puppet 7.7.0-x64-mingw32 → 7.11.0-x64-mingw32

data/lib/puppet/functions/empty.rb

@@ -26,6 +26,10 @@ Puppet::Functions.create_function(:empty) do
     param 'Collection', :coll
   end
 
+  dispatch :sensitive_string_empty do
+    param 'Sensitive[String]', :str
+  end
+
   dispatch :string_empty do
     param 'String', :str
   end
@@ -46,6 +50,10 @@ Puppet::Functions.create_function(:empty) do
     coll.empty?
   end
 
+  def sensitive_string_empty(str)
+    str.unwrap.empty?
+  end
+
   def string_empty(str)
     str.empty?
   end

data/lib/puppet/functions/find_template.rb

@@ -2,11 +2,11 @@
 #
 # This function accepts an argument that is a String as a `<MODULE NAME>/<TEMPLATE>`
 # reference, which searches for `<TEMPLATE>` relative to a module's `templates`
-# directory on the master. (For example, the reference `mymod/secret.conf.epp`
+# directory on the primary server. (For example, the reference `mymod/secret.conf.epp`
 # will search for the file `<MODULES DIRECTORY>/mymod/templates/secret.conf.epp`.)
 #
 # The primary use case is for agent-side template rendering with late-bound variables
-# resolved, such as from secret stores inaccessible to the master, such as
+# resolved, such as from secret stores inaccessible to the primary server, such as
 #
 # ```
 # $variables = {

data/lib/puppet/functions/strftime.rb

@@ -105,6 +105,7 @@
 # **Seconds since the Epoch:**
 #
 # | Format | Meaning |
+# | ------ | ------- |
 # | s | Number of seconds since 1970-01-01 00:00:00 UTC. |
 #
 # **Literal string:**

data/lib/puppet/functions/unwrap.rb

@@ -1,4 +1,5 @@
 # Unwraps a Sensitive value and returns the wrapped object.
+# Returns the Value itself, if it is not Sensitive.
 #
 # @example Usage of unwrap
 #
@@ -28,12 +29,17 @@
 # @since 4.0.0
 #
 Puppet::Functions.create_function(:unwrap) do
-  dispatch :unwrap do
+  dispatch :from_sensitive do
     param 'Sensitive', :arg
     optional_block_param
   end
 
-  def unwrap(arg)
+  dispatch :from_any do
+    param 'Any', :arg
+    optional_block_param
+  end
+
+  def from_sensitive(arg)
     unwrapped = arg.unwrap
     if block_given?
       yield(unwrapped)
@@ -41,4 +47,13 @@ Puppet::Functions.create_function(:unwrap) do
       unwrapped
     end
   end
+
+  def from_any(arg)
+    unwrapped = arg
+    if block_given?
+      yield(unwrapped)
+    else
+      unwrapped
+    end
+  end
 end

data/lib/puppet/http/service/compiler.rb

@@ -60,6 +60,10 @@ class Puppet::HTTP::Service::Compiler < Puppet::HTTP::Service
   # @param [String] environment The name of the environment we are operating in
   # @param [String] configured_environment Optional, the name of the configured
   #   environment. If unset, `environment` is used.
+  # @param [Boolean] check_environment If true, request that the server check if
+  #   our `environment` matches the server-specified environment. If they do not
+  #   match, then the server may return an empty catalog in the server-specified
+  #   environment.
   # @param [String] transaction_uuid An agent generated transaction uuid, used
   #   for connecting catalogs and reports.
   # @param [String] job_uuid A unique job identifier defined when the orchestrator
@@ -75,7 +79,7 @@ class Puppet::HTTP::Service::Compiler < Puppet::HTTP::Service
   #   the server
   #
   # @api public
-  def post_catalog(name, facts:, environment:, configured_environment: nil, transaction_uuid: nil, job_uuid: nil, static_catalog: true, checksum_type: Puppet[:supported_checksum_types])
+  def post_catalog(name, facts:, environment:, configured_environment: nil, check_environment: false, transaction_uuid: nil, job_uuid: nil, static_catalog: true, checksum_type: Puppet[:supported_checksum_types])
     if Puppet[:preferred_serialization_format] == "pson"
       formatter = Puppet::Network::FormatHandler.format_for(:pson)
       # must use 'pson' instead of 'text/pson'
@@ -93,6 +97,7 @@ class Puppet::HTTP::Service::Compiler < Puppet::HTTP::Service
       facts: Puppet::Util.uri_query_encode(facts_as_string),
       environment: environment,
       configured_environment: configured_environment || environment,
+      check_environment: !!check_environment,
       transaction_uuid: transaction_uuid,
       job_uuid: job_uuid,
       static_catalog: static_catalog,

