puppet 2.7.5 → 2.7.6

data/spec/unit/provider/file/windows_spec.rb

@@ -0,0 +1,136 @@
+#!/usr/bin/env rspec
+
+require 'spec_helper'
+if Puppet.features.microsoft_windows?
+  require 'puppet/util/windows'
+  class WindowsSecurity
+    extend Puppet::Util::Windows::Security
+  end
+end
+
+describe Puppet::Type.type(:file).provider(:windows), :if => Puppet.features.microsoft_windows? do
+  include PuppetSpec::Files
+
+  let(:path) { tmpfile('windows_file_spec') }
+  let(:resource) { Puppet::Type.type(:file).new :path => path, :mode => 0777, :provider => described_class.name }
+  let(:provider) { resource.provider }
+
+  describe "#mode" do
+    it "should return a string with the higher-order bits stripped away" do
+      FileUtils.touch(path)
+      WindowsSecurity.set_mode(0644, path)
+
+      provider.mode.should == '644'
+    end
+
+    it "should return absent if the file doesn't exist" do
+      provider.mode.should == :absent
+    end
+  end
+
+  describe "#mode=" do
+    it "should chmod the file to the specified value" do
+      FileUtils.touch(path)
+      WindowsSecurity.set_mode(0644, path)
+
+      provider.mode = '0755'
+
+      provider.mode.should == '755'
+    end
+
+    it "should pass along any errors encountered" do
+      expect do
+        provider.mode = '644'
+      end.to raise_error(Puppet::Error, /failed to set mode/)
+    end
+  end
+
+  describe "#id2name" do
+    it "should return the name of the user identified by the sid" do
+      result = [stub('user', :name => 'quinn')]
+      Puppet::Util::ADSI.stubs(:execquery).returns(result)
+
+      provider.id2name('S-1-1-50').should == 'quinn'
+    end
+
+    it "should return the argument if it's already a name" do
+      provider.id2name('flannigan').should == 'flannigan'
+    end
+
+    it "should return nil if the user doesn't exist" do
+      Puppet::Util::ADSI.stubs(:execquery).returns []
+
+      provider.id2name('S-1-1-50').should == nil
+    end
+  end
+
+  describe "#name2id" do
+    it "should return the sid of the user" do
+      Puppet::Util::ADSI.stubs(:execquery).returns [stub('account', :Sid => 'S-1-1-50')]
+
+      provider.name2id('anybody').should == 'S-1-1-50'
+    end
+
+    it "should return the argument if it's already a sid" do
+      provider.name2id('S-1-1-50').should == 'S-1-1-50'
+    end
+
+    it "should return nil if the user doesn't exist" do
+      Puppet::Util::ADSI.stubs(:execquery).returns []
+
+      provider.name2id('someone').should == nil
+    end
+  end
+
+  describe "#owner" do
+    it "should return the sid of the owner if the file does exist" do
+      FileUtils.touch(resource[:path])
+      provider.stubs(:get_owner).with(resource[:path]).returns('S-1-1-50')
+
+      provider.owner.should == 'S-1-1-50'
+    end
+
+    it "should return absent if the file doesn't exist" do
+      provider.owner.should == :absent
+    end
+  end
+
+  describe "#owner=" do
+    it "should set the owner to the specified value" do
+      provider.expects(:set_owner).with('S-1-1-50', resource[:path])
+      provider.owner = 'S-1-1-50'
+    end
+
+    it "should propagate any errors encountered when setting the owner" do
+      provider.stubs(:set_owner).raises(ArgumentError)
+
+      expect { provider.owner = 'S-1-1-50' }.to raise_error(Puppet::Error, /Failed to set owner/)
+    end
+  end
+
+  describe "#group" do
+    it "should return the sid of the group if the file does exist" do
+      FileUtils.touch(resource[:path])
+      provider.stubs(:get_group).with(resource[:path]).returns('S-1-1-50')
+
+      provider.group.should == 'S-1-1-50'
+    end
+
+    it "should return absent if the file doesn't exist" do
+      provider.group.should == :absent
+    end
+  end
+
+  describe "#group=" do
+    it "should set the group to the specified value" do
+      provider.expects(:set_group).with('S-1-1-50', resource[:path])
+      provider.group = 'S-1-1-50'
+    end
+
+    it "should propagate any errors encountered when setting the group" do
+      provider.stubs(:set_group).raises(ArgumentError)
+
+      expect { provider.group = 'S-1-1-50' }.to raise_error(Puppet::Error, /Failed to set group/)
+    end
+  end
+end

data/spec/unit/provider/group/windows_adsi_spec.rb

@@ -72,8 +72,13 @@ describe Puppet::Type.type(:group).provider(:windows_adsi) do
     provider.delete
   end
 
