Private key and client certificate warning messages on a Masterless Puppet Environment

[alisboav]

Describe the Bug

On a Masterless Puppet Environment using the last version of puppet-agent, we get two warning messages about the fact that there is no private key or certificate, what is expected in this environment. The puppet-agent-7.16.0-1.el9.x86_64 is the most recent version that does not show the warning, from version puppet-agent-7.17.0-1.el9.x86_64 the warnings are displayed. Can you please take a look?

Expected Behavior

No warning messages on a Masterless Puppet Environment.

Steps to Reproduce

It's a bug with the file resource https://www.puppet.com/docs/puppet/5.5/types/file.html

# mkdir -p testing/filebug/manifests
# vi testing/filebug/manifests/init.pp
# cat testing/filebug/manifests/init.pp 
class filebug {

  $test_file = 'https://link.testfile.org/PDF10MB'

  file { '/tmp/test_file':
    ensure  => 'file',
    source  => $test_file,
  }
}
# puppet apply --modulepath=/root/testing -e "include filebug" 
Notice: Compiled catalog for testhost.cern.ch in environment production in 0.01 seconds
Warning: Private key for ‘testhost.cern.ch' does not exist
Warning: Client certificate for ‘testhost.cern.ch' does not exist
Notice: /Stage[main]/Filebug/File[/tmp/test_file]/ensure: defined content as '{mtime}2022-10-08 01:39:09 UTC'
Notice: Applied catalog in 4.88 seconds
# rpm -qa puppet-agent
puppet-agent-7.28.0-1.el9.x86_64

Environment

• puppet-agent-7.28.0-1.el9.x86_64
• RHEL8/9 and AlmaLinux8/9

[joshcooper]

The agent assumes its private key and client cert are available so that it can use them to establish a mTLS connection to the source. It should be more defensive in case we're running in masterless and don't have a client cert. There's a related but different issue https://puppet.atlassian.net/browse/PUP-11331

[github-actions[bot]]

Migrated issue to PUP-12037