puppet 8.8.1 → 8.10.0

data/lib/puppet/defaults.rb

@@ -7,6 +7,7 @@ module Puppet
     '-u'
   end
 
+  # If you modify this, update puppet/type/file/checksum.rb too
   def self.default_digest_algorithm
     'sha256'
   end
@@ -161,8 +162,8 @@ module Puppet
     :skip_logging_catalog_request_destination => {
       :default => false,
       :type    => :boolean,
-      :desc    => "If you wish to suppress the notice of which compiler supplied the
-        catalog",
+      :desc => "Specifies whether to suppress the notice of which compiler
+        supplied the catalog. A value of `true` suppresses the notice.",
     },
     :merge_dependency_warnings => {
       :default => false,
@@ -417,13 +418,15 @@ module Puppet
       :type     => :boolean,
       :default  => true,
       :desc     => <<-'EOT'
-      When versioned_environment_dirs is `true` Puppet will readlink the environmentpath
-      when constructing the environment's modulepath. The full readlinked path is referred
-      to as the "resolved path" and the configured path potentially containing symlinks is
-      the "configured path". When reporting where resources come from users may choose
-      between the configured or resolved path.
-
-      When set to false, the resolved paths are reported instead of the configured paths.
+      Specifies how environment paths are reported. When the value of
+      `versioned_environment_dirs` is `true`, Puppet applies the readlink function to
+      the `environmentpath` setting when constructing the environment's modulepath. The
+      full readlinked path is referred to as the "resolved path," and the configured
+      path potentially containing symlinks is the "configured path." When reporting
+      where resources come from, users may choose between the configured and resolved
+      path.
+
+      When set to `false`, the resolved paths are reported instead of the configured paths.
       EOT
     },
     :use_last_environment => {
@@ -1204,17 +1207,18 @@ EOT
     :ca_refresh_interval => {
       :default    => "1d",
       :type       => :duration,
-      :desc       => "How often the Puppet agent refreshes its local CA certs. By
-         default the CA certs are refreshed once every 24 hours. If a different
-         duration is specified, then the agent will refresh its CA certs whenever
-         it next runs and the elapsed time since the certs were last refreshed
-         exceeds the duration.
-
-         In general, the duration should be greater than the `runinterval`.
-         Setting it to 0 or an equal or lesser value than `runinterval`,
-         will cause the CA certs to be refreshed on every run.
-
-         If the agent downloads new CA certs, the agent will use it for subsequent
+      :desc       => "How often the Puppet agent refreshes its local CA
+         certificates. By default, CA certificates are refreshed every 24 hours. If a
+         different interval is specified, the agent refreshes its CA certificates during
+         the next agent run if the elapsed time since the certificates were last
+         refreshed exceeds the specified duration.
+
+         In general, the interval should be greater than the `runinterval`
+         value. Setting the `ca_refresh_interval` value to 0 or an equal or
+         lesser value than `runinterval` causes the CA certificates to be
+         refreshed on every run.
+
+         If the agent downloads new CA certs, the agent uses those for subsequent
          network requests. If the refresh request fails or if the CA certs are
          unchanged on the server, then the agent run will continue using the
          local CA certs it already has. #{AS_DURATION}",
@@ -1222,15 +1226,15 @@ EOT
     :crl_refresh_interval => {
       :default    => "1d",
       :type       => :duration,
-      :desc       => "How often the Puppet agent refreshes its local CRL. By
-         default the CRL is refreshed once every 24 hours. If a different
-         duration is specified, then the agent will refresh its CRL whenever
-         it next runs and the elapsed time since the CRL was last refreshed
-         exceeds the duration.
+      :desc       => "How often the Puppet agent refreshes its local Certificate
+         Revocation List (CRL). By default, the CRL is refreshed every 24 hours. If
+         a different interval is specified, the agent refreshes its CRL on the next
+         Puppet agent run if the elapsed time since the CRL was last refreshed
+         exceeds the specified interval.
 