-  it "should warn when trying to manage the gid property" do
-    provider.expects(:warning).with { |msg| msg =~ /No support for managing property gid/ }
+  it "should report the group's SID as gid" do
+    Puppet::Util::ADSI.expects(:sid_for_account).with('testers').returns('S-1-5-32-547')
+    provider.gid.should == 'S-1-5-32-547'
+  end
+
+  it "should fail when trying to manage the gid property" do
+    provider.expects(:fail).with { |msg| msg =~ /gid is read-only/ }
     provider.send(:gid=, 500)
   end
 end

data/spec/unit/provider/user/windows_adsi_spec.rb

@@ -79,6 +79,28 @@ describe Puppet::Type.type(:user).provider(:windows_adsi) do
 
       provider.create
     end
+
+    it "should set a user's password" do
+      provider.user.expects(:password=).with('plaintextbad')
+
+      provider.password = "plaintextbad"
+    end
+
+    it "should test a valid user password" do
+      resource[:password] = 'plaintext'
+      provider.user.expects(:password_is?).with('plaintext').returns true
+
+      provider.password.should == 'plaintext'
+
+    end
+
+    it "should test a bad user password" do
+      resource[:password] = 'plaintext'
+      provider.user.expects(:password_is?).with('plaintext').returns false
+
+      provider.password.should == :absent
+    end
+
   end
 
   it 'should be able to test whether a user exists' do
@@ -101,9 +123,20 @@ describe Puppet::Type.type(:user).provider(:windows_adsi) do
     provider.flush
   end
 
-  [:uid, :gid, :shell].each do |prop|
-    it "should warn when trying to manage the #{prop} property" do
-      provider.expects(:warning).with { |msg| msg =~ /No support for managing property #{prop}/ }
+  it "should return the user's SID as uid" do
+    Puppet::Util::ADSI.expects(:sid_for_account).with('testuser').returns('S-1-5-21-1362942247-2130103807-3279964888-1111')
+
+    provider.uid.should == 'S-1-5-21-1362942247-2130103807-3279964888-1111'
+  end
+
+  it "should fail when trying to manage the uid property" do
+    provider.expects(:fail).with { |msg| msg =~ /uid is read-only/ }
+    provider.send(:uid=, 500)
+  end
+
+  [:gid, :shell].each do |prop|
+    it "should fail when trying to manage the #{prop} property" do
+      provider.expects(:fail).with { |msg| msg =~ /No support for managing property #{prop}/ }
       provider.send("#{prop}=", 'foo')
     end
   end

data/spec/unit/resource/catalog_spec.rb

@@ -10,35 +10,45 @@ describe Puppet::Resource::Catalog, "when compiling" do
     Puppet::Util::Storage.stubs(:store)
   end
 
-  it "should write its resources' types, namevars" do
+  # audit only resources are unmanaged
+  # as are resources without properties with should values
+  it "should write its managed resources' types, namevars" do
     catalog = Puppet::Resource::Catalog.new("host")
 
     resourcefile = tmpfile('resourcefile')
     Puppet[:resourcefile] = resourcefile
 
-    res = Puppet::Type.type('file').new(:title => '/tmp/sam')
+    res = Puppet::Type.type('file').new(:title => File.expand_path('/tmp/sam'), :ensure => 'present')
     res.file = 'site.pp'
     res.line = 21
 
-    res2 = Puppet::Type.type('exec').new(:title => 'bob', :command => '/bin/rm -rf /')
-    res2.file = '/modules/bob/manifests/bob.pp'
+    res2 = Puppet::Type.type('exec').new(:title => 'bob', :command => "#{File.expand_path('/bin/rm')} -rf /")
+    res2.file = File.expand_path('/modules/bob/manifests/bob.pp')
     res2.line = 42
 
+    res3 = Puppet::Type.type('file').new(:title => File.expand_path('/tmp/susan'), :audit => 'all')
+    res3.file = 'site.pp'
+    res3.line = 63
+
+    res4 = Puppet::Type.type('file').new(:title => File.expand_path('/tmp/lilly'))
+    res4.file = 'site.pp'
+    res4.line = 84
+
     comp_res = Puppet::Type.type('component').new(:title => 'Class[Main]')
 
