Describe the Bug

Puppet agent runs on my Puppet server (and only there) now produce the following error:

Info: Redefining package in Puppet::Type
Error: Facter: error while resolving custom facts in /opt/puppetlabs/puppet/cache/lib/facter/package_provider.rb Attempt to redefine entity 'http://puppet.com/2016.1/runtime/type/package'. Originally set at file:///opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/type/package.rb?line=11.

Both the agent and the server were restarted today, one of these restarts triggered the error, which now occurs on every run.

More restarts and reboots have not made the error go away, but commenting out require 'puppet/type/package' in lib/facter/package_provider.rb does.

The error only occurs on Puppet agent runs, running 'puppet facts' is not affected.

Environment

• Debian Bullseye
• Puppetserver 7.9.1-1bullseye
• Puppet-agent 7.19.0-1bullseye
• Puppetlabs-stdlib 8.4.0

Broken link to contribution guide

https://github.com/puppetlabs/puppetlabs-stdlib/blob/main/CONTRIBUTING.md

contains a 404 link - https://puppetlabs.github.io/iac/docs/contributing_to_a_module.html

Hi,

Do you have an ETA of when the next version will be released? Still having the issue of fqdn_rotate causing changes on each run in Puppet 8 (fixed in #1341) and it's hard to find where actual changes are occurring.

Thanks
Ian

In stdlib 9.0 many functions were namespaced and non-namespaced deprecated shims were introduced to maintain compatibility with modules that haven't yet switched over to using the namespaced versions.

This largely works as intended, but (originally in #1365) it's been noted that the deprecation function will actually fail a catalog compile when strict is set to error, and that this is also the default in the upcoming Puppet 8.

This makes it very difficult for users to upgrade to stdlib 9 unless they're prepared to turn the strict setting back to off or warning (and there are many other good reasons for setting strict to error). Since lots of modules are now also being updated to use the namespaced versions (requiring stdlib 9.0), upgrading a single affected component module now means having to upgrade all modules that use stdlib functions.

Possible solutions include:

• Still leaving the shims documented as deprecated, but removing the calls to the deprecation function
• Adjusting deprecation so that it never raises an error

(This issue replaces #1365 where 2 separate issues were being discussed)

Describe the Bug

When using loadjson in a puppet manifest with small json files, the returning Data values come in as a StringIO instead of String value which Puppet 8 can't cast properly.

Expected Behavior

Return a hash of Strings.

Steps to Reproduce

Steps to reproduce the behavior:

1. Use loadjson as documented to pull in a json file that you want to convert to hash.
2. Run puppet agent and see the error.

Environment

• RedHat Enterprise Linux 8
• Puppet 8.3.0

Additional Context

I was able to fix this by editing the loadjson ruby code lines 56 and 63 changing from
JSON.parse(content) || args[1]
to
JSON.parse(content.string) || args[1]

Describe the Bug

I wanted to discuss the issue of puppet's strict mode and the deprecation function in the puppetlabs-stdlib module. This was discussed previously in:

#1365
#1373
https://tickets.puppetlabs.com/browse/PUP-11868

As described in those issues, the problem is that all deprecations become hard errors when "strict=error", which is the default in puppet8. In practice, this means you can't really use "strict=error" and need to relax the setting to "strict=warning".

Expected Behavior

I would expect the deprecation function to behave similarly to puppet when its Puppet.deprecation_warning method is called. That is, the strict setting should not control whether the deprecation warning is displayed or not. Instead, it should be controlled by the disable_warnings=deprecations setting, similar to how -Wno-deprecated-declarations can silence warnings in GCC.

