puppet 8.7.0-universal-darwin → 8.8.1-universal-darwin

Sign up to get free protection for your applications and to get access to all the features.
Files changed (55) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +1 -0
  3. data/Gemfile.lock +32 -26
  4. data/ext/windows/service/daemon.rb +9 -2
  5. data/lib/puppet/application/doc.rb +1 -5
  6. data/lib/puppet/application/lookup.rb +2 -0
  7. data/lib/puppet/daemon.rb +0 -1
  8. data/lib/puppet/defaults.rb +5 -19
  9. data/lib/puppet/file_serving/http_metadata.rb +2 -0
  10. data/lib/puppet/functions/regsubst.rb +11 -14
  11. data/lib/puppet/indirector/catalog/compiler.rb +2 -35
  12. data/lib/puppet/module_tool/tar/gnu.rb +10 -8
  13. data/lib/puppet/node/server_facts.rb +43 -0
  14. data/lib/puppet/parser/functions/generate.rb +2 -1
  15. data/lib/puppet/pops/evaluator/deferred_resolver.rb +41 -6
  16. data/lib/puppet/pops/evaluator/runtime3_resource_support.rb +2 -1
  17. data/lib/puppet/pops/evaluator/runtime3_support.rb +0 -6
  18. data/lib/puppet/provider/file/posix.rb +16 -2
  19. data/lib/puppet/provider/package/gem.rb +1 -0
  20. data/lib/puppet/provider/package/pkgutil.rb +6 -5
  21. data/lib/puppet/provider/package/puppet_gem.rb +4 -15
  22. data/lib/puppet/scheduler/splay_job.rb +0 -9
  23. data/lib/puppet/type/file/selcontext.rb +7 -6
  24. data/lib/puppet/type/file/target.rb +9 -11
  25. data/lib/puppet/util/execution.rb +1 -1
  26. data/lib/puppet/util/reference.rb +1 -30
  27. data/lib/puppet/util/run_mode.rb +40 -0
  28. data/lib/puppet/util/selinux.rb +14 -4
  29. data/lib/puppet/util/windows/daemon.rb +15 -32
  30. data/lib/puppet/version.rb +1 -1
  31. data/locales/puppet.pot +90 -94
  32. data/man/man5/puppet.conf.5 +2 -2
  33. data/man/man8/puppet-agent.8 +1 -1
  34. data/man/man8/puppet-apply.8 +1 -1
  35. data/man/man8/puppet-catalog.8 +1 -1
  36. data/man/man8/puppet-config.8 +1 -1
  37. data/man/man8/puppet-describe.8 +1 -1
  38. data/man/man8/puppet-device.8 +1 -1
  39. data/man/man8/puppet-doc.8 +1 -1
  40. data/man/man8/puppet-epp.8 +1 -1
  41. data/man/man8/puppet-facts.8 +1 -1
  42. data/man/man8/puppet-filebucket.8 +1 -1
  43. data/man/man8/puppet-generate.8 +1 -1
  44. data/man/man8/puppet-help.8 +1 -1
  45. data/man/man8/puppet-lookup.8 +1 -1
  46. data/man/man8/puppet-module.8 +1 -1
  47. data/man/man8/puppet-node.8 +1 -1
  48. data/man/man8/puppet-parser.8 +1 -1
  49. data/man/man8/puppet-plugin.8 +1 -1
  50. data/man/man8/puppet-report.8 +1 -1
  51. data/man/man8/puppet-resource.8 +1 -1
  52. data/man/man8/puppet-script.8 +1 -1
  53. data/man/man8/puppet-ssl.8 +1 -1
  54. data/man/man8/puppet.8 +2 -2
  55. metadata +44 -29
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 87e125da3b71dd69b02503160668ae64c6e6d575104627c859b36b0e847a4c77
4
- data.tar.gz: 8ba56ba9b32f9a2da14736a8aab0cff97606dce021854d87e0231516c4935304
3
+ metadata.gz: 486f5482ccb61036227eb302890da483584f8203e63d5efcc3b5a7696abe0cbd
4
+ data.tar.gz: 7d7b9b8f44376cf3c80c45665a6189db82df035fcb8d0a3691ea13bc35902485
5
5
  SHA512:
6
- metadata.gz: 48ab80d4f16ef3fef119dd77e707ee092f0566d5d43e87fae6a7a4540d975bff5563fc70dd0ec80bc03da192950b06788fc41bdbf36f292ca0076428e51ec22b
7
- data.tar.gz: acf53931c333506738716bb81cc1011779e080e3d4eb893562f6901bbff5c47feebf4550d378d4d0fed27b58b6875321f7bbe3e910bfc91b96eed75ff60d7fe9
6
+ metadata.gz: bd2e4c417a3a436d9015f1ca619f71f45438a0287e532a847d548eeecf221b314972fcd7d10083ad99ae89a84e69ba4b8d6a57619456d0742a937e33fac29631
7
+ data.tar.gz: 74292f0ba13a8975cd133427c926310c7b85973717cb3b5b7310aae323b9f5a4b924e5e17b102a6d13e6e1a6d810e94062a7386e8cd490c2bae8d09e43bcc272
data/Gemfile CHANGED
@@ -35,6 +35,7 @@ group(:features) do
35
35
  # requires native ldap headers/libs
36
36
  # gem 'ruby-ldap', '~> 0.9', require: false, platforms: [:ruby]
37
37
  gem 'puppetserver-ca', '~> 2.0', require: false
38
+ gem 'syslog', '~> 0.1.1', require: false, platforms: [:ruby]
38
39
  gem 'CFPropertyList', ['>= 3.0.6', '< 4'], require: false
39
40
  end
40
41
 
