puppet 7.24.0 → 7.26.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 47e0cff124dff6b6d9ddd406d242723608d4746646040d9a23a9ed8c26ddf54e
-  data.tar.gz: eb491dfb35043c67937b809e6971d4d90b5e1bed94bd6a0502ef337644bafd6f
+  metadata.gz: 4350a93f3369c12583813d15ee2ff5f3a723acef569dcbb6e70f56e462a9e13a
+  data.tar.gz: b4194a13ab7e9f12eb46a82d5995e483b203ed578be64b9b39fd1d77e1f6199a
 SHA512:
-  metadata.gz: b754e7be29fef90b986e26e8b3ce3f133ceb8f047d1ae82a9e3feca42fc4c978bbc094d2db4a807cab679aef29d27fc260c603664cf5cc7306103e33a207683f
-  data.tar.gz: 1d9c17d7e425e7df934e3fb845e3d66f57d3daa907e087cf7d354a1713fe392ea5bc0c5564782451926752b6520bced76d7dd689afff6d9517cdff3dc7200f09
+  metadata.gz: 87919389e1447dd22cb532cc81f0c5c432cd375b5822b5849eedb179047cf496828f101039e955c848643029f29dfb147b7e8fed98ba41bd958b726858ad730a
+  data.tar.gz: 04ed925c840517e266cf62475897d32e6564f6bef383e3c57d0f144d89df13a584c21f4e95170f97d4fb8a71c6c7167f5e28dceb0591ba57c86771a84dae6da9

data/CODEOWNERS

@@ -1,11 +1,11 @@
 # defaults
-* @puppetlabs/phoenix @puppetlabs/puppetserver-maintainers
+* @puppetlabs/phoenix
 
 # PAL
 /lib/puppet/pal @puppetlabs/bolt
 
 # puppet module
-/lib/puppet/application/module.rb @puppetlabs/pdk
-/lib/puppet/face/module @puppetlabs/pdk
-/lib/puppet/forge @puppetlabs/pdk
-/lib/puppet/module_tool @puppetlabs/pdk
+/lib/puppet/application/module.rb @puppetlabs/modules
+/lib/puppet/face/module @puppetlabs/modules
+/lib/puppet/forge @puppetlabs/modules
+/lib/puppet/module_tool @puppetlabs/modules

