puppet 6.26.0-universal-darwin → 6.27.0-universal-darwin

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5673612df51c2e140cfae45c616b50111867a6b0c96bcba4090408d1f0daf925
-  data.tar.gz: 71ab615ddcd0d04438079947ed0c69f49609c103c6e0c4768c0ce8f61588aab8
+  metadata.gz: 75ff4ca199a268dc90aa6fe8e32882bf92bf7c35ddd6d0520c9991f1e16e0223
+  data.tar.gz: a41173a9cdee61c24c191c6a719ef33360b613d112a5e1da6e199c1bffe57bc9
 SHA512:
-  metadata.gz: 5b568d224a5fb42a28ab84528d633d1b9adbebd2b349acb453931b8941baf1ade2af2aaf058070ba6ac6359c6e1737e5b761504afeec93d821ffdfacc22a8a2f
-  data.tar.gz: 99dcb372be188fece45cd50f3fe456991a6aacd789a52cf177fa648cf6af0fe4557a8add75a7718a57d8bf712f4200dc6f457b31ab386ecb7bae8ada404309cb
+  metadata.gz: 7012be95fad830749e210d5ddec95e0cc92976ed92c2cf65301dbbcd2acf782773755e88bc83ee0bd5ed912582a88c66592a66a69d9c41de391927752b9fc6c6
+  data.tar.gz: 967d852cbf0e1b8c8f2cc154ac7fa8316a8131044314a758295ca2f75a8cfa6537e4f69a3e99f88847b9df4cccc380e44b7b919c1e161954e484403d4b884504

data/CODEOWNERS

@@ -1,5 +1,5 @@
 # defaults
-* @puppetlabs/platform-core @puppetlabs/puppetserver-maintainers @puppetlabs/night-s-watch
+* @puppetlabs/phoenix @puppetlabs/puppetserver-maintainers
 
 # PAL
 /lib/puppet/pal @puppetlabs/bolt

data/Gemfile.lock

@@ -1,11 +1,11 @@
 GIT
   remote: https://github.com/puppetlabs/packaging
-  revision: 9d36e41d10ce14c66d9c3c35157788e63c1afef8
+  revision: 6f7b1ff00ab557f6a47f3f553cc87ec15d718470
   branch: 1.0.x
   specs:
-    packaging (0.105.0)
+    packaging (0.106.0.27.g6f7b1ff)
       apt_stage_artifacts
-      artifactory (~> 2)
+      artifactory (~> 3)
       csv (= 3.1.5)
       rake (>= 12.3)
       release-metrics
@@ -13,7 +13,7 @@ GIT
 PATH
   remote: .
   specs:
-    puppet (6.26.0)
+    puppet (6.27.0)
       CFPropertyList (~> 2.2)
       concurrent-ruby (~> 1.0)
       deep_merge (~> 1.0)
@@ -33,17 +33,17 @@ GEM
       public_suffix (>= 2.0.2, < 5.0)
     apt_stage_artifacts (0.10.1)
       docopt
-    artifactory (2.8.2)
+    artifactory (3.0.15)
     ast (2.4.2)
     coderay (1.1.3)
-    concurrent-ruby (1.1.9)
+    concurrent-ruby (1.1.10)
     crack (0.4.5)
       rexml
     csv (3.1.5)
     deep_merge (1.2.2)
     diff-lcs (1.5.0)
     docopt (0.6.1)
-    facter (4.2.7)
+    facter (4.2.9)
       hocon (~> 1.3)
       thor (>= 1.0.1, < 2.0)
     fast_gettext (1.1.2)
@@ -70,11 +70,11 @@ GEM
     memory_profiler (1.0.0)
     method_source (1.0.0)
     minitar (0.9)
-    msgpack (1.4.2)
+    msgpack (1.5.0)
     multi_json (1.15.0)
     mustache (1.1.1)
     optimist (3.0.1)
-    parallel (1.21.0)
+    parallel (1.22.1)
     parser (2.7.2.0)
       ast (~> 2.4.1)
     powerpack (0.1.3)
@@ -84,7 +84,7 @@ GEM
     public_suffix (4.0.6)
     puppet-resource_api (1.8.14)
       hocon (>= 1.0)
-    puppetserver-ca (1.11.6)
+    puppetserver-ca (1.11.7)
       facter (>= 2.0.1, < 5)
     racc (1.5.2)
     rainbow (2.2.2)
@@ -100,22 +100,22 @@ GEM
       hpricot (>= 0.8.2)
       mustache (>= 0.7.0)
       rdiscount (>= 1.5.8)
-    rspec (3.10.0)
-      rspec-core (~> 3.10.0)
-      rspec-expectations (~> 3.10.0)
-      rspec-mocks (~> 3.10.0)
-    rspec-core (3.10.1)
-      rspec-support (~> 3.10.0)
-    rspec-expectations (3.10.2)
+    rspec (3.11.0)
+      rspec-core (~> 3.11.0)
+      rspec-expectations (~> 3.11.0)
+      rspec-mocks (~> 3.11.0)
+    rspec-core (3.11.0)
+      rspec-support (~> 3.11.0)
+    rspec-expectations (3.11.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.10.0)
+      rspec-support (~> 3.11.0)
     rspec-its (1.3.0)
       rspec-core (>= 3.0.0)
       rspec-expectations (>= 3.0.0)
-    rspec-mocks (3.10.2)
+    rspec-mocks (3.11.1)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.10.0)
-    rspec-support (3.10.3)
+      rspec-support (~> 3.11.0)
+    rspec-support (3.11.0)
     rubocop (0.49.1)
       parallel (~> 1.10)
       parser (>= 2.3.3.1, < 3.0)
@@ -176,4 +176,4 @@ DEPENDENCIES
   yard
 
