puppet 8.7.0-universal-darwin → 8.8.1-universal-darwin
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +1 -0
- data/Gemfile.lock +32 -26
- data/ext/windows/service/daemon.rb +9 -2
- data/lib/puppet/application/doc.rb +1 -5
- data/lib/puppet/application/lookup.rb +2 -0
- data/lib/puppet/daemon.rb +0 -1
- data/lib/puppet/defaults.rb +5 -19
- data/lib/puppet/file_serving/http_metadata.rb +2 -0
- data/lib/puppet/functions/regsubst.rb +11 -14
- data/lib/puppet/indirector/catalog/compiler.rb +2 -35
- data/lib/puppet/module_tool/tar/gnu.rb +10 -8
- data/lib/puppet/node/server_facts.rb +43 -0
- data/lib/puppet/parser/functions/generate.rb +2 -1
- data/lib/puppet/pops/evaluator/deferred_resolver.rb +41 -6
- data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +2 -1
- data/lib/puppet/pops/evaluator/runtime3_support.rb +0 -6
- data/lib/puppet/provider/file/posix.rb +16 -2
- data/lib/puppet/provider/package/gem.rb +1 -0
- data/lib/puppet/provider/package/pkgutil.rb +6 -5
- data/lib/puppet/provider/package/puppet_gem.rb +4 -15
- data/lib/puppet/scheduler/splay_job.rb +0 -9
- data/lib/puppet/type/file/selcontext.rb +7 -6
- data/lib/puppet/type/file/target.rb +9 -11
- data/lib/puppet/util/execution.rb +1 -1
- data/lib/puppet/util/reference.rb +1 -30
- data/lib/puppet/util/run_mode.rb +40 -0
- data/lib/puppet/util/selinux.rb +14 -4
- data/lib/puppet/util/windows/daemon.rb +15 -32
- data/lib/puppet/version.rb +1 -1
- data/locales/puppet.pot +90 -94
- data/man/man5/puppet.conf.5 +2 -2
- data/man/man8/puppet-agent.8 +1 -1
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +1 -1
- data/man/man8/puppet-filebucket.8 +1 -1
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-module.8 +1 -1
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +1 -1
- data/man/man8/puppet.8 +2 -2
- metadata +44 -29
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 486f5482ccb61036227eb302890da483584f8203e63d5efcc3b5a7696abe0cbd
|
4
|
+
data.tar.gz: 7d7b9b8f44376cf3c80c45665a6189db82df035fcb8d0a3691ea13bc35902485
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: bd2e4c417a3a436d9015f1ca619f71f45438a0287e532a847d548eeecf221b314972fcd7d10083ad99ae89a84e69ba4b8d6a57619456d0742a937e33fac29631
|
7
|
+
data.tar.gz: 74292f0ba13a8975cd133427c926310c7b85973717cb3b5b7310aae323b9f5a4b924e5e17b102a6d13e6e1a6d810e94062a7386e8cd490c2bae8d09e43bcc272
|
data/Gemfile
CHANGED
@@ -35,6 +35,7 @@ group(:features) do
|
|
35
35
|
# requires native ldap headers/libs
|
36
36
|
# gem 'ruby-ldap', '~> 0.9', require: false, platforms: [:ruby]
|
37
37
|
gem 'puppetserver-ca', '~> 2.0', require: false
|
38
|
+
gem 'syslog', '~> 0.1.1', require: false, platforms: [:ruby]
|
38
39
|
gem 'CFPropertyList', ['>= 3.0.6', '< 4'], require: false
|
39
40
|
end
|
40
41
|
|
data/Gemfile.lock
CHANGED
@@ -1,11 +1,12 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
puppet (8.
|
4
|
+
puppet (8.8.1)
|
5
5
|
concurrent-ruby (~> 1.0)
|
6
6
|
deep_merge (~> 1.0)
|
7
7
|
facter (>= 4.3.0, < 5)
|
8
|
-
fast_gettext (>= 2.1, <
|
8
|
+
fast_gettext (>= 2.1, < 4)
|
9
|
+
getoptlong (~> 0.2.0)
|
9
10
|
locale (~> 2.1)
|
10
11
|
multi_json (~> 1.13)
|
11
12
|
puppet-resource_api (~> 1.5)
|
@@ -19,14 +20,14 @@ GEM
|
|
19
20
|
base64
|
20
21
|
nkf
|
21
22
|
rexml
|
22
|
-
addressable (2.8.
