puppet 7.14.0-x86-mingw32 → 7.17.0-x86-mingw32
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CODEOWNERS +1 -1
- data/Gemfile.lock +86 -25
- data/ext/systemd/puppet.service +1 -1
- data/lib/puppet/agent.rb +20 -2
- data/lib/puppet/application/agent.rb +3 -13
- data/lib/puppet/application/apply.rb +2 -2
- data/lib/puppet/application/lookup.rb +24 -28
- data/lib/puppet/configurer.rb +7 -3
- data/lib/puppet/defaults.rb +11 -2
- data/lib/puppet/functions/next.rb +18 -1
- data/lib/puppet/functions/tree_each.rb +0 -1
- data/lib/puppet/http/client.rb +23 -3
- data/lib/puppet/parameter.rb +19 -4
- data/lib/puppet/pops/evaluator/deferred_resolver.rb +46 -6
- data/lib/puppet/pops/functions/dispatcher.rb +10 -6
- data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb +7 -6
- data/lib/puppet/pops/types/type_mismatch_describer.rb +22 -1
- data/lib/puppet/provider/package/puppetserver_gem.rb +7 -16
- data/lib/puppet/provider/package/yum.rb +8 -3
- data/lib/puppet/provider/user/directoryservice.rb +15 -8
- data/lib/puppet/ssl/ssl_provider.rb +75 -19
- data/lib/puppet/ssl/state_machine.rb +13 -17
- data/lib/puppet/transaction.rb +22 -0
- data/lib/puppet/type/exec.rb +1 -1
- data/lib/puppet/type/user.rb +3 -0
- data/lib/puppet/type.rb +20 -3
- data/lib/puppet/util/monkey_patches.rb +0 -2
- data/lib/puppet/util.rb +1 -0
- data/lib/puppet/version.rb +1 -1
- data/lib/puppet.rb +1 -14
- data/man/man5/puppet.conf.5 +11 -3
- data/man/man8/puppet-agent.8 +2 -2
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +1 -1
- data/man/man8/puppet-filebucket.8 +1 -1
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-module.8 +1 -1
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +1 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/integration/application/agent_spec.rb +157 -0
- data/spec/integration/application/apply_spec.rb +74 -0
- data/spec/integration/application/lookup_spec.rb +64 -59
- data/spec/integration/application/resource_spec.rb +6 -2
- data/spec/integration/http/client_spec.rb +51 -4
- data/spec/lib/puppet_spec/https.rb +1 -1
- data/spec/lib/puppet_spec/puppetserver.rb +39 -2
- data/spec/unit/agent_spec.rb +6 -2
- data/spec/unit/application/agent_spec.rb +26 -16
- data/spec/unit/configurer_spec.rb +34 -3
- data/spec/unit/confiner_spec.rb +6 -6
- data/spec/unit/daemon_spec.rb +2 -11
- data/spec/unit/http/client_spec.rb +18 -0
- data/spec/unit/pops/evaluator/deferred_resolver_spec.rb +26 -0
- data/spec/unit/pops/loaders/loaders_spec.rb +1 -1
- data/spec/unit/pops/types/type_mismatch_describer_spec.rb +167 -1
- data/spec/unit/provider/package/puppetserver_gem_spec.rb +2 -2
- data/spec/unit/provider/user/directoryservice_spec.rb +1 -1
- data/spec/unit/ssl/ssl_provider_spec.rb +75 -1
- data/spec/unit/ssl/state_machine_spec.rb +1 -0
- data/spec/unit/util/windows_spec.rb +23 -0
- data/tasks/generate_cert_fixtures.rake +5 -4
- metadata +5 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 48a2b8760b0d3a6222551f94e700314fe9c5a3e1071d1c1c45022a1d77f19940
|
4
|
+
data.tar.gz: 7705591fc0fd2ed3559c29d7d90f803a6730ac835207e919e92195145aae0a8c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 5ba09184d443d86b0007acbe47fff9dd2f42a08d7f56c5c69bde63120e114ed80e0c7c8ff7465d28b54ef76282badb02e2e70bfb40ff797a222af31e1aca8d18
|
7
|
+
data.tar.gz: cef70451f5c9c09e871807b61c04d4d38270878b13bbdebb107391f6c98cc87f77d789b81fb2399358c64e86f5d1764ee8b41fab004ee5465e3f6bdc17dc46b1
|
data/CODEOWNERS
CHANGED
data/Gemfile.lock
CHANGED
@@ -1,19 +1,21 @@
|
|
1
1
|
GIT
|
2
2
|
remote: https://github.com/puppetlabs/packaging
|
3
|
-
revision:
|
3
|
+
revision: b791353d4f81dbb1df5ce3d79e95bd008b47beb6
|
4
4
|
branch: 1.0.x
|
5
5
|
specs:
|
6
|
-
packaging (0.
