Imported Upstream version 3.7.1upstream/3.7.1

12 files changed, 120 insertions, 66 deletions

diff --git a/lib/puppet/defaults.rb b/lib/puppet/defaults.rb
index b2cb92975..a37cfe43c 100644
--- a/lib/puppet/defaults.rb
+++ b/lib/puppet/defaults.rb
@@ -1056,13 +1056,6 @@ EOT
 
         In either case, the path can point to a single file or to a directory of
         manifests to be evaluated in alphabetical order.",
-      :hook       => proc do |value|
-        uninterpolated_value = self.value(true)
-        if uninterpolated_value =~ /\$environment/ || value =~ /\$environment/ then
-          raise(Puppet::Settings::ValidationError,
-                "You cannot interpolate '$environment' within the 'default_manifest' setting.")
-        end
-      end
     },
     :disable_per_environment_manifest => {
       :default    => false,
diff --git a/lib/puppet/module_tool/applications/unpacker.rb b/lib/puppet/module_tool/applications/unpacker.rb
index 8ffef3d64..1c609f200 100644
--- a/lib/puppet/module_tool/applications/unpacker.rb
+++ b/lib/puppet/module_tool/applications/unpacker.rb
@@ -46,7 +46,7 @@ module Puppet::ModuleTool
         tmpdirpath = Pathname.new tmpdir
 
         symlinks.each do |s|
-          Puppet.warning "Symlinks in modules are unsupported. Please investigate symlink #{s.relative_path_from tmpdirpath}->#{s.realpath.relative_path_from tmpdirpath}."
+          Puppet.warning "Symlinks in modules are unsupported. Please investigate symlink #{s.relative_path_from tmpdirpath}->#{Puppet::FileSystem.readlink(s)}."
         end
       end
 
diff --git a/lib/puppet/network/http/compression.rb b/lib/puppet/network/http/compression.rb
index 6e8314b72..839fe40b2 100644
--- a/lib/puppet/network/http/compression.rb
+++ b/lib/puppet/network/http/compression.rb
@@ -46,7 +46,11 @@ module Puppet::Network::HTTP::Compression
     end
 
     def add_accept_encoding(headers={})
-      headers['accept-encoding'] = 'gzip; q=1.0, deflate; q=1.0; identity' if Puppet.settings[:http_compression]
+      if Puppet.settings[:http_compression]
+        headers['accept-encoding'] = 'gzip; q=1.0, deflate; q=1.0; identity'
+      else
+        headers['accept-encoding'] = 'identity'
+      end
       headers
     end
 
diff --git a/lib/puppet/pops/loader/loader_paths.rb b/lib/puppet/pops/loader/loader_paths.rb
index 09bb7e5b0..505887915 100644
--- a/lib/puppet/pops/loader/loader_paths.rb
+++ b/lib/puppet/pops/loader/loader_paths.rb
@@ -75,7 +75,7 @@ module Puppet::Pops::Loader::LoaderPaths
   end
 
   class FunctionPath4x < RubySmartPath
-    FUNCTION_PATH_4X = File.join('lib', 'puppet', 'functions')
+    FUNCTION_PATH_4X = File.join('puppet', 'functions')
 
     def relative_path
       FUNCTION_PATH_4X
diff --git a/lib/puppet/pops/loader/module_loaders.rb b/lib/puppet/pops/loader/module_loaders.rb
index 40ff5141d..3edd51561 100644
--- a/lib/puppet/pops/loader/module_loaders.rb
+++ b/lib/puppet/pops/loader/module_loaders.rb
@@ -20,6 +20,28 @@
 # @api private
 #
 module Puppet::Pops::Loader::ModuleLoaders
+  def self.system_loader_from(parent_loader, loaders)
+    # Puppet system may be installed in a fixed location via RPM, installed as a Gem, via source etc.
+    # The only way to find this across the different ways puppet can be installed is
+    # to search up the path from this source file's __FILE__ location until it finds the base of
+    # puppet.
+    #
+    puppet_lib = File.join(File.dirname(__FILE__), '../../..')
+    Puppet::Pops::Loader::ModuleLoaders::FileBased.new(parent_loader,
+                                                       loaders,
+                                                       nil,
+                                                       puppet_lib,
+                                                       'puppet_system')
+  end
+
+  def self.module_loader_from(parent_loader, loaders, module_name, module_path)
+    Puppet::Pops::Loader::ModuleLoaders::FileBased.new(parent_loader,
+                                                       loaders,
+                                                       module_name,
+                                                       File.join(module_path, 'lib'),
+                                                       module_name)
+  end
+
   class AbstractPathBasedModuleLoader < Puppet::Pops::Loader::BaseLoader
 