|
23
|
-
public_suffix (>= 2.0.2, <
|
23
|
+
addressable (2.8.7)
|
24
|
+
public_suffix (>= 2.0.2, < 7.0)
|
24
25
|
artifactory (3.0.17)
|
25
26
|
ast (2.4.2)
|
26
27
|
base64 (0.2.0)
|
27
28
|
bigdecimal (3.1.8)
|
28
29
|
coderay (1.1.3)
|
29
|
-
concurrent-ruby (1.3.
|
30
|
+
concurrent-ruby (1.3.3)
|
30
31
|
crack (1.0.0)
|
31
32
|
bigdecimal
|
32
33
|
rexml
|
@@ -37,18 +38,20 @@ GEM
|
|
37
38
|
digest-crc (0.6.5)
|
38
39
|
rake (>= 12.0.0, < 14.0.0)
|
39
40
|
docopt (0.6.1)
|
40
|
-
erubi (1.
|
41
|
-
facter (4.
|
41
|
+
erubi (1.13.0)
|
42
|
+
facter (4.8.0)
|
42
43
|
hocon (~> 1.3)
|
43
44
|
thor (>= 1.0.1, < 1.3)
|
44
|
-
faraday (2.
|
45
|
+
faraday (2.10.0)
|
45
46
|
faraday-net_http (>= 2.0, < 3.2)
|
47
|
+
logger
|
46
48
|
faraday-net_http (3.1.0)
|
47
49
|
net-http
|
48
50
|
fast_gettext (2.4.0)
|
49
51
|
prime
|
50
52
|
ffi (1.16.3)
|
51
53
|
forwardable (1.3.3)
|
54
|
+
getoptlong (0.2.1)
|
52
55
|
gettext (3.4.9)
|
53
56
|
erubi
|
54
57
|
locale (>= 2.0.5)
|
@@ -69,7 +72,7 @@ GEM
|
|
69
72
|
rexml
|
70
73
|
google-apis-iamcredentials_v1 (0.21.0)
|
71
74
|
google-apis-core (>= 0.15.0, < 2.a)
|
72
|
-
google-apis-storage_v1 (0.
|
75
|
+
google-apis-storage_v1 (0.40.0)
|
73
76
|
google-apis-core (>= 0.15.0, < 2.a)
|
74
77
|
google-cloud-core (1.7.0)
|
75
78
|
google-cloud-env (>= 1.0, < 3.a)
|
@@ -104,11 +107,12 @@ GEM
|
|
104
107
|
json (2.7.2)
|
105
108
|
json-schema (2.8.1)
|
106
109
|
addressable (>= 2.4)
|
107
|
-
jwt (2.8.
|
110
|
+
jwt (2.8.2)
|
108
111
|
base64
|
109
112
|
language_server-protocol (3.17.0.3)
|
110
113
|
locale (2.1.4)
|
111
|
-
|
114
|
+
logger (1.6.0)
|
115
|
+
memory_profiler (1.0.2)
|
112
116
|
method_source (1.1.0)
|
113
117
|
mini_mime (1.1.5)
|
114
118
|
minitar (0.9)
|
@@ -127,8 +131,8 @@ GEM
|
|
127
131
|
googleauth
|
128
132
|
rake (>= 12.3)
|
129
133
|
release-metrics
|
130
|
-
parallel (1.
|
131
|
-
parser (3.3.
|
134
|
+
parallel (1.25.1)
|
135
|
+
parser (3.3.4.0)
|
132
136
|
ast (~> 2.4.1)
|
133
137
|
racc
|
134
138
|
prime (0.1.2)
|
@@ -137,7 +141,7 @@ GEM
|
|
137
141
|
pry (0.14.2)
|
138
142
|
coderay (~> 1.1)
|
139
143
|
method_source (~> 1.0)
|
140
|
-
public_suffix (
|
144
|
+
public_suffix (6.0.1)
|
141
145
|
puppet-resource_api (1.9.0)
|
142
146
|
hocon (>= 1.0)
|
143
147
|
puppetserver-ca (2.7.0)
|
@@ -156,8 +160,8 @@ GEM
|
|
156
160
|
trailblazer-option (>= 0.1.1, < 0.2.0)
|
157
161
|
uber (< 0.2.0)
|
158
162
|
retriable (3.1.2)
|
159
|
-
rexml (3.2
|
160
|
-
strscan
|
163
|
+
rexml (3.3.2)
|
164
|
+
strscan
|
161
165
|
ronn (0.7.3)
|
162
166
|
hpricot (>= 0.8.2)
|
163
167
|
mustache (>= 0.7.0)
|
@@ -168,7 +172,7 @@ GEM
|
|
168
172
|
rspec-mocks (~> 3.13.0)
|
169
173
|
rspec-core (3.13.0)
|
170
174
|
rspec-support (~> 3.13.0)
|
171
|
-
rspec-expectations (3.13.
