puppet 4.7.0-universal-darwin → 4.7.1-universal-darwin

data/Gemfile

@@ -53,6 +53,9 @@ group(:development, :test) do
 
   gem 'rdoc', "~> 4.1", :platforms => [:ruby]
 
+  # webmock requires addressable as as of 2.5.0 addressable started
+  # requiring the public_suffix gem which requires Ruby 2
+  gem 'addressable', '< 2.5.0'
   gem 'webmock', '~> 1.24'
   gem 'vcr', '~> 2.9'
 end

data/Rakefile

@@ -83,8 +83,8 @@ task(:commits) do
   # populated with the range of commits the PR contains. If not available, this
   # falls back to `master..HEAD` as a next best bet as `master` is unlikely to
   # ever be absent.
-  commit_range = ENV['TRAVIS_COMMIT_RANGE'].nil? ? 'master..HEAD' : ENV['TRAVIS_COMMIT_RANGE']
-  puts "Checking commits..."
+  commit_range = ENV['TRAVIS_COMMIT_RANGE'].nil? ? 'master..HEAD' : ENV['TRAVIS_COMMIT_RANGE'].sub(/\.\.\./, '..')
+  puts "Checking commits #{commit_range}"
   %x{git log --no-merges --pretty=%s #{commit_range}}.each_line do |commit_summary|
     # This regex tests for the currently supported commit summary tokens: maint, doc, packaging, or pup-<number>.
     # The exception tries to explain it in more full.

data/ext/systemd/puppet.service

@@ -1,3 +1,13 @@
+#
+# Local settings can be configured without being overwritten by package upgrades, for example
+# if you want to increase puppet open-files-limit to 10000,
+# you need to increase systemd's LimitNOFILE setting, so create a file named
+# "/etc/systemd/system/puppet.service.d/limits.conf" containing:
+# [Service]
+# LimitNOFILE=10000
+# You can confirm it worked by running systemctl daemon-reload
+# then running systemctl show puppet | grep LimitNOFILE
+#
 [Unit]
 Description=Puppet agent
 Wants=basic.target

data/lib/puppet/network/http/error.rb

@@ -59,7 +59,7 @@ module Puppet::Network::HTTP::Error
 
     def initialize(original_error, issue_kind = Issues::RUNTIME_ERROR)
       super("Server Error: " + original_error.message, CODE, issue_kind)
-      @backtrace = original_error.backtrace
+      @backtrace = ["Warning: The 'stacktrace' property is deprecated and will be removed in a future version of Puppet. For security reasons, stacktraces are not returned with Puppet HTTP Error responses."]
     end
 
     def to_json

data/lib/puppet/network/http/handler.rb

@@ -68,7 +68,8 @@ module Puppet::Network::HTTP::Handler
     new_response.respond_with(e.status, "application/json", e.to_json)
   rescue StandardError => e
     http_e = Puppet::Network::HTTP::Error::HTTPServerError.new(e)
-    Puppet.err(http_e.message)
+    log_msg = [http_e.message, *e.backtrace].join("\n")
+    Puppet.err(log_msg)
     new_response.respond_with(http_e.status, "application/json", http_e.to_json)
   ensure
     if profiler

data/lib/puppet/parser/functions/then.rb

@@ -1,5 +1,5 @@
 Puppet::Parser::Functions::newfunction(
-  :lest,
+  :then,
   :type => :rvalue,
   :arity => -2,
   :doc => <<-DOC
@@ -31,7 +31,7 @@ notice $data.dig(a, b, 1, x).then |$x| { $x * 2 }
 Which would notice `undef` since the last lookup of 'x' results in `undef` which
 is returned (without calling the lambda given to the `then` function).
 
-As a result there is no need for conditional logic or a temporary (non local) 
+As a result there is no need for conditional logic or a temporary (non local)
 variable as the result is now either the wanted value (`x`) multiplied
 by 2 or `undef`.
 

data/lib/puppet/type/ssh_authorized_key.rb

@@ -2,18 +2,20 @@ module Puppet
   Type.newtype(:ssh_authorized_key) do
     @doc = "Manages SSH authorized keys. Currently only type 2 keys are supported.
 
-      In their native habitat, SSH keys usually appear as a single long line. This
-      resource type requires you to split that line into several attributes. Thus, a
-      key that appears in your `~/.ssh/id_rsa.pub` file like this...
+      In their native habitat, SSH keys usually appear as a single long line, in
+      the format `<TYPE> <KEY> <NAME/COMMENT>`. This resource type requires you
+      to split that line into several attributes. Thus, a key that appears in
+      your `~/.ssh/id_rsa.pub` file like this...
 
