chef 14.1.12 → 14.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +1 -6
- data/VERSION +1 -1
- data/chef.gemspec +2 -3
- data/lib/chef/chef_fs/data_handler/data_handler_base.rb +8 -4
- data/lib/chef/cookbook/manifest_v0.rb +2 -2
- data/lib/chef/cookbook_manifest.rb +3 -2
- data/lib/chef/cookbook_version.rb +3 -2
- data/lib/chef/guard_interpreter/default_guard_interpreter.rb +2 -2
- data/lib/chef/http/auth_credentials.rb +5 -3
- data/lib/chef/http/authenticator.rb +6 -3
- data/lib/chef/knife.rb +3 -6
- data/lib/chef/knife/configure.rb +12 -8
- data/lib/chef/knife/raw.rb +6 -1
- data/lib/chef/mixin/shell_out.rb +16 -14
- data/lib/chef/provider/execute.rb +4 -3
- data/lib/chef/provider/git.rb +1 -1
- data/lib/chef/provider/package/dnf.rb +5 -5
- data/lib/chef/provider/package/windows.rb +7 -0
- data/lib/chef/provider/package/yum.rb +7 -7
- data/lib/chef/provider/service/freebsd.rb +3 -3
- data/lib/chef/provider/service/init.rb +5 -5
- data/lib/chef/provider/service/macosx.rb +5 -4
- data/lib/chef/provider/service/simple.rb +4 -4
- data/lib/chef/provider/service/systemd.rb +13 -13
- data/lib/chef/provider/service/upstart.rb +3 -3
- data/lib/chef/provider/service/windows.rb +2 -0
- data/lib/chef/provider/systemd_unit.rb +4 -4
- data/lib/chef/provider/user.rb +18 -1
- data/lib/chef/provider/user/aix.rb +40 -8
- data/lib/chef/provider/user/dscl.rb +7 -14
- data/lib/chef/provider/user/linux.rb +1 -11
- data/lib/chef/provider/user/solaris.rb +57 -26
- data/lib/chef/provider/user/useradd.rb +4 -1
- data/lib/chef/provider/windows_task.rb +1 -0
- data/lib/chef/providers.rb +1 -2
- data/lib/chef/resource/execute.rb +4 -1
- data/lib/chef/resource/gem_package.rb +1 -1
- data/lib/chef/resource/hostname.rb +1 -1
- data/lib/chef/resource/sysctl.rb +3 -1
- data/lib/chef/resource/windows_ad_join.rb +16 -3
- data/lib/chef/resource_inspector.rb +13 -0
- data/lib/chef/run_context/cookbook_compiler.rb +1 -1
- data/lib/chef/server_api.rb +2 -0
- data/lib/chef/version.rb +1 -1
- data/spec/functional/mixin/shell_out_spec.rb +27 -1
- data/spec/functional/resource/execute_spec.rb +2 -2
- data/spec/functional/resource/windows_task_spec.rb +1 -1
- data/spec/support/shared/functional/securable_resource.rb +1 -1
- data/spec/support/shared/unit/execute_resource.rb +1 -1
- data/spec/support/shared/unit/provider/useradd_based_user_provider.rb +3 -3
- data/spec/unit/chef_fs/data_handler/data_handler_base_spec.rb +65 -0
- data/spec/unit/cookbook/manifest_v0_spec.rb +1 -1
- data/spec/unit/cookbook_manifest_spec.rb +2 -0
- data/spec/unit/dsl/recipe_spec.rb +1 -5
- data/spec/unit/http/authenticator_spec.rb +33 -8
- data/spec/unit/mixin/shell_out_spec.rb +61 -1
- data/spec/unit/provider/apt_update_spec.rb +7 -7
- data/spec/unit/provider/execute_spec.rb +16 -15
- data/spec/unit/provider/git_spec.rb +3 -3
- data/spec/unit/provider/package/windows_spec.rb +12 -0
- data/spec/unit/provider/script_spec.rb +2 -2
- data/spec/unit/provider/service/arch_service_spec.rb +9 -9
- data/spec/unit/provider/service/freebsd_service_spec.rb +6 -6
- data/spec/unit/provider/service/init_service_spec.rb +11 -11
- data/spec/unit/provider/service/invokercd_service_spec.rb +9 -9
- data/spec/unit/provider/service/macosx_spec.rb +11 -11
- data/spec/unit/provider/service/openbsd_service_spec.rb +6 -6
- data/spec/unit/provider/service/simple_service_spec.rb +4 -4
- data/spec/unit/provider/service/systemd_service_spec.rb +16 -16
- data/spec/unit/provider/service/upstart_service_spec.rb +12 -12
- data/spec/unit/provider/service/windows_spec.rb +5 -0
- data/spec/unit/provider/systemd_unit_spec.rb +163 -118
- data/spec/unit/provider/user/dscl_spec.rb +2 -9
- data/spec/unit/provider/user/solaris_spec.rb +2 -2
- data/spec/unit/provider/zypper_repository_spec.rb +3 -3
- data/spec/unit/provider_spec.rb +1 -5
- data/spec/unit/resource/apt_package_spec.rb +14 -0
- data/spec/unit/resource/apt_preference_spec.rb +14 -1
- data/spec/unit/resource/apt_repository_spec.rb +12 -3
- data/spec/unit/resource/apt_update_spec.rb +9 -0
- data/spec/unit/resource/bash_spec.rb +8 -0
- data/spec/unit/resource/bff_package_spec.rb +51 -0
- data/spec/unit/resource/breakpoint_spec.rb +4 -4
- data/spec/unit/resource/build_essential_spec.rb +5 -1
- data/spec/unit/resource/cab_package_spec.rb +10 -0
- data/spec/unit/resource/chef_gem_spec.rb +14 -0
- data/spec/unit/resource/chef_handler_spec.rb +9 -4
- data/spec/unit/resource/chocolatey_package_spec.rb +15 -1
- data/spec/unit/resource/conditional_spec.rb +3 -3
- data/spec/unit/resource/cookbook_file_spec.rb +13 -2
- data/spec/unit/resource/cron_spec.rb +2 -7
- data/spec/unit/resource/csh_spec.rb +8 -0
- data/spec/unit/resource/directory_spec.rb +4 -9
- data/spec/unit/resource/dmg_package_spec.rb +8 -4
- data/spec/unit/resource/dnf_package_spec.rb +16 -1
- data/spec/unit/resource/dpkg_package_spec.rb +18 -0
- data/spec/unit/resource/dsc_resource_spec.rb +6 -6
- data/spec/unit/resource/dsc_script_spec.rb +39 -39
- data/spec/unit/resource/execute_spec.rb +20 -12
- data/spec/unit/resource/file_spec.rb +10 -10
- data/spec/unit/resource/freebsd_package_spec.rb +16 -0
- data/spec/unit/resource/gem_package_spec.rb +27 -0
- data/spec/unit/resource/git_spec.rb +17 -2
- data/spec/unit/resource/group_spec.rb +18 -17
- data/spec/unit/resource/homebrew_cask_spec.rb +9 -4
- data/spec/unit/resource/homebrew_package_spec.rb +14 -0
- data/spec/unit/resource/homebrew_tap_spec.rb +8 -3
