puppet 6.0.4-universal-darwin → 6.0.5-universal-darwin

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9d05cbc4b083661115e49efe6dfc865051e650f81454ad360a57a8ff3fb18fd4
-  data.tar.gz: 7f3ee431ecc2b7cba9e3918652e18216a69cc0dabf7a9c0b2fd94377c90fbcd4
+  metadata.gz: d34c5ebd73a762d6df54fc3ed4853b1de7c34e05918a745ef4a2c36065828a4d
+  data.tar.gz: 114ef1d3984ce2ae4238259557df37bc545c3070786ddeb3371e38c384ceee8e
 SHA512:
-  metadata.gz: b13a76f5e141758210968a3829e5f36f569c46fea33e5f01b7ad95be5b29e43149f31ccaddfd93b8b64c3b3c588bd996f6f16e041949dc326c2776b2a630edb0
-  data.tar.gz: dac192cc311a2b59124063fe1ad2bf3085f52d351ea9c55a69a5355c502d2f8daf175eb5c024880fb7bc8a41a1ce397c40eb64d705631aa2c0eab68536a66293
+  metadata.gz: e88e63a3839496a24a80a696ef210a0930e4192cd284700b7b87fb48f080140852b718b9c2cf7209b52579c01cc70a2bb4b6ef5a805d2f0df727bedb4192551f
+  data.tar.gz: 4ae4dd93f729f447cf501775eaaa9b22b00dffd74b2bb5de0d707b6bb315b81ba75a0543be1148c29b760ac598b7fe7aba4bdc3376e838162b978a981ad59100

data/Gemfile.lock

@@ -1,9 +1,9 @@
 PATH
   remote: .
   specs:
-    puppet (6.0.4)
+    puppet (6.0.5)
       CFPropertyList (~> 2.2)
-      facter (>= 2.0.1, < 4)
+      facter (>= 2.4.0, < 4)
       fast_gettext (~> 1.1.2)
       hiera (>= 3.2.1, < 4)
       httpclient (~> 2.8)
@@ -32,8 +32,8 @@ GEM
       fast_gettext (~> 1.1.0)
       gettext (>= 3.0.2)
       locale
-    hashdiff (0.3.7)
-    hiera (3.4.5.13)
+    hashdiff (0.3.8)
+    hiera (3.5.0)
     hiera-eyaml (2.1.0)
       highline (~> 1.6.19)
       trollop (~> 2.0)
@@ -46,34 +46,34 @@ GEM
     locale (2.1.2)
     memory_profiler (0.9.12)
     metaclass (0.0.4)
-    method_source (0.9.0)
-    minitar (0.7)
+    method_source (0.9.2)
+    minitar (0.8)
     mocha (1.5.0)
       metaclass (~> 0.0.1)
-    msgpack (1.2.4)
+    msgpack (1.2.6)
     multi_json (1.13.1)
     mustache (1.1.0)
-    packaging (0.99.16)
-      artifactory
+    packaging (0.99.21)
+      artifactory (~> 2)
       rake (~> 12.3)
     parallel (1.12.1)
-    parser (2.5.1.2)
+    parser (2.5.3.0)
       ast (~> 2.4.0)
     powerpack (0.1.2)
-    pry (0.11.3)
+    pry (0.12.2)
       coderay (~> 1.1.0)
       method_source (~> 0.9.0)
     public_suffix (3.0.3)
     puppet-resource_api (1.6.2)
       hocon (>= 1.0)
-    puppetserver-ca (1.1.1)
+    puppetserver-ca (1.2.1)
       facter (>= 2.0.1, < 4)
     racc (1.4.9)
     rainbow (2.2.2)
       rake
-    rake (12.3.1)
+    rake (12.3.2)
     rdiscount (2.2.0.1)
-    rdoc (6.0.4)
+    rdoc (6.1.1)
     ronn (0.7.3)
       hpricot (>= 0.8.2)
       mustache (>= 0.7.0)
@@ -111,7 +111,7 @@ GEM
     semantic_puppet (1.0.2)
     text (1.3.1)
     trollop (2.9.9)
-    unicode-display_width (1.4.0)
+    unicode-display_width (1.4.1)
     vcr (2.9.3)
     webmock (1.24.6)
       addressable (>= 2.3.6)

