puppet 7.0.0 → 7.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ac08f84d774e99d243696e124d2f853a5afc6368aec96243ce122ed656dbc52d
-  data.tar.gz: cc468e67b3e4b385f97a7f3ded1711c2c3851bca929bcef7980d8bfb26ee1c32
+  metadata.gz: a266286fc66516f823076b6e02e50940b8c31a5d2a15e671b4e3d0109d1037a8
+  data.tar.gz: fb8bfad528606af04781e2119331ff44b871e18174b655f47a2d0ec31b7dea85
 SHA512:
-  metadata.gz: c692b1c703ef8d2d44dbc0126fb986bc686e426f603706bd3014e2c9896ca84e5fd26dcda9d1df211cc72b45dac321e5a9f15dae354f5753a7a5c80f87a36df4
-  data.tar.gz: 025ba4060b1494c8313b4868dc0ee50eec0b52b19d6351764ea7161bfc153b637752983905acd14637951915a6963b73a93108f6f88ee5921c7c466b449de9cc
+  metadata.gz: 32b3341aec92b3a0147bbc5ac67fd043d5121670add0955c1c38765d998c6cb327660031152df284bd75e7fd4579c2536da581979fb6f08b3c1080e730a38a78
+  data.tar.gz: a8ed38a33320b7889eef178539be960b1ceb171f4d4c94760c036ea10bda609f4ac47c0438503a260af2a03def16faa283f9be41048bfbcfafbd677931010509

data/CODEOWNERS

@@ -1,23 +1,9 @@
-# default to platform-core
-* @puppetlabs/platform-core @puppetlabs/puppetserver-maintainers
-
-# Night's Watch
-/lib/puppet/type/group @puppetlabs/night-s-watch
-/lib/puppet/type/package @puppetlabs/night-s-watch
-/lib/puppet/type/service @puppetlabs/night-s-watch
-/lib/puppet/type/user @puppetlabs/night-s-watch
-/lib/puppet/provider/group @puppetlabs/night-s-watch
-/lib/puppet/provider/package @puppetlabs/night-s-watch
-/lib/puppet/provider/service @puppetlabs/night-s-watch
-/lib/puppet/provider/user @puppetlabs/night-s-watch
+# defaults
+* @puppetlabs/platform-core @puppetlabs/puppetserver-maintainers @puppetlabs/night-s-watch
 
 # PAL
 /lib/puppet/pal @puppetlabs/bolt
 
-# puppet device
-/lib/puppet/application/device.rb @puppetlabs/networking
-/lib/puppet/util/network_device @puppetlabs/networking
-
 # puppet module
 /lib/puppet/application/module.rb @puppetlabs/pdk
 /lib/puppet/face/module @puppetlabs/pdk

data/Gemfile

@@ -18,8 +18,6 @@ gem "hiera", *location_for(ENV['HIERA_LOCATION']) if ENV.has_key?('HIERA_LOCATIO
 gem "semantic_puppet", *location_for(ENV['SEMANTIC_PUPPET_LOCATION'] || ["~> 1.0"])
 gem "puppet-resource_api", *location_for(ENV['RESOURCE_API_LOCATION'] || ["~> 1.5"])
 
-gem "scanf" if RUBY_VERSION.to_f >= 2.7
-
 group(:features) do
   gem 'diff-lcs', '~> 1.3', require: false
   gem 'hiera-eyaml', *location_for(ENV['HIERA_EYAML_LOCATION'])
@@ -33,10 +31,11 @@ group(:features) do
   # gem 'ruby-augeas', require: false, platforms: [:ruby]
   # requires native ldap headers/libs
   # gem 'ruby-ldap', '~> 0.9', require: false, platforms: [:ruby]
-  gem 'puppetserver-ca', '~> 1.1', require: false
+  gem 'puppetserver-ca', '~> 2.0', require: false
 end
 
 group(:test) do
+  gem "ffi", require: false
   gem "json-schema", "~> 2.0", require: false
   gem "rake", *location_for(ENV['RAKE_LOCATION'] || '~> 12.2')
   gem "rspec", "~> 3.1", require: false

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    puppet (7.0.0)
+    puppet (7.1.0)
       CFPropertyList (~> 2.2)
       concurrent-ruby (~> 1.0)
       deep_merge (~> 1.0)
@@ -10,6 +10,7 @@ PATH
       hiera (>= 3.2.1, < 4)
       locale (~> 2.1)
       multi_json (~> 1.13)
+      scanf (~> 1.0)
       semantic_puppet (~> 1.0)
 
