puppet 7.8.0 → 7.9.0

data/lib/puppet/indirector/resource/ral.rb

@@ -24,7 +24,12 @@ class Puppet::Resource::Ral < Puppet::Indirector::Code
     type(request).instances.map do |res|
       res.to_resource
     end.find_all do |res|
-      conditions.all? {|property, value| res.to_resource[property].to_s == value.to_s}
+      conditions.all? do |property, value|
+        # even though `res` is an instance of Puppet::Resource, calling
+        # `res[:name]` on it returns nil, and for some reason it is necessary
+        # to invoke the Puppet::Resource#copy_as_resource copy constructor...
+        res.copy_as_resource[property].to_s == value.to_s
+      end
     end.sort_by(&:title)
   end
 

data/lib/puppet/interface/documentation.rb

@@ -76,6 +76,7 @@ class Puppet::Interface
         s.text(" ")
 
         options.each do |option|
+          next if option == :extra
           option = get_option(option)
           wrap = option.required? ? %w{ < > } : %w{ [ ] }
 

data/lib/puppet/module_tool/applications/installer.rb

@@ -59,6 +59,10 @@ module Puppet::ModuleTool
         results = { :action => :install, :module_name => name, :module_version => version }
 
         begin
+          if !@local_tarball && name !~ /-/
+            raise InvalidModuleNameError.new(module_name: @name, suggestion: "puppetlabs-#{@name}", action: :install)
+          end
+
           installed_module = installed_modules[name]
           if installed_module
             unless forced?

data/lib/puppet/module_tool/errors/shared.rb

@@ -127,6 +127,23 @@ module Puppet::ModuleTool::Errors
     end
   end
 
+  class InvalidModuleNameError < ModuleToolError
+    def initialize(options)
+      @module_name = options[:module_name]
+      @suggestion = options[:suggestion]
+      @action = options[:action]
+      super _("Could not %{action} '%{module_name}', did you mean '%{suggestion}'?") % { action: @action, module_name: @module_name, suggestion: @suggestion }
+    end
+
+    def multiline
+      message = []
+      message << _("Could not %{action} module '%{module_name}'") % { action: @action, module_name: @module_name }
+      message << _("  The name '%{module_name}' is invalid") % { module_name: @module_name }
+      message << _("    Did you mean `puppet module %{action} %{suggestion}`?") % { action: @action, suggestion: @suggestion }
+      message.join("\n")
+    end
+  end
+
   class NotInstalledError < ModuleToolError
     def initialize(options)
       @module_name = options[:module_name]

data/lib/puppet/module_tool/tar/mini.rb

@@ -107,7 +107,7 @@ class Puppet::ModuleTool::Tar::Mini
       raise Puppet::ModuleTool::Errors::InvalidPathInPackageError, :entry_path => path, :directory => destdir
     end
 
-    path = File.expand_path File.join(destdir, path)
+    path = Pathname.new(File.join(destdir, path)).cleanpath.to_path
 
     if path !~ /\A#{Regexp.escape destdir}/
       raise Puppet::ModuleTool::Errors::InvalidPathInPackageError, :entry_path => path, :directory => destdir

data/lib/puppet/pops/types/type_mismatch_describer.rb

@@ -640,7 +640,7 @@ module Types
           result = ["#{label} expects (#{signature_string(sig)})"]
           result.concat(error_arrays[0].map { |e| "  rejected:#{e.chop_path(0).format}" })
         else
-          result = ["#{label} expects one of:"]
+          result = ["The function #{label} was called with arguments it does not accept. It expects one of:"]
           signatures.each_with_index do |sg, index|
             result << "  (#{signature_string(sg)})"
             result.concat(error_arrays[index].map { |e| "    rejected:#{e.chop_path(0).format}" })

data/lib/puppet/provider/exec/posix.rb

@@ -6,10 +6,22 @@ Puppet::Type.type(:exec).provide :posix, :parent => Puppet::Provider::Exec do
   defaultfor :feature => :posix
 
   desc <<-EOT
-    Executes external binaries directly, without passing through a shell or
-    performing any interpolation. This is a safer and more predictable way
-    to execute most commands, but prevents the use of globbing and shell
-    built-ins (including control logic like "for" and "if" statements).
+    Executes external binaries by invoking Ruby's `Kernel.exec`.
+    When the command is a string, it will be executed directly,
+    without a shell, if it follows these rules:
+     - no meta characters
+     - no shell reserved word and no special built-in
+
+    When the command is an Array of Strings, passed as `[cmdname, arg1, ...]`
+    it will be executed directly(the first element is taken as a command name
+    and the rest are passed as parameters to command with no shell expansion)
+    This is a safer and more predictable way to execute most commands,
+    but prevents the use of globbing and shell built-ins (including control
+    logic like "for" and "if" statements).
+
+    If the use of globbing and shell built-ins is desired, please check
+    the `shell` provider
+
   EOT
 