-    catalog.add_resource(res, res2, comp_res)
+    catalog.add_resource(res, res2, res3, res4, comp_res)
     catalog.write_resource_file
-    File.open(resourcefile).readlines.map(&:chomp).should =~ [
-      "file[/tmp/sam]",
-      "exec[/bin/rm -rf /]"
+    File.readlines(resourcefile).map(&:chomp).should =~ [
+      "file[#{File.expand_path('/tmp/sam')}]",
+      "exec[#{File.expand_path('/bin/rm')} -rf /]"
     ]
   end
 
   it "should log an error if unable to write to the resource file" do
     catalog = Puppet::Resource::Catalog.new("host")
-    Puppet[:resourcefile] = '/not/writable/file'
+    Puppet[:resourcefile] = File.expand_path('/not/writable/file')
 
-    catalog.add_resource(Puppet::Type.type('file').new(:title => '/tmp/foo'))
+    catalog.add_resource(Puppet::Type.type('file').new(:title => File.expand_path('/tmp/foo')))
     catalog.write_resource_file
     @logs.size.should == 1
     @logs.first.message.should =~ /Could not create resource file/

data/spec/unit/resource_spec.rb

@@ -501,10 +501,6 @@ type: File
     end
   end
 
-  it "should be able to convert itself to Puppet code" do
-    Puppet::Resource.new("one::two", "/my/file").should respond_to(:to_manifest)
-  end
-
   describe "when converting to puppet code" do
     before do
       @resource = Puppet::Resource.new("one::two", "/my/file",
@@ -527,10 +523,6 @@ type: File
     end
   end
 
-  it "should be able to convert itself to a TransObject instance" do
-    Puppet::Resource.new("one::two", "/my/file").should respond_to(:to_trans)
-  end
-
   describe "when converting to a TransObject" do
     describe "and the resource is not an instance of a builtin type" do
       before do
@@ -808,4 +800,59 @@ type: File
       res.uniqueness_key.should == [ nil, 'root', '/my/file']
     end
   end
+
+  describe "#prune_parameters" do
+    before do
+      Puppet.newtype('blond') do
+        newproperty(:ensure)
+        newproperty(:height)
+        newproperty(:weight)
+        newproperty(:sign)
+        newproperty(:friends)
+        newparam(:admits_to_dying_hair)
+        newparam(:admits_to_age)
+        newparam(:name)
+      end
+    end
+
+    it "should strip all parameters and strip properties that are nil, empty or absent except for ensure" do
+      resource = Puppet::Resource.new("blond", "Bambi", :parameters => {
+        :ensure               => 'absent',
+        :height               => '',
+        :weight               => 'absent',
+        :friends              => [],
+        :admits_to_age        => true,
+        :admits_to_dying_hair => false
+      })
+
+      pruned_resource = resource.prune_parameters
+      pruned_resource.should == Puppet::Resource.new("blond", "Bambi", :parameters => {:ensure => 'absent'})
+    end
+
+    it "should leave parameters alone if in parameters_to_include" do
+      resource = Puppet::Resource.new("blond", "Bambi", :parameters => {
+        :admits_to_age        => true,
+        :admits_to_dying_hair => false
+      })
+
+      pruned_resource = resource.prune_parameters(:parameters_to_include => [:admits_to_dying_hair])
+      pruned_resource.should == Puppet::Resource.new("blond", "Bambi", :parameters => {:admits_to_dying_hair => false})
+    end
+
+    it "should leave properties if not nil, absent or empty" do
+      resource = Puppet::Resource.new("blond", "Bambi", :parameters => {
+        :ensure          => 'silly',
+        :height          => '7 ft 5 in',
+        :friends         => ['Oprah'],
+      })
+
+      pruned_resource = resource.prune_parameters
+      pruned_resource.should ==
+      resource = Puppet::Resource.new("blond", "Bambi", :parameters => {
+        :ensure          => 'silly',
+        :height          => '7 ft 5 in',
+        :friends         => ['Oprah'],
+      })
+    end
+  end
 end

data/spec/unit/ssl/certificate_authority/interface_spec.rb

@@ -31,13 +31,13 @@ describe Puppet::SSL::CertificateAuthority::Interface do
   end
   describe "when initializing" do
     it "should set its method using its settor" do
-      @class.any_instance.expects(:method=).with(:generate)
-      @class.new(:generate, :to => :all)
+      instance = @class.new(:generate, :to => :all)
+      instance.method.should == :generate
     end
 