|
175
|
+
rspec-expectations (3.13.1)
|
172
176
|
diff-lcs (>= 1.2.0, < 2.0)
|
173
177
|
rspec-support (~> 3.13.0)
|
174
178
|
rspec-its (1.3.0)
|
@@ -178,37 +182,37 @@ GEM
|
|
178
182
|
diff-lcs (>= 1.2.0, < 2.0)
|
179
183
|
rspec-support (~> 3.13.0)
|
180
184
|
rspec-support (3.13.1)
|
181
|
-
rubocop (1.
|
185
|
+
rubocop (1.65.0)
|
182
186
|
json (~> 2.3)
|
183
187
|
language_server-protocol (>= 3.17.0)
|
184
188
|
parallel (~> 1.10)
|
185
189
|
parser (>= 3.3.0.2)
|
186
190
|
rainbow (>= 2.2.2, < 4.0)
|
187
|
-
regexp_parser (>=
|
191
|
+
regexp_parser (>= 2.4, < 3.0)
|
188
192
|
rexml (>= 3.2.5, < 4.0)
|
189
193
|
rubocop-ast (>= 1.31.1, < 2.0)
|
190
194
|
ruby-progressbar (~> 1.7)
|
191
195
|
unicode-display_width (>= 2.4.0, < 3.0)
|
192
196
|
rubocop-ast (1.31.3)
|
193
197
|
parser (>= 3.3.1.0)
|
194
|
-
rubocop-capybara (2.
|
195
|
-
rubocop (~> 1.41)
|
196
|
-
rubocop-factory_bot (2.25.1)
|
198
|
+
rubocop-capybara (2.21.0)
|
197
199
|
rubocop (~> 1.41)
|
200
|
+
rubocop-factory_bot (2.26.1)
|
201
|
+
rubocop (~> 1.61)
|
198
202
|
rubocop-i18n (3.0.0)
|
199
203
|
rubocop (~> 1.0)
|
200
|
-
rubocop-performance (1.21.
|
204
|
+
rubocop-performance (1.21.1)
|
201
205
|
rubocop (>= 1.48.1, < 2.0)
|
202
206
|
rubocop-ast (>= 1.31.1, < 2.0)
|
203
207
|
rubocop-rake (0.6.0)
|
204
208
|
rubocop (~> 1.0)
|
205
|
-
rubocop-rspec (2.
|
209
|
+
rubocop-rspec (2.31.0)
|
206
210
|
rubocop (~> 1.40)
|
207
211
|
rubocop-capybara (~> 2.17)
|
208
212
|
rubocop-factory_bot (~> 2.22)
|
209
213
|
rubocop-rspec_rails (~> 2.28)
|
210
|
-
rubocop-rspec_rails (2.
|
211
|
-
rubocop (~> 1.
|
214
|
+
rubocop-rspec_rails (2.29.1)
|
215
|
+
rubocop (~> 1.61)
|
212
216
|
ruby-prof (1.7.0)
|
213
217
|
ruby-progressbar (1.13.0)
|
214
218
|
scanf (1.0.0)
|
@@ -220,6 +224,7 @@ GEM
|
|
220
224
|
multi_json (~> 1.10)
|
221
225
|
singleton (0.2.0)
|
222
226
|
strscan (3.1.0)
|
227
|
+
syslog (0.1.2)
|
223
228
|
text (1.3.1)
|
224
229
|
thor (1.2.2)
|
225
230
|
trailblazer-option (0.1.2)
|
@@ -268,6 +273,7 @@ DEPENDENCIES
|
|
268
273
|
rubocop-rspec (~> 2.0)
|
269
274
|
ruby-prof (>= 0.16.0)
|
270
275
|
semantic_puppet (~> 1.0)
|
276
|
+
syslog (~> 0.1.1)
|
271
277
|
vcr (~> 6.1)
|
272
278
|
webmock (~> 3.0)
|
273
279
|
webrick (~> 1.7)
|
@@ -155,12 +155,19 @@ class WindowsDaemon < Puppet::Util::Windows::Daemon
|
|
155
155
|
end
|
156
156
|
end
|
157
157
|
|
158
|
+
# Parses runinterval.
|
159
|
+
#
|
160
|
+
# @param puppet_path [String] The file path for the Puppet executable.
|
161
|
+
# @return runinterval [Integer] How often to do a Puppet run, in seconds.
|
158
162
|
def parse_runinterval(puppet_path)
|
159
163
|
begin
|
160
|
-
runinterval = %x(#{puppet_path} config --section agent --log_level notice print runinterval).