|
6
|
+
packaging (0.106.3.6.gb791353)
|
7
7
|
apt_stage_artifacts
|
8
|
-
artifactory (~>
|
8
|
+
artifactory (~> 3)
|
9
9
|
csv (= 3.1.5)
|
10
|
+
google-cloud-storage
|
11
|
+
googleauth
|
10
12
|
rake (>= 12.3)
|
11
13
|
release-metrics
|
12
14
|
|
13
15
|
PATH
|
14
16
|
remote: .
|
15
17
|
specs:
|
16
|
-
puppet (7.
|
18
|
+
puppet (7.17.0)
|
17
19
|
CFPropertyList (~> 2.2)
|
18
20
|
concurrent-ruby (~> 1.0)
|
19
21
|
deep_merge (~> 1.0)
|
@@ -33,19 +35,26 @@ GEM
|
|
33
35
|
public_suffix (>= 2.0.2, < 5.0)
|
34
36
|
apt_stage_artifacts (0.10.1)
|
35
37
|
docopt
|
36
|
-
artifactory (
|
38
|
+
artifactory (3.0.15)
|
37
39
|
ast (2.4.2)
|
38
40
|
coderay (1.1.3)
|
39
|
-
concurrent-ruby (1.1.
|
41
|
+
concurrent-ruby (1.1.10)
|
40
42
|
crack (0.4.5)
|
41
43
|
rexml
|
42
44
|
csv (3.1.5)
|
45
|
+
declarative (0.0.20)
|
43
46
|
deep_merge (1.2.2)
|
44
47
|
diff-lcs (1.5.0)
|
48
|
+
digest-crc (0.6.4)
|
49
|
+
rake (>= 12.0.0, < 14.0.0)
|
45
50
|
docopt (0.6.1)
|
46
|
-
facter (4.2.
|
51
|
+
facter (4.2.9)
|
47
52
|
hocon (~> 1.3)
|
48
53
|
thor (>= 1.0.1, < 2.0)
|
54
|
+
faraday (2.3.0)
|
55
|
+
faraday-net_http (~> 2.0)
|
56
|
+
ruby2_keywords (>= 0.0.4)
|
57
|
+
faraday-net_http (2.0.3)
|
49
58
|
fast_gettext (1.1.2)
|
50
59
|
ffi (1.15.5)
|
51
60
|
gettext (3.2.9)
|
@@ -55,35 +64,74 @@ GEM
|
|
55
64
|
fast_gettext (~> 1.1.0)
|
56
65
|
gettext (>= 3.0.2, < 3.3.0)
|
57
66
|
locale
|
67
|
+
google-apis-core (0.5.0)
|
68
|
+
addressable (~> 2.5, >= 2.5.1)
|
69
|
+
googleauth (>= 0.16.2, < 2.a)
|
70
|
+
httpclient (>= 2.8.1, < 3.a)
|
71
|
+
mini_mime (~> 1.0)
|
72
|
+
representable (~> 3.0)
|
73
|
+
retriable (>= 2.0, < 4.a)
|
74
|
+
rexml
|
75
|
+
webrick
|
76
|
+
google-apis-iamcredentials_v1 (0.10.0)
|
77
|
+
google-apis-core (>= 0.4, < 2.a)
|
78
|
+
google-apis-storage_v1 (0.14.0)
|
79
|
+
google-apis-core (>= 0.4, < 2.a)
|
80
|
+
google-cloud-core (1.6.0)
|
81
|
+
google-cloud-env (~> 1.0)
|
82
|
+
google-cloud-errors (~> 1.0)
|
83
|
+
google-cloud-env (1.6.0)
|
84
|
+
faraday (>= 0.17.3, < 3.0)
|
85
|
+
google-cloud-errors (1.2.0)
|
86
|
+
google-cloud-storage (1.36.2)
|
87
|
+
addressable (~> 2.8)
|
88
|
+
digest-crc (~> 0.4)
|
89
|
+
google-apis-iamcredentials_v1 (~> 0.1)
|
90
|
+
google-apis-storage_v1 (~> 0.1)
|
91
|
+
google-cloud-core (~> 1.6)
|
92
|
+
googleauth (>= 0.16.2, < 2.a)
|
93
|
+
mini_mime (~> 1.0)
|
94
|
+
googleauth (1.1.3)
|
95
|
+
faraday (>= 0.17.3, < 3.a)
|
96
|
+
jwt (>= 1.4, < 3.0)
|
97
|
+
memoist (~> 0.16)
|
98
|
+
multi_json (~> 1.11)
|
99
|
+
os (>= 0.9, < 2.0)
|
100
|
+
signet (>= 0.16, < 2.a)
|
58
101
|
hashdiff (1.0.1)
|
59
|
-
hiera (3.