data/Rakefile

@@ -101,7 +101,9 @@ task(:warnings) do
   puts "Checking modified files #{commit_range}"
   %x{git diff --diff-filter=ACM --name-only #{commit_range}}.each_line do |modified_file|
     modified_file.chomp!
-    next unless File.extname(modified_file) == '.rb'
+    # Skip racc generated file as it can have many warnings that cannot be manually fixed
+    next if modified_file.end_with?("pops/parser/eparser.rb")
+    next if modified_file.start_with?('spec/fixtures/', 'acceptance/fixtures/') || File.extname(modified_file) != '.rb'
     puts modified_file
 
     stdout, stderr, _ = Open3.capture3("ruby -wc \"#{modified_file}\"")

data/ext/solaris/smf/svc-puppetd

@@ -12,7 +12,13 @@ exec_prefix=/opt/csw
 sysconfdir=/opt/csw/etc
 sbindir=/opt/csw/sbin
 
-pidfile=/var/run/puppetlabs/agent.pid
+if [ -z $SMF_SYSVOL_FS ]; then 
+  piddir=/var/run/puppetlabs
+else
+  piddir=$SMF_SYSVOL_FS/puppetlabs
+fi;
+
+pidfile=$piddir/agent.pid
 
 case "$1" in
 start)
@@ -20,6 +26,7 @@ start)
     # Start daemons.
 
     printf "Starting Puppet client services:"
+    mkdir -p $piddir
 
     /opt/csw/sbin/puppetd
 

data/ext/solaris/smf/svc-puppetmasterd

@@ -8,7 +8,13 @@ exec_prefix=/opt/csw
 sysconfdir=/opt/csw/etc
 sbindir=/opt/csw/sbin
 
-pidfile=/var/run/puppetlabs/master.pid
+if [ -z $SMF_SYSVOL_FS ]; then 
+  piddir=/var/run/puppetlabs
+else
+  piddir=$SMF_SYSVOL_FS/puppetlabs
+fi;
+
+pidfile=$piddir/master.pid
 
 case "$1" in
 start)
@@ -16,6 +22,7 @@ start)
     # Start daemons.
 
     printf "Starting Puppet server services:"
+    mkdir -p $piddir
 
     /opt/csw/sbin/puppetmasterd
 

data/lib/puppet/application/device.rb

@@ -1,4 +1,5 @@
 require 'puppet/application'
+require 'puppet/configurer'
 require 'puppet/util/network_device'
 
 class Puppet::Application::Device < Puppet::Application
@@ -53,6 +54,10 @@ class Puppet::Application::Device < Puppet::Application
     options[:detailed_exitcodes] = true
   end
 
+  option("--libdir LIBDIR") do |arg|
+    options[:libdir] = arg
+  end
+
   option("--apply MANIFEST") do |arg|
     options[:apply] = arg.to_s
   end
@@ -93,10 +98,11 @@ a scheduled task, or a similar tool.
 
 USAGE
 -----
-  puppet device [-d|--debug] [--detailed-exitcodes] [--deviceconfig <file>]
-                [-h|--help] [-l|--logdest syslog|<file>|console]
-                [-v|--verbose] [-w|--waitforcert <seconds>] [-f|--facts]
-                [-a|--apply <file>] [-r|--resource <type> [name]]
+  puppet device [-h|--help] [-v|--verbose] [-d|--debug]
+                [-l|--logdest syslog|<file>|console] [--detailed-exitcodes]
+                [--deviceconfig <file>] [-w|--waitforcert <seconds>]
+                [--libdir <directory>]
+                [-a|--apply <file>] [-f|--facts] [-r|--resource <type> [name]]
                 [-t|--target <device>] [--user=<user>] [-V|--version]
 
 
@@ -135,9 +141,25 @@ Note that any setting that's valid in the configuration file is also a valid
 long argument. For example, 'server' is a valid configuration parameter, so
 you can specify '--server <servername>' as an argument.
 