-          ssh-rsa AAAAB3Nza[...]qXfdaQ== nick@magpie.puppetlabs.lan
+          ssh-rsa AAAAB3Nza[...]qXfdaQ== nick@magpie.example.com
 
       ...would translate to the following resource:
 
-          ssh_authorized_key { 'nick@magpie.puppetlabs.lan':
-            user => 'nick',
-            type => 'ssh-rsa',
-            key  => 'AAAAB3Nza[...]qXfdaQ== nick@magpie.puppetlabs.lan',
+          ssh_authorized_key { 'nick@magpie.example.com':
+            ensure => present,
+            user   => 'nick',
+            type   => 'ssh-rsa',
+            key    => 'AAAAB3Nza[...]qXfdaQ==',
           }
 
       To ensure that only the currently approved keys are present, you can purge
@@ -36,8 +38,12 @@ module Puppet
     ensurable
 
     newparam(:name) do
-      desc "The SSH key comment. This attribute is currently used as a
-        system-wide primary key and therefore has to be unique."
+      desc "The SSH key comment. This can be anything, and doesn't need to match
+        the original comment from the `.pub` file.
+
+        Due to internal limitations, this must be unique across all user accounts;
+        if you want to specify one key for multiple users, you must use a different
+        comment for each instance."
 
       isnamevar
 

data/lib/puppet/util/tagging.rb

@@ -1,7 +1,7 @@
 require 'puppet/util/tag_set'
 
 module Puppet::Util::Tagging
-  ValidTagRegex = /^[0-9A-Za-z_][0-9A-Za-z_:.-]*$/
+  ValidTagRegex = /\A[0-9A-Za-z_][0-9A-Za-z_:.-]*\Z/
 
   # Add a tag to the current tag set.
   # When a tag set is used for a scope, these tags will be added to all of

data/lib/puppet/version.rb

@@ -7,7 +7,7 @@
 
 
 module Puppet
-  PUPPETVERSION = '4.7.0'
+  PUPPETVERSION = '4.7.1'
 
   ##
   # version is a public API method intended to always provide a fast and

data/spec/integration/util/windows/principal_spec.rb

@@ -8,7 +8,7 @@ describe Puppet::Util::Windows::SID::Principal, :if => Puppet.features.microsoft
   let (:system_bytes) { [1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0] }
   let (:null_sid_bytes) { bytes = [1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0] }
   let (:administrator_bytes) { [1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0] }
-  let (:computer_sid) { Puppet::Util::Windows::SID.name_to_sid_object(Socket.gethostname) }
+  let (:computer_sid) { Puppet::Util::Windows::SID.name_to_sid_object(Puppet::Util::Windows::ADSI.computer_name) }
   # BUILTIN is localized on German Windows, but not French
   # looking this up like this dilutes the values of the tests as we're comparing two mechanisms
   # for returning the same values, rather than to a known good
@@ -64,7 +64,7 @@ describe Puppet::Util::Windows::SID::Principal, :if => Puppet.features.microsoft
       # otherwise running in AppVeyor there is no Administrator and a the current local user can be used
       skip if (running_as_system && !user_exists)
 
-      hostname = Socket.gethostname
+      hostname = Puppet::Util::Windows::ADSI.computer_name
 
       principal = Puppet::Util::Windows::SID::Principal.lookup_account_name("#{hostname}\\#{username}")
       expect(principal.account).to match(/^#{Regexp.quote(username)}$/i)

data/spec/integration/util/windows/registry_spec.rb

@@ -129,7 +129,7 @@ describe Puppet::Util::Windows::Registry do
 
       let (:hklm) { Win32::Registry::HKEY_LOCAL_MACHINE }
       let (:puppet_key) { "SOFTWARE\\Puppet Labs"}
-      let (:subkey_name) { "PuppetRegistryTest" }
+      let (:subkey_name) { "PuppetRegistryTest#{SecureRandom.uuid}" }
       let (:guid) { SecureRandom.uuid }
       let (:regsam) { Puppet::Util::Windows::Registry::KEY32 }
 
@@ -187,7 +187,7 @@ describe Puppet::Util::Windows::Registry do
     context "when reading values" do
       let (:hklm) { Win32::Registry::HKEY_LOCAL_MACHINE }
       let (:puppet_key) { "SOFTWARE\\Puppet Labs"}
-      let (:subkey_name) { "PuppetRegistryTest" }
+      let (:subkey_name) { "PuppetRegistryTest#{SecureRandom.uuid}" }
       let (:value_name) { SecureRandom.uuid }
 
       after(:each) do
@@ -228,7 +228,7 @@ describe Puppet::Util::Windows::Registry do
     context "when reading corrupt values" do
       let (:hklm) { Win32::Registry::HKEY_LOCAL_MACHINE }
       let (:puppet_key) { "SOFTWARE\\Puppet Labs"}
-      let (:subkey_name) { "PuppetRegistryTest" }
+      let (:subkey_name) { "PuppetRegistryTest#{SecureRandom.uuid}" }
       let (:value_name) { SecureRandom.uuid }
 
