puppet 7.8.0-universal-darwin → 7.12.0-universal-darwin

data/lib/puppet/environments.rb

@@ -48,6 +48,13 @@ module Puppet::Environments
         root.instance_variable_set(:@rich_data, nil)
       end
     end
+
+    # The base implementation is a noop, because `get` returns a new environment
+    # each time.
+    #
+    # @see Puppet::Environments::Cached#guard
+    def guard(name); end
+    def unguard(name); end
   end
 
   # @!macro [new] loader_search_paths
@@ -188,7 +195,7 @@ module Puppet::Environments
 
     def self.real_path(dir)
       if Puppet::FileSystem.symlink?(dir) && Puppet[:versioned_environment_dirs]
-        dir = Puppet::FileSystem.expand_path(Puppet::FileSystem.readlink(dir))
+        dir = Pathname.new Puppet::FileSystem.expand_path(Puppet::FileSystem.readlink(dir))
       end
       return dir
     end
@@ -241,7 +248,7 @@ module Puppet::Environments
 
     def validated_directory(envdir)
       env_name = Puppet::FileSystem.basename_string(envdir)
-      envdir = Puppet::Environments::Directories.real_path(envdir)
+      envdir = Puppet::Environments::Directories.real_path(envdir).to_s
       if Puppet::FileSystem.directory?(envdir) && Puppet::Node::Environment.valid_name?(env_name)
         envdir
       else
@@ -330,21 +337,13 @@ module Puppet::Environments
     end
 
     def self.cache_expiration_service=(service)
-      @cache_expiration_service = service
+      @cache_expiration_service_singleton = service
     end
 
     def self.cache_expiration_service
-      @cache_expiration_service || DefaultCacheExpirationService.new
-    end
-
-    # Returns the end of time (the next Mesoamerican Long Count cycle-end after 2012 (5125+2012) = 7137
-    def self.end_of_time
-      Time.gm(7137)
+      @cache_expiration_service_singleton || DefaultCacheExpirationService.new
     end
 
-    END_OF_TIME = end_of_time
-    START_OF_TIME = Time.gm(1)
-
     def initialize(loader)
       @loader = loader
       @cache_expiration_service = Puppet::Environments::Cached.cache_expiration_service
@@ -356,6 +355,16 @@ module Puppet::Environments
       # Evict all that have expired, in the same way as `get`
       clear_all_expired
 
+      # Evict all that was removed from disk
+      cached_envs = @cache.keys.map!(&:to_sym)
+      loader_envs = @loader.list.map!(&:name)
+      removed_envs = cached_envs - loader_envs
+
+      removed_envs.each do |env_name|
+        Puppet.debug { "Environment no longer exists '#{env_name}'"}
+        clear(env_name)
+      end
+
       @loader.list.map do |env|
         name = env.name
         old_entry = @cache[name]
@@ -375,27 +384,35 @@ module Puppet::Environments
 
     # @!macro loader_get
     def get(name)
+      entry = get_entry(name)
+      entry ? entry.value : nil
+    end
+
+    # Get a cache entry for an envionment. It returns nil if the
+    # environment doesn't exist.
+    def get_entry(name, check_expired = true)
       # Aggressively evict all that has expired
       # This strategy favors smaller memory footprint over environment
       # retrieval time.
-      clear_all_expired
-      result = @cache[name]
-      if result
-        Puppet.debug {"Found in cache '#{name}' #{result.label}"}
+      clear_all_expired if check_expired
+      name = name.to_sym
+      entry = @cache[name]
+      if entry
+        Puppet.debug {"Found in cache #{name.inspect} #{entry.label}"}
         # found in cache
-        result.touch
-        return result.value
-      elsif (result = @loader.get(name))
+        entry.touch
+      elsif (env = @loader.get(name))
         # environment loaded, cache it
-        cache_entry = entry(result)
-        add_entry(name, cache_entry)
-        result
+        entry = entry(env)
+        add_entry(name, entry)
       end
+      entry
     end
+    private :get_entry
 