From my perspective, the problem is that both puppet and stdlib are trying to decide how to handle deprecation warnings and the two approaches are not compatible. To understand the disconnect, suppose you call Puppet.deprecation_warning('message', 'key'). The warning is always displayed when strict is set to error, warning and off, respectively:

$ bundle exec ruby -rpuppet -e " \
  Puppet.initialize_settings; \
  Puppet::Util::Log.newdestination(:console); \
  Puppet[:strict] = 'error'; \
  Puppet.deprecation_warning('message', 'key')"
Warning: message
   (location: -e:1:in `<main>')

$ bundle exec ruby -rpuppet -e " \
  Puppet.initialize_settings; \
  Puppet::Util::Log.newdestination(:console); \
  Puppet[:strict] = 'warning'; \
  Puppet.deprecation_warning('message', 'key')"
Warning: message
   (location: -e:1:in `<main>')

$ bundle exec ruby -rpuppet -e " \
  Puppet.initialize_settings; \
  Puppet::Util::Log.newdestination(:console); \
  Puppet[:strict] = 'off'; \
  Puppet.deprecation_warning('message', 'key')"
Warning: message
   (location: -e:1:in `<main>')

In order to silence the deprecation, you can set disable_warnings=deprecations and this works even when strict=error:

$ bundle exec ruby -rpuppet -e " \
  Puppet.initialize_settings; \
  Puppet::Util::Log.newdestination(:console); \
  Puppet[:strict] = 'error'; \
  Puppet[:disable_warnings] = 'deprecations'; \
  Puppet.deprecation_warning('message', 'key')"
$ 

Steps to Reproduce:

I would expect the following to print a deprecation warning instead of failing compilation:

$ bundle exec puppet apply --strict=error puppet apply -e "deprecation('key', 'message')" 
Error: Evaluation Error: Error while evaluating a Function Call, deprecation. key. message at ["unknown", 1]:["unknown", 0] (line: 1, column: 1) on node localhost

I would expect the deprecation warning to be silenced and for compilation to succeed:

$ bundle exec puppet apply --strict=error --disable_warnings=deprecations puppet apply -e "deprecation('key', 'message')"
Error: Evaluation Error: Error while evaluating a Function Call, deprecation. key. message at ["unknown", 1]:["unknown", 0] (line: 1, column: 1) on node localhost

Proposal

1. If the deprecation function is called with use_strict_setting=true and strict != :off, then only raise if disable_warnings doesn't include deprecations.

OR

2. A bigger change would be to remove this line:

    raise("deprecation. #{key}. #{message}") if use_strict_setting && Puppet.settings[:strict] == :error

and always just call Puppet.deprecation_warning. It's possible that folks could be relying on the raise behavior? Though I think it's doubtful because strict=error wasn't actually usable prior to puppet8, see https://github.com/puppetlabs/puppet/wiki/Puppet-8-Compatibility#strict-mode

Describe the Bug

README description of Stdlib::Port:
Matches a valid TCP/UDP Port number.
Port 0 is reserved for both TCP and UDP and most implementations will reject it. It is now used when binding to tell the kernel to find an available port. Hence, configurations that are pedantic will want to disable it to avoid misconfiguration.

Expected Behavior

Either the description should say "any TCP/UDP port" and there is a type to represent valid port numbers (Interger[1, 65535]) or the lower bound is changed from 0 to 1. The latter change should apply to any derived type too.

Additional Context

Technically (by the original RFC), port 0 was reserved, but the behavior it now has when calling bind makes allowing the value slightly dangerous: https://www.rfc-editor.org/rfc/rfc1340#page-7

Since the release of the Modern Puppet function format several of the functions and all new ones to be added have been written in it, however the vast majority of the original functions remain in the Legacy format.

While they are still functional and will not currently cause any errors in their use, they are still outdated and using a format that has been fazed out, potential causing potential problems down the line.

As such it would be best to update them now before any issues can arise.

Environment

• Puppet: 7.9.5
• Ruby: ruby 2.7.7p221 (2022-11-24 revision 168ec2b1e5) [x86_64-linux]
• Distribution: Ubuntu 20.04 LTS

Additional Context

Please advice, in our code we use next block:

  unless is_email_address($admin_email) {
    fail('Invalid admin email address!')
  }

I can see that it was removed in v9.0.0 as "deprecated" function (f5c2710)

In comments to that PR:
"This PR remove a bunch of legacy functions that are now part of Puppet or which where added to stdlib to allow parameters validation prior to Puppet 4 introduction of data types."

