puppet 4.5.2-universal-darwin → 4.5.3-universal-darwin

data/ext/project_data.yaml

@@ -34,22 +34,24 @@ gem_platform_dependencies:
     gem_runtime_dependencies:
       # Pinning versions that require native extensions
       ffi: '~> 1.9.6'
-      win32-dir: '~> 0.4.9'
-      win32-eventlog: '~> 0.6.2'
-      win32-process: '~> 0.7.4'
+      # win32-xxxx gems are pinned due to PUP-6445
+      win32-dir: '= 0.4.9'
+      win32-eventlog: '= 0.6.5'
+      win32-process: '= 0.7.5'
       # Use of win32-security is deprecated
-      win32-security: '~> 0.2.5'
-      win32-service: '~> 0.8.6'
+      win32-security: '= 0.2.5'
+      win32-service: '= 0.8.7'
       minitar: '~> 0.5.4'
   x64-mingw32:
     gem_runtime_dependencies:
       ffi: '~> 1.9.6'
-      win32-dir: '~> 0.4.9'
-      win32-eventlog: '~> 0.6.2'
-      win32-process: '~> 0.7.4'
+      # win32-xxxx gems are pinned due to PUP-6445
+      win32-dir: '= 0.4.9'
+      win32-eventlog: '= 0.6.5'
+      win32-process: '= 0.7.5'
       # Use of win32-security is deprecated
-      win32-security: '~> 0.2.5'
-      win32-service: '~> 0.8.6'
+      win32-security: '= 0.2.5'
+      win32-service: '= 0.8.7'
       minitar: '~> 0.5.4'
 bundle_platforms:
   universal-darwin: ruby

data/lib/puppet/parser/scope.rb

@@ -201,7 +201,7 @@ class Puppet::Parser::Scope
           scope.new_match_scope(nil)
           return as_read_only { expression.safeevaluate(scope) }
         end
-        raise Puppet::Error, "default expression for $#{name} tries to illegally access not yet evaluated $#{bad}"
+        parameter_reference_failure(name, bad)
       end
     end
 
@@ -211,12 +211,21 @@ class Puppet::Parser::Scope
           scope.new_match_scope(nil)
           return as_read_only { evaluator.evaluate(expression, scope) }
         end
-        raise Puppet::Error, "default expression for $#{name} tries to illegally access not yet evaluated $#{bad}"
+        parameter_reference_failure(name, bad)
       end
     end
 
-    def initialize(parent, param_names)
+    def parameter_reference_failure(from, to)
+      # Parameters are evaluated in the order they have in the @params hash.
+      keys = @params.keys
+      raise Puppet::Error, "#{@callee_name}: expects a value for parameter $#{to}" if keys.index(to) < keys.index(from)
+      raise Puppet::Error, "#{@callee_name}: default expression for $#{from} tries to illegally access not yet evaluated $#{to}"
+    end
+    private :parameter_reference_failure
+
+    def initialize(parent, callee_name, param_names)
       super(parent)
+      @callee_name = callee_name
       @params = {}
       param_names.each { |name| @params[name] = Access.new }
     end
@@ -913,9 +922,12 @@ class Puppet::Parser::Scope
   end
 
   # Nests a parameter scope
+  # @param [String] callee_name the name of the function, template, or resource that defines the parameters
+  # @param [Array<String>] param_names list of parameter names
+  # @yieldparam [ParameterScope] param_scope the nested scope
   # @api private
-  def with_parameter_scope(param_names)
-    param_scope = ParameterScope.new(@ephemeral.last, param_names)
+  def with_parameter_scope(callee_name, param_names)
+    param_scope = ParameterScope.new(@ephemeral.last, callee_name, param_names)
     with_guarded_scope do
       @ephemeral.push(param_scope)
       yield(param_scope)