     # Adds a cache entry to the cache
     def add_entry(name, cache_entry)
-      Puppet.debug {"Caching environment '#{name}' #{cache_entry.label}"}
+      Puppet.debug {"Caching environment #{name.inspect} #{cache_entry.label}"}
       @cache[name] = cache_entry
       @cache_expiration_service.created(cache_entry.value)
     end
@@ -403,7 +420,7 @@ module Puppet::Environments
 
     def clear_entry(name, entry)
       @cache.delete(name)
-      Puppet.debug {"Evicting cache entry for environment '#{name}'"}
+      Puppet.debug {"Evicting cache entry for environment #{name.inspect}"}
       @cache_expiration_service.evicted(name.to_sym)
       Puppet::GettextConfig.delete_text_domain(name)
       Puppet.settings.clear_environment_settings(name)
@@ -413,6 +430,7 @@ module Puppet::Environments
     # Clears the cache of the environment with the given name.
     # (The intention is that this could be used from a MANUAL cache eviction command (TBD)
     def clear(name)
+      name = name.to_sym
       entry = @cache[name]
       clear_entry(name, entry) if entry
     end
@@ -433,19 +451,21 @@ module Puppet::Environments
     # Clears all environments that have expired, either by exceeding their time to live, or
     # through an explicit eviction determined by the cache expiration service.
     #
-    def clear_all_expired()
+    def clear_all_expired
       t = Time.now
 
       @cache.each_pair do |name, entry|
         clear_if_expired(name, entry, t)
       end
     end
+    private :clear_all_expired
 
     # Clear an environment if it is expired, either by exceeding its time to live, or
     # through an explicit eviction determined by the cache expiration service.
     #
     def clear_if_expired(name, entry, t = Time.now)
       return unless entry
+      return if entry.guarded?
 
       if entry.expired?(t) || @cache_expiration_service.expired?(name.to_sym)
         clear_entry(name, entry)
@@ -462,10 +482,25 @@ module Puppet::Environments
     #
     # @!macro loader_get_conf
     def get_conf(name)
+      name = name.to_sym
       clear_if_expired(name, @cache[name])
       @loader.get_conf(name)
     end
 
+    # Guard an environment so it can't be evicted while it's in use. The method
+    # may be called multiple times, provided it is unguarded the same number of
+    # times. If you call this method, you must call `unguard` in an ensure block.
+    def guard(name)
+      entry = get_entry(name, false)
+      entry.guard if entry
+    end
+
+    # Unguard an environment.
+    def unguard(name)
+      entry = get_entry(name, false)
+      entry.unguard if entry
+    end
+
     # Creates a suitable cache entry given the time to live for one environment
     #
     def entry(env)
@@ -491,6 +526,7 @@ module Puppet::Environments
 
       def initialize(value)
         @value = value
+        @guards = 0
       end
 
       def touch
@@ -503,6 +539,20 @@ module Puppet::Environments
       def label
         ""
       end
+
+      # These are not protected with a lock, because all of the Cached
+      # methods are protected.
+      def guarded?
+        @guards > 0
+      end
+
+      def guard
+        @guards += 1
+      end
+
+      def unguard
+        @guards -= 1
+      end
     end
 
     # Always evicting entry

data/lib/puppet/face/help/action.erb

@@ -54,6 +54,7 @@ undocumented option
 	end
 	unless action.options.empty?
       action.options.sort.each do |name|
+        next if name == :extra
         option = action.get_option name -%>
 <%= "  " + option.optparse.join(" | ")[0,(optionroom - 1)].ljust(optionroom) + ' - ' -%>
 <%     if !(option.summary) -%>

data/lib/puppet/face/help/face.erb

@@ -49,6 +49,7 @@ undocumented option
 	end
  	unless face.options.empty?
       face.options.sort.each do |name|
+        next if name == :extra
         option = face.get_option name -%>
 <%= "  " + option.optparse.join(" | ")[0,(optionroom - 1)].ljust(optionroom) + ' - ' -%>
 <%     if !(option.summary) -%>

data/lib/puppet/face/node/clean.rb

@@ -52,7 +52,7 @@ Puppet::Face.define(:node, '0.0.1') do
     end
 
     def warn(message)
-      Puppet.warning(message)
+      Puppet.warning(message) unless message =~ /cadir is currently configured to be inside/
     end
 