But when checking Puppet 8 documentation i cannot find anything that can replace this function:
https://www.puppet.com/docs/puppet/8/lang_functions.html
https://www.puppet.com/docs/puppet/8/function.html

In theory this function was useful and was doing it's job, to make sure that email that is passed is valid. And there seems to be no substitution for it as of now.

Main reason why

We had an issue when every time we would execute "puppet agent -t" there would be applied "corrective" actions related to PPA.
We did search and saw that to get it fixed we need to update module "puppetlabs-apt".
and we decided to upgrade to latest version at that time:
mod 'puppetlabs-apt', '9.2.0'

But 'puppetlabs-apt', '9.2.0' depends on version puppetlabs-stdlib (>= 9.0.0 < 10.0.0).

So i would keep getting error:

Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Unknown function: 'is_email_address'. (file: /etc/puppetlabs/code/environments/xxx/site/profile/manifests/reverseproxy.pp, line: 40, column: 10) on node grafana

For now we upgraded to mod 'puppetlabs-apt', '9.0.1' which is still supporting older version:
puppetlabs/stdlib (>= 4.16.0 < 9.0.0)

Based on discussions with Jeff - a few things need to be done here:

• load_yaml, load_json becomes parseyaml & parsejson to distinguish between file load functions and string parsing functions
• remove validate_resource - this is not ready
• rename is_valid_* functions and drop the 'valid' part to be clear about what is to 'validate' and what returns a boolean

Describe the Bug

We use pw_hash to generate password for user creation. When we use it directly in puppet, the user is created with a correct password.
We have create an exported ressource user and when we retrieve it, we get a base64 as password on the system.

Expected Behavior

When using pw_hash in an exported ressource, we must retrieve a correct hash and not a base64 entry from the puppetdb.

Steps to Reproduce

Steps to reproduce the behavior:
Use this code:
@@user { $newuser: ensure => present, home => "/home/${newuser}", managehome => true, password => pw_hash('password', 'SHA-512', 'salt'), tag => 'mytag', }
And get the result with:
User <<| tag == 'mytag' |>>

And then look your /etc/shadow

Environment

• Version 8.5
• Platform Centos 7

Additional Context

I found that there is a problem if an exported ressource is encoded in 8bit ASCII: voxpupuli/hiera-eyaml#273

pw_hash use crypt and on the FAQ of this function (http://crypt.finalstep.com.au/faq.html):

_Does this work for unicode?

Yes it does, but you have to take care of setting the desired encoding. When you provide a unicode string, it is automatically converted into 8-bit ascii for purposes of encryption (we need to deal with bytes). But when you decrypt, you will get an 8-bit ascii string and if you want unicode, you will need to force the encoding like this:

decrypted = decrypted.force_encoding("UTF-8")_

It may be a simple encoding problem.

The puppetlabs-stdlib module should define a default spool directory for use with the file fragment pattern.

This is a ticket to track the following:

• Find out what broke spec tests in main
• Fix spec tests

Describe the Bug

Ruby 3.2 (used by Puppet-Agent 8) has removed the deprecated methods {File,Dir}.exists?: https://github.com/puppetlabs/puppet/wiki/Puppet-8-Compatibility

Currently File.exists? is still used by three parser functions: loadyaml, loadjson and load_module_metadata.
Using one of these functions with Puppet 8 will probably not work as expected.

Expected Behavior

The functions should work when Puppet 8 is installed.

Environment

• 8.0.0
• Debian-11

Use Case

• Stdlib::Compat::Ipv4 considers 192.168.0.1 and 192.168.0.0/24 to be valid
• Stdlib::Compat::Ipv6 however only accepts single addresses like 2001:db8:1:2::3, but not a network like 2001:db8:1:2::/64

The Apache module uses Stdlib::Compat::Ipv4 and Stdlib::Compat::Ipv6 to validate IP addresses before including them into the mod_remoteip trusted proxy list. Therefore adding an entire IPv4 network works fine, but an IPv6 network does not. Both are valid settings for mod_remoteip itself.

Describe the Solution You Would Like

The current behavior does not make sense to me, because the IPv6 space is much larger and therefore one would benefit much more from the possibility to use entire IPv6 networks as opposed to IPv4.
I'll submit a PR later that will add support for /xxx at the end of an IPv6 address and would be really delighted to see it included.