   # Verify that we have the executable

data/lib/puppet/provider/package/pip.rb

@@ -126,7 +126,7 @@ Puppet::Type.type(:package).provide :pip, :parent => ::Puppet::Provider::Package
     if self.class.compare_pip_versions(command_version, '1.5.4') == -1
       available_versions_with_old_pip.last
     else
-      available_versions_with_new_pip.last
+      available_versions_with_new_pip(command_version).last
     end
   end
 
@@ -149,15 +149,17 @@ Puppet::Type.type(:package).provide :pip, :parent => ::Puppet::Provider::Package
     if self.class.compare_pip_versions(command_version, '1.5.4') == -1
       available_versions_with_old_pip
     else
-      available_versions_with_new_pip
+      available_versions_with_new_pip(command_version)
     end
   end
 
-  def available_versions_with_new_pip
+  def available_versions_with_new_pip(command_version)
     command = resource_or_provider_command
     self.class.validate_command(command)
 
     command_and_options = [self.class.quote(command), 'install', "#{@resource[:name]}==versionplease"]
+    extra_arg = list_extra_flags(command_version)
+    command_and_options << extra_arg if extra_arg
     command_and_options << install_options if @resource[:install_options]
     execpipe command_and_options do |process|
       process.collect do |line|
@@ -328,4 +330,14 @@ Puppet::Type.type(:package).provide :pip, :parent => ::Puppet::Provider::Package
       path
     end
   end
+
+  private
+
+  def list_extra_flags(command_version)
+    klass = self.class
+    if klass.compare_pip_versions(command_version, '20.2.4') == 1 &&
+      klass.compare_pip_versions(command_version, '21.1') == -1
+      '--use-deprecated=legacy-resolver'
+    end
+  end
 end

data/lib/puppet/provider/package/windows.rb

@@ -30,6 +30,19 @@ Puppet::Type.type(:package).provide(:windows, :parent => Puppet::Provider::Packa
   has_feature :versionable
 
   attr_accessor :package
+  class << self
+    attr_accessor :paths
+  end
+
+  def self.post_resource_eval
+    @paths.each do |path|
+      begin
+        Puppet::FileSystem.unlink(path)
+      rescue => detail
+        raise Puppet::Error.new(_("Error when unlinking %{path}: %{detail}") % { path: path ,detail: detail.message}, detail)
+      end
+    end if @paths
+  end
 
   # Return an array of provider instances
   def self.instances
@@ -64,7 +77,7 @@ Puppet::Type.type(:package).provide(:windows, :parent => Puppet::Provider::Packa
 
     command = [installer.install_command(resource), install_options].flatten.compact.join(' ')
     working_dir = File.dirname(resource[:source])
-    if !Puppet::FileSystem.exist?(working_dir) && resource[:source] =~ /\.msi"?\Z/i
+    unless Puppet::FileSystem.exist?(working_dir)
       working_dir = nil
     end
     output = execute(command, :failonfail => false, :combine => true, :cwd => working_dir, :suppress_window => true)

data/lib/puppet/provider/package/windows/exe_package.rb

@@ -17,6 +17,11 @@ class Puppet::Provider::Package::Windows
       'WindowsInstaller',
     ]
 
+    def self.register(path)
+      Puppet::Type::Package::ProviderWindows.paths ||= []
+      Puppet::Type::Package::ProviderWindows.paths << path
+    end
+
     # Return an instance of the package from the registry, or nil
     def self.from_registry(name, values)
       if valid?(name, values)
@@ -55,7 +60,31 @@ class Puppet::Provider::Package::Windows
     end
 
     def self.install_command(resource)
-      munge(resource[:source])
+      file_location = resource[:source]
+      if file_location.start_with?('http://', 'https://')
+        tempfile = Tempfile.new(['','.exe'])
+        begin
+          uri = URI(Puppet::Util.uri_encode(file_location))
+          client = Puppet.runtime[:http]
+          client.get(uri, options: { include_system_store: true }) do |response|
+            raise Puppet::HTTP::ResponseError.new(response) unless response.success?
+
+            File.open(tempfile.path, 'wb') do |file|
+              response.read_body do |data|
+                file.write(data)
+              end
+            end
+          end
+        rescue => detail
+          raise Puppet::Error.new(_("Error when installing %{package}: %{detail}") % { package: resource[:name] ,detail: detail.message}, detail)
+        ensure
+          self.register(tempfile.path)
+          tempfile.close()
+          file_location = tempfile.path
+        end
+      end
+
+      munge(file_location)
     end
 