- data/spec/unit/resource/hostname_spec.rb +10 -6
- data/spec/unit/resource/http_request_spec.rb +14 -0
- data/spec/unit/resource/ips_package_spec.rb +15 -3
- data/spec/unit/resource/ksh_spec.rb +8 -0
- data/spec/unit/resource/launchd_spec.rb +11 -5
- data/spec/unit/resource/link_spec.rb +6 -11
- data/spec/unit/resource/log_spec.rb +8 -8
- data/spec/unit/resource/macos_user_defaults_spec.rb +5 -1
- data/spec/unit/resource/macports_package_spec.rb +19 -0
- data/spec/unit/resource/mdadm_spec.rb +7 -3
- data/spec/unit/resource/mount_spec.rb +15 -18
- data/spec/unit/resource/msu_package_spec.rb +10 -0
- data/spec/unit/resource/ohai_hint_spec.rb +9 -8
- data/spec/unit/resource/ohai_spec.rb +11 -3
- data/spec/unit/resource/openbsd_package_spec.rb +14 -0
- data/spec/unit/resource/openssl_dhparam.rb +10 -5
- data/spec/unit/resource/openssl_rsa_private_key_spec.rb +10 -5
- data/spec/unit/resource/openssl_rsa_public_key_spec.rb +9 -5
- data/spec/unit/resource/osx_profile_spec.rb +7 -4
- data/spec/unit/resource/package_spec.rb +14 -0
- data/spec/unit/resource/pacman_package_spec.rb +17 -3
- data/spec/unit/resource/paludis_package_spec.rb +36 -0
- data/spec/unit/resource/perl_spec.rb +8 -0
- data/spec/unit/resource/portage_package_spec.rb +14 -0
- data/spec/unit/resource/powershell_package_spec.rb +14 -0
- data/spec/unit/resource/python_spec.rb +8 -0
- data/spec/unit/resource/reboot_spec.rb +5 -3
- data/spec/unit/resource/registry_key_spec.rb +12 -1
- data/spec/unit/resource/remote_directory_spec.rb +11 -1
- data/spec/unit/resource/remote_file_spec.rb +19 -0
- data/spec/unit/resource/rhsm_errata_level_spec.rb +7 -3
- data/spec/unit/resource/rhsm_errata_spec.rb +8 -4
- data/spec/unit/resource/rhsm_register_spec.rb +6 -1
- data/spec/unit/resource/rhsm_repo_spec.rb +9 -4
- data/spec/unit/resource/rhsm_subscription_spec.rb +9 -4
- data/spec/unit/resource/route_spec.rb +4 -9
- data/spec/unit/resource/rpm_package_spec.rb +14 -0
- data/spec/unit/resource/ruby_block_spec.rb +12 -8
- data/spec/unit/resource/ruby_spec.rb +8 -0
- data/spec/unit/resource/scm_spec.rb +16 -8
- data/spec/unit/resource/script_spec.rb +8 -0
- data/spec/unit/resource/service_spec.rb +15 -0
- data/spec/unit/resource/smartos_package_spec.rb +18 -4
- data/spec/unit/resource/solaris_package_spec.rb +14 -0
- data/spec/unit/resource/subversion_spec.rb +14 -8
- data/spec/unit/resource/sudo_spec.rb +11 -4
- data/spec/unit/resource/swap_file_spec.rb +4 -5
- data/spec/unit/resource/sysctl_spec.rb +8 -10
- data/spec/unit/resource/systemd_unit_spec.rb +14 -12
- data/spec/unit/resource/template_spec.rb +19 -0
- data/spec/unit/resource/{windows_ad_join.rb → windows_ad_join_spec.rb} +12 -6
- data/spec/unit/resource/windows_auto_run_spec.rb +9 -9
- data/spec/unit/resource/windows_env_spec.rb +8 -16
- data/spec/unit/resource/windows_feature.rb +27 -8
- data/spec/unit/resource/windows_feature_dism.rb +30 -9
- data/spec/unit/resource/windows_feature_powershell.rb +7 -7
- data/spec/unit/resource/windows_font_spec.rb +3 -4
- data/spec/unit/resource/windows_package_spec.rb +12 -2
- data/spec/unit/resource/windows_pagefile_spec.rb +12 -8
- data/spec/unit/resource/windows_path_spec.rb +4 -5
- data/spec/unit/resource/windows_printer_port_spec.rb +20 -3
- data/spec/unit/resource/windows_printer_spec.rb +12 -5
- data/spec/unit/resource/windows_service_spec.rb +24 -1
- data/spec/unit/resource/windows_shortcut_spec.rb +4 -5
- data/spec/unit/resource/yum_repository_spec.rb +48 -2
- data/spec/unit/resource/zypper_package_spec.rb +51 -0
- data/spec/unit/resource/zypper_repository_spec.rb +56 -11
- data/spec/unit/resource_spec.rb +1 -5
- metadata +21 -12
- data/spec/functional/resource/user/useradd_spec.rb +0 -709
data/spec/unit/resource_spec.rb
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
# Author:: Christopher Walters (<cw@chef.io>)
|
|
4
4
|
# Author:: Tim Hinderliter (<tim@chef.io>)
|
|
5
5
|
# Author:: Seth Chisamore (<schisamo@chef.io>)
|
|
6
|
-
# Copyright:: Copyright 2008-
|
|
6
|
+
# Copyright:: Copyright 2008-2018, Chef Software Inc.
|
|
7
7
|
# License:: Apache License, Version 2.0
|
|
8
8
|
#
|
|
9
9
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
@@ -38,10 +38,6 @@ describe Chef::Resource do
|
|
|
38
38
|
expect(resource.respond_to?(:shell_out!)).to be true
|
|
39
39
|
end
|
|
40
40
|
|
|
41
|
-
it "should mixin shell_out_with_systems_locale" do
|
|
42
|
-
expect(resource.respond_to?(:shell_out_with_systems_locale)).to be true
|
|
43
|
-
end
|
|
44
|
-
|
|
45
41
|
describe "when inherited" do
|
|
46
42
|
|
|
47
43
|
it "adds an entry to a list of subclasses" do
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: chef
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 14.
|
|
4
|
+
version: 14.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Adam Jacob
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-
|
|
11
|
+
date: 2018-06-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: chef-config
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 14.
|
|
19
|
+
version: 14.2.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 14.
|
|
26
|
+
version: 14.2.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: mixlib-cli
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -64,14 +64,14 @@ dependencies:
|
|
|
64
64
|
requirements:
|
|
65
65
|
- - "~>"
|
|
66
66
|
- !ruby/object:Gem::Version
|
|
67
|
-
version: '2.