 BUNDLED WITH
-   2.2.6
+   2.3.9

data/lib/puppet/application/lookup.rb

@@ -373,38 +373,34 @@ Copyright (c) 2015 Puppet Inc., LLC Licensed under the Apache 2.0 License
     end
 
     unless node.is_a?(Puppet::Node) # to allow unit tests to pass a node instance
-      facts = retrieve_node_facts(node, given_facts) 
-      if Puppet.settings.set_by_cli?('environment')
-        node = Puppet::Node.new(node, :classes => nil, :parameters => nil, :facts => facts, :environment => Puppet.settings.value('environment'))
-      else
-        ni = Puppet::Node.indirection
-        tc = ni.terminus_class
-        if options[:compile]
-          if tc == :plain
-            node = ni.find(node, facts: facts)
-          else
-            begin
-              service = Puppet.runtime[:http]
-              session = service.create_session
-              cert = session.route_to(:ca)
-
-              _, x509 = cert.get_certificate(node)
-              cert = OpenSSL::X509::Certificate.new(x509)
-              Puppet::SSL::Oids.register_puppet_oids
-              trusted = Puppet::Context::TrustedInformation.remote(true, facts.values['certname'] || node, Puppet::SSL::Certificate.from_instance(cert))
-              Puppet.override(trusted_information: trusted) do
-                node = ni.find(node, facts: facts)
-              end
-            rescue
-              Puppet.warning _("CA is not available, the operation will continue without using trusted facts.")
+      facts = retrieve_node_facts(node, given_facts)
+      ni = Puppet::Node.indirection
+      tc = ni.terminus_class
+      if options[:compile] && !Puppet.settings.set_by_cli?('environment')
+        if tc == :plain
+          node = ni.find(node, facts: facts)
+        else
+          begin
+            service = Puppet.runtime[:http]
+            session = service.create_session
+            cert = session.route_to(:ca)
+
+            _, x509 = cert.get_certificate(node)
+            cert = OpenSSL::X509::Certificate.new(x509)
+            Puppet::SSL::Oids.register_puppet_oids
+            trusted = Puppet::Context::TrustedInformation.remote(true, facts.values['certname'] || node, Puppet::SSL::Certificate.from_instance(cert))
+            Puppet.override(trusted_information: trusted) do
               node = ni.find(node, facts: facts)
             end
+          rescue
+            Puppet.warning _("CA is not available, the operation will continue without using trusted facts.")
+            node = ni.find(node, facts: facts)
           end
-        else
-          ni.terminus_class = :plain
-          node = ni.find(node, facts: facts)
-          ni.terminus_class = tc
         end
+      else
+        ni.terminus_class = :plain
+        node = ni.find(node, facts: facts, environment: Puppet[:environment])
+        ni.terminus_class = tc
       end
     else
       node.add_extra_facts(given_facts) if given_facts

data/lib/puppet/configurer.rb

@@ -330,7 +330,7 @@ class Puppet::Configurer
       temp_value = options[:pluginsync]
 
       # only validate server environment if pluginsync is requested
-      options[:pluginsync] = valid_server_environment? if options[:pluginsync] == true
+      options[:pluginsync] = valid_server_environment? if options[:pluginsync]
 
       query_options, facts = get_facts(options) unless query_options
       options[:pluginsync] = temp_value
@@ -443,7 +443,11 @@ class Puppet::Configurer
       true
     rescue Puppet::HTTP::ResponseError => detail
       if detail.response.code == 404
-        Puppet.notice(_("Environment '%{environment}' not found on server, skipping initial pluginsync.") % { environment: @environment })
+        if Puppet[:strict_environment_mode]
+          raise Puppet::Error.new(_("Environment '%{environment}' not found on server, aborting run.") % { environment: @environment })
+        else
+          Puppet.notice(_("Environment '%{environment}' not found on server, skipping initial pluginsync.") % { environment: @environment })
+        end
       else
         Puppet.log_exception(detail, detail.message)
       end

data/lib/puppet/defaults.rb

@@ -2068,7 +2068,6 @@ EOT
       :hook => proc do |value|
         paths = value.split(File::PATH_SEPARATOR)
         facter = Puppet.runtime[:facter]
-        facter.reset
         facter.search(*paths)
       end
     }

