puppet 3.3.2 → 3.4.0.rc1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puppet might be problematic. Click here for more details.
- data/CONTRIBUTING.md +22 -0
- data/Gemfile +11 -2
- data/README.md +13 -17
- data/README_DEVELOPER.md +1 -1
- data/Rakefile +1 -1
- data/examples/hiera/README.md +4 -4
- data/ext/debian/puppetmaster.init +1 -0
- data/ext/debian/rules +2 -5
- data/ext/nagios/check_puppet.rb +7 -7
- data/ext/osx/file_mapping.yaml +1 -1
- data/ext/osx/preflight.erb +34 -19
- data/ext/rack/{files/config.ru → config.ru} +0 -0
- data/ext/rack/{files/apache2.conf → example-passenger-vhost.conf} +6 -0
- data/ext/redhat/puppet.spec.erb +20 -2
- data/ext/systemd/{puppetagent.service → puppet.service} +0 -0
- data/lib/hiera_puppet.rb +2 -2
- data/lib/puppet/agent.rb +1 -6
- data/lib/puppet/application.rb +15 -2
- data/lib/puppet/application/agent.rb +2 -7
- data/lib/puppet/application/apply.rb +8 -13
- data/lib/puppet/application/cert.rb +47 -7
- data/lib/puppet/application/device.rb +1 -6
- data/lib/puppet/application/face_base.rb +1 -1
- data/lib/puppet/application/filebucket.rb +1 -1
- data/lib/puppet/application/inspect.rb +3 -12
- data/lib/puppet/application/master.rb +1 -6
- data/lib/puppet/application/queue.rb +1 -6
- data/lib/puppet/application/resource.rb +2 -6
- data/lib/puppet/coercion.rb +11 -0
- data/lib/puppet/configurer.rb +5 -3
- data/lib/puppet/configurer/downloader.rb +3 -1
- data/lib/puppet/configurer/plugin_handler.rb +10 -0
- data/lib/puppet/confine.rb +80 -0
- data/lib/puppet/{provider/confine → confine}/exists.rb +3 -3
- data/lib/puppet/{provider/confine → confine}/false.rb +2 -2
- data/lib/puppet/{provider/confine → confine}/feature.rb +2 -2
- data/lib/puppet/{provider/confine → confine}/true.rb +2 -2
- data/lib/puppet/{provider/confine → confine}/variable.rb +2 -2
- data/lib/puppet/{provider/confine_collection.rb → confine_collection.rb} +4 -4
- data/lib/puppet/{provider/confiner.rb → confiner.rb} +4 -4
- data/lib/puppet/daemon.rb +2 -6
- data/lib/puppet/data_binding.rb +2 -30
- data/lib/puppet/defaults.rb +283 -174
- data/lib/puppet/error.rb +1 -0
- data/lib/puppet/external/nagios.rb +0 -2
- data/lib/puppet/external/nagios/base.rb +4 -3
- data/lib/puppet/external/nagios/grammar.ry +173 -112
- data/lib/puppet/external/nagios/parser.rb +233 -184
- data/lib/puppet/face/file/store.rb +1 -1
- data/lib/puppet/face/module/generate.rb +5 -7
- data/lib/puppet/face/parser.rb +12 -2
- data/lib/puppet/face/plugin.rb +6 -0
- data/lib/puppet/feature/base.rb +16 -0
- data/lib/puppet/feature/external_facts.rb +5 -0
- data/lib/puppet/feature/libuser.rb +1 -1
- data/lib/puppet/feature/msgpack.rb +1 -0
- data/lib/puppet/feature/rails.rb +2 -2
- data/lib/puppet/file_bucket/dipper.rb +8 -6
- data/lib/puppet/file_bucket/file.rb +17 -1
- data/lib/puppet/file_serving/base.rb +21 -10
- data/lib/puppet/file_serving/configuration.rb +5 -7
- data/lib/puppet/file_serving/configuration/parser.rb +1 -1
- data/lib/puppet/file_serving/content.rb +1 -1
- data/lib/puppet/file_serving/fileset.rb +3 -3
- data/lib/puppet/file_serving/metadata.rb +22 -18
- data/lib/puppet/file_serving/mount/file.rb +1 -1
- data/lib/puppet/file_serving/mount/pluginfacts.rb +35 -0
- data/lib/puppet/file_system.rb +3 -0
- data/lib/puppet/file_system/file.rb +261 -0
- data/lib/puppet/file_system/file18.rb +5 -0
- data/lib/puppet/file_system/file19.rb +5 -0
- data/lib/puppet/file_system/file19windows.rb +113 -0
- data/lib/puppet/file_system/memory_file.rb +31 -0
- data/lib/puppet/file_system/tempfile.rb +20 -0
- data/lib/puppet/indirector/active_record.rb +1 -0
- data/lib/puppet/indirector/catalog/compiler.rb +28 -0
- data/lib/puppet/indirector/certificate_request/memory.rb +6 -0
- data/lib/puppet/indirector/data_binding/hiera.rb +46 -2
- data/lib/puppet/indirector/direct_file_server.rb +2 -2
- data/lib/puppet/indirector/facts/facter.rb +25 -0
- data/lib/puppet/indirector/file_bucket_file/file.rb +60 -74
- data/lib/puppet/indirector/indirection.rb +5 -1
- data/lib/puppet/indirector/json.rb +1 -1
- data/lib/puppet/indirector/key/ca.rb +4 -0
- data/lib/puppet/indirector/key/file.rb +7 -3
- data/lib/puppet/indirector/key/memory.rb +6 -0
- data/lib/puppet/indirector/node/write_only_yaml.rb +2 -2
- data/lib/puppet/indirector/request.rb +17 -11
- data/lib/puppet/indirector/resource/ral.rb +5 -0
- data/lib/puppet/indirector/resource/rest.rb +1 -0
- data/lib/puppet/indirector/resource/store_configs.rb +4 -0
- data/lib/puppet/indirector/rest.rb +2 -1
- data/lib/puppet/indirector/ssl_file.rb +7 -7
- data/lib/puppet/indirector/terminus.rb +4 -0
- data/lib/puppet/indirector/yaml.rb +3 -3
- data/lib/puppet/interface/documentation.rb +4 -11
- data/lib/puppet/module.rb +19 -6
- data/lib/puppet/module_tool/applications/builder.rb +1 -1
- data/lib/puppet/module_tool/applications/installer.rb +1 -1
- data/lib/puppet/module_tool/checksums.rb +1 -1
- data/lib/puppet/module_tool/dependency.rb +7 -3
- data/lib/puppet/module_tool/metadata.rb +6 -2
- data/lib/puppet/module_tool/tar.rb +2 -1
- data/lib/puppet/module_tool/tar/gnu.rb +6 -2
- data/lib/puppet/module_tool/tar/mini.rb +2 -0
- data/lib/puppet/module_tool/tar/solaris.rb +2 -5
- data/lib/puppet/network/authconfig.rb +0 -2
- data/lib/puppet/network/authentication.rb +1 -1
- data/lib/puppet/network/authstore.rb +6 -7
- data/lib/puppet/network/format.rb +2 -3
- data/lib/puppet/network/format_handler.rb +16 -11
- data/lib/puppet/network/format_support.rb +14 -0
- data/lib/puppet/network/formats.rb +26 -0
- data/lib/puppet/network/http/connection.rb +8 -41
- data/lib/puppet/network/http/handler.rb +28 -32
- data/lib/puppet/network/http/webrick.rb +15 -22
- data/lib/puppet/network/http_pool.rb +43 -9
- data/lib/puppet/network/rights.rb +0 -0
- data/lib/puppet/node.rb +24 -8
- data/lib/puppet/node/environment.rb +18 -20
- data/lib/puppet/node/facts.rb +23 -6
- data/lib/puppet/parameter.rb +15 -2
- data/lib/puppet/parameter/boolean.rb +5 -0
- data/lib/puppet/parameter/value_collection.rb +6 -4
- data/lib/puppet/parser/ast/resourceparam.rb +2 -1
- data/lib/puppet/parser/compiler.rb +25 -9
- data/lib/puppet/parser/files.rb +1 -1
- data/lib/puppet/parser/functions.rb +12 -21
- data/lib/puppet/parser/functions/collect.rb +6 -35
- data/lib/puppet/parser/functions/contain.rb +26 -0
- data/lib/puppet/parser/functions/create_resources.rb +5 -0
- data/lib/puppet/parser/functions/extlookup.rb +2 -2
- data/lib/puppet/parser/functions/file.rb +1 -1
- data/lib/puppet/parser/functions/{reject.rb → filter.rb} +13 -12
- data/lib/puppet/parser/functions/fqdn_rand.rb +13 -5
- data/lib/puppet/parser/functions/include.rb +18 -1
- data/lib/puppet/parser/functions/map.rb +44 -0
- data/lib/puppet/parser/functions/select.rb +6 -38
- data/lib/puppet/parser/lexer.rb +1 -1
- data/lib/puppet/parser/parser_support.rb +1 -1
- data/lib/puppet/parser/resource.rb +6 -45
- data/lib/puppet/parser/scope.rb +33 -2
- data/lib/puppet/parser/type_loader.rb +4 -60
- data/lib/puppet/pops/binder/bindings_loader.rb +1 -1
- data/lib/puppet/pops/binder/config/binder_config.rb +3 -3
- data/lib/puppet/pops/binder/hiera2/bindings_provider.rb +1 -1
- data/lib/puppet/pops/binder/scheme_handler/confdir_hiera_scheme.rb +1 -1
- data/lib/puppet/pops/binder/scheme_handler/module_hiera_scheme.rb +2 -2
- data/lib/puppet/pops/issues.rb +4 -0
- data/lib/puppet/pops/model/ast_transformer.rb +4 -1
- data/lib/puppet/pops/model/model_label_provider.rb +1 -1
- data/lib/puppet/pops/parser/egrammar.ra +5 -24
- data/lib/puppet/pops/parser/eparser.rb +859 -902
- data/lib/puppet/pops/parser/lexer.rb +48 -30
- data/lib/puppet/pops/parser/parser_support.rb +1 -1
- data/lib/puppet/pops/patterns.rb +4 -4
- data/lib/puppet/pops/utils.rb +1 -1
- data/lib/puppet/pops/validation/checker3_1.rb +25 -20
- data/lib/puppet/provider.rb +23 -6
- data/lib/puppet/provider/aixobject.rb +0 -0
- data/lib/puppet/provider/augeas/augeas.rb +21 -5
- data/lib/puppet/provider/confine.rb +5 -79