data/Gemfile.lock CHANGED
@@ -1,11 +1,12 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- puppet (8.7.0)
4
+ puppet (8.8.1)
5
5
  concurrent-ruby (~> 1.0)
6
6
  deep_merge (~> 1.0)
7
7
  facter (>= 4.3.0, < 5)
8
- fast_gettext (>= 2.1, < 3)
8
+ fast_gettext (>= 2.1, < 4)
9
+ getoptlong (~> 0.2.0)
9
10
  locale (~> 2.1)
10
11
  multi_json (~> 1.13)
11
12
  puppet-resource_api (~> 1.5)
@@ -19,14 +20,14 @@ GEM
19
20
  base64
20
21
  nkf
21
22
  rexml
22
- addressable (2.8.6)
23
- public_suffix (>= 2.0.2, < 6.0)
23
+ addressable (2.8.7)
24
+ public_suffix (>= 2.0.2, < 7.0)
24
25
  artifactory (3.0.17)
25
26
  ast (2.4.2)
26
27
  base64 (0.2.0)
27
28
  bigdecimal (3.1.8)
28
29
  coderay (1.1.3)
29
- concurrent-ruby (1.3.1)
30
+ concurrent-ruby (1.3.3)
30
31
  crack (1.0.0)
31
32
  bigdecimal
32
33
  rexml
@@ -37,18 +38,20 @@ GEM
37
38
  digest-crc (0.6.5)
38
39
  rake (>= 12.0.0, < 14.0.0)
39
40
  docopt (0.6.1)
40
- erubi (1.12.0)
41
- facter (4.7.0)
41
+ erubi (1.13.0)
42
+ facter (4.8.0)
42
43
  hocon (~> 1.3)
43
44
  thor (>= 1.0.1, < 1.3)
44
- faraday (2.9.1)
45
+ faraday (2.10.0)
45
46
  faraday-net_http (>= 2.0, < 3.2)
47
+ logger
46
48
  faraday-net_http (3.1.0)
47
49
  net-http
48
50
  fast_gettext (2.4.0)
49
51
  prime
50
52
  ffi (1.16.3)
51
53
  forwardable (1.3.3)
54
+ getoptlong (0.2.1)
52
55
  gettext (3.4.9)
53
56
  erubi
54
57
  locale (>= 2.0.5)
@@ -69,7 +72,7 @@ GEM
69
72
  rexml
70
73
  google-apis-iamcredentials_v1 (0.21.0)
71
74
  google-apis-core (>= 0.15.0, < 2.a)
72
- google-apis-storage_v1 (0.39.0)
75
+ google-apis-storage_v1 (0.40.0)
73
76
  google-apis-core (>= 0.15.0, < 2.a)
74
77
  google-cloud-core (1.7.0)
75
78
  google-cloud-env (>= 1.0, < 3.a)
@@ -104,11 +107,12 @@ GEM
104
107
  json (2.7.2)
105
108
  json-schema (2.8.1)
106
109
  addressable (>= 2.4)
107
- jwt (2.8.1)
110
+ jwt (2.8.2)
108
111
  base64
109
112
  language_server-protocol (3.17.0.3)
110
113
  locale (2.1.4)
111
- memory_profiler (1.0.1)
114
+ logger (1.6.0)
115
+ memory_profiler (1.0.2)
112
116
  method_source (1.1.0)
113
117
  mini_mime (1.1.5)
114
118
  minitar (0.9)
@@ -127,8 +131,8 @@ GEM
127
131
  googleauth
128
132
  rake (>= 12.3)
129
133
  release-metrics
130
- parallel (1.24.0)
131
- parser (3.3.2.0)
134
+ parallel (1.25.1)
135
+ parser (3.3.4.0)
132
136
  ast (~> 2.4.1)
133
137
  racc
134
138
  prime (0.1.2)
@@ -137,7 +141,7 @@ GEM
137
141
  pry (0.14.2)
138
142
  coderay (~> 1.1)
139
143
  method_source (~> 1.0)
140
- public_suffix (5.0.5)
144
+ public_suffix (6.0.1)
141
145
  puppet-resource_api (1.9.0)
142
146
  hocon (>= 1.0)
143
147
  puppetserver-ca (2.7.0)
@@ -156,8 +160,8 @@ GEM