     def err(message)

data/lib/puppet/facter_impl.rb

@@ -0,0 +1,96 @@
+# frozen_string_literal: true
+
+#
+# @api private
+# Default Facter implementation that delegates to Facter API
+#
+
+module Puppet
+  class FacterImpl
+    def initialize
+      require 'facter'
+
+      setup_logging
+    end
+
+    def value(fact_name)
+      ::Facter.value(fact_name)
+    end
+
+    def add(name, &block)
+      ::Facter.add(name, &block)
+    end
+
+    def to_hash
+      ::Facter.to_hash
+    end
+
+    def clear
+      ::Facter.clear
+    end
+
+    def reset
+      ::Facter.reset
+    end
+
+    def resolve(options)
+      ::Facter.resolve(options)
+    end
+
+    def search_external(dirs)
+      ::Facter.search_external(dirs)
+    end
+
+    def search(*dirs)
+      ::Facter.search(*dirs)
+    end
+
+    def trace(value)
+      ::Facter.trace(value) if ::Facter.respond_to? :trace
+    end
+
+    def debugging(value)
+      ::Facter.debugging(value) if ::Facter.respond_to?(:debugging)
+    end
+
+    def load_external?
+      ::Facter.respond_to?(:load_external)
+    end
+
+    def load_external(value)
+      ::Facter.load_external(value) if self.load_external?
+    end
+
+    private
+
+    def setup_logging
+      return unless ::Facter.respond_to? :on_message
+
+      ::Facter.on_message do |level, message|
+        case level
+        when :trace, :debug
+          level = :debug
+        when :info
+          # Same as Puppet
+        when :warn
+          level = :warning
+        when :error
+          level = :err
+        when :fatal
+          level = :crit
+        else
+          next
+        end
+
+        Puppet::Util::Log.create(
+          {
+            :level => level,
+            :source => 'Facter',
+            :message => message
+          }
+        )
+        nil
+      end
+    end
+  end
+end

data/lib/puppet/file_serving/configuration/parser.rb

@@ -78,6 +78,8 @@ class Puppet::FileServing::Configuration::Parser
       mount = Mount::Modules.new(name)
     when "plugins"
       mount = Mount::Plugins.new(name)
+    when "scripts"
+      mount = Mount::Scripts.new(name)
     when "tasks"
       mount = Mount::Tasks.new(name)
     when "locales"

data/lib/puppet/file_serving/configuration.rb

@@ -6,6 +6,7 @@ require_relative '../../puppet/file_serving/mount/modules'
 require_relative '../../puppet/file_serving/mount/plugins'
 require_relative '../../puppet/file_serving/mount/locales'
 require_relative '../../puppet/file_serving/mount/pluginfacts'
+require_relative '../../puppet/file_serving/mount/scripts'
 require_relative '../../puppet/file_serving/mount/tasks'
 
 class Puppet::FileServing::Configuration
@@ -83,6 +84,7 @@ class Puppet::FileServing::Configuration
     @mounts["plugins"] ||= Mount::Plugins.new("plugins")
     @mounts["locales"] ||= Mount::Locales.new("locales")
     @mounts["pluginfacts"] ||= Mount::PluginFacts.new("pluginfacts")
+    @mounts["scripts"] ||= Mount::Scripts.new("scripts")
     @mounts["tasks"] ||= Mount::Tasks.new("tasks")
   end
 

data/lib/puppet/file_serving/mount/file.rb

@@ -3,12 +3,12 @@ require_relative '../../../puppet/file_serving/mount'
 class Puppet::FileServing::Mount::File < Puppet::FileServing::Mount
   def self.localmap
     @localmap ||= {
-      "h" => Facter.value("hostname"),
+      "h" => Puppet.runtime[:facter].value("hostname"),
       "H" => [
-               Facter.value("hostname"),
-               Facter.value("domain")
+               Puppet.runtime[:facter].value("hostname"),
+               Puppet.runtime[:facter].value("domain")
              ].join("."),
-      "d" => Facter.value("domain")
+      "d" => Puppet.runtime[:facter].value("domain")
     }
   end
 