data/lib/puppet/functions/next.rb

@@ -1,8 +1,25 @@
 # Makes iteration continue with the next value, optionally with a given value for this iteration.
 # If a value is not given it defaults to `undef`
+# 
+# @example Using the `next()` function
 #
-# @since 4.7.0
+# ```puppet
+# $data = ['a','b','c']
+# $data.each |Integer $index, String $value| {
+#   if $index == 1 {
+#     next()
+#   }
+#   notice ("${index} = ${value}")
+# }
+# ```
+#
+# Would notice:
+# ```
+# Notice: Scope(Class[main]): 0 = a
+# Notice: Scope(Class[main]): 2 = c
+# ```
 #
+# @since 4.7.0
 Puppet::Functions.create_function(:next) do
   dispatch :next_impl do
     optional_param 'Any', :value

data/lib/puppet/functions/tree_each.rb

@@ -112,7 +112,6 @@
 # * `reverse_each` - get "leaves before root"
 # * `filter` - prune the tree
 # * `map` - transform each element
-# * `reduce` - produce something else
 #
 # Note than when chaining, the value passed on is a `Tuple` with `[path, value]`.
 #

data/lib/puppet/ssl/ssl_provider.rb

@@ -51,8 +51,7 @@ class Puppet::SSL::SSLProvider
   # @raise (see #create_context)
   # @api private
   def create_system_context(cacerts:, path: Puppet[:ssl_trust_store])
-    store = create_x509_store(cacerts, [], false)
-    store.set_default_paths
+    store = create_x509_store(cacerts, [], false, include_system_store: true)
 
     if path
       stat = Puppet::FileSystem.stat(path)
@@ -94,19 +93,20 @@ class Puppet::SSL::SSLProvider
   # @param client_cert [OpenSSL::X509::Certificate] client's cert whose public
   #   key matches the `private_key`
   # @param revocation [:chain, :leaf, false] revocation mode
+  # @param include_system_store [true, false] Also trust system CA
   # @return [Puppet::SSL::SSLContext] A context to use to create connections
   # @raise [Puppet::SSL::CertVerifyError] There was an issue with
   #   one of the certs or CRLs.
   # @raise [Puppet::SSL::SSLError] There was an issue with the
   #   `private_key`.
   # @api private
-  def create_context(cacerts:, crls:, private_key:, client_cert:, revocation: Puppet[:certificate_revocation])
+  def create_context(cacerts:, crls:, private_key:, client_cert:, revocation: Puppet[:certificate_revocation], include_system_store: false)
     raise ArgumentError, _("CA certs are missing") unless cacerts
     raise ArgumentError, _("CRLs are missing") unless crls
     raise ArgumentError, _("Private key is missing") unless private_key
     raise ArgumentError, _("Client cert is missing") unless client_cert
 
-    store = create_x509_store(cacerts, crls, revocation)
+    store = create_x509_store(cacerts, crls, revocation, include_system_store: include_system_store)
     client_chain = verify_cert_with_store(store, client_cert)
 
     if !private_key.is_a?(OpenSSL::PKey::RSA) && !private_key.is_a?(OpenSSL::PKey::EC)
@@ -134,12 +134,13 @@ class Puppet::SSL::SSLProvider
   # @param password [String, nil] If the private key is encrypted, decrypt
   #   it using the password. If the key is encrypted, but a password is
   #   not specified, then the key cannot be loaded.
+  # @param include_system_store [true, false] Also trust system CA
   # @return [Puppet::SSL::SSLContext] A context to use to create connections
   # @raise [Puppet::SSL::CertVerifyError] There was an issue with
   #   one of the certs or CRLs.
   # @raise [Puppet::Error] There was an issue with one of the required components.
   # @api private
-  def load_context(certname: Puppet[:certname], revocation: Puppet[:certificate_revocation], password: nil)
+  def load_context(certname: Puppet[:certname], revocation: Puppet[:certificate_revocation], password: nil, include_system_store: false)
     cert = Puppet::X509::CertProvider.new
     cacerts = cert.load_cacerts(required: true)
     crls = case revocation
@@ -151,7 +152,7 @@ class Puppet::SSL::SSLProvider
     private_key = cert.load_private_key(certname, required: true, password: password)
     client_cert = cert.load_client_cert(certname, required: true)
 
-    create_context(cacerts: cacerts, crls: crls,  private_key: private_key, client_cert: client_cert, revocation: revocation)
+    create_context(cacerts: cacerts, crls: crls,  private_key: private_key, client_cert: client_cert, revocation: revocation, include_system_store: include_system_store)
   rescue OpenSSL::PKey::PKeyError => e
     raise Puppet::SSL::SSLError.new(_("Failed to load private key for host '%{name}': %{message}") % { name: certname, message: e.message }, e)
   end
@@ -186,7 +187,7 @@ class Puppet::SSL::SSLProvider
     end
   end
 
