bolt 0.23.0 → 0.24.0

data/vendored/puppet/lib/puppet/util.rb

@@ -22,13 +22,12 @@ module Util
   require 'puppet/util/posix'
   extend Puppet::Util::POSIX
 
-  # Can't use Puppet.features.microsoft_windows? as it may be mocked out in a test.  This can cause test recurring test failures
   require 'puppet/util/windows/process' if Puppet::Util::Platform.windows?
 
   extend Puppet::Util::SymbolicFileMode
 
   def default_env
-    Puppet.features.microsoft_windows? ?
+    Puppet::Util::Platform.windows? ?
       :windows :
       :posix
   end
@@ -272,7 +271,7 @@ module Util
             raise
           end
         else
-          if Puppet.features.microsoft_windows? && File.extname(dest).empty?
+          if Puppet::Util::Platform.windows? && File.extname(dest).empty?
             exts.each do |ext|
               destext = File.expand_path(dest + ext)
               return destext if FileTest.file? destext and FileTest.executable? destext
@@ -322,7 +321,7 @@ module Util
 
     params = { :scheme => 'file' }
 
-    if Puppet.features.microsoft_windows?
+    if Puppet::Util::Platform.windows?
       path = path.gsub(/\\/, '/')
 
       if unc = /^\/\/([^\/]+)(\/.+)/.match(path)
@@ -356,7 +355,7 @@ module Util
     # URI.unescape does, but returns strings in their original encoding
     path = URI.unescape(uri.path.encode(Encoding::UTF_8))
 
-    if Puppet.features.microsoft_windows? and uri.scheme == 'file'
+    if Puppet::Util::Platform.windows? && uri.scheme == 'file'
       if uri.host
         path = "//#{uri.host}" + path # UNC
       else
@@ -570,7 +569,7 @@ module Util
 
       mode = symbolic_mode_to_int(normalize_symbolic_mode(default_mode))
     else
-      if Puppet.features.microsoft_windows?
+      if Puppet::Util::Platform.windows?
         mode = DEFAULT_WINDOWS_MODE
       else
         mode = DEFAULT_POSIX_MODE
@@ -583,9 +582,9 @@ module Util
       tempfile = Puppet::FileSystem::Uniquefile.new(Puppet::FileSystem.basename_string(file), Puppet::FileSystem.dir_string(file))
 
       effective_mode =
-      if !Puppet.features.microsoft_windows?
+      if !Puppet::Util::Platform.windows?
         # Grab the current file mode, and fall back to the defaults.
-        
+
         if Puppet::FileSystem.exist?(file)
           stat = Puppet::FileSystem.lstat(file)
           tempfile.chown(stat.uid, stat.gid)
@@ -620,7 +619,7 @@ module Util
 
       tempfile.close
 
-      if Puppet.features.microsoft_windows?
+      if Puppet::Util::Platform.windows?
         # Windows ReplaceFile needs a file to exist, so touch handles this
         if !Puppet::FileSystem.exist?(file)
           Puppet::FileSystem.touch(file)

data/vendored/puppet/lib/puppet/util/execution.rb

@@ -184,7 +184,7 @@ module Puppet::Util::Execution
       Puppet.debug "Executing#{user_log_s}: '#{command_str}'"
     end
 
-    null_file = Puppet.features.microsoft_windows? ? 'NUL' : '/dev/null'
+    null_file = Puppet::Util::Platform.windows? ? 'NUL' : '/dev/null'
 
     begin
       stdin = Puppet::FileSystem.open(options[:stdinfile] || null_file, nil, 'r')
@@ -264,7 +264,7 @@ module Puppet::Util::Execution
 
           raise e
         end
-      elsif Puppet.features.microsoft_windows?
+      elsif Puppet::Util::Platform.windows?
         process_info = execute_windows(*exec_args)
         begin
           [stdin, stderr].each {|io| io.close rescue nil}
@@ -290,7 +290,7 @@ module Puppet::Util::Execution
       if !options[:squelch]
         # if we opened a pipe, we need to clean it up.
         reader.close if reader
-        stdout.close! if Puppet.features.microsoft_windows?
+        stdout.close! if Puppet::Util::Platform.windows?
       end
     end
 

data/vendored/puppet/lib/puppet/util/feature.rb

@@ -3,40 +3,56 @@ require 'puppet'
 class Puppet::Util::Feature
   attr_reader :path
 