data/lib/puppet/file_serving/mount/scripts.rb

@@ -0,0 +1,24 @@
+require 'puppet/file_serving/mount'
+
+class Puppet::FileServing::Mount::Scripts < Puppet::FileServing::Mount
+  # Return an instance of the appropriate class.
+  def find(path, request)
+    raise _("No module specified") if path.to_s.empty?
+    module_name, relative_path = path.split("/", 2)
+    mod = request.environment.module(module_name)
+    return nil unless mod
+
+    mod.script(relative_path)
+  end
+
+  def search(path, request)
+    result = find(path, request)
+    if result
+      [result]
+    end
+  end
+
+  def valid?
+    true
+  end
+end

data/lib/puppet/file_system/file_impl.rb

@@ -84,7 +84,9 @@ class Puppet::FileSystem::FileImpl
   end
 
   def read_preserve_line_endings(path)
-    read(path)
+    default_encoding = Encoding.default_external.name
+    encoding = default_encoding.downcase.start_with?('utf-') ? "bom|#{default_encoding}" : default_encoding
+    read(path, encoding: encoding)
   end
 
   def binread(path)

data/lib/puppet/file_system/windows.rb

@@ -109,8 +109,8 @@ class Puppet::FileSystem::Windows < Puppet::FileSystem::Posix
   end
 
   def read_preserve_line_endings(path)
-    contents = path.read( :mode => 'rb', :encoding => Encoding::UTF_8)
-    contents = path.read( :mode => 'rb', :encoding => Encoding::default_external) unless contents.valid_encoding?
+    contents = path.read( :mode => 'rb', :encoding => 'bom|utf-8')
+    contents = path.read( :mode => 'rb', :encoding => "bom|#{Encoding::default_external.name}") unless contents.valid_encoding?
     contents = path.read unless contents.valid_encoding?
 
     contents

data/lib/puppet/file_system.rb

@@ -345,7 +345,8 @@ module Puppet::FileSystem
   # value ~ will be expanded to something like /Users/Foo
   #
   # This method exists primarlily to resolve a Ruby deficiency where
-  # File.expand_path doesn't handle ~ in each segment on a Windows path
+  # File.expand_path doesn't convert short paths to long paths, which is
+  # important when resolving the path to load.
   #
   # @param path [Object] a path handle produced by {#pathname}
   # @return [String] a string representation of the path

data/lib/puppet/forge/cache.rb

@@ -47,7 +47,7 @@ class Puppet::Forge
 
     # Return the base Pathname for all the caches.
     def self.base_path
-      (Pathname(Puppet.settings[:module_working_dir]) + 'cache').tap do |o|
+      (Pathname(Puppet.settings[:module_working_dir]) + 'cache').cleanpath.tap do |o|
         o.mkpath unless o.exist?
       end
     end

data/lib/puppet/forge.rb

@@ -70,7 +70,7 @@ class Puppet::Forge < SemanticPuppet::Dependency::Source
         uri = decode_uri(result['pagination']['next'])
         matches.concat result['results']
       else
-        raise ResponseError.new(:uri => URI.parse(@host).merge(uri), :response => response)
+        raise ResponseError.new(:uri => response.url, :response => response)
       end
     end
 
@@ -105,7 +105,7 @@ class Puppet::Forge < SemanticPuppet::Dependency::Source
       if response.code == 200
         response = Puppet::Util::Json.load(response.body)
       else
-        raise ResponseError.new(:uri => URI.parse(@host).merge(uri), :response => response)
+        raise ResponseError.new(:uri => response.url, :response => response)
       end
 
       releases.concat(process(response['results']))
@@ -208,12 +208,12 @@ class Puppet::Forge < SemanticPuppet::Dependency::Source
       response = @source.make_http_request(uri, destination)
       destination.flush and destination.close
       unless response.code == 200
-        raise Puppet::Forge::Errors::ResponseError.new(:uri => uri, :response => response)
+        raise Puppet::Forge::Errors::ResponseError.new(:uri => response.url, :response => response)
       end
     end
 
     def validate_checksum(file, checksum, digest_class)
-      if Facter.value(:fips_enabled) && digest_class == Digest::MD5
+      if Puppet.runtime[:facter].value(:fips_enabled) && digest_class == Digest::MD5
         raise _("Module install using MD5 is prohibited in FIPS mode.")
       end
 

data/lib/puppet/functions/empty.rb

@@ -26,6 +26,10 @@ Puppet::Functions.create_function(:empty) do
     param 'Collection', :coll
   end
 