|
60
|
-
hiera-eyaml (3.
|
102
|
+
hiera (3.9.0)
|
103
|
+
hiera-eyaml (3.3.0)
|
61
104
|
highline
|
62
105
|
optimist
|
63
106
|
highline (2.0.3)
|
64
107
|
hocon (1.3.1)
|
65
108
|
hpricot (0.8.6)
|
109
|
+
httpclient (2.8.3)
|
66
110
|
json-schema (2.8.1)
|
67
111
|
addressable (>= 2.4)
|
112
|
+
jwt (2.3.0)
|
68
113
|
locale (2.1.3)
|
114
|
+
memoist (0.16.2)
|
69
115
|
memory_profiler (1.0.0)
|
70
116
|
method_source (1.0.0)
|
117
|
+
mini_mime (1.1.2)
|
71
118
|
minitar (0.9)
|
72
|
-
msgpack (1.
|
119
|
+
msgpack (1.5.1)
|
73
120
|
multi_json (1.15.0)
|
74
121
|
mustache (1.1.1)
|
75
122
|
optimist (3.0.1)
|
76
|
-
|
123
|
+
os (1.1.4)
|
124
|
+
parallel (1.22.1)
|
77
125
|
parser (2.7.2.0)
|
78
126
|
ast (~> 2.4.1)
|
79
127
|
powerpack (0.1.3)
|
80
128
|
pry (0.14.1)
|
81
129
|
coderay (~> 1.1)
|
82
130
|
method_source (~> 1.0)
|
83
|
-
public_suffix (4.0.
|
131
|
+
public_suffix (4.0.7)
|
84
132
|
puppet-resource_api (1.8.14)
|
85
133
|
hocon (>= 1.0)
|
86
|
-
puppetserver-ca (2.3.
|
134
|
+
puppetserver-ca (2.3.6)
|
87
135
|
facter (>= 2.0.1, < 5)
|
88
136
|
racc (1.5.2)
|
89
137
|
rainbow (2.2.2)
|
@@ -94,27 +142,32 @@ GEM
|
|
94
142
|
release-metrics (1.1.0)
|
95
143
|
csv
|
96
144
|
docopt
|
145
|
+
representable (3.2.0)
|
146
|
+
declarative (< 0.1.0)
|
147
|
+
trailblazer-option (>= 0.1.1, < 0.2.0)
|
148
|
+
uber (< 0.2.0)
|
149
|
+
retriable (3.1.2)
|
97
150
|
rexml (3.2.5)
|
98
151
|
ronn (0.7.3)
|
99
152
|
hpricot (>= 0.8.2)
|
100
153
|
mustache (>= 0.7.0)
|
101
154
|
rdiscount (>= 1.5.8)
|
102
|
-
rspec (3.
|
103
|
-
rspec-core (~> 3.
|
104
|
-
rspec-expectations (~> 3.
|
105
|
-
rspec-mocks (~> 3.
|
106
|
-
rspec-core (3.
|
107
|
-
rspec-support (~> 3.
|
108
|
-
rspec-expectations (3.
|
155
|
+
rspec (3.11.0)
|
156
|
+
rspec-core (~> 3.11.0)
|
157
|
+
rspec-expectations (~> 3.11.0)
|
158
|
+
rspec-mocks (~> 3.11.0)
|
159
|
+
rspec-core (3.11.0)
|
160
|
+
rspec-support (~> 3.11.0)
|
161
|
+
rspec-expectations (3.11.0)
|
109
162
|
diff-lcs (>= 1.2.0, < 2.0)
|
110
|
-
rspec-support (~> 3.
|
163
|
+
rspec-support (~> 3.11.0)
|
111
164
|
rspec-its (1.3.0)
|
112
165
|
rspec-core (>= 3.0.0)
|
113
166
|
rspec-expectations (>= 3.0.0)
|
114
|
-
rspec-mocks (3.
|
167
|
+
rspec-mocks (3.11.1)
|
115
168
|
diff-lcs (>= 1.2.0, < 2.0)
|
116
|
-
rspec-support (~> 3.
|
117
|
-
rspec-support (3.