-         In general, the duration should be greater than the `runinterval`.
-         Setting it to 0 or an equal or lesser value than `runinterval`,
-         will cause the CRL to be refreshed on every run.
+         In general, the interval should be greater than the `runinterval` value.
+         Setting the `crl_refresh_interval` value to 0 or an equal or lesser value
+         than `runinterval` causes the CRL to be refreshed on every run.
 
          If the agent downloads a new CRL, the agent will use it for subsequent
          network requests. If the refresh request fails or if the CRL is
@@ -1240,18 +1244,19 @@ EOT
     :hostcert_renewal_interval => {
       :default => "30d",
       :type    => :duration,
-      :desc    => "When the Puppet agent refreshes its client certificate.
-         By default the client certificate will refresh 30 days before the certificate
-         expires. If a different duration is specified, then the agent will refresh its
-         client certificate whenever it next runs and if the client certificate expires
-         within the duration specified.
+      :desc => "How often the Puppet agent renews its client certificate. By
+         default, the client certificate is renewed 30 days before the certificate
+         expires. If a different interval is specified, the agent renews its client
+         certificate during the next agent run, assuming that the client certificate has
+         expired within the specified duration.
 
-         In general, the duration should be greater than the `runinterval`.
-         Setting it to 0 will disable automatic renewal.
+         In general, the `hostcert_renewal_interval` value should be greater than the
+         `runinterval` value. Setting the `hostcert_renewal_interval` value to 0 disables
+         automatic renewal.
 
-         If the agent downloads a new certificate, the agent will use it for subsequent
-         network requests. If the refresh request fails, then the agent run will continue using the
-         certificate it already has. #{AS_DURATION}",
+         If the agent downloads a new certificate, the agent will use it
+         for subsequent network requests. If the refresh request fails, the agent run
+         continues to use its existing certificate. #{AS_DURATION}",
     },
     :keylength => {
       :default    => 4096,
@@ -1492,8 +1497,10 @@ EOT
     :exclude_unchanged_resources => {
       :default => true,
       :type => :boolean,
-      :desc => 'When set to true, resources that have had no changes after catalog application
-        will not have corresponding unchanged resource status updates listed in the report.'
+      :desc => "Specifies how unchanged resources are listed in reports. When
+        set to `true`, resources that have had no changes after catalog application
+        will not have corresponding unchanged resource status updates listed in a
+        report."
     },
     :reportdir => {
       :default => "$vardir/reports",
@@ -1745,11 +1752,12 @@ EOT
     :allow_pson_serialization => {
       :default    => false,
       :type       => :boolean,
-      :desc       => "Whether when unable to serialize to JSON or other formats,
-        Puppet falls back to PSON. This option affects both puppetserver's
-        configuration management service responses and when the agent saves its
-        cached catalog. This option is useful in preventing the loss of data because
-        rich data cannot be serialized via PSON.",
+      :desc => "Whether to allow PSON serialization. When unable to serialize to
+        JSON or other formats, Puppet falls back to PSON. This option affects the
+        configuration management service responses of Puppet Server and the process by
+        which the agent saves its cached catalog. With a default value of `false`, this
+        option is useful in preventing the loss of data because rich data cannot be
+        serialized via PSON.",
     },
     :agent_catalog_run_lockfile => {
       :default    => "$statedir/agent_catalog_run.lock",
@@ -1775,7 +1783,7 @@ EOT
       :type       => :boolean,
       :default    => false,
       :desc       => "Whether to include legacy facts when requesting a catalog. This
-        option can be set to false provided all puppet manifests, hiera.yaml and hiera
+        option can be set to `false` if all puppet manifests, hiera.yaml, and hiera
         configuration layers no longer access legacy facts, such as `$osfamily`, and
         instead access structured facts, such as `$facts['os']['family']`."
     },
@@ -1795,9 +1803,11 @@ EOT
       :desc       => "The soft limit for the number of top level facts.",
     },
     :number_of_facts_soft_limit => {
-      :default    => 2048,
+      :default    => 10_240,
       :type       => :integer,
-      :desc       => "The soft limit for the total number of facts.",
+      :desc       => "The soft limit for the total number of fact values. This counts the
+        child elements of all facts (e.g. all items of an array or a hash), not just top
+        level facts.",
     },
     :payload_soft_limit => {
       :default    => 16 * 1024 * 1024,
@@ -2091,12 +2101,12 @@ EOT
     :preprocess_deferred => {
       :default => false,
       :type => :boolean,
-      :desc => "Whether puppet should call deferred functions before applying
-        the catalog. If set to `true`, then all prerequisites needed for the
-        deferred function must be satisfied prior to puppet running. If set to
-        `false`, then deferred functions will follow puppet relationships and
-        ordering. This allows puppet to install prerequisites needed for a
-        deferred function and call the deferred function in the same run."
+      :desc => "Whether Puppet should call deferred functions before applying
+        the catalog. If set to `true`, all prerequisites required for the
+        deferred function must be satisfied before the Puppet run. If set to
+        `false`, deferred functions follow Puppet relationships and
+        ordering. In this way, Puppet can install the prerequisites required for a
+        deferred function and call the deferred function in the same run.",
     },
     :summarize => {
         :default  => false,
@@ -2118,10 +2128,12 @@ EOT
           can produce node information. The command must:
 
