puppet 2.7.1 → 2.7.3

data/spec/integration/network/rest_authconfig_spec.rb

@@ -0,0 +1,145 @@
+require 'spec_helper'
+
+require 'puppet/network/rest_authconfig'
+
+RSpec::Matchers.define :allow do |params|
+
+  match do |auth|
+    begin
+      auth.check_authorization(params[0], params[1], params[2], params[3])
+      true
+    rescue Puppet::Network::AuthorizationError
+      false
+    end
+  end
+
+  failure_message_for_should do |instance|
+    "expected #{params[3][:node]}/#{params[3][:ip]} to be allowed"
+  end
+
+  failure_message_for_should_not do |instance|
+    "expected #{params[3][:node]}/#{params[3][:ip]} to be forbidden"
+  end
+end
+
+describe Puppet::Network::RestAuthConfig do
+  include PuppetSpec::Files
+
+  before(:each) do
+    Puppet[:rest_authconfig] = tmpfile('auth.conf')
+  end
+
+  def add_rule(rule)
+    File.open(Puppet[:rest_authconfig],"w+") do |f|
+      f.print "path /test\n#{rule}\n"
+    end
+    @auth = Puppet::Network::RestAuthConfig.new(Puppet[:rest_authconfig], true)
+  end
+
+  def add_regex_rule(regex, rule)
+    File.open(Puppet[:rest_authconfig],"w+") do |f|
+      f.print "path ~ #{regex}\n#{rule}\n"
+    end
+    @auth = Puppet::Network::RestAuthConfig.new(Puppet[:rest_authconfig], true)
+  end
+
+  def request(args = {})
+    { :ip => '10.1.1.1', :node => 'host.domain.com', :key => 'key', :authenticated => true }.each do |k,v|
+      args[k] ||= v
+    end
+    ['test', :find, args[:key], args]
+  end
+
+  it "should support IPv4 address" do
+    add_rule("allow 10.1.1.1")
+
+    @auth.should allow(request)
+  end
+
+  it "should support CIDR IPv4 address" do
+    add_rule("allow 10.0.0.0/8")
+
+    @auth.should allow(request)
+  end
+
+  it "should support wildcard IPv4 address" do
+    add_rule("allow 10.1.1.*")
+
+    @auth.should allow(request)
+  end
+
+  it "should support IPv6 address" do
+    add_rule("allow 2001:DB8::8:800:200C:417A")
+
+    @auth.should allow(request(:ip => '2001:DB8::8:800:200C:417A'))
+  end
+
+  it "should support hostname" do
+    add_rule("allow host.domain.com")
+
+    @auth.should allow(request)
+  end
+
+  it "should support wildcard host" do
+    add_rule("allow *.domain.com")
+
+    @auth.should allow(request)
+  end
+
+  it "should support hostname backreferences" do
+    add_regex_rule('^/test/([^/]+)$', "allow $1.domain.com")
+
+    @auth.should allow(request(:key => 'host'))
+  end
+
+  it "should support opaque strings" do
+    add_rule("allow this-is-opaque@or-not")
+
+    @auth.should allow(request(:node => 'this-is-opaque@or-not'))
+  end
+
+  it "should support opaque strings and backreferences" do
+    add_regex_rule('^/test/([^/]+)$', "allow $1")
+
+    @auth.should allow(request(:key => 'this-is-opaque@or-not', :node => 'this-is-opaque@or-not'))
+  end
+
+  it "should support hostname ending with '.'" do
+    pending('bug #7589')
+    add_rule("allow host.domain.com.")
+
+    @auth.should allow(request(:node => 'host.domain.com.'))
+  end
+
+  it "should support hostname ending with '.' and backreferences" do
+    pending('bug #7589')
+    add_regex_rule('^/test/([^/]+)$',"allow $1")
+
+    @auth.should allow(request(:node => 'host.domain.com.'))
+  end
+
+  it "should support trailing whitespace" do
+    add_rule('allow host.domain.com    ')
+
+    @auth.should allow(request)
+  end
+
+  it "should support inlined comments" do
+    add_rule('allow host.domain.com # will it work?')
+
+    @auth.should allow(request)
+  end
+
+  it "should deny non-matching host" do
+    add_rule("allow inexistant")
+
+    @auth.should_not allow(request)
+  end
+
+  it "should deny denied hosts" do
+    add_rule("deny host.domain.com")
+
+    @auth.should_not allow(request)
+  end
+
+end