|
169
|
+
rspec-support (~> 3.11.0)
|
170
|
+
rspec-support (3.11.0)
|
118
171
|
rubocop (0.49.1)
|
119
172
|
parallel (~> 1.10)
|
120
173
|
parser (>= 2.3.3.1, < 3.0)
|
@@ -126,10 +179,18 @@ GEM
|
|
126
179
|
rubocop (~> 0.49.0)
|
127
180
|
ruby-prof (1.4.3)
|
128
181
|
ruby-progressbar (1.11.0)
|
182
|
+
ruby2_keywords (0.0.5)
|
129
183
|
scanf (1.0.0)
|
130
184
|
semantic_puppet (1.0.4)
|
185
|
+
signet (0.16.1)
|
186
|
+
addressable (~> 2.8)
|
187
|
+
faraday (>= 0.17.5, < 3.0)
|
188
|
+
jwt (>= 1.5, < 3.0)
|
189
|
+
multi_json (~> 1.10)
|
131
190
|
text (1.3.1)
|
132
191
|
thor (1.2.1)
|
192
|
+
trailblazer-option (0.1.2)
|
193
|
+
uber (0.1.0)
|
133
194
|
unicode-display_width (1.8.0)
|
134
195
|
vcr (5.1.0)
|
135
196
|
webmock (3.14.0)
|
@@ -174,4 +235,4 @@ DEPENDENCIES
|
|
174
235
|
yard
|
175
236
|
|
176
237
|
BUNDLED WITH
|
177
|
-
2.
|
238
|
+
2.3.10
|
data/ext/systemd/puppet.service
CHANGED
data/lib/puppet/agent.rb
CHANGED
@@ -45,11 +45,19 @@ class Puppet::Agent
|
|
45
45
|
result = nil
|
46
46
|
wait_for_lock_deadline = nil
|
47
47
|
block_run = Puppet::Application.controlled_run do
|
48
|
-
splay
|
48
|
+
# splay may sleep for awhile!
|
49
|
+
splay(client_options.fetch(:splay, Puppet[:splay]))
|
50
|
+
|
51
|
+
# waiting for certs may sleep for awhile depending on onetime, waitforcert and maxwaitforcert!
|
52
|
+
# this needs to happen before forking so that if we fail to obtain certs and try to exit, then
|
53
|
+
# we exit the main process and not the forked child.
|
54
|
+
ssl_context = wait_for_certificates(client_options)
|
55
|
+
|
49
56
|
result = run_in_fork(should_fork) do
|
50
57
|
with_client(client_options[:transaction_uuid], client_options[:job_id]) do |client|
|
51
58
|
client_args = client_options.merge(:pluginsync => Puppet::Configurer.should_pluginsync?)
|
52
59
|
begin
|
60
|
+
# lock may sleep for awhile depending on waitforlock and maxwaitforlock!
|
53
61
|
lock do
|
54
62
|
# NOTE: Timeout is pretty heinous as the location in which it
|
55
63
|
# throws an error is entirely unpredictable, which means that
|
@@ -57,7 +65,9 @@ class Puppet::Agent
|
|
57
65
|
# sanity. The only thing a Puppet agent should do after this
|
58
66
|
# error is thrown is die with as much dignity as possible.
|
59
67
|
Timeout.timeout(Puppet[:runtimeout], RunTimeoutError) do
|
60
|
-
|
68
|
+
Puppet.override(ssl_context: ssl_context) do
|
69
|
+
client.run(client_args)
|
70
|
+
end
|
61
71
|
end
|
62
72
|
end
|
63
73
|
rescue Puppet::LockError
|
@@ -84,6 +94,8 @@ class Puppet::Agent
|
|
84
94
|
rescue StandardError => detail
|
85
95
|
Puppet.log_exception(detail, _("Could not run %{client_class}: %{detail}") % { client_class: client_class, detail: detail })
|
86
96
|
nil
|
97
|
+
ensure
|
98
|
+
Puppet.runtime[:http].close
|
87
99
|
end
|
88
100
|
end
|
89
101
|
end
|
@@ -137,4 +149,10 @@ class Puppet::Agent
|
|
137
149
|
ensure
|
138
150
|
@client = nil
|
139
151
|
end
|
152
|
+
|
153
|
+
def wait_for_certificates(options)
|
154
|
+
waitforcert = options[:waitforcert] || (Puppet[:onetime] ? 0 : Puppet[:waitforcert])
|
155
|
+
sm = Puppet::SSL::StateMachine.new(waitforcert: waitforcert, onetime: Puppet[:onetime])
|
156
|
+
sm.ensure_client_certificate
|
157
|
+
end
|
140
158
|
end
|
@@ -158,7 +158,7 @@ applying the whole thing.
|
|
158
158
|
'--fingerprint' is a one-time flag. In this mode 'puppet agent' runs
|
159
159
|
once and displays on the console (and in the log) the current certificate
|
160
160
|
(or certificate request) fingerprint. Providing the '--digest' option
|
161
|
-
allows to use a different digest algorithm to generate the fingerprint.
|
161
|
+
allows you to use a different digest algorithm to generate the fingerprint.