- data/lib/puppet/provider/cron/crontab.rb +0 -0
- data/lib/puppet/provider/exec.rb +9 -7
- data/lib/puppet/provider/exec/posix.rb +10 -1
- data/lib/puppet/provider/exec/windows.rb +1 -1
- data/lib/puppet/provider/file/posix.rb +1 -0
- data/lib/puppet/provider/file/windows.rb +16 -5
- data/lib/puppet/provider/group/aix.rb +0 -0
- data/lib/puppet/provider/group/windows_adsi.rb +33 -1
- data/lib/puppet/provider/macauthorization/macauthorization.rb +1 -1
- data/lib/puppet/provider/mailalias/aliases.rb +0 -0
- data/lib/puppet/provider/maillist/mailman.rb +0 -0
- data/lib/puppet/provider/mount/parsed.rb +0 -0
- data/lib/puppet/provider/nameservice/directoryservice.rb +3 -3
- data/lib/puppet/provider/package/appdmg.rb +1 -1
- data/lib/puppet/provider/package/apple.rb +1 -1
- data/lib/puppet/provider/package/apt.rb +1 -1
- data/lib/puppet/provider/package/aptitude.rb +0 -0
- data/lib/puppet/provider/package/blastwave.rb +1 -1
- data/lib/puppet/provider/package/dpkg.rb +1 -1
- data/lib/puppet/provider/package/fink.rb +1 -1
- data/lib/puppet/provider/package/freebsd.rb +0 -0
- data/lib/puppet/provider/package/gem.rb +0 -0
- data/lib/puppet/provider/package/macports.rb +0 -0
- data/lib/puppet/provider/package/msi.rb +4 -10
- data/lib/puppet/provider/package/nim.rb +8 -8
- data/lib/puppet/provider/package/openbsd.rb +1 -1
- data/lib/puppet/provider/package/opkg.rb +0 -0
- data/lib/puppet/provider/package/pacman.rb +2 -2
- data/lib/puppet/provider/package/pkgdmg.rb +1 -1
- data/lib/puppet/provider/package/pkgutil.rb +1 -1
- data/lib/puppet/provider/package/ports.rb +0 -0
- data/lib/puppet/provider/package/rpm.rb +39 -3
- data/lib/puppet/provider/package/sun.rb +3 -3
- data/lib/puppet/provider/package/sunfreeware.rb +0 -0
- data/lib/puppet/provider/package/windows.rb +12 -19
- data/lib/puppet/provider/package/windows/package.rb +1 -1
- data/lib/puppet/provider/package/yum.rb +2 -2
- data/lib/puppet/provider/parsedfile.rb +0 -0
- data/lib/puppet/provider/port/parsed.rb +0 -0
- data/lib/puppet/provider/service/base.rb +0 -0
- data/lib/puppet/provider/service/bsd.rb +3 -3
- data/lib/puppet/provider/service/daemontools.rb +8 -8
- data/lib/puppet/provider/service/debian.rb +0 -0
- data/lib/puppet/provider/service/freebsd.rb +3 -3
- data/lib/puppet/provider/service/init.rb +5 -4
- data/lib/puppet/provider/service/launchd.rb +35 -24
- data/lib/puppet/provider/service/openbsd.rb +23 -0
- data/lib/puppet/provider/service/redhat.rb +0 -0
- data/lib/puppet/provider/service/runit.rb +3 -3
- data/lib/puppet/provider/service/smf.rb +0 -0
- data/lib/puppet/provider/service/src.rb +0 -0
- data/lib/puppet/provider/service/systemd.rb +0 -0
- data/lib/puppet/provider/service/upstart.rb +3 -3
- data/lib/puppet/provider/ssh_authorized_key/parsed.rb +2 -2
- data/lib/puppet/provider/sshkey/parsed.rb +0 -0
- data/lib/puppet/provider/user/aix.rb +0 -0
- data/lib/puppet/provider/user/directoryservice.rb +1 -1
- data/lib/puppet/provider/user/useradd.rb +1 -1
- data/lib/puppet/provider/zone/solaris.rb +1 -1
- data/lib/puppet/rails/benchmark.rb +1 -1
- data/lib/puppet/reference/configuration.rb +1 -2
- data/lib/puppet/reference/indirection.rb +12 -14
- data/lib/puppet/relationship.rb +7 -4
- data/lib/puppet/reports.rb +2 -2
- data/lib/puppet/reports/rrdgraph.rb +1 -1
- data/lib/puppet/reports/store.rb +3 -3
- data/lib/puppet/reports/tagmail.rb +2 -2
- data/lib/puppet/resource.rb +66 -8
- data/lib/puppet/resource/catalog.rb +18 -25
- data/lib/puppet/resource/status.rb +10 -4
- data/lib/puppet/run.rb +6 -2
- data/lib/puppet/settings.rb +39 -119
- data/lib/puppet/settings/base_setting.rb +8 -9
- data/lib/puppet/settings/directory_setting.rb +8 -0
- data/lib/puppet/settings/file_setting.rb +35 -1
- data/lib/puppet/settings/priority_setting.rb +42 -0
- data/lib/puppet/ssl.rb +4 -0
- data/lib/puppet/ssl/certificate.rb +18 -0
- data/lib/puppet/ssl/certificate_authority.rb +101 -72
- data/lib/puppet/ssl/certificate_authority/autosign_command.rb +44 -0
- data/lib/puppet/ssl/certificate_authority/interface.rb +21 -17
- data/lib/puppet/ssl/certificate_factory.rb +38 -12
- data/lib/puppet/ssl/certificate_request.rb +201 -47
- data/lib/puppet/ssl/certificate_request_attributes.rb +34 -0
- data/lib/puppet/ssl/certificate_revocation_list.rb +2 -2
- data/lib/puppet/ssl/host.rb +21 -10
- data/lib/puppet/ssl/inventory.rb +6 -10
- data/lib/puppet/ssl/key.rb +1 -1
- data/lib/puppet/ssl/oids.rb +78 -0
- data/lib/puppet/ssl/validator.rb +41 -97
- data/lib/puppet/ssl/validator/default_validator.rb +153 -0
- data/lib/puppet/ssl/validator/no_validator.rb +17 -0
- data/lib/puppet/status.rb +4 -0
- data/lib/puppet/test/test_helper.rb +5 -0
- data/lib/puppet/transaction.rb +13 -0
- data/lib/puppet/transaction/event.rb +8 -3
- data/lib/puppet/transaction/report.rb +6 -2
- data/lib/puppet/transaction/resource_harness.rb +173 -115
- data/lib/puppet/type.rb +30 -13
- data/lib/puppet/type/augeas.rb +12 -46
- data/lib/puppet/type/component.rb +1 -7
- data/lib/puppet/type/cron.rb +0 -0
- data/lib/puppet/type/exec.rb +13 -1
- data/lib/puppet/type/file.rb +19 -10
- data/lib/puppet/type/file/checksum.rb +0 -0
- data/lib/puppet/type/file/content.rb +3 -0
- data/lib/puppet/type/file/ensure.rb +33 -15
- data/lib/puppet/type/file/group.rb +0 -0
- data/lib/puppet/type/file/mode.rb +6 -2
- data/lib/puppet/type/file/owner.rb +0 -0
- data/lib/puppet/type/file/source.rb +65 -14
- data/lib/puppet/type/file/target.rb +6 -6
- data/lib/puppet/type/file/type.rb +0 -0
- data/lib/puppet/type/filebucket.rb +0 -0
- data/lib/puppet/type/group.rb +18 -0
- data/lib/puppet/type/host.rb +0 -0
- data/lib/puppet/type/k5login.rb +4 -4
- data/lib/puppet/type/mailalias.rb +0 -0
- data/lib/puppet/type/maillist.rb +0 -0
- data/lib/puppet/type/mount.rb +15 -1
- data/lib/puppet/type/package.rb +7 -1
- data/lib/puppet/type/port.rb +0 -0
- data/lib/puppet/type/schedule.rb +9 -4
- data/lib/puppet/type/service.rb +1 -1
- data/lib/puppet/type/sshkey.rb +0 -0
- data/lib/puppet/type/tidy.rb +1 -1
- data/lib/puppet/type/user.rb +3 -0
- data/lib/puppet/type/yumrepo.rb +8 -6
- data/lib/puppet/type/zpool.rb +0 -0
- data/lib/puppet/util.rb +4 -31
- data/lib/puppet/util/adsi.rb +73 -17
- data/lib/puppet/util/autoload.rb +3 -3
- data/lib/puppet/util/backups.rb +4 -4
- data/lib/puppet/util/cacher.rb +7 -13
- data/lib/puppet/util/checksums.rb +2 -2
- data/lib/puppet/util/classgen.rb +3 -1
- data/lib/puppet/util/colors.rb +1 -0
- data/lib/puppet/util/command_line.rb +5 -0
- data/lib/puppet/util/docs.rb +33 -27
- data/lib/puppet/util/execution.rb +42 -18
- data/lib/puppet/util/filetype.rb +3 -3
- data/lib/puppet/util/instance_loader.rb +2 -2
- data/lib/puppet/util/instrumentation.rb +23 -42
- data/lib/puppet/util/instrumentation/data.rb +11 -4
- data/lib/puppet/util/instrumentation/indirection_probe.rb +11 -4
- data/lib/puppet/util/instrumentation/instrumentable.rb +7 -14
- data/lib/puppet/util/instrumentation/listener.rb +15 -8
- data/lib/puppet/util/instrumentation/listeners/log.rb +4 -10
- data/lib/puppet/util/instrumentation/listeners/performance.rb +8 -14
- data/lib/puppet/util/limits.rb +12 -0
- data/lib/puppet/util/lockfile.rb +2 -2
- data/lib/puppet/util/log.rb +14 -6
- data/lib/puppet/util/log/destinations.rb +23 -1
- data/lib/puppet/util/metric.rb +9 -3
- data/lib/puppet/util/monkey_patches.rb +7 -2
- data/lib/puppet/util/network_device/config.rb +1 -1
- data/lib/puppet/util/plugins.rb +1 -1
- data/lib/puppet/util/posix.rb +0 -0
- data/lib/puppet/util/profiler.rb +7 -2
- data/lib/puppet/util/provider_features.rb +2 -2
- data/lib/puppet/util/rdoc.rb +28 -30
- data/lib/puppet/util/rdoc/code_objects.rb +75 -25
- data/lib/puppet/util/rdoc/generators/puppet_generator.rb +1 -1
- data/lib/puppet/util/rdoc/parser.rb +12 -487
- data/lib/puppet/util/rdoc/parser/puppet_parser_core.rb +477 -0
- data/lib/puppet/util/rdoc/parser/puppet_parser_rdoc1.rb +19 -0
- data/lib/puppet/util/rdoc/parser/puppet_parser_rdoc2.rb +14 -0