 GEM
@@ -27,10 +28,11 @@ GEM
     deep_merge (1.2.1)
     diff-lcs (1.4.4)
     docopt (0.6.1)
-    facter (4.0.44)
+    facter (4.0.46)
       hocon (~> 1.3)
       thor (>= 1.0.1, < 2.0)
     fast_gettext (1.1.2)
+    ffi (1.13.1)
     gettext (3.2.9)
       locale (>= 2.0.5)
       text (>= 1.3.0)
@@ -49,29 +51,29 @@ GEM
     json-schema (2.8.1)
       addressable (>= 2.4)
     locale (2.1.3)
-    memory_profiler (0.9.14)
+    memory_profiler (1.0.0)
     method_source (1.0.0)
     minitar (0.9)
     msgpack (1.3.3)
     multi_json (1.15.0)
     mustache (1.1.1)
     optimist (3.0.1)
-    packaging (0.99.73)
+    packaging (0.99.75)
       artifactory (~> 2)
       csv (= 3.1.5)
       rake (>= 12.3)
       release-metrics
-    parallel (1.20.0)
+    parallel (1.20.1)
     parser (2.7.2.0)
       ast (~> 2.4.1)
-    powerpack (0.1.2)
+    powerpack (0.1.3)
     pry (0.13.1)
       coderay (~> 1.1)
       method_source (~> 1.0)
     public_suffix (4.0.6)
     puppet-resource_api (1.8.13)
       hocon (>= 1.0)
-    puppetserver-ca (1.9.0)
+    puppetserver-ca (2.0.1)
       facter (>= 2.0.1, < 5)
     racc (1.4.9)
     rainbow (2.2.2)
@@ -113,6 +115,7 @@ GEM
       rubocop (~> 0.49.0)
     ruby-prof (1.4.2)
     ruby-progressbar (1.10.1)
+    scanf (1.0.0)
     semantic_puppet (1.0.2)
     text (1.3.1)
     thor (1.0.1)
@@ -129,6 +132,7 @@ PLATFORMS
 
 DEPENDENCIES
   diff-lcs (~> 1.3)
+  ffi
   gettext-setup (~> 0.28)
   hiera-eyaml
   hocon (~> 1.0)
@@ -140,7 +144,7 @@ DEPENDENCIES
   pry
   puppet!
   puppet-resource_api (~> 1.5)
-  puppetserver-ca (~> 1.1)
+  puppetserver-ca (~> 2.0)
   racc (= 1.4.9)
   rake (~> 12.2)
   rdoc (~> 6.0)
@@ -157,4 +161,4 @@ DEPENDENCIES
   yard
 
 BUNDLED WITH
-   2.0.0
+   1.17.3

data/ext/project_data.yaml

@@ -26,6 +26,7 @@ gem_runtime_dependencies:
   puppet-resource_api: '~>1.5'
   concurrent-ruby: '~> 1.0'
   deep_merge: '~> 1.0'
+  scanf: '~> 1.0'
 gem_rdoc_options:
   - --title
   - "Puppet - Configuration Management"

data/lib/puppet/application_support.rb

@@ -53,6 +53,13 @@ module Puppet
       route_file = Puppet[:route_file]
       if Puppet::FileSystem.exist?(route_file)
         routes = Puppet::Util::Yaml.safe_load_file(route_file, [Symbol])
+        if routes["server"] && routes["master"]
+          Puppet.warning("Route file #{route_file} contains both server and master route settings.")
+        elsif routes["server"] && !routes["master"]
+          routes["master"] = routes["server"]
+        elsif routes["master"] && !routes["server"]
+          routes["server"] = routes["master"]
+        end
         application_routes = routes[application_name]
         Puppet::Indirector.configure_routes(application_routes) if application_routes
       end

data/lib/puppet/defaults.rb

@@ -32,20 +32,6 @@ module Puppet
       %w[sha256 sha256lite sha384 sha512 sha224 sha1 sha1lite md5 md5lite mtime ctime]
   end
 
