puppet 6.0.3-universal-darwin → 6.0.4-universal-darwin

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 461aba1952200572aa6b0e6b875d85dcea71ed1cf376f4b393df225cc1ae14ba
-  data.tar.gz: 82b224a2c37d92c4b2ca49cbc2fe9dc639a56d0a64ef13ced257aca124745361
+  metadata.gz: 9d05cbc4b083661115e49efe6dfc865051e650f81454ad360a57a8ff3fb18fd4
+  data.tar.gz: 7f3ee431ecc2b7cba9e3918652e18216a69cc0dabf7a9c0b2fd94377c90fbcd4
 SHA512:
-  metadata.gz: dda52705c006cee47a267fdfdeb2827ee0fd2ad914a9630bd23c0d410bd0b2f2ba83a361fac72a4d91259d4cad6942de15e14322278f6354bc3c3cfee26f5728
-  data.tar.gz: ee4aea7d4f8b6f877780e8f36bcd89691b4fa6369812b152831559cfb37ce37225971f76443397ad3796fd21a96e5f25bf190a4f91aa971bce3a5bebb338ae37
+  metadata.gz: b13a76f5e141758210968a3829e5f36f569c46fea33e5f01b7ad95be5b29e43149f31ccaddfd93b8b64c3b3c588bd996f6f16e041949dc326c2776b2a630edb0
+  data.tar.gz: dac192cc311a2b59124063fe1ad2bf3085f52d351ea9c55a69a5355c502d2f8daf175eb5c024880fb7bc8a41a1ce397c40eb64d705631aa2c0eab68536a66293

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    puppet (6.0.3)
+    puppet (6.0.4)
       CFPropertyList (~> 2.2)
       facter (>= 2.0.1, < 4)
       fast_gettext (~> 1.1.2)
@@ -47,7 +47,7 @@ GEM
     memory_profiler (0.9.12)
     metaclass (0.0.4)
     method_source (0.9.0)
-    minitar (0.6.1)
+    minitar (0.7)
     mocha (1.5.0)
       metaclass (~> 0.0.1)
     msgpack (1.2.4)
@@ -64,7 +64,7 @@ GEM
       coderay (~> 1.1.0)
       method_source (~> 0.9.0)
     public_suffix (3.0.3)
-    puppet-resource_api (1.6.0)
+    puppet-resource_api (1.6.2)
       hocon (>= 1.0)
     puppetserver-ca (1.1.1)
       facter (>= 2.0.1, < 4)

data/Rakefile

@@ -71,7 +71,7 @@ task(:commits) do
   %x{git log --no-merges --pretty=%s #{commit_range}}.each_line do |commit_summary|
     # This regex tests for the currently supported commit summary tokens: maint, doc, packaging, or pup-<number>.
     # The exception tries to explain it in more full.
-    if /^\((maint|doc|docs|packaging|pup-\d+)\)|revert/i.match(commit_summary).nil?
+    if /^\((maint|doc|docs|packaging|l10n|pup-\d+)\)|revert/i.match(commit_summary).nil?
       raise "\n\n\n\tThis commit summary didn't match CONTRIBUTING.md guidelines:\n" \
         "\n\t\t#{commit_summary}\n" \
         "\tThe commit summary (i.e. the first line of the commit message) should start with one of:\n"  \
@@ -80,6 +80,7 @@ task(:commits) do
         "\t\t(docs)(DOCUMENT-<digits>)\n" \
         "\t\t(maint)\n" \
         "\t\t(packaging)\n" \
+        "\t\t(L10n)\n" \
         "\n\tThis test for the commit summary is case-insensitive.\n\n\n"
     else
       puts "#{commit_summary}"

data/lib/puppet/face/config.rb

@@ -210,7 +210,7 @@ https://puppet.com/docs/puppet/latest/configuration.html#environment
 
   action(:delete) do
     summary _("Delete a Puppet setting.")
-    arguments _("(<setting>")
+    arguments _("<setting>")
     #TRANSLATORS 'main' is a specific section name and should not be translated
     description "Deletes a setting from the specified section. (The default is the section 'main')."
     notes <<-'EOT'