data/lib/puppet/pops/evaluator/closure.rb

@@ -44,7 +44,7 @@ class Closure < CallableSignature
   def call_by_name(args_hash, enforce_parameters)
     if enforce_parameters
       # Push a temporary parameter scope used while resolving the parameter defaults
-      @enclosing_scope.with_parameter_scope(parameter_names) do |param_scope|
+      @enclosing_scope.with_parameter_scope(closure_name, parameter_names) do |param_scope|
         # Assign all non-nil values, even those that represent non-existent paramaters.
         args_hash.each { |k, v| param_scope[k] = v unless v.nil? }
         parameters.each do |p|
@@ -146,7 +146,7 @@ class Closure < CallableSignature
   end
 
   def combine_values_with_parameters(scope, args)
-    scope.with_parameter_scope(parameter_names) do |param_scope|
+    scope.with_parameter_scope(closure_name, parameter_names) do |param_scope|
       parameters.each_with_index do |parameter, index|
         param_captures     = parameter.captures_rest
         default_expression = parameter.value

data/lib/puppet/pops/patterns.rb

@@ -14,6 +14,10 @@ module Puppet::Pops::Patterns
   #
   NUMERIC = %r{\A[[:blank:]]*([-+]?)[[:blank:]]*((0[xX][0-9A-Fa-f]+)|(0?\d+)((?:\.\d+)?(?:[eE]-?\d+)?))[[:blank:]]*\z}
 
+  # Special expression that tests if there is whitespace between sign and number. The expression is used
+  # to strip such whitespace when normal Float or Integer conversion fails.
+  WS_BETWEEN_SIGN_AND_NUMBER = %r{\A([+-])[[:blank:]]+(.*)\z}
+
   # ILLEGAL_P3_1_HOSTNAME matches if a hostname contains illegal characters.
   # This check does not prevent pathological names like 'a....b', '.....', "---". etc.
   ILLEGAL_HOSTNAME_CHARS = %r{[^-\w.]}

data/lib/puppet/pops/types/string_converter.rb

@@ -452,10 +452,10 @@ class StringConverter
   def convert(value, string_formats = :default)
     options = DEFAULT_STRING_FORMATS
 
+    value_type = TypeCalculator.infer_set(value)
     if string_formats.is_a?(String)
       # add the format given for the exact type
-      t = TypeCalculator.infer_set(value)
-      string_formats = { t => string_formats }
+      string_formats = { value_type => string_formats }
     end
 
     case string_formats
@@ -471,7 +471,7 @@ class StringConverter
       raise ArgumentError, "string conversion expects a Default value or a Hash of type to format mappings, got a '#{string_formats.class}'"
     end
 
-    _convert(TypeCalculator.infer_set(value), value, options, DEFAULT_INDENTATION)
+    _convert(value_type, value, options, DEFAULT_INDENTATION)
   end
 
 #  # A method only used for manual debugging as the default output of the formatting rules is
@@ -557,21 +557,20 @@ class StringConverter
 
   def string_PDefaultType(val_type, val, format_map, _)
     f = get_format(val_type, format_map)
-    case f.format
+    apply_string_flags(f, case f.format
     when :d, :s, :p
       f.alt? ? '"default"' : 'default'
     when :D
       f.alt? ? '"Default"' : 'Default'
     else
       raise FormatError.new('Default', f.format, 'dDsp')
-    end
+    end)
   end
 
   # @api private
   def string_PUndefType(val_type, val, format_map, _)
     f = get_format(val_type, format_map)
-    undef_str =
-    case f.format
+    apply_string_flags(f, case f.format
     when :n
       f.alt? ? 'null' : 'nil'
     when :u
@@ -588,12 +587,7 @@ class StringConverter
       f.alt? ? '"undef"' : 'undef'
     else
       raise FormatError.new('Undef', f.format, 'nudxXobBeEfgGaAvVsp')
-    end
-    fmt = "%#{f.left ? '-' : ''}"
-    fmt << "#{f.width}" if f.width
-    fmt << ".#{f.prec}" if f.prec
-    fmt << "s"
-    Kernel.format(fmt,undef_str)
+    end)
   end
 