-  def create_x509_store(roots, crls, revocation)
+  def create_x509_store(roots, crls, revocation, include_system_store: false)
     store = OpenSSL::X509::Store.new
     store.purpose = OpenSSL::X509::PURPOSE_ANY
     store.flags = default_flags | revocation_mode(revocation)
@@ -194,6 +195,8 @@ class Puppet::SSL::SSLProvider
     roots.each { |cert| store.add_cert(cert) }
     crls.each { |crl| store.add_crl(crl) }
 
+    store.set_default_paths if include_system_store
+
     store
   end
 

data/lib/puppet/type/exec.rb

@@ -457,7 +457,7 @@ module Puppet
 
             exec { '/bin/echo root >> /usr/lib/cron/cron.allow':
               path   => '/usr/bin:/usr/sbin:/bin',
-              unless => 'grep root /usr/lib/cron/cron.allow 2>/dev/null',
+              unless => 'grep ^root$ /usr/lib/cron/cron.allow 2>/dev/null',
             }
 
         This would add `root` to the cron.allow file (on Solaris) unless

data/lib/puppet/util/monkey_patches.rb

@@ -70,8 +70,6 @@ unless Puppet::Util::Platform.jruby_fips?
 end
 
 if Puppet::Util::Platform.windows?
-  require 'puppet/util/windows'
-
   class OpenSSL::X509::Store
     @puppet_certs_loaded = false
     alias __original_set_default_paths set_default_paths

data/lib/puppet/util.rb

@@ -7,6 +7,7 @@ require 'uri'
 require 'pathname'
 require 'ostruct'
 require 'puppet/util/platform'
+require 'puppet/util/windows'
 require 'puppet/util/symbolic_file_mode'
 require 'puppet/file_system/uniquefile'
 require 'securerandom'
@@ -22,8 +23,6 @@ module Util
   require 'puppet/util/posix'
   extend Puppet::Util::POSIX
 
-  require 'puppet/util/windows/process' if Puppet::Util::Platform.windows?
-
   extend Puppet::Util::SymbolicFileMode
 
   def default_env

data/lib/puppet/version.rb

@@ -6,7 +6,7 @@
 # Raketasks and such to set the version based on the output of `git describe`
 
 module Puppet
-  PUPPETVERSION = '6.26.0'
+  PUPPETVERSION = '6.27.0'
 
   ##
   # version is a public API method intended to always provide a fast and

data/man/man5/puppet.conf.5

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPETCONF" "5" "January 2022" "Puppet, Inc." "Puppet manual"
+.TH "PUPPETCONF" "5" "March 2022" "Puppet, Inc." "Puppet manual"
 \fBThis page is autogenerated; any changes will get overwritten\fR
 .
 .SH "Configuration settings"
@@ -945,7 +945,7 @@ The time to wait for data to be read from an HTTP connection\. If nothing is rea
 The HTTP User\-Agent string to send when making network requests\.
 .
 .IP "\(bu" 4
-\fIDefault\fR: \fBPuppet/6\.26\.0 Ruby/2\.7\.1\-p83 (x86_64\-linux)\fR
+\fIDefault\fR: \fBPuppet/6\.27\.0 Ruby/2\.7\.5\-p203 (x86_64\-linux)\fR
 .
 .IP "" 0
 .

data/man/man8/puppet-agent.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-AGENT" "8" "January 2022" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-AGENT" "8" "March 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-agent\fR \- The puppet agent daemon

data/man/man8/puppet-apply.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-APPLY" "8" "January 2022" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-APPLY" "8" "March 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-apply\fR \- Apply Puppet manifests locally

data/man/man8/puppet-catalog.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-CATALOG" "8" "January 2022" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-CATALOG" "8" "March 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-catalog\fR \- Compile, save, view, and convert catalogs\.

data/man/man8/puppet-config.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-CONFIG" "8" "January 2022" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-CONFIG" "8" "March 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-config\fR \- Interact with Puppet\'s settings\.

data/man/man8/puppet-describe.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-DESCRIBE" "8" "January 2022" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-DESCRIBE" "8" "March 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-describe\fR \- Display help about resource types

data/man/man8/puppet-device.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-DEVICE" "8" "January 2022" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-DEVICE" "8" "March 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-device\fR \- Manage remote network devices

data/man/man8/puppet-doc.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-DOC" "8" "January 2022" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-DOC" "8" "March 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-doc\fR \- Generate Puppet references

data/man/man8/puppet-epp.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-EPP" "8" "January 2022" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-EPP" "8" "March 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-epp\fR \- Interact directly with the EPP template parser/renderer\.

data/man/man8/puppet-facts.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-FACTS" "8" "January 2022" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-FACTS" "8" "March 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-facts\fR \- Retrieve and store facts\.