- data/lib/puppet/util/reference.rb +1 -1
- data/lib/puppet/util/resource_template.rb +1 -1
- data/lib/puppet/util/selinux.rb +1 -1
- data/lib/puppet/util/storage.rb +2 -2
- data/lib/puppet/util/suidmanager.rb +1 -1
- data/lib/puppet/util/tag_set.rb +29 -0
- data/lib/puppet/util/tagging.rb +8 -24
- data/lib/puppet/util/watched_file.rb +1 -1
- data/lib/puppet/util/watcher.rb +1 -1
- data/lib/puppet/util/windows.rb +3 -0
- data/lib/puppet/util/windows/access_control_entry.rb +84 -0
- data/lib/puppet/util/windows/access_control_list.rb +106 -0
- data/lib/puppet/util/windows/file.rb +213 -0
- data/lib/puppet/util/windows/process.rb +199 -0
- data/lib/puppet/util/windows/root_certs.rb +52 -37
- data/lib/puppet/util/windows/security.rb +270 -245
- data/lib/puppet/util/windows/security_descriptor.rb +62 -0
- data/lib/puppet/util/windows/sid.rb +26 -4
- data/lib/puppet/version.rb +2 -2
- data/spec/fixtures/releases/jamtur01-apache/lib/puppet/provider/a2mod/debian.rb +1 -1
- data/spec/fixtures/unit/indirector/{hiera → data_binding/hiera}/global.yaml +0 -0
- data/spec/fixtures/unit/indirector/data_binding/hiera/invalid.yaml +1 -0
- data/spec/fixtures/unit/module/trailing-comma.json +24 -0
- data/spec/fixtures/unit/util/monkey_patches/x509.pem +32 -0
- data/spec/integration/application/apply_spec.rb +1 -1
- data/spec/integration/application/doc_spec.rb +1 -1
- data/spec/integration/configurer_spec.rb +4 -2
- data/spec/integration/data_binding.rb +100 -0
- data/spec/integration/indirector/catalog/compiler_spec.rb +16 -13
- data/spec/integration/indirector/direct_file_server_spec.rb +3 -5
- data/spec/integration/indirector/file_content/file_server_spec.rb +2 -2
- data/spec/integration/node/facts_spec.rb +1 -1
- data/spec/integration/node_spec.rb +1 -1
- data/spec/integration/parser/compiler_spec.rb +90 -0
- data/spec/integration/parser/parser_spec.rb +2 -2
- data/spec/integration/provider/cron/crontab_spec.rb +3 -5
- data/spec/integration/resource/catalog_spec.rb +1 -1
- data/spec/integration/ssl/autosign_spec.rb +90 -0
- data/spec/integration/ssl/certificate_authority_spec.rb +62 -69
- data/spec/integration/ssl/certificate_revocation_list_spec.rb +1 -1
- data/spec/integration/ssl/host_spec.rb +1 -1
- data/spec/integration/transaction_spec.rb +13 -13
- data/spec/integration/type/exec_spec.rb +2 -2
- data/spec/integration/type/file_spec.rb +287 -45
- data/spec/integration/type/tidy_spec.rb +3 -3
- data/spec/integration/util/rdoc/parser_spec.rb +236 -35
- data/spec/integration/util/settings_spec.rb +1 -1
- data/spec/integration/util/windows/process_spec.rb +22 -0
- data/spec/integration/util/windows/security_spec.rb +316 -106
- data/spec/lib/matchers/containment_matchers.rb +52 -0
- data/spec/lib/puppet_spec/compiler.rb +6 -0
- data/spec/lib/puppet_spec/files.rb +20 -21
- data/spec/shared_behaviours/documentation_on_faces.rb +3 -3
- data/spec/shared_behaviours/file_server_terminus.rb +2 -2
- data/spec/shared_contexts/platform.rb +1 -0
- data/spec/spec_helper.rb +13 -1
- data/spec/unit/agent_spec.rb +0 -12
- data/spec/unit/application/agent_spec.rb +4 -4
- data/spec/unit/application/apply_spec.rb +18 -2
- data/spec/unit/application/cert_spec.rb +8 -6
- data/spec/unit/application/device_spec.rb +1 -1
- data/spec/unit/application/filebucket_spec.rb +1 -1
- data/spec/unit/application/inspect_spec.rb +1 -1
- data/spec/unit/application_spec.rb +24 -0
- data/spec/unit/configurer/downloader_spec.rb +8 -7
- data/spec/unit/configurer/fact_handler_spec.rb +23 -0
- data/spec/unit/configurer/plugin_handler_spec.rb +7 -2
- data/spec/unit/configurer_spec.rb +15 -5
- data/spec/unit/{provider/confine → confine}/exists_spec.rb +12 -12
- data/spec/unit/{provider/confine → confine}/false_spec.rb +9 -9
- data/spec/unit/{provider/confine → confine}/feature_spec.rb +10 -10
- data/spec/unit/{provider/confine → confine}/true_spec.rb +7 -7
- data/spec/unit/{provider/confine → confine}/variable_spec.rb +16 -16
- data/spec/unit/{provider/confine_collection_spec.rb → confine_collection_spec.rb} +30 -30
- data/spec/unit/{provider/confine_spec.rb → confine_spec.rb} +11 -11
- data/spec/unit/{provider/confiner_spec.rb → confiner_spec.rb} +4 -4
- data/spec/unit/face/parser_spec.rb +54 -0
- data/spec/unit/file_bucket/dipper_spec.rb +2 -2
- data/spec/unit/file_serving/base_spec.rb +32 -9
- data/spec/unit/file_serving/configuration_spec.rb +7 -7
- data/spec/unit/file_serving/content_spec.rb +12 -7
- data/spec/unit/file_serving/fileset_spec.rb +57 -27
- data/spec/unit/file_serving/metadata_spec.rb +74 -12
- data/spec/unit/file_serving/mount/file_spec.rb +10 -10
- data/spec/unit/file_serving/mount/pluginfacts_spec.rb +73 -0
- data/spec/unit/file_system/file_spec.rb +486 -0
- data/spec/unit/file_system/tempfile_spec.rb +48 -0
- data/spec/unit/graph/relationship_graph_spec.rb +0 -6
- data/spec/unit/hiera_puppet_spec.rb +2 -2
- data/spec/unit/indirector/catalog/compiler_spec.rb +15 -19
- data/spec/unit/indirector/certificate_status/file_spec.rb +30 -40
- data/spec/unit/indirector/data_binding/hiera_spec.rb +95 -2
- data/spec/unit/indirector/direct_file_server_spec.rb +6 -6
- data/spec/unit/indirector/facts/facter_spec.rb +33 -0
- data/spec/unit/indirector/file_bucket_file/file_spec.rb +61 -52
- data/spec/unit/indirector/file_metadata/file_spec.rb +2 -2
- data/spec/unit/indirector/file_server_spec.rb +4 -4
- data/spec/unit/indirector/json_spec.rb +4 -4
- data/spec/unit/indirector/key/file_spec.rb +13 -14
- data/spec/unit/indirector/resource/ral_spec.rb +7 -0
- data/spec/unit/indirector/resource/store_configs_spec.rb +11 -0
- data/spec/unit/indirector/rest_spec.rb +7 -3
- data/spec/unit/indirector/ssl_file_spec.rb +14 -17
- data/spec/unit/indirector/yaml_spec.rb +4 -4
- data/spec/unit/module_spec.rb +43 -15
- data/spec/unit/module_tool/tar/gnu_spec.rb +2 -2
- data/spec/unit/module_tool/tar/solaris_spec.rb +2 -2
- data/spec/unit/module_tool/tar_spec.rb +45 -0
- data/spec/unit/network/authconfig_spec.rb +2 -1
- data/spec/unit/network/authentication_spec.rb +2 -2
- data/spec/unit/network/format_handler_spec.rb +2 -2
- data/spec/unit/network/formats_spec.rb +24 -0
- data/spec/unit/network/http/connection_spec.rb +76 -199
- data/spec/unit/network/http/handler_spec.rb +33 -34
- data/spec/unit/network/http_pool_spec.rb +8 -5
- data/spec/unit/node/environment_spec.rb +76 -90
- data/spec/unit/node/facts_spec.rb +20 -3
- data/spec/unit/node_spec.rb +43 -0
- data/spec/unit/parameter/boolean_spec.rb +22 -12
- data/spec/unit/parser/ast/resourceparam_spec.rb +51 -0
- data/spec/unit/parser/compiler_spec.rb +103 -35
- data/spec/unit/parser/eparser_adapter_spec.rb +12 -12
- data/spec/unit/parser/files_spec.rb +11 -11
- data/spec/unit/parser/functions/contain_spec.rb +185 -0
- data/spec/unit/parser/functions/create_resources_spec.rb +13 -5
- data/spec/unit/parser/functions/generate_spec.rb +1 -1
- data/spec/unit/parser/functions_spec.rb +2 -2
- data/spec/unit/parser/lexer_spec.rb +1 -1
- data/spec/unit/parser/methods/each_spec.rb +1 -1
- data/spec/unit/parser/methods/{select_spec.rb → filter_spec.rb} +11 -11
- data/spec/unit/parser/methods/map_spec.rb +95 -0
- data/spec/unit/parser/methods/reduce_spec.rb +12 -11
- data/spec/unit/parser/methods/shared.rb +5 -5
- data/spec/unit/parser/methods/slice_spec.rb +13 -13
- data/spec/unit/parser/parser_spec.rb +1 -1
- data/spec/unit/parser/resource/param_spec.rb +44 -0
- data/spec/unit/parser/resource_spec.rb +16 -15
- data/spec/unit/pops/model/ast_transformer_spec.rb +18 -4
- data/spec/unit/pops/parser/lexer_spec.rb +22 -5
- data/spec/unit/pops/parser/parse_calls_spec.rb +5 -5
- data/spec/unit/pops/transformer/transform_calls_spec.rb +6 -6
- data/spec/unit/pops/transformer/transform_containers_spec.rb +2 -2
- data/spec/unit/pops/validator/validator_spec.rb +31 -0
- data/spec/unit/provider/augeas/augeas_spec.rb +57 -2
- data/spec/unit/provider/exec/posix_spec.rb +8 -3
- data/spec/unit/provider/file/posix_spec.rb +2 -2