data/lib/puppet/indirector/catalog/compiler.rb

@@ -53,8 +53,22 @@ class Puppet::Resource::Catalog::Compiler < Puppet::Indirector::Code
     node.trusted_data = Puppet.lookup(:trusted_information) { Puppet::Context::TrustedInformation.local(node) }.to_h
 
     if node.environment
+      # If the requested environment doesn't match the server specified environment,
+      # as determined by the node terminus, and the request wants us to check for an
+      # environment mismatch, then return an empty catalog with the server-specified
+      # enviroment.
+      if request.remote? && request.options[:check_environment] && node.environment != request.environment
+        return Puppet::Resource::Catalog.new(node.name, node.environment)
+      end
+
       node.environment.with_text_domain do
-        compile(node, request.options)
+        envs = Puppet.lookup(:environments)
+        envs.guard(node.environment.name)
+        begin
+          compile(node, request.options)
+        ensure
+          envs.unguard(node.environment.name)
+        end
       end
     else
       compile(node, request.options)
@@ -78,6 +92,10 @@ class Puppet::Resource::Catalog::Compiler < Puppet::Indirector::Code
     Puppet.run_mode.server?
   end
 
+  def require_environment?
+    false
+  end
+
   private
 
   # @param facts [String] facts in a wire format for decoding
@@ -154,7 +172,7 @@ class Puppet::Resource::Catalog::Compiler < Puppet::Indirector::Code
     location = Puppet::Module::FILETYPES['files']
 
     !!(source_as_uri.path =~ /^\/modules\// &&
-       metadata.full_path =~ /#{environment_path}[^\/]+\/[^\/]+\/#{location}\/.+/)
+       metadata.full_path =~ /#{environment_path}\/[^\/]+\/[^\/]+\/#{location}\/.+/)
   end
 
   # Helper method to log file resources that could not be inlined because they
@@ -173,7 +191,7 @@ class Puppet::Resource::Catalog::Compiler < Puppet::Indirector::Code
   # Inline file metadata for static catalogs
   # Initially restricted to files sourced from codedir via puppet:/// uri.
   def inline_metadata(catalog, checksum_type)
-    environment_path = Pathname.new File.join(Puppet[:environmentpath], catalog.environment, "")
+    environment_path = Pathname.new File.join(Puppet[:environmentpath], catalog.environment)
     environment_path = Puppet::Environments::Directories.real_path(environment_path)
     list_of_resources = catalog.resources.find_all { |res| res.type == "File" }
 
@@ -415,17 +433,17 @@ class Puppet::Resource::Catalog::Compiler < Puppet::Indirector::Code
       "serverip"  => "ipaddress",
       "serverip6" => "ipaddress6"
     }.each do |var, fact|
-      value = Facter.value(fact)
+      value = Puppet.runtime[:facter].value(fact)
       if !value.nil?
         @server_facts[var] = value
       end
     end
 
     if @server_facts["servername"].nil?
-      host = Facter.value(:hostname)
+      host = Puppet.runtime[:facter].value(:hostname)
       if host.nil?
         Puppet.warning _("Could not retrieve fact servername")
-      elsif domain = Facter.value(:domain) #rubocop:disable Lint/AssignmentInCondition
+      elsif domain = Puppet.runtime[:facter].value(:domain) #rubocop:disable Lint/AssignmentInCondition
         @server_facts["servername"] = [host, domain].join(".")
       else
         @server_facts["servername"] = host