-* --debug:
+* --help, -h:
+  Print this help message
+
+* --verbose, -v:
+  Turn on verbose reporting.
+
+* --debug, -d:
   Enable full debugging.
 
+* --logdest, -l:
+  Where to send log messages. Choose between 'syslog' (the POSIX syslog
+  service), 'console', or the path to a log file. If debugging or verbosity is
+  enabled, this defaults to 'console'. Otherwise, it defaults to 'syslog'.
+
+  A path ending with '.json' will receive structured output in JSON format. The
+  log file will not have an ending ']' automatically written to it due to the
+  appending nature of logging. It must be appended manually to make the content
+  valid JSON.
+
 * --detailed-exitcodes:
   Provide transaction information via exit codes. If this is enabled, an exit
   code of '1' means at least one device had a compile failure, an exit code of
@@ -149,18 +171,16 @@ you can specify '--server <servername>' as an argument.
   Path to the device config file for puppet device.
   Default: $confdir/device.conf
 
-* --help:
-  Print this help message
+* --waitforcert, -w:
+  This option only matters for targets that do not yet have certificates
+  and it is enabled by default, with a value of 120 (seconds).  This causes
+  +puppet device+ to poll the server every 2 minutes and ask it to sign a
+  certificate request.  This is useful for the initial setup of a target.
+  You can turn off waiting for certificates by specifying a time of 0.
 
-* --logdest:
-  Where to send log messages. Choose between 'syslog' (the POSIX syslog
-  service), 'console', or the path to a log file. If debugging or verbosity is
-  enabled, this defaults to 'console'. Otherwise, it defaults to 'syslog'.
-
-  A path ending with '.json' will receive structured output in JSON format. The
-  log file will not have an ending ']' automatically written to it due to the
-  appending nature of logging. It must be appended manually to make the content
-  valid JSON.
+* --libdir:
+  Override the per-device libdir with a local directory. Specifying a libdir also
+  disables pluginsync. This is useful for testing.
 
 * --apply:
   Apply a manifest against a remote target. Target must be specified.
@@ -183,16 +203,6 @@ you can specify '--server <servername>' as an argument.
 * --user:
   The user to run as.
 
-* --verbose:
-  Turn on verbose reporting.
-
-* --waitforcert:
-  This option only matters for daemons that do not yet have certificates
-  and it is enabled by default, with a value of 120 (seconds).  This causes
-  +puppet agent+ to connect to the server every 2 minutes and ask it to sign a
-  certificate request.  This is useful for the initial setup of a puppet
-  client.  You can turn off waiting for certificates by specifying a time of 0.
-
 
 EXAMPLE
 -------
@@ -205,7 +215,7 @@ Brice Figureau
 
 COPYRIGHT
 ---------
-Copyright (c) 2011 Puppet Inc., LLC
+Copyright (c) 2011-2018 Puppet Inc., LLC
 Licensed under the Apache 2.0 License
       HELP
   end
@@ -222,11 +232,12 @@ Licensed under the Apache 2.0 License
       raise _("missing argument: --target is required when using --apply") if options[:target].nil?
       raise _("%{file} does not exist, cannot apply") % { file: options[:apply] } unless File.file?(options[:apply])
     end
+    libdir = Puppet[:libdir]
     vardir = Puppet[:vardir]
     confdir = Puppet[:confdir]
     certname = Puppet[:certname]
 
-    env = Puppet.lookup(:environments).get(Puppet[:environment])
+    env = Puppet::Node::Environment.remote(Puppet[:environment])
     returns = Puppet.override(:current_environment => env, :loaders => Puppet::Pops::Loaders.new(env)) do
       # find device list
       require 'puppet/util/network_device/config'
@@ -251,9 +262,13 @@ Licensed under the Apache 2.0 License
 