- data/spec/unit/provider/group/windows_adsi_spec.rb +70 -3
- data/spec/unit/provider/nameservice/directoryservice_spec.rb +3 -3
- data/spec/unit/provider/package/apt_spec.rb +1 -1
- data/spec/unit/provider/package/msi_spec.rb +15 -42
- data/spec/unit/provider/package/openbsd_spec.rb +3 -3
- data/spec/unit/provider/package/rpm_spec.rb +56 -13
- data/spec/unit/provider/package/windows_spec.rb +15 -19
- data/spec/unit/provider/service/base_spec.rb +1 -1
- data/spec/unit/provider/service/daemontools_spec.rb +18 -8
- data/spec/unit/provider/service/freebsd_spec.rb +3 -3
- data/spec/unit/provider/service/gentoo_spec.rb +5 -2
- data/spec/unit/provider/service/init_spec.rb +17 -17
- data/spec/unit/provider/service/launchd_spec.rb +76 -23
- data/spec/unit/provider/service/openbsd_spec.rb +125 -0
- data/spec/unit/provider/service/openwrt_spec.rb +1 -1
- data/spec/unit/provider/service/runit_spec.rb +12 -5
- data/spec/unit/provider/service/upstart_spec.rb +4 -4
- data/spec/unit/provider/ssh_authorized_key/parsed_spec.rb +5 -5
- data/spec/unit/provider/user/directoryservice_spec.rb +4 -4
- data/spec/unit/provider/zone/solaris_spec.rb +1 -1
- data/spec/unit/provider_spec.rb +2 -2
- data/spec/unit/reports/http_spec.rb +19 -34
- data/spec/unit/reports/store_spec.rb +2 -2
- data/spec/unit/resource/catalog_spec.rb +81 -11
- data/spec/unit/resource/status_spec.rb +11 -1
- data/spec/unit/resource/type_spec.rb +30 -1
- data/spec/unit/resource_spec.rb +40 -4
- data/spec/unit/settings/file_setting_spec.rb +2 -2
- data/spec/unit/settings/path_setting_spec.rb +2 -2
- data/spec/unit/settings/priority_setting_spec.rb +66 -0
- data/spec/unit/settings_spec.rb +16 -31
- data/spec/unit/ssl/certificate_authority/autosign_command_spec.rb +30 -0
- data/spec/unit/ssl/certificate_authority_spec.rb +129 -134
- data/spec/unit/ssl/certificate_factory_spec.rb +18 -0
- data/spec/unit/ssl/certificate_request_attributes_spec.rb +61 -0
- data/spec/unit/ssl/certificate_request_spec.rb +103 -0
- data/spec/unit/ssl/certificate_spec.rb +31 -18
- data/spec/unit/ssl/host_spec.rb +34 -8
- data/spec/unit/ssl/inventory_spec.rb +27 -62
- data/spec/unit/ssl/key_spec.rb +4 -4
- data/spec/unit/ssl/oids_spec.rb +48 -0
- data/spec/unit/ssl/validator_spec.rb +49 -6
- data/spec/unit/status_spec.rb +9 -0
- data/spec/unit/transaction/event_spec.rb +1 -9
- data/spec/unit/transaction/report_spec.rb +20 -1
- data/spec/unit/transaction/resource_harness_spec.rb +60 -210
- data/spec/unit/transaction_spec.rb +54 -8
- data/spec/unit/type/component_spec.rb +2 -2
- data/spec/unit/type/exec_spec.rb +14 -7
- data/spec/unit/type/file/content_spec.rb +13 -2
- data/spec/unit/type/file/ctime_spec.rb +1 -1
- data/spec/unit/type/file/mode_spec.rb +48 -2
- data/spec/unit/type/file/mtime_spec.rb +1 -1
- data/spec/unit/type/file/source_spec.rb +177 -7
- data/spec/unit/type/file_spec.rb +63 -71
- data/spec/unit/type/group_spec.rb +20 -0
- data/spec/unit/type/k5login_spec.rb +3 -3
- data/spec/unit/type/mount_spec.rb +53 -0
- data/spec/unit/type/nagios_spec.rb +216 -0
- data/spec/unit/type/package_spec.rb +7 -1
- data/spec/unit/type/schedule_spec.rb +6 -0
- data/spec/unit/type/service_spec.rb +3 -3
- data/spec/unit/type/tidy_spec.rb +14 -14
- data/spec/unit/type/user_spec.rb +9 -0
- data/spec/unit/type_spec.rb +86 -4
- data/spec/unit/util/adsi_spec.rb +120 -12
- data/spec/unit/util/autoload_spec.rb +14 -14
- data/spec/unit/util/backups_spec.rb +29 -21
- data/spec/unit/util/checksums_spec.rb +2 -1
- data/spec/unit/util/command_line_spec.rb +41 -0
- data/spec/unit/util/docs_spec.rb +91 -0
- data/spec/unit/util/execution_spec.rb +26 -2
- data/spec/unit/util/filetype_spec.rb +7 -7
- data/spec/unit/util/lockfile_spec.rb +2 -2
- data/spec/unit/util/log/destinations_spec.rb +32 -0
- data/spec/unit/util/monkey_patches_spec.rb +41 -0
- data/spec/unit/util/pidlock_spec.rb +6 -6
- data/spec/unit/util/rdoc/parser_spec.rb +15 -13
- data/spec/unit/util/rdoc_spec.rb +18 -24
- data/spec/unit/util/resource_template_spec.rb +3 -3
- data/spec/unit/util/selinux_spec.rb +4 -2
- data/spec/unit/util/storage_spec.rb +4 -4
- data/spec/unit/util/suidmanager_spec.rb +7 -0
- data/spec/unit/util/tag_set_spec.rb +46 -0
- data/spec/unit/util/tagging_spec.rb +82 -45
- data/spec/unit/util/watcher_spec.rb +4 -1
- data/spec/unit/util/windows/access_control_entry_spec.rb +67 -0
- data/spec/unit/util/windows/access_control_list_spec.rb +133 -0
- data/spec/unit/util/windows/root_certs_spec.rb +10 -8
- data/spec/unit/util/windows/security_descriptor_spec.rb +117 -0
- data/spec/unit/util/windows/sid_spec.rb +69 -0
- data/spec/unit/util_spec.rb +7 -7
- data/tasks/ci.rake +17 -36
- metadata +2811 -2746
- checksums.yaml +0 -7
- data/examples/mac_automount.pp +0 -16
- data/examples/mcx_dock_absent.pp +0 -4
- data/examples/mcx_dock_default.pp +0 -118
- data/examples/mcx_dock_full.pp +0 -125
- data/examples/mcx_dock_invalid.pp +0 -9
- data/examples/mcx_nogroup.pp +0 -118
- data/examples/mcx_notexists_absent.pp +0 -4
- data/ext/rack/README +0 -58
- data/ext/rack/manifest.pp +0 -59
- data/lib/puppet/external/lock.rb +0 -63
- data/lib/puppet/indirector/hiera.rb +0 -39
- data/lib/puppet/parser/functions/foreach.rb +0 -95
- data/spec/integration/network/server/webrick_spec.rb +0 -76
- data/spec/integration/parser/functions_spec.rb +0 -16
- data/spec/unit/indirector/hiera_spec.rb +0 -154
- data/spec/unit/parser/methods/collect_spec.rb +0 -153
- data/spec/unit/parser/methods/foreach_spec.rb +0 -91
- data/spec/unit/parser/methods/reject_spec.rb +0 -73
- data/spec/unit/resource/resource_type.json +0 -34
@@ -12,12 +12,12 @@ describe Puppet::Type.type(:tidy) do
|
|
12
12
|
end
|
13
13
|
|
14
14
|
# Testing #355.
|
15
|
-
it "should be able to remove dead links", :
|
15
|
+
it "should be able to remove dead links", :if => Puppet.features.manages_symlinks? do
|
16
16
|
dir = tmpfile("tidy_link_testing")
|
17
17
|
link = File.join(dir, "link")
|
18
18
|
target = tmpfile("no_such_file_tidy_link_testing")
|
19
19
|
Dir.mkdir(dir)
|
20
|
-
File.symlink(
|
20
|
+
Puppet::FileSystem::File.new(target).symlink(link)
|
21
21
|
|
22
22
|
tidy = Puppet::Type.type(:tidy).new :path => dir, :recurse => true
|
23
23
|
|
@@ -26,6 +26,6 @@ describe Puppet::Type.type(:tidy) do
|
|
26
26
|
|
27
27
|
catalog.apply
|
28
28
|
|
29
|
-
|
29
|
+
Puppet::FileSystem::File.new(link).symlink?.should be_false
|
30
30
|
end
|
31
31
|
end
|
@@ -1,60 +1,261 @@
|
|
1
1
|
#! /usr/bin/env ruby
|
2
2
|
require 'spec_helper'
|
3
|
+
require 'puppet/util/rdoc'
|
3
4
|
|
4
|
-
describe "RDoc::Parser"
|
5
|
+
describe "RDoc::Parser" do
|
5
6
|
require 'puppet_spec/files'
|
6
7
|
include PuppetSpec::Files
|
7
8
|
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
9
|
+
let(:document_all) { false }
|
10
|
+
let(:tmp_dir) { tmpdir('rdoc_parser_tmp') }
|
11
|
+
let(:doc_dir) { File.join(tmp_dir, 'doc') }
|
12
|
+
let(:manifests_dir) { File.join(tmp_dir, 'manifests') }
|
13
|
+
let(:modules_dir) { File.join(tmp_dir, 'modules') }
|
14
|
+
|
15
|
+
let(:modules_and_manifests) do
|
16
|
+
{
|
17
|
+
:site => [
|
18
|
+
File.join(manifests_dir, 'site.pp'),
|
19
|
+
<<-EOF
|
20
|
+
# The test class comment
|
21
|
+
class test {
|
22
|
+
# The virtual resource comment
|
23
|
+
@notify { virtual: }
|
24
|
+
# The a_notify_resource comment
|
25
|
+
notify { a_notify_resource:
|
26
|
+
message => "a_notify_resource message"
|
27
|
+
}
|
28
|
+
}
|
29
|
+
|
30
|
+
# The includes_another class comment
|
31
|
+
class includes_another {
|
32
|
+
include another
|
33
|
+
}
|
34
|
+
|
35
|
+
# The requires_another class comment
|
36
|
+
class requires_another {
|
37
|
+
require another
|
38
|
+
}
|
39
|
+
|
40
|
+
# node comment
|
41
|
+
node foo {
|
42
|
+
include test
|
43
|
+
$a_var = "var_value"
|
44
|
+
realize Notify[virtual]
|
45
|
+
notify { bar: }
|
46
|
+
}
|
47
|
+
EOF
|
48
|
+
],
|
49
|
+
:module_readme => [
|
50
|
+
File.join(modules_dir, 'a_module', 'README'),
|
51
|
+
<<-EOF
|
52
|
+
The a_module README docs.