|
|
67
|
+
version: '2.1'
|
|
68
68
|
type: :runtime
|
|
69
69
|
prerelease: false
|
|
70
70
|
version_requirements: !ruby/object:Gem::Requirement
|
|
71
71
|
requirements:
|
|
72
72
|
- - "~>"
|
|
73
73
|
- !ruby/object:Gem::Version
|
|
74
|
-
version: '2.
|
|
74
|
+
version: '2.1'
|
|
75
75
|
- !ruby/object:Gem::Dependency
|
|
76
76
|
name: mixlib-shellout
|
|
77
77
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -118,16 +118,22 @@ dependencies:
|
|
|
118
118
|
name: ffi
|
|
119
119
|
requirement: !ruby/object:Gem::Requirement
|
|
120
120
|
requirements:
|
|
121
|
-
- - "
|
|
121
|
+
- - "~>"
|
|
122
122
|
- !ruby/object:Gem::Version
|
|
123
|
-
version: 1.9
|
|
123
|
+
version: '1.9'
|
|
124
|
+
- - ">="
|
|
125
|
+
- !ruby/object:Gem::Version
|
|
126
|
+
version: 1.9.25
|
|
124
127
|
type: :runtime
|
|
125
128
|
prerelease: false
|
|
126
129
|
version_requirements: !ruby/object:Gem::Requirement
|
|
127
130
|
requirements:
|
|
128
|
-
- - "
|
|
131
|
+
- - "~>"
|
|
132
|
+
- !ruby/object:Gem::Version
|
|
133
|
+
version: '1.9'
|
|
134
|
+
- - ">="
|
|
129
135
|
- !ruby/object:Gem::Version
|
|
130
|
-
version: 1.9.
|
|
136
|
+
version: 1.9.25
|
|
131
137
|
- !ruby/object:Gem::Dependency
|
|
132
138
|
name: ffi-yajl
|
|
133
139
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -1842,7 +1848,6 @@ files:
|
|
|
1842
1848
|
- spec/functional/resource/rpm_spec.rb
|
|
1843
1849
|
- spec/functional/resource/template_spec.rb
|
|
1844
1850
|
- spec/functional/resource/user/dscl_spec.rb
|
|
1845
|
-
- spec/functional/resource/user/useradd_spec.rb
|
|
1846
1851
|
- spec/functional/resource/user/windows_spec.rb
|
|
1847
1852
|
- spec/functional/resource/windows_env_spec.rb
|
|
1848
1853
|
- spec/functional/resource/windows_package_spec.rb
|
|
@@ -2018,6 +2023,7 @@ files:
|
|
|
2018
2023
|
- spec/unit/chef_class_spec.rb
|
|
2019
2024
|
- spec/unit/chef_fs/config_spec.rb
|
|
2020
2025
|
- spec/unit/chef_fs/data_handler/data_bag_item_data_handler.rb
|
|
2026
|
+
- spec/unit/chef_fs/data_handler/data_handler_base_spec.rb
|
|
2021
2027
|
- spec/unit/chef_fs/data_handler/group_handler_spec.rb
|
|
2022
2028
|
- spec/unit/chef_fs/diff_spec.rb
|
|
2023
2029
|
- spec/unit/chef_fs/file_pattern_spec.rb
|
|
@@ -2386,6 +2392,7 @@ files:
|
|
|
2386
2392
|
- spec/unit/resource/apt_update_spec.rb
|
|
2387
2393
|
- spec/unit/resource/bash_spec.rb
|
|
2388
2394
|
- spec/unit/resource/batch_spec.rb
|
|
2395
|
+
- spec/unit/resource/bff_package_spec.rb
|
|
2389
2396
|
- spec/unit/resource/breakpoint_spec.rb
|
|
2390
2397
|
- spec/unit/resource/build_essential_spec.rb
|
|
2391
2398
|
- spec/unit/resource/cab_package_spec.rb
|
|
@@ -2436,6 +2443,7 @@ files:
|
|
|
2436
2443
|
- spec/unit/resource/osx_profile_spec.rb
|
|
2437
2444
|
- spec/unit/resource/package_spec.rb
|
|
2438
2445
|
- spec/unit/resource/pacman_package_spec.rb
|
|
2446
|
+
- spec/unit/resource/paludis_package_spec.rb
|
|
2439
2447
|
- spec/unit/resource/perl_spec.rb
|
|
2440
2448
|
- spec/unit/resource/portage_package_spec.rb
|
|
2441
2449
|
- spec/unit/resource/powershell_package_spec.rb
|
|
@@ -2467,7 +2475,7 @@ files:
|
|
|
2467
2475
|
- spec/unit/resource/systemd_unit_spec.rb
|
|
2468
2476
|
- spec/unit/resource/template_spec.rb
|
|
2469
2477
|
- spec/unit/resource/user_spec.rb
|
|
2470
|
-
- spec/unit/resource/
|
|
2478
|
+
- spec/unit/resource/windows_ad_join_spec.rb
|
|
2471
2479
|
- spec/unit/resource/windows_auto_run_spec.rb
|
|
2472
2480
|
- spec/unit/resource/windows_env_spec.rb
|
|
2473
2481
|
- spec/unit/resource/windows_feature.rb
|
|
@@ -2484,6 +2492,7 @@ files:
