puppet 8.8.1-universal-darwin → 8.10.0-universal-darwin

data/lib/puppet/scheduler/splay_job.rb

@@ -2,10 +2,10 @@
 
 module Puppet::Scheduler
   class SplayJob < Job
-    attr_reader :splay
+    attr_reader :splay, :splay_limit
 
     def initialize(run_interval, splay_limit, &block)
-      @splay = calculate_splay(splay_limit)
+      @splay, @splay_limit = calculate_splay(splay_limit)
       super(run_interval, &block)
     end
 
@@ -25,10 +25,21 @@ module Puppet::Scheduler
       end
     end
 
+    # Recalculates splay.
+    #
+    # @param splay_limit [Integer] the maximum time (in seconds) to delay before an agent's first run.
+    # @return @splay [Integer] a random integer less than or equal to the splay limit that represents the seconds to
+    # delay before next agent run.
+    def splay_limit=(splay_limit)
+      if @splay_limit != splay_limit
+        @splay, @splay_limit = calculate_splay(splay_limit)
+      end
+    end
+
     private
 
     def calculate_splay(limit)
-      rand(limit + 1)
+      [rand(limit + 1), limit]
     end
   end
 end

data/lib/puppet/settings.rb

@@ -81,11 +81,11 @@ class Puppet::Settings
   end
 
   def self.hostname_fact
-    Puppet.runtime[:facter].value 'networking.hostname'
+    Puppet.runtime[:facter].value('networking.hostname')
   end
 
   def self.domain_fact
-    Puppet.runtime[:facter].value 'networking.domain'
+    Puppet.runtime[:facter].value('networking.domain')
   end
 
   def self.default_config_file_name

data/lib/puppet/ssl/state_machine.rb

@@ -358,7 +358,7 @@ class Puppet::SSL::StateMachine
         Wait.new(@machine)
       else
         to_error(_("Failed to retrieve certificate for %{certname}: %{message}") %
-                 { certname: Puppet[:certname], message: e.response.message }, e)
+                 { certname: Puppet[:certname], message: e.message }, e)
       end
     end
   end
@@ -391,7 +391,7 @@ class Puppet::SSL::StateMachine
       end
       Done.new(@machine, @ssl_context)
     rescue => e
-      Puppet.warning(_("Unable to automatically renew certificate: %{message}") % { message: e })
+      Puppet.warning(_("Unable to automatically renew certificate: %{message}") % { message: e.message })
       Done.new(@machine, @ssl_context)
     end
   end

data/lib/puppet/transaction/resource_harness.rb

@@ -235,9 +235,13 @@ class Puppet::Transaction::ResourceHarness
   end
 
   def noop(event, param, current_value, audit_message)
-    event.message = param.format(_("current_value %s, should be %s (noop)"),
-                                 param.is_to_s(current_value),
-                                 param.should_to_s(param.should)) + audit_message.to_s
+    if param.sensitive
+      event.message = param.format(_("current_value %s, should be %s (noop)"),
+                                   param.is_to_s(current_value),
+                                   param.should_to_s(param.should)) + audit_message.to_s
+    else
+      event.message = "#{param.change_to_s(current_value, param.should)} (noop)#{audit_message}"
+    end
     event.status = "noop"
   end
 

data/lib/puppet/type/exec.rb

@@ -437,13 +437,12 @@ module Puppet
         actually contain `myfile`, the exec will keep running every time
         Puppet runs.
 
-        This parameter can also take an array of files and the command will
-        not run if **any** of these files exist. For example:
+        This parameter can also take an array of files, and the command will
+        not run if **any** of these files exist. Consider this example:
 
             creates => ['/tmp/file1', '/tmp/file2'],
 
-        will only run the command if both files don't exist.
-
+        The command is only run if both files don't exist.
       EOT
 
       accept_arrays

data/lib/puppet/type/file/checksum.rb

@@ -7,11 +7,13 @@ require_relative '../../../puppet/util/checksums'
 Puppet::Type.type(:file).newparam(:checksum) do
   include Puppet::Util::Checksums
 
+  # The default is defined in Puppet.default_digest_algorithm
   desc "The checksum type to use when determining whether to replace a file's contents.
 
-    The default checksum type is #{Puppet.default_digest_algorithm}."
+    The default checksum type is sha256."
 
-  newvalues(*Puppet::Util::Checksums.known_checksum_types)
+  # The values are defined in Puppet::Util::Checksums.known_checksum_types
+  newvalues(:sha256, :sha256lite, :md5, :md5lite, :sha1, :sha1lite, :sha512, :sha384, :sha224, :mtime, :ctime, :none)
 
   defaultto do
     Puppet[:digest_algorithm].to_sym

data/lib/puppet/type/file/ctime.rb

@@ -2,9 +2,9 @@
 
 module Puppet
   Puppet::Type.type(:file).newproperty(:ctime) do
-    desc %q(A read-only state to check the file ctime. On most modern \*nix-like
+    desc "A read-only state to check the file ctime. On most modern \*nix-like
       systems, this is the time of the most recent change to the owner, group,
-      permissions, or content of the file.)
+      permissions, or content of the file."
 