data/lib/puppet/indirector/catalog/rest.rb

@@ -18,6 +18,7 @@ class Puppet::Resource::Catalog::Rest < Puppet::Indirector::REST
       facts: request.options[:facts_for_catalog],
       environment: request.environment.to_s,
       configured_environment: request.options[:configured_environment],
+      check_environment: request.options[:check_environment],
       transaction_uuid: request.options[:transaction_uuid],
       job_uuid: request.options[:job_id],
       static_catalog: request.options[:static_catalog],

data/lib/puppet/indirector/facts/facter.rb

@@ -20,10 +20,10 @@ class Puppet::Node::Facts::Facter < Puppet::Indirector::Code
 
   # Lookup a host's facts up in Facter.
   def find(request)
-    Facter.reset
+    Puppet.runtime[:facter].reset
 
     # Note: we need to setup puppet's external search paths before adding the puppetversion
-    # fact. This is because in Facter 2.x, the first `Facter.add` causes Facter to create
+    # fact. This is because in Facter 2.x, the first `Puppet.runtime[:facter].add` causes Facter to create
     # its directory loaders which cannot be changed, meaning other external facts won't
     # be resolved. (PUP-4607)
     self.class.setup_external_search_paths(request)
@@ -36,7 +36,7 @@ class Puppet::Node::Facts::Facter < Puppet::Indirector::Code
                raise(Puppet::Error, _("puppet facts show requires version 4.0.40 or greater of Facter.")) unless Facter.respond_to?(:resolve)
                find_with_options(request)
              else
-               Puppet::Node::Facts.new(request.key, Facter.to_hash)
+               Puppet::Node::Facts.new(request.key, Puppet.runtime[:facter].to_hash)
              end
 
     result.add_local_facts unless request.options[:resolve_options]
@@ -68,7 +68,7 @@ class Puppet::Node::Facts::Facter < Puppet::Indirector::Code
       true
     end
     dirs << request.options[:custom_dir] if request.options[:custom_dir]
-    Facter.search(*dirs)
+    Puppet.runtime[:facter].search(*dirs)
   end
 
   def self.setup_external_search_paths(request)
@@ -90,7 +90,7 @@ class Puppet::Node::Facts::Facter < Puppet::Indirector::Code
     end
 
     dirs << request.options[:external_dir] if request.options[:external_dir]
-    Facter.search_external dirs
+    Puppet.runtime[:facter].search_external dirs
   end
 
   private
@@ -105,6 +105,6 @@ class Puppet::Node::Facts::Facter < Puppet::Indirector::Code
     options_for_facter += " --no-cache" if options[:no_cache] == false
     options_for_facter += " --timing" if options[:timing]
 
-    Puppet::Node::Facts.new(request.key, Facter.resolve(options_for_facter))
+    Puppet::Node::Facts.new(request.key, Puppet.runtime[:facter].resolve(options_for_facter))
   end
 end

data/lib/puppet/indirector/indirection.rb

@@ -313,7 +313,7 @@ class Puppet::Indirector::Indirection
     request = request(:save, key, instance, options)
     terminus = prepare(request)
 
-    result = terminus.save(request)
+    result = terminus.save(request) if !request.ignore_terminus?
 
     # If caching is enabled, save our document there
     cache.save(request) if cache? && !request.ignore_cache_save?

data/lib/puppet/indirector/resource/ral.rb

@@ -24,7 +24,12 @@ class Puppet::Resource::Ral < Puppet::Indirector::Code
     type(request).instances.map do |res|
       res.to_resource
     end.find_all do |res|
-      conditions.all? {|property, value| res.to_resource[property].to_s == value.to_s}
+      conditions.all? do |property, value|
+        # even though `res` is an instance of Puppet::Resource, calling
+        # `res[:name]` on it returns nil, and for some reason it is necessary
+        # to invoke the Puppet::Resource#copy_as_resource copy constructor...
+        res.copy_as_resource[property].to_s == value.to_s
+      end
     end.sort_by(&:title)
   end
 

data/lib/puppet/indirector/terminus.rb

@@ -143,6 +143,10 @@ class Puppet::Indirector::Terminus
     self.class.name
   end
 