|
|
|
2484
2492
|
- spec/unit/resource/windows_task_spec.rb
|
|
2485
2493
|
- spec/unit/resource/yum_package_spec.rb
|
|
2486
2494
|
- spec/unit/resource/yum_repository_spec.rb
|
|
2495
|
+
- spec/unit/resource/zypper_package_spec.rb
|
|
2487
2496
|
- spec/unit/resource/zypper_repository_spec.rb
|
|
2488
2497
|
- spec/unit/resource_builder_spec.rb
|
|
2489
2498
|
- spec/unit/resource_collection/resource_list_spec.rb
|
|
@@ -1,709 +0,0 @@
|
|
|
1
|
-
# encoding: UTF-8
|
|
2
|
-
#
|
|
3
|
-
# Author:: Daniel DeLeo (<dan@chef.io>)
|
|
4
|
-
# Copyright:: Copyright 2013-2016, Chef Software Inc.
|
|
5
|
-
# License:: Apache License, Version 2.0
|
|
6
|
-
#
|
|
7
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
8
|
-
# you may not use this file except in compliance with the License.
|
|
9
|
-
# You may obtain a copy of the License at
|
|
10
|
-
#
|
|
11
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
|
12
|
-
#
|
|
13
|
-
# Unless required by applicable law or agreed to in writing, software
|
|
14
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
15
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
16
|
-
# See the License for the specific language governing permissions and
|
|
17
|
-
# limitations under the License.
|
|
18
|
-
#
|
|
19
|
-
|
|
20
|
-
require "spec_helper"
|
|
21
|
-
require "functional/resource/base"
|
|
22
|
-
require "chef/mixin/shell_out"
|
|
23
|
-
|
|
24
|
-
def resource_for_platform(username, run_context)
|
|
25
|
-
Chef::Resource.resource_for_node(:user, node).new(username, run_context)
|
|
26
|
-
end
|
|
27
|
-
|
|
28
|
-
# ideally we could somehow pass an array of [ ...::Aix, ...::Linux ] to the
|
|
29
|
-
# filter, but we have to pick the right one for the O/S.
|
|
30
|
-
def user_provider_filter
|
|
31
|
-
case ohai[:os]
|
|
32
|
-
when "aix"
|
|
33
|
-
Chef::Provider::User::Aix
|
|
34
|
-
when "linux"
|
|
35
|
-
Chef::Provider::User::Linux
|
|
36
|
-
end
|
|
37
|
-
end
|
|
38
|
-
|
|
39
|
-
metadata = {
|
|
40
|
-
:unix_only => true,
|
|
41
|
-
:requires_root => true,
|
|
42
|
-
:not_supported_on_mac_osx => true,
|
|
43
|
-
:provider => { :user => user_provider_filter },
|
|
44
|
-
}
|
|
45
|
-
|
|
46
|
-
describe Chef::Provider::User::Useradd, metadata do
|
|
47
|
-
|
|
48
|
-
include Chef::Mixin::ShellOut
|
|
49
|
-
|
|
50
|
-
# Utility code for /etc/passwd interaction, avoid any caching of user records:
|
|
51
|
-
PwEntry = Struct.new(:name, :passwd, :uid, :gid, :gecos, :home, :shell)
|
|
52
|
-
|
|
53
|
-
class UserNotFound < StandardError; end
|
|
54
|
-
|
|
55
|
-
def pw_entry
|
|
56
|
-
passwd_file = File.open("/etc/passwd", "rb") { |f| f.read }
|
|
57
|
-
matcher = /^#{Regexp.escape(username)}.+$/
|
|
58
|
-
if passwd_entry = passwd_file.scan(matcher).first
|
|
59
|
-
PwEntry.new(*passwd_entry.split(":"))
|
|
60
|
-
else
|
|
61
|
-
raise UserNotFound, "no entry matching #{matcher.inspect} found in /etc/passwd"
|
|
62
|
-
end
|
|
63
|
-
end
|
|
64
|
-
|
|
65
|
-
def etc_shadow
|
|
66
|
-
case ohai[:platform]
|
|
67
|
-
when "aix"
|
|
68
|
-
File.open("/etc/security/passwd") { |f| f.read }
|
|
69
|
-
else
|
|
70
|
-
File.open("/etc/shadow") { |f| f.read }
|
|
71
|
-
end
|
|
72
|
-
end
|
|
73
|
-
|
|
74
|
-
def self.quote_in_username_unsupported?
|
|
75
|
-
if OHAI_SYSTEM["platform_family"] == "debian"
|
|
76
|
-
false
|
|
77
|
-
else
|
|
78
|
-
"Only debian family systems support quotes in username"
|
|
79
|
-
end
|
|
80
|
-
end
|
|
81
|
-
|
|
82
|
-
def password_should_be_set
|
|
83
|
-
if ohai[:platform] == "aix"
|
|
84
|
-
expect(pw_entry.passwd).to eq("!")
|
|
85
|
-
else
|
|
86
|
-
expect(pw_entry.passwd).to eq("x")
|
|
87
|
-
end
|
|
88
|
-
end
|
|
89
|
-
|
|
90
|
-
def try_cleanup
|
|
91
|
-
["/home/cheftestfoo", "/home/cheftestbar", "/home/cf-test"].each do |f|
|
|
92
|
-
FileUtils.rm_rf(f) if File.exists? f
|
|
93
|
-
end
|
|
94
|
-
|
|
95
|
-
["cf-test"].each do |u|
|
|
96
|
-
r = resource_for_platform("DELETE USER", run_context)
|
|
97
|
-
r.manage_home true
|
|
98
|
-
r.username("cf-test")
|
|
99
|
-
r.run_action(:remove)
|
|
100
|
-
end
|
|
101
|
-
end
|
|
102
|
-
|
|
103
|
-
before do
|
|
104
|
-
# Silence shell_out live stream
|
|
105
|
-
Chef::Log.level = :warn
|
|
106
|
-
try_cleanup
|
|
107
|
-
end
|
|
108
|
-
|
|
109
|
-
after do
|
|
110
|
-
max_retries = 3
|
|
111
|
-
while max_retries > 0
|
|
112
|
-
begin
|
|
113
|
-
pw_entry # will raise if the user doesn't exist
|
|
114
|
-
status = shell_out!("userdel", "-r", username, :returns => [0, 8, 12])
|
|
115
|
-
|
|
116
|
-
# Error code 8 during userdel indicates that the user is logged in.
|
|
117
|
-
# This occurs randomly because the accounts daemon holds a lock due to which userdel fails.
|
|
118
|
-
# The work around is to retry userdel for 3 times.
|
|
119
|
-
break if status.exitstatus != 8
|
|
120
|
-
|
|
121
|
-
sleep 1
|
|
122
|
-
max_retries -= 1
|
|
123
|
-
rescue UserNotFound
|
|
124
|
-
break
|
|
125
|
-
end
|
|
126
|
-
end
|
|
127
|
-
|
|
128
|
-
status.error! if max_retries == 0
|
|
129
|
-
end
|
|
130
|
-
|
|
131
|
-
let(:node) do
|
|
132
|
-
n = Chef::Node.new
|
|
133
|
-
n.consume_external_attrs(OHAI_SYSTEM.data.dup, {})
|
|
134
|
-
n
|
|
135
|
-
end
|
|
136
|
-
|
|
137
|
-
let(:events) do
|
|
138
|
-
Chef::EventDispatch::Dispatcher.new
|
|
139
|
-
end
|
|
140
|
-
|
|
141
|
-
let(:run_context) do
|
|
142
|
-
Chef::RunContext.new(node, {}, events)
|
|
143
|
-
end
|
|
144
|
-
|
|
145
|
-
let(:username) { "cf-test" }
|
|
146
|
-
let(:uid) { nil }
|
|
147
|
-
let(:home) { nil }
|
|
148
|
-
let(:manage_home) { false }
|
|
149
|
-
let(:password) { nil }
|
|
150
|
-
let(:system) { false }
|
|
151
|
-
let(:comment) { nil }
|
|
152
|
-
|
|
153
|
-
let(:user_resource) do
|
|
154
|
-
r = resource_for_platform("TEST USER RESOURCE", run_context)
|
|
155
|
-
r.username(username)
|
|
156
|
-
r.uid(uid)
|
|
157
|
-
r.home(home)
|
|
158
|
-
r.comment(comment)
|
|
159
|
-
r.manage_home(manage_home)
|
|
160
|
-
r.password(password)
|
|
161
|
-
r.system(system)
|
|
162
|
-
r
|
|
163
|
-
end
|
|
164
|
-
|
|
165
|
-
let(:expected_shadow) do
|
|
166
|
-
if ohai[:platform] == "aix"
|
|
167
|
-
expected_shadow = "cf-test" # For aix just check user entry in shadow file
|
|
168
|
-
else
|
|
169
|
-
expected_shadow = "cf-test:$1$RRa/wMM/$XltKfoX5ffnexVF4dHZZf/"
|
|
170
|
-
end
|
|
171
|
-
end
|
|
172
|
-
|
|
173
|
-
describe "action :create" do
|
|
174
|
-
|
|
175
|
-
context "when the user does not exist beforehand" do
|
|
176
|
-
before do
|
|
177
|
-
user_resource.run_action(:create)
|
|
178
|
-
expect(user_resource).to be_updated_by_last_action
|
|
179
|
-
end
|
|
180
|
-
|
|
181
|
-
it "ensures the user exists" do
|
|
182
|
-
expect(pw_entry.name).to eq(username)