           # override local $vardir and $certname
           Puppet[:confdir] = ::File.join(Puppet[:devicedir], device.name)
+          Puppet[:libdir] = options[:libdir] || ::File.join(Puppet[:devicedir], device.name, 'lib')
           Puppet[:vardir] = ::File.join(Puppet[:devicedir], device.name)
           Puppet[:certname] = device.name
 
+          unless options[:resource] || options[:facts] || options[:apply] || options[:libdir]
+            Puppet::Configurer::PluginHandler.new.download_plugins(env)
+          end
           # this init the device singleton, so that the facts terminus
           # and the various network_device provider can use it
           Puppet::Util::NetworkDevice.init(device)
@@ -305,17 +320,18 @@ Licensed under the Apache 2.0 License
             Puppet.settings.use :main, :agent, :ssl
             # ask for a ssl cert if needed, but at least
             # setup the ssl system for this device.
-            setup_host
+            setup_host(device.name)
 
             require 'puppet/configurer'
             configurer = Puppet::Configurer.new
-            configurer.run(:network_device => true, :pluginsync => Puppet::Configurer.should_pluginsync?)
+            configurer.run(:network_device => true, :pluginsync => Puppet::Configurer.should_pluginsync? && !options[:libdir])
           end
         rescue => detail
           Puppet.log_exception(detail)
           # If we rescued an error, then we return 1 as the exit code
           1
         ensure
+          Puppet[:libdir] = libdir
           Puppet[:vardir] = vardir
           Puppet[:confdir] = confdir
           Puppet[:certname] = certname
@@ -354,8 +370,8 @@ Licensed under the Apache 2.0 License
     end
   end
 
-  def setup_host
-    @host = Puppet::SSL::Host.new
+  def setup_host(name)
+    @host = Puppet::SSL::Host.new(name, true)
     waitforcert = options[:waitforcert] || (Puppet[:onetime] ? 0 : Puppet[:waitforcert])
     @host.wait_for_cert(waitforcert)
   end

data/lib/puppet/application/ssl.rb

@@ -21,7 +21,7 @@ to communicate with a puppet infrastructure.
 
 USAGE
 -----
-puppet ssl <action> [-h|--help] [-v|--verbose] [-d|--debug] [--localca]
+puppet ssl <action> [-h|--help] [-v|--verbose] [-d|--debug] [--localca] [--target CERTNAME]
 
 
 OPTIONS
@@ -39,6 +39,8 @@ OPTIONS
 * --localca
   Also clean the local CA certificate and CRL.
 
+* --target CERTNAME
+  Clean the specified device certificate instead of this host's certificate.
 
 ACTIONS
 -------
@@ -62,10 +64,14 @@ ACTIONS
 * clean:
   Remove the private key and certificate related files for this host. If
   `--localca` is specified, then also remove this host's local copy of the
-  CA certificate(s) and CRL bundle.
+  CA certificate(s) and CRL bundle. if `--target CERTNAME` is specified, then
+  remove the files for the specified device on this host instead of this host.
 HELP
   end
 
+  option('--target CERTNAME') do |arg|
+    options[:target] = arg.to_s
+  end
   option('--localca')
   option('--verbose', '-v')
   option('--debug', '-d')
@@ -80,8 +86,17 @@ HELP
       raise Puppet::Error, _("An action must be specified.")
     end
 
-    Puppet.settings.use(:main, :agent)
-    host = Puppet::SSL::Host.new(options[:certname])
+    if options[:target]
+      # Override the following, as per lib/puppet/application/device.rb
+      Puppet[:certname] = options[:target]
+      Puppet[:confdir]  = File.join(Puppet[:devicedir], Puppet[:certname])
+      Puppet[:vardir]   = File.join(Puppet[:devicedir], Puppet[:certname])
+      host = Puppet::SSL::Host.new(Puppet[:certname], true)
+      Puppet.settings.use(:main, :agent, :device)
+    else
+      host = Puppet::SSL::Host.new(Puppet[:certname])
+      Puppet.settings.use(:main, :agent)
+    end
 