           * Take the name of a node as a command-line argument.
+
           * Return a YAML hash with up to three keys:
             * `classes` --- A list of classes, as an array or hash.
             * `environment` --- A string.
             * `parameters` --- A list of top-scope variables to set, as a hash.
+
           * For unknown nodes, exit with a non-zero exit code.
 
           Generally, an ENC script makes requests to an external data source.

data/lib/puppet/face/catalog.rb

@@ -25,13 +25,27 @@ Puppet::Indirector::Face.define(:catalog, '0.0.1') do
 
   deactivate_action(:destroy)
   deactivate_action(:search)
-  find = get_action(:find)
-  find.summary "Retrieve the catalog for the node from which the command is run."
-  find.arguments "<certname>"
-  find.returns <<-'EOT'
-    A serialized catalog. When used from the Ruby API, returns a
-    Puppet::Resource::Catalog object.
-  EOT
+  action(:find) do
+    summary _("Retrieve the catalog for the node from which the command is run.")
+    arguments "<certname>, <facts>"
+    option("--facts_for_catalog") do
+      summary _("Not implemented for the CLI; facts are collected internally.")
+    end
+    returns <<-'EOT'
+      A serialized catalog. When used from the Ruby API, returns a
+      Puppet::Resource::Catalog object.
+    EOT
+
+    when_invoked do |*args|
+      # Default the key to Puppet[:certname] if none is supplied
+      if args.length == 1
+        key = Puppet[:certname]
+      else
+        key = args.shift
+      end
+      call_indirection_method :find, key, args.first
+    end
+  end
 
   action(:apply) do
     summary "Find and apply a catalog."
@@ -135,9 +149,11 @@ Puppet::Indirector::Face.define(:catalog, '0.0.1') do
     when_invoked do |_options|
       Puppet::Resource::Catalog.indirection.terminus_class = :rest
       Puppet::Resource::Catalog.indirection.cache_class = nil
+      facts = Puppet::Face[:facts, '0.0.1'].find(Puppet[:certname])
       catalog = nil
       retrieval_duration = thinmark do
-        catalog = Puppet::Face[:catalog, '0.0.1'].find(Puppet[:certname])
+        catalog = Puppet::Face[:catalog, '0.0.1'].find(Puppet[:certname],
+                                                       { facts_for_catalog: facts })
       end
       catalog.retrieval_duration = retrieval_duration
       catalog.write_class_file