|
162
162
|
The main use is to verify that before signing a certificate request on
|
163
163
|
the master, the certificate request the master received is the same as
|
164
164
|
the one the client sent (to prevent against man-in-the-middle attacks
|
@@ -383,15 +383,11 @@ Copyright (c) 2011 Puppet Inc., LLC Licensed under the Apache 2.0 License
|
|
383
383
|
|
384
384
|
log_config if Puppet[:daemonize]
|
385
385
|
|
386
|
-
# run ssl state machine, waiting if needed
|
387
|
-
ssl_context = wait_for_certificates
|
388
|
-
|
389
386
|
# Each application is responsible for pushing loaders onto the context.
|
390
387
|
# Use the current environment that has already been established, though
|
391
388
|
# it may change later during the configurer run.
|
392
389
|
env = Puppet.lookup(:current_environment)
|
393
|
-
Puppet.override(
|
394
|
-
current_environment: env,
|
390
|
+
Puppet.override(current_environment: env,
|
395
391
|
loaders: Puppet::Pops::Loaders.new(env, true)) do
|
396
392
|
if Puppet[:onetime]
|
397
393
|
onetime(daemon)
|
@@ -434,7 +430,7 @@ Copyright (c) 2011 Puppet Inc., LLC Licensed under the Apache 2.0 License
|
|
434
430
|
|
435
431
|
def onetime(daemon)
|
436
432
|
begin
|
437
|
-
exitstatus = daemon.agent.run({:job_id => options[:job_id], :start_time => options[:start_time]})
|
433
|
+
exitstatus = daemon.agent.run({:job_id => options[:job_id], :start_time => options[:start_time], :waitforcert => options[:waitforcert]})
|
438
434
|
rescue => detail
|
439
435
|
Puppet.log_exception(detail)
|
440
436
|
end
|
@@ -524,10 +520,4 @@ Copyright (c) 2011 Puppet Inc., LLC Licensed under the Apache 2.0 License
|
|
524
520
|
|
525
521
|
daemon
|
526
522
|
end
|
527
|
-
|
528
|
-
def wait_for_certificates
|
529
|
-
waitforcert = options[:waitforcert] || (Puppet[:onetime] ? 0 : Puppet[:waitforcert])
|
530
|
-
sm = Puppet::SSL::StateMachine.new(waitforcert: waitforcert)
|
531
|
-
sm.ensure_client_certificate
|
532
|
-
end
|
533
523
|
end
|
@@ -241,7 +241,7 @@ Copyright (c) 2011 Puppet Inc., LLC Licensed under the Apache 2.0 License
|
|
241
241
|
end
|
242
242
|
|
243
243
|
# Resolve all deferred values and replace them / mutate the catalog
|
244
|
-
Puppet::Pops::Evaluator::DeferredResolver.resolve_and_replace(node.facts, catalog, apply_environment)
|
244
|
+
Puppet::Pops::Evaluator::DeferredResolver.resolve_and_replace(node.facts, catalog, apply_environment, Puppet[:preprocess_deferred])
|
245
245
|
|
246
246
|
# Translate it to a RAL catalog
|
247
247
|
catalog = catalog.to_ral
|
@@ -350,7 +350,7 @@ Copyright (c) 2011 Puppet Inc., LLC Licensed under the Apache 2.0 License
|
|
350
350
|
raise Puppet::Error, _("Could not deserialize catalog from %{format}: %{detail}") % { format: format, detail: detail }, detail.backtrace
|
351
351
|
end
|
352
352
|
# Resolve all deferred values and replace them / mutate the catalog
|
353
|
-
Puppet::Pops::Evaluator::DeferredResolver.resolve_and_replace(node.facts, catalog, configured_environment)
|
353
|
+
Puppet::Pops::Evaluator::DeferredResolver.resolve_and_replace(node.facts, catalog, configured_environment, Puppet[:preprocess_deferred])
|
354
354
|
|
355
355
|
catalog.to_ral
|
356
356
|
end
|
@@ -373,38 +373,34 @@ Copyright (c) 2015 Puppet Inc., LLC Licensed under the Apache 2.0 License
|
|
373
373
|
end
|
374
374
|
|
375
375
|
unless node.is_a?(Puppet::Node) # to allow unit tests to pass a node instance
|
376
|
-
facts = retrieve_node_facts(node, given_facts)
|
377
|
-
|
378
|
-
|
379
|
-
|
380
|
-
|
381
|
-
|
382
|
-
|
383
|
-
|
384
|
-
|
385
|
-
|
386
|
-
|
387
|
-
|
388
|
-
|
389
|
-
|
390
|
-
|
391
|
-
|
392
|
-
|
393
|
-
Puppet::SSL::Oids.register_puppet_oids
|
394
|
-
trusted = Puppet::Context::TrustedInformation.remote(true, facts.values['certname'] || node, Puppet::SSL::Certificate.from_instance(cert))
|
395
|
-
Puppet.override(trusted_information: trusted) do
|
396
|
-
node = ni.find(node, facts: facts)
|
397
|
-
end
|
398
|
-
rescue
|
399
|
-
Puppet.warning _("CA is not available, the operation will continue without using trusted facts.")
