puppet 7.13.1 → 7.14.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 45045b95a6ecb2a310d7114e78c48e812cbaa18e396eba63a399b3f6221e947e
-  data.tar.gz: 9196874c694b632b984fd0fc7b2304a2a2b6551328cbb81d62f664c282bd0ba9
+  metadata.gz: 0bfe9ca048650907403c807502ce029037bcf50e43509d2da8c4daad6087a143
+  data.tar.gz: 402ea46ece628a86c88351d7c93e739456a584bb95a21e2e5a4790616d724ad8
 SHA512:
-  metadata.gz: e318a7303b592cb3b2cd0dd26c5e7b8ea57ab410aa79bd77c06acf60509d6f2fb5a55bf4fbea9aeeb8e4f660dd3f3c2c65062b3f0a0a3ba806c713264140b24a
-  data.tar.gz: e23422e5834aa7eedbc7e25bcaaf04d9ca3a48604c94d2c84085348cc1c41aad33299e0de3a247f9769222ba7d67b55de0deeab96037245b3214ef903d8bbbaa
+  metadata.gz: a46e4c6e681a1a23fe68a22e8308d41d9016e658577298d998354c4f8410b79aa1666b39e5244f00e3e8b97baa8c9bfcf0dd15b6a1a19a7c80d71d2cdbb9e609
+  data.tar.gz: 06add9d22b8a646a50caf987611b1a4b366477619c2681634cc21a38de36e540d8455993c572fd5f20616771361b7bad0b847bbbcd8cac28bc02a8de916ce81c

data/CODEOWNERS

@@ -1,5 +1,5 @@
 # defaults
-* @puppetlabs/platform-core @puppetlabs/puppetserver-maintainers @puppetlabs/night-s-watch
+* @puppetlabs/phoenix @puppetlabs/puppetserver-maintainers @puppetlabs/night-s-watch
 
 # PAL
 /lib/puppet/pal @puppetlabs/bolt

data/Gemfile

@@ -26,7 +26,7 @@ group(:features) do
   #gem 'ruby-shadow', '~> 2.5', require: false, platforms: [:ruby]
   gem 'minitar', '~> 0.9', require: false
   gem 'msgpack', '~> 1.2', require: false
-  gem 'rdoc', '~> 6.0', require: false, platforms: [:ruby]
+  gem 'rdoc', ['~> 6.0', '< 6.4.0'], require: false, platforms: [:ruby]
   # requires native augeas headers/libs
   # gem 'ruby-augeas', require: false, platforms: [:ruby]
   # requires native ldap headers/libs

data/Gemfile.lock

@@ -1,9 +1,9 @@
 GIT
   remote: https://github.com/puppetlabs/packaging
-  revision: 98613aaebad419700b4c37163fe3bbc612f2239d
+  revision: 9d36e41d10ce14c66d9c3c35157788e63c1afef8
   branch: 1.0.x
   specs:
-    packaging (0.104.0.4.g98613aa)
+    packaging (0.105.0)
       apt_stage_artifacts
       artifactory (~> 2)
       csv (= 3.1.5)
@@ -13,7 +13,7 @@ GIT
 PATH
   remote: .
   specs:
-    puppet (7.13.1)
+    puppet (7.14.0)
       CFPropertyList (~> 2.2)
       concurrent-ruby (~> 1.0)
       deep_merge (~> 1.0)
@@ -40,14 +40,14 @@ GEM
     crack (0.4.5)
       rexml
     csv (3.1.5)
-    deep_merge (1.2.1)
-    diff-lcs (1.4.4)
+    deep_merge (1.2.2)
+    diff-lcs (1.5.0)
     docopt (0.6.1)
-    facter (4.2.5)
+    facter (4.2.7)
       hocon (~> 1.3)
       thor (>= 1.0.1, < 2.0)
     fast_gettext (1.1.2)
-    ffi (1.15.4)
+    ffi (1.15.5)
     gettext (3.2.9)
       locale (>= 2.0.5)
       text (>= 1.3.0)
@@ -56,7 +56,7 @@ GEM
       gettext (>= 3.0.2, < 3.3.0)
       locale
     hashdiff (1.0.1)
-    hiera (3.7.0)
+    hiera (3.8.0)
     hiera-eyaml (3.2.2)
       highline
       optimist
@@ -105,7 +105,7 @@ GEM
       rspec-mocks (~> 3.10.0)
     rspec-core (3.10.1)
       rspec-support (~> 3.10.0)
-    rspec-expectations (3.10.1)
+    rspec-expectations (3.10.2)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.10.0)
     rspec-its (1.3.0)
@@ -129,7 +129,7 @@ GEM
     scanf (1.0.0)
     semantic_puppet (1.0.4)
     text (1.3.1)
-    thor (1.1.0)
+    thor (1.2.1)
     unicode-display_width (1.8.0)
     vcr (5.1.0)
     webmock (3.14.0)
@@ -141,7 +141,7 @@ GEM
       webrick (~> 1.7.0)
 