Describe Alternatives You've Considered

1. Add all possible addresses individually - this would work if it's just a few, but even adding an entire /112 network is obviously out of the question, let alone larger networks
2. Ask/modify the Apache module to use a different validation method. Doesn't seem sensible to me - why write an own validation method if stdlib provides one that just needs to be tweaked?

The recent release of stdlib 9 namespaced a lot of functions.
However, namespacing ensure_packages breaks a lot of existing puppet forge modules.

Other namespaced functions like merge and the dropped has_keys have good alternatives.
I don't think ensure_packages does. So I don't think its a good idea to namespace it if the non namespaced version generates
an error.

So I think it would be better to namespace it, but leave the non namespaced version alone or at worst make it a warning.
Possibly the same reasoning applies to ensure_resources. But that doesn't seem to be as much of a problem.

As far as I can tell, in version 8.6.0 the has_key function was documented as being deprecated, but didnt
produce a deprecated warning.
But its been removed in version 9+.

So its gone from working silently to missing with no runtime notification to users.
I think it would be better to add a shim with a warning for the moment, so modules have a chance to convert to the "in" operator.

Describe the Bug

Some domains aren't recognized as valid by validate_email_address

Expected Behavior

Every valid email should be recognized as such.

Steps to Reproduce

Steps to reproduce the behavior:

Use validate_email_address('[email protected]')

Environment

• Version: puppet 7.x
• Platform: independent

Additional Context

• A colleague discovered this.
• the problem is that a dash -sign is recognized in a subdomain, but not in the domain. Example '[email protected]' but '[email protected]'
• Likely the email Type in Stdlib, is better, would be possible to either use that in validate_email_address or deprecate the function as outdated, so that one looks elsewhere?

Describe the Bug

With stdlib 8.2.0, when using the to_toml function, introduced in 8.1.0, I get the following error message:

Internal Server Error: org.jruby.exceptions.LoadError: (LoadError) no such file to load -- puppet_x/stdlib

looking up the trace in puppetserver, I ended up on this line where the problem would be. Googling a potential solution, I found that @mrbanzai solved the issue on a fork of stdlib and it works for me as well.

If the proposed fix is considered okay, could we upstream that fix perhaps?

Expected Behavior

With the fix applied, the catalog just applies and TOML is properly formatted.

Steps to Reproduce

Steps to reproduce the behavior:

1. Use to_toml while on stdlib 8.2.0

Environment

• Version: 8.2.0
• Platform: Ubuntu 20.04
• Puppetserver: 7.4.2

The package_provider.rb facts can be optimized simply by moving the require lines into the setcode block. This reduces stand-alone puppet runs by 0.5s on modern systems. (On puppet-agent runs, no such savings are observed, probably because the libraries are already required by the puppet agent itself. Apparently, the facter command evaluates the outer and inner blocks in different contexts.

Interestingly, moving the corresponding lines in service_provider.rb has no measurable performance benefit.

Current version

# bench 3 "facter -p >/dev/null"
Run 1
Run 2
Run 3
1665392723.165300291
1665392730.070952629
2.3018

With recommended change

# bench 3 "facter -p >/dev/null"
Run 1
Run 2
Run 3
1665392652.861524963
1665392661.744424272
2.9609

Describe the Bug

in stdblib 8.6.0 i could do something like this:

  user { 'bcrypt_user':
    ensure   => present,
    password => pw_hash('password', 'bcrypt-a', '10$ABCDE.bcrypt.fixedsalt'),
  }

in stdlib 9.3.0 i get this:

Info: Loading facts
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Method call, Invalid salt value: $2a$10$ABCDE.bcrypt.fixedsalt (file: /etc/puppetlabs/code/environments/production/manifests/site.pp, line: 28, column: 45) on node puppet.example.com
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run

https://github.com/puppetlabs/puppetlabs-stdlib/blob/main/lib/puppet/parser/functions/pw_hash.rb
when i change this block, it works again