data/lib/puppet/file_bucket/dipper.rb

@@ -77,7 +77,7 @@ class Puppet::FileBucket::Dipper
           tmp_file.unlink
         end
       else
-        raise Puppet::Error, _("Please provide a file or checksum do diff with")
+        raise Puppet::Error, _("Please provide a file or checksum to diff with")
       end
     elsif file_a
       if checksum_b

data/lib/puppet/pops/loader/ruby_legacy_function_instantiator.rb

@@ -33,10 +33,11 @@ class Puppet::Pops::Loader::RubyLegacyFunctionInstantiator
 
       # Validate what was loaded
       unless func_info.is_a?(Hash)
-        raise ArgumentError, _("The code loaded from %{source_ref} did not produce the expected 3x function info Hash when evaluated. Got '%{klass}'") % { source_ref: source_ref, klass: created.class }
+        # TRANSLATORS - the word 'newfunction' shoud not be translated as it is a method name.
+        raise ArgumentError, _("Illegal legacy function definition! The code loaded from %{source_ref} did not return the result of calling 'newfunction'. Got '%{klass}'") % { source_ref: source_ref, klass: func_info.class }
       end
       unless func_info[:name] == "function_#{typed_name.name()}"
-        raise ArgumentError, _("The code loaded from %{source_ref} produced mis-matched name, expected 'function_%{type_name}', got %{created_name}") % { 
+        raise ArgumentError, _("The code loaded from %{source_ref} produced mis-matched name, expected 'function_%{type_name}', got '%{created_name}'") % { 
           source_ref: source_ref, type_name: typed_name.name, created_name: func_info[:name] }
       end
     end

data/lib/puppet/provider/group/aix.rb

@@ -53,10 +53,30 @@ Puppet::Type.type(:group).provide :aix, :parent => Puppet::Provider::AixObject d
 
       group_hash
     end
+
+    # Define some Puppet Property => AIX Attribute (and vice versa)
+    # conversion functions here. This is so we can unit test them.
+
+    def members_to_users(provider, members)
+      members = members.split(',') if members.is_a?(String)
+      unless provider.resource[:auth_membership]
+        current_members = provider.members
+        current_members = [] if current_members == :absent
+        members = (members + current_members).uniq
+      end
+
+      members.join(',')
+    end
+
+    def users_to_members(users)
+      users.split(',')
+    end
   end
 
   mapping puppet_property: :members,
-          aix_attribute: :users
+          aix_attribute: :users,
+          property_to_attribute: method(:members_to_users),
+          attribute_to_property: method(:users_to_members)
 
   numeric_mapping puppet_property: :gid,
                   aix_attribute: :id
@@ -65,4 +85,14 @@ Puppet::Type.type(:group).provide :aix, :parent => Puppet::Provider::AixObject d
   # the resource methods (property getters + setters for our mapped
   # properties + a getter for the attributes property).
   mk_resource_methods
+
+  # We could add this to the top-level members property since the
+  # implementation is not platform-specific; however, it is best
+  # to do it this way so that we do not accidentally break something.
+  # This is ok for now, since we do plan on moving this and the
+  # auth_membership management over to the property class in a future
+  # Puppet release.
+  def members_insync?(current, should)
+    current.sort == @resource.parameter(:members).actual_should(current, should)
+  end
 end

data/lib/puppet/provider/group/pw.rb

@@ -9,10 +9,7 @@ Puppet::Type.type(:group).provide :pw, :parent => Puppet::Provider::NameService:
   defaultfor :operatingsystem => [:freebsd, :dragonfly]
   confine    :operatingsystem => [:freebsd, :dragonfly]
 