     def uninstall_command

data/lib/puppet/provider/package/windows/package.rb

@@ -67,7 +67,8 @@ class Puppet::Provider::Package::Windows
         # REMIND: what about msp, etc
         MsiPackage
       when /\.exe"?\Z/i
-        fail(_("The source does not exist: '%{source}'") % { source: resource[:source] }) unless Puppet::FileSystem.exist?(resource[:source])
+        fail(_("The source does not exist: '%{source}'") % { source: resource[:source] }) unless
+          Puppet::FileSystem.exist?(resource[:source]) || resource[:source].start_with?('http://', 'https://')
         ExePackage
       else
         fail(_("Don't know how to install '%{source}'") % { source: resource[:source] })

data/lib/puppet/provider/parsedfile.rb

@@ -280,6 +280,9 @@ class Puppet::Provider::ParsedFile < Puppet::Provider
   def self.prefetch_target(target)
     begin
       target_records = retrieve(target)
+      unless target_records
+        raise Puppet::DevError, _("Prefetching %{target} for provider %{name} returned nil") % { target: target, name: self.name }
+      end
     rescue Puppet::Util::FileType::FileReadError => detail
       if @raise_prefetch_errors
         # We will raise an error later in flush_target. This way,

data/lib/puppet/resource/type_collection.rb

@@ -61,6 +61,7 @@ class Puppet::Resource::TypeCollection
   def add_hostclass(instance)
     handle_hostclass_merge(instance)
     dupe_check(instance, @hostclasses) { |dupe| _("Class '%{klass}' is already defined%{error}; cannot redefine") % { klass: instance.name, error: dupe.error_context } }
+    dupe_check(instance, @nodes)       { |dupe| _("Node '%{klass}' is already defined%{error}; cannot be redefined as a class") % { klass: instance.name, error: dupe.error_context } }
     dupe_check(instance, @definitions) { |dupe| _("Definition '%{klass}' is already defined%{error}; cannot be redefined as a class") % { klass: instance.name, error: dupe.error_context } }
 
     @hostclasses[instance.name] = instance
@@ -93,6 +94,7 @@ class Puppet::Resource::TypeCollection
 
   def add_node(instance)
     dupe_check(instance, @nodes) { |dupe| _("Node '%{name}' is already defined%{error}; cannot redefine") % { name: instance.name, error: dupe.error_context } }
+    dupe_check(instance, @hostclasses) { |dupe| _("Class '%{klass}' is already defined%{error}; cannot be redefined as a node") % { klass: instance.name, error: dupe.error_context } }
 
     @node_list << instance
     @nodes[instance.name] = instance

data/lib/puppet/settings.rb

@@ -868,7 +868,11 @@ class Puppet::Settings
     if self[:user]
       user = Puppet::Type.type(:user).new :name => self[:user], :audit => :ensure
 
-      @service_user_available = user.exists?
+      if user.suitable?
+        @service_user_available = user.exists?
+      else
+        raise Puppet::Error, (_("Cannot manage owner permissions, because the provider for '%{name}' is not functional") % { name: user })
+      end
     else
       @service_user_available = false
     end
@@ -880,7 +884,11 @@ class Puppet::Settings
     if self[:group]
       group = Puppet::Type.type(:group).new :name => self[:group], :audit => :ensure
 
-      @service_group_available = group.exists?
+      if group.suitable?
+        @service_group_available = group.exists?
+      else
+        raise Puppet::Error, (_("Cannot manage group permissions, because the provider for '%{name}' is not functional") % { name: group })
+      end
     else
       @service_group_available = false
     end
@@ -889,9 +897,16 @@ class Puppet::Settings
   # Allow later inspection to determine if the setting was set on the
   # command line, or through some other code path.  Used for the
   # `dns_alt_names` option during cert generate. --daniel 2011-10-18
-  def set_by_cli?(param)
+  #
+  # @param param [String, Symbol] the setting to look up
+  # @return [Object, nil] the value of the setting or nil if unset
+  def set_by_cli(param)
     param = param.to_sym
-    !@value_sets[:cli].lookup(param).nil?
+    @value_sets[:cli].lookup(param)
+  end
+
+  def set_by_cli?(param)
+    !!set_by_cli(param)
   end
 