     it "should set its subjects using the settor" do
-      @class.any_instance.expects(:subjects=).with(:all)
-      @class.new(:generate, :to => :all)
+      instance = @class.new(:generate, :to => :all)
+      instance.subjects.should == :all
     end
 
     it "should set the digest if given" do
@@ -53,23 +53,27 @@ describe Puppet::SSL::CertificateAuthority::Interface do
 
   describe "when setting the method" do
     it "should set the method" do
-      @class.new(:generate, :to => :all).method.should == :generate
+      instance = @class.new(:generate, :to => :all)
+      instance.method = :list
+
+      instance.method.should == :list
     end
 
     it "should fail if the method isn't a member of the INTERFACE_METHODS array" do
-      Puppet::SSL::CertificateAuthority::Interface::INTERFACE_METHODS.expects(:include?).with(:thing).returns false
-
-      lambda { @class.new(:thing, :to => :all) }.should raise_error(ArgumentError)
+      lambda { @class.new(:thing, :to => :all) }.should raise_error(ArgumentError, /Invalid method thing to apply/)
     end
   end
 
   describe "when setting the subjects" do
     it "should set the subjects" do
-      @class.new(:generate, :to => :all).subjects.should == :all
+      instance = @class.new(:generate, :to => :all)
+      instance.subjects = :signed
+
+      instance.subjects.should == :signed
     end
 
-    it "should fail if the subjects setting isn't :all or an array", :'fails_on_ruby_1.9.2' => true do
-      lambda { @class.new(:generate, "other") }.should raise_error(ArgumentError)
+    it "should fail if the subjects setting isn't :all or an array" do
+      lambda { @class.new(:generate, :to => "other") }.should raise_error(ArgumentError, /Subjects must be an array or :all; not other/)
     end
   end
 
@@ -117,8 +121,8 @@ describe Puppet::SSL::CertificateAuthority::Interface do
       it "should call :generate on the CA for each host specified" do
         @applier = @class.new(:generate, :to => %w{host1 host2})
 
-        @ca.expects(:generate).with("host1")
-        @ca.expects(:generate).with("host2")
+        @ca.expects(:generate).with("host1", {})
+        @ca.expects(:generate).with("host2", {})
 
         @applier.apply(@ca)
       end
@@ -149,15 +153,24 @@ describe Puppet::SSL::CertificateAuthority::Interface do
 
     describe ":sign" do
       describe "and an array of names was provided" do
-        before do
-          @applier = @class.new(:sign, :to => %w{host1 host2})
-        end
+        let(:applier) { @class.new(:sign, @options.merge(:to => %w{host1 host2})) }
 
         it "should sign the specified waiting certificate requests" do
-          @ca.expects(:sign).with("host1")
-          @ca.expects(:sign).with("host2")
+          @options = {:allow_dns_alt_names => false}
 
-          @applier.apply(@ca)
+          @ca.expects(:sign).with("host1", false)
+          @ca.expects(:sign).with("host2", false)
+
+          applier.apply(@ca)
+        end
+
+        it "should sign the certificate requests with alt names if specified" do
+          @options = {:allow_dns_alt_names => true}
+
+          @ca.expects(:sign).with("host1", true)
+          @ca.expects(:sign).with("host2", true)
+
+          applier.apply(@ca)
         end
       end
 
@@ -165,8 +178,8 @@ describe Puppet::SSL::CertificateAuthority::Interface do
         it "should sign all waiting certificate requests" do
           @ca.stubs(:waiting?).returns(%w{cert1 cert2})
 
-          @ca.expects(:sign).with("cert1")
-          @ca.expects(:sign).with("cert2")
+          @ca.expects(:sign).with("cert1", nil)
+          @ca.expects(:sign).with("cert2", nil)
 
           @applier = @class.new(:sign, :to => :all)
           @applier.apply(@ca)
@@ -182,63 +195,93 @@ describe Puppet::SSL::CertificateAuthority::Interface do
     end
 
     describe ":list" do
-      describe "and an empty array was provided" do
-        it "should print a string containing all certificate requests" do
-          @ca.expects(:waiting?).returns %w{host1 host2}
-          @ca.stubs(:verify)
+      before :each do
+        @cert = Puppet::SSL::Certificate.new 'foo'
+        @csr = Puppet::SSL::CertificateRequest.new 'bar'
 
-          @applier = @class.new(:list, :to => [])
+        @cert.stubs(:subject_alt_names).returns []
+        @csr.stubs(:subject_alt_names).returns []
 