-  options :members,
-          :flag    => "-M",
-          :method  => :mem,
-          :unmunge => proc { |members| members.join(',') }
+  options :members, :flag => "-M", :method => :mem
 
   verify :gid, _("GID must be an integer") do |value|
     value.is_a? Integer
@@ -29,6 +26,9 @@ Puppet::Type.type(:group).provide :pw, :parent => Puppet::Provider::NameService:
 
     if members = @resource.should(:members)
       unless members == :absent
+        if members.is_a?(Array)
+          members = members.join(",")
+        end
         cmd << "-M" << members
       end
     end
@@ -39,6 +39,10 @@ Puppet::Type.type(:group).provide :pw, :parent => Puppet::Provider::NameService:
   end
 
   def modifycmd(param, value)
+    # members may be an array, need a comma separated list
+    if param == :members and value.is_a?(Array)
+      value = value.join(",")
+    end
     super(param, value)
   end
 end

data/lib/puppet/provider/group/windows_adsi.rb

@@ -22,9 +22,10 @@ Puppet::Type.type(:group).provide :windows_adsi do
 
     # Cannot use munge of the group property to canonicalize @should
     # since the default array_matching comparison is not commutative
+
     # dupes automatically weeded out when hashes built
-    current_members = Puppet::Util::Windows::ADSI::User.name_sid_hash(current)
-    specified_members = Puppet::Util::Windows::ADSI::User.name_sid_hash(should)
+    current_members = Puppet::Util::Windows::ADSI::Group.name_sid_hash(current)
+    specified_members = Puppet::Util::Windows::ADSI::Group.name_sid_hash(should)
 
     current_sids = current_members.keys.to_a
     specified_sids = specified_members.keys.to_a
@@ -65,7 +66,7 @@ Puppet::Type.type(:group).provide :windows_adsi do
   end
 
   def members
-    @members ||= Puppet::Util::Windows::ADSI::User.name_sid_hash(group.members)
+    @members ||= Puppet::Util::Windows::ADSI::Group.name_sid_hash(group.members)
     @members.keys
   end
 

data/lib/puppet/provider/nameservice/directoryservice.rb

@@ -116,7 +116,7 @@ class Puppet::Provider::NameService::DirectoryService < Puppet::Provider::NameSe
       ds_value = input_hash[key]
       case ds_to_ns_attribute_map[ds_attribute]
         when :members
-          ds_value = ds_value.join(',')
+          ds_value = ds_value # only members uses arrays so far
         when :gid, :uid
           # OS X stores objects like uid/gid as strings.
           # Try casting to an integer for these cases to be
@@ -344,10 +344,8 @@ class Puppet::Provider::NameService::DirectoryService < Puppet::Provider::NameSe
 
   def set(param, value)
     self.class.validate(param, value)
+    current_members = @property_value_cache_hash[:members]
     if param == :members
-      current_members = @property_value_cache_hash[:members].split(',')
-      value = value.split(',')
-
       # If we are meant to be authoritative for the group membership
       # then remove all existing members who haven't been specified
       # in the manifest.
@@ -411,7 +409,7 @@ class Puppet::Provider::NameService::DirectoryService < Puppet::Provider::NameSe
       end
       if value != "" and not value.nil?
         if property == :members
-          add_members(nil, value.split(','))
+          add_members(nil, value)
         else
           exec_arg_vector = self.class.get_exec_preamble("-create", @resource[:name])
           exec_arg_vector << ns_to_ds_attribute_map[property.intern]

data/lib/puppet/provider/package/dnf.rb

@@ -30,6 +30,7 @@ Puppet::Type.type(:package).provide :dnf, :parent => :yum do
 
   defaultfor :operatingsystem => :fedora
   notdefaultfor :operatingsystem => :fedora, :operatingsystemmajrelease => (19..21).to_a
+  defaultfor :osfamily => :redhat, :operatingsystemmajrelease => ["8"]
 
   def self.update_command
     # In DNF, update is deprecated for upgrade

data/lib/puppet/type/group.rb

@@ -1,7 +1,6 @@
 require 'etc'
 require 'facter'
 require 'puppet/property/keyvalue'
-require 'puppet/property/list'
 require 'puppet/parameter/boolean'
 
 module Puppet
@@ -82,84 +81,69 @@ module Puppet
       end
     end
 
-    newproperty(:members, :parent => Puppet::Property::List, :required_features => :manages_members) do
+    newproperty(:members, :array_matching => :all, :required_features => :manages_members) do
       desc "The members of the group. For platforms or directory services where group
         membership is stored in the group objects, not the users. This parameter's
         behavior can be configured with `auth_membership`."
 