|
53
|
+
EOF
|
54
|
+
],
|
55
|
+
:module_init => [
|
56
|
+
File.join(modules_dir, 'a_module', 'manifests', 'init.pp'),
|
57
|
+
<<-EOF
|
58
|
+
# The a_module class comment
|
59
|
+
class a_module {}
|
60
|
+
|
61
|
+
class another {}
|
62
|
+
EOF
|
63
|
+
],
|
64
|
+
:module_type => [
|
65
|
+
File.join(modules_dir, 'a_module', 'manifests', 'a_type.pp'),
|
66
|
+
<<-EOF
|
67
|
+
# The a_type type comment
|
68
|
+
define a_module::a_type() {}
|
69
|
+
EOF
|
70
|
+
],
|
71
|
+
:module_plugin => [
|
72
|
+
File.join(modules_dir, 'a_module', 'lib', 'puppet', 'type', 'a_plugin.rb'),
|
73
|
+
<<-EOF
|
74
|
+
# The a_plugin type comment
|
75
|
+
Puppet::Type.newtype(:a_plugin) do
|
76
|
+
@doc = "Not presented"
|
77
|
+
end
|
78
|
+
EOF
|
79
|
+
],
|
80
|
+
:module_function => [
|
81
|
+
File.join(modules_dir, 'a_module', 'lib', 'puppet', 'parser', 'a_function.rb'),
|
82
|
+
<<-EOF
|
83
|
+
# The a_function function comment
|
84
|
+
module Puppet::Parser::Functions
|
85
|
+
newfunction(:a_function, :type => :rvalue) do
|
86
|
+
return
|
87
|
+
end
|
88
|
+
end
|
89
|
+
EOF
|
90
|
+
],
|
91
|
+
:module_fact => [
|
92
|
+
File.join(modules_dir, 'a_module', 'lib', 'facter', 'a_fact.rb'),
|
93
|
+
<<-EOF
|
94
|
+
# The a_fact fact comment
|
95
|
+
Facter.add("a_fact") do
|
96
|
+
end
|
97
|
+
EOF
|
98
|
+
],
|
99
|
+
}
|
15
100
|
end
|
16
101
|
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
102
|
+
def write_file(file, content)
|
103
|
+
FileUtils.mkdir_p(File.dirname(file))
|
104
|
+
File.open(file, 'w') do |f|
|
105
|
+
f.puts(content)
|
106
|
+
end
|
107
|
+
end
|
21
108
|
|
22
|
-
|
23
|
-
|
24
|
-
|
109
|
+
def prepare_manifests_and_modules
|
110
|
+
modules_and_manifests.each do |key,array|
|
111
|
+
write_file(*array)
|
25
112
|
end
|
113
|
+
end
|
114
|
+
|
115
|
+
def file_exists_and_matches_content(file, *content_patterns)
|
116
|
+
Puppet::FileSystem::File.exist?(file).should(be_true, "Cannot find #{file}")
|
117
|
+
content_patterns.each do |pattern|
|
118
|
+
content = File.read(file)
|
119
|
+
content.should match(pattern)
|
120
|
+
end
|
121
|
+
end
|
26
122
|
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
@parser = RDoc::Parser.new(@top_level, @parsedfile, nil, Options.instance, RDoc::Stats.new)
|
123
|
+
def some_file_exists_with_matching_content(glob, *content_patterns)
|
124
|
+
Dir.glob(glob).select do |f|
|
125
|
+
contents = File.read(f)
|
126
|
+
content_patterns.all? { |p| p.match(contents) }
|
127
|
+
end.should_not(be_empty, "Could not match #{content_patterns} in any of the files found in #{glob}")
|
33
128
|
end
|
34
129
|
|
35
|
-
|
36
|
-
|
130
|
+
before :each do
|
131
|
+
prepare_manifests_and_modules
|
132
|
+
Puppet.settings[:document_all] = document_all
|
133
|
+
Puppet.settings[:modulepath] = modules_dir
|
134
|
+
Puppet::Util::RDoc.rdoc(doc_dir, [modules_dir, manifests_dir])
|
37
135
|
end
|
38
136
|
|
39
|
-
|
40
|
-
|
41
|
-
|
137
|
+
module RdocTesters
|
138
|
+
def has_module_rdoc(module_name, *other_test_patterns)
|
139
|
+
file_exists_and_matches_content(module_path(module_name), /Module:? +#{module_name}/i, *other_test_patterns)
|
140
|
+
end
|
141
|
+
|
142
|
+
def has_node_rdoc(module_name, node_name, *other_test_patterns)
|
143
|
+
file_exists_and_matches_content(node_path(module_name, node_name), /#{node_name}/, /node comment/, *other_test_patterns)
|
144
|
+
end
|
145
|
+
|
146
|
+
def has_defined_type(module_name, type_name)
|
147
|
+
file_exists_and_matches_content(module_path(module_name), /#{type_name}.*?\(\s*\)/m, "The .*?#{type_name}.*? type comment")
|
148
|
+
end
|
149
|
+
|
150
|
+
def has_class_rdoc(module_name, class_name, *other_test_patterns)
|
151
|
+
file_exists_and_matches_content(class_path(module_name, class_name), /#{class_name}.*? class comment/, *other_test_patterns)
|
152
|
+
end
|
153
|
+
|
154
|
+
def has_plugin_rdoc(module_name, type, name)
|
155
|
+
file_exists_and_matches_content(plugin_path(module_name, type, name), /The .*?#{name}.*?\s*#{type} comment/m, /Type.*?#{type}/m)
|
156
|
+
end
|
42
157
|
end
|
43
158
|
|
44
|
-
|
45
|
-
|
46
|
-
|
159
|
+
shared_examples_for :an_rdoc_site do
|
160
|
+
it "documents the __site__ module" do
|
161
|
+
has_module_rdoc("__site__")
|
162
|
+
end
|
163
|
+
|
164
|
+
it "documents the __site__::test class" do
|
165
|
+
has_class_rdoc("__site__", "test")
|
166
|
+
end
|
167
|
+
|
168
|
+
it "documents the __site__::foo node" do
|
169
|
+
has_node_rdoc("__site__", "foo")
|
170
|
+
end
|
171
|
+
|
172
|
+
it "documents the a_module module" do
|
173
|
+
has_module_rdoc("a_module", /The .*?a_module.*? .*?README.*?docs/m)
|
174
|
+
end
|
175
|
+
|
176
|
+
it "documents the a_module::a_module class" do
|
177
|
+
has_class_rdoc("a_module", "a_module")
|
178
|
+
end
|
179
|
+
|
180
|
+
it "documents the a_module::a_type defined type" do
|
181
|
+
has_defined_type("a_module", "a_type")
|
182
|
+
end
|
183
|
+
|
184
|
+
it "documents the a_module::a_plugin type" do
|
185
|
+
has_plugin_rdoc("a_module", :type, 'a_plugin')
|
186
|
+
end
|
187
|
+
|
188
|
+
it "documents the a_module::a_function function" do
|
189
|
+
has_plugin_rdoc("a_module", :function, 'a_function')
|
190
|
+
end
|
191
|
+
|
192
|
+
it "documents the a_module::a_fact fact" do
|
193
|
+
has_plugin_rdoc("a_module", :fact, 'a_fact')
|
194
|
+
end
|
195
|
+
|
196
|
+
it "documents included classes" do
|
197
|
+
has_class_rdoc("__site__", "includes_another", /Included.*?another/m)
|
198
|
+
end
|
47
199
|
end
|
48
200
|
|
49
|
-
|
50
|
-
|
201
|
+
shared_examples_for :an_rdoc1_site do
|
202
|
+
it "documents required classes" do
|
203
|
+
has_class_rdoc("__site__", "requires_another", /Required Classes.*?another/m)
|
204
|
+
end
|
205
|
+
|
206
|
+
it "documents realized resources" do
|
207
|
+
has_node_rdoc("__site__", "foo", /Realized Resources.*?Notify\[virtual\]/m)
|
208
|
+
end
|
209
|
+
|
210
|
+
it "documents global variables" do
|
211
|
+
has_node_rdoc("__site__", "foo", /Global Variables.*?a_var.*?=.*?var_value/m)
|
212
|
+
end
|
213
|
+
|
214
|
+
describe "when document_all is true" do
|
215
|
+
let(:document_all) { true }
|
216
|
+
|
217
|
+
it "documents virtual resource declarations" do
|
218
|
+
has_class_rdoc("__site__", "test", /Resources.*?Notify\[virtual\]/m, /The virtual resource comment/)
|
219
|
+
end
|
220
|
+
|
221
|
+
it "documents resources" do
|
222
|
+
has_class_rdoc("__site__", "test", /Resources.*?Notify\[a_notify_resource\]/m, /message => "a_notify_resource message"/, /The a_notify_resource comment/)
|
223
|
+
end
|
224
|
+
end
|
51
225
|
end
|
52
226
|
|
53
|
-
|
54
|
-
|
227
|
+
describe "rdoc1 support", :if => Puppet.features.rdoc1? do
|
228
|
+
def module_path(module_name); "#{doc_dir}/classes/#{module_name}.html" end
|
229
|
+
def node_path(module_name, node_name); "#{doc_dir}/nodes/**/*.html" end
|
230
|
+
def class_path(module_name, class_name); "#{doc_dir}/classes/#{module_name}/#{class_name}.html" end
|
231
|
+
def plugin_path(module_name, type, name); "#{doc_dir}/plugins/#{name}.html" end
|
232
|
+
|
233
|
+
include RdocTesters
|
234
|
+
|
235
|
+
def has_node_rdoc(module_name, node_name, *other_test_patterns)
|
236
|
+
some_file_exists_with_matching_content(node_path(module_name, node_name), /#{node_name}/, /node comment/, *other_test_patterns)
|
237
|
+
end
|
238
|
+
|
239
|
+
it_behaves_like :an_rdoc_site
|
240
|
+
it_behaves_like :an_rdoc1_site
|
241
|
+
|
242
|
+
it "references nodes and classes in the __site__ module" do
|
243
|
+
file_exists_and_matches_content("#{doc_dir}/classes/__site__.html", /Node.*__site__::foo/, /Class.*__site__::test/)
|
244
|
+
end
|
245
|
+
|
246
|
+
it "references functions, facts, and type plugins in the a_module module" do
|
247
|
+
file_exists_and_matches_content("#{doc_dir}/classes/a_module.html", /a_function/, /a_fact/, /a_plugin/, /Class.*a_module::a_module/)
|
248
|
+
end
|
55
249
|
end
|
56
250
|
|
57
|
-
|
58
|
-
|
251
|
+
describe "rdoc2 support", :if => !Puppet.features.rdoc1? do
|
252
|
+
def module_path(module_name); "#{doc_dir}/#{module_name}.html" end
|
253
|
+
def node_path(module_name, node_name); "#{doc_dir}/#{module_name}/__nodes__/#{node_name}.html" end
|
254
|
+
def class_path(module_name, class_name); "#{doc_dir}/#{module_name}/#{class_name}.html" end
|
255
|
+
def plugin_path(module_name, type, name); "#{doc_dir}/#{module_name}/__#{type}s__.html" end
|
256
|
+
|
257
|
+
include RdocTesters
|
258
|
+
|
259
|
+
it_behaves_like :an_rdoc_site
|
59
260
|
end
|
60
261
|
end
|
@@ -41,7 +41,7 @@ describe Puppet::Settings do
|
|
41
41
|
|
42
42
|
settings.use(:main)
|
43
43
|
|
44
|
-
expect(File.