data/Gemfile.lock

@@ -1,9 +1,9 @@
 GIT
   remote: https://github.com/puppetlabs/packaging
-  revision: f1c483d29ce1ff6d7ca7be42014eab998f499625
+  revision: affecba5dfacc5862fc7199895ccf11b69153570
   branch: 1.0.x
   specs:
-    packaging (0.109.5)
+    packaging (0)
       apt_stage_artifacts
       artifactory (~> 3)
       csv (>= 3.1.5)
@@ -15,9 +15,9 @@ GIT
 PATH
   remote: .
   specs:
-    puppet (7.24.0)
+    puppet (7.26.0)
       CFPropertyList (~> 2.2)
-      concurrent-ruby (~> 1.0, < 1.2.0)
+      concurrent-ruby (~> 1.0)
       deep_merge (~> 1.0)
       facter (>= 2.4.0, < 5)
       fast_gettext (>= 1.1, < 3)
@@ -31,27 +31,27 @@ GEM
   remote: https://artifactory.delivery.puppetlabs.net/artifactory/api/gems/rubygems/
   specs:
     CFPropertyList (2.3.6)
-    addressable (2.8.3)
+    addressable (2.8.5)
       public_suffix (>= 2.0.2, < 6.0)
     apt_stage_artifacts (0.11.0)
       docopt
     artifactory (3.0.15)
     ast (2.4.2)
     coderay (1.1.3)
-    concurrent-ruby (1.1.10)
+    concurrent-ruby (1.2.2)
     crack (0.4.5)
       rexml
-    csv (3.2.6)
+    csv (3.2.7)
     declarative (0.0.20)
     deep_merge (1.2.2)
     diff-lcs (1.5.0)
-    digest-crc (0.6.4)
+    digest-crc (0.6.5)
       rake (>= 12.0.0, < 14.0.0)
     docopt (0.6.1)
-    facter (4.3.0)
+    facter (4.4.2)
       hocon (~> 1.3)
       thor (>= 1.0.1, < 2.0)
-    faraday (2.7.4)
+    faraday (2.7.10)
       faraday-net_http (>= 2.0, < 3.1)
       ruby2_keywords (>= 0.0.4)
     faraday-net_http (3.0.2)
@@ -64,7 +64,7 @@ GEM
       fast_gettext (~> 1.1.0)
       gettext (>= 3.0.2, < 3.3.0)
       locale
-    google-apis-core (0.11.0)
+    google-apis-core (0.11.1)
       addressable (~> 2.5, >= 2.5.1)
       googleauth (>= 0.16.2, < 2.a)
       httpclient (>= 2.8.1, < 3.a)
@@ -91,7 +91,7 @@ GEM
       google-cloud-core (~> 1.6)
       googleauth (>= 0.16.2, < 2.a)
       mini_mime (~> 1.0)
-    googleauth (1.5.0)
+    googleauth (1.7.0)
       faraday (>= 0.17.3, < 3.a)
       jwt (>= 1.4, < 3.0)
       memoist (~> 0.16)
@@ -100,7 +100,7 @@ GEM
       signet (>= 0.16, < 2.a)
     hashdiff (1.0.1)
     hiera (3.12.0)
-    hiera-eyaml (3.3.0)
+    hiera-eyaml (3.4.0)
       highline
       optimist
     highline (2.1.0)
@@ -109,35 +109,36 @@ GEM
     httpclient (2.8.3)
     json-schema (2.8.1)
       addressable (>= 2.4)
-    jwt (2.7.0)
+    jwt (2.7.1)
     locale (2.1.3)
     memoist (0.16.2)
     memory_profiler (1.0.1)
     method_source (1.0.0)
-    mini_mime (1.1.2)
+    mini_mime (1.1.5)
     minitar (0.9)
-    msgpack (1.7.0)
+    msgpack (1.7.2)
     multi_json (1.15.0)
     mustache (1.1.1)
-    optimist (3.0.1)
+    optimist (3.1.0)
     os (1.1.4)
-    parallel (1.22.1)
-    parser (3.2.2.0)
+    parallel (1.23.0)
+    parser (3.2.2.3)
       ast (~> 2.4.1)
+      racc
     pry (0.14.2)
       coderay (~> 1.1)
       method_source (~> 1.0)
-    public_suffix (5.0.1)
-    puppet-resource_api (1.8.14)
+    public_suffix (5.0.3)
+    puppet-resource_api (1.9.0)
       hocon (>= 1.0)
-    puppetserver-ca (2.5.0)
+    puppetserver-ca (2.6.0)
       facter (>= 2.0.1, < 5)
     racc (1.5.2)
     rainbow (3.1.1)
     rake (13.0.6)
-    rdiscount (2.2.7)
+    rdiscount (2.2.7.1)
     rdoc (6.3.3)
-    regexp_parser (2.7.0)
+    regexp_parser (2.8.1)
     release-metrics (1.1.0)
       csv
       docopt
@@ -146,7 +147,7 @@ GEM
       trailblazer-option (>= 0.1.1, < 0.2.0)
       uber (< 0.2.0)
     retriable (3.1.2)
-    rexml (3.2.5)
+    rexml (3.2.6)
     ronn (0.7.3)
       hpricot (>= 0.8.2)
       mustache (>= 0.7.0)
@@ -155,18 +156,18 @@ GEM
       rspec-core (~> 3.12.0)
       rspec-expectations (~> 3.12.0)
       rspec-mocks (~> 3.12.0)
-    rspec-core (3.12.1)
+    rspec-core (3.12.2)
       rspec-support (~> 3.12.0)
-    rspec-expectations (3.12.2)
+    rspec-expectations (3.12.3)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.12.0)
     rspec-its (1.3.0)
       rspec-core (>= 3.0.0)
       rspec-expectations (>= 3.0.0)
-    rspec-mocks (3.12.5)
+    rspec-mocks (3.12.6)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.12.0)
-    rspec-support (3.12.0)
+    rspec-support (3.12.1)
     rubocop (1.28.0)
       parallel (~> 1.10)
       parser (>= 3.1.0.0)
@@ -176,22 +177,22 @@ GEM
       rubocop-ast (>= 1.17.0, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 1.4.0, < 3.0)
-    rubocop-ast (1.28.0)
+    rubocop-ast (1.29.0)
       parser (>= 3.2.1.0)
     rubocop-i18n (3.0.0)
       rubocop (~> 1.0)
-    ruby-prof (1.6.1)
+    ruby-prof (1.6.3)
     ruby-progressbar (1.13.0)
     ruby2_keywords (0.0.5)
     scanf (1.0.0)
-    semantic_puppet (1.0.4)
+    semantic_puppet (1.1.0)
     signet (0.17.0)
       addressable (~> 2.8)
       faraday (>= 0.17.5, < 3.a)
       jwt (>= 1.5, < 3.0)
       multi_json (~> 1.10)
     text (1.3.1)
-    thor (1.2.1)
+    thor (1.2.2)
     trailblazer-option (0.1.2)
     uber (0.1.0)
     unicode-display_width (2.4.2)
@@ -200,9 +201,8 @@ GEM
       addressable (>= 2.8.0)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
-    webrick (1.7.0)
-    yard (0.9.28)
-      webrick (~> 1.7.0)
+    webrick (1.8.1)
+    yard (0.9.34)
 