156
160
  trailblazer-option (>= 0.1.1, < 0.2.0)
157
161
  uber (< 0.2.0)
158
162
  retriable (3.1.2)
159
- rexml (3.2.8)
160
- strscan (>= 3.0.9)
163
+ rexml (3.3.2)
164
+ strscan
161
165
  ronn (0.7.3)
162
166
  hpricot (>= 0.8.2)
163
167
  mustache (>= 0.7.0)
@@ -168,7 +172,7 @@ GEM
168
172
  rspec-mocks (~> 3.13.0)
169
173
  rspec-core (3.13.0)
170
174
  rspec-support (~> 3.13.0)
171
- rspec-expectations (3.13.0)
175
+ rspec-expectations (3.13.1)
172
176
  diff-lcs (>= 1.2.0, < 2.0)
173
177
  rspec-support (~> 3.13.0)
174
178
  rspec-its (1.3.0)
@@ -178,37 +182,37 @@ GEM
178
182
  diff-lcs (>= 1.2.0, < 2.0)
179
183
  rspec-support (~> 3.13.0)
180
184
  rspec-support (3.13.1)
181
- rubocop (1.64.1)
185
+ rubocop (1.65.0)
182
186
  json (~> 2.3)
183
187
  language_server-protocol (>= 3.17.0)
184
188
  parallel (~> 1.10)
185
189
  parser (>= 3.3.0.2)
186
190
  rainbow (>= 2.2.2, < 4.0)
187
- regexp_parser (>= 1.8, < 3.0)
191
+ regexp_parser (>= 2.4, < 3.0)
188
192
  rexml (>= 3.2.5, < 4.0)
189
193
  rubocop-ast (>= 1.31.1, < 2.0)
190
194
  ruby-progressbar (~> 1.7)
191
195
  unicode-display_width (>= 2.4.0, < 3.0)
192
196
  rubocop-ast (1.31.3)
193
197
  parser (>= 3.3.1.0)
194
- rubocop-capybara (2.20.0)
195
- rubocop (~> 1.41)
196
- rubocop-factory_bot (2.25.1)
198
+ rubocop-capybara (2.21.0)
197
199
  rubocop (~> 1.41)
200
+ rubocop-factory_bot (2.26.1)
201
+ rubocop (~> 1.61)
198
202
  rubocop-i18n (3.0.0)
199
203
  rubocop (~> 1.0)
200
- rubocop-performance (1.21.0)
204
+ rubocop-performance (1.21.1)
201
205
  rubocop (>= 1.48.1, < 2.0)
202
206
  rubocop-ast (>= 1.31.1, < 2.0)
203
207
  rubocop-rake (0.6.0)
204
208
  rubocop (~> 1.0)
205
- rubocop-rspec (2.30.0)
209
+ rubocop-rspec (2.31.0)
206
210
  rubocop (~> 1.40)
207
211
  rubocop-capybara (~> 2.17)
208
212
  rubocop-factory_bot (~> 2.22)
209
213
  rubocop-rspec_rails (~> 2.28)
210
- rubocop-rspec_rails (2.28.3)
211
- rubocop (~> 1.40)
214
+ rubocop-rspec_rails (2.29.1)
215
+ rubocop (~> 1.61)
212
216
  ruby-prof (1.7.0)
213
217
  ruby-progressbar (1.13.0)
214
218
  scanf (1.0.0)
@@ -220,6 +224,7 @@ GEM
220
224
  multi_json (~> 1.10)
221
225
  singleton (0.2.0)
222
226
  strscan (3.1.0)
227
+ syslog (0.1.2)
223
228
  text (1.3.1)
224
229
  thor (1.2.2)
225
230
  trailblazer-option (0.1.2)
@@ -268,6 +273,7 @@ DEPENDENCIES
268
273
  rubocop-rspec (~> 2.0)
269
274
  ruby-prof (>= 0.16.0)
270
275
  semantic_puppet (~> 1.0)
276
+ syslog (~> 0.1.1)
271
277
  vcr (~> 6.1)
272
278
  webmock (~> 3.0)
273
279
  webrick (~> 1.7)
@@ -155,12 +155,19 @@ class WindowsDaemon < Puppet::Util::Windows::Daemon
155
155
  end
156
156
  end
157
157
 