|
44
|
+
expect(Puppet::FileSystem::File.new(settings[:maindir]).stat.mode & 007777).to eq(Puppet.features.microsoft_windows? ? 0755 : 0750)
|
45
45
|
end
|
46
46
|
|
47
47
|
it "reparses configuration if configuration file is touched", :if => !Puppet.features.microsoft_windows? do
|
@@ -0,0 +1,22 @@
|
|
1
|
+
#! /usr/bin/env ruby
|
2
|
+
|
3
|
+
require 'spec_helper'
|
4
|
+
require 'facter'
|
5
|
+
|
6
|
+
describe "Puppet::Util::Windows::Process", :if => Puppet.features.microsoft_windows? do
|
7
|
+
describe "as an admin" do
|
8
|
+
it "should have the SeCreateSymbolicLinkPrivilege necessary to create symlinks on Vista / 2008+",
|
9
|
+
:if => Facter.value(:kernelmajversion).to_f >= 6.0 && Puppet.features.microsoft_windows? do
|
10
|
+
# this is a bit of a lame duck test since it requires running user to be admin
|
11
|
+
# a better integration test would create a new user with the privilege and verify
|
12
|
+
Puppet::Util::Windows::User.should be_admin
|
13
|
+
Puppet::Util::Windows::Process.process_privilege_symlink?.should be_true
|
14
|
+
end
|
15
|
+
|
16
|
+
it "should not have the SeCreateSymbolicLinkPrivilege necessary to create symlinks on 2003 and earlier",
|
17
|
+
:if => Facter.value(:kernelmajversion).to_f < 6.0 && Puppet.features.microsoft_windows? do
|
18
|
+
Puppet::Util::Windows::User.should be_admin
|
19
|
+
Puppet::Util::Windows::Process.process_privilege_symlink?.should be_false
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
@@ -16,31 +16,64 @@ describe "Puppet::Util::Windows::Security", :if => Puppet.features.microsoft_win
|
|
16
16
|
before :all do
|
17
17
|
@sids = {
|
18
18
|
:current_user => Puppet::Util::Windows::Security.name_to_sid(Sys::Admin.get_login),
|
19
|
+
:system => Win32::Security::SID::LocalSystem,
|
19
20
|
:admin => Puppet::Util::Windows::Security.name_to_sid("Administrator"),
|
21
|
+
:administrators => Win32::Security::SID::BuiltinAdministrators,
|
20
22
|
:guest => Puppet::Util::Windows::Security.name_to_sid("Guest"),
|
21
23
|
:users => Win32::Security::SID::BuiltinUsers,
|
22
24
|
:power_users => Win32::Security::SID::PowerUsers,
|
25
|
+
:none => Win32::Security::SID::Nobody,
|
26
|
+
:everyone => Win32::Security::SID::Everyone
|
23
27
|
}
|
24
28
|
end
|
25
29
|
|
26
30
|
let (:sids) { @sids }
|
27
31
|
let (:winsec) { WindowsSecurityTester.new }
|
28
32
|
|
33
|
+
def set_group_depending_on_current_user(path)
|
34
|
+
if sids[:current_user] == sids[:system]
|
35
|
+
# if the current user is SYSTEM, by setting the group to
|
36
|
+
# guest, SYSTEM is automagically given full control, so instead
|
37
|
+
# override that behavior with SYSTEM as group and a specific mode
|
38
|
+
winsec.set_group(sids[:system], path)
|
39
|
+
mode = winsec.get_mode(path)
|
40
|
+
winsec.set_mode(mode & ~WindowsSecurityTester::S_IRWXG, path)
|
41
|
+
else
|
42
|
+
winsec.set_group(sids[:guest], path)
|
43
|
+
end
|
44
|
+
end
|
45
|
+
|
29
46
|
shared_examples_for "only child owner" do
|
30
47
|
it "should allow child owner" do
|
31
|
-
|
48
|
+
winsec.set_owner(sids[:guest], parent)
|
49
|
+
winsec.set_group(sids[:current_user], parent)
|
50
|
+
winsec.set_mode(0700, parent)
|
51
|
+
|
52
|
+
check_delete(path)
|
32
53
|
end
|
33
54
|
|
34
55
|
it "should deny parent owner" do
|
35
|
-
|
56
|
+
winsec.set_owner(sids[:guest], path)
|
57
|
+
winsec.set_group(sids[:current_user], path)
|
58
|
+
winsec.set_mode(0700, path)
|
59
|
+
|
60
|
+
lambda { check_delete(path) }.should raise_error(Errno::EACCES)
|
36
61
|
end
|
37
62
|
|
38
63
|
it "should deny group" do
|
39
|
-
|
64
|
+
winsec.set_owner(sids[:guest], path)
|
65
|
+
winsec.set_group(sids[:current_user], path)
|
66
|
+
winsec.set_mode(0700, path)
|
67
|
+
|
68
|
+
lambda { check_delete(path) }.should raise_error(Errno::EACCES)
|
40
69
|
end
|
41
70
|
|
42
71
|
it "should deny other" do
|
43
|
-
|
72
|
+
winsec.set_owner(sids[:guest], path)
|
73
|
+
winsec.set_group(sids[:current_user], path)
|
74
|
+
winsec.set_mode(0700, path)
|
75
|
+
|
76
|
+
lambda { check_delete(path) }.should raise_error(Errno::EACCES)
|
44
77
|
end
|
45
78
|
end
|
46
79
|
|
@@ -63,7 +96,7 @@ describe "Puppet::Util::Windows::Security", :if => Puppet.features.microsoft_win
|
|
63
96
|
|
64
97
|
after :each do
|
65
98
|
winsec.set_mode(WindowsSecurityTester::S_IRWXU, parent)
|
66
|
-
winsec.set_mode(WindowsSecurityTester::S_IRWXU, path) if File.
|
99
|
+
winsec.set_mode(WindowsSecurityTester::S_IRWXU, path) if Puppet::FileSystem::File.exist?(path)
|
67
100
|
end
|
68
101
|
|
69
102
|
describe "#supports_acl?" do
|
@@ -122,6 +155,26 @@ describe "Puppet::Util::Windows::Security", :if => Puppet.features.microsoft_win
|
|
122
155
|
end
|
123
156
|
end
|
124
157
|
|
158
|
+
it "should preserve inherited full control for SYSTEM when setting owner and group" do
|
159
|
+
# new file has SYSTEM
|
160
|
+
system_aces = winsec.get_aces_for_path_by_sid(path, sids[:system])
|
161
|
+
system_aces.should_not be_empty
|
162
|
+
|
163
|
+
# when running under SYSTEM account, multiple ACEs come back
|
164
|
+
# so we only care that we have at least one of these
|
165
|
+
system_aces.any? do |ace|
|
166
|
+
ace.mask == Windows::File::FILE_ALL_ACCESS
|
167
|
+
end.should be_true
|
168
|
+
|
169
|
+
# changing the owner/group will no longer make the SD protected
|
170
|
+
winsec.set_group(sids[:power_users], path)
|
171
|
+
winsec.set_owner(sids[:administrators], path)
|
172
|
+
|
173
|
+
system_aces.find do |ace|
|
174
|
+
ace.mask == Windows::File::FILE_ALL_ACCESS && ace.inherited?
|
175
|
+
end.should_not be_nil
|
176
|
+
end
|
177
|
+
|
125
178
|
describe "#mode=" do
|
126
179
|
(0000..0700).step(0100) do |mode|
|
127
180
|
it "should enforce mode #{mode.to_s(8)}" do
|
@@ -151,6 +204,28 @@ describe "Puppet::Util::Windows::Security", :if => Puppet.features.microsoft_win
|
|
151
204
|
end
|
152
205
|
end
|
153
206
|
|
207
|
+
it "should preserve full control for SYSTEM when setting mode" do
|
208
|
+
# new file has SYSTEM
|
209
|
+
system_aces = winsec.get_aces_for_path_by_sid(path, sids[:system])
|
210
|
+
system_aces.should_not be_empty
|
211
|
+
|
212
|
+
# when running under SYSTEM account, multiple ACEs come back
|
213
|
+
# so we only care that we have at least one of these
|
214
|
+
system_aces.any? do |ace|
|
215
|
+
ace.mask == WindowsSecurityTester::FILE_ALL_ACCESS
|
216
|
+
end.should be_true
|
217
|
+
|
218
|
+
# changing the mode will make the SD protected
|
219
|
+
winsec.set_group(sids[:none], path)
|
220
|
+
winsec.set_mode(0600, path)
|
221
|
+
|
222
|
+
# and should have a non-inherited SYSTEM ACE(s)
|
223
|
+
system_aces = winsec.get_aces_for_path_by_sid(path, sids[:system])
|
224
|
+
system_aces.each do |ace|
|
225
|
+
ace.mask.should == Windows::File::FILE_ALL_ACCESS && ! ace.inherited?
|
226
|
+
end
|
227
|
+
end
|
228
|
+
|
154
229
|
describe "for modes that require deny aces" do
|
155
230
|
it "should map everyone to group and owner" do
|
156
231
|
winsec.set_mode(0426, path)
|
@@ -167,6 +242,8 @@ describe "Puppet::Util::Windows::Security", :if => Puppet.features.microsoft_win
|
|
167
242
|
|
168
243
|
describe "for read-only objects" do
|
169
244
|
before :each do
|
245
|
+
winsec.set_group(sids[:none], path)
|
246
|
+
winsec.set_mode(0600, path)
|
170
247
|
winsec.add_attributes(path, WindowsSecurityTester::FILE_ATTRIBUTE_READONLY)
|
171
248
|
(winsec.get_attributes(path) & WindowsSecurityTester::FILE_ATTRIBUTE_READONLY).should be_nonzero
|
172
249
|
end
|
@@ -176,9 +253,17 @@ describe "Puppet::Util::Windows::Security", :if => Puppet.features.microsoft_win
|
|
176
253
|
(winsec.get_attributes(path) & WindowsSecurityTester::FILE_ATTRIBUTE_READONLY).should == 0
|
177
254
|
end
|
178
255
|
|
179
|
-
it "should leave them read-only if no sid has write permission" do
|
256
|
+
it "should leave them read-only if no sid has write permission and should allow full access for SYSTEM" do
|
180
257
|
winsec.set_mode(WindowsSecurityTester::S_IRUSR | WindowsSecurityTester::S_IXGRP, path)
|
181
258
|
(winsec.get_attributes(path) & WindowsSecurityTester::FILE_ATTRIBUTE_READONLY).should be_nonzero
|
259
|
+
|
260
|
+
system_aces = winsec.get_aces_for_path_by_sid(path, sids[:system])
|
261
|
+
|
262
|
+
# when running under SYSTEM account, and set_group / set_owner hasn't been called
|
263
|
+
# SYSTEM full access will be restored
|
264
|
+
system_aces.any? do |ace|
|
265
|
+
ace.mask == Windows::File::FILE_ALL_ACCESS
|
266
|
+
end.should be_true
|
182
267
|
end
|
183
268
|
end
|
184
269
|
|
@@ -189,31 +274,39 @@ describe "Puppet::Util::Windows::Security", :if => Puppet.features.microsoft_win
|
|
189
274
|
|
190
275
|
describe "#mode" do
|
191
276
|
it "should report when extra aces are encounted" do
|
192
|
-
winsec.