-  # Create a new feature test.  You have to pass the feature name,
-  # and it must be unique.  You can either provide a block that
-  # will get executed immediately to determine if the feature
-  # is present, or you can pass an option to determine it.
-  # Currently, the only supported option is 'libs' (must be
-  # passed as a symbol), which will make sure that each lib loads
-  # successfully.
-  def add(name, options = {})
+  # Create a new feature test. You have to pass the feature name, and it must be
+  # unique. You can pass a block to determine if the feature is present:
+  #
+  #     Puppet.features.add(:myfeature) do
+  #       # return true or false if feature is available
+  #       # return nil if feature may become available later
+  #     end
+  #
+  # The block should return true if the feature is available, false if it is
+  # not, or nil if the state is unknown. True and false values will be cached. A
+  # nil value will not be cached, and should be used if the feature may become
+  # true in the future.
+  #
+  # Features are often used to detect if a ruby library is installed. To support
+  # that common case, you can pass one or more ruby libraries, and the feature
+  # will be true if all of the libraries load successfully:
+  #
+  #     Puppet.features.add(:myfeature, libs: 'mylib')
+  #     Puppet.features.add(:myfeature, libs: ['mylib', 'myotherlib'])
+  #
+  # If the ruby library is not installed, then the failure is not cached, as
+  # it's assumed puppet may install the gem during catalog application.
+  #
+  # If a feature is defined using `:libs` and a block, then the block is
+  # used and the `:libs` are ignored.
+  #
+  # Puppet evaluates the feature test when the `Puppet.features.myfeature?`
+  # method is called. If the feature test was defined using a block and the
+  # block returns nil, then the feature test will be re-evaluated the next time
+  # `Puppet.features.myfeature?` is called.
+  #
+  # @param [Symbol] name The unique feature name
+  # @param [Hash<Symbol,Array<String>>] options The libraries to load
+  def add(name, options = {}, &block)
     method = name.to_s + "?"
     @results.delete(name)
 
-    if block_given?
-      begin
-        result = yield
-      rescue StandardError,ScriptError => detail
-        warn _("Failed to load feature test for %{name}: %{detail}") % { name: name, detail: detail }
-        result = false
-      end
-      @results[name] = result
-    end
-
     meta_def(method) do
       # we return a cached result if:
-      #  * if a block is given (and we just evaluated it above)
-      #  * if we already have a positive result
-      #  * if we've tested this feature before and it failed, but we're
-      #    configured to always cache
-      if block_given?     ||
-          @results[name]  ||
-          (@results.has_key?(name) && (!Puppet[:always_retry_plugins]))
-        @results[name]
+      #  * if we've tested this feature before
+      #  AND
+      #    * the result was true/false
+      #    OR
+      #    * we're configured to never retry
+      if @results.has_key?(name) &&
+         (!@results[name].nil? || !Puppet[:always_retry_plugins])
+        !!@results[name]
       else
-        @results[name] = test(name, options)
-        @results[name]
+        @results[name] = test(name, options, &block)
+        !!@results[name]
       end
     end
   end
@@ -64,16 +80,22 @@ class Puppet::Util::Feature
   # Actually test whether the feature is present.  We only want to test when
   # someone asks for the feature, so we don't unnecessarily load
   # files.
-  def test(name, options)
-    return true unless ary = options[:libs]
-    ary = [ary] unless ary.is_a?(Array)
-
-    ary.each do |lib|
-      return false unless load_library(lib, name)
+  def test(name, options, &block)
+    if block_given?
+      begin
+        result = yield
+      rescue StandardError,ScriptError => detail
+        warn _("Failed to load feature test for %{name}: %{detail}") % { name: name, detail: detail }
+        result = nil
+      end
+      @results[name] = result
+      result
+    elsif libs = options[:libs]
+      libs = [libs] unless libs.is_a?(Array)
+      libs.all? { |lib| load_library(lib, name) } ? true : nil
+    else
+      true
     end
-
-    # We loaded all of the required libraries
-    true
   end
 