-  def self.log_ca_migration_warning
-    urge_to_migrate = <<-UTM
-The cadir is currently configured to be inside the #{Puppet[:ssldir]} directory. This config
-setting and the directory location will not be used in a future version of puppet. Please run the
-puppetserver ca tool to migrate out from the puppet confdir to the /etc/puppetlabs/puppetserver/ca
-directory. Use `puppetserver ca migrate --help` for more info.
-UTM
-    Puppet.warn_once('deprecations',
-                     'CA migration message',
-                     urge_to_migrate,
-                     :default,
-                     :default)
-  end
-
   def self.default_cadir
     return "" if Puppet::Util::Platform.windows?
     old_ca_dir = "#{Puppet[:ssldir]}/ca"
@@ -53,13 +39,8 @@ UTM
 
     if File.exist?(old_ca_dir)
       if File.symlink?(old_ca_dir)
-        target = File.readlink(old_ca_dir)
-        if target.start_with?(Puppet[:ssldir])
-          Puppet.log_ca_migration_warning
-        end
-        target
+        File.readlink(old_ca_dir)
       else
-        Puppet.log_ca_migration_warning
         old_ca_dir
       end
     else
@@ -1112,13 +1093,6 @@ EOT
       :default => lambda { default_cadir },
       :type => :directory,
       :desc => "The root directory for the certificate authority.",
-      :call_hook => :on_initialize_and_write,
-      :hook => proc do |value|
-        if value.start_with?(Puppet[:ssldir])
-          Puppet.log_ca_migration_warning
-        end
-        value
-      end
     },
     :cacert => {
       :default => "$cadir/ca_crt.pem",

data/lib/puppet/environments.rb

@@ -346,12 +346,6 @@ module Puppet::Environments
       @loader = loader
       @cache_expiration_service = Puppet::Environments::Cached.cache_expiration_service
       @cache = {}
-
-      # Holds expiration times in sorted order - next to expire is first
-      @expirations = SortedSet.new
-
-      # Infinity since it there are no entries, this is a cache of the first to expire time
-      @next_expiration = END_OF_TIME
     end
 
     # @!macro loader_list
@@ -379,7 +373,6 @@ module Puppet::Environments
       elsif (result = @loader.get(name))
         # environment loaded, cache it
         cache_entry = entry(result)
-        @cache_expiration_service.created(result)
         add_entry(name, cache_entry)
         result
       end
@@ -389,28 +382,36 @@ module Puppet::Environments
     def add_entry(name, cache_entry)
       Puppet.debug {"Caching environment '#{name}' #{cache_entry.label}"}
       @cache[name] = cache_entry
-      expires = cache_entry.expires
-      @expirations.add(expires)
-      if @next_expiration > expires
-        @next_expiration = expires
-      end
+      @cache_expiration_service.created(cache_entry.value)
     end
     private :add_entry
 
+    def clear_entry(name, entry)
+      @cache.delete(name)
+      Puppet.debug {"Evicting cache entry for environment '#{name}'"}
+      @cache_expiration_service.evicted(name.to_sym)
+      Puppet::GettextConfig.delete_text_domain(name)
+      Puppet.settings.clear_environment_settings(name)
+    end
+    private :clear_entry
+
     # Clears the cache of the environment with the given name.
     # (The intention is that this could be used from a MANUAL cache eviction command (TBD)
     def clear(name)
-      @cache.delete(name)
-      Puppet::GettextConfig.delete_text_domain(name)
+      entry = @cache[name]
+      clear_entry(name, entry) if entry
     end
 
     # Clears all cached environments.
     # (The intention is that this could be used from a MANUAL cache eviction command (TBD)
-    def clear_all()
+    def clear_all
       super
+
+      @cache.each_pair do |name, entry|
+        clear_entry(name, entry)
+      end
+
       @cache = {}
-      @expirations.clear
-      @next_expiration = END_OF_TIME
       Puppet::GettextConfig.delete_environment_text_domains
     end
 
@@ -419,18 +420,24 @@ module Puppet::Environments
     #
     def clear_all_expired()
       t = Time.now
-      return if t < @next_expiration && ! @cache.any? {|name, _| @cache_expiration_service.expired?(name.to_sym) }
-      to_expire = @cache.select { |name, entry| entry.expires < t || @cache_expiration_service.expired?(name.to_sym) }
-      to_expire.each do |name, entry|
-        Puppet.debug {"Evicting cache entry for environment '#{name}'"}
-        @cache_expiration_service.evicted(name.to_sym)
-        clear(name)
-        @expirations.delete(entry.expires)
-        Puppet.settings.clear_environment_settings(name)
+
+      @cache.each_pair do |name, entry|
+        clear_if_expired(name, entry, t)
       end
-      @next_expiration = @expirations.first || END_OF_TIME
     end
 