   # Get values from a search path entry.
@@ -924,9 +939,13 @@ class Puppet::Settings
     end
   end
 
-  # Allow later inspection to determine if the setting was set by user
-  # config, rather than a default setting.
-  def set_in_section?(param, section)
+  # Allow later inspection to determine if the setting was set in a specific
+  # section
+  #
+  # @param param [String, Symbol] the setting to look up
+  # @param section [Symbol] the section in which to look up the setting
+  # @return [Object, nil] the value of the setting or nil if unset
+  def set_in_section(param, section)
     param = param.to_sym
     vals = searchpath_values(SearchPathElement.new(section, :section))
     if vals
@@ -934,6 +953,10 @@ class Puppet::Settings
     end
   end
 
+  def set_in_section?(param, section)
+    !!set_in_section(param, section)
+  end
+
   # Patches the value for a param in a section.
   # This method is required to support the use case of unifying --dns-alt-names and
   # --dns_alt_names in the certificate face. Ideally this should be cleaned up.

data/lib/puppet/settings/config_file.rb

@@ -98,14 +98,7 @@ private
 
   def parse_setting(setting, section)
     var = setting.name.intern
-
-    # We don't want to munge modes, because they're specified in octal, so we'll
-    # just leave them as a String, since Puppet handles that case correctly.
-    if var == :mode
-      value = setting.value
-    else
-      value = @value_converter[setting.value]
-    end
+    value = @value_converter[setting.value]
 
     # Check to see if this is a file argument and it has extra options
     begin

data/lib/puppet/settings/value_translator.rb

@@ -5,7 +5,6 @@ class Puppet::Settings::ValueTranslator
     return case value
       when /^false$/i; false
       when /^true$/i; true
-      when /^\d+$/i; Integer(value)
       when true; true
       when false; false
       else

data/lib/puppet/type/exec.rb

@@ -201,7 +201,9 @@ module Puppet
         only uses the resource title to ensure `exec`s are unique."
 
       validate do |command|
-        raise ArgumentError, _("Command must be a String, got value of class %{klass}") % { klass: command.class } unless command.is_a? String
+        unless command.is_a?(String) || command.is_a?(Array)
+          raise ArgumentError, _("Command must be a String or Array<String>, got value of class %{klass}") % { klass: command.class }
+        end
       end
     end
 
@@ -458,6 +460,10 @@ module Puppet
 
             unless => ['test -f /tmp/file1', 'test -f /tmp/file2'],
 
+        or an array of arrays. For example:
+
+            unless => [['test', '-f', '/tmp/file1'], 'test -f /tmp/file2']
+
         This `exec` would only run if every command in the array has a
         non-zero exit code.
       EOT
@@ -514,6 +520,10 @@ module Puppet
 
             onlyif => ['test -f /tmp/file1', 'test -f /tmp/file2'],
 
+        or an array of arrays. For example:
+
+            onlyif => [['test', '-f', '/tmp/file1'], 'test -f /tmp/file2']
+
         This `exec` would only run if every command in the array has an
         exit code of 0 (success).
       EOT
@@ -562,12 +572,14 @@ module Puppet
       reqs << self[:cwd] if self[:cwd]
 
       file_regex = Puppet::Util::Platform.windows? ? %r{^([a-zA-Z]:[\\/]\S+)} : %r{^(/\S+)}
+      cmd = self[:command]
+      cmd = cmd[0] if cmd.is_a? Array
 
-      self[:command].scan(file_regex) { |str|
+      cmd.scan(file_regex) { |str|
         reqs << str
       }
 
-      self[:command].scan(/^"([^"]+)"/) { |str|
+      cmd.scan(/^"([^"]+)"/) { |str|
         reqs << str
       }
 
@@ -583,6 +595,7 @@ module Puppet
           # fully qualified.  It might not be a bad idea to add
           # unqualified files, but, well, that's a bit more annoying
           # to do.
+          line = line[0] if line.is_a? Array
           reqs += line.scan(file_regex)
         end
       }

data/lib/puppet/type/file/mode.rb

@@ -90,9 +90,15 @@ module Puppet
         raise Puppet::Error, "The file mode specification is invalid: #{value.inspect}"
       end
 
+      # normalizes to symbolic form, e.g. u+a, an octal string without leading 0
       normalize_symbolic_mode(value)
     end
 
+    unmunge do |value|
+      # return symbolic form or octal string *with* leading 0's
+      display_mode(value) if value
+    end
+
     def desired_mode_from_current(desired, current)
       current = current.to_i(8) if current.is_a? String
       is_a_directory = @resource.stat && @resource.stat.directory?

data/lib/puppet/type/tidy.rb

@@ -144,7 +144,7 @@ Puppet::Type.newtype(:tidy) do
 
     def tidy?(path, stat)
       # If the file's older than we allow, we should get rid of it.
-      (Time.now.to_i - stat.send(resource[:type]).to_i) > value
+      (Time.now.to_i - stat.send(resource[:type]).to_i) >= value
     end
 
     munge do |age|