-      validate do |value|
-        unless value.is_a?(String)
-          raise ArgumentError, _("The members property must be specified as either an array of strings, or as a single string consisting of a comma-separated list of members")
-        end
-
-        if value.is_a?(Integer) || value =~ /^\d+$/
-          raise ArgumentError, _("User names must be provided, not UID numbers.")
-        end
+      def change_to_s(currentvalue, newvalue)
+        newvalue = actual_should(currentvalue, newvalue)
 
-        if value.empty?
-          raise ArgumentError, _("User names must not be empty. If you want to specify \"no users\" pass an empty array")
-        end
+        currentvalue = currentvalue.join(",") if currentvalue != :absent
+        newvalue = newvalue.join(",")
+        super(currentvalue, newvalue)
+      end
 
-        if provider.respond_to?(:member_valid?)
-          return provider.member_valid?(value)
+      def insync?(current)
+        if provider.respond_to?(:members_insync?)
+          return provider.members_insync?(current, @should)
         end
-      end
 
-      def inclusive?
-        @resource[:auth_membership]
+        super(current)
       end
 
-      def change_to_s(currentvalue, newvalue)
-        newvalue = newvalue.split(",") if newvalue != :absent
-
+      def is_to_s(currentvalue)
         if provider.respond_to?(:members_to_s)
-          # for Windows ADSI
-          # de-dupe the "newvalue" when the sync event message is generated,
-          # due to final retrieve called after the resource has been modified
-          newvalue = provider.members_to_s(newvalue).split(',').uniq
+          currentvalue = '' if currentvalue.nil?
+          currentvalue = currentvalue.is_a?(Array) ? currentvalue : currentvalue.split(',')
+
+          return provider.members_to_s(currentvalue)
         end
 
-        super(currentvalue, newvalue)
+        super(currentvalue)
       end
 
-      # override Puppet::Property::List#retrieve
-      def retrieve
-        if provider.respond_to?(:members_to_s)
-          # Windows ADSI members returns SIDs, but retrieve needs names
-          # must return qualified names for SIDs for "is" value and puppet resource
-          return provider.members_to_s(provider.members).split(',')
-        end
-
-        super
+      def should_to_s(newvalue)
+        is_to_s(actual_should(retrieve, newvalue))
       end
 
-      # The members property should also accept a comma separated
-      # list of members (a String parameter) for backwards
-      # compatibility. Unfortunately, the List property would treat
-      # our comma separated list of members as a single-element Array.
-      # This override of should= ensures that a comma separated list of
-      # members is munged to an array of members, which is what we want.
-      # Note that we cannot use `munge` because that will pass in each
-      # array element instead of the entire array if the members property
-      # is specified as an array of members, which would cause each member
-      # to be munged into an array for that case. This is undesirable
-      # behavior.
-      def should=(values)
-        super(values)
-
-        if @should.length == 1 && @should.first.include?(delimiter)
-          @should = @should.first.split(delimiter)
+      # Calculates the actual should value given the current and
+      # new values. This is only used in should_to_s and change_to_s
+      # to fix the change notification issue reported in PUP-6542.
+      def actual_should(currentvalue, newvalue)
+        currentvalue = munge_members_value(currentvalue)
+        newvalue = munge_members_value(newvalue)
+
+        if @resource[:auth_membership]
+          newvalue.uniq.sort 
+        else
+          (currentvalue + newvalue).uniq.sort
         end
+      end
+
+      # Useful helper to handle the possible property value types that we can
+      # both pass-in and return. It munges the value into an array
+      def munge_members_value(value)
+        return [] if value == :absent
+        return value.split(',') if value.is_a?(String)
 