158
+ # Parses runinterval.
159
+ #
160
+ # @param puppet_path [String] The file path for the Puppet executable.
161
+ # @return runinterval [Integer] How often to do a Puppet run, in seconds.
158
162
  def parse_runinterval(puppet_path)
159
163
  begin
160
- runinterval = %x(#{puppet_path} config --section agent --log_level notice print runinterval).to_i
161
- if runinterval == 0
164
+ runinterval = %x(#{puppet_path} config --section agent --log_level notice print runinterval).chomp
165
+ if runinterval == ''
162
166
  runinterval = 1800
163
167
  log_err("Failed to determine runinterval, defaulting to #{runinterval} seconds")
168
+ else
169
+ # Use Kernel#Integer because to_i will return 0 with non-numeric strings.
170
+ runinterval = Integer(runinterval)
164
171
  end
165
172
  rescue Exception => e
166
173
  log_exception(e)
@@ -173,11 +173,7 @@ class Puppet::Application::Doc < Puppet::Application
173
173
 
174
174
  text += Puppet::Util::Reference.footer unless with_contents # We've only got one reference
175
175
 
176
- if options[:mode] == :pdf
177
- Puppet::Util::Reference.pdf(text)
178
- else
179
- puts text
180
- end
176
+ puts text
181
177
 
182
178
  exit exit_code
183
179
  end
@@ -3,6 +3,7 @@
3
3
  require_relative '../../puppet/application'
4
4
  require_relative '../../puppet/pops'
5
5
  require_relative '../../puppet/node'
6
+ require_relative '../../puppet/node/server_facts'
6
7
  require_relative '../../puppet/parser/compiler'
7
8
 
8
9
  class Puppet::Application::Lookup < Puppet::Application
@@ -403,6 +404,7 @@ class Puppet::Application::Lookup < Puppet::Application
403
404
  end
404
405
  end
405
406
  node.environment = Puppet[:environment] if Puppet.settings.set_by_cli?(:environment)
407
+ node.add_server_facts(Puppet::Node::ServerFacts.load)
406
408
  Puppet[:code] = 'undef' unless options[:compile]
407
409
  compiler = Puppet::Parser::Compiler.new(node)
408
410
  if options[:node]
data/lib/puppet/daemon.rb CHANGED
@@ -165,7 +165,6 @@ class Puppet::Daemon
165
165
  reparse_run = Puppet::Scheduler.create_job(Puppet[:filetimeout]) do
166
166
  Puppet.settings.reparse_config_files
167
167
  agent_run.run_interval = Puppet[:runinterval]
168
- agent_run.splay_limit = Puppet[:splaylimit] if Puppet[:splay]
169
168
  if Puppet[:filetimeout] == 0
170
169
  reparse_run.disable
171
170
  else
@@ -47,29 +47,15 @@ module Puppet
47
47
  end
48
48
 
49
49
  def self.default_basemodulepath
50
- if Puppet::Util::Platform.windows?
51
- path = ['$codedir/modules']
52
- installdir = ENV.fetch("FACTER_env_windows_installdir", nil)
53
- if installdir
54
- path << "#{installdir}/puppet/modules"
55
- end
56
- path.join(File::PATH_SEPARATOR)
57
- else
58
- '$codedir/modules:/opt/puppetlabs/puppet/modules'
50
+ path = ['$codedir/modules']
51
+ if (run_mode_dir = Puppet.run_mode.common_module_dir)
52
+ path << run_mode_dir
59
53
  end
54
+ path.join(File::PATH_SEPARATOR)
60
55
  end
61
56
 