       before(:each) do
@@ -254,4 +254,4 @@ describe Puppet::Util::Windows::Registry do
     end
   end
 end
-end
+end

data/spec/unit/network/http/error_spec.rb

@@ -15,7 +15,7 @@ describe Puppet::Network::HTTP::Error do
   end
 
   describe Puppet::Network::HTTP::Error::HTTPServerError do
-    it "should serialize to JSON that matches the error schema and has the optional stacktrace property" do
+    it "should serialize to JSON that matches the error schema and has a deprecated stacktrace property" do
       begin
         raise Exception, "a wild Exception appeared!"
       rescue Exception => e
@@ -24,6 +24,7 @@ describe Puppet::Network::HTTP::Error do
       error = Puppet::Network::HTTP::Error::HTTPServerError.new(culpable)
 
       expect(error.to_json).to validate_against('api/schemas/error.json')
+      expect(error.to_json).to match(/The 'stacktrace' property is deprecated/)
     end
   end
 

data/spec/unit/network/http/handler_spec.rb

@@ -74,9 +74,16 @@ describe Puppet::Network::HTTP::Handler do
       expect(res[:status]).to eq(404)
     end
 
-    it "returns a structured error response with a stacktrace when the server encounters an internal error" do
+    it "returns a structured error response when the server encounters an internal error" do
+      error = StandardError.new("the sky is falling!")
+      original_stacktrace = ['a.rb', 'b.rb']
+      error.set_backtrace(original_stacktrace)
+
       handler = PuppetSpec::Handler.new(
-        Puppet::Network::HTTP::Route.path(/.*/).get(lambda { |_, _| raise StandardError.new("the sky is falling!")}))
+        Puppet::Network::HTTP::Route.path(/.*/).get(lambda { |_, _| raise error}))
+
+      # Stacktraces should be included in logs
+      Puppet.expects(:err).with("Server Error: the sky is falling!\na.rb\nb.rb")
 
       req = a_request("GET", "/vtest/foo")
       res = {}
@@ -89,7 +96,8 @@ describe Puppet::Network::HTTP::Handler do
       expect(res_body["issue_kind"]).to eq(Puppet::Network::HTTP::Issues::RUNTIME_ERROR.to_s)
       expect(res_body["message"]).to eq("Server Error: the sky is falling!")
       expect(res_body["stacktrace"].is_a?(Array) && !res_body["stacktrace"].empty?).to be_truthy
-      expect(res_body["stacktrace"][0]).to match("spec/unit/network/http/handler_spec.rb")
+      expect(res_body["stacktrace"][0]).to match(/The 'stacktrace' property is deprecated/)
+      expect(res_body["stacktrace"] & original_stacktrace).to be_empty
       expect(res[:status]).to eq(500)
     end
 

data/spec/unit/ssl/certificate_request_spec.rb

@@ -287,7 +287,7 @@ describe Puppet::SSL::CertificateRequest do
         exts = {"thats.no.moon" => "death star"}
         expect do
           request.generate(key, :extension_requests => exts)
-        end.to raise_error Puppet::Error, /Cannot create CSR with extension request thats\.no\.moon: first num too large/
+        end.to raise_error Puppet::Error, /Cannot create CSR with extension request thats\.no\.moon.*: first num too large/
       end
     end
 

data/spec/unit/transaction/persistence_spec.rb

@@ -148,7 +148,12 @@ describe Puppet::Transaction::Persistence do
       persistence = Puppet::Transaction::Persistence.new
 
       if Puppet.features.microsoft_windows?
-        expect { persistence.save }.to raise_error(Puppet::Util::Windows::Error, /Access is denied/)
+        expect do
+          persistence.save
+        end.to raise_error do |error|
+          expect(error).to be_a(Puppet::Util::Windows::Error)
+          expect(error.code).to eq(5) # ERROR_ACCESS_DENIED
+        end
       else
         expect { persistence.save }.to raise_error(Errno::EISDIR, /Is a directory/)
       end

data/spec/unit/util/tagging_spec.rb

@@ -36,6 +36,10 @@ describe Puppet::Util::Tagging do
     expect { tagger.tag("bad tag") }.to raise_error(Puppet::ParseError)
   end
 
+  it "should fail on tags containing newline characters" do
+    expect { tagger.tag("bad\ntag") }.to raise_error(Puppet::ParseError)
+  end
+
   it "should allow alpha tags" do
     expect { tagger.tag("good_tag") }.not_to raise_error
   end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: puppet
 version: !ruby/object:Gem::Version
-  version: 4.7.0
+  version: 4.7.1
   prerelease: 
 platform: universal-darwin
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-09-22 00:00:00.000000000 Z
+date: 2017-01-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: facter