data/lib/puppet/face/help.rb

@@ -151,6 +151,33 @@ Puppet::Face.define(:help, '0.0.1') do
     end.sort
   end
 
+  def generate_summary(appname)
+    if is_face_app?(appname)
+      begin
+        face = Puppet::Face[appname, :current]
+        # Add deprecation message to summary if the face is deprecated
+        summary = face.deprecated? ? face.summary + ' ' + _("(Deprecated)") : face.summary
+        [appname, summary, '  ']
+      rescue StandardError, LoadError
+        error_message = _("!%{sub_command}! Subcommand unavailable due to error.") % { sub_command: appname }
+        error_message += ' ' + _("Check error logs.")
+        [error_message, '', '  ']
+      end
+    else
+      begin
+        summary = Puppet::Application[appname].summary
+        if summary.empty?
+          summary = horribly_extract_summary_from(appname)
+        end
+        [appname, summary, '  ']
+      rescue StandardError, LoadError
+        error_message = _("!%{sub_command}! Subcommand unavailable due to error.") % { sub_command: appname }
+        error_message += ' ' + _("Check error logs.")
+        [error_message, '', '  ']
+      end
+    end
+  end
+
   # Return a list of all applications (both legacy and Face applications), along with a summary
   #  of their functionality.
   # @return [Array] An Array of Arrays.  The outer array contains one entry per application; each
@@ -162,29 +189,8 @@ Puppet::Face.define(:help, '0.0.1') do
 
       if appname == COMMON || appname == SPECIALIZED || appname == BLANK
         result << appname
-      elsif is_face_app?(appname)
-        begin
-          face = Puppet::Face[appname, :current]
-          # Add deprecation message to summary if the face is deprecated
-          summary = face.deprecated? ? face.summary + ' ' + _("(Deprecated)") : face.summary
-          result << [appname, summary, '  ']
-        rescue StandardError, LoadError
-          error_message = _("!%{sub_command}! Subcommand unavailable due to error.") % { sub_command: appname }
-          error_message += ' ' + _("Check error logs.")
-          result << [error_message, '', '  ']
-        end
       else
-        begin
-          summary = Puppet::Application[appname].summary
-          if summary.empty?
-            summary = horribly_extract_summary_from(appname)
-          end
-          result << [appname, summary, '  ']
-        rescue StandardError, LoadError
-          error_message = _("!%{sub_command}! Subcommand unavailable due to error.") % { sub_command: appname }
-          error_message += ' ' + _("Check error logs.")
-          result << [error_message, '', '  ']
-        end
+        result << generate_summary(appname)
       end
     end
   end
@@ -192,15 +198,29 @@ Puppet::Face.define(:help, '0.0.1') do
   COMMON = 'Common:'
   SPECIALIZED = 'Specialized:'
   BLANK = "\n"
+  COMMON_APPS = %w[apply agent config help lookup module resource]
   def available_application_names_special_sort
     full_list = Puppet::Application.available_application_names
-    a_list = full_list & %w[apply agent config help lookup module resource]
+    a_list = full_list & COMMON_APPS
     a_list = a_list.sort
     also_ran = full_list - a_list
     also_ran = also_ran.sort
     [[COMMON], a_list, [BLANK], [SPECIALIZED], also_ran].flatten(1)
   end
 
+  def common_app_summaries
+    COMMON_APPS.map do |appname|
+      generate_summary(appname)
+    end
+  end
+
+  def specialized_app_summaries
+    specialized_apps = Puppet::Application.available_application_names - COMMON_APPS
+    specialized_apps.filter_map do |appname|
+      generate_summary(appname) unless exclude_from_docs?(appname)
+    end
+  end
+
   def horribly_extract_summary_from(appname)
     help = Puppet::Application[appname].help.split("\n")
     # Now we find the line with our summary, extract it, and return it.  This

data/lib/puppet/feature/telnet.rb

@@ -2,8 +2,4 @@
 
 require_relative '../../puppet/util/feature'
 
-Puppet.features.add :telnet do
-  require 'net/telnet'
-rescue LoadError
-  false
-end
+Puppet.features.add(:telnet, :libs => %(net/telnet))

data/lib/puppet/functions/capitalize.rb

@@ -5,7 +5,7 @@
 # This function is compatible with the stdlib function with the same name.
 #
 # The function does the following:
-# * For a `String`, a string with its first character in upper case version is returned.
+# * For a `String`, a string is returned in which the first character is uppercase.
 #   This is done using Ruby system locale which handles some, but not all
 #   special international up-casing rules (for example German double-s ß is capitalized to "Ss").
 # * For an `Iterable[Variant[String, Numeric]]` (for example an `Array`) each value is capitalized and the conversion is not recursive.