     def retrieve
       current_value = :absent

data/lib/puppet/type/file/mtime.rb

@@ -2,8 +2,8 @@
 
 module Puppet
   Puppet::Type.type(:file).newproperty(:mtime) do
-    desc %q(A read-only state to check the file mtime. On \*nix-like systems, this
-      is the time of the most recent change to the content of the file.)
+    desc "A read-only state to check the file mtime. On \*nix-like systems, this
+      is the time of the most recent change to the content of the file."
 
     def retrieve
       current_value = :absent

data/lib/puppet/type/file/selcontext.rb

@@ -45,7 +45,7 @@ module Puppet
         return nil
       end
 
-      context = get_selinux_default_context_with_handle(@resource[:path], provider.class.selinux_handle)
+      context = get_selinux_default_context_with_handle(@resource[:path], provider.class.selinux_handle, @resource[:ensure])
       unless context
         return nil
       end
@@ -86,7 +86,7 @@ module Puppet
   end
 
   Puppet::Type.type(:file).newparam(:selinux_ignore_defaults) do
-    desc "If this is set then Puppet will not ask SELinux (via selabel_lookup) to
+    desc "If this is set, Puppet will not call the SELinux function selabel_lookup to
       supply defaults for the SELinux attributes (seluser, selrole,
       seltype, and selrange). In general, you should leave this set at its
       default and only set it to true when you need Puppet to not try to fix
@@ -99,7 +99,7 @@ module Puppet
   Puppet::Type.type(:file).newproperty(:seluser, :parent => Puppet::SELFileContext) do
     desc "What the SELinux user component of the context of the file should be.
       Any valid SELinux user component is accepted.  For example `user_u`.
-      If not specified it defaults to the value returned by selabel_lookup for
+      If not specified, it defaults to the value returned by selabel_lookup for
       the file, if any exists.  Only valid on systems with SELinux support
       enabled."
 
@@ -110,7 +110,7 @@ module Puppet
   Puppet::Type.type(:file).newproperty(:selrole, :parent => Puppet::SELFileContext) do
     desc "What the SELinux role component of the context of the file should be.
       Any valid SELinux role component is accepted.  For example `role_r`.
-      If not specified it defaults to the value returned by selabel_lookup for
+      If not specified, it defaults to the value returned by selabel_lookup for
       the file, if any exists.  Only valid on systems with SELinux support
       enabled."
 
@@ -121,7 +121,7 @@ module Puppet
   Puppet::Type.type(:file).newproperty(:seltype, :parent => Puppet::SELFileContext) do
     desc "What the SELinux type component of the context of the file should be.
       Any valid SELinux type component is accepted.  For example `tmp_t`.
-      If not specified it defaults to the value returned by selabel_lookup for
+      If not specified, it defaults to the value returned by selabel_lookup for
       the file, if any exists.  Only valid on systems with SELinux support
       enabled."
 
@@ -132,7 +132,7 @@ module Puppet
   Puppet::Type.type(:file).newproperty(:selrange, :parent => Puppet::SELFileContext) do
     desc "What the SELinux range component of the context of the file should be.
       Any valid SELinux range component is accepted.  For example `s0` or
-      `SystemHigh`.  If not specified it defaults to the value returned by
+      `SystemHigh`.  If not specified, it defaults to the value returned by
       selabel_lookup for the file, if any exists.  Only valid on systems with
       SELinux support enabled and that have support for MCS (Multi-Category
       Security)."

data/lib/puppet/type/package.rb

@@ -301,12 +301,13 @@ module Puppet
             command  => '/opt/ruby/bin/gem',
           }
 
-        Each provider defines a package management command; and uses the first
+        Each provider defines a package management command and uses the first
         instance of the command found in the PATH.
 
         Providers supporting the targetable feature allow you to specify the
-        absolute path of the package management command; useful when multiple
-        instances of the command are installed, or the command is not in the PATH.
+        absolute path of the package management command. Specifying the absolute
+        path is useful when multiple instances of the command are installed, or
+        the command is not in the PATH.
       EOT
 
       isnamevar

data/lib/puppet/type/tidy.rb

@@ -32,7 +32,9 @@ Puppet::Type.newtype(:tidy) do
 
   newparam(:recurse) do
     desc "If target is a directory, recursively descend
-      into the directory looking for files to tidy."
+      into the directory looking for files to tidy. Numeric values
+      specify a limit for the recursion depth, `true` means
+      unrestricted recursion."
 
     newvalues(:true, :false, :inf, /^[0-9]+$/)
 

data/lib/puppet/type/user.rb

@@ -231,7 +231,7 @@ module Puppet
         * OS X 10.8 and higher use salted SHA512 PBKDF2 hashes. When managing passwords
           on these systems, the `salt` and `iterations` attributes need to be specified as
           well as the password.
-        * macOS 10.15 and higher require the salt to be 32-bytes. Since Puppet's user
+        * macOS 10.15 and later require the salt to be 32 bytes. Because Puppet's user
           resource requires the value to be hex encoded, the length of the salt's
           string must be 64.
         * Windows passwords can be managed only in cleartext, because there is no Windows

data/lib/puppet/util/checksums.rb

@@ -9,6 +9,7 @@ require 'time'
 module Puppet::Util::Checksums
   module_function
 