|
|
183
|
-
end
|
|
184
|
-
|
|
185
|
-
# On Debian, the only constraints are that usernames must neither start
|
|
186
|
-
# with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a colon
|
|
187
|
-
# (':'), a comma (','), or a whitespace (space: ' ', end of line: '\n',
|
|
188
|
-
# tabulation: '\t', etc.). Note that using a slash ('/') may break the
|
|
189
|
-
# default algorithm for the definition of the user's home directory.
|
|
190
|
-
|
|
191
|
-
context "and the username contains a single quote", skip: quote_in_username_unsupported? do
|
|
192
|
-
|
|
193
|
-
let(:username) { "t'bilisi" }
|
|
194
|
-
|
|
195
|
-
it "ensures the user exists" do
|
|
196
|
-
expect(pw_entry.name).to eq(username)
|
|
197
|
-
end
|
|
198
|
-
end
|
|
199
|
-
|
|
200
|
-
context "when uid is set" do
|
|
201
|
-
# Should verify uid not in use...
|
|
202
|
-
let(:uid) { 1999 }
|
|
203
|
-
|
|
204
|
-
it "ensures the user has the given uid" do
|
|
205
|
-
expect(pw_entry.uid).to eq("1999")
|
|
206
|
-
end
|
|
207
|
-
end
|
|
208
|
-
|
|
209
|
-
context "when comment is set" do
|
|
210
|
-
let(:comment) { "hello this is dog" }
|
|
211
|
-
|
|
212
|
-
it "ensures the comment is set" do
|
|
213
|
-
expect(pw_entry.gecos).to eq("hello this is dog")
|
|
214
|
-
end
|
|
215
|
-
|
|
216
|
-
context "in standard gecos format" do
|
|
217
|
-
let(:comment) { "Bobo T. Clown,some building,555-555-5555,@boboclown" }
|
|
218
|
-
|
|
219
|
-
it "ensures the comment is set" do
|
|
220
|
-
expect(pw_entry.gecos).to eq(comment)
|
|
221
|
-
end
|
|
222
|
-
end
|
|
223
|
-
|
|
224
|
-
context "to a string containing multibyte characters" do
|
|
225
|
-
let(:comment) { "(╯°□°)╯︵ ┻━┻" }
|
|
226
|
-
|
|
227
|
-
it "ensures the comment is set" do
|
|
228
|
-
actual = pw_entry.gecos
|
|
229
|
-
actual.force_encoding(Encoding::UTF_8) if "".respond_to?(:force_encoding)
|
|
230
|
-
expect(actual).to eq(comment)
|
|
231
|
-
end
|
|
232
|
-
end
|
|
233
|
-
|
|
234
|
-
context "to a string containing an apostrophe `'`" do
|
|
235
|
-
let(:comment) { "don't go" }
|
|
236
|
-
|
|
237
|
-
it "ensures the comment is set" do
|
|
238
|
-
expect(pw_entry.gecos).to eq(comment)
|
|
239
|
-
end
|
|
240
|
-
end
|
|
241
|
-
end
|
|
242
|
-
|
|
243
|
-
context "when home is set" do
|
|
244
|
-
let(:home) { "/home/#{username}" }
|
|
245
|
-
|
|
246
|
-
it "ensures the user's home is set to the given path" do
|
|
247
|
-
expect(pw_entry.home).to eq(home)
|
|
248
|
-
end
|
|
249
|
-
|
|
250
|
-
it "does not create the home dir without `manage_home'" do
|
|
251
|
-
expect(File).not_to exist(home)
|
|
252
|
-
end
|
|
253
|
-
|
|
254
|
-
context "and manage_home is enabled" do
|
|
255
|
-
let(:manage_home) { true }
|
|
256
|
-
|
|
257
|
-
it "ensures the user's home directory exists" do
|
|
258
|
-
expect(File).to exist(home)
|
|
259
|
-
end
|
|
260
|
-
end
|
|
261
|
-
|
|
262
|
-
context "and manage_home is the default" do
|
|
263
|
-
let(:manage_home) { nil }
|
|
264
|
-
|
|
265
|
-
it "does not create the home dir without `manage_home'" do
|
|
266
|
-
expect(File).not_to exist(home)
|
|
267
|
-
end
|
|
268
|
-
end
|
|
269
|
-
end
|
|
270
|
-
|
|
271
|
-
context "when a password is specified" do
|
|
272
|
-
# openssl passwd -1 "secretpassword"
|
|
273
|
-
let(:password) do
|
|
274
|
-
case ohai[:platform]
|
|
275
|
-
when "aix"
|
|
276
|
-
"eL5qfEVznSNss"
|
|
277
|
-
else
|
|
278
|
-
"$1$RRa/wMM/$XltKfoX5ffnexVF4dHZZf/"
|
|
279
|
-
end
|
|
280
|
-
end
|
|
281
|
-
|
|
282
|
-
it "sets the user's shadow password" do
|
|
283
|
-
password_should_be_set
|
|
284
|
-
expect(etc_shadow).to include(expected_shadow)