|
161
|
-
if runinterval ==
|
164
|
+
runinterval = %x(#{puppet_path} config --section agent --log_level notice print runinterval).chomp
|
165
|
+
if runinterval == ''
|
162
166
|
runinterval = 1800
|
163
167
|
log_err("Failed to determine runinterval, defaulting to #{runinterval} seconds")
|
168
|
+
else
|
169
|
+
# Use Kernel#Integer because to_i will return 0 with non-numeric strings.
|
170
|
+
runinterval = Integer(runinterval)
|
164
171
|
end
|
165
172
|
rescue Exception => e
|
166
173
|
log_exception(e)
|
@@ -173,11 +173,7 @@ class Puppet::Application::Doc < Puppet::Application
|
|
173
173
|
|
174
174
|
text += Puppet::Util::Reference.footer unless with_contents # We've only got one reference
|
175
175
|
|
176
|
-
|
177
|
-
Puppet::Util::Reference.pdf(text)
|
178
|
-
else
|
179
|
-
puts text
|
180
|
-
end
|
176
|
+
puts text
|
181
177
|
|
182
178
|
exit exit_code
|
183
179
|
end
|
@@ -3,6 +3,7 @@
|
|
3
3
|
require_relative '../../puppet/application'
|
4
4
|
require_relative '../../puppet/pops'
|
5
5
|
require_relative '../../puppet/node'
|
6
|
+
require_relative '../../puppet/node/server_facts'
|
6
7
|
require_relative '../../puppet/parser/compiler'
|
7
8
|
|
8
9
|
class Puppet::Application::Lookup < Puppet::Application
|
@@ -403,6 +404,7 @@ class Puppet::Application::Lookup < Puppet::Application
|
|
403
404
|
end
|
404
405
|
end
|
405
406
|
node.environment = Puppet[:environment] if Puppet.settings.set_by_cli?(:environment)
|
407
|
+
node.add_server_facts(Puppet::Node::ServerFacts.load)
|
406
408
|
Puppet[:code] = 'undef' unless options[:compile]
|
407
409
|
compiler = Puppet::Parser::Compiler.new(node)
|
408
410
|
if options[:node]
|
data/lib/puppet/daemon.rb
CHANGED
@@ -165,7 +165,6 @@ class Puppet::Daemon
|
|
165
165
|
reparse_run = Puppet::Scheduler.create_job(Puppet[:filetimeout]) do
|
166
166
|
Puppet.settings.reparse_config_files
|
167
167
|
agent_run.run_interval = Puppet[:runinterval]
|
168
|
-
agent_run.splay_limit = Puppet[:splaylimit] if Puppet[:splay]
|
169
168
|
if Puppet[:filetimeout] == 0
|
170
169
|
reparse_run.disable
|
171
170
|
else
|
data/lib/puppet/defaults.rb
CHANGED
@@ -47,29 +47,15 @@ module Puppet
|
|
47
47
|
end
|
48
48
|
|
49
49
|
def self.default_basemodulepath
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
if installdir
|
54
|
-
path << "#{installdir}/puppet/modules"
|
55
|
-
end
|
56
|
-
path.join(File::PATH_SEPARATOR)
|
57
|
-
else
|
58
|
-
'$codedir/modules:/opt/puppetlabs/puppet/modules'
|
50
|
+
path = ['$codedir/modules']
|
51
|
+
if (run_mode_dir = Puppet.run_mode.common_module_dir)
|
52
|
+
path << run_mode_dir
|
59
53
|
end
|
54
|
+
path.join(File::PATH_SEPARATOR)
|
60
55
|
end
|
61
56
|
|
62
57
|
def self.default_vendormoduledir
|
63
|
-
|
64
|
-
installdir = ENV.fetch("FACTER_env_windows_installdir", nil)
|
65
|
-
if installdir
|
66
|
-
"#{installdir}\\puppet\\vendor_modules"
|
67
|
-
else
|
68
|
-
nil
|
69
|
-
end
|
70
|
-
else
|
71
|
-
'/opt/puppetlabs/puppet/vendor_modules'
|
72
|
-
end
|
58
|
+
Puppet.run_mode.vendor_module_dir
|
73
59
|
end
|
74
60
|
|
75
61
|
############################################################################################
|
@@ -51,6 +51,8 @@ class Puppet::FileServing::HttpMetadata < Puppet::FileServing::Metadata
|
|
51
51
|
# Prefer the checksum_type from the indirector request options
|
52
52
|
# but fall back to the alternative otherwise
|
53
53
|
[@checksum_type, :sha256, :sha1, :md5, :mtime].each do |type|
|
54
|
+
next if type == :md5 && Puppet::Util::Platform.fips_enabled?