     # The name of the module, or nil, if this is a global "component"
@@ -47,11 +69,6 @@ module Puppet::Pops::Loader::ModuleLoaders
     def initialize(parent_loader, loaders, module_name, path, loader_name)
       super parent_loader, loader_name
 
-      # Irrespective of the path referencing a directory or file, the path must exist.
-      unless Puppet::FileSystem.exist?(path)
-        raise ArgumentError, "The given path '#{path}' does not exist!"
-      end
-
       @module_name = module_name
       @path = path
       @smart_paths = Puppet::Pops::Loader::LoaderPaths::SmartPaths.new(self)
@@ -178,9 +195,6 @@ module Puppet::Pops::Loader::ModuleLoaders
     #
     def initialize(parent_loader, loaders, module_name, path, loader_name)
       super
-      unless Puppet::FileSystem.directory?(path)
-        raise ArgumentError, "The given module root path '#{path}' is not a directory (required for file system based module path entry)"
-      end
       @path_index = Set.new()
     end
 
diff --git a/lib/puppet/pops/loaders.rb b/lib/puppet/pops/loaders.rb
index ed113291a..f6a147fe1 100644
--- a/lib/puppet/pops/loaders.rb
+++ b/lib/puppet/pops/loaders.rb
@@ -64,16 +64,7 @@ class Puppet::Pops::Loaders
   private
 
   def create_puppet_system_loader()
-    module_name = nil
-    loader_name = 'puppet_system'
-
-    # Puppet system may be installed in a fixed location via RPM, installed as a Gem, via source etc.
-    # The only way to find this across the different ways puppet can be installed is
-    # to search up the path from this source file's __FILE__ location until it finds the parent of
-    # lib/puppet... e.g.. dirname(__FILE__)/../../..  (i.e. <somewhere>/lib/puppet/pops/loaders.rb).
-    #
-    puppet_lib = File.join(File.dirname(__FILE__), '../../..')
-    Puppet::Pops::Loader::ModuleLoaders::FileBased.new(static_loader, self, module_name, puppet_lib, loader_name)
+    Puppet::Pops::Loader::ModuleLoaders.system_loader_from(static_loader, self)
   end
 
   def create_environment_loader(environment)
@@ -121,7 +112,7 @@ class Puppet::Pops::Loaders
       # Create data about this module
       md = LoaderModuleData.new(puppet_module)
       mr[puppet_module.name] = md
-      md.public_loader = Puppet::Pops::Loader::ModuleLoaders::FileBased.new(parent_loader, self, md.name, md.path, md.name)
+      md.public_loader = Puppet::Pops::Loader::ModuleLoaders.module_loader_from(parent_loader, self, md.name, md.path)
     end
     # NOTE: Do not resolve all modules here - this is wasteful if only a subset of modules / functions are used
     #       The resolution is triggered by asking for a module's private loader, since this means there is interest
diff --git a/lib/puppet/provider/service/windows.rb b/lib/puppet/provider/service/windows.rb
index c084ffbc9..2eb55f38b 100644
--- a/lib/puppet/provider/service/windows.rb
+++ b/lib/puppet/provider/service/windows.rb
@@ -21,21 +21,21 @@ Puppet::Type.type(:service).provide :windows, :parent => :service do
   def enable
     w32ss = Win32::Service.configure( 'service_name' => @resource[:name], 'start_type' => Win32::Service::SERVICE_AUTO_START )
     raise Puppet::Error.new("Win32 service enable of #{@resource[:name]} failed" ) if( w32ss.nil? )
-  rescue Win32::Service::Error => detail
+  rescue => detail
     raise Puppet::Error.new("Cannot enable #{@resource[:name]}, error was: #{detail}", detail )
   end
 
