::TypeCollection
24
24
  @definitions = {}
25
25
  @nodes = {}
26
26
  @notfound = {}
27
+ # always lock the environment before acquiring this lock
27
28
  @lock = Puppet::Concurrent::Lock.new
28
29
 
29
30
  # So we can keep a list and match the first-defined regex
@@ -185,26 +186,29 @@ class Puppet::Resource::TypeCollection
185
186
  # Resolve namespaces and find the given object. Autoload it if
186
187
  # necessary.
187
188
  def find_or_load(name, type)
188
- @lock.synchronize do
189
- # Name is always absolute, but may start with :: which must be removed
190
- fqname = (name[0,2] == COLON_COLON ? name[2..-1] : name)
191
-
192
- result = send(type, fqname)
193
- unless result
194
- if @notfound[ fqname ] && Puppet[ :ignoremissingtypes ]
195
- # do not try to autoload if we already tried and it wasn't conclusive
196
- # as this is a time consuming operation. Warn the user.
197
- # Check first if debugging is on since the call to debug_once is expensive
198
- if Puppet[:debug]
199
- debug_once _("Not attempting to load %{type} %{fqname} as this object was missing during a prior compilation") % { type: type, fqname: fqname }
189
+ # always lock the environment before locking the type collection
190
+ @environment.lock.synchronize do
191
+ @lock.synchronize do
192
+ # Name is always absolute, but may start with :: which must be removed
193
+ fqname = (name[0,2] == COLON_COLON ? name[2..-1] : name)
194
+
195
+ result = send(type, fqname)
196
+ unless result
197
+ if @notfound[ fqname ] && Puppet[ :ignoremissingtypes ]
198
+ # do not try to autoload if we already tried and it wasn't conclusive
199
+ # as this is a time consuming operation. Warn the user.
200
+ # Check first if debugging is on since the call to debug_once is expensive
201
+ if Puppet[:debug]
202
+ debug_once _("Not attempting to load %{type} %{fqname} as this object was missing during a prior compilation") % { type: type, fqname: fqname }
203
+ end
204
+ else
205
+ fqname = munge_name(fqname)
206
+ result = loader.try_load_fqname(type, fqname)
207
+ @notfound[ fqname ] = result.nil?
200
208
  end
201
- else
202
- fqname = munge_name(fqname)
203
- result = loader.try_load_fqname(type, fqname)
204
- @notfound[ fqname ] = result.nil?
205
209
  end
210
+ result
206
211
  end
207
- result
208
212
  end
209
213
  end
210
214
 
@@ -693,7 +693,7 @@ module Puppet
693
693
  end
694
694
 
695
695
  def generate
696
- if !self[:purge_ssh_keys].empty? && self[:purge_ssh_keys] != :false
696
+ if !self[:purge_ssh_keys].empty?
697
697
  if Puppet::Type.type(:ssh_authorized_key).nil?
698
698
  warning _("Ssh_authorized_key type is not available. Cannot purge SSH keys.")
699
699
  else
@@ -24,7 +24,11 @@ module Puppet::Util::Yaml
24
24
  # @raise [YamlLoadException] If deserialization fails.
25
25
  # @return The parsed YAML, which can be Hash, Array or scalar types.
26
26
  def self.safe_load(yaml, allowed_classes = [], filename = nil)
27
- data = YAML.safe_load(yaml, allowed_classes, [], true, filename)
27
+ if Gem::Version.new(Psych::VERSION) >= Gem::Version.new('3.1.0')
28
+ data = YAML.safe_load(yaml, permitted_classes: allowed_classes, aliases: true, filename: filename)
29
+ else
30
+ data = YAML.safe_load(yaml, allowed_classes, [], true, filename)
31
+ end
28
32
  data = false if data.nil?
29
33
  data
30
34
  rescue ::Psych::DisallowedClass => detail
@@ -6,7 +6,7 @@
6
6
  # Raketasks and such to set the version based on the output of `git describe`
7
7
 
8
8
  module Puppet
9
- PUPPETVERSION = '7.13.1'
9
+ PUPPETVERSION = '7.14.0'
10
10
 
11
11
  ##
12
12
  # version is a public API method intended to always provide a fast and