   private
@@ -86,10 +108,10 @@ class Puppet::Util::Feature
 
     begin
       require lib
+      true
     rescue ScriptError => detail
       Puppet.debug _("Failed to load library '%{lib}' for feature '%{name}': %{detail}") % { lib: lib, name: name, detail: detail }
-      return false
+      false
     end
-    true
   end
 end

data/vendored/puppet/lib/puppet/util/log/destinations.rb

@@ -219,7 +219,7 @@ Puppet::Util::Log.newdesttype :eventlog do
   Puppet::Util::Log::DestEventlog::EVENTLOG_CHARACTER_LIMIT  = 31838
 
   def self.suitable?(obj)
-    Puppet.features.microsoft_windows?
+    Puppet::Util::Platform.windows?
   end
 
   def initialize

data/vendored/puppet/lib/puppet/util/rdoc.rb

@@ -30,7 +30,7 @@ module Puppet::Util::RDoc
     # replacing Ruby's normal / with \.  When RDoc generates relative paths it
     # uses relative_path_from that will generate errors when the slashes don't
     # properly match.  This is a workaround for that issue.
-    if Puppet.features.microsoft_windows? && RDoc::VERSION !~ /^[0-3]\./
+    if Puppet::Util::Platform.windows? && RDoc::VERSION !~ /^[0-3]\./
       options += [ "--root", Dir.pwd.gsub(/\\/, '/')]
     end
     options += files

data/vendored/puppet/lib/puppet/util/run_mode.rb

@@ -11,7 +11,7 @@ module Puppet
 
       def self.[](name)
         @run_modes ||= {}
-        if Puppet.features.microsoft_windows?
+        if Puppet::Util::Platform.windows?
           @run_modes[name] ||= WindowsRunMode.new(name)
         else
           @run_modes[name] ||= UnixRunMode.new(name)

data/vendored/puppet/lib/puppet/util/storage.rb

@@ -55,7 +55,7 @@ class Puppet::Util::Storage
     end
     Puppet::Util.benchmark(:debug, "Loaded state in %{seconds} seconds") do
       begin
-        @@state = Puppet::Util::Yaml.load_file(filename)
+        @@state = Puppet::Util::Yaml.safe_load_file(filename, [Symbol, Time])
       rescue Puppet::Util::Yaml::YamlLoadError => detail
         Puppet.err _("Checksumfile %{filename} is corrupt (%{detail}); replacing") % { filename: filename, detail: detail }
 

data/vendored/puppet/lib/puppet/util/suidmanager.rb

@@ -47,10 +47,12 @@ module Puppet::Util::SUIDManager
   module_function :groups=
 
   def self.root?
-    return Process.uid == 0 unless Puppet.features.microsoft_windows?
-
-    require 'puppet/util/windows/user'
-    Puppet::Util::Windows::User.admin?
+    if Puppet::Util::Platform.windows?
+      require 'puppet/util/windows/user'
+      Puppet::Util::Windows::User.admin?
+    else
+      Process.uid == 0
+    end
   end
 
   # Methods to handle changing uid/gid of the running process. In general,
@@ -61,7 +63,7 @@ module Puppet::Util::SUIDManager
   # If running on Windows or without root, the block will be run with the
   # current euid/egid.
   def asuser(new_uid=nil, new_gid=nil)
-    return yield if Puppet.features.microsoft_windows?
+    return yield if Puppet::Util::Platform.windows?
     return yield unless root?
     return yield unless new_uid or new_gid
 

data/vendored/puppet/lib/puppet/util/tag_set.rb

@@ -5,7 +5,7 @@ class Puppet::Util::TagSet < Set
   include Puppet::Network::FormatSupport
 
   def self.from_yaml(yaml)
-    self.new(YAML.load(yaml))
+    self.new(Puppet::Util::Yaml.safe_load(yaml, [Symbol]))
   end
 
   def to_yaml

data/vendored/puppet/lib/puppet/util/tagging.rb

@@ -10,7 +10,7 @@ module Puppet::Util::Tagging
   def tag(*ary)
     @tags ||= new_tags
 