|
|
285
|
-
end
|
|
286
|
-
end
|
|
287
|
-
|
|
288
|
-
context "when a system user is specified", skip: aix? do
|
|
289
|
-
let(:system) { true }
|
|
290
|
-
let(:uid_min) do
|
|
291
|
-
# from `man useradd`, login user means uid will be between
|
|
292
|
-
# UID_SYS_MIN and UID_SYS_MAX defined in /etc/login.defs. On my
|
|
293
|
-
# Ubuntu 13.04 system, these are commented out, so we'll look at
|
|
294
|
-
# UID_MIN to find the lower limit of the non-system-user range, and
|
|
295
|
-
# use that value in our assertions.
|
|
296
|
-
login_defs = File.open("/etc/login.defs", "rb") { |f| f.read }
|
|
297
|
-
uid_min_scan = /^UID_MIN\s+(\d+)/
|
|
298
|
-
login_defs.match(uid_min_scan)[1]
|
|
299
|
-
end
|
|
300
|
-
|
|
301
|
-
it "ensures the user has the properties of a system user" do
|
|
302
|
-
expect(pw_entry.uid.to_i).to be < uid_min.to_i
|
|
303
|
-
end
|
|
304
|
-
end
|
|
305
|
-
end # when the user does not exist beforehand
|
|
306
|
-
|
|
307
|
-
context "when the user already exists" do
|
|
308
|
-
|
|
309
|
-
let(:expect_updated?) { true }
|
|
310
|
-
|
|
311
|
-
let(:existing_uid) { nil }
|
|
312
|
-
let(:existing_home) { nil }
|
|
313
|
-
let(:existing_manage_home) { false }
|
|
314
|
-
let(:existing_password) { nil }
|
|
315
|
-
let(:existing_system) { false }
|
|
316
|
-
let(:existing_comment) { nil }
|
|
317
|
-
|
|
318
|
-
let(:existing_user) do
|
|
319
|
-
r = resource_for_platform("TEST USER RESOURCE", run_context)
|
|
320
|
-
# username is identity attr, must match.
|
|
321
|
-
r.username(username)
|
|
322
|
-
r.uid(existing_uid)
|
|
323
|
-
r.home(existing_home)
|
|
324
|
-
r.comment(existing_comment)
|
|
325
|
-
r.manage_home(existing_manage_home)
|
|
326
|
-
r.password(existing_password)
|
|
327
|
-
r.system(existing_system)
|
|
328
|
-
r
|
|
329
|
-
end
|
|
330
|
-
|
|
331
|
-
before do
|
|
332
|
-
if reason = skip
|
|
333
|
-
skip(reason)
|
|
334
|
-
end
|
|
335
|
-
existing_user.run_action(:create)
|
|
336
|
-
expect(existing_user).to be_updated_by_last_action
|
|
337
|
-
user_resource.run_action(:create)
|
|
338
|
-
expect(user_resource.updated_by_last_action?).to eq(expect_updated?)
|
|
339
|
-
end
|
|
340
|
-
|
|
341
|
-
context "and all properties are in the desired state" do
|
|
342
|
-
let(:uid) { 1999 }
|
|
343
|
-
let(:home) { "/home/bobo" }
|
|
344
|
-
let(:manage_home) { true }
|
|
345
|
-
# openssl passwd -1 "secretpassword"
|
|
346
|
-
let(:password) do
|
|
347
|
-
case ohai[:platform]
|
|
348
|
-
when "aix"
|
|
349
|
-
"eL5qfEVznSNss"
|
|
350
|
-
else
|
|
351
|
-
"$1$RRa/wMM/$XltKfoX5ffnexVF4dHZZf/"
|
|
352
|
-
end
|
|
353
|
-
end
|
|
354
|
-
|
|
355
|
-
let(:system) { false }
|
|
356
|
-
let(:comment) { "hello this is dog" }
|
|
357
|
-
|
|
358
|
-
let(:existing_uid) { uid }
|
|
359
|
-
let(:existing_home) { home }
|
|
360
|
-
let(:existing_manage_home) { manage_home }
|
|
361
|
-
let(:existing_password) { password }
|
|
362
|
-
let(:existing_system) { false }
|
|
363
|
-
let(:existing_comment) { comment }
|
|
364
|
-
|
|
365
|
-
let(:expect_updated?) { false }
|
|
366
|
-
|
|
367
|
-
it "does not update the user" do
|
|
368
|
-
expect(user_resource).not_to be_updated
|
|
369
|
-
end
|
|
370
|
-
end
|
|
371
|
-
|
|
372
|
-
context "and the uid is updated" do
|
|
373
|
-
let(:uid) { 1999 }
|
|
374
|
-
let(:existing_uid) { 1998 }
|
|
375
|
-
|
|
376
|
-
it "ensures the uid is set to the desired value" do
|
|
377
|
-
expect(pw_entry.uid).to eq("1999")
|
|
378
|
-
end
|
|
379
|
-
end
|
|
380
|
-
|
|
381
|
-
context "and the comment is updated" do
|
|
382
|
-
let(:comment) { "hello this is dog" }
|
|
383
|
-
let(:existing_comment) { "woof" }
|
|
384
|
-
|
|
385
|
-
it "ensures the comment field is set to the desired value" do
|
|
386
|
-
expect(pw_entry.gecos).to eq("hello this is dog")
|
|
387
|
-
end
|
|
388
|
-
end
|
|
389
|
-
|
|
390
|
-
context "and home directory is updated" do
|
|
391
|
-
let(:existing_home) { "/home/cheftestfoo" }
|
|
392
|
-
let(:home) { "/home/cheftestbar" }
|
|
393
|
-
it "ensures the home directory is set to the desired value" do
|
|
394
|
-
expect(pw_entry.home).to eq("/home/cheftestbar")
|
|
395
|
-
end
|
|
396
|
-
|
|
397
|
-
context "and manage_home is enabled" do
|
|
398
|
-
let(:existing_manage_home) { true }
|
|
399
|
-
let(:manage_home) { true }
|
|
400
|
-
it "moves the home directory to the new location" do
|
|
401
|
-
expect(File).not_to exist("/home/cheftestfoo")
|
|
402
|
-
expect(File).to exist("/home/cheftestbar")
|
|
403
|
-
end
|
|
404
|
-
end
|
|
405
|
-
|
|
406
|
-
context "and manage_home wasn't enabled but is now" do
|
|
407
|
-
let(:existing_manage_home) { false }
|
|
408
|
-
let(:manage_home) { true }
|
|
409
|
-
|
|
410
|
-
if %w{rhel fedora}.include?(OHAI_SYSTEM["platform_family"])
|
|
411
|
-
# Inconsistent behavior. See: CHEF-2205
|
|
412
|
-
it "created the home dir b/c of CHEF-2205 so it still exists" do
|
|
413
|
-
# This behavior seems contrary to expectation and non-convergent.
|
|
414
|
-
expect(File).not_to exist("/home/cheftestfoo")
|
|
415
|
-
expect(File).to exist("/home/cheftestbar")
|
|
416
|
-
end
|
|
417
|
-
elsif ohai[:platform] == "aix"
|
|
418
|
-
it "creates the home dir in the desired location" do
|
|
419
|
-
expect(File).not_to exist("/home/cheftestfoo")
|
|
420
|
-
expect(File).to exist("/home/cheftestbar")