 PLATFORMS
-  ruby
+  x86_64-linux
 
 DEPENDENCIES
   diff-lcs (~> 1.3)
@@ -160,7 +160,7 @@ DEPENDENCIES
   puppetserver-ca (~> 2.0)
   racc (= 1.5.2)
   rake (~> 13.0)
-  rdoc (~> 6.0)
+  rdoc (~> 6.0, < 6.4.0)
   ronn (~> 0.7.3)
   rspec (~> 3.1)
   rspec-expectations (~> 3.9, != 3.9.3)
@@ -174,4 +174,4 @@ DEPENDENCIES
   yard
 
 BUNDLED WITH
-   1.17.3
+   2.2.6

data/lib/puppet/application/lookup.rb

@@ -379,25 +379,31 @@ Copyright (c) 2015 Puppet Inc., LLC Licensed under the Apache 2.0 License
       else
         ni = Puppet::Node.indirection
         tc = ni.terminus_class
-
-        service = Puppet.runtime[:http]
-        session = service.create_session
-        cert = session.route_to(:ca)
-
-        _, x509 = cert.get_certificate(node)
-        cert = OpenSSL::X509::Certificate.new(x509)
-
-        Puppet::SSL::Oids.register_puppet_oids
-        trusted = Puppet::Context::TrustedInformation.remote(true, facts.values['certname'] || node, Puppet::SSL::Certificate.from_instance(cert))
-
-        Puppet.override(trusted_information: trusted) do
-          if tc == :plain || options[:compile]
+        if options[:compile]
+          if tc == :plain
             node = ni.find(node, facts: facts)
           else
-            ni.terminus_class = :plain
-            node = ni.find(node, facts: facts)
-            ni.terminus_class = tc
+            begin
+              service = Puppet.runtime[:http]
+              session = service.create_session
+              cert = session.route_to(:ca)
+
+              _, x509 = cert.get_certificate(node)
+              cert = OpenSSL::X509::Certificate.new(x509)
+              Puppet::SSL::Oids.register_puppet_oids
+              trusted = Puppet::Context::TrustedInformation.remote(true, facts.values['certname'] || node, Puppet::SSL::Certificate.from_instance(cert))
+              Puppet.override(trusted_information: trusted) do
+                node = ni.find(node, facts: facts)
+              end
+            rescue
+              Puppet.warning _("CA is not available, the operation will continue without using trusted facts.")
+              node = ni.find(node, facts: facts)
+            end
           end
+        else
+          ni.terminus_class = :plain
+          node = ni.find(node, facts: facts)
+          ni.terminus_class = tc
         end
       end
     else

data/lib/puppet/configurer.rb

@@ -392,7 +392,7 @@ class Puppet::Configurer
         Puppet.debug(_("Environment not passed via CLI and no catalog was given, attempting to find out the last server-specified environment"))
         initial_environment, loaded_last_environment = last_server_specified_environment
 