|
55
|
+
|
54
56
|
@checksum_type = type
|
55
57
|
@checksum = @checksums[type]
|
56
58
|
break if @checksum
|
@@ -20,13 +20,10 @@ Puppet::Functions.create_function(:regsubst) do
|
|
20
20
|
# - *M* Multiline regexps
|
21
21
|
# - *G* Global replacement; all occurrences of the regexp in each target string will be replaced. Without this, only the first occurrence will be replaced.
|
22
22
|
# @param encoding [Enum['N','E','S','U']]
|
23
|
-
#
|
24
|
-
# precompiled regexp). A single-character string with the following values:
|
25
|
-
# - *N* None
|
26
|
-
# - *E* EUC
|
27
|
-
# - *S* SJIS
|
28
|
-
# - *U* UTF-8
|
23
|
+
# Deprecated and ignored parameter, only here for compatibility.
|
29
24
|
# @return [Array[String], String] The result of the substitution. Result type is the same as for the target parameter.
|
25
|
+
# @deprecated
|
26
|
+
# This method has the optional encoding parameter, which is ignored.
|
30
27
|
# @example Get the third octet from the node's IP address:
|
31
28
|
# ```puppet
|
32
29
|
# $i3 = regsubst($ipaddress,'^(\\d+)\\.(\\d+)\\.(\\d+)\\.(\\d+)$','\\3')
|
@@ -56,13 +53,6 @@ Puppet::Functions.create_function(:regsubst) do
|
|
56
53
|
# - *I* Ignore case in regexps
|
57
54
|
# - *M* Multiline regexps
|
58
55
|
# - *G* Global replacement; all occurrences of the regexp in each target string will be replaced. Without this, only the first occurrence will be replaced.
|
59
|
-
# @param encoding [Enum['N','E','S','U']]
|
60
|
-
# Optional. How to handle multibyte characters when compiling the regexp (must not be used when pattern is a
|
61
|
-
# precompiled regexp). A single-character string with the following values:
|
62
|
-
# - *N* None
|
63
|
-
# - *E* EUC
|
64
|
-
# - *S* SJIS
|
65
|
-
# - *U* UTF-8
|
66
56
|
# @return [Array[String], String] The result of the substitution. Result type is the same as for the target parameter.
|
67
57
|
# @example Put angle brackets around each octet in the node's IP address:
|
68
58
|
# ```puppet
|
@@ -76,6 +66,13 @@ Puppet::Functions.create_function(:regsubst) do
|
|
76
66
|
end
|
77
67
|
|
78
68
|
def regsubst_string(target, pattern, replacement, flags = nil, encoding = nil)
|
69
|
+
if encoding
|
70
|
+
Puppet.warn_once(
|
71
|
+
'deprecations', 'regsubst_function_encoding',
|
72
|
+
_("The regsubst() function's encoding argument has been ignored since Ruby 1.9 and will be removed in a future release")
|
73
|
+
)
|
74
|
+
end
|
75
|
+
|
79
76
|
re_flags = 0
|
80
77
|
operation = :sub
|
81
78
|
unless flags.nil?
|
@@ -88,7 +85,7 @@ Puppet::Functions.create_function(:regsubst) do
|
|
88
85
|
end
|
89
86
|
end
|
90
87
|
end
|
91
|
-
inner_regsubst(target, Regexp.compile(pattern, re_flags
|
88
|
+
inner_regsubst(target, Regexp.compile(pattern, re_flags), replacement, operation)
|
92
89
|
end
|
93
90
|
|
94
91
|
def regsubst_regexp(target, pattern, replacement, flags = nil)
|
@@ -2,6 +2,7 @@
|
|
2
2
|
|
3
3
|
require_relative '../../../puppet/environments'
|
4
4
|
require_relative '../../../puppet/node'
|
5
|
+
require_relative '../../../puppet/node/server_facts'
|
5
6
|
require_relative '../../../puppet/resource/catalog'
|
6
7
|
require_relative '../../../puppet/indirector/code'
|
7
8
|
require_relative '../../../puppet/util/profiler'
|
@@ -426,40 +427,6 @@ class Puppet::Resource::Catalog::Compiler < Puppet::Indirector::Code