62
57
  def self.default_vendormoduledir
63
- if Puppet::Util::Platform.windows?
64
- installdir = ENV.fetch("FACTER_env_windows_installdir", nil)
65
- if installdir
66
- "#{installdir}\\puppet\\vendor_modules"
67
- else
68
- nil
69
- end
70
- else
71
- '/opt/puppetlabs/puppet/vendor_modules'
72
- end
58
+ Puppet.run_mode.vendor_module_dir
73
59
  end
74
60
 
75
61
  ############################################################################################
@@ -51,6 +51,8 @@ class Puppet::FileServing::HttpMetadata < Puppet::FileServing::Metadata
51
51
  # Prefer the checksum_type from the indirector request options
52
52
  # but fall back to the alternative otherwise
53
53
  [@checksum_type, :sha256, :sha1, :md5, :mtime].each do |type|
54
+ next if type == :md5 && Puppet::Util::Platform.fips_enabled?
55
+
54
56
  @checksum_type = type
55
57
  @checksum = @checksums[type]
56
58
  break if @checksum
@@ -20,13 +20,10 @@ Puppet::Functions.create_function(:regsubst) do
20
20
  # - *M* Multiline regexps
21
21
  # - *G* Global replacement; all occurrences of the regexp in each target string will be replaced. Without this, only the first occurrence will be replaced.
22
22
  # @param encoding [Enum['N','E','S','U']]
23
- # Optional. How to handle multibyte characters when compiling the regexp (must not be used when pattern is a
24
- # precompiled regexp). A single-character string with the following values:
25
- # - *N* None
26
- # - *E* EUC
27
- # - *S* SJIS
28
- # - *U* UTF-8
23
+ # Deprecated and ignored parameter, only here for compatibility.
29
24
  # @return [Array[String], String] The result of the substitution. Result type is the same as for the target parameter.
25
+ # @deprecated
26
+ # This method has the optional encoding parameter, which is ignored.
30
27
  # @example Get the third octet from the node's IP address:
31
28
  # ```puppet
32
29
  # $i3 = regsubst($ipaddress,'^(\\d+)\\.(\\d+)\\.(\\d+)\\.(\\d+)$','\\3')
@@ -56,13 +53,6 @@ Puppet::Functions.create_function(:regsubst) do
56
53
  # - *I* Ignore case in regexps
57
54
  # - *M* Multiline regexps
58
55
  # - *G* Global replacement; all occurrences of the regexp in each target string will be replaced. Without this, only the first occurrence will be replaced.
59
- # @param encoding [Enum['N','E','S','U']]
60
- # Optional. How to handle multibyte characters when compiling the regexp (must not be used when pattern is a
61
- # precompiled regexp). A single-character string with the following values:
62
- # - *N* None
63
- # - *E* EUC
64
- # - *S* SJIS
65
- # - *U* UTF-8
66
56
  # @return [Array[String], String] The result of the substitution. Result type is the same as for the target parameter.
67
57
  # @example Put angle brackets around each octet in the node's IP address:
68
58
  # ```puppet
@@ -76,6 +66,13 @@ Puppet::Functions.create_function(:regsubst) do
76
66
  end
77
67
 
78
68
  def regsubst_string(target, pattern, replacement, flags = nil, encoding = nil)
69
+ if encoding
70
+ Puppet.warn_once(
71
+ 'deprecations', 'regsubst_function_encoding',
72
+ _("The regsubst() function's encoding argument has been ignored since Ruby 1.9 and will be removed in a future release")
73
+ )
74
+ end
75
+
79
76
  re_flags = 0
80
77
  operation = :sub
81
78
  unless flags.nil?
@@ -88,7 +85,7 @@ Puppet::Functions.create_function(:regsubst) do
88
85
  end
89
86
  end
90
87
  end
91
- inner_regsubst(target, Regexp.compile(pattern, re_flags, encoding), replacement, operation)
88
+ inner_regsubst(target, Regexp.compile(pattern, re_flags), replacement, operation)
92
89
  end
93
90
 
94
91
  def regsubst_regexp(target, pattern, replacement, flags = nil)
@@ -2,6 +2,7 @@
2
2
 