 PLATFORMS
   x86_64-linux
@@ -238,4 +238,4 @@ DEPENDENCIES
   yard
 
 BUNDLED WITH
-   2.3.22
+   2.4.12

data/ext/project_data.yaml

@@ -25,7 +25,7 @@ gem_runtime_dependencies:
   locale: '~> 2.1'
   multi_json: '~> 1.10'
   puppet-resource_api: '~>1.5'
-  concurrent-ruby: ["~> 1.0", "< 1.2.0"]
+  concurrent-ruby: "~> 1.0"
   deep_merge: '~> 1.0'
   scanf: '~> 1.0'
 gem_rdoc_options:

data/lib/puppet/defaults.rb

@@ -3,11 +3,7 @@ require_relative '../puppet/util/platform'
 module Puppet
 
   def self.default_diffargs
-    if (Puppet.runtime[:facter].value(:kernel) == "AIX" && Puppet.runtime[:facter].value(:kernelmajversion) == "5300")
-      ""
-    else
-      "-u"
-    end
+    '-u'
   end
 
   def self.default_digest_algorithm
@@ -1711,6 +1707,15 @@ EOT
       can be guaranteed to support this format, but it will be used for all
       classes that support it.",
     },
+    :allow_pson_serialization => {
+      :default    => true,
+      :type       => :boolean,
+      :desc       => "Whether when unable to serialize to JSON or other formats,
+        Puppet falls back to PSON. This option affects both puppetserver's
+        configuration management service responses and when the agent saves its
+        cached catalog. This option is useful in preventing the loss of data because
+        rich data cannot be serialized via PSON.",
+    },
     :agent_catalog_run_lockfile => {
       :default    => "$statedir/agent_catalog_run.lock",
       :type       => :string, # (#2888) Ensure this file is not added to the settings catalog.

data/lib/puppet/http/client.rb

@@ -367,6 +367,7 @@ class Puppet::HTTP::Client
         apply_auth(request, basic_auth) if redirects.zero?
 
         # don't call return within the `request` block
+        close_and_sleep = nil
         http.request(request) do |nethttp|
           response = Puppet::HTTP::ResponseNetHTTP.new(request.uri, nethttp)
           begin
@@ -380,12 +381,14 @@ class Puppet::HTTP::Client
               interval = @retry_after_handler.retry_after_interval(request, response, retries)
               retries += 1
               if interval
-                if http.started?
-                  Puppet.debug("Closing connection for #{Puppet::HTTP::Site.from_uri(request.uri)}")
-                  http.finish
+                close_and_sleep = proc do
+                  if http.started?
+                    Puppet.debug("Closing connection for #{Puppet::HTTP::Site.from_uri(request.uri)}")
+                    http.finish
+                  end
+                  Puppet.warning(_("Sleeping for %{interval} seconds before retrying the request") % { interval: interval })
+                  ::Kernel.sleep(interval)
                 end
-                Puppet.warning(_("Sleeping for %{interval} seconds before retrying the request") % { interval: interval })
-                ::Kernel.sleep(interval)
                 next
               end
             end
@@ -404,6 +407,10 @@ class Puppet::HTTP::Client
 
           done = true
         end
+      ensure
+        # If a server responded with a retry, make sure the connection is closed and then
+        # sleep the specified time.
+        close_and_sleep.call if close_and_sleep
       end
     end
 