+  def require_environment?
+    true
+  end
+
   def allow_remote_requests?
     true
   end

data/lib/puppet/interface/documentation.rb

@@ -76,6 +76,7 @@ class Puppet::Interface
         s.text(" ")
 
         options.each do |option|
+          next if option == :extra
           option = get_option(option)
           wrap = option.required? ? %w{ < > } : %w{ [ ] }
 

data/lib/puppet/module/plan.rb

@@ -50,7 +50,6 @@ class Puppet::Module
     RESERVED_DATA_TYPES = %w{any array boolean catalogentry class collection
         callable data default enum float hash integer numeric optional pattern
         resource runtime scalar string struct tuple type undef variant}
-    MOUNTS = %w[lib files plans]
 
     def self.is_plan_name?(name)
       return true if name =~ /^[a-z][a-z0-9_]*$/

data/lib/puppet/module/task.rb

@@ -45,7 +45,7 @@ class Puppet::Module
     end
 
     FORBIDDEN_EXTENSIONS = %w{.conf .md}
-    MOUNTS = %w[lib files tasks]
+    MOUNTS = %w[files lib scripts tasks]
 
     def self.is_task_name?(name)
       return true if name =~ /^[a-z][a-z0-9_]*$/

data/lib/puppet/module_tool/applications/installer.rb

@@ -59,6 +59,10 @@ module Puppet::ModuleTool
         results = { :action => :install, :module_name => name, :module_version => version }
 
         begin
+          if !@local_tarball && name !~ /-/
+            raise InvalidModuleNameError.new(module_name: @name, suggestion: "puppetlabs-#{@name}", action: :install)
+          end
+
           installed_module = installed_modules[name]
           if installed_module
             unless forced?
@@ -134,7 +138,7 @@ module Puppet::ModuleTool
           rescue SemanticPuppet::Dependency::UnsatisfiableGraph => e
             unsatisfied = nil
 
-            if e.respond_to?(:unsatisfied)
+            if e.respond_to?(:unsatisfied) && e.unsatisfied
               constraints = {}
               # If the module we're installing satisfies all its
               # dependencies, but would break an already installed
@@ -160,8 +164,12 @@ module Puppet::ModuleTool
               # If the module fails to satisfy one of its
               # dependencies, show the unsatisfiable module
               else
-                unsatisfied_range = graph.dependencies[name].max.constraints[e.unsatisfied].first[1]
-                constraints[e.unsatisfied] = unsatisfied_range
+                dep_constraints = graph.dependencies[name].max.constraints
+
+                if dep_constraints.key?(e.unsatisfied)
+                  unsatisfied_range = dep_constraints[e.unsatisfied].first[1]
+                  constraints[e.unsatisfied] = unsatisfied_range
+                end
               end
 
               installed_module = @environment.module_by_forge_name(e.unsatisfied.tr('-', '/'))
@@ -171,7 +179,7 @@ module Puppet::ModuleTool
                 :name => e.unsatisfied,
                 :constraints => constraints,
                 :current_version => current_version
-              }
+              } if constraints.any?
             end
 
             raise NoVersionsSatisfyError, results.merge(

data/lib/puppet/module_tool/applications/uninstaller.rb

@@ -89,7 +89,7 @@ module Puppet::ModuleTool
         mod = @installed.first
 
         unless @ignore_changes
-          raise _("Either the `--ignore_changes` or `--force` argument must be specified to uninstall modules when running in FIPS mode.") if Facter.value(:fips_enabled)
+          raise _("Either the `--ignore_changes` or `--force` argument must be specified to uninstall modules when running in FIPS mode.") if Puppet.runtime[:facter].value(:fips_enabled)
 
           changes = begin
             Puppet::ModuleTool::Applications::Checksummer.run(mod.path)

data/lib/puppet/module_tool/applications/upgrader.rb

@@ -27,7 +27,7 @@ module Puppet::ModuleTool
 
       def run
         # Disallow anything that invokes md5 to avoid un-friendly termination due to FIPS
-        raise _("Module upgrade is prohibited in FIPS mode.") if Facter.value(:fips_enabled)
+        raise _("Module upgrade is prohibited in FIPS mode.") if Puppet.runtime[:facter].value(:fips_enabled)
 