|
193
|
-
|
194
|
-
|
195
|
-
end
|
277
|
+
sd = winsec.get_security_descriptor(path)
|
278
|
+
(544..547).each do |rid|
|
279
|
+
sd.dacl.allow("S-1-5-32-#{rid}", WindowsSecurityTester::STANDARD_RIGHTS_ALL)
|
196
280
|
end
|
281
|
+
winsec.set_security_descriptor(path, sd)
|
282
|
+
|
197
283
|
mode = winsec.get_mode(path)
|
198
|
-
(mode & WindowsSecurityTester::S_IEXTRA).
|
284
|
+
(mode & WindowsSecurityTester::S_IEXTRA).should == WindowsSecurityTester::S_IEXTRA
|
199
285
|
end
|
200
286
|
|
201
|
-
it "should
|
202
|
-
winsec.
|
203
|
-
|
204
|
-
|
205
|
-
end
|
206
|
-
|
207
|
-
Puppet.expects(:warning).with("Unsupported access control entry type: 0x1")
|
287
|
+
it "should return deny aces" do
|
288
|
+
sd = winsec.get_security_descriptor(path)
|
289
|
+
sd.dacl.deny(sids[:guest], WindowsSecurityTester::FILE_GENERIC_WRITE)
|
290
|
+
winsec.set_security_descriptor(path, sd)
|
208
291
|
|
209
|
-
winsec.
|
292
|
+
guest_aces = winsec.get_aces_for_path_by_sid(path, sids[:guest])
|
293
|
+
guest_aces.find do |ace|
|
294
|
+
ace.type == WindowsSecurityTester::ACCESS_DENIED_ACE_TYPE
|
295
|
+
end.should_not be_nil
|
210
296
|
end
|
211
297
|
|
212
298
|
it "should skip inherit-only ace" do
|
213
|
-
winsec.
|
214
|
-
|
215
|
-
|
216
|
-
|
299
|
+
sd = winsec.get_security_descriptor(path)
|
300
|
+
dacl = Puppet::Util::Windows::AccessControlList.new
|
301
|
+
dacl.allow(
|
302
|
+
sids[:current_user], WindowsSecurityTester::STANDARD_RIGHTS_ALL | WindowsSecurityTester::SPECIFIC_RIGHTS_ALL
|
303
|
+
)
|
304
|
+
dacl.allow(
|
305
|
+
sids[:everyone],
|
306
|
+
WindowsSecurityTester::FILE_GENERIC_READ,
|
307
|
+
WindowsSecurityTester::INHERIT_ONLY_ACE | WindowsSecurityTester::OBJECT_INHERIT_ACE
|
308
|
+
)
|
309
|
+
winsec.set_security_descriptor(path, sd)
|
217
310
|
|
218
311
|
(winsec.get_mode(path) & WindowsSecurityTester::S_IRWXO).should == 0
|
219
312
|
end
|
@@ -224,9 +317,14 @@ describe "Puppet::Util::Windows::Security", :if => Puppet.features.microsoft_win
|
|
224
317
|
end
|
225
318
|
|
226
319
|
describe "inherited access control entries" do
|
227
|
-
it "should be absent when the access control list is protected" do
|
320
|
+
it "should be absent when the access control list is protected, and should not remove SYSTEM" do
|
228
321
|
winsec.set_mode(WindowsSecurityTester::S_IRWXU, path)
|
229
|
-
|
322
|
+
|
323
|
+
mode = winsec.get_mode(path)
|
324
|
+
[ WindowsSecurityTester::S_IEXTRA,
|
325
|
+
WindowsSecurityTester::S_ISYSTEM_MISSING ].each do |flag|
|
326
|
+
(mode & flag).should_not == flag
|
327
|
+
end
|
230
328
|
end
|
231
329
|
|
232
330
|
it "should be present when the access control list is unprotected" do
|
@@ -234,13 +332,20 @@ describe "Puppet::Util::Windows::Security", :if => Puppet.features.microsoft_win
|
|
234
332
|
allow = WindowsSecurityTester::STANDARD_RIGHTS_ALL | WindowsSecurityTester::SPECIFIC_RIGHTS_ALL
|
235
333
|
inherit = WindowsSecurityTester::OBJECT_INHERIT_ACE | WindowsSecurityTester::CONTAINER_INHERIT_ACE
|
236
334
|
|
237
|
-
winsec.
|
238
|
-
|
239
|
-
|
240
|
-
|
241
|
-
|
242
|
-
|
335
|
+
sd = winsec.get_security_descriptor(parent)
|
336
|
+
sd.dacl.allow(
|
337
|
+
"S-1-1-0", #everyone
|
338
|
+
allow,
|
339
|
+
inherit
|
340
|
+
)
|
341
|
+
(544..547).each do |rid|
|
342
|
+
sd.dacl.allow(
|
343
|
+
"S-1-5-32-#{rid}",
|
344
|
+
WindowsSecurityTester::STANDARD_RIGHTS_ALL,
|
345
|
+
inherit
|
346
|
+
)
|
243
347
|
end
|
348
|
+
winsec.set_security_descriptor(parent, sd)
|
244
349
|
|
245
350
|
# unprotect child, it should inherit from parent
|
246
351
|
winsec.set_mode(WindowsSecurityTester::S_IRWXU, path, false)
|
@@ -252,13 +357,13 @@ describe "Puppet::Util::Windows::Security", :if => Puppet.features.microsoft_win
|
|
252
357
|
describe "for an administrator", :if => Puppet.features.root? do
|
253
358
|
before :each do
|
254
359
|
winsec.set_mode(WindowsSecurityTester::S_IRWXU | WindowsSecurityTester::S_IRWXG, path)
|
255
|
-
|
360
|
+
set_group_depending_on_current_user(path)
|
256
361
|
winsec.set_owner(sids[:guest], path)
|
257
362
|
lambda { File.open(path, 'r') }.should raise_error(Errno::EACCES)
|
258
363
|
end
|
259
364
|
|
260
365
|
after :each do
|
261
|
-
if File.
|
366
|
+
if Puppet::FileSystem::File.exist?(path)
|
262
367
|
winsec.set_owner(sids[:current_user], path)
|
263
368
|
winsec.set_mode(WindowsSecurityTester::S_IRWXU, path)
|
264
369
|
end
|
@@ -295,16 +400,18 @@ describe "Puppet::Util::Windows::Security", :if => Puppet.features.microsoft_win
|
|
295
400
|
winsec.get_group(path).should == sids[:admin]
|
296
401
|
end
|
297
402
|
|
298
|
-
it "should
|
299
|
-
winsec.set_mode(0610, path)
|
403
|
+
it "should combine owner and group rights when they are the same sid" do
|
300
404
|
winsec.set_owner(sids[:power_users], path)
|
301
405
|
winsec.set_group(sids[:power_users], path)
|
406
|
+
winsec.set_mode(0610, path)
|
302
407
|
|
303
408
|
winsec.get_owner(path).should == sids[:power_users]
|
304
409
|
winsec.get_group(path).should == sids[:power_users]
|
305
410
|
# note group execute permission added to user ace, and then group rwx value
|
306
411
|
# reflected to match
|
307
|
-
|
412
|
+
|
413
|
+
# Exclude missing system ace, since that's not relevant
|
414
|
+
(winsec.get_mode(path) & 0777).to_s(8).should == "770"
|
308
415
|
end
|
309
416
|
|
310
417
|
it "should raise an exception if an invalid sid is provided" do
|
@@ -355,10 +462,14 @@ describe "Puppet::Util::Windows::Security", :if => Puppet.features.microsoft_win
|
|
355
462
|
end
|
356
463
|
|
357
464
|
describe "#mode" do
|
358
|
-
it "should deny all access when the DACL is empty" do
|
359
|
-
winsec.