data/man/man8/puppet-filebucket.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-FILEBUCKET" "8" "January 2022" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-FILEBUCKET" "8" "March 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-filebucket\fR \- Store and retrieve files in a filebucket

data/man/man8/puppet-generate.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-GENERATE" "8" "January 2022" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-GENERATE" "8" "March 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-generate\fR \- Generates Puppet code from Ruby definitions\.

data/man/man8/puppet-help.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-HELP" "8" "January 2022" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-HELP" "8" "March 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-help\fR \- Display Puppet help\.

data/man/man8/puppet-key.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-KEY" "8" "January 2022" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-KEY" "8" "March 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-key\fR \- Create, save, and remove certificate keys\.

data/man/man8/puppet-lookup.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-LOOKUP" "8" "January 2022" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-LOOKUP" "8" "March 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-lookup\fR \- Interactive Hiera lookup

data/man/man8/puppet-man.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-MAN" "8" "January 2022" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-MAN" "8" "March 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-man\fR \- Display Puppet manual pages\.

data/man/man8/puppet-module.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-MODULE" "8" "January 2022" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-MODULE" "8" "March 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-module\fR \- Creates, installs and searches for modules on the Puppet Forge\.

data/man/man8/puppet-node.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-NODE" "8" "January 2022" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-NODE" "8" "March 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-node\fR \- View and manage node definitions\.

data/man/man8/puppet-parser.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-PARSER" "8" "January 2022" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-PARSER" "8" "March 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-parser\fR \- Interact directly with the parser\.

data/man/man8/puppet-plugin.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-PLUGIN" "8" "January 2022" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-PLUGIN" "8" "March 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-plugin\fR \- Interact with the Puppet plugin system\.

data/man/man8/puppet-report.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-REPORT" "8" "January 2022" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-REPORT" "8" "March 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-report\fR \- Create, display, and submit reports\.

data/man/man8/puppet-resource.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-RESOURCE" "8" "January 2022" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-RESOURCE" "8" "March 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-resource\fR \- The resource abstraction layer shell

data/man/man8/puppet-script.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-SCRIPT" "8" "January 2022" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-SCRIPT" "8" "March 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-script\fR \- Run a puppet manifests as a script without compiling a catalog

data/man/man8/puppet-ssl.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-SSL" "8" "January 2022" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-SSL" "8" "March 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-ssl\fR \- Manage SSL keys and certificates for puppet SSL clients

data/man/man8/puppet-status.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-STATUS" "8" "January 2022" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-STATUS" "8" "March 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-status\fR \- View puppet server status\.

data/man/man8/puppet.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET" "8" "January 2022" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET" "8" "March 2022" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\fR
@@ -25,4 +25,4 @@ Specialized:
 catalog Compile, save, view, and convert catalogs\. describe Display help about resource types device Manage remote network devices doc Generate Puppet references epp Interact directly with the EPP template parser/renderer\. facts Retrieve and store facts\. filebucket Store and retrieve files in a filebucket generate Generates Puppet code from Ruby definitions\. node View and manage node definitions\. parser Interact directly with the parser\. plugin Interact with the Puppet plugin system\. script Run a puppet manifests as a script without compiling a catalog ssl Manage SSL keys and certificates for puppet SSL clients
 .
 .P
-See \'puppet help \fIsubcommand\fR \fIaction\fR\' for help on a specific subcommand action\. See \'puppet help \fIsubcommand\fR\' for help on a specific subcommand\. Puppet v6\.26\.0
+See \'puppet help \fIsubcommand\fR \fIaction\fR\' for help on a specific subcommand action\. See \'puppet help \fIsubcommand\fR\' for help on a specific subcommand\. Puppet v6\.27\.0

data/spec/integration/application/lookup_spec.rb

@@ -7,7 +7,7 @@ describe 'lookup' do
   include PuppetSpec::Files
 
   context 'with an environment' do
-    let(:fqdn) { Puppet.runtime[:facter].value(:fqdn) }
+    let(:fqdn) { Puppet[:certname] }
     let(:env_name) { 'spec' }
     let(:env_dir) { tmpdir('environments') }
     let(:environment_files) do
@@ -43,12 +43,10 @@ describe 'lookup' do
     end
 
     let(:app) { Puppet::Application[:lookup] }
-    let(:env) { Puppet::Node::Environment.create(env_name.to_sym, [File.join(populated_env_dir, env_name, 'modules')]) }
-    let(:environments) { Puppet::Environments::Directories.new(populated_env_dir, []) }
     let(:facts) { Puppet::Node::Facts.new("facts", {'my_fact' => 'my_fact_value'}) }
     let(:cert) { pem_content('oid.pem') }
 
-    let(:node) { Puppet::Node.new('testnode', :facts => facts, :environment => env) }
+    let(:node) { Puppet::Node.new('testnode', :facts => facts) }
     let(:populated_env_dir) do
       dir_contained_in(env_dir, environment_files)
       env_dir
@@ -57,75 +55,72 @@ describe 'lookup' do
     before do
       stub_request(:get, "https://puppet:8140/puppet-ca/v1/certificate/#{fqdn}").to_return(body: cert)
       allow(Puppet::Node::Facts.indirection).to receive(:find).and_return(facts)
-    end
 