-    ary.flatten.each do |tag|
+    ary.flatten.compact.each do |tag|
       name = tag.to_s.downcase
       # Add the tag before testing if it's valid since this means that
       # we never need to test the same valid tag twice. This speeds things

data/vendored/puppet/lib/puppet/util/windows.rb

@@ -1,9 +1,10 @@
 require 'puppet/util/platform'
 module Puppet::Util::Windows
   module ADSI
-    class User; end
+    class ADSIObject; end
+    class User < ADSIObject; end
     class UserProfile; end
-    class Group; end
+    class Group < ADSIObject; end
   end
   module File; end
   module Registry
@@ -14,6 +15,20 @@ module Puppet::Util::Windows
   class EventLog; end
 
   if Puppet::Util::Platform.windows?
+    require 'Win32API' # case matters in this require!
+
+    # Note: Setting codepage here globally ensures all strings returned via
+    # WIN32OLE (Ruby's late-bound COM support) are encoded in Encoding::UTF_8
+    #
+    # Also, this does not modify the value of WIN32OLE.locale - which defaults
+    # to 2048 (at least on US English Windows) and is not listed in the MS
+    # locales table, here: https://msdn.microsoft.com/en-us/library/ms912047(v=winembedded.10).aspx
+    require 'win32ole' ; WIN32OLE.codepage = WIN32OLE::CP_UTF8
+    # gems
+    require 'win32/process'
+    require 'win32/dir'
+    require 'win32/service'
+
     # these reference platform specific gems
     require 'puppet/util/windows/api_types'
     require 'puppet/util/windows/string'
@@ -32,5 +47,6 @@ module Puppet::Util::Windows
     require 'puppet/util/windows/adsi'
     require 'puppet/util/windows/registry'
     require 'puppet/util/windows/eventlog'
+    require 'puppet/util/windows/service'
   end
 end

data/vendored/puppet/lib/puppet/util/windows/adsi.rb

@@ -106,138 +106,200 @@ module Puppet::Util::Windows::ADSI
       [:lpwstr, :lpdword], :win32_bool
   end
 
-  module Shared
-    def localized_domains
-      @localized_domains ||= [
-        # localized version of BUILTIN
-        # for instance VORDEFINIERT on German Windows
-        Puppet::Util::Windows::SID.sid_to_name('S-1-5-32').upcase,
-        # localized version of NT AUTHORITY (can't use S-1-5)
-        # for instance AUTORITE NT on French Windows
-        Puppet::Util::Windows::SID.name_to_principal('SYSTEM').domain.upcase
-      ]
-    end
+  # Common base class shared by the User and Group
+  # classes below.
+  class ADSIObject
+    extend Enumerable
 
-    def uri(name, host = '.')
-      host = '.' if (localized_domains << Socket.gethostname.upcase).include?(host.upcase)
+    # Define some useful class-level methods
+    class << self
+      # Is either 'user' or 'group'
+      attr_reader :object_class
+
+      def localized_domains
+        @localized_domains ||= [
+          # localized version of BUILTIN
+          # for instance VORDEFINIERT on German Windows
+          Puppet::Util::Windows::SID.sid_to_name('S-1-5-32').upcase,
+          # localized version of NT AUTHORITY (can't use S-1-5)
+          # for instance AUTORITE NT on French Windows
+          Puppet::Util::Windows::SID.name_to_principal('SYSTEM').domain.upcase
+        ]
+      end
 
-      # group or user
-      account_type = self.name.split('::').last.downcase
+      def uri(name, host = '.')
+        host = '.' if (localized_domains << Socket.gethostname.upcase).include?(host.upcase)
+        Puppet::Util::Windows::ADSI.uri(name, @object_class, host)
+      end
 
-      Puppet::Util::Windows::ADSI.uri(name, account_type, host)
-    end
+      def parse_name(name)
+        if name =~ /\//
+          raise Puppet::Error.new( _("Value must be in DOMAIN\\user style syntax") )
+        end
 