   def disable
     w32ss = Win32::Service.configure( 'service_name' => @resource[:name], 'start_type' => Win32::Service::SERVICE_DISABLED )
     raise Puppet::Error.new("Win32 service disable of #{@resource[:name]} failed" ) if( w32ss.nil? )
-  rescue Win32::Service::Error => detail
+  rescue => detail
     raise Puppet::Error.new("Cannot disable #{@resource[:name]}, error was: #{detail}", detail )
   end
 
   def manual_start
     w32ss = Win32::Service.configure( 'service_name' => @resource[:name], 'start_type' => Win32::Service::SERVICE_DEMAND_START )
     raise Puppet::Error.new("Win32 service manual enable of #{@resource[:name]} failed" ) if( w32ss.nil? )
-  rescue Win32::Service::Error => detail
+  rescue => detail
     raise Puppet::Error.new("Cannot enable #{@resource[:name]} for manual start, error was: #{detail}", detail )
   end
 
@@ -55,7 +55,7 @@ Puppet::Type.type(:service).provide :windows, :parent => :service do
       else
         raise Puppet::Error.new("Unknown start type: #{w32ss.start_type}")
     end
-  rescue Win32::Service::Error => detail
+  rescue => detail
     raise Puppet::Error.new("Cannot get start type for #{@resource[:name]}, error was: #{detail}", detail )
   end
 
@@ -95,7 +95,7 @@ Puppet::Type.type(:service).provide :windows, :parent => :service do
     end
     debug("Service #{@resource[:name]} is #{w32ss.current_state}")
     return state
-  rescue Win32::Service::Error => detail
+  rescue => detail
     raise Puppet::Error.new("Cannot get status of #{@resource[:name]}, error was: #{detail}", detail )
   end
 
diff --git a/lib/puppet/resource.rb b/lib/puppet/resource.rb
index 7e7a6ab2c..a5419512b 100644
--- a/lib/puppet/resource.rb
+++ b/lib/puppet/resource.rb
@@ -551,10 +551,12 @@ class Puppet::Resource
   end
 
   def extract_type_and_title(argtype, argtitle)
-    if    (argtitle || argtype) =~ /^([^\[\]]+)\[(.+)\]$/m then [ $1,                 $2            ]
-    elsif argtitle                                         then [ argtype,            argtitle      ]
-    elsif argtype.is_a?(Puppet::Type)                      then [ argtype.class.name, argtype.title ]
-    elsif argtype.is_a?(Hash)                              then
+    if    (argtype.nil? || argtype == :component || argtype == :whit) &&
+           argtitle =~ /^([^\[\]]+)\[(.+)\]$/m                 then [ $1,                 $2            ]
+    elsif argtitle.nil? && argtype =~ /^([^\[\]]+)\[(.+)\]$/m  then [ $1,                 $2            ]
+    elsif argtitle                                             then [ argtype,            argtitle      ]
+    elsif argtype.is_a?(Puppet::Type)                          then [ argtype.class.name, argtype.title ]
+    elsif argtype.is_a?(Hash)                                  then
       raise ArgumentError, "Puppet::Resource.new does not take a hash as the first argument. "+
         "Did you mean (#{(argtype[:type] || argtype["type"]).inspect}, #{(argtype[:title] || argtype["title"]).inspect }) ?"
     else raise ArgumentError, "No title provided and #{argtype.inspect} is not a valid resource reference"
diff --git a/lib/puppet/settings.rb b/lib/puppet/settings.rb
index 3201b125f..499ee1502 100644
--- a/lib/puppet/settings.rb
+++ b/lib/puppet/settings.rb
@@ -887,8 +887,8 @@ class Puppet::Settings
     sections = nil if sections.empty?
 
     catalog = Puppet::Resource::Catalog.new("Settings", Puppet::Node::Environment::NONE)
-
     @config.keys.find_all { |key| @config[key].is_a?(FileSetting) }.each do |key|
+      next if (key == :manifestdir && should_skip_manifestdir?())
       file = @config[key]
       next unless (sections.nil? or sections.include?(file.section))
       next unless resource = file.to_resource
@@ -905,6 +905,13 @@ class Puppet::Settings
     catalog
   end
 