3
3
  require_relative '../../../puppet/environments'
4
4
  require_relative '../../../puppet/node'
5
+ require_relative '../../../puppet/node/server_facts'
5
6
  require_relative '../../../puppet/resource/catalog'
6
7
  require_relative '../../../puppet/indirector/code'
7
8
  require_relative '../../../puppet/util/profiler'
@@ -426,40 +427,6 @@ class Puppet::Resource::Catalog::Compiler < Puppet::Indirector::Code
426
427
  #
427
428
  # See also set_server_facts in Puppet::Server::Compiler in puppetserver.
428
429
  def set_server_facts
429
- @server_facts = {}
430
-
431
- # Add our server Puppet Enterprise version, if available.
432
- pe_version_file = '/opt/puppetlabs/server/pe_version'
433
- if File.readable?(pe_version_file) and !File.zero?(pe_version_file)
434
- @server_facts['pe_serverversion'] = File.read(pe_version_file).chomp
435
- end
436
-
437
- # Add our server version to the fact list
438
- @server_facts["serverversion"] = Puppet.version.to_s
439
-
440
- # And then add the server name and IP
441
- { "servername" => "networking.fqdn",
442
- "serverip" => "networking.ip",
443
- "serverip6" => "networking.ip6" }.each do |var, fact|
444
- value = Puppet.runtime[:facter].value(fact)
445
- unless value.nil?
446
- @server_facts[var] = value
447
- end
448
- end
449
-
450
- if @server_facts["servername"].nil?
451
- host = Puppet.runtime[:facter].value('networking.hostname')
452
- if host.nil?
453
- Puppet.warning _("Could not retrieve fact servername")
454
- elsif domain = Puppet.runtime[:facter].value('networking.domain') # rubocop:disable Lint/AssignmentInCondition
455
- @server_facts["servername"] = [host, domain].join(".")
456
- else
457
- @server_facts["servername"] = host
458
- end
459
- end
460
-
461
- if @server_facts["serverip"].nil? && @server_facts["serverip6"].nil?
462
- Puppet.warning _("Could not retrieve either serverip or serverip6 fact")
463
- end
430
+ @server_facts = Puppet::Node::ServerFacts.load
464
431
  end
465
432
  end
@@ -4,18 +4,20 @@ require 'shellwords'
4
4
 
5
5
  class Puppet::ModuleTool::Tar::Gnu
6
6
  def unpack(sourcefile, destdir, owner)
7
- sourcefile = File.expand_path(sourcefile)
7
+ safe_sourcefile = Shellwords.shellescape(File.expand_path(sourcefile))
8
8
  destdir = File.expand_path(destdir)
9
+ safe_destdir = Shellwords.shellescape(destdir)
9
10
 
10
- Dir.chdir(destdir) do
11
- Puppet::Util::Execution.execute("gzip -dc #{Shellwords.shellescape(sourcefile)} | tar xof -")
12
- Puppet::Util::Execution.execute("find . -type d -exec chmod 755 {} +")
13
- Puppet::Util::Execution.execute("find . -type f -exec chmod u+rw,g+r,a-st {} +")
14
- Puppet::Util::Execution.execute("chown -R #{owner} .")
15
- end
11
+ Puppet::Util::Execution.execute("gzip -dc #{safe_sourcefile} | tar --extract --no-same-owner --directory #{safe_destdir} --file -")
12
+ Puppet::Util::Execution.execute(['find', destdir, '-type', 'd', '-exec', 'chmod', '755', '{}', '+'])
13
+ Puppet::Util::Execution.execute(['find', destdir, '-type', 'f', '-exec', 'chmod', 'u+rw,g+r,a-st', '{}', '+'])
14
+ Puppet::Util::Execution.execute(['chown', '-R', owner, destdir])
16
15
  end
17
16
 