-    def parse_name(name)
-      if name =~ /\//
-        raise Puppet::Error.new( _("Value must be in DOMAIN\\user style syntax") )
-      end
+        matches = name.scan(/((.*)\\)?(.*)/)
+        domain = matches[0][1] || '.'
+        account = matches[0][2]
 
-      matches = name.scan(/((.*)\\)?(.*)/)
-      domain = matches[0][1] || '.'
-      account = matches[0][2]
+        return account, domain
+      end
 
-      return account, domain
-    end
+      # returns Puppet::Util::Windows::SID::Principal[]
+      # may contain objects that represent unresolvable SIDs
+      def get_sids(adsi_child_collection)
+        sids = []
+        adsi_child_collection.each do |m|
+          sids << Puppet::Util::Windows::SID.ads_to_principal(m)
+        end
 
-    # returns Puppet::Util::Windows::SID::Principal[]
-    # may contain objects that represent unresolvable SIDs
-    def get_sids(adsi_child_collection)
-      sids = []
-      adsi_child_collection.each do |m|
-        sids << Puppet::Util::Windows::SID.ads_to_principal(m)
+        sids
       end
 
-      sids
-    end
+      def name_sid_hash(names)
+        return {} if names.nil? || names.empty?
 
-    def name_sid_hash(names)
-      return {} if names.nil? || names.empty?
+        sids = names.map do |name|
+          sid = Puppet::Util::Windows::SID.name_to_principal(name)
+          raise Puppet::Error.new( _("Could not resolve name: %{name}") % { name: name } ) if !sid
+          [sid.sid, sid]
+        end
 
-      sids = names.map do |name|
-        sid = Puppet::Util::Windows::SID.name_to_principal(name)
-        raise Puppet::Error.new( _("Could not resolve name: %{name}") % { name: name } ) if !sid
-        [sid.sid, sid]
+        Hash[ sids ]
       end
 
-      Hash[ sids ]
-    end
-  end
 
-  class User
-    extend Enumerable
-    extend Puppet::Util::Windows::ADSI::Shared
-    extend FFI::Library
+      def delete(name)
+        Puppet::Util::Windows::ADSI.delete(name, @object_class)
+      end
 
-    # https://msdn.microsoft.com/en-us/library/aa746340.aspx
-    # IADsUser interface
+      def exists?(name_or_sid)
+        well_known = false
+        if (sid = Puppet::Util::Windows::SID.name_to_principal(name_or_sid))
+          # Examples of SidType include SidTypeUser, SidTypeGroup
+          return true if sid.account_type == "SidType#{@object_class.capitalize}".to_sym
+
+          # 'well known group' is special as it can be a group like Everyone OR a user like SYSTEM
+          # so try to resolve it
+          # https://msdn.microsoft.com/en-us/library/cc234477.aspx
+          well_known = sid.account_type == :SidTypeWellKnownGroup
+          return false if sid.account_type != :SidTypeAlias && !well_known
+          name_or_sid = "#{sid.domain}\\#{sid.account}"
+        end
 
-    require 'puppet/util/windows/sid'
+        object = Puppet::Util::Windows::ADSI.connect(uri(*parse_name(name_or_sid)))
+        object.Class.downcase == @object_class
+      rescue
+        # special accounts like SYSTEM or special groups like Authenticated Users cannot
+        # resolve via monikers like WinNT://./SYSTEM,user or WinNT://./Authenticated Users,group
+        # -- they'll fail to connect. thus, given a validly resolved SID, this failure is
+        # ambiguous as it may indicate either a group like Service or an account like SYSTEM
+        well_known
+      end
 
-    attr_accessor :native_user
-    attr_reader :name, :sid
-    def initialize(name, native_user = nil)
-      @name = name
-      @native_user = native_user
+      def list_all
+        raise NotImplementedError, _("Subclass must implement class-level method 'list_all'!")
+      end
+
+      def each(&block)
+        objects = []
+        list_all.each do |o|
+          # Setting WIN32OLE.codepage in the microsoft_windows feature ensures
+          # values are returned as UTF-8
+          objects << new(o.name)
+        end
+
+        objects.each(&block)
+      end
     end
 