-    def lookup(key, options = {}, explain = false)
-      key = [key] unless key.is_a?(Array)
-      allow(app.command_line).to receive(:args).and_return(key)
-      if explain
-        app.options[:explain] = true
-        app.options[:render_as] = :s
-      else
-        app.options[:render_as] = :json
-      end
-      options.each_pair { |k, v| app.options[k] = v }
-      capture = StringIO.new
-      saved_stdout = $stdout
-      begin
-        $stdout = capture
-        expect { app.run_command }.to exit_with(0)
-      ensure
-        $stdout = saved_stdout
-      end
-      out = capture.string.strip
-      if explain
-        out
-      else
-        out.empty? ? nil : JSON.parse("[#{out}]")[0]
-      end
-    end
+      Puppet[:environment] = env_name
+      Puppet[:environmentpath] = populated_env_dir
 
-    def explain(key, options = {})
-      lookup(key, options, true)
+      http = Puppet::HTTP::Client.new(ssl_context: Puppet::SSL::SSLProvider.new.create_insecure_context)
+      Puppet.runtime[:http] = http
     end
 
-    around(:each) do |example|
-      Puppet.override(:environments => environments, :current_environment => env) do
-        example.run
-      end
+    def expect_lookup_with_output(exitcode, out)
+      expect { app.run }.to exit_with(exitcode).and output(out).to_stdout
     end
 
     it 'finds data in the environment' do
-      expect(lookup('a')).to eql('value a')
+      app.command_line.args << 'a'
+      expect_lookup_with_output(0, /value a/)
     end
 
-    it 'loads trusted information from the node certificate' do
-      allow(Puppet).to receive(:override).and_call_original
-      expect(Puppet).to receive(:override).with(trusted_information: an_object_having_attributes(
-        certname: fqdn,
-        extensions: { "1.3.6.1.4.1.34380.1.2.1.1" => "somevalue" }))
+    it "resolves hiera data using a top-level node parameter" do
+      File.write(File.join(env_dir, env_name, 'hiera.yaml'), <<~YAML)
+        ---
+        version: 5
+        hierarchy:
+          - name: "Per Node"
+            data_hash: yaml_data
+            path: "%{my_fact}.yaml"
+      YAML
+
+      File.write(File.join(env_dir, env_name, 'data', "my_fact_value.yaml"), <<~YAML)
+        ---
+        a: value from per node data
+      YAML
+
+      app.command_line.args << 'a'
+      expect_lookup_with_output(0, /--- value from per node data/)
+    end
 
+    it 'loads trusted information from the node certificate' do
       Puppet.settings[:node_terminus] = 'exec'
-      expect_any_instance_of(Puppet::Node::Exec).to receive(:find).and_return(node)
-      lookup('a', :compile => true)
+      expect_any_instance_of(Puppet::Node::Exec).to receive(:find) do |args|
+        info = Puppet.lookup(:trusted_information)
+        expect(info.certname).to eq(fqdn)
+        expect(info.extensions).to eq({ "1.3.6.1.4.1.34380.1.2.1.1" => "somevalue" })
+      end.and_return(node)
+
+      app.command_line.args << 'a' << '--compile'
+      expect_lookup_with_output(0, /--- value a/)
     end
 
     it 'loads external facts when running without --node' do
       expect(Puppet::Util).not_to receive(:skip_external_facts)
       expect(Facter).not_to receive(:load_external)
-      lookup('a')
+
+      app.command_line.args << 'a'
+      expect_lookup_with_output(0, /--- value a/)
     end
 
     describe 'when using --node' do
       let(:fqdn) { 'random_node' }
 
       it 'skips loading of external facts' do
-        app.options[:node] = fqdn
+        app.command_line.args << 'a' << '--node' << fqdn
 
         expect(Puppet::Node::Facts.indirection).to receive(:find).and_return(facts)
-        expect(Facter).to receive(:load_external).once.with(false)
-        expect(Facter).to receive(:load_external).once.with(true)
-        lookup('a')
+        expect(Facter).to receive(:load_external).twice.with(false)
+        expect(Facter).to receive(:load_external).twice.with(true)
+        expect_lookup_with_output(0, /--- value a/)
       end
     end
 
@@ -133,29 +128,32 @@ describe 'lookup' do
       require 'puppet/indirector/node/exec'
       require 'puppet/indirector/node/plain'
 