   # @api private
@@ -603,22 +597,22 @@ class StringConverter
     when :t
       # 'true'/'false' or 't'/'f' if in alt mode
       str_bool = val.to_s
-      f.alt? ? str_bool[0] : str_bool
+      apply_string_flags(f, f.alt? ? str_bool[0] : str_bool)
 
     when :T
       # 'True'/'False' or 'T'/'F' if in alt mode
       str_bool = val.to_s.capitalize
-      f.alt? ? str_bool[0] : str_bool
+      apply_string_flags(f, f.alt? ? str_bool[0] : str_bool)
 
     when :y
       # 'yes'/'no' or 'y'/'n' if in alt mode
       str_bool = val ? 'yes' : 'no'
-      f.alt? ? str_bool[0] : str_bool
+      apply_string_flags(f, f.alt? ? str_bool[0] : str_bool)
 
     when :Y
       # 'Yes'/'No' or 'Y'/'N' if in alt mode
       str_bool = val ? 'Yes' : 'No'
-      f.alt? ? str_bool[0] : str_bool
+      apply_string_flags(f, f.alt? ? str_bool[0] : str_bool)
 
     when :d, :x, :X, :o, :b, :B
       # Boolean in numeric form, formated by integer rule
@@ -633,16 +627,31 @@ class StringConverter
       _convert(TypeCalculator.infer_set(numeric_bool), numeric_bool, string_formats, indentation)
 
     when :s
-      val.to_s
+      apply_string_flags(f, val.to_s)
 
     when :p
-      val.inspect
+      apply_string_flags(f, val.inspect)
 
     else
       raise FormatError.new('Boolean', f.format, 'tTyYdxXobBeEfgGaAsp')
     end
   end
 
+  # Performs post-processing of literals to apply width and precision flags
+  def apply_string_flags(f, literal_str)
+    if f.left || f.width || f.prec
+      fmt = '%'
+      fmt << '-' if f.left
+      fmt << f.width.to_s if f.width
+      fmt << '.' << f.prec.to_s if f.prec
+      fmt << 's'
+      Kernel.format(fmt, literal_str)
+    else
+      literal_str
+    end
+  end
+  private :apply_string_flags
+
   # @api private
   def string_PIntegerType(val_type, val, format_map, _)
     f = get_format(val_type, format_map)
@@ -691,37 +700,77 @@ class StringConverter
   def string_PStringType(val_type, val, format_map, _)
     f = get_format(val_type, format_map)
     case f.format
-    when :s, :p
+    when :s
       Kernel.format(f.orig_fmt, val)
 
+    when :p
+      apply_string_flags(f, puppet_quote(val))
+
     when :c
       c_val = val.capitalize
-      substitute = f.alt? ? 'p' : 's'
-      Kernel.format(f.orig_fmt.gsub('c', substitute), c_val)
+      f.alt? ? apply_string_flags(f, puppet_quote(c_val)) :  Kernel.format(f.orig_fmt.gsub('c', 's'), c_val)
 
     when :C
       c_val = val.split('::').map {|s| s.capitalize }.join('::')
-      substitute = f.alt? ? 'p' : 's'
-      Kernel.format(f.orig_fmt.gsub('C', substitute), c_val)
+      f.alt? ? apply_string_flags(f, puppet_quote(c_val)) :  Kernel.format(f.orig_fmt.gsub('C', 's'), c_val)
 
     when :u
-      substitute = f.alt? ? 'p' : 's'
-      Kernel.format(f.orig_fmt.gsub('u', substitute), val).upcase
+      c_val = val.upcase
+      f.alt? ? apply_string_flags(f, puppet_quote(c_val)) :  Kernel.format(f.orig_fmt.gsub('u', 's'), c_val)
 
     when :d
-      substitute = f.alt? ? 'p' : 's'
-      Kernel.format(f.orig_fmt.gsub('d', substitute), val).downcase
+      c_val = val.downcase
+      f.alt? ? apply_string_flags(f, puppet_quote(c_val)) :  Kernel.format(f.orig_fmt.gsub('d', 's'), c_val)
 