-    def native_user
-      @native_user ||= Puppet::Util::Windows::ADSI.connect(self.class.uri(*self.class.parse_name(@name)))
+    attr_reader :name
+    def initialize(name, native_object = nil)
+      @name = name
+      @native_object = native_object
     end
 
-    def sid
-      @sid ||= Puppet::Util::Windows::SID.octet_string_to_principal(native_user.objectSID)
+    def object_class
+      self.class.object_class
     end
 
     def uri
       self.class.uri(sid.account, sid.domain)
     end
 
-    def self.logon(name, password)
-      Puppet::Util::Windows::User.password_is?(name, password)
+    def native_object
+      @native_object ||= Puppet::Util::Windows::ADSI.connect(self.class.uri(*self.class.parse_name(name)))
+    end
+
+    def sid
+      @sid ||= Puppet::Util::Windows::SID.octet_string_to_principal(native_object.objectSID)
     end
 
     def [](attribute)
-      # Setting WIN32OLE.codepage in the microsoft_windows feature ensures
-      # values are returned as UTF-8
-      native_user.Get(attribute)
+      # Setting WIN32OLE.codepage ensures values are returned as UTF-8
+      native_object.Get(attribute)
     end
 
     def []=(attribute, value)
-      native_user.Put(attribute, value)
+      native_object.Put(attribute, value)
     end
 
     def commit
       begin
-        native_user.SetInfo unless native_user.nil?
+        native_object.SetInfo
       rescue WIN32OLERuntimeError => e
         # ERROR_BAD_USERNAME 2202L from winerror.h
         if e.message =~ /8007089A/m
           raise Puppet::Error.new(
-           _("Puppet is not able to create/delete domain users with the user resource."),
-           e
+            _("Puppet is not able to create/delete domain %{object_class}s with the %{object_class} resource.") % { object_class: object_class },
           )
         end
 
-        raise Puppet::Error.new( _("User update failed: %{e}") % { e: e }, e )
+        raise Puppet::Error.new( _("%{object_class} update failed: %{error}") % { object_class: object_class.capitalize, error: e }, e )
       end
       self
     end
+  end
+
+  class User < ADSIObject
+    extend FFI::Library
+
+    require 'puppet/util/windows/sid'
+
+    # https://msdn.microsoft.com/en-us/library/aa746340.aspx
+    # IADsUser interface
+    @object_class = 'user'
+
+    class << self
+      def list_all
+        Puppet::Util::Windows::ADSI.execquery('select name from win32_useraccount where localaccount = "TRUE"')
+      end
+
+      def logon(name, password)
+        Puppet::Util::Windows::User.password_is?(name, password)
+      end
+
+      def create(name)
+        # Windows error 1379: The specified local group already exists.
+        raise Puppet::Error.new(_("Cannot create user if group '%{name}' exists.") % { name: name }) if Puppet::Util::Windows::ADSI::Group.exists? name
+        new(name, Puppet::Util::Windows::ADSI.create(name, @object_class))
+      end
+    end
 
     def password_is?(password)
       self.class.logon(name, password)
     end
 
     def add_flag(flag_name, value)
-      flag = native_user.Get(flag_name) rescue 0
+      flag = native_object.Get(flag_name) rescue 0
 
-      native_user.Put(flag_name, flag | value)
+      native_object.Put(flag_name, flag | value)
 
       commit
     end
 
     def password=(password)
       if !password.nil?
-        native_user.SetPassword(password)
+        native_object.SetPassword(password)
         commit
       end
 
@@ -249,9 +311,8 @@ module Puppet::Util::Windows::ADSI
       # https://msdn.microsoft.com/en-us/library/aa746342.aspx
       # WIN32OLE objects aren't enumerable, so no map
       groups = []
-      # Setting WIN32OLE.codepage in the microsoft_windows feature ensures
-      # values are returned as UTF-8
-      native_user.Groups.each {|g| groups << g.Name} rescue nil
+      # Setting WIN32OLE.codepage ensures values are returned as UTF-8
+      native_object.Groups.each {|g| groups << g.Name} rescue nil
       groups
     end
 