+  def should_skip_manifestdir?()
+    setting = @config[:environmentpath]
+    !(setting.nil? || setting.value.nil? || setting.value.empty?)
+  end
+
+  private :should_skip_manifestdir?
+
   # Convert our list of config settings into a configuration file.
   def to_config
     str = %{The configuration file for #{Puppet.run_mode.name}.  Note that this file
@@ -1130,11 +1137,13 @@ Generated on #{Time.now}.
     configured_environment = self[:environment]
     if configured_environment == "production" && envdir && Puppet::FileSystem.exist?(envdir)
       configured_environment_path = File.join(envdir, configured_environment)
-      catalog.add_resource(
-        Puppet::Resource.new(:file,
-                             configured_environment_path,
-                             :parameters => { :ensure => 'directory' })
-      )
+      if !Puppet::FileSystem.symlink?(configured_environment_path)
+        catalog.add_resource(
+          Puppet::Resource.new(:file,
+                               configured_environment_path,
+                               :parameters => { :ensure => 'directory' })
+        )
+      end
     end
   end
 
@@ -1232,6 +1241,7 @@ Generated on #{Time.now}.
   # @api public
   class ChainedValues
     ENVIRONMENT_SETTING = "environment".freeze
+    ENVIRONMENT_INTERPOLATION_ALLOWED = ['config_version'].freeze
 
     # @see Puppet::Settings.values
     # @api private
@@ -1280,7 +1290,7 @@ Generated on #{Time.now}.
         else
           # Convert it if necessary
           begin
-            val = convert(val)
+            val = convert(val, name)
           rescue InterpolationError => err
             # This happens because we don't have access to the param name when the
             # exception is originally raised, but we want it in the message
@@ -1296,27 +1306,45 @@ Generated on #{Time.now}.
 
     private
 
-    def convert(value)
+    def convert(value, setting_name)
       case value
       when nil
         nil
       when String
-        value.gsub(/\$(\w+)|\$\{(\w+)\}/) do |value|
+        failed_environment_interpolation = false
+        interpolated_value = value.gsub(/\$(\w+)|\$\{(\w+)\}/) do |expression|
           varname = $2 || $1
-          if varname == ENVIRONMENT_SETTING && @environment
-            @environment
-          elsif varname == "run_mode"
-            @mode
-          elsif !(pval = interpolate(varname.to_sym)).nil?
-            pval
+          interpolated_expression =
+          if varname != ENVIRONMENT_SETTING || ok_to_interpolate_environment(setting_name)
+            if varname == ENVIRONMENT_SETTING && @environment
+              @environment
+            elsif varname == "run_mode"
+              @mode
+            elsif !(pval = interpolate(varname.to_sym)).nil?
+              pval
+            else
+              raise InterpolationError, "Could not find value for #{expression}"
+            end
           else
-            raise InterpolationError, "Could not find value for #{value}"
+            failed_environment_interpolation = true
+            expression
           end
+          interpolated_expression
         end
+        if failed_environment_interpolation
+          Puppet.warning("You cannot interpolate $environment within '#{setting_name}' when using directory environments.  Its value will remain #{interpolated_value}.")
+        end
+        interpolated_value
       else
         value
       end
     end
+
+    def ok_to_interpolate_environment(setting_name)
+      return true if Puppet.settings.value(:environmentpath, nil, true).empty?
+
+      ENVIRONMENT_INTERPOLATION_ALLOWED.include?(setting_name.to_s)
+    end
   end
 
   class Values
diff --git a/lib/puppet/ssl/validator/default_validator.rb b/lib/puppet/ssl/validator/default_validator.rb
index 1f31499e2..674b3c224 100644
--- a/lib/puppet/ssl/validator/default_validator.rb
+++ b/lib/puppet/ssl/validator/default_validator.rb
@@ -11,6 +11,8 @@ class Puppet::SSL::Validator::DefaultValidator #< class Puppet::SSL::Validator
   attr_reader :verify_errors
   attr_reader :ssl_configuration
 