data/spec/integration/node/facts_spec.rb

@@ -7,7 +7,7 @@ require 'spec_helper'
 
 describe Puppet::Node::Facts do
   describe "when using the indirector" do
-    after { Puppet::Util::Cacher.expire }
+    after(:each) { Puppet::Util::Cacher.expire }
 
     it "should expire any cached node instances when it is saved" do
       Puppet::Node::Facts.indirection.stubs(:terminus_class).returns :yaml

data/spec/integration/parser/functions_spec.rb

@@ -3,7 +3,7 @@ require 'spec_helper'
 
 describe Puppet::Parser::Functions do
   before :each do
-    Puppet::Parser::Functions.rmfunction("template") if Puppet::Parser::Functions.function("template")
+    Puppet::Parser::Functions.rmfunction("template") if Puppet::Parser::Functions.functions.include?("template")
   end
 
   it "should support multiple threads autoloading the same function" do

data/spec/integration/parser/parser_spec.rb

@@ -117,5 +117,36 @@ describe Puppet::Parser::Parser do
         $out = $hash['a']['b']['c']
       }.should parse_with { |v| v.value.is_a?(Puppet::Parser::AST::ASTHash) }
     end
+
+    it "should fail if asked to parse '$foo::::bar'" do
+      expect { @parser.parse("$foo::::bar") }.should raise_error(Puppet::ParseError, /Syntax error at ':'/)
+    end
+
+    describe "function calls" do
+      it "should be able to pass an array to a function" do
+        "my_function([1,2,3])".should parse_with { |fun|
+          fun.is_a?(Puppet::Parser::AST::Function) &&
+          fun.arguments[0].evaluate(stub 'scope') == ['1','2','3']
+        }
+      end
+
+      it "should be able to pass a hash to a function" do
+        "my_function({foo => bar})".should parse_with { |fun|
+          fun.is_a?(Puppet::Parser::AST::Function) &&
+          fun.arguments[0].evaluate(stub 'scope') == {'foo' => 'bar'}
+        }
+      end
+    end
+
+    describe "collections" do
+      it "should find resources according to an expression" do
+        %q{
+          File <| mode == 0700 + 0050 + 0050 |>
+        }.should parse_with { |coll|
+          coll.is_a?(Puppet::Parser::AST::Collection) &&
+            coll.query.evaluate(stub 'scope').first == "param_values.value = '528' and param_names.name = 'mode'"
+        }
+      end
+    end
   end
 end