@@ -281,9 +342,13 @@ module Puppet::Util::Windows::ADSI
     end
 
     def group_sids
-      self.class.get_sids(native_user.Groups)
+      self.class.get_sids(native_object.Groups)
     end
 
+    # TODO: This code's pretty similar to set_members in the Group class. Would be nice
+    # to refactor them into the ADSIObject class at some point. This was not done originally
+    # because these use different methods to do stuff that are also aliased to other methods,
+    # so the shared code isn't exactly a 1:1 mapping.
     def set_groups(desired_groups, minimum = true)
       return if desired_groups.nil?
 
@@ -311,11 +376,6 @@ module Puppet::Util::Windows::ADSI
       end
     end
 
-    def self.create(name)
-      # Windows error 1379: The specified local group already exists.
-      raise Puppet::Error.new(_("Cannot create user if group '%{name}' exists.") % { name: name }) if Puppet::Util::Windows::ADSI::Group.exists? name
-      new(name, Puppet::Util::Windows::ADSI.create(name, 'user'))
-    end
 
     # UNLEN from lmcons.h - https://stackoverflow.com/a/2155176
     MAX_USERNAME_LENGTH = 256
@@ -341,47 +401,6 @@ module Puppet::Util::Windows::ADSI
       Puppet::Util::Windows::SID.name_to_principal(current_user_name)
     end
 
-    def self.exists?(name_or_sid)
-      well_known = false
-      if (sid = Puppet::Util::Windows::SID.name_to_principal(name_or_sid))
-        return true if sid.account_type == :SidTypeUser
-
-        # 'well known group' is special as it can be a group like Everyone OR a user like SYSTEM
-        # so try to resolve it
-        # https://msdn.microsoft.com/en-us/library/cc234477.aspx
-        well_known = sid.account_type == :SidTypeWellKnownGroup
-        return false if sid.account_type != :SidTypeAlias && !well_known
-        name_or_sid = "#{sid.domain}\\#{sid.account}"
-      end
-
-      user = Puppet::Util::Windows::ADSI.connect(User.uri(*User.parse_name(name_or_sid)))
-      # otherwise, verify that the account is actually a User account
-      user.Class == 'User'
-    rescue
-      # special accounts like SYSTEM cannot resolve via moniker like WinNT://./SYSTEM,user
-      # and thus fail to connect - so given a validly resolved SID, this failure is ambiguous as it
-      # may indicate either a group like Service or an account like SYSTEM
-      well_known
-    end
-
-
-    def self.delete(name)
-      Puppet::Util::Windows::ADSI.delete(name, 'user')
-    end
-
-    def self.each(&block)
-      wql = Puppet::Util::Windows::ADSI.execquery('select name from win32_useraccount where localaccount = "TRUE"')
-
-      users = []
-      wql.each do |u|
-        # Setting WIN32OLE.codepage in the microsoft_windows feature ensures
-        # values are returned as UTF-8
-        users << new(u.name)
-      end
-
-      users.each(&block)
-    end
-
     ffi_convention :stdcall
 
     # https://msdn.microsoft.com/en-us/library/windows/desktop/ms724432(v=vs.85).aspx
@@ -410,58 +429,33 @@ module Puppet::Util::Windows::ADSI
     end
   end
 
-  class Group
-    extend Enumerable
-    extend Puppet::Util::Windows::ADSI::Shared
+  class Group < ADSIObject
 