+  dispatch :sensitive_string_empty do
+    param 'Sensitive[String]', :str
+  end
+
   dispatch :string_empty do
     param 'String', :str
   end
@@ -46,6 +50,10 @@ Puppet::Functions.create_function(:empty) do
     coll.empty?
   end
 
+  def sensitive_string_empty(str)
+    str.unwrap.empty?
+  end
+
   def string_empty(str)
     str.empty?
   end

data/lib/puppet/functions/find_template.rb

@@ -2,11 +2,11 @@
 #
 # This function accepts an argument that is a String as a `<MODULE NAME>/<TEMPLATE>`
 # reference, which searches for `<TEMPLATE>` relative to a module's `templates`
-# directory on the master. (For example, the reference `mymod/secret.conf.epp`
+# directory on the primary server. (For example, the reference `mymod/secret.conf.epp`
 # will search for the file `<MODULES DIRECTORY>/mymod/templates/secret.conf.epp`.)
 #
 # The primary use case is for agent-side template rendering with late-bound variables
-# resolved, such as from secret stores inaccessible to the master, such as
+# resolved, such as from secret stores inaccessible to the primary server, such as
 #
 # ```
 # $variables = {

data/lib/puppet/functions/strftime.rb

@@ -105,6 +105,7 @@
 # **Seconds since the Epoch:**
 #
 # | Format | Meaning |
+# | ------ | ------- |
 # | s | Number of seconds since 1970-01-01 00:00:00 UTC. |
 #
 # **Literal string:**

data/lib/puppet/functions/unwrap.rb

@@ -1,4 +1,5 @@
 # Unwraps a Sensitive value and returns the wrapped object.
+# Returns the Value itself, if it is not Sensitive.
 #
 # @example Usage of unwrap
 #
@@ -28,12 +29,17 @@
 # @since 4.0.0
 #
 Puppet::Functions.create_function(:unwrap) do
-  dispatch :unwrap do
+  dispatch :from_sensitive do
     param 'Sensitive', :arg
     optional_block_param
   end
 
-  def unwrap(arg)
+  dispatch :from_any do
+    param 'Any', :arg
+    optional_block_param
+  end
+
+  def from_sensitive(arg)
     unwrapped = arg.unwrap
     if block_given?
       yield(unwrapped)
@@ -41,4 +47,13 @@ Puppet::Functions.create_function(:unwrap) do
       unwrapped
     end
   end
+
+  def from_any(arg)
+    unwrapped = arg
+    if block_given?
+      yield(unwrapped)
+    else
+      unwrapped
+    end
+  end
 end

data/lib/puppet/http/service/compiler.rb

@@ -60,6 +60,10 @@ class Puppet::HTTP::Service::Compiler < Puppet::HTTP::Service
   # @param [String] environment The name of the environment we are operating in
   # @param [String] configured_environment Optional, the name of the configured
   #   environment. If unset, `environment` is used.
+  # @param [Boolean] check_environment If true, request that the server check if
+  #   our `environment` matches the server-specified environment. If they do not
+  #   match, then the server may return an empty catalog in the server-specified
+  #   environment.
   # @param [String] transaction_uuid An agent generated transaction uuid, used
   #   for connecting catalogs and reports.
   # @param [String] job_uuid A unique job identifier defined when the orchestrator
@@ -75,7 +79,7 @@ class Puppet::HTTP::Service::Compiler < Puppet::HTTP::Service
   #   the server
   #
   # @api public
-  def post_catalog(name, facts:, environment:, configured_environment: nil, transaction_uuid: nil, job_uuid: nil, static_catalog: true, checksum_type: Puppet[:supported_checksum_types])
+  def post_catalog(name, facts:, environment:, configured_environment: nil, check_environment: false, transaction_uuid: nil, job_uuid: nil, static_catalog: true, checksum_type: Puppet[:supported_checksum_types])
     if Puppet[:preferred_serialization_format] == "pson"
       formatter = Puppet::Network::FormatHandler.format_for(:pson)
       # must use 'pson' instead of 'text/pson'
@@ -93,6 +97,7 @@ class Puppet::HTTP::Service::Compiler < Puppet::HTTP::Service
       facts: Puppet::Util.uri_query_encode(facts_as_string),
       environment: environment,
       configured_environment: configured_environment || environment,
+      check_environment: !!check_environment,
       transaction_uuid: transaction_uuid,
       job_uuid: job_uuid,
       static_catalog: static_catalog,