18
17
  def pack(sourcedir, destfile)
19
- Puppet::Util::Execution.execute("tar cf - #{sourcedir} | gzip -c > #{File.basename(destfile)}")
18
+ safe_sourcedir = Shellwords.shellescape(sourcedir)
19
+ safe_destfile = Shellwords.shellescape(File.basename(destfile))
20
+
21
+ Puppet::Util::Execution.execute("tar cf - #{safe_sourcedir} | gzip -c > #{safe_destfile}")
20
22
  end
21
23
  end
@@ -0,0 +1,43 @@
1
+ # frozen_string_literal: true
2
+
3
+ class Puppet::Node::ServerFacts
4
+ def self.load
5
+ server_facts = {}
6
+
7
+ # Add our server Puppet Enterprise version, if available.
8
+ pe_version_file = '/opt/puppetlabs/server/pe_version'
9
+ if File.readable?(pe_version_file) and !File.zero?(pe_version_file)
10
+ server_facts['pe_serverversion'] = File.read(pe_version_file).chomp
11
+ end
12
+
13
+ # Add our server version to the fact list
14
+ server_facts["serverversion"] = Puppet.version.to_s
15
+
16
+ # And then add the server name and IP
17
+ { "servername" => "networking.fqdn",
18
+ "serverip" => "networking.ip",
19
+ "serverip6" => "networking.ip6" }.each do |var, fact|
20
+ value = Puppet.runtime[:facter].value(fact)
21
+ unless value.nil?
22
+ server_facts[var] = value
23
+ end
24
+ end
25
+
26
+ if server_facts["servername"].nil?
27
+ host = Puppet.runtime[:facter].value('networking.hostname')
28
+ if host.nil?
29
+ Puppet.warning _("Could not retrieve fact servername")
30
+ elsif domain = Puppet.runtime[:facter].value('networking.domain') # rubocop:disable Lint/AssignmentInCondition
31
+ server_facts["servername"] = [host, domain].join(".")
32
+ else
33
+ server_facts["servername"] = host
34
+ end
35
+ end
36
+
37
+ if server_facts["serverip"].nil? && server_facts["serverip6"].nil?
38
+ Puppet.warning _("Could not retrieve either serverip or serverip6 fact")
39
+ end
40
+
41
+ server_facts
42
+ end
43
+ end
@@ -31,7 +31,8 @@ Puppet::Parser::Functions.newfunction(:generate, :arity => -2, :type => :rvalue,
31
31
  end
32
32
 
33
33
  begin
34
- Dir.chdir(File.dirname(args[0])) { Puppet::Util::Execution.execute(args).to_str }
34
+ dir = File.dirname(args[0])
35
+ Puppet::Util::Execution.execute(args, failonfail: true, combine: true, cwd: dir).to_str
35
36
  rescue Puppet::ExecutionFailure => detail
36
37
  raise Puppet::ParseError, _("Failed to execute generator %{generator}: %{detail}") % { generator: args[0], detail: detail }, detail.backtrace
37
38
  end
@@ -89,17 +89,25 @@ class DeferredResolver
89
89
  overrides = {}
90
90
  r.parameters.each_pair do |k, v|
91
91
  resolved = resolve(v)
92
- # If the value is instance of Sensitive - assign the unwrapped value
93
- # and mark it as sensitive if not already marked
94
- #
95
92
  case resolved
96
93
  when Puppet::Pops::Types::PSensitiveType::Sensitive
94
+ # If the resolved value is instance of Sensitive - assign the unwrapped value
95
+ # and mark it as sensitive if not already marked
96
+ #
97
97
  resolved = resolved.unwrap
98
98
  mark_sensitive_parameters(r, k)
99
- # If the value is a DeferredValue and it has an argument of type PSensitiveType, mark it as sensitive
100
- # The DeferredValue.resolve method will unwrap it during catalog application
99
+
101
100
  when Puppet::Pops::Evaluator::DeferredValue
102
- if v.arguments.any? { |arg| arg.is_a?(Puppet::Pops::Types::PSensitiveType) }
101
+ # If the resolved value is a DeferredValue and it has an argument of type
102
+ # PSensitiveType, mark it as sensitive. Since DeferredValues can nest,
103
+ # we must walk all arguments, e.g. the DeferredValue may call the `epp`
104
+ # function, where one of its arguments is a DeferredValue to call the
105
+ # `vault:lookup` function.
106
+ #
107
+ # The DeferredValue.resolve method will unwrap the sensitive during
108
+ # catalog application
109
+ #
110
+ if contains_sensitive_args?(v)
103
111
  mark_sensitive_parameters(r, k)
104
112
  end
105
113
  end
@@ -109,6 +117,33 @@ class DeferredResolver
109
117
  end
110
118
  end
111
119
 