9.3.0 not working

  # handle weak implementations of String#crypt
  # dup the string to get rid of frozen status for testing
  if RUBY_PLATFORM == 'java'
    # puppetserver bundles Apache Commons Codec
    org.apache.commons.codec.digest.Crypt.crypt(password.to_java_bytes, salt)
  elsif (+'test').crypt('$1$1') == '$1$1$Bp8CU9Oujr9SSEw53WV6G.'
    password.crypt(salt)
  else
    # JRuby < 1.7.17
    # MS Windows and other systems that don't support enhanced salts
    raise Puppet::ParseError, 'system does not support enhanced salts'
  end

8.6.0 working

  # handle weak implementations of String#crypt
  # dup the string to get rid of frozen status for testing
  if ('test'.dup).crypt('$1$1') != '$1$1$Bp8CU9Oujr9SSEw53WV6G.'
    # JRuby < 1.7.17
    # MS Windows and other systems that don't support enhanced salts
    raise Puppet::ParseError, 'system does not support enhanced salts' unless RUBY_PLATFORM == 'java'
    # puppetserver bundles Apache Commons Codec
    org.apache.commons.codec.digest.Crypt.crypt(password.to_java_bytes, salt)
  else
    password.crypt(salt)
  end

Describe the Bug

Passing undef as the second argument to fqdn_rand_string results in a compilation error. This worked (unintentionally or not) in previous versions of stdlib.

Expected Behavior

Function returns a random string (as it did in 8.x)

Steps to Reproduce

Steps to reproduce the behavior:

1. Install stdlib 9.0.0

[root@40776c2909e5 /]# puppet module install puppetlabs-stdlib -v 9.0.0
Notice: Preparing to install into /etc/puppetlabs/code/environments/production/modules ...
Notice: Downloading from https://forgeapi.puppet.com ...
Notice: Installing -- do not interrupt ...
/etc/puppetlabs/code/environments/production/modules
└── puppetlabs-stdlib (v9.0.0)

2. Call fqnd_rand_string with undef as the second argument

[root@40776c2909e5 /]# puppet apply -e 'notify { fqdn_rand_string(10, undef, "custom seed"): }'
Warning: This function is deprecated, please use stdlib::fqdn_rand_string instead. at ["unknown", 1]:["unknown", 0]
   (location: /etc/puppetlabs/code/environments/production/modules/stdlib/lib/puppet/functions/deprecation.rb:35:in `deprecation')
Error: Evaluation Error: Error while evaluating a Function Call, 'stdlib::fqdn_rand_string' parameter 'charset' expects a String value, got Undef (line: 1, column: 10) on node 40776c2909e5

Environment

• Version: 9.0.0
• Platform: Rocky Linux 8 (shown here for example, others verified via rspec)

Additional Context

This code worked as recently as stdlib 8.6.0.

[root@865c93eff098 /]# puppet module install puppetlabs-stdlib -v 8.6.0
Notice: Preparing to install into /etc/puppetlabs/code/environments/production/modules ...
Notice: Downloading from https://forgeapi.puppet.com ...
Notice: Installing -- do not interrupt ...
/etc/puppetlabs/code/environments/production/modules
└── puppetlabs-stdlib (v8.6.0)
[root@865c93eff098 /]# puppet apply -e 'notify { fqdn_rand_string(10, undef, "custom seed"): }'
Notice: Compiled catalog for 865c93eff098 in environment production in 0.02 seconds
Notice: OhaNI3TjnN
Notice: /Stage[main]/Main/Notify[OhaNI3TjnN]/message: defined 'message' as 'OhaNI3TjnN'
Notice: Applied catalog in 0.00 seconds

Commit e2d8b18 broke the fqdn_rotate function as it no longer takes in only the fqdn as seed, instead it now takes in all the facts, which can change frequently.

There is already a PR open that would resolve this: #1341
If this PR would take too long to merge, please consider reverting the mentioned commit.

IMO, only core puppet functions should not have namespaces, and all stdlib functions should start stdlib::.

I'd like to suggest that all current 'modern' (non 3.x style) functions get converted to namespaced versions with a non-namespaced deprecated shim replacing the original file in the same way as is done here.