data/lib/puppet/functions/find_file.rb

@@ -7,6 +7,10 @@
 # directory. (For example, the reference `mysql/mysqltuner.pl` will search for the
 # file `<MODULES DIRECTORY>/mysql/files/mysqltuner.pl`.)
 #
+# If this function is run via puppet agent, it checks for file existence on the
+# Puppet Primary server. If run via puppet apply, it checks on the local host.
+# In both cases, the check is performed before any resources are changed.
+#
 # This function can also accept:
 #
 # * An absolute String path, which checks for the existence of a file from anywhere on disk.

data/lib/puppet/functions/hiera.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require 'hiera/puppet_function'
+
 # Performs a standard priority lookup of the hierarchy and returns the most specific value
 # for a given key. The returned value can be any type of data.
 #

data/lib/puppet/functions/index.rb

@@ -40,8 +40,8 @@
 # Note that the lambda gets the value and not an array with `[key, value]` as in other
 # iterative functions.
 #
-# Using a lambda that accepts two values works the same way, it simply gets the index/key
-# as the first parameter, and the value as the second.
+# Using a lambda that accepts two values works the same way. The lambda gets the index/key
+# as the first parameter and the value as the second parameter.
 #
 # @example Using the `index` function with an Array and a two-parameter lambda
 #

data/lib/puppet/functions/lookup.rb

@@ -97,7 +97,7 @@
 # or `{'strategy' => 'hash'}` --- Same as the string versions of these merge behaviors.
 # * `{'strategy' => 'deep', <DEEP OPTION> => <VALUE>, ...}` --- Same as `'deep'`,
 # but can adjust the merge with additional options. The available options are:
-#     * `'knockout_prefix'` (string or undef) --- A string prefix to indicate a
+#     * `'knockout_prefix'` (string) --- A string prefix to indicate a
 #     value should be _removed_ from the final result. If a value is exactly equal
 #     to the prefix, it will knockout the entire element. Defaults to `undef`, which
 #     disables this feature.

data/lib/puppet/functions/new.rb

@@ -557,7 +557,7 @@
 # @example Simple Conversion to String specifying the format for the given value directly
 #
 # ```puppet
-# $str = String(10, "%#x")    # produces '0x10'
+# $str = String(10, "%#x")    # produces '0xa'
 # $str = String([10], "%(a")  # produces '("10")'
 # ```
 #

data/lib/puppet/functions/regsubst.rb

@@ -20,7 +20,7 @@ Puppet::Functions.create_function(:regsubst) do
   #        - *M*         Multiline regexps
   #        - *G*         Global replacement; all occurrences of the regexp in each target string will be replaced.  Without this, only the first occurrence will be replaced.
   # @param encoding [Enum['N','E','S','U']]
-  #      Deprecated and ignored parameter, only here for compatibility.
+  #      Deprecated and ignored parameter, included only for compatibility.
   # @return [Array[String], String] The result of the substitution. Result type is the same as for the target parameter.
   # @deprecated
   #   This method has the optional encoding parameter, which is ignored.

data/lib/puppet/functions/unique.rb

@@ -65,8 +65,9 @@
 # *first-found* unique value, but for `Hash` it contains associations from a set of keys to the set of values clustered by the
 # equality lambda (or the default value equality if no lambda was given). This makes the `unique` function more versatile for hashes
 # in general, while requiring that the simple computation of "hash's unique set of values" is performed as `$hsh.map |$k, $v| { $v }.unique`.
-# (A unique set of hash keys is in general meaningless (since they are unique by definition) - although if processed with a different
-# lambda for equality that would be different. First map the hash to an array of its keys if such a unique computation is wanted).
+# (Generally, it's meaningless to compute the unique set of hash keys because they are unique by definition. However, the
+# situation can change if the hash keys are processed with a different lambda for equality. For this unique computation,
+# first map the hash to an array of its keys.)
 # If the more advanced clustering is wanted for one of the other data types, simply transform it into a `Hash` as shown in the
 # following example.
 #

data/lib/puppet/functions/yaml_data.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require 'yaml'
+
 # The `yaml_data` is a hiera 5 `data_hash` data provider function.
 # See [the configuration guide documentation](https://puppet.com/docs/puppet/latest/hiera_config_yaml_5.html#configuring-a-hierarchy-level-built-in-backends) for
 # how to use this function.