data/lib/puppet/indirector/catalog/json.rb

@@ -18,9 +18,14 @@ class Puppet::Resource::Catalog::Json < Puppet::Indirector::JSON
   def to_json(object)
     object.render(json_format)
   rescue Puppet::Network::FormatHandler::FormatError => err
-    Puppet.info(_("Unable to serialize catalog to json, retrying with pson"))
-    Puppet.log_exception(err, err.message, level: :debug)
-    object.render('pson').force_encoding(Encoding::BINARY)
+    if Puppet[:allow_pson_serialization]
+      Puppet.info(_("Unable to serialize catalog to json, retrying with pson. PSON is deprecated and will be removed in a future release"))
+      Puppet.log_exception(err, err.message, level: :debug)
+      object.render('pson').force_encoding(Encoding::BINARY)
+    else
+      Puppet.info(_("Unable to serialize catalog to json, no other acceptable format"))
+      Puppet.log_exception(err, err.message, level: :err)
+    end
   end
 
   private

data/lib/puppet/network/http/api/indirected_routes.rb

@@ -192,8 +192,13 @@ class Puppet::Network::HTTP::API::IndirectedRoutes
         yield format
         true
       rescue Puppet::Network::FormatHandler::FormatError => err
-        Puppet.warning(_("Failed to serialize %{model} for '%{key}': %{detail}") %
-          {model: model, key: key, detail: err})
+        msg = _("Failed to serialize %{model} for '%{key}': %{detail}") %
+        {model: model, key: key, detail: err}
+        if Puppet[:allow_pson_serialization]
+          Puppet.warning(msg)
+        else
+          raise Puppet::Network::FormatHandler::FormatError.new(msg)
+        end
         false
       end
     end

data/lib/puppet/pops/evaluator/deferred_resolver.rb

@@ -9,7 +9,13 @@ class DeferredValue
   end
 
   def resolve
-    @proc.call
+    val = @proc.call
+    # Deferred sensitive values will be marked as such in resolve_futures()
+    if val.is_a?(Puppet::Pops::Types::PSensitiveType::Sensitive)
+      val.unwrap
+    else
+      val
+    end
   end
 end
 
@@ -87,8 +93,12 @@ class DeferredResolver
         #
         if resolved.is_a?(Puppet::Pops::Types::PSensitiveType::Sensitive)
           resolved = resolved.unwrap
-          unless r.sensitive_parameters.include?(k.to_sym)
-            r.sensitive_parameters = (r.sensitive_parameters + [k.to_sym]).freeze
+          mark_sensitive_parameters(r, k)
+        # If the value is a DeferredValue and it has an argument of type PSensitiveType, mark it as sensitive
+        # The DeferredValue.resolve method will unwrap it during catalog application
+        elsif resolved.is_a?(Puppet::Pops::Evaluator::DeferredValue)
+          if v.arguments.any? {|arg| arg.is_a?(Puppet::Pops::Types::PSensitiveType)}
+            mark_sensitive_parameters(r, k)
           end
         end
         overrides[ k ] = resolved
@@ -97,6 +107,13 @@ class DeferredResolver
     end
   end
 
+  def mark_sensitive_parameters(r, k)
+    unless r.sensitive_parameters.include?(k.to_sym)
+      r.sensitive_parameters = (r.sensitive_parameters + [k.to_sym]).freeze
+    end
+  end
+  private :mark_sensitive_parameters
+
   def resolve(x)
     if x.class == @deferred_class
       resolve_future(x)

data/lib/puppet/ssl/oids.rb

@@ -71,6 +71,7 @@ module Puppet::SSL::Oids
 
     ["1.3.6.1.4.1.34380.1.3.1",  'pp_authorization', 'Certificate Extension Authorization'],
     ["1.3.6.1.4.1.34380.1.3.13", 'pp_auth_role', 'Puppet Node Role Name for Authorization'],
+    ["1.3.6.1.4.1.34380.1.3.39", 'pp_cli_auth', 'Puppetserver CA CLI Authorization'],
   ]
 
   @did_register_puppet_oids = false

data/lib/puppet/thread_local.rb

@@ -1,7 +1,4 @@
 require 'concurrent'
 