+  FIVE_MINUTES_AS_SECONDS = 5 * 60
+
   # Creates a new DefaultValidator, optionally with an SSL Configuration and SSL Host.
   #
   # @param ssl_configuration [Puppet::SSL::Configuration] (a default configuration) ssl_configuration the SSL configuration to use
@@ -52,7 +54,7 @@ class Puppet::SSL::Validator::DefaultValidator #< class Puppet::SSL::Validator
   # SSL_VERIFY_PEER flag is set. It must be supplied by the application and
   # receives two arguments: preverify_ok indicates, whether the verification of
   # the certificate in question was passed (preverify_ok=1) or not
-  # (preverify_ok=0). x509_ctx is a pointer to the complete context used for
+  # (preverify_ok=0). x509_store_ctx is a pointer to the complete context used for
   # the certificate chain verification.
   #
   # See {Puppet::Network::HTTP::Connection} for more information and where this
@@ -60,28 +62,47 @@ class Puppet::SSL::Validator::DefaultValidator #< class Puppet::SSL::Validator
   #
   # @param [Boolean] preverify_ok indicates whether the verification of the
   #   certificate in question was passed (preverify_ok=true)
-  # @param [OpenSSL::SSL::SSLContext] ssl_context holds the SSLContext for the
-  #   chain being verified.
+  # @param [OpenSSL::X509::StoreContext] store_context holds the X509 store context
+  #   for the chain being verified.
   #
   # @return [Boolean] false if the peer is invalid, true otherwise.
   #
   # @api private
   #
-  def call(preverify_ok, ssl_context)
-    # We must make a copy since the scope of the ssl_context will be lost
+  def call(preverify_ok, store_context)
+    # We must make a copy since the scope of the store_context will be lost
     # across invocations of this method.
-    current_cert = ssl_context.current_cert
-    @peer_certs << Puppet::SSL::Certificate.from_instance(current_cert)
-
     if preverify_ok
+      current_cert = store_context.current_cert
+      @peer_certs << Puppet::SSL::Certificate.from_instance(current_cert)
+
       # If we've copied all of the certs in the chain out of the SSL library
-      if @peer_certs.length == ssl_context.chain.length
+      if @peer_certs.length == store_context.chain.length
         # (#20027) The peer cert must be issued by a specific authority
         preverify_ok = valid_peer?
       end
     else
-      if ssl_context.error_string
-        @verify_errors << "#{ssl_context.error_string} for #{current_cert.subject}"
+      error = store_context.error || 0
+      error_string = store_context.error_string || "OpenSSL error #{error}"
+
+      case error
+      when OpenSSL::X509::V_ERR_CRL_NOT_YET_VALID
+        # current_crl can be nil
+        # https://github.com/ruby/ruby/blob/ruby_1_9_3/ext/openssl/ossl_x509store.c#L501-L510
+        crl = store_context.current_crl
+        if crl
+          if crl.last_update && crl.last_update < Time.now + FIVE_MINUTES_AS_SECONDS
+            Puppet.debug("Ignoring CRL not yet valid, current time #{Time.now.utc}, CRL last updated #{crl.last_update.utc}")
+            preverify_ok = true
+          else
+            @verify_errors << "#{error_string} for #{crl.issuer}"
+          end
+        else
+          @verify_errors << error_string
+        end
+      else
+        current_cert = store_context.current_cert
+        @verify_errors << "#{error_string} for #{current_cert.subject}"
       end
     end
     preverify_ok
diff --git a/lib/puppet/transaction.rb b/lib/puppet/transaction.rb
index 53118755e..77bceec88 100644
--- a/lib/puppet/transaction.rb
+++ b/lib/puppet/transaction.rb
@@ -105,6 +105,7 @@ class Puppet::Transaction
     overly_deferred_resource_handler = lambda do |resource|
       # We don't automatically assign unsuitable providers, so if there
       # is one, it must have been selected by the user.
+      return if missing_tags?(resource)
       if resource.provider
         resource.err "Provider #{resource.provider.class.name} is not functional on this host"
       else
diff --git a/lib/puppet/version.rb b/lib/puppet/version.rb
index 41fe9ed3c..08ed42f26 100644
--- a/lib/puppet/version.rb
+++ b/lib/puppet/version.rb
@@ -7,7 +7,7 @@
 
 
 module Puppet
-  PUPPETVERSION = '3.7.0'
+  PUPPETVERSION = '3.7.1'
 
   ##
   # version is a public API method intended to always provide a fast and