-          @applier.expects(:puts).with "host1\nhost2"
+        Puppet::SSL::Certificate.indirection.stubs(:find).returns @cert
+        Puppet::SSL::CertificateRequest.indirection.stubs(:find).returns @csr
 
-          @applier.apply(@ca)
+        @ca.expects(:waiting?).returns %w{host1 host2 host3}
+        @ca.expects(:list).returns %w{host4 host5 host6}
+        @ca.stubs(:fingerprint).returns "fingerprint"
+        @ca.stubs(:verify)
+      end
+
+      describe "and an empty array was provided" do
+        it "should print all certificate requests" do
+          applier = @class.new(:list, :to => [])
+
+          applier.expects(:puts).with(<<-OUTPUT.chomp)
+  host1 (fingerprint)
+  host2 (fingerprint)
+  host3 (fingerprint)
+          OUTPUT
+
+          applier.apply(@ca)
         end
       end
 
       describe "and :all was provided" do
         it "should print a string containing all certificate requests and certificates" do
-          @ca.expects(:waiting?).returns %w{host1 host2}
-          @ca.expects(:list).returns %w{host3 host4}
-          @ca.stubs(:verify)
-          @ca.stubs(:fingerprint).returns "fingerprint"
-          @ca.expects(:verify).with("host3").raises(Puppet::SSL::CertificateAuthority::CertificateVerificationError.new(23), "certificate revoked")
+          @ca.stubs(:verify).with("host4").raises(Puppet::SSL::CertificateAuthority::CertificateVerificationError.new(23), "certificate revoked")
 
-          @applier = @class.new(:list, :to => :all)
+          applier = @class.new(:list, :to => :all)
 
-          @applier.expects(:puts).with "host1 (fingerprint)"
-          @applier.expects(:puts).with "host2 (fingerprint)"
-          @applier.expects(:puts).with "- host3 (fingerprint) (certificate revoked)"
-          @applier.expects(:puts).with "+ host4 (fingerprint)"
+          applier.expects(:puts).with(<<-OUTPUT.chomp)
+  host1 (fingerprint)
+  host2 (fingerprint)
+  host3 (fingerprint)
++ host5 (fingerprint)
++ host6 (fingerprint)
+- host4 (fingerprint) (certificate revoked)
+          OUTPUT
 
-          @applier.apply(@ca)
+          applier.apply(@ca)
         end
       end
 
       describe "and :signed was provided" do
         it "should print a string containing all signed certificate requests and certificates" do
-          @ca.expects(:list).returns %w{host1 host2}
+          applier = @class.new(:list, :to => :signed)
 
-          @applier = @class.new(:list, :to => :signed)
+          applier.expects(:puts).with(<<-OUTPUT.chomp)
++ host4 (fingerprint)
++ host5 (fingerprint)
++ host6 (fingerprint)
+          OUTPUT
 
-          @applier.apply(@ca)
+          applier.apply(@ca)
+        end
+
+        it "should include subject alt names if they are on the certificate request" do
+          @csr.stubs(:subject_alt_names).returns ["DNS:foo", "DNS:bar"]
+
+          applier = @class.new(:list, :to => ['host1'])
+
+          applier.expects(:puts).with(<<-OUTPUT.chomp)
+  host1 (fingerprint) (alt names: DNS:foo, DNS:bar)
+          OUTPUT
+
+          applier.apply(@ca)
         end
       end
 
       describe "and an array of names was provided" do
-        it "should print a string of all named hosts that have a waiting request" do
-          @ca.expects(:waiting?).returns %w{host1 host2}
-          @ca.expects(:list).returns %w{host3 host4}
-          @ca.stubs(:fingerprint).returns "fingerprint"
-          @ca.stubs(:verify)
-
-          @applier = @class.new(:list, :to => %w{host1 host2 host3 host4})
+        it "should print all named hosts" do
+          applier = @class.new(:list, :to => %w{host1 host2 host4 host5})
 
-          @applier.expects(:puts).with "host1 (fingerprint)"
-          @applier.expects(:puts).with "host2 (fingerprint)"
-          @applier.expects(:puts).with "+ host3 (fingerprint)"
-          @applier.expects(:puts).with "+ host4 (fingerprint)"
+          applier.expects(:puts).with(<<-OUTPUT.chomp)
+  host1 (fingerprint)
+  host2 (fingerprint)
++ host4 (fingerprint)
++ host5 (fingerprint)
+            OUTPUT
 
-          @applier.apply(@ca)
+          applier.apply(@ca)
         end
       end
     end