data/spec/integration/provider/ssh_authorized_key_spec.rb

@@ -0,0 +1,207 @@
+#!/usr/bin/env ruby
+
+require 'spec_helper'
+require 'puppet/file_bucket/dipper'
+
+describe "ssh_authorized_key provider (integration)" do
+  include PuppetSpec::Files
+
+  before :each do
+    @fake_userfile = tmpfile('authorized_keys.user')
+    @fake_rootfile = tmpfile('authorized_keys.root')
+
+    # few testkeys generated with ssh-keygen
+    @sample_rsa_keys = [
+      'AAAAB3NzaC1yc2EAAAADAQABAAAAgQCi18JBZOq10X3w4f67nVhO0O3s5Y1vHH4UgMSM3ZnQwbC5hjGyYSi9UULOoQQoQynI/a0I9NL423/Xk/XJVIKCHcS8q6V2Wmjd+fLNelOjxxoW6mbIytEt9rDvwgq3Mof3/m21L3t2byvegR00a+ikKbmInPmKwjeWZpexCIsHzQ==', # 1024 bit
+      'AAAAB3NzaC1yc2EAAAADAQABAAAAgQDLClyvi3CsJw5Id6khZs2/+s11qOH4Gdp6iDioDsrIp0m8kSiPr71VGyQYAfPzzvHemHS7Xg0NkG1Kc8u9tRqBQfTvz7ubq0AT/g01+4P2hQ/soFkuwlUG/HVnnaYb6N0Qp5SHWvD5vBE2nFFQVpP5GrSctPtHSjzJq/i+6LYhmQ==', # 1024 bit
+      'AAAAB3NzaC1yc2EAAAADAQABAAABAQDLygAO6txXkh9FNV8xSsBkATeqLbHzS7sFjGI3gt0Dx6q3LjyKwbhQ1RLf28kd5G6VWiXmClU/RtiPdUz8nrGuun++2mrxzrXrvpR9dq1lygLQ2wn2cI35dN5bjRMtXy3decs6HUhFo9MoNwX250rUWfdCyNPhGIp6OOfmjdy+UeLGNxq9wDx6i4bT5tVVSqVRtsEfw9+ICXchzl85QudjneVVpP+thriPZXfXA5eaGwAo/dmoKOIhUwF96gpdLqzNtrGQuxPbV80PTbGv9ZtAtTictxaDz8muXO7he9pXmchUpxUKtMFjHkL0FAZ9tRPmv3RA30sEr2fZ8+LKvnE50w0' #2048 Bit
+    ]
+    @sample_dsa_keys = [
+      'AAAAB3NzaC1kc3MAAACBAOPck2O8MIDSqxPSnvENt6tzRrKJ5oOhB6Nc6oEcWm+VEH1gvuxdiRqwoMgRwyEf1yUd+UAcLw3a6Jn+EtFyEBN/5WF+4Tt4xTxZ0Pfik2Wc5uqHbQ2dkmOoXiAOYPiD3JUQ1Xwm/J0CgetjitoLfzAGdCNhMqguqAuHcVJ78ZZbAAAAFQCIBKFYZ+I18I+dtgteirXh+VVEEwAAAIEAs1yvQ/wnLLrRCM660pF4kBiw3D6dJfMdCXWQpn0hZmkBQSIzZv4Wuk3giei5luxscDxNc+y3CTXtnyG4Kt1Yi2sOdvhRI3rX8tD+ejn8GHazM05l5VIo9uu4AQPIE32iV63IqgApSBbJ6vDJW91oDH0J492WdLCar4BS/KE3cRwAAACBAN0uSDyJqYLRsfYcFn4HyVf6TJxQm1IcwEt6GcJVzgjri9VtW7FqY5iBqa9B9Zdh5XXAYJ0XLsWQCcrmMHM2XGHGpA4gL9VlCJ/0QvOcXxD2uK7IXwAVUA7g4V4bw8EVnFv2Flufozhsp+4soo1xiYc5jiFVHwVlk21sMhAtKAeF' # 1024 Bit
+    ]
+
+    @sample_lines = [
+      "ssh-rsa #{@sample_rsa_keys[1]} root@someotherhost",
+      "ssh-dss #{@sample_dsa_keys[0]} root@anywhere",
+      "ssh-rsa #{@sample_rsa_keys[2]} paul"
+    ]
+
+  end
+
+  after :each do
+    Puppet::Type::Ssh_authorized_key::ProviderParsed.clear # Work around bug #6628
+  end
+
+  def create_fake_key(username, content)
+    filename = (username == :root ? @fake_rootfile : @fake_userfile )
+    File.open(filename, 'w') do |f|
+      content.each do |line|
+        f.puts line
+      end
+    end
+  end
+
+  def check_fake_key(username, expected_content)
+    filename = (username == :root ? @fake_rootfile : @fake_userfile )
+    content = File.readlines(filename).map(&:chomp).sort.reject{ |x| x =~ /^#|^$/ }
+    content.join("\n").should == expected_content.sort.join("\n")
+  end
+
+  def run_in_catalog(*resources)
+    Puppet::FileBucket::Dipper.any_instance.stubs(:backup) # Don't backup to the filebucket
+    catalog = Puppet::Resource::Catalog.new
+    catalog.host_config = false
+    resources.each do |resource|
+      resource.expects(:err).never
+      catalog.add_resource(resource)
+    end
+    catalog.apply
+  end
+
+  describe "when managing one resource" do
+
+    before :each do
+      # We are not running as root so chown/chmod is not possible
+      File.stubs(:chown)
+      File.stubs(:chmod)
+      Puppet::Util::SUIDManager.stubs(:asuser).yields
+    end
+
+    describe "with ensure set to absent" do
+
+      before :each do
+        @example = Puppet::Type.type(:ssh_authorized_key).new(
+          :name     => 'root@hostname',
+          :type     => :rsa,
+          :key      => @sample_rsa_keys[0],
+          :target   => @fake_rootfile,
+          :user     => 'root',
+          :ensure   => :absent
+        )
+      end
+
+      it "should not modify root's keyfile if resource is currently not present" do
+        create_fake_key(:root, @sample_lines)
+        run_in_catalog(@example)
+        check_fake_key(:root, @sample_lines)
+      end
+
+      it "remove the key from root's keyfile if resource is currently present" do
+        create_fake_key(:root, @sample_lines + ["ssh-rsa #{@sample_rsa_keys[0]} root@hostname"])
+        run_in_catalog(@example)
+        check_fake_key(:root, @sample_lines)
+      end
+
+    end
+
+    describe "when ensure is present" do
+
+      before :each do