This was also the approach we took in [extlib](https://github.com/voxpupuli/puppet-extlib/pull/120) and [postgresql](https://github.com/puppetlabs/puppetlabs-postgresql/commit/700d2c5bb54b7ea91d518de96e2c7a22318d0afa).

In a future major release we could drop the shims similar to how we did in [extlib 5.0.0](https://github.com/voxpupuli/puppet-extlib/pull/153)

Describe the Bug

Specifying a variable as type Stdlib::Fqdn allows ipv4 addresses. This issue is compounded when using Stdlib::Host as with the inclusion of Fqdn it allows truncated ipv4 addresses such as 10.10.10.10.10.

Expected Behavior

IPv4 addresses should be validated when using Stdlib::Host and not accepted within the Stdlib:Fqdn type

Steps to Reproduce

Steps to reproduce the behavior:

1. Create a variable with type Stdlib::Fqdn

2. Submit valid or truncated ipv4 address, which passes (the regex)

3. Create a variable with type Stdlib::Host

4. Submit a truncated ipv4 address, which passes (the regex)

Environment

• stdlib v8.4.0
• Puppet 6x

Additional Context

Unsure if this is a flaw in catering for numerical fqdn's, and how it can be addressed. TL:DR is that using Stdlib::Host does not ensure ipv4 addresses are valid

Describe the Bug

Stdlib::Fqdn does not support leading _ characters in hostnames. These are valid for most if not all SRV record for a domain.

eg: '_kerberos'

Expected Behavior

The leading _ should be allowed.

Steps to Reproduce

Create a type using Stdlib::Fqdn and pass a value that begins with _ (ie: _kerberos)

Environment

• Stdlib 9.4

Additional Context

None applicable

This is largely based on a discussion on the internal tech mailing list.

There is a need to make modules easy for end users to establish relationships to.

For example:

class { 'ntp': } -> class { 'mcollective': }

OR

class { 'mcollective': } -> class { 'ntp': }

If the ntp or mcollective classes are compositions of other classes, such as {ntp,mcollective}::{package,config,service}, then the composed classes must be somehow contained within the ntp or mcollective class.

We can work around this in 2.6.x today using resources as anchors:

class ntp {
  class { 'ntp::package': }
  -> class { 'ntp::config': }
  -> class { 'ntp::service': }
  # These two resources "anchor" the composed classes
  # such that the end user may use "require" and "before"
  # relationships with Class['ntp']
  notify { 'ntp::begin': } -> class { 'ntp::package': }
  class { 'ntp::service': } -> notify { 'ntp::end': }
}

A resource similar to a Whit should be added to the standard library to provide these anchor points. The resource should do nothing and always be in sync.

Describe the Bug

With puppet 8

# --- Caused by: ---
      # Puppet::ParseError:
      #   Puppet: This function is not available in Puppet 8. URI.escape no longer exists as of Ruby 3+.
      #   ./spec/fixtures/modules/stdlib/lib/puppet/parser/functions/uriescape.rb:23:in `block in <module:Functions>'

Environment

• Puppet 8

I don't see any alternative function to use ?

Use Case

My request is to introduce another parameter, that ensures that there is only one occurrence of a line that can be matched by the pattern and deletes the rest.
file_line with multiple = true will replace all lines, but doesn't do a cleanup.

Describe the Solution You Would Like

A new attribite for file_line called "unique".
The attribute unique could have several values to control its behaviour, for example
first … changes the first occurrence, all matches after the first
last … deletes all ocurrences but the last, the last one is updated

Describe Alternatives You've Considered

Nothing

Additional Context

Because config files have been managed by hand until now, inconsistencies and errors the parameter naming (small vs. capital letters, type-errors, double entries) happened all over the place, so that we need a strict way of enforcing the profiles correctness.

Reading this code it looks like it takes windows into account.

# frozen_string_literal: true

Facter.add(:root_home) do
  setcode do
    require 'etc'
  rescue LoadError
  # Unavailable on platforms like Windows
  else
    Etc.getpwnam('root').dir
  end
end

But I always get this error, whilst running on windows.