data/lib/puppet/interface/action_manager.rb

@@ -19,7 +19,7 @@ module Puppet::Interface::ActionManager
   # @dsl Faces
   def action(name, &block)
     @actions ||= {}
-    Puppet.warning _("Redefining action %{name} for %{self}") % { name: name, self: self } if action?(name)
+    Puppet.debug _("Redefining action %{name} for %{self}") % { name: name, self: self } if action?(name)
 
     action = Puppet::Interface::ActionBuilder.build(self, name, &block)
 

data/lib/puppet/provider/package/pacman.rb

@@ -29,7 +29,7 @@ Puppet::Type.type(:package).provide :pacman, :parent => Puppet::Provider::Packag
 
   # Checks if a given name is a group
   def self.group?(name)
-    !pacman("-Sg", name).empty?
+    !pacman('--sync', '--groups', name).empty?
   rescue Puppet::ExecutionFailure
     # pacman returns an expected non-zero exit code when the name is not a group
     false
@@ -74,7 +74,7 @@ Puppet::Type.type(:package).provide :pacman, :parent => Puppet::Provider::Packag
   # returns a hash package => version of installed packages
   def self.get_installed_packages
     packages = {}
-    execpipe([command(:pacman), "-Q"]) do |pipe|
+    execpipe([command(:pacman), "--query"]) do |pipe|
       # pacman -Q output is 'packagename version-rel'
       regex = /^(\S+)\s(\S+)/
       pipe.each_line do |line|
@@ -96,7 +96,7 @@ Puppet::Type.type(:package).provide :pacman, :parent => Puppet::Provider::Packag
     groups = {}
     begin
       # Build a hash of group name => list of packages
-      command = [command(:pacman), "-Sgg"]
+      command = [command(:pacman), '--sync', '-gg']
       command << filter if filter
       execpipe(command) do |pipe|
         pipe.each_line do |line|
@@ -134,14 +134,14 @@ Puppet::Type.type(:package).provide :pacman, :parent => Puppet::Provider::Packag
     resource_name = @resource[:name]
 
     # If target is a group, construct the group version
-    return pacman("-Sp", "--print-format", "%n %v", resource_name).lines.map(&:chomp).sort.join(', ') if self.class.group?(resource_name)
+    return pacman("--sync", "--print", "--print-format", "%n %v", resource_name).lines.map(&:chomp).sort.join(', ') if self.class.group?(resource_name)
 
     # Start by querying with pacman first
     # If that fails, retry using yaourt against the AUR
     pacman_check = true
     begin
       if pacman_check
-        output = pacman "-Sp", "--print-format", "%v", resource_name
+        output = pacman "--sync", "--print", "--print-format", "%v", resource_name
         output.chomp
       else
         output = yaourt "-Qma", resource_name
@@ -210,8 +210,8 @@ Puppet::Type.type(:package).provide :pacman, :parent => Puppet::Provider::Packag
 
     cmd = %w[--noconfirm --noprogressbar]
     cmd += uninstall_options if @resource[:uninstall_options]
-    cmd << "-R"
-    cmd << '-s' if is_group
+    cmd << "--remove"
+    cmd << '--recursive' if is_group
     cmd << '--nosave' if purge_configs
     cmd << resource_name
 
@@ -248,8 +248,7 @@ Puppet::Type.type(:package).provide :pacman, :parent => Puppet::Provider::Packag
              else
                fail _("Source %{source} is not supported by pacman") % { source: source }
              end
-    pacman "--noconfirm", "--noprogressbar", "-S"
-    pacman "--noconfirm", "--noprogressbar", "-U", source
+    pacman "--noconfirm", "--noprogressbar", "--update", source
   end
 
   def install_from_repo
@@ -260,7 +259,7 @@ Puppet::Type.type(:package).provide :pacman, :parent => Puppet::Provider::Packag
 
     cmd = %w[--noconfirm --needed --noprogressbar]
     cmd += install_options if @resource[:install_options]
-    cmd << "-S" << resource_name
+    cmd << "--sync" << resource_name
 
     if self.class.yaourt?
       yaourt(*cmd)

data/lib/puppet/provider/package/pip.rb

@@ -160,7 +160,7 @@ Puppet::Type.type(:package).provide :pip, :parent => ::Puppet::Provider::Package
     command = resource_or_provider_command
     self.class.validate_command(command)
 