+        @example = Puppet::Type.type(:ssh_authorized_key).new(
+          :name     => 'root@hostname',
+          :type     => :rsa,
+          :key      => @sample_rsa_keys[0],
+          :target   => @fake_rootfile,
+          :user     => 'root',
+          :ensure   => :present
+        )
+
+        # just a dummy so the parsedfile provider is aware
+        # of the user's authorized_keys file
+        @dummy = Puppet::Type.type(:ssh_authorized_key).new(
+          :name   => 'dummy',
+          :target => @fake_userfile,
+          :user   => 'nobody',
+          :ensure => :absent
+        )
+      end
+
+      it "should add the key if it is not present" do
+        create_fake_key(:root, @sample_lines)
+        run_in_catalog(@example)
+        check_fake_key(:root, @sample_lines + ["ssh-rsa #{@sample_rsa_keys[0]} root@hostname" ])
+      end
+
+      it "should modify the type if type is out of sync" do
+        create_fake_key(:root,@sample_lines + [ "ssh-dss #{@sample_rsa_keys[0]} root@hostname" ])
+        run_in_catalog(@example)
+        check_fake_key(:root, @sample_lines + [ "ssh-rsa #{@sample_rsa_keys[0]} root@hostname" ])
+      end
+
+      it "should modify the key if key is out of sync" do
+        create_fake_key(:root,@sample_lines + [ "ssh-rsa #{@sample_rsa_keys[1]} root@hostname" ])
+        run_in_catalog(@example)
+        check_fake_key(:root, @sample_lines + [ "ssh-rsa #{@sample_rsa_keys[0]} root@hostname" ])
+      end
+
+      it "should remove the key from old file if target is out of sync" do
+        create_fake_key(:user, [ @sample_lines[0], "ssh-rsa #{@sample_rsa_keys[0]} root@hostname" ])
+        create_fake_key(:root, [ @sample_lines[1], @sample_lines[2] ])
+        run_in_catalog(@example, @dummy)
+        check_fake_key(:user, [ @sample_lines[0] ])
+        #check_fake_key(:root, [ @sample_lines[1], @sample_lines[2], "ssh-rsa #{@sample_rsa_keys[0]} root@hostname" ])
+      end
+
+      it "should add the key to new file if target is out of sync" do
+        create_fake_key(:user, [ @sample_lines[0], "ssh-rsa #{@sample_rsa_keys[0]} root@hostname" ])
+        create_fake_key(:root, [ @sample_lines[1], @sample_lines[2] ])
+        run_in_catalog(@example, @dummy)
+        #check_fake_key(:user, [ @sample_lines[0] ])
+        check_fake_key(:root, [ @sample_lines[1], @sample_lines[2], "ssh-rsa #{@sample_rsa_keys[0]} root@hostname" ])
+      end
+
+      it "should modify options if options are out of sync" do
+        @example[:options]=[ 'from="correct.domain.com"', 'no-port-forwarding', 'no-pty' ]
+        create_fake_key(:root, @sample_lines + [ "from=\"incorrect.domain.com\",no-port-forwarding,no-pty ssh-rsa #{@sample_rsa_keys[0]} root@hostname"])
+        run_in_catalog(@example)
+        check_fake_key(:root, @sample_lines + [ "from=\"correct.domain.com\",no-port-forwarding,no-pty ssh-rsa #{@sample_rsa_keys[0]} root@hostname"] )
+      end
+
+    end
+
+  end
+
+  describe "when managing two resource" do
+
+      before :each do
+        # We are not running as root so chown/chmod is not possible
+        File.stubs(:chown)
+        File.stubs(:chmod)
+        Puppet::Util::SUIDManager.stubs(:asuser).yields
+        @example_one = Puppet::Type.type(:ssh_authorized_key).new(
+          :name     => 'root@hostname',
+          :type     => :rsa,
+          :key      => @sample_rsa_keys[0],
+          :target   => @fake_rootfile,
+          :user     => 'root',
+          :ensure   => :present
+        )
+
+        @example_two = Puppet::Type.type(:ssh_authorized_key).new(
+          :name   => 'user@hostname',
+          :key    => @sample_rsa_keys[1],
+          :type   => :rsa,
+          :target => @fake_userfile,
+          :user   => 'nobody',
+          :ensure => :present
+        )
+      end
+
+    describe "and both keys are absent" do
+
+      before :each do
+        create_fake_key(:root, @sample_lines)
+        create_fake_key(:user, @sample_lines)
+      end
+
+      it "should add both keys" do
+        run_in_catalog(@example_one, @example_two)
+        check_fake_key(:root, @sample_lines + [ "ssh-rsa #{@sample_rsa_keys[0]} root@hostname" ])
+        check_fake_key(:user, @sample_lines + [ "ssh-rsa #{@sample_rsa_keys[1]} user@hostname" ])
+      end
+
+    end
+
+  end
+
+end