-        @should
+        value
       end
 
-      def insync?(current)
-        if provider.respond_to?(:members_insync?)
-          return provider.members_insync?(current, @should)
+      validate do |value|
+        if provider.respond_to?(:member_valid?)
+          return provider.member_valid?(value)
         end
-
-        super(current)
       end
     end
 

data/lib/puppet/util/filetype.rb

@@ -166,6 +166,12 @@ class Puppet::Util::FileType
   end
 
   # Handle Linux-style cron tabs.
+  #
+  # TODO: We can possibly eliminate the "-u <username>" option in cmdbase
+  # by just running crontab under <username>'s uid (like we do for suntab
+  # and aixtab). It may be worth investigating this alternative
+  # implementation in the future. This way, we can refactor all three of
+  # our cron file types into a common crontab file type.
   newfiletype(:crontab) do
     def initialize(user)
       self.path = user
@@ -185,16 +191,26 @@ class Puppet::Util::FileType
 
     # Read a specific @path's cron tab.
     def read
-      %x{#{cmdbase} -l 2>/dev/null}
+      Puppet::Util::Execution.execute("#{cmdbase} -l", failonfail: true, combine: true)
+    rescue => detail
+      case detail.to_s
+      when /no crontab for/
+        return ""
+      when /are not allowed to/
+        raise FileReadError, _("User %{path} not authorized to use cron") % { path: @path }, detail.backtrace
+      else
+        raise FileReadError, _("Could not read crontab for %{path}: %{detail}") % { path: @path, detail: detail }, detail.backtrace
+      end
     end
 
     # Remove a specific @path's cron tab.
     def remove
+      cmd = "#{cmdbase} -r"
       if %w{Darwin FreeBSD DragonFly}.include?(Facter.value("operatingsystem"))
-        %x{/bin/echo yes | #{cmdbase} -r 2>/dev/null}
-      else
-        %x{#{cmdbase} -r 2>/dev/null}
+        cmd = "/bin/echo yes | #{cmd}"
       end
+
+      Puppet::Util::Execution.execute(cmd, failonfail: true, combine: true)
     end
 
     # Overwrite a specific @path's cron tab; must be passed the @path name
@@ -270,7 +286,7 @@ class Puppet::Util::FileType
       Puppet::Util::Execution.execute(%w{crontab -l}, cronargs)
     rescue => detail
       case detail.to_s
-      when /Cannot open a file in the .* directory/
+      when /open.*in.*directory/
         return ""
       when /You are not authorized to use the cron command/
         raise FileReadError, _("User %{path} not authorized to use cron") % { path: @path }, detail.backtrace

data/lib/puppet/util/log/destinations.rb

@@ -77,9 +77,10 @@ Puppet::Util::Log.newdesttype :file do
 
     # create the log file, if it doesn't already exist
     need_array_start = false
+    file_exists = File.exists?(path)
     if @json == 1
       need_array_start = true
-      if File.exists?(path)
+      if file_exists
         sz = File.size(path)
         need_array_start = sz == 0
 
@@ -93,7 +94,7 @@ Puppet::Util::Log.newdesttype :file do
     file.puts('[') if need_array_start
 
     # Give ownership to the user and group puppet will run as
-    if Puppet.features.root? && !Puppet::Util::Platform.windows?
+    if Puppet.features.root? && !Puppet::Util::Platform.windows? && !file_exists
       begin
         FileUtils.chown(Puppet[:user], Puppet[:group], path)
       rescue ArgumentError, Errno::EPERM

data/lib/puppet/util/windows/adsi.rb

@@ -547,8 +547,6 @@ module Puppet::Util::Windows::ADSI
     def set_members(desired_members, inclusive = true)
       return if desired_members.nil?
 
-      desired_members = desired_members.split(',').map(&:strip)
-
       current_hash = Hash[ self.member_sids.map { |sid| [sid.sid, sid] } ]
       desired_hash = self.class.name_sid_hash(desired_members)