     when :t  # trim
       c_val = val.strip
-      substitute = f.alt? ? 'p' : 's'
-      Kernel.format(f.orig_fmt.gsub('t', substitute), c_val)
+      f.alt? ? apply_string_flags(f, puppet_quote(c_val)) :  Kernel.format(f.orig_fmt.gsub('t', 's'), c_val)
 
     else
       raise FormatError.new('String', f.format, 'cCudspt')
     end
   end
 
+  # Performs a '%p' formatting of the given _str_ such that the output conforms to Puppet syntax. An ascii string
+  # without control characters, dollar, single-qoute, or backslash, will be quoted using single quotes. All other
+  # strings will be quoted using double quotes.
+  #
+  # @param [String] str the string that should be formatted
+  # @return [String] the formatted string
+  #
+  # @api public
+  def puppet_quote(str)
+    if str.ascii_only? && (str =~ /(?:'|\$|\p{Cntrl}|\\)/).nil?
+      "'#{str}'"
+    else
+      bld = '"'
+      str.codepoints do |codepoint|
+        case codepoint
+        when 0x09
+          bld << '\\t'
+        when 0x0a
+          bld << '\\n'
+        when 0x0d
+          bld << '\\r'
+        when 0x22
+          bld << '\\"'
+        when 0x24
+          bld << '\\$'
+        when 0x5c
+          bld << '\\\\'
+        else
+          if codepoint < 0x20 || codepoint > 0x7f
+            bld << sprintf('\\u{%X}', codepoint)
+          else
+            bld.concat(codepoint)
+          end
+        end
+      end
+      bld << '"'
+      bld
+    end
+  end
+
   # @api private
   def string_PRegexpType(val_type, val, format_map, _)
     f = get_format(val_type, format_map)

data/lib/puppet/pops/types/type_formatter.rb

@@ -434,8 +434,7 @@ class TypeFormatter
   # @api private
   def string_String(t)
     # Use single qoute on strings that does not contain single quotes, control characters, or backslashes.
-    # TODO: This should move to StringConverter when this formatter is changed to take advantage of it
-    @bld << (t.ascii_only? && (t =~ /^(?:'|\p{Cntrl}|\\)$/).nil? ? "'#{t}'" : t.inspect)
+    @bld << StringConverter.singleton.puppet_quote(t)
   end
 
   # @api private

data/lib/puppet/pops/types/types.rb

@@ -877,6 +877,16 @@ class PIntegerType < PNumericType
           rescue TypeError => e
             raise TypeConversionError.new(e.message)
           rescue ArgumentError => e
+            # Test for special case where there is whitespace between sign and number
+            match = Patterns::WS_BETWEEN_SIGN_AND_NUMBER.match(from)
+            if match
+              begin
+                # Try again, this time with whitespace removed
+                return from_args(match[1] + match[2], radix)
+              rescue TypeConversionError
+                # Ignored to retain original error
+              end
+            end
             raise TypeConversionError.new(e.message)
           end
         else
@@ -972,6 +982,16 @@ class PFloatType < PNumericType
           rescue TypeError => e
             raise TypeConversionError.new(e.message)
           rescue ArgumentError => e
+            # Test for special case where there is whitespace between sign and number
+            match = Patterns::WS_BETWEEN_SIGN_AND_NUMBER.match(from)
+            if match
+              begin
+                # Try again, this time with whitespace removed
+                return from_args(match[1] + match[2])
+              rescue TypeConversionError
+                # Ignored to retain original error
+              end
+            end
             raise TypeConversionError.new(e.message)
           end
         else

data/lib/puppet/provider/group/windows_adsi.rb

@@ -27,10 +27,13 @@ Puppet::Type.type(:group).provide :windows_adsi do
     current_users = Puppet::Util::Windows::ADSI::Group.name_sid_hash(current)
     specified_users = Puppet::Util::Windows::ADSI::Group.name_sid_hash(should)
 