data/lib/puppet/indirector/catalog/compiler.rb

@@ -53,8 +53,22 @@ class Puppet::Resource::Catalog::Compiler < Puppet::Indirector::Code
     node.trusted_data = Puppet.lookup(:trusted_information) { Puppet::Context::TrustedInformation.local(node) }.to_h
 
     if node.environment
+      # If the requested environment doesn't match the server specified environment,
+      # as determined by the node terminus, and the request wants us to check for an
+      # environment mismatch, then return an empty catalog with the server-specified
+      # enviroment.
+      if request.remote? && request.options[:check_environment] && node.environment != request.environment
+        return Puppet::Resource::Catalog.new(node.name, node.environment)
+      end
+
       node.environment.with_text_domain do
-        compile(node, request.options)
+        envs = Puppet.lookup(:environments)
+        envs.guard(node.environment.name)
+        begin
+          compile(node, request.options)
+        ensure
+          envs.unguard(node.environment.name)
+        end
       end
     else
       compile(node, request.options)
@@ -78,6 +92,10 @@ class Puppet::Resource::Catalog::Compiler < Puppet::Indirector::Code
     Puppet.run_mode.server?
   end
 
+  def require_environment?
+    false
+  end
+
   private
 
   # @param facts [String] facts in a wire format for decoding
@@ -154,7 +172,7 @@ class Puppet::Resource::Catalog::Compiler < Puppet::Indirector::Code
     location = Puppet::Module::FILETYPES['files']
 
     !!(source_as_uri.path =~ /^\/modules\// &&
-       metadata.full_path =~ /#{environment_path}[^\/]+\/[^\/]+\/#{location}\/.+/)
+       metadata.full_path =~ /#{environment_path}\/[^\/]+\/[^\/]+\/#{location}\/.+/)
   end
 
   # Helper method to log file resources that could not be inlined because they
@@ -173,7 +191,7 @@ class Puppet::Resource::Catalog::Compiler < Puppet::Indirector::Code
   # Inline file metadata for static catalogs
   # Initially restricted to files sourced from codedir via puppet:/// uri.
   def inline_metadata(catalog, checksum_type)
-    environment_path = Pathname.new File.join(Puppet[:environmentpath], catalog.environment, "")
+    environment_path = Pathname.new File.join(Puppet[:environmentpath], catalog.environment)
     environment_path = Puppet::Environments::Directories.real_path(environment_path)
     list_of_resources = catalog.resources.find_all { |res| res.type == "File" }
 
@@ -415,17 +433,17 @@ class Puppet::Resource::Catalog::Compiler < Puppet::Indirector::Code
       "serverip"  => "ipaddress",
       "serverip6" => "ipaddress6"
     }.each do |var, fact|
-      value = Facter.value(fact)
+      value = Puppet.runtime[:facter].value(fact)
       if !value.nil?
         @server_facts[var] = value
       end
     end
 
     if @server_facts["servername"].nil?
-      host = Facter.value(:hostname)
+      host = Puppet.runtime[:facter].value(:hostname)
       if host.nil?
         Puppet.warning _("Could not retrieve fact servername")
-      elsif domain = Facter.value(:domain) #rubocop:disable Lint/AssignmentInCondition
+      elsif domain = Puppet.runtime[:facter].value(:domain) #rubocop:disable Lint/AssignmentInCondition
         @server_facts["servername"] = [host, domain].join(".")
       else
         @server_facts["servername"] = host