|
465
|
+
it "should deny all access when the DACL is empty, including SYSTEM" do
|
466
|
+
sd = winsec.get_security_descriptor(path)
|
467
|
+
# don't allow inherited aces to affect the test
|
468
|
+
protect = true
|
469
|
+
new_sd = Puppet::Util::Windows::SecurityDescriptor.new(sd.owner, sd.group, [], protect)
|
470
|
+
winsec.set_security_descriptor(path, new_sd)
|
360
471
|
|
361
|
-
winsec.get_mode(path).should ==
|
472
|
+
winsec.get_mode(path).should == WindowsSecurityTester::S_ISYSTEM_MISSING
|
362
473
|
end
|
363
474
|
|
364
475
|
# REMIND: ruby crashes when trying to set a NULL DACL
|
@@ -378,103 +489,121 @@ describe "Puppet::Util::Windows::Security", :if => Puppet.features.microsoft_win
|
|
378
489
|
winsec.set_mode(0777, path, false)
|
379
490
|
end
|
380
491
|
|
381
|
-
|
382
|
-
|
383
|
-
|
492
|
+
describe "is writable and executable" do
|
493
|
+
describe "and sticky bit is set" do
|
494
|
+
it "should allow child owner" do
|
495
|
+
winsec.set_owner(sids[:guest], parent)
|
496
|
+
winsec.set_group(sids[:current_user], parent)
|
497
|
+
winsec.set_mode(01700, parent)
|
384
498
|
|
385
|
-
|
386
|
-
|
499
|
+
check_delete(path)
|
500
|
+
end
|
387
501
|
|
388
|
-
|
389
|
-
|
390
|
-
|
502
|
+
it "should allow parent owner" do
|
503
|
+
winsec.set_owner(sids[:current_user], parent)
|
504
|
+
winsec.set_group(sids[:guest], parent)
|
505
|
+
winsec.set_mode(01700, parent)
|
391
506
|
|
392
|
-
|
393
|
-
|
507
|
+
winsec.set_owner(sids[:current_user], path)
|
508
|
+
winsec.set_group(sids[:guest], path)
|
509
|
+
winsec.set_mode(0700, path)
|
394
510
|
|
395
|
-
|
396
|
-
|
397
|
-
winsec.set_owner(sids[:guest], path)
|
511
|
+
check_delete(path)
|
512
|
+
end
|
398
513
|
|
399
|
-
|
514
|
+
it "should deny group" do
|
515
|
+
winsec.set_owner(sids[:guest], parent)
|
516
|
+
winsec.set_group(sids[:current_user], parent)
|
517
|
+
winsec.set_mode(01770, parent)
|
400
518
|
|
401
|
-
|
402
|
-
|
519
|
+
winsec.set_owner(sids[:guest], path)
|
520
|
+
winsec.set_group(sids[:current_user], path)
|
521
|
+
winsec.set_mode(0700, path)
|
403
522
|
|
404
|
-
|
405
|
-
|
406
|
-
winsec.set_owner(sids[:guest], path)
|
523
|
+
lambda { check_delete(path) }.should raise_error(Errno::EACCES)
|
524
|
+
end
|
407
525
|
|
408
|
-
|
526
|
+
it "should deny other" do
|
527
|
+
winsec.set_owner(sids[:guest], parent)
|
528
|
+
winsec.set_group(sids[:current_user], parent)
|
529
|
+
winsec.set_mode(01777, parent)
|
409
530
|
|
410
|
-
|
411
|
-
|
531
|
+
winsec.set_owner(sids[:guest], path)
|
532
|
+
winsec.set_group(sids[:current_user], path)
|
533
|
+
winsec.set_mode(0700, path)
|
412
534
|
|
413
|
-
|
414
|
-
|
415
|
-
before :each do
|
416
|
-
winsec.set_mode(01777, parent)
|
535
|
+
lambda { check_delete(path) }.should raise_error(Errno::EACCES)
|
536
|
+
end
|
417
537
|
end
|
418
538
|
|
419
|
-
|
420
|
-
|
421
|
-
|
539
|
+
describe "and sticky bit is not set" do
|
540
|
+
it "should allow child owner" do
|
541
|
+
winsec.set_owner(sids[:guest], parent)
|
542
|
+
winsec.set_group(sids[:current_user], parent)
|
543
|
+
winsec.set_mode(0700, parent)
|
422
544
|
|
423
|
-
|
424
|
-
|
425
|
-
end
|
545
|
+
check_delete(path)
|
546
|
+
end
|
426
547
|
|
427
|
-
|
428
|
-
|
429
|
-
|
548
|
+
it "should allow parent owner" do
|
549
|
+
winsec.set_owner(sids[:current_user], parent)
|
550
|
+
winsec.set_group(sids[:guest], parent)
|
551
|
+
winsec.set_mode(0700, parent)
|
430
552
|
|
431
|
-
|
432
|
-
|
433
|
-
|
434
|
-
end
|
553
|
+
winsec.set_owner(sids[:current_user], path)
|
554
|
+
winsec.set_group(sids[:guest], path)
|
555
|
+
winsec.set_mode(0700, path)
|
435
556
|
|
436
|
-
|
437
|
-
|
438
|
-
winsec.set_mode(0777, parent)
|
439
|
-
end
|
557
|
+
check_delete(path)
|
558
|
+
end
|
440
559
|
|
441
|
-
|
442
|
-
|
443
|
-
|
560
|
+
it "should allow group" do
|
561
|
+
winsec.set_owner(sids[:guest], parent)
|
562
|
+
winsec.set_group(sids[:current_user], parent)
|
563
|
+
winsec.set_mode(0770, parent)
|
444
564
|
|
445
|
-
|
446
|
-
|
447
|
-
|
565
|
+
winsec.set_owner(sids[:guest], path)
|
566
|
+
winsec.set_group(sids[:current_user], path)
|
567
|
+
winsec.set_mode(0700, path)
|
448
568
|
|
449
|
-
|
450
|
-
|
451
|
-
end
|
569
|
+
check_delete(path)
|
570
|
+
end
|
452
571
|
|
453
|
-
|
454
|
-
|
572
|
+
it "should allow other" do
|
573
|
+
winsec.set_owner(sids[:guest], parent)
|
574
|
+
winsec.set_group(sids[:current_user], parent)
|
575
|
+
winsec.set_mode(0777, parent)
|
576
|
+
|
577
|
+
winsec.set_owner(sids[:guest], path)
|
578
|
+
winsec.set_group(sids[:current_user], path)
|
579
|
+
winsec.set_mode(0700, path)
|
580
|
+
|
581
|
+
check_delete(path)
|
582
|
+
end
|
455
583
|
end
|
456
584
|
end
|
457
|
-
end
|
458
585
|
|
459
|
-
|
460
|
-
|
461
|
-
|
586
|
+
describe "is not writable" do
|
587
|
+
before :each do
|
588
|
+
winsec.set_group(sids[:current_user], parent)
|
589
|
+
winsec.set_mode(0555, parent)
|
590
|
+
end
|
591
|
+
|
592
|
+
it_behaves_like "only child owner"
|
462
593
|
end
|
463
594
|
|
464
|
-
|
465
|
-
|
595
|
+
describe "is not executable" do
|
596
|
+
before :each do
|
597
|
+
winsec.set_group(sids[:current_user], parent)
|
598
|
+
winsec.set_mode(0666, parent)
|
599
|
+
end
|
466
600
|
|
467
|
-
|
468
|
-
before :each do
|
469
|
-
winsec.set_mode(0666, parent)
|
601
|
+
it_behaves_like "only child owner"
|
470
602
|
end
|
471
|
-
|
472
|
-
it_behaves_like "only child owner"
|
473
603
|
end
|
474
604
|
end
|
475
605
|
end
|
476
606
|
end
|
477
|
-
end
|
478
607
|
|
479
608
|
describe "file" do
|
480
609
|
let (:parent) do
|
@@ -603,9 +732,90 @@ describe "Puppet::Util::Windows::Security", :if => Puppet.features.microsoft_win
|
|
603
732
|
Dir.mkdir(newdir)
|
604
733
|
|
605
734
|
[newfile, newdir].each do |p|
|
606
|
-
winsec.get_mode(p)
|
735
|
+
mode = winsec.get_mode(p)
|
736
|
+
(mode & 07777).to_s(8).should == mode640.to_s(8)
|
607
737
|
end
|
608
738
|
end
|
609
739
|
end
|
610
740
|
end
|
741
|
+
|
742
|
+
context "security descriptor" do
|
743
|
+
let(:path) { tmpfile('sec_descriptor') }
|
744
|
+
let(:read_execute) { 0x201FF }
|
745
|
+
let(:synchronize) { 0x100000 }
|
746
|
+
|
747
|
+
before :each do
|
748
|
+
FileUtils.touch(path)
|
749
|
+
end
|
750
|
+
|
751
|
+
it "preserves aces for other users" do
|
752
|
+
dacl = Puppet::Util::Windows::AccessControlList.new
|
753
|
+
sids_in_dacl = [sids[:current_user], sids[:users]]
|
754
|
+
sids_in_dacl.each do |sid|
|
755
|
+
dacl.allow(sid, read_execute)
|
756
|
+
end
|
757
|
+
sd = Puppet::Util::Windows::SecurityDescriptor.new(sids[:guest], sids[:guest], dacl, true)
|
758
|
+
winsec.set_security_descriptor(path, sd)
|
759
|
+
|
760
|
+
aces = winsec.get_security_descriptor(path).dacl.to_a
|
761
|
+
aces.map(&:sid).should == sids_in_dacl
|
762
|
+
aces.map(&:mask).all? { |mask| mask == read_execute }.should be_true
|
763
|
+
end
|
764
|
+
|
765
|
+
it "changes the sid for all aces that were assigned to the old owner" do
|
766
|
+
sd = winsec.get_security_descriptor(path)
|
767
|
+
sd.owner.should_not == sids[:guest]
|
768
|
+
|
769
|
+
sd.dacl.allow(sd.owner, read_execute)
|
770
|
+
sd.dacl.allow(sd.owner, synchronize)
|
771
|
+
|
772
|
+
sd.owner = sids[:guest]
|
773
|
+
winsec.set_security_descriptor(path, sd)
|
774
|
+
|
775
|
+
dacl = winsec.get_security_descriptor(path).dacl
|
776
|
+
aces = dacl.find_all { |ace| ace.sid == sids[:guest] }
|
777
|
+
# only non-inherited aces will be reassigned to guest, so
|
778
|
+
# make sure we find at least the two we added
|
779
|
+
aces.size.should >= 2
|
780
|
+
end
|
781
|
+
|
782
|
+
it "preserves INHERIT_ONLY_ACEs" do
|
783
|
+
# inherit only aces can only be set on directories
|
784
|
+
dir = tmpdir('inheritonlyace')
|
785
|
+
|
786
|
+
inherit_flags = Puppet::Util::Windows::AccessControlEntry::INHERIT_ONLY_ACE |
|
787
|
+
Puppet::Util::Windows::AccessControlEntry::OBJECT_INHERIT_ACE |
|
788
|
+
Puppet::Util::Windows::AccessControlEntry::CONTAINER_INHERIT_ACE
|
789
|
+
|
790
|
+
sd = winsec.get_security_descriptor(dir)
|
791
|
+
sd.dacl.allow(sd.owner, Windows::File::FILE_ALL_ACCESS, inherit_flags)
|
792
|
+
winsec.set_security_descriptor(dir, sd)
|
793
|
+
|
794
|
+
sd = winsec.get_security_descriptor(dir)
|
795
|
+
|
796
|
+
winsec.set_owner(sids[:guest], dir)
|
797
|
+
|
798
|
+
sd = winsec.get_security_descriptor(dir)
|
799
|
+
sd.dacl.find do |ace|
|
800
|
+
ace.sid == sids[:guest] && ace.inherit_only?
|
801
|
+
end.should_not be_nil
|
802
|
+
end
|
803
|
+
|
804
|
+
context "when managing mode" do
|
805
|
+
it "removes aces for sids that are neither the owner nor group" do
|
806
|
+
# add a guest ace, it's never owner or group
|
807
|
+
sd = winsec.get_security_descriptor(path)
|
808
|
+
sd.dacl.allow(sids[:guest], read_execute)
|
809
|
+
winsec.set_security_descriptor(path, sd)
|
810
|
+
|
811
|
+
# setting the mode, it should remove extra aces
|
812
|
+
winsec.set_mode(0770, path)
|
813
|
+
|
814
|
+
# make sure it's gone
|
815
|
+
dacl = winsec.get_security_descriptor(path).dacl
|
816
|
+
aces = dacl.find_all { |ace| ace.sid == sids[:guest] }
|
817
|
+
aces.should be_empty
|
818
|
+
end
|
819
|
+
end
|
820
|
+
end
|
611
821
|
end
|