-# We want to use the pure Ruby implementation even on JRuby. If we use the Java
-# implementation of ThreadLocal, we end up leaking references to JRuby instances
-# and preventing them from being garbage collected.
-class Puppet::ThreadLocal < Concurrent::RubyThreadLocalVar
+class Puppet::ThreadLocal < Concurrent::ThreadLocalVar
 end

data/lib/puppet/version.rb

@@ -6,7 +6,7 @@
 # Raketasks and such to set the version based on the output of `git describe`
 
 module Puppet
-  PUPPETVERSION = '7.24.0'
+  PUPPETVERSION = '7.26.0'
 
   ##
   # version is a public API method intended to always provide a fast and

data/man/man5/puppet.conf.5

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPETCONF" "5" "March 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPETCONF" "5" "August 2023" "Puppet, Inc." "Puppet manual"
 \fBThis page is autogenerated; any changes will get overwritten\fR
 .
 .SH "Configuration settings"
@@ -62,6 +62,14 @@ Whether to allow a new certificate request to overwrite an existing certificate
 .
 .IP "" 0
 .
+.SS "allow_pson_serialization"
+Whether when unable to serialize to JSON or other formats, Puppet falls back to PSON\. This option affects both puppetserver\'s configuration management service responses and when the agent saves its cached catalog\. This option is useful in preventing the loss of data because rich data cannot be serialized via PSON\.
+.
+.IP "\(bu" 4
+\fIDefault\fR: \fBtrue\fR
+.
+.IP "" 0
+.
 .SS "always_retry_plugins"
 Affects how we cache attempts to load Puppet resource types and features\. If true, then calls to \fBPuppet\.type\.<type>?\fR \fBPuppet\.feature\.<feature>?\fR will always attempt to load the type or feature (which can be an expensive operation) unless it has already been loaded successfully\. This makes it possible for a single agent run to, e\.g\., install a package that provides the underlying capabilities for a type or feature, and then later load that type or feature during the same run (even if the type or feature had been tested earlier and had not been available)\.
 .
@@ -937,7 +945,7 @@ The time to wait for data to be read from an HTTP connection\. If nothing is rea
 The HTTP User\-Agent string to send when making network requests\.
 .
 .IP "\(bu" 4
-\fIDefault\fR: \fBPuppet/7\.24\.0 Ruby/2\.7\.5\-p203 (x86_64\-linux)\fR
+\fIDefault\fR: \fBPuppet/7\.26\.0 Ruby/2\.7\.5\-p203 (x86_64\-linux)\fR
 .
 .IP "" 0
 .

data/man/man8/puppet-agent.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-AGENT" "8" "March 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-AGENT" "8" "August 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-agent\fR \- The puppet agent daemon

data/man/man8/puppet-apply.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-APPLY" "8" "March 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-APPLY" "8" "August 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-apply\fR \- Apply Puppet manifests locally

data/man/man8/puppet-catalog.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-CATALOG" "8" "March 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-CATALOG" "8" "August 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-catalog\fR \- Compile, save, view, and convert catalogs\.

data/man/man8/puppet-config.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-CONFIG" "8" "March 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-CONFIG" "8" "August 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-config\fR \- Interact with Puppet\'s settings\.

data/man/man8/puppet-describe.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-DESCRIBE" "8" "March 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-DESCRIBE" "8" "August 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-describe\fR \- Display help about resource types

data/man/man8/puppet-device.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-DEVICE" "8" "March 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-DEVICE" "8" "August 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-device\fR \- Manage remote network devices

data/man/man8/puppet-doc.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-DOC" "8" "March 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-DOC" "8" "August 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-doc\fR \- Generate Puppet references

data/man/man8/puppet-epp.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-EPP" "8" "March 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-EPP" "8" "August 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-epp\fR \- Interact directly with the EPP template parser/renderer\.

data/man/man8/puppet-facts.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-FACTS" "8" "March 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-FACTS" "8" "August 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-facts\fR \- Retrieve and store facts\.

data/man/man8/puppet-filebucket.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-FILEBUCKET" "8" "March 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-FILEBUCKET" "8" "August 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-filebucket\fR \- Store and retrieve files in a filebucket

data/man/man8/puppet-generate.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-GENERATE" "8" "March 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-GENERATE" "8" "August 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-generate\fR \- Generates Puppet code from Ruby definitions\.

data/man/man8/puppet-help.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-HELP" "8" "March 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-HELP" "8" "August 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-help\fR \- Display Puppet help\.