-    command_and_options = [self.class.quote(command), 'install', "#{@resource[:name]}==versionplease"]
+    command_and_options = [self.class.quote(command), 'install', "#{@resource[:name]}==9!0dev0+x"]
     extra_arg = list_extra_flags(command_version)
     command_and_options << extra_arg if extra_arg
     command_and_options << install_options if @resource[:install_options]

data/lib/puppet/provider/service/systemd.rb

@@ -31,6 +31,7 @@ Puppet::Type.type(:service).provide :systemd, :parent => :base do
   defaultfor 'os.name' => :ubuntu
   notdefaultfor 'os.name' => :ubuntu, 'os.release.major' => ["10.04", "12.04", "14.04", "14.10"] # These are using upstart
   defaultfor 'os.name' => :cumuluslinux, 'os.release.major' => %w[3 4]
+  defaultfor 'os.name' => :raspbian, 'os.release.major' => %w[12]
 
   def self.instances
     i = []

data/lib/puppet/reference/configuration.rb

@@ -41,8 +41,14 @@ config = Puppet::Util::Reference.newreference(:configuration, :depth => 1, :doc
       val = '$confdir/hiera.yaml. However, for backwards compatibility, if a file exists at $codedir/hiera.yaml, Puppet uses that instead.'
     when 'certname'
       val = "the Host's fully qualified domain name, as determined by Facter"
+    when 'hostname'
+      val = "(the system's fully qualified hostname)"
+    when 'domain'
+      val = "(the system's own domain)"
     when 'srv_domain'
       val = 'example.com'
+    when 'http_user_agent'
+      val = 'Puppet/<version> Ruby/<version> (<architecture>)'
     end
 
     # Leave out the section information; it was apparently confusing people.
@@ -95,6 +101,5 @@ config.header = <<~EOT
 
   [confguide]: https://puppet.com/docs/puppet/latest/config_about_settings.html
 
-  * * *
 
 EOT

data/lib/puppet/resource/type.rb

@@ -33,6 +33,16 @@ class Puppet::Resource::Type
   DOUBLE_COLON = '::'
   EMPTY_ARRAY = [].freeze
 
+  LOOKAROUND_OPERATORS = {
+    "(" => 'LP',
+    "?" => "QU",
+    "<" => "LT",
+    ">" => "GT",
+    "!" => "EX",
+    "=" => "EQ",
+    ")" => 'RP'
+  }.freeze
+
   attr_accessor :file, :line, :doc, :code, :parent, :resource_type_collection, :override
   attr_reader :namespace, :arguments, :behaves_like, :module_name
 
@@ -196,7 +206,11 @@ class Puppet::Resource::Type
 
   def name
     if type == :node && name_is_regex?
-      "__node_regexp__#{@name.source.downcase.gsub(/[^-\w:.]/, '').sub(/^\.+/, '')}"
+      # Normalize lookarround regex patthern
+      internal_name = @name.source.downcase.gsub(/\(\?[^)]*\)/) do |str|
+        str.gsub(/./) { |ch| LOOKAROUND_OPERATORS[ch] || ch }
+      end
+      "__node_regexp__#{internal_name.gsub(/[^-\w:.]/, '').sub(/^\.+/, '')}"
     else
       @name
     end

data/lib/puppet/resource.rb

@@ -112,7 +112,7 @@ class Puppet::Resource
     # To get stringified parameter values the flag :stringify_rich can be set
     # in the puppet context.
     #
-    stringify = Puppet.lookup(:stringify_rich) { false }
+    stringify = Puppet.lookup(:stringify_rich)
     converter = stringify ? Puppet::Pops::Serialization::ToStringifiedConverter.new : nil
 
     params = {}