|
|
421
|
-
end
|
|
422
|
-
else
|
|
423
|
-
it "does not create the home dir in the desired location (XXX)" do
|
|
424
|
-
# This behavior seems contrary to expectation and non-convergent.
|
|
425
|
-
expect(File).not_to exist("/home/cheftestfoo")
|
|
426
|
-
expect(File).not_to exist("/home/cheftestbar")
|
|
427
|
-
end
|
|
428
|
-
end
|
|
429
|
-
end
|
|
430
|
-
|
|
431
|
-
context "and manage_home was enabled but is not now" do
|
|
432
|
-
let(:existing_manage_home) { true }
|
|
433
|
-
let(:manage_home) { false }
|
|
434
|
-
|
|
435
|
-
it "leaves the old home directory around (XXX)" do
|
|
436
|
-
# Would it be better to remove the old home?
|
|
437
|
-
expect(File).to exist("/home/cheftestfoo")
|
|
438
|
-
expect(File).not_to exist("/home/cheftestbar")
|
|
439
|
-
end
|
|
440
|
-
end
|
|
441
|
-
end
|
|
442
|
-
|
|
443
|
-
context "and a password is added" do
|
|
444
|
-
# openssl passwd -1 "secretpassword"
|
|
445
|
-
let(:password) do
|
|
446
|
-
case ohai[:platform]
|
|
447
|
-
when "aix"
|
|
448
|
-
"eL5qfEVznSNss"
|
|
449
|
-
else
|
|
450
|
-
"$1$RRa/wMM/$XltKfoX5ffnexVF4dHZZf/"
|
|
451
|
-
end
|
|
452
|
-
end
|
|
453
|
-
|
|
454
|
-
it "ensures the password is set" do
|
|
455
|
-
password_should_be_set
|
|
456
|
-
expect(etc_shadow).to include(expected_shadow)
|
|
457
|
-
end
|
|
458
|
-
|
|
459
|
-
end
|
|
460
|
-
|
|
461
|
-
context "and the password is updated" do
|
|
462
|
-
# openssl passwd -1 "OLDpassword"
|
|
463
|
-
let(:existing_password) do
|
|
464
|
-
case ohai[:platform]
|
|
465
|
-
when "aix"
|
|
466
|
-
"jkzG6MvUxjk2g"
|
|
467
|
-
else
|
|
468
|
-
"$1$1dVmwm4z$CftsFn8eBDjDRUytYKkXB."
|
|
469
|
-
end
|
|
470
|
-
end
|
|
471
|
-
|
|
472
|
-
# openssl passwd -1 "secretpassword"
|
|
473
|
-
let(:password) do
|
|
474
|
-
case ohai[:platform]
|
|
475
|
-
when "aix"
|
|
476
|
-
"eL5qfEVznSNss"
|
|
477
|
-
else
|
|
478
|
-
"$1$RRa/wMM/$XltKfoX5ffnexVF4dHZZf/"
|
|
479
|
-
end
|
|
480
|
-
end
|
|
481
|
-
|
|
482
|
-
it "ensures the password is set to the desired value" do
|
|
483
|
-
password_should_be_set
|
|
484
|
-
expect(etc_shadow).to include(expected_shadow)
|
|
485
|
-
end
|
|
486
|
-
end
|
|
487
|
-
|
|
488
|
-
context "and the user is changed from not-system to system" do
|
|
489
|
-
let(:existing_system) { false }
|
|
490
|
-
let(:system) { true }
|
|
491
|
-
|
|
492
|
-
let(:expect_updated?) { false }
|
|
493
|
-
|
|
494
|
-
it "does not modify the user at all" do
|
|
495
|
-
end
|
|
496
|
-
end
|
|
497
|
-
|
|
498
|
-
context "and the user is changed from system to not-system" do
|
|
499
|
-
let(:existing_system) { true }
|
|
500
|
-
let(:system) { false }
|
|
501
|
-
|
|
502
|
-
let(:expect_updated?) { false }
|
|
503
|
-
|
|
504
|
-
it "does not modify the user at all" do
|
|
505
|
-
end
|
|
506
|
-
end
|
|
507
|
-
|
|
508
|
-
end # when the user already exists
|
|
509
|
-
end # action :create
|
|
510
|
-
|
|
511
|
-
shared_context "user exists for lock/unlock" do
|
|
512
|
-
let(:user_locked_context?) { false }
|
|
513
|
-
|
|
514
|
-
def shadow_entry
|
|
515
|
-
etc_shadow.lines.find { |l| l.include?(username) }
|
|
516
|
-
end
|
|
517
|
-
|
|
518
|
-
def shadow_password
|
|
519
|
-
shadow_entry.split(":")[1]
|
|
520
|
-
end
|
|
521
|
-
|
|
522
|
-
def aix_user_lock_status
|
|
523
|
-
lock_info = shell_out!("lsuser -a account_locked #{username}")
|
|
524
|
-
/\S+\s+account_locked=(\S+)/.match(lock_info.stdout)[1]
|
|
525
|
-
end
|
|
526
|
-
|
|
527
|
-
def user_account_should_be_locked
|
|
528
|
-
case ohai[:platform]
|
|
529
|
-
when "aix"
|
|
530
|
-
expect(aix_user_lock_status).to eq("true")
|
|
531
|
-
else
|
|
532
|
-
expect(shadow_password).to include("!")
|
|
533
|
-
end
|
|
534
|
-
end
|
|
535
|
-
|
|
536
|
-
def user_account_should_be_unlocked
|
|
537
|
-
case ohai[:platform]
|
|
538
|
-
when "aix"
|
|
539
|
-
expect(aix_user_lock_status).to eq("false")
|
|
540
|
-
else
|
|
541
|
-
expect(shadow_password).not_to include("!")
|
|
542
|
-
end
|
|
543
|
-
end
|
|
544
|
-
|
|
545
|
-
def lock_user_account
|
|
546
|
-
case ohai[:platform]
|
|
547
|
-
when "aix"
|
|
548
|
-
shell_out!("chuser account_locked=true #{username}")
|
|
549
|
-
else
|
|
550
|
-
shell_out!("usermod -L #{username}")
|
|
551
|
-
end
|
|
552
|
-
end
|
|
553
|
-
|
|
554
|
-
before do
|
|
555
|
-
# create user and setup locked/unlocked state
|
|
556
|
-
user_resource.dup.run_action(:create)
|
|
557
|
-
|
|
558
|
-
if user_locked_context?