-        unless loaded_last_environment
+        unless Puppet[:use_last_environment] && loaded_last_environment
           Puppet.debug(_("Requesting environment from the server"))
           initial_environment = current_server_specified_environment(@environment, configured_environment, options)
         end
@@ -601,17 +601,7 @@ class Puppet::Configurer
                                              :transaction_uuid => @transaction_uuid,
                                              :fail_on_404 => true)
 
-        # The :rest node terminus returns a node with an environment_name, but not an
-        # environment instance. Attempting to get the environment instance will load
-        # it from disk, which will likely fail. So create a remote environment.
-        #
-        # The :plain node terminus returns a node with an environment, but not an
-        # environment_name.
-        if !node.has_environment_instance? && node.environment_name
-          node.environment = Puppet::Node::Environment.remote(node.environment_name)
-        end
-
-        @server_specified_environment = node.environment.to_s
+        @server_specified_environment = node.environment_name.to_s
 
         if @server_specified_environment != @environment
           Puppet.notice _("Local environment: '%{local_env}' doesn't match server specified node environment '%{node_env}', switching agent to '%{node_env}'.") % { local_env: @environment, node_env: @server_specified_environment }

data/lib/puppet/defaults.rb

@@ -421,6 +421,17 @@ module Puppet
         <https://puppet.com/docs/puppet/latest/environments_about.html>",
       :type    => :path,
     },
+    :use_last_environment => {
+      :type     => :boolean,
+      :default  => true,
+      :desc     => <<-'EOT'
+      Puppet saves both the initial and converged environment in the last_run_summary file.
+      If they differ, and this setting is set to true, we will use the last converged
+      environment and skip the node request.
+
+      When set to false, we will do the node request and ignore the environment data from the last_run_summary file.
+    EOT
+    },
     :always_retry_plugins => {
         :type     => :boolean,
         :default  => true,

data/lib/puppet/face/generate.rb

@@ -58,6 +58,8 @@ Puppet::Face.define(:generate, '0.1.0') do
       Puppet::FileSystem::mkpath(outputdir)
 
       generator.generate(inputs, outputdir, options[:force])
+
+      exit(1) if generator.bad_input?
       nil
     end
   end

data/lib/puppet/generate/type.rb

@@ -134,6 +134,9 @@ module Puppet
         inputs.sort_by! { |input| input.path }
       end
 
+      def self.bad_input?
+        @bad_input
+      end
       # Generates files for the given inputs.
       # If a file is up to date (newer than input) it is kept.
       # If a file is out of date it is regenerated.
@@ -170,6 +173,8 @@ module Puppet
         }
 
         up_to_date = true
+        @bad_input = false
+
         Puppet.notice _('Generating Puppet resource types.')
         inputs.each do |input|
           if !force && input.up_to_date?(outputdir)
@@ -187,6 +192,7 @@ module Puppet
             raise
           rescue Exception => e
             # Log the exception and move on to the next input
+            @bad_input = true
             Puppet.log_exception(e, _("Failed to load custom type '%{type_name}' from '%{input}': %{message}") % { type_name: type_name, input: input, message: e.message })
             next
           end
@@ -205,6 +211,7 @@ module Puppet
           begin
             model = Models::Type::Type.new(type)
           rescue Exception => e
+            @bad_input = true
             # Move on to the next input
             Puppet.log_exception(e, "#{input}: #{e.message}")
             next
@@ -214,6 +221,7 @@ module Puppet
           begin
             result = model.render(templates[input.template_path])
           rescue Exception => e
+            @bad_input = true
             Puppet.log_exception(e)
             raise
           end
@@ -227,6 +235,7 @@ module Puppet
               file.write(result)
             end
           rescue Exception => e
+            @bad_input = true
             Puppet.log_exception(e, _("Failed to generate '%{effective_output_path}': %{message}") % { effective_output_path: effective_output_path, message: e.message })
             # Move on to the next input
             next

data/lib/puppet/node.rb

@@ -89,7 +89,7 @@ class Puppet::Node
     unless @environment.nil?
       # always set the environment parameter. It becomes top scope $environment for a manifest during catalog compilation.
       @parameters[ENVIRONMENT] = @environment.name.to_s
-      self.environment_name = @environment.name if instance_variable_defined?(:@environment_name)
+      self.environment_name = @environment.name
     end
     @environment
   end

data/lib/puppet/resource/type_collection.rb

@@ -24,6 +24,7 @@ class Puppet::Resource::TypeCollection
     @definitions = {}
     @nodes = {}
     @notfound = {}
+    # always lock the environment before acquiring this lock
     @lock = Puppet::Concurrent::Lock.new
 