data/man/man8/puppet-lookup.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-LOOKUP" "8" "March 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-LOOKUP" "8" "August 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-lookup\fR \- Interactive Hiera lookup

data/man/man8/puppet-module.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-MODULE" "8" "March 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-MODULE" "8" "August 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-module\fR \- Creates, installs and searches for modules on the Puppet Forge\.

data/man/man8/puppet-node.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-NODE" "8" "March 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-NODE" "8" "August 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-node\fR \- View and manage node definitions\.

data/man/man8/puppet-parser.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-PARSER" "8" "March 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-PARSER" "8" "August 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-parser\fR \- Interact directly with the parser\.

data/man/man8/puppet-plugin.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-PLUGIN" "8" "March 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-PLUGIN" "8" "August 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-plugin\fR \- Interact with the Puppet plugin system\.

data/man/man8/puppet-report.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-REPORT" "8" "March 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-REPORT" "8" "August 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-report\fR \- Create, display, and submit reports\.

data/man/man8/puppet-resource.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-RESOURCE" "8" "March 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-RESOURCE" "8" "August 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-resource\fR \- The resource abstraction layer shell

data/man/man8/puppet-script.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-SCRIPT" "8" "March 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-SCRIPT" "8" "August 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-script\fR \- Run a puppet manifests as a script without compiling a catalog

data/man/man8/puppet-ssl.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-SSL" "8" "March 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-SSL" "8" "August 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-ssl\fR \- Manage SSL keys and certificates for puppet SSL clients

data/man/man8/puppet.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET" "8" "March 2023" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET" "8" "August 2023" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\fR
@@ -25,4 +25,4 @@ Specialized:
 catalog Compile, save, view, and convert catalogs\. describe Display help about resource types device Manage remote network devices doc Generate Puppet references epp Interact directly with the EPP template parser/renderer\. facts Retrieve and store facts\. filebucket Store and retrieve files in a filebucket generate Generates Puppet code from Ruby definitions\. node View and manage node definitions\. parser Interact directly with the parser\. plugin Interact with the Puppet plugin system\. script Run a puppet manifests as a script without compiling a catalog ssl Manage SSL keys and certificates for puppet SSL clients
 .
 .P
-See \'puppet help \fIsubcommand\fR \fIaction\fR\' for help on a specific subcommand action\. See \'puppet help \fIsubcommand\fR\' for help on a specific subcommand\. Puppet v7\.24\.0
+See \'puppet help \fIsubcommand\fR \fIaction\fR\' for help on a specific subcommand action\. See \'puppet help \fIsubcommand\fR\' for help on a specific subcommand\. Puppet v7\.26\.0

data/spec/integration/application/apply_spec.rb

@@ -755,5 +755,19 @@ class amod::bad_type {
         .and output(/Notify\[runs before file\]/).to_stdout
         .and output(/Validation of File.* failed: You cannot specify more than one of content, source, target/).to_stderr
     end
+
+    it "applies deferred sensitive file content" do
+      manifest = <<~END
+      file { '#{deferred_file}':
+        ensure => file,
+        content => Deferred('new', [Sensitive, "hello\n"])
+      }
+      END
+      apply.command_line.args = ['-e', manifest]
+      expect {
+        apply.run
+      }.to exit_with(0)
+        .and output(/ensure: changed \[redacted\] to \[redacted\]/).to_stdout
+    end
   end
 end

data/spec/integration/http/client_spec.rb

@@ -175,6 +175,22 @@ describe Puppet::HTTP::Client, unless: Puppet::Util::Platform.jruby? do
     end
   end
 
+  context 'ensure that retrying does not attempt to read the body after closing the connection' do
+    let(:client) { Puppet::HTTP::Client.new(retry_limit: 1) }
+    it 'raises a retry error instead' do
+      response_proc = -> (req, res) {
+        res['Retry-After'] = 1
+        res.status = 503
+      }
+
+      https_server.start_server(response_proc: response_proc) do |port|
+        uri = URI("https://127.0.0.1:#{port}")
+        kwargs = {headers: {'Content-Type' => 'text/plain'}, options: {ssl_context: root_context}}
+        expect{client.post(uri, '', **kwargs)}.to raise_error(Puppet::HTTP::TooManyRetryAfters)
+      end
+    end
+  end
+
   context 'persistent connections' do
     it "detects when the server has closed the connection and reconnects" do
       Puppet[:http_debug] = true

data/spec/unit/defaults_spec.rb

@@ -3,46 +3,8 @@ require 'puppet/settings'
 