-      let(:node) { Puppet::Node.new('testnode', :facts => facts, :environment => env) }
+      let(:node) { Puppet::Node.new('testnode', :facts => facts) }
 
       it ':plain without --compile' do
         Puppet.settings[:node_terminus] = 'exec'
         expect_any_instance_of(Puppet::Node::Plain).to receive(:find).and_return(node)
         expect_any_instance_of(Puppet::Node::Exec).not_to receive(:find)
-        expect(lookup('a')).to eql('value a')
+
+        app.command_line.args << 'a'
+        expect_lookup_with_output(0, /--- value a/)
       end
 
       it 'configured in Puppet settings with --compile' do
         Puppet.settings[:node_terminus] = 'exec'
         expect_any_instance_of(Puppet::Node::Plain).not_to receive(:find)
         expect_any_instance_of(Puppet::Node::Exec).to receive(:find).and_return(node)
-        expect(lookup('a', :compile => true)).to eql('value a')
+
+        app.command_line.args << 'a' << '--compile'
+        expect_lookup_with_output(0, /--- value a/)
       end
     end
 
     context 'configured with the wrong environment' do
-      let(:env) { Puppet::Node::Environment.create(env_name.to_sym, [File.join(populated_env_dir, env_name, 'modules')]) }
       it 'does not find data in non-existing environment' do
-        Puppet.override(:environments => environments, :current_environment => 'someother') do
-          expect(lookup('a', {}, true)).to match(/did not find a value for the name 'a'/)
-        end
+        Puppet[:environment] = 'doesntexist'
+        app.command_line.args << 'a'
+        expect { app.run }.to raise_error(Puppet::Environments::EnvironmentNotFound, /Could not find a directory environment named 'doesntexist'/)
       end
     end
 
@@ -200,15 +198,22 @@ describe 'lookup' do
       end
 
       it 'finds data in the module' do
-        expect(lookup('mod_a::b')).to eql('value mod_a::b (from mod_a)')
+        app.command_line.args << 'mod_a::b'
+        expect_lookup_with_output(0, /value mod_a::b \(from mod_a\)/)
       end
 
       it 'finds quoted keys in the module' do
-        expect(lookup('"mod_a::a.quoted.key"')).to eql('value mod_a::a.quoted.key (from mod_a)')
+        app.command_line.args << "'mod_a::a.quoted.key'"
+        expect_lookup_with_output(0, /value mod_a::a.quoted.key \(from mod_a\)/)
       end
 
       it 'merges hashes from environment and module when merge strategy hash is used' do
-        expect(lookup('mod_a::hash_a', :merge => 'hash')).to eql({'a' => 'value mod_a::hash_a.a (from environment)', 'b' => 'value mod_a::hash_a.b (from mod_a)'})
+        app.command_line.args << 'mod_a::hash_a' << '--merge' << 'hash'
+        expect_lookup_with_output(0, <<~END)
+          ---
+          a: value mod_a::hash_a.a (from environment)
+          b: value mod_a::hash_a.b (from mod_a)
+        END
       end
     end
   end

data/spec/integration/application/resource_spec.rb

@@ -28,14 +28,18 @@ describe "puppet resource", unless: Puppet::Util::Platform.jruby? do
     end
 
     it 'lists types from the default environment' do
+      begin
       modulepath = File.join(Puppet[:codedir], 'modules', 'test', 'lib', 'puppet', 'type')
       FileUtils.mkdir_p(modulepath)
-      File.write(File.join(modulepath, 'test.rb'), 'Puppet::Type.newtype(:test)')
+      File.write(File.join(modulepath, 'test_resource_spec.rb'), 'Puppet::Type.newtype(:test_resource_spec)')
       resource.command_line.args = ['--types']
 
       expect {
         resource.run
-      }.to exit_with(0).and output(/test/).to_stdout
+      }.to exit_with(0).and output(/test_resource_spec/).to_stdout
+      ensure
+        Puppet::Type.rmtype(:test_resource_spec)
+      end
     end
   end
 

data/spec/integration/http/client_spec.rb

@@ -77,6 +77,12 @@ describe Puppet::HTTP::Client, unless: Puppet::Util::Platform.jruby? do
       }
     }
 
+    let(:systemstore) do
+      res = tmpfile('systemstore')
+      File.write(res, https_server.ca_cert)
+      res
+    end
+
     it "mutually authenticates the connection" do
       client_context = ssl_provider.create_context(
         cacerts: [https_server.ca_cert], crls: [https_server.ca_crl],
@@ -88,6 +94,30 @@ describe Puppet::HTTP::Client, unless: Puppet::Util::Platform.jruby? do
         expect(res).to be_success
       end
     end
+
+    it "connects when the server's CA is in the system store and the connection is mutually authenticated using create_context" do
+      Puppet::Util.withenv("SSL_CERT_FILE" => systemstore) do
+        client_context = ssl_provider.create_context(
+          cacerts: [https_server.ca_cert], crls: [https_server.ca_crl],
+          client_cert: https_server.server_cert, private_key: https_server.server_key,
+          revocation: false, include_system_store: true
+        )
+        https_server.start_server(ctx_proc: ctx_proc) do |port|
+          res = client.get(URI("https://127.0.0.1:#{port}"), options: {ssl_context: client_context})
+          expect(res).to be_success
+        end
+      end
+    end
+
+    it "connects when the server's CA is in the system store and the connection is mutually authenticated uning load_context" do
+      Puppet::Util.withenv("SSL_CERT_FILE" => systemstore) do
+        client_context = ssl_provider.load_context(revocation: false, include_system_store: true)
+        https_server.start_server(ctx_proc: ctx_proc) do |port|
+          res = client.get(URI("https://127.0.0.1:#{port}"), options: {ssl_context: client_context})
+          expect(res).to be_success
+        end
+      end
+    end
   end
 