|
|
426
427
|
#
|
427
428
|
# See also set_server_facts in Puppet::Server::Compiler in puppetserver.
|
428
429
|
def set_server_facts
|
429
|
-
@server_facts =
|
430
|
-
|
431
|
-
# Add our server Puppet Enterprise version, if available.
|
432
|
-
pe_version_file = '/opt/puppetlabs/server/pe_version'
|
433
|
-
if File.readable?(pe_version_file) and !File.zero?(pe_version_file)
|
434
|
-
@server_facts['pe_serverversion'] = File.read(pe_version_file).chomp
|
435
|
-
end
|
436
|
-
|
437
|
-
# Add our server version to the fact list
|
438
|
-
@server_facts["serverversion"] = Puppet.version.to_s
|
439
|
-
|
440
|
-
# And then add the server name and IP
|
441
|
-
{ "servername" => "networking.fqdn",
|
442
|
-
"serverip" => "networking.ip",
|
443
|
-
"serverip6" => "networking.ip6" }.each do |var, fact|
|
444
|
-
value = Puppet.runtime[:facter].value(fact)
|
445
|
-
unless value.nil?
|
446
|
-
@server_facts[var] = value
|
447
|
-
end
|
448
|
-
end
|
449
|
-
|
450
|
-
if @server_facts["servername"].nil?
|
451
|
-
host = Puppet.runtime[:facter].value('networking.hostname')
|
452
|
-
if host.nil?
|
453
|
-
Puppet.warning _("Could not retrieve fact servername")
|
454
|
-
elsif domain = Puppet.runtime[:facter].value('networking.domain') # rubocop:disable Lint/AssignmentInCondition
|
455
|
-
@server_facts["servername"] = [host, domain].join(".")
|
456
|
-
else
|
457
|
-
@server_facts["servername"] = host
|
458
|
-
end
|
459
|
-
end
|
460
|
-
|
461
|
-
if @server_facts["serverip"].nil? && @server_facts["serverip6"].nil?
|
462
|
-
Puppet.warning _("Could not retrieve either serverip or serverip6 fact")
|
463
|
-
end
|
430
|
+
@server_facts = Puppet::Node::ServerFacts.load
|
464
431
|
end
|
465
432
|
end
|
@@ -4,18 +4,20 @@ require 'shellwords'
|
|
4
4
|
|
5
5
|
class Puppet::ModuleTool::Tar::Gnu
|
6
6
|
def unpack(sourcefile, destdir, owner)
|
7
|
-
|
7
|
+
safe_sourcefile = Shellwords.shellescape(File.expand_path(sourcefile))
|
8
8
|
destdir = File.expand_path(destdir)
|
9
|
+
safe_destdir = Shellwords.shellescape(destdir)
|
9
10
|
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
Puppet::Util::Execution.execute("chown -R #{owner} .")
|
15
|
-
end
|
11
|
+
Puppet::Util::Execution.execute("gzip -dc #{safe_sourcefile} | tar --extract --no-same-owner --directory #{safe_destdir} --file -")
|
12
|
+
Puppet::Util::Execution.execute(['find', destdir, '-type', 'd', '-exec', 'chmod', '755', '{}', '+'])
|
13
|
+
Puppet::Util::Execution.execute(['find', destdir, '-type', 'f', '-exec', 'chmod', 'u+rw,g+r,a-st', '{}', '+'])
|
14
|
+
Puppet::Util::Execution.execute(['chown', '-R', owner, destdir])
|
16
15
|
end
|
17
16
|
|
18
17
|
def pack(sourcedir, destfile)
|
19
|
-
|
18
|
+
safe_sourcedir = Shellwords.shellescape(sourcedir)
|
19
|
+
safe_destfile = Shellwords.shellescape(File.basename(destfile))
|
20
|
+
|
21
|
+
Puppet::Util::Execution.execute("tar cf - #{safe_sourcedir} | gzip -c > #{safe_destfile}")
|
20
22
|
end
|
21
23
|
end
|
@@ -0,0 +1,43 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
class Puppet::Node::ServerFacts
|
4
|
+
def self.load
|
5
|
+
server_facts = {}
|
6
|
+
|
7
|
+
# Add our server Puppet Enterprise version, if available.
|
8
|
+
pe_version_file = '/opt/puppetlabs/server/pe_version'
|
9
|
+
if File.readable?(pe_version_file) and !File.zero?(pe_version_file)
|
10
|
+
server_facts['pe_serverversion'] = File.read(pe_version_file).chomp
|
11
|
+
end
|
12
|
+
|
13
|
+
# Add our server version to the fact list
|
14
|
+
server_facts["serverversion"] = Puppet.version.to_s
|
15
|
+
|
16
|
+
# And then add the server name and IP
|
17
|
+
{ "servername" => "networking.fqdn",
|
18
|
+
"serverip" => "networking.ip",
|
19
|
+
"serverip6" => "networking.ip6" }.each do |var, fact|
|
20
|
+
value = Puppet.runtime[:facter].value(fact)
|
21
|
+
unless value.nil?