 describe "Defaults" do
   describe ".default_diffargs" do
-    describe "on AIX" do
-      before(:each) do
-        allow(Facter).to receive(:value).with(:kernel).and_return("AIX")
-      end
-
-      describe "on 5.3" do
-        before(:each) do
-          allow(Facter).to receive(:value).with(:kernelmajversion).and_return("5300")
-        end
-
-        it "should be empty" do
-          expect(Puppet.default_diffargs).to eq("")
-        end
-      end
-
-      [ "",
-        nil,
-        "6300",
-        "7300",
-      ].each do |kernel_version|
-        describe "on kernel version #{kernel_version.inspect}" do
-          before(:each) do
-            allow(Facter).to receive(:value).with(:kernelmajversion).and_return(kernel_version)
-          end
-
-          it "should be '-u'" do
-            expect(Puppet.default_diffargs).to eq("-u")
-          end
-        end
-      end
-    end
-
-    describe "on everything else" do
-      before(:each) do
-        allow(Facter).to receive(:value).with(:kernel).and_return("NOT_AIX")
-      end
-
-      it "should be '-u'" do
-        expect(Puppet.default_diffargs).to eq("-u")
-      end
+    it "should be '-u'" do
+      expect(Puppet.default_diffargs).to eq("-u")
     end
   end
 

data/spec/unit/network/http/api/indirected_routes_spec.rb

@@ -210,6 +210,19 @@ describe Puppet::Network::HTTP::API::IndirectedRoutes do
         handler.call(request, response)
       }.to raise_error(not_found_error)
     end
+
+    it "should raise FormatError if tries to fallback and pson serialization is not allowed" do
+      Puppet[:allow_pson_serialization] = false
+      data = Puppet::IndirectorTesting.new("my data")
+      indirection.save(data, "my data")
+      request = a_request_that_finds(data, :accept_header => "unknown, text/pson")
+      allow(data).to receive(:to_pson).and_raise(Puppet::Network::FormatHandler::FormatError, 'Could not render to Puppet::Network::Format[pson]: source sequence is illegal/malformed utf-8')
+
+      expect {
+        handler.call(request, response)
+      }.to raise_error(Puppet::Network::FormatHandler::FormatError,
+                       %r{Failed to serialize Puppet::IndirectorTesting for 'my data': Could not render to Puppet::Network::Format\[pson\]})
+    end
   end
 
   describe "when searching for model instances" do
@@ -250,6 +263,19 @@ describe Puppet::Network::HTTP::API::IndirectedRoutes do
                        %r{No supported formats are acceptable \(Accept: application/json, text/pson\)})
     end
 
+    it "raises FormatError if tries to fallback and pson serialization is not allowed" do
+      Puppet[:allow_pson_serialization] = false
+      data = Puppet::IndirectorTesting.new("my data")
+      indirection.save(data, "my data")
+      request = a_request_that_searches(Puppet::IndirectorTesting.new("my"), :accept_header => "unknown, text/pson")
+      allow(data).to receive(:to_pson).and_raise(Puppet::Network::FormatHandler::FormatError, 'Could not render to Puppet::Network::Format[pson]: source sequence is illegal/malformed utf-8')
+
+      expect {
+        handler.call(request, response)
+      }.to raise_error(Puppet::Network::FormatHandler::FormatError,
+                       %r{Failed to serialize Puppet::IndirectorTesting for 'my': Could not render_multiple to Puppet::Network::Format\[pson\]})
+    end
+
     it "should return [] when searching returns an empty array" do
       request = a_request_that_searches(Puppet::IndirectorTesting.new("nothing"), :accept_header => "unknown, application/json")
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: puppet
 version: !ruby/object:Gem::Version
-  version: 7.24.0
+  version: 7.26.0
 platform: ruby
 authors:
 - Puppet Labs
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-04-04 00:00:00.000000000 Z
+date: 2023-08-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: facter
@@ -133,9 +133,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: 1.2.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -143,9 +140,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: 1.2.0
 - !ruby/object:Gem::Dependency
   name: deep_merge
   requirement: !ruby/object:Gem::Requirement
@@ -2547,7 +2541,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 1.3.1
 requirements: []
-rubygems_version: 3.1.6
+rubygems_version: 3.4.12
 signing_key: 
 specification_version: 4
 summary: Puppet, an automated configuration management tool