   context "with a system trust store" do

data/spec/unit/configurer_spec.rb

@@ -9,9 +9,6 @@ describe Puppet::Configurer do
     Puppet[:report] = true
 
     catalog.add_resource(resource)
-    allow_any_instance_of(described_class).to(
-      receive(:valid_server_environment?).and_return(true)
-    )
 
     Puppet[:lastrunfile] = file_containing('last_run_summary.yaml', <<~SUMMARY)
     ---
@@ -78,10 +75,44 @@ describe Puppet::Configurer do
     end
   end
 
+  describe "when executing a catalog run without stubbing valid_server_environment?" do
+    before do
+      Puppet::Resource::Catalog.indirection.terminus_class = :rest
+      allow(Puppet::Resource::Catalog.indirection).to receive(:find).and_return(catalog)
+    end
+
+    it 'skips initial plugin sync if environment is not found and no strict_environment_mode' do
+      body = "{\"message\":\"Not Found: Could not find environment 'fasdfad'\",\"issue_kind\":\"RUNTIME_ERROR\"}"
+      stub_request(:get, %r{/puppet/v3/file_metadatas/plugins?}).to_return(
+        status: 404, body: body, headers: {'Content-Type' => 'application/json'}
+      )
+
+      configurer.run(:pluginsync => true)
+
+      expect(@logs).to include(an_object_having_attributes(level: :notice, message: %r{Environment 'production' not found on server, skipping initial pluginsync.}))
+      expect(@logs).to include(an_object_having_attributes(level: :notice, message: /Applied catalog in .* seconds/))
+    end
+
+    it 'if strict_environment_mode is set and environment is not found, aborts the puppet run' do
+      Puppet[:strict_environment_mode] = true
+      body = "{\"message\":\"Not Found: Could not find environment 'fasdfad'\",\"issue_kind\":\"RUNTIME_ERROR\"}"
+      stub_request(:get, %r{/puppet/v3/file_metadatas/plugins?}).to_return(
+        status: 404, body: body, headers: {'Content-Type' => 'application/json'}
+      )
+
+      configurer.run(:pluginsync => true)
+
+      expect(@logs).to include(an_object_having_attributes(level: :err, message: %r{Failed to apply catalog: Environment 'production' not found on server, aborting run.}))
+    end
+  end
+
   describe "when executing a catalog run" do
     before do
       Puppet::Resource::Catalog.indirection.terminus_class = :rest
       allow(Puppet::Resource::Catalog.indirection).to receive(:find).and_return(catalog)
+      allow_any_instance_of(described_class).to(
+        receive(:valid_server_environment?).and_return(true)
+      )
     end
 
     it "downloads plugins when told" do

data/spec/unit/util/windows_spec.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Puppet::Util::Windows do
+  %w[
+    ADSI
+    ADSI::ADSIObject
+    ADSI::User
+    ADSI::UserProfile
+    ADSI::Group
+    EventLog
+    File
+    Process
+    Registry
+    Service
+    SID
+    ].each do |name|
+    it "defines Puppet::Util::Windows::#{name}" do
+      expect(described_class.const_get(name)).to be
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: puppet
 version: !ruby/object:Gem::Version
-  version: 6.26.0
+  version: 6.27.0
 platform: universal-darwin
 authors:
 - Puppet Labs
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-01-18 00:00:00.000000000 Z
+date: 2022-04-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: facter
@@ -2587,6 +2587,7 @@ files:
 - spec/unit/util/windows/service_spec.rb
 - spec/unit/util/windows/sid_spec.rb
 - spec/unit/util/windows/string_spec.rb
+- spec/unit/util/windows_spec.rb
 - spec/unit/util/yaml_spec.rb
 - spec/unit/util_spec.rb
 - spec/unit/version_spec.rb
@@ -2626,7 +2627,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 1.3.1
 requirements: []
-rubygems_version: 3.1.2
+rubygems_version: 3.1.6
 signing_key: 
 specification_version: 4
 summary: Puppet, an automated configuration management tool
@@ -3875,6 +3876,7 @@ test_files:
 - spec/unit/util/windows/service_spec.rb
 - spec/unit/util/windows/sid_spec.rb
 - spec/unit/util/windows/string_spec.rb
+- spec/unit/util/windows_spec.rb
 - spec/unit/util/yaml_spec.rb
 - spec/unit/util_spec.rb
 - spec/unit/version_spec.rb