     # https://msdn.microsoft.com/en-us/library/aa706021.aspx
     # IADsGroup interface
+    @object_class = 'group'
 
-    attr_accessor :native_group
-    attr_reader :name, :sid
-    def initialize(name, native_group = nil)
-      @name = name
-      @native_group = native_group
-    end
-
-    def uri
-      self.class.uri(sid.account, sid.domain)
-    end
-
-    def native_group
-      @native_group ||= Puppet::Util::Windows::ADSI.connect(self.class.uri(*self.class.parse_name(name)))
-    end
-
-    def sid
-      @sid ||= Puppet::Util::Windows::SID.octet_string_to_principal(native_group.objectSID)
-    end
-
-    def commit
-      begin
-        native_group.SetInfo unless native_group.nil?
-      rescue WIN32OLERuntimeError => e
-        # ERROR_BAD_USERNAME 2202L from winerror.h
-        if e.message =~ /8007089A/m
-          raise Puppet::Error.new(
-            _("Puppet is not able to create/delete domain groups with the group resource."),
-            e
-          )
-        end
+    class << self
+      def list_all
+        Puppet::Util::Windows::ADSI.execquery('select name from win32_group where localaccount = "TRUE"')
+      end
 
-        raise Puppet::Error.new( _("Group update failed: %{error}") % { error: e }, e )
+      def create(name)
+        # Windows error 2224: The account already exists.
+        raise Puppet::Error.new( _("Cannot create group if user '%{name}' exists.") % { name: name } ) if Puppet::Util::Windows::ADSI::User.exists?(name)
+        new(name, Puppet::Util::Windows::ADSI.create(name, @object_class))
       end
-      self
     end
 
     def add_member_sids(*sids)
       sids.each do |sid|
-        native_group.Add(Puppet::Util::Windows::ADSI.sid_uri(sid))
+        native_object.Add(Puppet::Util::Windows::ADSI.sid_uri(sid))
       end
     end
 
     def remove_member_sids(*sids)
       sids.each do |sid|
-        native_group.Remove(Puppet::Util::Windows::ADSI.sid_uri(sid))
+        native_object.Remove(Puppet::Util::Windows::ADSI.sid_uri(sid))
       end
     end
 
@@ -469,7 +463,7 @@ module Puppet::Util::Windows::ADSI
     # may contain objects that represent unresolvable SIDs
     # qualified account names are returned by calling #domain_account
     def members
-      self.class.get_sids(native_group.Members)
+      self.class.get_sids(native_object.Members)
     end
     alias member_sids members
 
@@ -496,50 +490,5 @@ module Puppet::Util::Windows::ADSI
         remove_member_sids(*members_to_remove)
       end
     end
-
-    def self.create(name)
-      # Windows error 2224: The account already exists.
-      raise Puppet::Error.new( _("Cannot create group if user '%{name}' exists.") % { name: name } ) if Puppet::Util::Windows::ADSI::User.exists? name
-      new(name, Puppet::Util::Windows::ADSI.create(name, 'group'))
-    end
-
-    def self.exists?(name_or_sid)
-      well_known = false
-      if (sid = Puppet::Util::Windows::SID.name_to_principal(name_or_sid))
-        return true if sid.account_type == :SidTypeGroup
-
-        # 'well known group' is special as it can be a group like Everyone OR a user like SYSTEM
-        # so try to resolve it
-        # https://msdn.microsoft.com/en-us/library/cc234477.aspx
-        well_known = sid.account_type == :SidTypeWellKnownGroup
-        return false if sid.account_type != :SidTypeAlias && !well_known
-        name_or_sid = "#{sid.domain}\\#{sid.account}"
-      end
-
-      user = Puppet::Util::Windows::ADSI.connect(Group.uri(*Group.parse_name(name_or_sid)))
-      user.Class == 'Group'
-    rescue
-      # special groups like Authenticated Users cannot resolve via moniker like WinNT://./Authenticated Users,group
-      # and thus fail to connect - so given a validly resolved SID, this failure is ambiguous as it
-      # may indicate either a group like Service or an account like SYSTEM
-      well_known
-    end
-
-    def self.delete(name)
-      Puppet::Util::Windows::ADSI.delete(name, 'group')
-    end
-
-    def self.each(&block)
-      wql = Puppet::Util::Windows::ADSI.execquery('select name from win32_group where localaccount = "TRUE"')
-
-      groups = []
-      wql.each do |g|
-        # Setting WIN32OLE.codepage in the microsoft_windows feature ensures
-        # values are returned as UTF-8
-        groups << new(g.name)
-      end
-
-      groups.each(&block)
-    end
   end
 end