Error: Facter: Error while resolving custom fact fact='root_home', resolution='<anonymous>': undefined method `dir' for nil:NilClass

Use Case

supported puppet modules use sometimes the ensure_package function, which leads to a duplicate declaration error if you have it already defined in another manifest which gets included during the catalog build.

Describe the Solution You Would Like

the function ensure_package could check, as it does already for the packages puppet and facter, if it is somewhere defined in the current build catalog, to allow the defined resources from the manifest to be used instead of the ensure_package function.

Describe Alternatives You've Considered

I have thought about patching the upstream puppetlabs-apt module by adding a if condition with something like if ! (defined(Package['<packagename>']) { but that would mean on each update of the modules I would need to take care of getting back my change.
Another solution could be, that I place an if condition in front of the include command based on the puppet role which is used.
Both are not a really nice to have, but would work.

Additional Context

Found it while using the puppetlabs-apt module which uses ensure_package(['gnupg']), also I have a package resource which is already defined in an existing manifest. As soon both are used for the same catalog build, it runs into a duplicate declaration error.

puppetlabs-apt: v8.4.1
puppetlabs-stdlib: v8.2.0

  package { 'gnupg':
    ensure  => installed,
    require => Exec['apt_update'],
  }

Error:

Evaluation Error: Error while evaluating a Resource Statement, Evaluation Error: Error while evaluating a Resource Statement, Duplicate declaration: Package[gnupg] is already declared at (file: /data/puppet/environments/production/modules/apt/manifests/init.pp, line: 365); cannot redeclare (file: /data/puppet/environments/production/modules/defaults/manifests/packages/gnupg.pp, line: 6) (file: /data/puppet/environments/production/modules/defaults/manifests/packages/gnupg.pp, line: 6, column: 3) on node puppettest1.internal.testdomain

With this extension of ensure_package, puppet would make sure that the defined attributes on the package resource are getting used instead of "just" an ensure => present/installed as things like that are sometimes required.

Describe the Bug

As originally discussed in #1365 the behaviour of ensure_packages is subtly different depending on whether the namespaced or non-namespaced version is called.

Expected Behavior

Package resources created by the function should be identically 'contained' whether they were created via the namespaced or non-namespaced function shim.

Additional Context

This issue supercedes #1365 where 2 separate issues are discussed and conflated.
A fix for this specific issue has been submitted in #1366

i just noticed that #1192 seems to be missing. I don't see anything removing it and also don't see the commit in the history. Wondering if I'm missing something, if i need to submit again or if it was removed because of some other issues thanks

Describe the Bug

The two functions has_interface_with and fqdn_rotate do not work correctly when running the Puppet Agent with the --no-include_legacy_facts option that seems to be the default in Puppet 8.

• has_interface_with uses lookupvar(interfaces) which is no longer available
• fqdn_rotate calls lookupvar(::fqdn) which is also no longer available

Expected Behavior

Both functions should work as before.

Environment

• Version 7.24.0 with option --no_include_legacy_facts
• Platform Debian-11

Dear Puppetlabs Team,

Hope you are doing well and thank you for your continuous support making puppet better. It is always much appreciated.

Describe the Bug

Trying to update puppetlabs-stdlib, update fails with

Error: Could not upgrade module 'puppetlabs-stdlib' (v7.1.0 -> latest)
  Downgrading is not allowed.

Expected Behavior

Should update to the latest version

Steps to Reproduce

Steps to reproduce the behavior:

root@puppet:/etc/puppetlabs/code/environments/production/manifests# puppet module upgrade puppetlabs-stdlib
Notice: Preparing to upgrade 'puppetlabs-stdlib' ...
Notice: Found 'puppetlabs-stdlib' (v7.1.0) in /etc/puppetlabs/code/environments/production/modules ...
Notice: Downloading from https://forgeapi.puppet.com ...
Error: Could not upgrade module 'puppetlabs-stdlib' (v7.1.0 -> latest)
  Downgrading is not allowed.

Environment

Puppet

puppet --version
6.25.1

uname -a
Linux puppet 4.19.0-21-cloud-amd64 #1 SMP Debian 4.19.249-2 (2022-06-30) x86_64 GNU/Linux