|
376
|
+
facts = retrieve_node_facts(node, given_facts)
|
377
|
+
ni = Puppet::Node.indirection
|
378
|
+
tc = ni.terminus_class
|
379
|
+
if options[:compile] && !Puppet.settings.set_by_cli?('environment')
|
380
|
+
if tc == :plain
|
381
|
+
node = ni.find(node, facts: facts)
|
382
|
+
else
|
383
|
+
begin
|
384
|
+
service = Puppet.runtime[:http]
|
385
|
+
session = service.create_session
|
386
|
+
cert = session.route_to(:ca)
|
387
|
+
|
388
|
+
_, x509 = cert.get_certificate(node)
|
389
|
+
cert = OpenSSL::X509::Certificate.new(x509)
|
390
|
+
Puppet::SSL::Oids.register_puppet_oids
|
391
|
+
trusted = Puppet::Context::TrustedInformation.remote(true, facts.values['certname'] || node, Puppet::SSL::Certificate.from_instance(cert))
|
392
|
+
Puppet.override(trusted_information: trusted) do
|
400
393
|
node = ni.find(node, facts: facts)
|
401
394
|
end
|
395
|
+
rescue
|
396
|
+
Puppet.warning _("CA is not available, the operation will continue without using trusted facts.")
|
397
|
+
node = ni.find(node, facts: facts)
|
402
398
|
end
|
403
|
-
else
|
404
|
-
ni.terminus_class = :plain
|
405
|
-
node = ni.find(node, facts: facts)
|
406
|
-
ni.terminus_class = tc
|
407
399
|
end
|
400
|
+
else
|
401
|
+
ni.terminus_class = :plain
|
402
|
+
node = ni.find(node, facts: facts, environment: Puppet[:environment])
|
403
|
+
ni.terminus_class = tc
|
408
404
|
end
|
409
405
|
else
|
410
406
|
node.add_extra_facts(given_facts) if given_facts
|
data/lib/puppet/configurer.rb
CHANGED
@@ -112,7 +112,7 @@ class Puppet::Configurer
|
|
112
112
|
catalog_conversion_time = thinmark do
|
113
113
|
# Will mutate the result and replace all Deferred values with resolved values
|
114
114
|
if facts
|
115
|
-
Puppet::Pops::Evaluator::DeferredResolver.resolve_and_replace(facts, result, Puppet.lookup(:current_environment))
|
115
|
+
Puppet::Pops::Evaluator::DeferredResolver.resolve_and_replace(facts, result, Puppet.lookup(:current_environment), Puppet[:preprocess_deferred])
|
116
116
|
end
|
117
117
|
|
118
118
|
catalog = result.to_ral
|
@@ -418,7 +418,7 @@ class Puppet::Configurer
|
|
418
418
|
temp_value = options[:pluginsync]
|
419
419
|
|
420
420
|
# only validate server environment if pluginsync is requested
|
421
|
-
options[:pluginsync] = valid_server_environment? if options[:pluginsync]
|
421
|
+
options[:pluginsync] = valid_server_environment? if options[:pluginsync]
|
422
422
|
|
423
423
|
query_options, facts = get_facts(options) unless query_options
|
424
424
|
options[:pluginsync] = temp_value
|
@@ -531,7 +531,11 @@ class Puppet::Configurer
|
|
531
531
|
true
|
532
532
|
rescue Puppet::HTTP::ResponseError => detail
|
533
533
|
if detail.response.code == 404
|
534
|
-
Puppet
|
534
|
+
if Puppet[:strict_environment_mode]
|
535
|
+
raise Puppet::Error.new(_("Environment '%{environment}' not found on server, aborting run.") % { environment: @environment })
|
536
|
+
else
|
537
|
+
Puppet.notice(_("Environment '%{environment}' not found on server, skipping initial pluginsync.") % { environment: @environment })
|
538
|
+
end
|
535
539
|
else
|
536
540
|
Puppet.log_exception(detail, detail.message)
|
537
541
|
end
|
data/lib/puppet/defaults.rb
CHANGED
@@ -1534,7 +1534,7 @@ EOT
|
|
1534
1534
|
:type => :file,
|
1535
1535
|
:mode => "0640",
|
1536
1536
|
:desc => "Transactional storage file for persisting data between
|
1537
|
-
transactions for the purposes of
|
1537
|
+
transactions for the purposes of inferring information (such as
|
1538
1538
|
corrective_change) on new data received."