+  # If you modify this, update puppet/type/file/checksum.rb too
   KNOWN_CHECKSUMS = [
     :sha256, :sha256lite,
     :md5, :md5lite,

data/lib/puppet/util/profiler/aggregate.rb

@@ -72,11 +72,11 @@ class Puppet::Util::Profiler::Aggregate < Puppet::Util::Profiler::WallClock
 
   class Timer
     def initialize
-      @start = Time.now
+      @start = Process.clock_gettime(Process::CLOCK_MONOTONIC, :float_second)
     end
 
     def stop
-      Time.now - @start
+      Process.clock_gettime(Process::CLOCK_MONOTONIC, :float_second) - @start
     end
   end
 end

data/lib/puppet/util/profiler/wall_clock.rb

@@ -21,11 +21,11 @@ class Puppet::Util::Profiler::WallClock < Puppet::Util::Profiler::Logging
     FOUR_DECIMAL_DIGITS = '%0.4f'
 
     def initialize
-      @start = Time.now
+      @start = Process.clock_gettime(Process::CLOCK_MONOTONIC, :float_second)
     end
 
     def stop
-      @time = Time.now - @start
+      @time = Process.clock_gettime(Process::CLOCK_MONOTONIC, :float_second) - @start
       @time
     end
 

data/lib/puppet/util/reference.rb

@@ -84,7 +84,6 @@ class Puppet::Util::Reference
   def to_markdown(withcontents = true)
     # First the header
     text = markdown_header(@title, 1)
-    text << _("\n\n**This page is autogenerated; any changes will get overwritten**\n\n")
 
     text << @header
 

data/lib/puppet/util/selinux.rb

@@ -55,24 +55,16 @@ module Puppet::Util::SELinux
 
     # If the file exists we should pass the mode to matchpathcon for the most specific
     # matching.  If not, we can pass a mode of 0.
-    begin
-      filestat = file_lstat(file)
-      mode = filestat.mode
-    rescue Errno::EACCES
-      mode = 0
-    rescue Errno::ENOENT
-      if resource_ensure
-        mode = get_create_mode(resource_ensure)
-      else
-        mode = 0
-      end
-    end
+    mode = file_mode(file, resource_ensure)
 
     retval = Selinux.matchpathcon(file, mode)
     retval == -1 ? nil : retval[1]
   end
 
-  def get_selinux_default_context_with_handle(file, handle)
+  # Retrieve and return the default context of the file using an selinux handle.
+  # If we don't have SELinux support or if the SELinux call fails to file a
+  # default then return nil.
+  def get_selinux_default_context_with_handle(file, handle, resource_ensure = nil)
     return nil unless selinux_support?
     # If the filesystem has no support for SELinux labels, return a default of nil
     # instead of what selabel_lookup would return
@@ -81,7 +73,11 @@ module Puppet::Util::SELinux
     # Handle is needed for selabel_lookup
     raise ArgumentError, _("Cannot get default context with nil handle") unless handle
 
-    retval = Selinux.selabel_lookup(handle, file, 0)
+    # If the file exists we should pass the mode to selabel_lookup for the most specific
+    # matching.  If not, we can pass a mode of 0.
+    mode = file_mode(file, resource_ensure)
+
+    retval = Selinux.selabel_lookup(handle, file, mode)
     retval == -1 ? nil : retval[1]
   end
 
@@ -245,6 +241,22 @@ module Puppet::Util::SELinux
     mode
   end
 
+  # If the file/directory/symlink exists, return its mode. Otherwise, get the default mode
+  # that should be used to create the file/directory/symlink taking into account the desired
+  # file type specified in +resource_ensure+.
+  def file_mode(file, resource_ensure)
+    filestat = file_lstat(file)
+    filestat.mode
+  rescue Errno::EACCES
+    0
+  rescue Errno::ENOENT
+    if resource_ensure
+      get_create_mode(resource_ensure)
+    else
+      0
+    end
+  end
+
   # Internal helper function to read and parse /proc/mounts
   def read_mounts
     mounts = ''.dup

data/lib/puppet/version.rb

@@ -8,7 +8,7 @@
 # Raketasks and such to set the version based on the output of `git describe`
 
 module Puppet
-  PUPPETVERSION = '8.8.1'
+  PUPPETVERSION = '8.10.0'
 
   ##
   # version is a public API method intended to always provide a fast and

data/lib/puppet.rb

@@ -237,7 +237,11 @@ module Puppet
       :ssl_context => proc { Puppet.runtime[:http].default_ssl_context },
       :http_session => proc { Puppet.runtime[:http].create_session },
       :plugins => proc { Puppet::Plugins::Configuration.load_plugins },
-      :rich_data => false
+      :rich_data => Puppet[:rich_data],
+      # `stringify_rich` controls whether `rich_data` is stringified into a lossy format
+      # instead of a lossless format. Catalogs should not be stringified, though to_yaml
+      # and the resource application have uses for a lossy, user friendly format.
+      :stringify_rich => false
     }
   end