     # So we can keep a list and match the first-defined regex
@@ -185,26 +186,29 @@ class Puppet::Resource::TypeCollection
   # Resolve namespaces and find the given object.  Autoload it if
   # necessary.
   def find_or_load(name, type)
-    @lock.synchronize do
-      # Name is always absolute, but may start with :: which must be removed
-      fqname = (name[0,2] == COLON_COLON ? name[2..-1] : name)
-
-      result = send(type, fqname)
-      unless result
-        if @notfound[ fqname ] && Puppet[ :ignoremissingtypes ]
-          # do not try to autoload if we already tried and it wasn't conclusive
-          # as this is a time consuming operation. Warn the user.
-          # Check first if debugging is on since the call to debug_once is expensive
-          if Puppet[:debug]
-            debug_once _("Not attempting to load %{type} %{fqname} as this object was missing during a prior compilation") % { type: type, fqname: fqname }
+    # always lock the environment before locking the type collection
+    @environment.lock.synchronize do
+      @lock.synchronize do
+        # Name is always absolute, but may start with :: which must be removed
+        fqname = (name[0,2] == COLON_COLON ? name[2..-1] : name)
+
+        result = send(type, fqname)
+        unless result
+          if @notfound[ fqname ] && Puppet[ :ignoremissingtypes ]
+            # do not try to autoload if we already tried and it wasn't conclusive
+            # as this is a time consuming operation. Warn the user.
+            # Check first if debugging is on since the call to debug_once is expensive
+            if Puppet[:debug]
+              debug_once _("Not attempting to load %{type} %{fqname} as this object was missing during a prior compilation") % { type: type, fqname: fqname }
+            end
+          else
+            fqname = munge_name(fqname)
+            result = loader.try_load_fqname(type, fqname)
+            @notfound[ fqname ] = result.nil?
           end
-        else
-          fqname = munge_name(fqname)
-          result = loader.try_load_fqname(type, fqname)
-          @notfound[ fqname ] = result.nil?
         end
+        result
       end
-      result
     end
   end
 

data/lib/puppet/type/user.rb

@@ -693,7 +693,7 @@ module Puppet
     end
 
     def generate
-      if !self[:purge_ssh_keys].empty? && self[:purge_ssh_keys] != :false
+      if !self[:purge_ssh_keys].empty?
         if Puppet::Type.type(:ssh_authorized_key).nil?
           warning _("Ssh_authorized_key type is not available. Cannot purge SSH keys.")
         else

data/lib/puppet/util/yaml.rb

@@ -24,7 +24,11 @@ module Puppet::Util::Yaml
   # @raise [YamlLoadException] If deserialization fails.
   # @return The parsed YAML, which can be Hash, Array or scalar types.
   def self.safe_load(yaml, allowed_classes = [], filename = nil)
-    data = YAML.safe_load(yaml, allowed_classes, [], true, filename)
+    if Gem::Version.new(Psych::VERSION) >= Gem::Version.new('3.1.0')
+      data = YAML.safe_load(yaml, permitted_classes: allowed_classes, aliases: true, filename: filename)
+    else
+      data = YAML.safe_load(yaml, allowed_classes, [], true, filename)
+    end
     data = false if data.nil?
     data
   rescue ::Psych::DisallowedClass => detail

data/lib/puppet/version.rb

@@ -6,7 +6,7 @@
 # Raketasks and such to set the version based on the output of `git describe`
 
 module Puppet
-  PUPPETVERSION = '7.13.1'
+  PUPPETVERSION = '7.14.0'
 
   ##
   # version is a public API method intended to always provide a fast and