|
1539
1539
|
},
|
1540
1540
|
:clientyamldir => {
|
@@ -1995,7 +1995,6 @@ EOT
|
|
1995
1995
|
:hook => proc do |value|
|
1996
1996
|
paths = value.split(File::PATH_SEPARATOR)
|
1997
1997
|
facter = Puppet.runtime[:facter]
|
1998
|
-
facter.reset
|
1999
1998
|
facter.search(*paths)
|
2000
1999
|
end
|
2001
2000
|
}
|
@@ -2022,6 +2021,16 @@ EOT
|
|
2022
2021
|
being evaluated. This allows you to interactively see exactly
|
2023
2022
|
what is being done.",
|
2024
2023
|
},
|
2024
|
+
:preprocess_deferred => {
|
2025
|
+
:default => true,
|
2026
|
+
:type => :boolean,
|
2027
|
+
:desc => "Whether puppet should call deferred functions before applying
|
2028
|
+
the catalog. If set to `true`, then all prerequisites needed for the
|
2029
|
+
deferred function must be satified prior to puppet running. If set to
|
2030
|
+
`false`, then deferred functions will follow puppet relationships and
|
2031
|
+
ordering. This allows puppet to install prerequisites needed for a
|
2032
|
+
deferred function and call the deferred function in the same run."