120
+ # Return true if x contains an argument that is an instance of PSensitiveType:
121
+ #
122
+ # Deferred('new', [Sensitive, 'password'])
123
+ #
124
+ # Or an instance of PSensitiveType::Sensitive:
125
+ #
126
+ # Deferred('join', [['a', Sensitive('b')], ':'])
127
+ #
128
+ # Since deferred values can nest, descend into Arrays and Hash keys and values,
129
+ # short-circuiting when the first occurrence is found.
130
+ #
131
+ def contains_sensitive_args?(x)
132
+ case x
133
+ when @deferred_class
134
+ contains_sensitive_args?(x.arguments)
135
+ when Array
136
+ x.any? { |v| contains_sensitive_args?(v) }
137
+ when Hash
138
+ x.any? { |k, v| contains_sensitive_args?(k) || contains_sensitive_args?(v) }
139
+ when Puppet::Pops::Types::PSensitiveType, Puppet::Pops::Types::PSensitiveType::Sensitive
140
+ true
141
+ else
142
+ false
143
+ end
144
+ end
145
+ private :contains_sensitive_args?
146
+
112
147
  def mark_sensitive_parameters(r, k)
113
148
  unless r.sensitive_parameters.include?(k.to_sym)
114
149
  r.sensitive_parameters = (r.sensitive_parameters + [k.to_sym]).freeze
@@ -76,7 +76,8 @@ module Runtime3ResourceSupport
76
76
  end
77
77
 
78
78
  def self.resource_to_ptype(resource)
79
- nil if resource.nil?
79
+ return nil if resource.nil?
80
+
80
81
  # inference returns the meta type since the 3x Resource is an alternate way to describe a type
81
82
  Puppet::Pops::Types::TypeCalculator.singleton().infer(resource).type
82
83
  end
@@ -443,12 +443,6 @@ module Runtime3Support
443
443
  resource.valid_parameter?(name)
444
444
  end
445
445
 
446
- def resource_to_ptype(resource)
447
- nil if resource.nil?
448
- # inference returns the meta type since the 3x Resource is an alternate way to describe a type
449
- type_calculator.infer(resource).type
450
- end
451
-
452
446
  # This is the same type of "truth" as used in the current Puppet DSL.
453
447
  #
454
448
  def is_true?(value, o)
@@ -12,8 +12,22 @@ Puppet::Type.type(:file).provide :posix do
12
12
  require 'etc'
13
13
  require_relative '../../../puppet/util/selinux'
14
14
 
15
- def self.post_resource_eval
16
- Selinux.matchpathcon_fini if Puppet::Util::SELinux.selinux_support?
15
+ class << self
16
+ def selinux_handle
17
+ return nil unless Puppet::Util::SELinux.selinux_support?
18
+
19
+ # selabel_open takes 3 args: backend, options, and nopt. The backend param
20
+ # is a constant, SELABEL_CTX_FILE, which happens to be 0. Since options is
21
+ # nil, nopt can be 0 since nopt represents the # of options specified.
22
+ @selinux_handle ||= Selinux.selabel_open(Selinux::SELABEL_CTX_FILE, nil, 0)
23
+ end
24
+
25
+ def post_resource_eval
26
+ if @selinux_handle
27
+ Selinux.selabel_close(@selinux_handle)
28
+ @selinux_handle = nil
29
+ end
30
+ end
17
31
  end
18
32
 
19
33
  def uid2name(id)
@@ -83,6 +83,7 @@ Puppet::Type.type(:package).provide :gem, :parent => Puppet::Provider::Package::
83
83
  custom_environment[:PATH] = windows_path_without_puppet_bin
84
84
  end
85
85
 
86
+ # This uses an unusual form of passing the command and args as [<cmd>, [<arg1>, <arg2>, ...]]
86
87
  execute(cmd, { :failonfail => true, :combine => true, :custom_environment => custom_environment })
87
88
  end
88
89
 
@@ -115,11 +115,12 @@ Puppet::Type.type(:package).provide :pkgutil, :parent => :sun, :source => :sun d
115
115
 
116
116
  # Identify common types of pkgutil noise as it downloads catalogs etc
117
117
  def self.noise?(line)
118
- true if line =~ /^#/
119
- true if line =~ /^Checking integrity / # use_gpg
120
- true if line =~ /^gpg: / # gpg verification
121
- true if line =~ /^=+> / # catalog fetch
122
- true if line =~ /\d+:\d+:\d+ URL:/ # wget without -q
118
+ return true if line =~ /^#/
119
+ return true if line =~ /^Checking integrity / # use_gpg
120
+ return true if line =~ /^gpg: / # gpg verification
121
+ return true if line =~ /^=+> / # catalog fetch
122
+ return true if line =~ /\d+:\d+:\d+ URL:/ # wget without -q
123
+
123
124
  false
124
125
  end
125
126