fqdn_rand.rb in bolt-0.17.2

- old
+ new

@@ -1,5 +1,6 @@
+require 'digest/md5'
 require 'digest/sha2'
 
 Puppet::Parser::Functions::newfunction(:fqdn_rand, :arity => -2, :type => :rvalue, :doc =>
   "Usage: `fqdn_rand(MAX, [SEED])`. MAX is required and must be a positive
   integer; SEED is optional and may be any number or string.
@@ -15,11 +16,21 @@
   have more than one such task and need several unrelated random numbers per
   node. (For example, `fqdn_rand(30)`, `fqdn_rand(30, 'expensive job 1')`, and
   `fqdn_rand(30, 'expensive job 2')` will produce totally different numbers.)") do |args|
     max = args.shift.to_i
  
-    # We are consciously not using different hash algs based on fips mode here
-    # since the randomness is not guaranteed to be predictable for a given node
-    # It just needs to be unique for a given node
-    seed = Digest::SHA256.hexdigest([self['::fqdn'],max,args].join(':')).hex
+    # Puppet 5.4's fqdn_rand function produces a different value than earlier versions
+    # for the same set of inputs.
+    # This causes problems because the values are often written into service configuration files.
+    # When they change, services get notified and restart.
+
+    # Restoring previous fqdn_rand behavior of calculating its seed value using MD5
+    # when running on a non-FIPS enabled platform and only using SHA256 on FIPS enabled
+    # platforms.
+    if Puppet::Util::Platform.fips_enabled?
+      seed = Digest::SHA256.hexdigest([self['::fqdn'],max,args].join(':')).hex
+    else
+      seed = Digest::MD5.hexdigest([self['::fqdn'],max,args].join(':')).hex
+    end
+
     Puppet::Util.deterministic_rand_int(seed,max)
 end