     action = command_line.args.first
     case action
@@ -166,16 +181,16 @@ HELP
 
   def clean(host)
     # make sure cert has been removed from the CA
-    if Puppet[:certname] == Puppet[:ca_server]
+    if host.name == Puppet[:ca_server]
       cert =
         begin
-          host.download_certificate_from_ca(Puppet[:certname])
+          host.download_certificate_from_ca(host.name)
         rescue => e
-          raise Puppet::Error.new(_("Failed to connect to the CA to determine if certificate %{certname} has been cleaned") % { certname: Puppet[:certname] }, e)
+          raise Puppet::Error.new(_("Failed to connect to the CA to determine if certificate %{certname} has been cleaned") % { certname: host.name }, e)
         end
 
       if cert
-        raise Puppet::Error, _(<<END) % { certname: Puppet[:certname] }
+        raise Puppet::Error, _(<<END) % { certname: host.name }
 The certificate %{certname} must be cleaned from the CA first. To fix this,
 run the following commands on the CA:
   puppetserver ca clean --certname %{certname}
@@ -184,16 +199,15 @@ END
       end
     end
 
-    settings = {
-      hostprivkey: 'private key',
-      hostpubkey: 'public key',
-      hostcsr: 'certificate request',
-      hostcert: 'certificate',
-      passfile: 'private key password file'
+    paths = {
+      'private key' => Puppet[:hostprivkey],
+      'public key'  => Puppet[:hostpubkey],
+      'certificate request' => File.join(Puppet[:requestdir], "#{Puppet[:certname]}.pem"),
+      'certificate' => Puppet[:hostcert],
+      'private key password file' => Puppet[:passfile]
     }
-    settings.merge!(localcacert: 'local CA certificate', hostcrl: 'local CRL') if options[:localca]
-    settings.each_pair do |setting, label|
-      path = Puppet[setting]
+    paths.merge!('local CA certificate' => Puppet[:localcacert], 'local CRL' => Puppet[:hostcrl]) if options[:localca]
+    paths.each_pair do |label, path|
       if Puppet::FileSystem.exist?(path)
         Puppet::FileSystem.unlink(path)
         Puppet.notice _("Removed %{label} %{path}") % { label: label, path: path }

data/lib/puppet/defaults.rb

@@ -851,7 +851,8 @@ EOT
       :mode => "0644",
       :owner => "service",
       :group => "service",
-      :desc => "Where individual hosts store and look for their certificate requests."
+      :deprecated  => :completely,
+      :desc => "This setting is deprecated."
     },
     :hostcert => {
       :default => "$certdir/$certname.pem",

data/lib/puppet/face/config.rb

@@ -35,7 +35,7 @@ Puppet::Face.define(:config, '0.0.1') do
 
   action(:print) do
     summary _("Examine Puppet's current settings.")
-    arguments _("(all | <setting> [<setting> ...]")
+    arguments _("all | <setting> [<setting> ...]")
     description <<-'EOT'
       Prints the value of a single setting or a list of settings.
 

data/lib/puppet/forge.rb

@@ -17,6 +17,9 @@ class Puppet::Forge < SemanticPuppet::Dependency::Source
 
   USER_AGENT = "PMT/1.1.1 (v3; Net::HTTP)".freeze
 
+  # From https://forgeapi.puppet.com/#!/release/getReleases
+  MODULE_RELEASE_EXCLUSIONS=%w[readme changelog license uri module tags supported file_size downloads created_at updated_at deleted_at].join(',').freeze
+
   attr_reader :host, :repository
 
   def initialize(host = Puppet[:module_repository])
@@ -89,7 +92,7 @@ class Puppet::Forge < SemanticPuppet::Dependency::Source
   # @see SemanticPuppet::Dependency::Source#fetch
   def fetch(input)
     name = input.tr('/', '-')
-    uri = "/v3/releases?module=#{name}&sort_by=version"
+    uri = "/v3/releases?module=#{name}&sort_by=version&exclude_fields=#{MODULE_RELEASE_EXCLUSIONS}"
     if Puppet[:module_groups]
       uri += "&module_groups=#{Puppet[:module_groups].gsub('+', ' ')}"
     end