|
22
|
+
server_facts[var] = value
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
if server_facts["servername"].nil?
|
27
|
+
host = Puppet.runtime[:facter].value('networking.hostname')
|
28
|
+
if host.nil?
|
29
|
+
Puppet.warning _("Could not retrieve fact servername")
|
30
|
+
elsif domain = Puppet.runtime[:facter].value('networking.domain') # rubocop:disable Lint/AssignmentInCondition
|
31
|
+
server_facts["servername"] = [host, domain].join(".")
|
32
|
+
else
|
33
|
+
server_facts["servername"] = host
|
34
|
+
end
|
35
|
+
end
|
36
|
+
|
37
|
+
if server_facts["serverip"].nil? && server_facts["serverip6"].nil?
|
38
|
+
Puppet.warning _("Could not retrieve either serverip or serverip6 fact")
|
39
|
+
end
|
40
|
+
|
41
|
+
server_facts
|
42
|
+
end
|
43
|
+
end
|
@@ -31,7 +31,8 @@ Puppet::Parser::Functions.newfunction(:generate, :arity => -2, :type => :rvalue,
|
|
31
31
|
end
|
32
32
|
|
33
33
|
begin
|
34
|
-
|
34
|
+
dir = File.dirname(args[0])
|
35
|
+
Puppet::Util::Execution.execute(args, failonfail: true, combine: true, cwd: dir).to_str
|
35
36
|
rescue Puppet::ExecutionFailure => detail
|
36
37
|
raise Puppet::ParseError, _("Failed to execute generator %{generator}: %{detail}") % { generator: args[0], detail: detail }, detail.backtrace
|
37
38
|
end
|
@@ -89,17 +89,25 @@ class DeferredResolver
|
|
89
89
|
overrides = {}
|
90
90
|
r.parameters.each_pair do |k, v|
|
91
91
|
resolved = resolve(v)
|
92
|
-
# If the value is instance of Sensitive - assign the unwrapped value
|
93
|
-
# and mark it as sensitive if not already marked
|
94
|
-
#
|
95
92
|
case resolved
|
96
93
|
when Puppet::Pops::Types::PSensitiveType::Sensitive
|
94
|
+
# If the resolved value is instance of Sensitive - assign the unwrapped value
|
95
|
+
# and mark it as sensitive if not already marked
|
96
|
+
#
|
97
97
|
resolved = resolved.unwrap
|
98
98
|
mark_sensitive_parameters(r, k)
|
99
|
-
|
100
|
-
# The DeferredValue.resolve method will unwrap it during catalog application
|
99
|
+
|
101
100
|
when Puppet::Pops::Evaluator::DeferredValue
|
102
|
-
|
101
|
+
# If the resolved value is a DeferredValue and it has an argument of type
|
102
|
+
# PSensitiveType, mark it as sensitive. Since DeferredValues can nest,
|
103
|
+
# we must walk all arguments, e.g. the DeferredValue may call the `epp`
|
104
|
+
# function, where one of its arguments is a DeferredValue to call the
|
105
|
+
# `vault:lookup` function.
|
106
|
+
#
|
107
|
+
# The DeferredValue.resolve method will unwrap the sensitive during
|
108
|
+
# catalog application
|
109
|
+
#
|
110
|
+
if contains_sensitive_args?(v)
|
103
111
|
mark_sensitive_parameters(r, k)
|
104
112
|
end
|
105
113
|
end
|
@@ -109,6 +117,33 @@ class DeferredResolver
|
|
109
117
|
end
|
110
118
|
end
|
111
119
|
|
120
|
+
# Return true if x contains an argument that is an instance of PSensitiveType:
|
121
|
+
#
|
122
|
+
# Deferred('new', [Sensitive, 'password'])
|
123
|
+
#
|
124
|
+
# Or an instance of PSensitiveType::Sensitive:
|
125
|
+
#
|
126
|
+
# Deferred('join', [['a', Sensitive('b')], ':'])
|
127
|
+
#
|
128
|
+
# Since deferred values can nest, descend into Arrays and Hash keys and values,
|
129
|
+
# short-circuiting when the first occurrence is found.
|
130
|
+
#
|
131
|
+
def contains_sensitive_args?(x)
|
132
|
+
case x
|
133
|
+
when @deferred_class
|
134
|
+
contains_sensitive_args?(x.arguments)
|
135
|
+
when Array
|
136
|
+
x.any? { |v| contains_sensitive_args?(v) }
|
137
|
+
when Hash
|
138
|
+
x.any? { |k, v| contains_sensitive_args?(k) || contains_sensitive_args?(v) }
|
139
|
+
when Puppet::Pops::Types::PSensitiveType, Puppet::Pops::Types::PSensitiveType::Sensitive
|
140
|
+
true
|
141
|
+
else
|
142
|
+
false
|
143
|
+
end
|
144
|
+
end
|
145
|
+
private :contains_sensitive_args?