+    current_sids = current_users.keys.to_a
+    specified_sids = specified_users.keys.to_a
+
     if @resource[:auth_membership]
-      current_users.keys.to_a == specified_users.keys.to_a
+      current_sids.sort == specified_sids.sort
     else
-      (specified_users.keys.to_a & current_users.keys.to_a) == specified_users.keys.to_a
+      (specified_sids & current_sids) == specified_sids
     end
   end
 

data/lib/puppet/provider/package/dnf.rb

@@ -28,7 +28,7 @@ Puppet::Type.type(:package).provide :dnf, :parent => :yum do
       end
   end
 
-  defaultfor :operatingsystem => :fedora, :operatingsystemmajrelease => ['22', '23']
+  defaultfor :operatingsystem => :fedora, :operatingsystemmajrelease => ['22', '23', '24']
 
   # The value to pass to DNF as its error output level.
   # DNF differs from Yum slightly with regards to error outputting.

data/lib/puppet/provider/scheduled_task/win32_taskscheduler.rb

@@ -226,6 +226,13 @@ Puppet::Type.type(:scheduled_task).provide(:win32_taskscheduler) do
   def flush
     unless resource[:ensure] == :absent
       self.fail('Parameter command is required.') unless resource[:command]
+      # HACK: even though the user may actually be insync?, for task changes to
+      # fully propagate, it is necessary to explicitly set the user for the task,
+      # even when it is SYSTEM (and has a nil password)
+      # this is a Windows security feature with the v1 COM APIs that prevent
+      # arbitrary reassignment of a task scheduler command to run as SYSTEM
+      # without the authorization to do so
+      self.user = resource[:user]
       task.save
       @task = nil
     end

data/lib/puppet/provider/user/windows_adsi.rb

@@ -36,13 +36,16 @@ Puppet::Type.type(:user).provide :windows_adsi do
     # since the default array_matching comparison is not commutative
 
     # dupes automatically weeded out when hashes built
-    current_users = Puppet::Util::Windows::ADSI::Group.name_sid_hash(current)
-    specified_users = Puppet::Util::Windows::ADSI::Group.name_sid_hash(should)
+    current_groups = Puppet::Util::Windows::ADSI::Group.name_sid_hash(current)
+    specified_groups = Puppet::Util::Windows::ADSI::Group.name_sid_hash(should)
+
+    current_sids = current_groups.keys.to_a
+    specified_sids = specified_groups.keys.to_a
 
     if @resource[:membership] == :inclusive
-      current_users.keys.to_a == specified_users.keys.to_a
+      current_sids.sort == specified_sids.sort
     else
-      (specified_users.keys.to_a & current_users.keys.to_a) == specified_users.keys.to_a
+      (specified_sids & current_sids) == specified_sids
     end
   end
 

data/lib/puppet/reference/configuration.rb

@@ -32,6 +32,8 @@ config = Puppet::Util::Reference.newreference(:configuration, :depth => 1, :doc
       val = 'Unix/Linux: /var/run/puppetlabs -- Windows: C:\ProgramData\PuppetLabs\puppet\var\run -- Non-root user: ~/.puppetlabs/var/run'
     elsif name.to_s == 'logdir'
       val = 'Unix/Linux: /var/log/puppetlabs/puppet -- Windows: C:\ProgramData\PuppetLabs\puppet\var\log -- Non-root user: ~/.puppetlabs/var/log'
+    elsif name.to_s == 'hiera.yaml'
+      val = '$confdir/hiera.yaml. However, if a file exists at $codedir/hiera.yaml, Puppet uses that instead.'
     end
 
     # Leave out the section information; it was apparently confusing people.

data/lib/puppet/resource/type.rb

@@ -369,7 +369,7 @@ class Puppet::Resource::Type
     end
     scope.class_set(self.name,scope) if hostclass? || node?
 
-    param_hash = scope.with_parameter_scope(arguments.keys) do |param_scope|
+    param_hash = scope.with_parameter_scope(resource.to_s, arguments.keys) do |param_scope|
       # Assign directly to the parameter scope to avoid scope parameter validation at this point. It
       # will happen anyway when the values are assigned to the scope after the parameter scoped has
       # been popped.