data/spec/integration/type_spec.rb

@@ -18,4 +18,15 @@ describe Puppet::Type do
 
     type.provider(:myprovider).should equal(provider)
   end
+
+  it "should not lose its provider parameter when it is reloaded" do
+    type = Puppet::Type.newtype(:reload_test_type)
+
+    provider = type.provide(:test_provider)
+
+    # reload it
+    type = Puppet::Type.newtype(:reload_test_type)
+
+    type.parameters.should include(:provider)
+  end
 end

data/spec/lib/puppet/face/1.0.0/huzzah.rb

@@ -0,0 +1,8 @@
+require 'puppet/face'
+Puppet::Face.define(:huzzah, '1.0.0') do
+  copyright "Puppet Labs", 2011
+  license   "Apache 2 license; see COPYING"
+  summary "life is a thing for celebration"
+  script :obsolete_in_core do |_| "you are in obsolete core now!" end
+  script :call_newer do |_| method_on_newer end
+end

data/spec/lib/puppet/face/huzzah.rb

@@ -4,4 +4,5 @@ Puppet::Face.define(:huzzah, '2.0.1') do
   license   "Apache 2 license; see COPYING"
   summary "life is a thing for celebration"
   script :bar do |options| "is where beer comes from" end
+  script :call_older do |_| method_on_older end
 end

data/spec/lib/puppet/face/huzzah/obsolete.rb

@@ -0,0 +1,6 @@
+Puppet::Face.define(:huzzah, '1.0.0') do
+  action :obsolete do
+    summary "This is an action on version 1.0.0 of the face"
+    when_invoked do |options| options end
+  end
+end