|
146
|
+
|
112
147
|
def mark_sensitive_parameters(r, k)
|
113
148
|
unless r.sensitive_parameters.include?(k.to_sym)
|
114
149
|
r.sensitive_parameters = (r.sensitive_parameters + [k.to_sym]).freeze
|
@@ -76,7 +76,8 @@ module Runtime3ResourceSupport
|
|
76
76
|
end
|
77
77
|
|
78
78
|
def self.resource_to_ptype(resource)
|
79
|
-
nil if resource.nil?
|
79
|
+
return nil if resource.nil?
|
80
|
+
|
80
81
|
# inference returns the meta type since the 3x Resource is an alternate way to describe a type
|
81
82
|
Puppet::Pops::Types::TypeCalculator.singleton().infer(resource).type
|
82
83
|
end
|
@@ -443,12 +443,6 @@ module Runtime3Support
|
|
443
443
|
resource.valid_parameter?(name)
|
444
444
|
end
|
445
445
|
|
446
|
-
def resource_to_ptype(resource)
|
447
|
-
nil if resource.nil?
|
448
|
-
# inference returns the meta type since the 3x Resource is an alternate way to describe a type
|
449
|
-
type_calculator.infer(resource).type
|
450
|
-
end
|
451
|
-
|
452
446
|
# This is the same type of "truth" as used in the current Puppet DSL.
|
453
447
|
#
|
454
448
|
def is_true?(value, o)
|
@@ -12,8 +12,22 @@ Puppet::Type.type(:file).provide :posix do
|
|
12
12
|
require 'etc'
|
13
13
|
require_relative '../../../puppet/util/selinux'
|
14
14
|
|
15
|
-
|
16
|
-
|
15
|
+
class << self
|
16
|
+
def selinux_handle
|
17
|
+
return nil unless Puppet::Util::SELinux.selinux_support?
|
18
|
+
|
19
|
+
# selabel_open takes 3 args: backend, options, and nopt. The backend param
|
20
|
+
# is a constant, SELABEL_CTX_FILE, which happens to be 0. Since options is
|
21
|
+
# nil, nopt can be 0 since nopt represents the # of options specified.
|
22
|
+
@selinux_handle ||= Selinux.selabel_open(Selinux::SELABEL_CTX_FILE, nil, 0)
|
23
|
+
end
|
24
|
+
|
25
|
+
def post_resource_eval
|
26
|
+
if @selinux_handle
|
27
|
+
Selinux.selabel_close(@selinux_handle)
|
28
|
+
@selinux_handle = nil
|
29
|
+
end
|
30
|
+
end
|
17
31
|
end
|
18
32
|
|
19
33
|
def uid2name(id)
|
@@ -83,6 +83,7 @@ Puppet::Type.type(:package).provide :gem, :parent => Puppet::Provider::Package::
|
|
83
83
|
custom_environment[:PATH] = windows_path_without_puppet_bin
|
84
84
|
end
|
85
85
|
|
86
|
+
# This uses an unusual form of passing the command and args as [<cmd>, [<arg1>, <arg2>, ...]]
|
86
87
|
execute(cmd, { :failonfail => true, :combine => true, :custom_environment => custom_environment })
|
87
88
|
end
|
88
89
|
|
@@ -115,11 +115,12 @@ Puppet::Type.type(:package).provide :pkgutil, :parent => :sun, :source => :sun d
|
|
115
115
|
|
116
116
|
# Identify common types of pkgutil noise as it downloads catalogs etc
|
117
117
|
def self.noise?(line)
|
118
|
-
true if line =~ /^#/
|
119
|
-
true if line =~ /^Checking integrity / # use_gpg
|
120
|
-
true if line =~ /^gpg: / # gpg verification
|
121
|
-
true if line =~ /^=+> / # catalog fetch
|
122
|
-
true if line =~ /\d+:\d+:\d+ URL:/ # wget without -q
|
118
|
+
return true if line =~ /^#/
|
119
|
+
return true if line =~ /^Checking integrity / # use_gpg
|
120
|
+
return true if line =~ /^gpg: / # gpg verification
|
121
|
+
return true if line =~ /^=+> / # catalog fetch
|
122
|
+
return true if line =~ /\d+:\d+:\d+ URL:/ # wget without -q
|
123
|
+
|
123
124
|
false
|
124
125
|
end
|
125
126
|
|