|
2033
|
+
},
|
2025
2034
|
:summarize => {
|
2026
2035
|
:default => false,
|
2027
2036
|
:type => :boolean,
|
@@ -1,8 +1,25 @@
|
|
1
1
|
# Makes iteration continue with the next value, optionally with a given value for this iteration.
|
2
2
|
# If a value is not given it defaults to `undef`
|
3
|
+
#
|
4
|
+
# @example Using the `next()` function
|
3
5
|
#
|
4
|
-
#
|
6
|
+
# ```puppet
|
7
|
+
# $data = ['a','b','c']
|
8
|
+
# $data.each |Integer $index, String $value| {
|
9
|
+
# if $index == 1 {
|
10
|
+
# next()
|
11
|
+
# }
|
12
|
+
# notice ("${index} = ${value}")
|
13
|
+
# }
|
14
|
+
# ```
|
15
|
+
#
|
16
|
+
# Would notice:
|
17
|
+
# ```
|
18
|
+
# Notice: Scope(Class[main]): 0 = a
|
19
|
+
# Notice: Scope(Class[main]): 2 = c
|
20
|
+
# ```
|
5
21
|
#
|
22
|
+
# @since 4.7.0
|
6
23
|
Puppet::Functions.create_function(:next) do
|
7
24
|
dispatch :next_impl do
|
8
25
|
optional_param 'Any', :value
|
@@ -112,7 +112,6 @@
|
|
112
112
|
# * `reverse_each` - get "leaves before root"
|
113
113
|
# * `filter` - prune the tree
|
114
114
|
# * `map` - transform each element
|
115
|
-
# * `reduce` - produce something else
|
116
115
|
#
|
117
116
|
# Note than when chaining, the value passed on is a `Tuple` with `[path, value]`.
|
118
117
|
#
|
data/lib/puppet/http/client.rb
CHANGED
@@ -19,7 +19,7 @@
|
|
19
19
|
# response = client.get(URI("http://www.example.com"))
|
20
20
|
#
|
21
21
|
# @example To make an HTTPS GET request, trusting the puppet CA and certs in Puppet's CA bundle:
|
22
|
-
# response = client.get(URI("https://www.example.com"), include_system_store: true)
|
22
|
+
# response = client.get(URI("https://www.example.com"), options: { include_system_store: true })
|
23
23
|
#
|
24
24
|
# @example To use a URL containing special characters, such as spaces:
|
25
25
|
# response = client.get(URI(Puppet::Util.uri_encode("https://www.example.com/path to file")))
|
@@ -98,7 +98,7 @@ class Puppet::HTTP::Client
|
|
98
98
|
# used if :include_system_store is set to true
|
99
99
|
# @param [Integer] redirect_limit default number of HTTP redirections to allow
|
100
100
|
# in a given request. Can also be specified per-request.
|
101
|
-
# @param [Integer] retry_limit number of HTTP
|
101
|
+
# @param [Integer] retry_limit number of HTTP retries allowed in a given
|
102
102
|
# request
|
103
103
|
#
|
104
104
|
def initialize(pool: Puppet::HTTP::Pool.new(Puppet[:http_keepalive_timeout]), ssl_context: nil, system_ssl_context: nil, redirect_limit: 10, retry_limit: 100)
|
@@ -300,6 +300,24 @@ class Puppet::HTTP::Client
|
|
300
300
|
# @api public
|
301
301
|
def close
|
302
302
|
@pool.close
|
303
|
+
@default_ssl_context = nil
|
304
|
+
@default_system_ssl_context = nil
|
305
|
+
end
|
306
|
+
|
307
|
+
def default_ssl_context
|
308
|
+
cert = Puppet::X509::CertProvider.new
|
309
|
+
password = cert.load_private_key_password
|
310
|
+
|
311
|
+
ssl = Puppet::SSL::SSLProvider.new
|
312
|
+
ctx = ssl.load_context(certname: Puppet[:certname], password: password)
|
313
|
+
ssl.print(ctx)
|
314
|
+
ctx
|
315
|
+
rescue => e
|
316
|
+
# TRANSLATORS: `message` is an already translated string of why SSL failed to initialize
|
317
|
+
Puppet.log_exception(e, _("Failed to initialize SSL: %{message}") % { message: e.message })
|
318
|
+
# TRANSLATORS: `puppet agent -t` is a command and should not be translated
|
319
|
+
Puppet.err(_("Run `puppet agent -t`"))
|
320
|
+
raise e
|
303
321
|
end
|
304
322
|
|
305
323
|
protected
|
@@ -458,7 +476,9 @@ class Puppet::HTTP::Client
|
|
458
476
|
cacerts = cert_provider.load_cacerts || []
|
459
477
|
|
460
478
|
ssl = Puppet::SSL::SSLProvider.new
|
461
|
-
@default_system_ssl_context = ssl.create_system_context(cacerts: cacerts)
|
479
|
+
@default_system_ssl_context = ssl.create_system_context(cacerts: cacerts, include_client_cert: true)
|
480
|
+
ssl.print(@default_system_ssl_context)
|
481
|
+
@default_system_ssl_context
|
462
482
|
end
|
463
483
|
|
464
484
|
def apply_auth(request, basic_auth)
|
data/lib/puppet/parameter.rb
CHANGED
@@ -177,15 +177,15 @@ class Puppet::Parameter
|
|
177
177
|
end
|
178
178
|
|
179
179
|
# @overload unmunge {|| ... }
|
180
|
-
# Defines an optional method used to convert the parameter value to DSL/string form
|
180
|
+
# Defines an optional method used to convert the parameter value from internal form to DSL/string form.
|
181
181
|
# If an `unmunge` method is not defined, the internal form is used.
|
182
182
|
# @see munge
|
183
|
-
# @note This adds a method with the name `
|
183
|
+
# @note This adds a method with the name `unsafe_unmunge` in the created parameter class.
|
184
184
|
# @dsl type
|
185
185
|
# @api public
|
186
186
|
#
|
187
187
|
def unmunge(&block)
|
188
|
-
define_method(:
|
188
|
+
define_method(:unsafe_unmunge, &block)
|
189
189
|
end
|
190
190
|
|
191
191
|
# Sets a marker indicating that this parameter is the _namevar_ (unique identifier) of the type
|
@@ -415,10 +415,21 @@ class Puppet::Parameter
|
|
415
415
|
# @return [Object] the unmunged value
|
416
416
|
#
|
417
417
|
def unmunge(value)
|
418
|
+
return value if value.is_a?(Puppet::Pops::Evaluator::DeferredValue)
|
419
|
+
|
420
|
+
unsafe_unmunge(value)
|
421
|
+
end
|
422
|
+
|
423
|
+
# This is the default implementation of `unmunge` that simply produces the value (if it is valid).
|
424
|
+
# The DSL method {unmunge} should be used to define an overriding method if unmunging is required.
|
425
|
+
#
|
426
|
+
# @api private
|
427
|
+
#
|
428
|
+
def unsafe_unmunge(value)
|
418
429
|
value
|
419
430
|
end
|
420
431
|
|
421
|
-
# Munges the value to internal form.
|
432
|
+
# Munges the value from DSL form to internal form.
|
422
433
|
# This implementation of `munge` provides exception handling around the specified munging of this parameter.
|
423
434
|
# @note This method should not be overridden. Use the DSL method {munge} to define a munging method
|
424
435
|
# if required.
|
@@ -426,6 +437,8 @@ class Puppet::Parameter
|
|
426
437
|
# @return [Object] the munged (internal) value
|
427
438
|
#
|
428
439
|
def munge(value)
|
440
|
+
return value if value.is_a?(Puppet::Pops::Evaluator::DeferredValue)
|
441
|
+
|
429
442
|
begin
|
430
443
|
ret = unsafe_munge(value)
|
431
444
|
rescue Puppet::Error => detail
|
@@ -459,6 +472,8 @@ class Puppet::Parameter
|
|
459
472
|
# @api public
|
460
473
|
#
|
461
474
|
def validate(value)
|
475
|
+
return if value.is_a?(Puppet::Pops::Evaluator::DeferredValue)
|
476
|
+
|
462
477
|
begin
|
463
478
|
unsafe_validate(value)
|
464
479
|
rescue ArgumentError => detail
|