|
|
559
|
-
lock_user_account
|
|
560
|
-
user_account_should_be_locked
|
|
561
|
-
elsif password
|
|
562
|
-
user_account_should_be_unlocked
|
|
563
|
-
end
|
|
564
|
-
end
|
|
565
|
-
end
|
|
566
|
-
|
|
567
|
-
describe "action :lock" do
|
|
568
|
-
context "when the user does not exist" do
|
|
569
|
-
it "raises a sensible error" do
|
|
570
|
-
expect { user_resource.run_action(:lock) }.to raise_error(Chef::Exceptions::User)
|
|
571
|
-
end
|
|
572
|
-
end
|
|
573
|
-
|
|
574
|
-
context "when the user exists" do
|
|
575
|
-
|
|
576
|
-
include_context "user exists for lock/unlock"
|
|
577
|
-
|
|
578
|
-
before do
|
|
579
|
-
user_resource.run_action(:lock)
|
|
580
|
-
end
|
|
581
|
-
|
|
582
|
-
context "and the user is not locked" do
|
|
583
|
-
# user will be locked if it has no password
|
|
584
|
-
let(:password) do
|
|
585
|
-
case ohai[:platform]
|
|
586
|
-
when "aix"
|
|
587
|
-
"eL5qfEVznSNss"
|
|
588
|
-
else
|
|
589
|
-
"$1$RRa/wMM/$XltKfoX5ffnexVF4dHZZf/"
|
|
590
|
-
end
|
|
591
|
-
end
|
|
592
|
-
|
|
593
|
-
it "locks the user's password" do
|
|
594
|
-
user_account_should_be_locked
|
|
595
|
-
end
|
|
596
|
-
end
|
|
597
|
-
|
|
598
|
-
context "and the user is locked" do
|
|
599
|
-
# user will be locked if it has no password
|
|
600
|
-
let(:password) do
|
|
601
|
-
case ohai[:platform]
|
|
602
|
-
when "aix"
|
|
603
|
-
"eL5qfEVznSNss"
|
|
604
|
-
else
|
|
605
|
-
"$1$RRa/wMM/$XltKfoX5ffnexVF4dHZZf/"
|
|
606
|
-
end
|
|
607
|
-
end
|
|
608
|
-
|
|
609
|
-
let(:user_locked_context?) { true }
|
|
610
|
-
it "does not update the user" do
|
|
611
|
-
expect(user_resource).not_to be_updated_by_last_action
|
|
612
|
-
end
|
|
613
|
-
end
|
|
614
|
-
end
|
|
615
|
-
end # action :lock
|
|
616
|
-
|
|
617
|
-
describe "action :unlock" do
|
|
618
|
-
context "when the user does not exist" do
|
|
619
|
-
it "raises a sensible error" do
|
|
620
|
-
expect { user_resource.run_action(:unlock) }.to raise_error(Chef::Exceptions::User)
|
|
621
|
-
end
|
|
622
|
-
end
|
|
623
|
-
|
|
624
|
-
context "when the user exists" do
|
|
625
|
-
|
|
626
|
-
include_context "user exists for lock/unlock"
|
|
627
|
-
|
|
628
|
-
before do
|
|
629
|
-
begin
|
|
630
|
-
user_resource.run_action(:unlock)
|
|
631
|
-
@error = nil
|
|
632
|
-
rescue Exception => e
|
|
633
|
-
@error = e
|
|
634
|
-
end
|
|
635
|
-
end
|
|
636
|
-
|
|
637
|
-
context "and has no password" do
|
|
638
|
-
|
|
639
|
-
# TODO: platform_family should be setup in spec_helper w/ tags
|
|
640
|
-
if %w{opensuse}.include?(OHAI_SYSTEM["platform_family"]) ||
|
|
641
|
-
(%w{suse}.include?(OHAI_SYSTEM["platform_family"]) &&
|
|
642
|
-
OHAI_SYSTEM["platform_version"].to_f < 12.0)
|
|
643
|
-
# suse 11.x gets this right:
|
|
644
|
-
it "errors out trying to unlock the user" do
|
|
645
|
-
expect(@error).to be_a(Mixlib::ShellOut::ShellCommandFailed)
|
|
646
|
-
expect(@error.message).to include("Cannot unlock the password")
|
|
647
|
-
end
|
|
648
|
-
elsif %w{rhel}.include?(OHAI_SYSTEM["platform_family"]) &&
|
|
649
|
-
(Chef::VersionConstraint.new("~> 6.8").include?(OHAI_SYSTEM["platform_version"].to_f) || Chef::VersionConstraint.new("~> 7.3").include?(OHAI_SYSTEM["platform_version"].to_f))
|
|
650
|
-
# RHEL 6.8 and 7.3 ship with a fixed `usermod` command
|
|
651
|
-
# Reference: https://access.redhat.com/errata/RHBA-2016:0864
|
|
652
|
-
# Reference: https://access.redhat.com/errata/RHBA-2016:2322
|
|
653
|
-
it "errors out trying to unlock the user" do
|
|
654
|
-
expect(@error).to be_a(Mixlib::ShellOut::ShellCommandFailed)
|
|
655
|
-
expect(@error.message).to include("You should set a password")
|
|
656
|
-
end
|
|
657
|
-
else
|
|
658
|
-
|
|
659
|
-
# borked on all other platforms:
|
|
660
|
-
it "is marked as updated but doesn't modify the user (XXX)" do
|
|
661
|
-
# This should be an error instead; note that usermod still exits 0
|
|
662
|
-
# (which is probably why this case silently fails):
|
|
663
|
-
#
|
|
664
|
-
# DEBUG: ---- Begin output of usermod -U chef-functional-test ----
|
|
665
|
-
# DEBUG: STDOUT:
|
|
666
|
-
# DEBUG: STDERR: usermod: unlocking the user's password would result in a passwordless account.
|
|
667
|
-
# You should set a password with usermod -p to unlock this user's password.
|
|
668
|
-
# DEBUG: ---- End output of usermod -U chef-functional-test ----
|
|
669
|
-
# DEBUG: Ran usermod -U chef-functional-test returned 0
|
|
670
|
-
expect(@error).to be_nil
|
|
671
|
-
if ohai[:platform] == "aix"
|
|
672
|
-
expect(pw_entry.passwd).to eq("*")
|
|
673
|
-
user_account_should_be_unlocked
|
|
674
|
-
else
|
|
675
|
-
expect(pw_entry.passwd).to eq("x")
|
|
676
|
-
expect(shadow_password).to include("!")
|
|
677
|
-
end
|
|
678
|
-
end
|
|
679
|
-
end
|
|
680
|
-
end
|
|
681
|
-
|
|
682
|
-
context "and has a password" do
|
|
683
|
-
let(:password) do
|
|
684
|
-
case ohai[:platform]
|
|
685
|
-
when "aix"
|
|
686
|
-
"eL5qfEVznSNss"
|
|
687
|
-
else
|
|
688
|
-
"$1$RRa/wMM/$XltKfoX5ffnexVF4dHZZf/"
|
|
689
|
-
end
|
|
690
|
-
end
|
|
691
|
-
|
|
692
|
-
context "and the user is not locked" do
|
|
693
|
-
it "does not update the user" do
|
|
694
|
-
expect(user_resource).not_to be_updated_by_last_action
|
|
695
|
-
end
|
|
696
|
-
end
|
|
697
|
-
|
|
698
|
-
context "and the user is locked" do
|
|
699
|
-
let(:user_locked_context?) { true }
|
|
700
|
-
|
|
701
|
-
it "unlocks the user's password" do
|
|
702
|
-
user_account_should_be_unlocked
|
|
703
|
-
end
|
|
704
|
-
end
|
|
705
|
-
end
|
|
706
|
-
end
|
|
707
|
-
end # action :unlock
|
|
708
|
-
|
|
709
|
-
end
|