+    # Clear an environment if it is expired, either by exceeding its time to live, or
+    # through an explicit eviction determined by the cache expiration service.
+    #
+    def clear_if_expired(name, entry, t = Time.now)
+      return unless entry
+
+      if entry.expired?(t) || @cache_expiration_service.expired?(name.to_sym)
+        clear_entry(name, entry)
+      end
+    end
+    private :clear_if_expired
+
     # This implementation evicts the cache, and always gets the current
     # configuration of the environment
     #
@@ -440,7 +447,7 @@ module Puppet::Environments
     #
     # @!macro loader_get_conf
     def get_conf(name)
-      evict_if_expired(name)
+      clear_if_expired(name, @cache[name])
       @loader.get_conf(name)
     end
 
@@ -463,17 +470,6 @@ module Puppet::Environments
       end
     end
 
-    # Evicts the entry if it has expired
-    # Also clears caches in Settings that may prevent the entry from being updated
-    def evict_if_expired(name)
-      if (result = @cache[name]) && (result.expired? || @cache_expiration_service.expired?(name.to_sym))
-        Puppet.debug {"Evicting cache entry for environment '#{name}'"}
-        @cache_expiration_service.evicted(name.to_sym)
-        clear(name)
-        Puppet.settings.clear_environment_settings(name)
-      end
-    end
-
     # Never evicting entry
     class Entry
       attr_reader :value
@@ -485,32 +481,24 @@ module Puppet::Environments
       def touch
       end
 
-      def expired?
+      def expired?(now)
         false
       end
 
       def label
         ""
       end
-
-      def expires
-        END_OF_TIME
-      end
     end
 
     # Always evicting entry
     class NotCachedEntry < Entry
-      def expired?
+      def expired?(now)
         true
       end
 
       def label
         "(ttl = 0 sec)"
       end
-
-      def expires
-        START_OF_TIME
-      end
     end
 
     # Policy that expires if it hasn't been touched within ttl_seconds
@@ -527,12 +515,8 @@ module Puppet::Environments
         @ttl = Time.now + @ttl_seconds
       end
 
-      def expired?
-        Time.now > @ttl
-      end
-
-      def expires
-        @ttl
+      def expired?(now)
+        now > @ttl
       end
 
       def label

data/lib/puppet/face/node/clean.rb

@@ -47,6 +47,14 @@ Puppet::Face.define(:node, '0.0.1') do
   end
 
   class LoggerIO
+    def debug(message)
+      Puppet.debug(message)
+    end
+
+    def warn(message)
+      Puppet.warning(message)
+    end
+
     def err(message)
       Puppet.err(message) unless message =~ /^\s*Error:\s*/
     end

data/lib/puppet/ffi/posix.rb

@@ -0,0 +1,10 @@
+require 'ffi'
+
+module Puppet
+  module FFI
+    module POSIX
+      require 'puppet/ffi/posix/functions'
+      require 'puppet/ffi/posix/constants'
+    end
+  end
+end

data/lib/puppet/ffi/posix/constants.rb

@@ -0,0 +1,14 @@
+require 'puppet/ffi/posix'
+
+module Puppet::FFI::POSIX
+  module Constants
+    extend FFI::Library
+  
+    # Maximum number of supplementary groups (groups
+    # that a user can be in plus its primary group)
+    # (64 + 1 primary group)
+    # Chosen a reasonable middle number from the list
+    # https://www.j3e.de/ngroups.html
+    MAXIMUM_NUMBER_OF_GROUPS = 65
+  end
+end

data/lib/puppet/ffi/posix/functions.rb

@@ -0,0 +1,24 @@
+require 'puppet/ffi/posix'
+
+module Puppet::FFI::POSIX
+  module Functions
+
+    extend FFI::Library
+
+    ffi_convention :stdcall
+
+    # https://man7.org/linux/man-pages/man3/getgrouplist.3.html
+    # int getgrouplist (
+    #   const char *user,
+    #   gid_t group,
+    #   gid_t *groups,
+    #   int *ngroups
+    # );
+    begin
+      ffi_lib FFI::Library::LIBC
+      attach_function :getgrouplist, [:string, :uint, :pointer, :pointer], :int
+    rescue FFI::NotFoundError
+      # Do nothing
+    end
+  end
+end