         name = @name.tr('/', '-')
         version = options[:version] || '>= 0.0.0'

data/lib/puppet/module_tool/errors/shared.rb

@@ -127,6 +127,23 @@ module Puppet::ModuleTool::Errors
     end
   end
 
+  class InvalidModuleNameError < ModuleToolError
+    def initialize(options)
+      @module_name = options[:module_name]
+      @suggestion = options[:suggestion]
+      @action = options[:action]
+      super _("Could not %{action} '%{module_name}', did you mean '%{suggestion}'?") % { action: @action, module_name: @module_name, suggestion: @suggestion }
+    end
+
+    def multiline
+      message = []
+      message << _("Could not %{action} module '%{module_name}'") % { action: @action, module_name: @module_name }
+      message << _("  The name '%{module_name}' is invalid") % { module_name: @module_name }
+      message << _("    Did you mean `puppet module %{action} %{suggestion}`?") % { action: @action, suggestion: @suggestion }
+      message.join("\n")
+    end
+  end
+
   class NotInstalledError < ModuleToolError
     def initialize(options)
       @module_name = options[:module_name]

data/lib/puppet/module_tool/tar/mini.rb

@@ -107,7 +107,7 @@ class Puppet::ModuleTool::Tar::Mini
       raise Puppet::ModuleTool::Errors::InvalidPathInPackageError, :entry_path => path, :directory => destdir
     end
 
-    path = File.expand_path File.join(destdir, path)
+    path = Pathname.new(File.join(destdir, path)).cleanpath.to_path
 
     if path !~ /\A#{Regexp.escape destdir}/
       raise Puppet::ModuleTool::Errors::InvalidPathInPackageError, :entry_path => path, :directory => destdir

data/lib/puppet/network/http/api/indirected_routes.rb

@@ -98,7 +98,7 @@ class Puppet::Network::HTTP::API::IndirectedRoutes
       params[:environment] = configured_environment
     end
 
-    if configured_environment.nil?
+    if configured_environment.nil? && indirection.terminus.require_environment?
       raise Puppet::Network::HTTP::Error::HTTPNotFoundError.new(
         _("Could not find environment '%{environment}'") % { environment: environment })
     end

data/lib/puppet/node/environment.rb

@@ -312,7 +312,9 @@ class Puppet::Node::Environment
                        {}
                      end
       modulepath.each do |path|
-        Dir.entries(path).each do |name|
+        Puppet::FileSystem.children(path).map do |p|
+          Puppet::FileSystem.basename_string(p)
+        end.each do |name|
           next unless Puppet::Module.is_module_directory?(name, path)
           warn_about_mistaken_path(path, name)
           if not seen_modules[name]
@@ -357,9 +359,6 @@ class Puppet::Node::Environment
 
   # Modules broken out by directory in the modulepath
   #
-  # @note This method _changes_ the current working directory while enumerating
-  #   the modules. This seems rather dangerous.
-  #
   # @api public
   #
   # @return [Hash<String, Array<Puppet::Module>>] A hash whose keys are file
@@ -368,13 +367,13 @@ class Puppet::Node::Environment
     modules_by_path = {}
     modulepath.each do |path|
       if Puppet::FileSystem.exist?(path)
-        Dir.chdir(path) do
-          module_names = Dir.entries(path).select do |name|
-            Puppet::Module.is_module_directory?(name, path)
-          end
-          modules_by_path[path] = module_names.sort.map do |name|
-            Puppet::Module.new(name, File.join(path, name), self)
-          end
+        module_names = Puppet::FileSystem.children(path).map do |p|
+          Puppet::FileSystem.basename_string(p)
+        end.select do |name|
+          Puppet::Module.is_module_directory?(name, path)
+        end
+        modules_by_path[path] = module_names.sort.map do |name|
+          Puppet::Module.new(name, File.join(path, name), self)
         end
       else
         modules_by_path[path] = []